Discuss, Learn and be Happy דיון בתשובות

help brightness_4 brightness_7 format_textdirection_r_to_l format_textdirection_l_to_r

In an accounting department, several people are required to complete a financial process. This is most likely an example of

1
שאלה #15629
done
No single employee has control of a transaction from beginning to end; two or more people should be responsible for performing it.

Risk Management is commonly understood as all of the following EXCEPT

1
שאלה #15630
done
The processes of identifying, analyzing, and assessing, mitigating, or transferring risk is generally characterized as risk management.

The percentage or degree of damage inflicted on an asset used in the calculation of single loss expectancy can be referred to as

1
שאלה #15631
done
This factor represents a measure of the magnitude of loss or impact on the value of an asset. It is expressed as a percent, ranging from 0% to 100%, of asset value loss arising from a threat event. This factor is used in the calculation of single loss expectancy (SLE).

The absence of a fire-suppression system would be best characterized as a(n)

1
שאלה #15632
done
This term characterizes the absence or weakness of a risk-reducing safeguard.

Risk Assessment includes all of the following EXCEPT

1
שאלה #15633
done
Fundamental applications of risk assessment to be addressed include (1) determining the current status of information security in the target environment(s) and ensuring that associated risk is managed (accepted, mitigated, or transferred) according to policy, and (2) assessing risk strategically.

A risk management project may be subject to overlooking certain types of threats. What can assist the risk management team to prevent that?

1
שאלה #15634
done
The best automated tools currently available include a wellresearched threat population and associated statistics. Using one of these tools virtually assures that no relevant threat is overlooked.

Data classification can assist an organization in

1
שאלה #15635
done
Data classification is intended to lower the cost of overprotecting all data.

Daniel Margalit

Daniel Margalit
יותר מ-6 חודשים
Data classification is intended to lower the cost of overprotecting all data.
1

Who “owns” an organization’s data?

1
שאלה #15636
done
The business units, not IT (information technology), own the data. Decisions regarding who has what access, what classification the data should be assigned, etc., are decisions that rest solely with the business data owner and based on organization policy.

An information security policy does NOT usually include

1
שאלה #15637
done
Policy is written at a very high level and is intended to describe the “whats” of information security. Procedures, standards, baselines, and guidelines are the “hows” for implementation of the policy.

The role of an information custodian should NOT include

1
שאלה #15638
done
Ensure record retention requirements are met based on the information owner’s analysis.

Daniel Margalit

Daniel Margalit
יותר מ-6 חודשים
Ensure record retention requirements are met based on the information owner’s analysis.
0