Information Security Management Lecture 2

Questions and Answers

What is the primary purpose of the risk management cycle?

To implement incident management protocols

To manage threats and vulnerabilities

To identify and assess potential risks (correct)

To perform audits and address non-compliances

What is the key difference between a risk and an issue?

Risks require a contingency plan, while issues require immediate action

Risks can be measured in monetary terms, while issues cannot

Risks have uncertain outcomes, while issues have definite consequences

Risks are future events, while issues are present problems (correct)

Which of the following is NOT an objective of risk management?

Implementing incident management protocols (correct)

Identifying and assessing risks

Developing contingency plans

Selecting appropriate risk owners and mitigation owners

What is the primary goal of information security management?

To eliminate the chances of security breaches

Which of the following is a key step in the risk containment process?

Defining the risk

What is the primary purpose of assigning a risk owner?

To oversee the implementation of the risk containment plan

Which of the following is NOT a characteristic of a risk?

It is a present problem that requires immediate action

Which of the following is NOT a layer of information security management?

Exception/Waiver Management

What is the purpose of developing a risk containment plan?

To mitigate the identified risks and their potential impact

Which of the following is NOT a step in the risk containment process?

Implementing a problem management protocol