MIS Chapter 4:

Annual probability that a stated threat will be realized is called a secuirty gap

False

What is meant by risk register?

A list of identified risks that results from the risk-identification process

A ___________ is a formal analysis of an organization's functions and activities that classifies them as critical or noncritical.

BIA

A parallel test evaluates the effectiveness of the ________ by enabling full processing capability at an alternate data center without interrupting the primary data center.

DRP

Qualitative risk analysis is a list of identified risks that results from the risk-identification process.

False

The term risk methodology refers to a list of identified risks that results from the risk-identification process.

False

________ is the difference between the security controls you have in place and the controls you need to have in place in order to address all vulnerabilities.

Security gap

Risks can be a positive thing, and a risk management plan should address positive and negative risk outcomes.

True

__________ is rapidly becoming an increasingly important aspect of enterprise computing.

disaster recovery

_______ is the proportion of value of a particular asset likely to be destroyed by a given risk, expressed as a percentage.

exposure factor (EF)

__________ tests interrupt the primary data center and transfer processing capability to an alternate site.

full-interruption

The goal of ____________ is to quantify possible outcomes of risks, determine probabilities of outcomes, identify high-impact risks, and develop plans based on risks.

quantitative risk analysis

The process of managing risks starts by identifying __________.

risks

The proportion of value of a particular asset likely to be destroyed by a given risk, expressed as a percentage, is exposure factor (EF).

true

The term annual rate of occurrence (ARO) describes the annual probability that a stated threat will be realized.

true

The term risk management describes the process of identifying, assessing, prioritizing, and addressing risks.

true

The tools for conducting a risk analysis can include the documents that define, categorize, and rank risks.

true

Annual loss expectancy (ALE) means the process of identifying, assessing, prioritizing, and addressing risks.

False

What is the Project Management Body of Knowledge (PMBOK)?

a collection of the knowledge and best practices of the project management profession

how often should an organization perform a risk management plan?

annually

The first step in risk analysis is to determine what and where the organization's _________ are located.

assets

A___________ primarily addresses the processes, resources, equipment, and devices needed to continue conducting critical business activities when an interruption occurs that affects the business's viability.

business continuity plan

Information security activities directly support several common business drivers, including ________ and efforts to protect intellectual property.

compliance

Any organization that is serious about security will view ___________ as an ongoing process.

risk management

Your _________ plan shows that you have examined risks to your organization and have developed plans to address each risk.

risk-response

What is meant by annual rate of occurrence (ARO)?

the annual probability that a stated threat will be realized

RTO identifies the maximum allowable ________ to recover the function.

time

Single loss expectancy (SLE) means the expected loss for a single threat occurrence. The formula to calculate SLE is SLE= Resource Value × EF.

true