@@ -87,111 +87,5 @@ \subsection{Due Diligence}
8787
8888
8989\section {Esercizi }
90- % ESERCIZI
9190
92- Il Risk Assessment includes:
93- \begin {itemize }
94- \item The steps: risk analysis, risk treatment, risk acceptance, and risk
95- monitoring
96- \item Answers the question: What risk are we prone to, and what is the financial
97- costs of these risks?
98- \item Assesses controls after implementation
99- \item The identification, financial analysis, and prioritization of risks, anon
100- of controls (risposta esatta)
101- \end {itemize }
102-
103-
104- % Altro esercizio
105- Risk management includes:
106- \begin {itemize }
107- \item The steps: risk analysis, risk treatment, risk acceptance, and risk
108- monitoring (risposta esatta)
109- \item Answers the question: What risk are we prone to, and what is the financial
110- costs of these risks?
111- \item Assesses controls after implementation
112- \item The identification, financial analysis, and prioritization of risks, anon
113- of controls
114- \end {itemize }
115-
116- % Altro esercizio
117- The FIRST step in Security Risk assessment is:
118- \begin {itemize }
119- \item determine threats and vulnerabilities
120- \item determine values of key assets (corretta)
121- \item Analyze existing controls
122- \item
123- \end {itemize }
124-
125-
126-
127- % Altro
128-
129- \begin {itemize }
130- \item The probability that an attack will occur in one year
131- \item The duration of time where a loss is expected to occur
132- \item The cost (risposta esatta)
133- \end {itemize }
134-
135-
136- The role(s) responsible for deciding whether risk should be accepted,
137- transferred, or mitigated is:
138- \begin {itemize }
139- \item The Chied information officer
140- \item The chief risk officer
141- \item The chif information security officier
142- \item Enterprise fovernance and senior business management (risposta esatta)
143- \end {itemize }
144-
145- % Altro esercizio
146-
147- Which of these risk is best measured using a qualitative process?
148- \begin {itemize }
149- \item Temporart power outae in an office building
150- \item loss of consumer confidence due to a malfunctioning website (corretta)
151- \item Theft of an mployee's laptop while traveling
152- \item Disruption of supply deliveries due to flooding
153- \end {itemize }
154-
155- % Altro esercizio
156- The risk that is assumed after implementing controls is known as:
157-
158- \begin {itemize }
159- \item accepted risk
160- \item ALE
161- \item Quantitative risk
162- \item residual risk (corretta)
163- \end {itemize }
164-
165- % Altro esercizio
166- The primary purpose of risk management is to:
167- \begin {itemize }
168- \item Eliminate all risk
169- \item Find the most cost-effective controls
170- \item Reduce risk o an acceptable level (corretta)
171- \item Determine budget for residual risk
172- \end {itemize }
173-
174- % Altro esercizio
175- Due diligence ensures that
176-
177- \begin {itemize }
178- \item An organization has exercised the best possible security practices
179- according to best practices
180- \item An organization has exercised acceptably reasonable security practices
181- addressing all major security areas
182- \item An organization has implemented risk management and established the
183- necessary controls
184- \item An organization has allocated a CISO who is responsible for securing the
185- organization's information assets
186- \end {itemize }
187-
188- % Altro esercizio
189-
190- \begin {itemize }
191- \item The average cost of loss of this asset, for a single incident
192- \item An estimate using quantitative risk management of the frequency of asset
193- loss due to a threat
194- \item an estimate using qualitative risk management of the priority of the
195- vulnerability
196- \item ALE = SLE x ARO (corretta)
197- \end {itemize }
91+ Gli esercizi relativi a questa parte si possono trovare in \ref {esGestRisk }
0 commit comments