Realistic Risk Management Hierarchy Quiz

Questions and Answers

PDF Questions PDF Answers

What is the main difference between the 'Best' and 'Worst' levels in risk management hierarchy based on the text?

Identification of all possible risks

Scoring methods for risk assessment

Reliance on intuition for decision-making

Use of quantitative models and simulations (correct)

What is the 'Baseline' level in risk management hierarchy characterized by?

Detailed scoring methods with reliance on results

Use of quantitative models

Ineffective methods resulting in poor decision-making

Reliance on intuition, explicitly avoiding unproven models (correct)

In the context of risk management, what is considered the 'Hamster Wheel of Pain' based on the provided text?

Control effectiveness to prioritize risk

Risk identification and mitigation

Quantification and triage based on value (correct)

Risk assessment meeting compliance requirements

What is emphasized as the 'Easy part' of risk management in the text?

Risk identification and mitigation

'Offense informs defense' in the context of risk mitigation means:

Improving control effectiveness

What is a key principle of Realistic Risk Management based on the text?

Control Effectiveness for Risk Mitigation

Which control in NIST SP 800-53 focuses on ensuring that users have the minimum level of access needed to perform their tasks?

AC-6 Least Privilege

Which NIST SP 800-53 control involves notifying users about unauthorized attempts to access a system?

AC-9 Previous Login (Access) Notification

In the NIST SP 800-53 controls, which one relates to the restriction of authorized users from performing certain actions without proper identification or authentication?

AC-14 Permitted Actions Without Identification or Authentication

Which NIST SP 800-53 control focuses on setting up mechanisms to secure data accessed remotely?

AC-17 Remote Access

Which control in NIST SP 800-53 is responsible for enforcing restrictions on how system information is shared with other entities?

AC-21 Information Sharing

Which NIST SP 800-53 control focuses on monitoring the use of external systems to prevent security breaches?

AC-20 Use of External Systems

In the context of NIST SP 800-53, which control ensures that data accessed wirelessly is done securely?

AC-18 Wireless Access

Which NIST SP 800-53 control focuses on supervising and reviewing access to enhance security monitoring?

AC-13 Supervision and Review – Access Control

Access Control for Mobile Devices' in NIST SP 800-53 aims at:

Preventing unauthorized access to mobile devices