Question 1 1 out of 1 points Correct ____ equals likelihood of vulnerability occurrence times value (or impact) minus percentage

risk already controlled plus an element of uncertainty. Answer Selected Answer: Risk Correct Answer: Risk Question 2 1 out of 1 points Correct The military uses a ____-level classification scheme. Answer Selected Answer: five Correct Answer: five Question 3 1 out of 1 points Correct You cannot use qualitative measures to rank values. Answer Selected Answer: False Correct Answer: False Question 4 1 out of 1 points Correct Organizations should communicate with system users throughout the development of the security program, letting them know that change are coming. Answer Selected Answer: True Correct Answer: True Question 5 1 out of 1 points Correct Examples of exceptionally grave damage include armed hostilities against the Uni ted States or its allies and disruption of foreign relations vitally affecting t he national security. Answer Selected Answer: True Correct Answer: True Question 6 1 out of 1 points Correct When determining the relative importance of each asset, refer to the organizatio n s mission statement or statement of objectives to determine which elements are ess

ential, which are supportive, and which are merely adjuncts. Answer Selected Answer: True Correct Answer: True Question 7 1 out of 1 points Correct The ____ strategy is the choice to do nothing to protect a vulnerability and to accept the outcome of its exploitation. Answer Selected Answer: accept control Correct Answer: accept control Question 8 1 out of 1 points Correct Likelihood risk is the risk to the information asset that remains even after the application of controls. Answer Selected Answer: False Correct Answer: False Question 9 1 out of 1 points Correct CBAs cannot be calculated after controls have been functioning for a time. Answer Selected Answer: False Correct Answer: False Question 10 1 out of 1 points Correct Policies are documents that specify an organization Answer Selected Answer: True Correct Answer: True Question 11 1 out of 1 points Correct Information security managers and technicians are the creators of information. Answer Selected Answer: False Correct Answer: False Question 12 1 out of 1 points Correct The mitigate control strategy attempts to reduce the impact caused by the exploi tation of vulnerability through planning and preparation. s approach to security.

Answer Selected Answer: Correct Answer: Question 13 1 out of 1 points

True True

Correct The results from risk assessment activities can be delivered in a number of ways : a report on a systematic approach to risk control, a project-based risk assess ment, or a topic-specific risk assessment. Answer Selected Answer: True Correct Answer: True Question 14 1 out of 1 points Correct Some argue that it is virtually impossible to determine the true value of inform ation and information-bearing assets. Answer Selected Answer: True Correct Answer: True Question 15 0 out of 1 points If you realize you do not know the enemy, you will gain an advantage in every battl e." (Sun Tzu) Answer Correct Answer: Question 16 0 out of 1 points Within best practices, the optimum standard is a subcategory of practices that a re typically viewed as the best of the best. Correct Answer: Question 17 1 out of 1 points Correct The ____ security policy is a planning document that outlines the process of imp lementing security in the organization. Answer Selected Answer: program Correct Answer: program Question 18 1 out of 1 points Correct False False

Major risk is a combined function of (1) a threat less the effect of threat-redu cing safeguards, (2) a vulnerability less the effect of vulnerability reducing s afeguards, and (3) an asset less the effect of asset value-reducing safeguards. Answer Selected Answer: False Correct Answer: False Question 19 0 out of 1 points In a(n) ____, each information asset is assigned a score for each of a set of as signed critical factor. Correct Answer: weighted factor analysis Question 20 0 out of 1 points One way to determine which information assets are critical is by evaluating how much of the organization s revenue depends on a particular asset. Answer Correct Answer: True