Information Security Management Lecture 2

Questions and Answers

What is the primary purpose of the risk management cycle?

• To implement incident management protocols
• To manage threats and vulnerabilities
• To identify and assess potential risks (correct)
• To perform audits and address non-compliances

What is the key difference between a risk and an issue?

• Risks require a contingency plan, while issues require immediate action
• Risks can be measured in monetary terms, while issues cannot
• Risks have uncertain outcomes, while issues have definite consequences
• Risks are future events, while issues are present problems (correct)

Which of the following is NOT an objective of risk management?

• Implementing incident management protocols (correct)
• Identifying and assessing risks
• Developing contingency plans
• Selecting appropriate risk owners and mitigation owners

What is the primary goal of information security management?

To eliminate the chances of security breaches (A)

Which of the following is a key step in the risk containment process?

Defining the risk (B)

What is the primary purpose of assigning a risk owner?

To oversee the implementation of the risk containment plan (D)

Which of the following is NOT a characteristic of a risk?

It is a present problem that requires immediate action (C)

Which of the following is NOT a layer of information security management?

Exception/Waiver Management (B)

What is the purpose of developing a risk containment plan?

To mitigate the identified risks and their potential impact (D)

Which of the following is NOT a step in the risk containment process?

Implementing a problem management protocol (A)