Discuss, Learn and be Happy דיון בתשובות

help brightness_4 brightness_7 format_textdirection_r_to_l format_textdirection_l_to_r

In an accounting department, several people are required to complete a financial process. This is most likely an example of

1
done
No single employee has control of a transaction from beginning to end; two or more people should be responsible for performing it.

by
מיין לפי

Risk Management is commonly understood as all of the following EXCEPT

1
sentiment_very_satisfied
The processes of identifying, analyzing, and assessing, mitigating, or transferring risk is generally characterized as risk management.

by
מיין לפי

The percentage or degree of damage inflicted on an asset used in the calculation of single loss expectancy can be referred to as

1
done
This factor represents a measure of the magnitude of loss or impact on the value of an asset. It is expressed as a percent, ranging from 0% to 100%, of asset value loss arising from a threat event. This factor is used in the calculation of single loss expectancy (SLE).

by
מיין לפי

The absence of a fire-suppression system would be best characterized as a(n)

1
done
This term characterizes the absence or weakness of a risk-reducing safeguard.

by
מיין לפי

Risk Assessment includes all of the following EXCEPT

1
done
Fundamental applications of risk assessment to be addressed include (1) determining the current status of information security in the target environment(s) and ensuring that associated risk is managed (accepted, mitigated, or transferred) according to policy, and (2) assessing risk strategically.

by
מיין לפי

A risk management project may be subject to overlooking certain types of threats. What can assist the risk management team to prevent that?

1
done
The best automated tools currently available include a wellresearched threat population and associated statistics. Using one of these tools virtually assures that no relevant threat is overlooked.

by
מיין לפי

Data classification can assist an organization in

1
done
Data classification is intended to lower the cost of overprotecting all data.

by
מיין לפי
by Daniel Margalit
Daniel Margalit 1 נקודות · יותר מ-6 חודשים
מוניטין: -5
Data classification is intended to lower the cost of overprotecting all data.
by

Who “owns” an organization’s data?

1
done
The business units, not IT (information technology), own the data. Decisions regarding who has what access, what classification the data should be assigned, etc., are decisions that rest solely with the business data owner and based on organization policy.

by
מיין לפי

An information security policy does NOT usually include

1
done
Policy is written at a very high level and is intended to describe the “whats” of information security. Procedures, standards, baselines, and guidelines are the “hows” for implementation of the policy.

by
מיין לפי

The role of an information custodian should NOT include

1
done
Ensure record retention requirements are met based on the information owner’s analysis.

by
מיין לפי
by Daniel Margalit
Daniel Margalit 0 נקודות · יותר מ-6 חודשים
מוניטין: -5
Ensure record retention requirements are met based on the information owner’s analysis.
by