Risk Management Strategies in Organizations

Questions and Answers

When is acceptance a valid strategy for an organization?

When the organization has a high risk tolerance

When the organization has not determined the level of risk posed to the information asset

When the organization has evaluated the potential damage or loss from a successful attack (correct)

When the organization has not assessed the probability of a successful exploitation of a vulnerability

What is a disadvantage of the transferal strategy?

It is a costly approach

It involves dependence on external entities (correct)

It is a laborious process

It guarantees company loss

What is a key characteristic of a mitigation strategy?

It is a relatively cheap approach

It guarantees company loss

It is a preferred all-round approach

It is effective when all else fails (correct)

What is the main reason for an organization to choose termination?

The cost of protecting the asset is too high

What is the primary goal of a defense strategy?

To protect the information asset entirely

What is the term for the quantity and nature of risk that an organization is willing to accept?

Risk tolerance

What is the primary objective of the Defense risk control strategy?

To prevent the exploitation of vulnerabilities

What is the term used to describe the removal of an information asset from an organization's operating environment?

Termination

What is the risk control strategy that involves understanding the consequences of leaving a risk uncontrolled?

Acceptance

Which of the following is NOT a method of risk defense?

Shifting risk to another entity

What is the primary goal of the Mitigation risk control strategy?

To reduce the impact of a successful attack

What is the primary objective of outsourcing in the context of risk management?

To acquire expertise in security management and administration

What is the term used to describe the process of reducing the risk by limiting access to assets?

Defense

What is the primary purpose of a Service Level Agreement (SLA) in risk management?

To guarantee a certain level of security implementation

Which of the following is a characteristic of the mitigation strategy in risk management?

It involves planning and preparation to reduce the damage caused by an incident

What is the consequence of an organization's decision to accept the risk of an information asset?

The organization will be unable to do proactive security activities

Which of the following is an example of a transference strategy in risk management?

Purchasing insurance to cover the risk

What is the key to an effective transference risk control strategy?

Establishing an effective Service Level Agreement (SLA)