Dominant Risk Management Standards and Frameworks Coursera Quiz Answers

Get Dominant Risk Management Standards and Frameworks Coursera Quiz Answers

Organizations with little experience in risk management will want to look to national and international organizations for guidance in designing and implementing their risk management efforts. There are two dominant organizations that offer guidance in this area: the U.S. National Institute for Standards in Technology (NIST) and the International Standards Organization.

This course examines the risk management frameworks and standards offered by these organization and then discusses other available approaches. The course concludes with a discussion of applications and tools to support the organization’s risk management effort.

Enroll on Coursera

Week 2: The Dominant Risk Management Standards Organizations: NIST and the ISO

Quiz 1: Why Standards?

Q1. According to our lesson, standards support business _____ and cooperation.

  • competition
  • immersion
  • interaction
  • isolation

Q2. According to NIST, standards do all of the following except _____.

  • make interoperability of components made by different companies possible
  • build barriers between company’s ability to collaborate
  • protect consumers by ensuring safety, durability, and market equity
  • provide a common language to measure and evaluate performance

Q3. Standards could be one of these?

  • de facto
  • de juste
  • de luxe
  • a la carte

Quiz 2: NIST

Q1. NIST is an acronym that stands for _____.

  • Naval Institute of Specifications and Technology
  • Naval Institute of standards and Technology
  • National Institute of Standards and Technology
  • National Institute of Specifications and Technology

Q2. _____ established the agency to remove a major challenge to U.S. industrial competitiveness at the time—a second-rate measurement infrastructure that lagged behind the capabilities of the United Kingdom, Germany, and other economic rivals.

  • The U.S. Congress
  • The U.S. President
  • The U.S. Constitution
  • The U.S. Supreme Court

Q3. One of the lesser but still urgent projects for NIST CSD is the ‘Measurements for Information Security’ project.

  • True
  • False

Quiz 3: ISO/IEC

Q1. The short form of the name used for the International Organizational for Standardization is _____.

  • ISO
  • IOS
  • ISOS
  • IIOS

Q2. ISO’s first standards focused on _____.

  • international temperature scales
  • cybersecurity practices
  • industrial length measurements
  • national quality practices

Q3. ISO/IEC 27001, a standard in information security management systems has become one of ISO’s _____ security-related standards.

  • most popular
  • least popular
  • best written
  • most widely used

Quiz 4: The Dominant Risk Management Standards Organizations: NIST and the ISO

Q1. According to our lesson, standards support business _____ and cooperation.

  • competition
  • immersion
  • interaction
  • isolation

Q2. According to NIST, standards do all of the following except _____.

  • make interoperability of components made by different companies possible
  • build barriers between company’s ability to collaborate
  • protect consumers by ensuring safety, durability, and market equity
  • provide a common language to measure and evaluate performance

Q3. A de facto standard _____.

  • standards according to law or regulation
  • developed by international standards groups
  • exist because of informal use over the years have made them standards
  • used by larger organizations

Q4. NIST is an acronym that stands for _____.

  • Naval Institute of Specifications and Technology
  • Naval Institute of standards and Technology
  • National Institute of Standards and Technology
  • National Institute of Specifications and Technology

Q5. _____ established the agency to remove a major challenge to U.S. industrial competitiveness at the time—a second-rate measurement infrastructure that lagged behind the capabilities of the United Kingdom, Germany, and other economic rivals.

  • The U.S. Congress
  • The U.S. President
  • The U.S. Constitution
  • The U.S. Supreme Court

Q6. NIST also has a major project called NICE, an acronym for _____.

  • National Initiative for Cybersecurity Execution
  • Naval Initiative for Cybersecurity Education
  • National Initiative for Cybercrime Eradication
  • National Initiative for Cybersecurity Education

Q7. The short form of the name used for the International Organizational for Standardization is _____.

  • ISO
  • IOS
  • ISOS
  • IIOS

Q8. ISO’s first standards focused on _____.

  • international temperature scales
  • cybersecurity practices
  • industrial length measurements
  • national quality practices

Q9. The International Electrotechnical Commission is the world’s leading organization for the preparation and publication of international standards for all electrical, electronic, and related technologies; And these technologies are collectively as _____.

  • cybernetics
  • electronics
  • photoluminescence
  • electrotechnology

Q10. ISO/IEC 27001, a standard in information security management systems has become one of ISO’s _____ security-related standards.

  • most popular
  • least popular
  • best written
  • most widely used

Week 3: NIST Risk Management Framework

Quiz 1: An Overview of the NIST RMF

Q1. One of the most significant improvements between revision 1 and 2 of the Risk Management Framework (SP 800-37) is the _____.

  • removal of the seventh step, Agency Certification, from the methodology
  • addition of a new step, Agency Certification, from the methodology
  • addition of a detailed preparation phase to the previously six step methodology
  • removal of an eighth step, Agency Re-Certification, from the methodology

Q2. The RMF promotes _____.

  • near real-time risk management
  • real-time risk management
  • periodic risk management
  • bi-annual risk management

Q3. The target audience for NIST’s RMF _____.

  • has always included any organization with the responsibility to protect information.
  • is exclusively U.S. Federal agencies
  • has been revised to include any organization with the responsibility to protect information
  • has been narrowed to exclude non-government organizations

Quiz 2: An Overview of the NIST RMF

Q1. There are seven steps in the RMF; six main steps and an appendix for some detailed information.

  • True
  • False

Q2. The RMF _____ step provides a structured way to determine the criticality of the information being processed, stored, and transmitted by a system.

  • Prepare Step
  • Categorize
  • Assess
  • Monitor

Q3. The RMF _____ step is to determine that selected security and privacy controls are implemented correctly, operate as intended, produce the desired outcome, and meet organizational or system security and privacy requirements.

  • Prepare Step
  • Categorize
  • Assess
  • Monitor

Quiz 3: The NIST Approach to Risk Assessment

Q1. Risk is a measure of the extent to which an entity is threatened by a potential circumstance or event, and is typically a function of _____ and _____.

  • impact, likelihood
  • impact, uncertainty
  • uncertainty, likelihood
  • likelihood, vulnerability

Q2. An approach to risk and its factors is _____ when it assess risk based on numbers — with standardized values understood outside the assessment.

  • quantitative
  • qualitative
  • semi-quantitative
  • partially qualitative

Q3. An approach to risk and its factors is _____ when it assess risk using ranges, scales, or representative values.

  • quantitative
  • qualitative
  • semi-quantitative
  • partially qualitative

Quiz 4: The NIST Approach to Risk Treatment

Q1. According to NIST, risk _____ is the appropriate strategy when the identified risk is within the organizational risk appetite.

  • removal
  • sharing
  • acceptance
  • transfer

Q2. According to NIST, risk _____ is the appropriate response for that portion of risk that cannot be accepted, avoided, shared, or transferred.

  • mitigation
  • sharing
  • acceptance
  • transfer

Q3. Some risk response measures may be more strategic in nature and reflect solutions that take a much shorter time to implement.

  • True
  • False

Quiz 5: Wrap-up to NIST Risk Management Framework

Q1. One of the most significant improvements between revision 1 and 2 of the Risk Management Framework (SP 800-37) is the _____.

  • removal of the seventh step, Agency Certification, from the methodology
  • addition of a new step, Agency Certification, from the methodology
  • addition of a detailed preparation phase to the previously six step methodology
  • removal of an eighth step, Agency Re-Certification, from the methodology

Q2. The RMF promotes _____.

  • near real-time risk management
  • real-time risk management
  • periodic risk management
  • bi-annual risk management

Q3. The NIST Risk Management Framework is relatively new and has not been under development for very long.

  • True
  • False

Q4. The RMF _____ step allows an organization to maintain the authorization of a system over time in a highly dynamic operating environment where systems adapt to changing threats, vulnerabilities, technologies, and mission and business processes.

  • Prepare Step
  • Categorize
  • Assess
  • Monitor

Q5. The RMF _____ step is to determine that selected security and privacy controls are implemented correctly, operate as intended, produce the desired outcome, and meet organizational or system security and privacy requirements.

  • Prepare Step
  • Categorize
  • Assess
  • Monitor

Q6. Risk is a measure of the extent to which an entity is threatened by a potential circumstance or event, and is typically a function of _____ and _____.

  • impact, likelihood
  • impact, uncertainty
  • uncertainty, likelihood
  • likelihood, vulnerability

Q7. An approach to risk and its factors is _____ when it assess risk based on numbers — with standardized values understood outside the assessment.

  • quantitative
  • qualitative
  • semi-quantitative
  • partially qualitative

Q8. An approach to risk and its factors is _____ when it assess risk using ranges, scales, or representative values.

  • quantitative
  • qualitative
  • semi-quantitative
  • partially qualitative

Q9. According to NIST, risk _____ is the appropriate strategy when the identified risk is within the organizational risk appetite.

  • removal
  • sharing
  • acceptance
  • transfer

Q10. According to NIST, risk _____ is the appropriate response for that portion of risk that cannot be accepted, avoided, shared, or transferred.

  • mitigation
  • sharing
  • acceptance
  • transfer

Week 4: The ISO Approach to Risk Management

Quiz 1: ISO Risk Management Definitions

Q1. The International Organization for Standardization has two families of publications that include risk management; They are _____ and _____.

  • ISO 31000 Risk Management Guidelines, ISO 27005 Information Security Risk Management
  • ISO 37000 Risk Management for IT, ISO 27005 Healthcare Risk Management
  • ISO 31000 Risk Management Guidelines, ISO 28005 Information Security Risk Management
  • ISO 31500 Healthcare Risk Management Guidelines, ISO 31005 Information Technology Risk Management

Q2. ISO defines _____ as a scheme within the risk management framework specifying the approach, the management components and resources to be applied to the management of risk

  • a risk management plan
  • a risk management policy
  • a risk treatment design
  • a risk practice

Q3. ISO defines _____ as the amount and type of risk that an organization is willing to pursue or retain

  • residual risk
  • risk appetite
  • risk tolerance
  • risk process

Quiz 2: The ISO 31000 Risk Management Standards

Q1. The ISO 31000 series has two key standards that focus on risk management: _____ and _____.

  • ISO 31900: 2005 Guidelines for Risk Management, IEC 31010: 2019 Risk assessment techniques
  • ISO 31000: 2018 Guidelines for Risk Management, IEC 31999: 2005 Risk treatment techniques
  • Part 1: Guidelines for Risk Management, Part 2: Risk treatment techniques
  • ISO 31000: 2018 Guidelines for Risk Management, IEC 31010: 2019 Risk assessment techniques

Q2. The ISO 31000 approach to risk management involves three cyclic components: the Principles, the _____ and the Process.

  • Prototype
  • Framework
  • Foundation
  • Architecture

Q3. In the ISO process, the _____ and review activities are where the managers review collected information on the performance and successes of the process team and then use those to improve the process.

  • oversight
  • supervision
  • monitoring
  • feedback

Quiz 3: ISO 27000 Series and Risk Management

Q1. ISO 27005 specifies two types of assets within the standard; _____ and _____.

  • business processes, information
  • business practices, data
  • computers. networks
  • data in transit, data at rest

Q2. The risk management process promoted in ISO 31000 is the basis for the 27005 approach.

  • True
  • False

Q3. ISO 27005 describes risk assessment as a process that determines the best way treat risks to lower them to acceptable levels.

  • True
  • False

Quiz 4: Wrap-up to The ISO Approach to Risk Management

Q1. The International Organization for Standardization has two families of publications that include risk management; They are _____ and _____.

  • ISO 31000 Risk Management Guidelines, ISO 27005 Information Security Risk Management
  • ISO 37000 Risk Management for IT, ISO 27005 Healthcare Risk Management
  • ISO 31000 Risk Management Guidelines, ISO 28005 Information Security Risk Management
  • ISO 31500 Healthcare Risk Management Guidelines, ISO 31005 Information Technology Risk Management

Q2. ISO defines _____ as a scheme within the risk management framework specifying the approach, the management components and resources to be applied to the management of risk

  • a risk management plan
  • a risk management policy
  • a risk treatment design
  • a risk practice

Q3. ISO defines _____ as a statement of the overall intentions and direction of an organization related to risk management.

  • a risk management plan
  • a risk management policy
  • a risk treatment design
  • a risk practice

Q4. ISO defines _____ as the amount and type of risk that an organization is willing to pursue or retain

  • residual risk
  • risk appetite
  • risk tolerance
  • risk process

Q5. ISO defines _____ as the organization’s or stakeholder’s readiness to bear the risk after risk treatment in order to achieve its objectives.

  • residual risk
  • risk appetite
  • risk tolerance
  • risk process

Q6. The ISO 31000 approach to risk management involves three cyclic components: the Principles, the _____ and the Process.

  • Prototype
  • Framework
  • Foundation
  • Architecture

Q7. An ISO risk management principle of being _____ states that the risk management approach can evolve and react to changes in risk in a timely fashion, as the internal and external environments change

  • integrated
  • customized
  • structured
  • dynamic

Q8. In the ISO process, the _____ and review activities are where the managers review collected information on the performance and successes of the process team and then use those to improve the process.

  • oversight
  • supervision
  • monitoring
  • feedback

Q9. ISO 27005 specifies two types of assets within the standard; _____ and _____.

  • business processes, information
  • business practices, data
  • computers. networks
  • data in transit, data at rest

Q10. ISO 27005 describes risk assessment as a process that determines the best way treat risks to lower them to acceptable levels.

  • True
  • False

Week 5: Other Approaches and Tools for Risk Management

Quiz 1: Cost Benefit Analysis

Q1. Known in business circles as an _____ feasibility study, a cost-benefit analysis approach to risk management has the major advantage of being easily understood by traditional managers.

  • technical
  • capacity
  • practical
  • economic

Q2. The _____ is the entire amount of time, effort and money the organization spends to specify, select, acquire, use, support, maintain, improve and eventually terminate the technology or activity.

  • total cost to specify
  • total cost to select
  • net operating cost

Q3. A(n) _____ is the probability of a threat occurring within a one year period.

  • Annualized Loss Expectancy (ALE)
  • Single Attack Loss (SAL)
  • Single Loss Expectancy (SLE)
  • Annualized Rate of Occurrence (ARO)

Quiz 2: FAIR, OCTAVE and ENISA

Q1. The _____ approach was designed by Security consultant Jack Jones to help organizations understand, analyze, and measure information risk using a formal yet simplistic framework.

  • Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE)
  • Risk Assets Information Dialog (RAID)
  • Factor Analysis of Information Risk (FAIR)
  • European Network and Information Security Agency (ENISA)

Q2. The _____ approach is a security risk evaluation methodology developed by the Software Engineering Institute of Carnegie Mellon University, that allows organizations to balance the protection of critical information assets against the costs of providing protective and detection controls.

  • Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE)
  • Risk Assets Information Dialog (RAID)
  • Factor Analysis of Information Risk (FAIR)
  • European Network and Information Security Agency (ENISA)

Q3. The original OCTAVE Method, which forms the basis for the OCTAVE body of knowledge was designed for very small organizations (30 or fewer users).

  • True
  • False

Quiz 3: Paper-based Tools to Support Risk Management

Q1. Which version of OCTAVE is designed for small and medium businesses to use a pen and paper approach to risk management?

  • FAIR
  • Allegro
  • Forte
  • OCTAVE-S

Q2. The initial step in the ALLEGRO process is to _____.

  • Select Mitigation Approach
  • Purchase Computer Equipment
  • Analyze Risks
  • Establish Risk Measurement Criteria

Q3. The final step in the ALLEGRO process is to _____.

  • Select Mitigation Approach
  • Purchase Computer Equipment
  • Analyze Risks
  • Establish Risk Measurement Criteria

Quiz 4: Applications to Support Risk Management

Q1. Clearwater Compliance, Information Risk Management Analysis is an example of _____.

  • an automated commercial risk management application
  • a manual risk management solution from the Carnegie Mellon SEI
  • an automated risk management application provided to government contractors by NIST
  • a commercial risk management application that uses paper and pen by very small businesses

Q2. Using CC|IRM, an organization would typically begin by _____ for the information assets to be evaluated in the application.

  • preparing an asset inventory
  • estimating threat likelihood
  • estimating threat impact
  • defining it’s risk threshold

Q3. The CC|IRM tool expresses the Risk Threshold is scored on a scale of 1 to _____ based on the likelihood times impact ratings.

  • 100
  • 25
  • 5
  • 3

Quiz 5: Wrap-up for Other Approaches and Tools for Risk Management

Q1. Known in business circles as an _____ feasibility study, a cost-benefit analysis approach to risk management has the major advantage of being easily understood by traditional managers.

  • technical
  • capacity
  • practical
  • economic

Q2. The _____ is the entire amount of time, effort and money the organization spends to specify, select, acquire, use, support, maintain, improve and eventually terminate the technology or activity.

  • total cost to specify
  • total cost of ownership
  • total cost to select
  • net operating cost

Q3. A(n) _____ is the probability of a threat occurring within a one year period.

  • Annualized Loss Expectancy (ALE)
  • Single Attack Loss (SAL)
  • Single Loss Expectancy (SLE)
  • Annualized Rate of Occurrence (ARO)

Q4. The _____ approach was designed by Security consultant Jack Jones to help organizations understand, analyze, and measure information risk using a formal yet simplistic framework.

  • Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE)
  • Risk Assets Information Dialog (RAID)
  • Factor Analysis of Information Risk (FAIR)
  • European Network and Information Security Agency (ENISA)

Q5. The _____ approach is a security risk evaluation methodology developed by the Software Engineering Institute of Carnegie Mellon University, that allows organizations to balance the protection of critical information assets against the costs of providing protective and detection controls.

  • Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE)
  • Risk Assets Information Dialog (RAID)
  • Factor Analysis of Information Risk (FAIR)
  • European Network and Information Security Agency (ENISA)

Q6. Which version of OCTAVE is designed for small and medium businesses to use a pen and paper approach to risk management?

  • FAIR
  • Allegro
  • Forte
  • OCTAVE-S

Q7. The initial step in the ALLEGRO process is to _____.

  • Select Mitigation Approach
  • Purchase Computer Equipment
  • Analyze Risks
  • Establish Risk Measurement Criteria

Q8. The final step in the ALLEGRO process is to _____.

  • Select Mitigation Approach
  • Purchase Computer Equipment
  • Analyze Risks
  • Establish Risk Measurement Criteria

Q9. Clearwater Compliance, Information Risk Management Analysis is an example of _____.

  • an automated commercial risk management application
  • a manual risk management solution from the Carnegie Mellon SEI
  • an automated risk management application provided to government contractors by NIST
  • a commercial risk management application that uses paper and pen by very small businesses

Q10. Using CC|IRM, an organization would typically begin by _____ for the information assets to be evaluated in the application.

  • preparing an asset inventory
  • estimating threat likelihood
  • estimating threat impact
  • defining its risk threshold

Week 6: Course Wrap-up

Quiz: Final Assessment for Course

Q1. According to our lesson, standards support business _____ and cooperation.

  • competition
  • immersion
  • interaction
  • isolation

Q2. According to NIST, standards do all of the following except _____.

  • make interoperability of components made by different companies possible
  • build barriers between company’s ability to collaborate
  • protect consumers by ensuring safety, durability, and market equity
  • provide a common language to measure and evaluate performance

Q3. Standards could be one of these?

  • de facto
  • de juste
  • de luxe
  • a la carte

Q4. A de facto standard _____.

  • standards according to law or regulation
  • developed by international standards groups
  • exist because of informal use over the years have made them standards
  • used by larger organizations

Q5. NIST is an acronym that stands for _____.

  • Naval Institute of Specifications and Technology
  • Naval Institute of standards and Technology
  • National Institute of Standards and Technology
  • National Institute of Specifications and Technology

Q6. _____ established the agency to remove a major challenge to U.S. industrial competitiveness at the time—a second-rate measurement infrastructure that lagged behind the capabilities of the United Kingdom, Germany, and other economic rivals.

  • The U.S. Congress
  • The U.S. President
  • The U.S. Constitution
  • The U.S. Supreme Court

Q7. NIST also has a major project called NICE, an acronym for _____.

  • National Initiative for Cybersecurity Execution
  • Naval Initiative for Cybersecurity Education
  • National Initiative for Cybercrime Eradication
  • National Initiative for Cybersecurity Education

Q8. The short form of the name used for the International Organizational for Standardization is _____.

  • ISO
  • IOS
  • ISOS
  • IIOS

Q9. ISO’s first standards focused on _____.

  • international temperature scales
  • cybersecurity practices
  • industrial length measurements
  • national quality practices

Q10. The International Electrotechnical Commission is the world’s leading organization for the preparation and publication of international standards for all electrical, electronic, and related technologies; And these technologies are collectively as _____.

  • cybernetics
  • electronics
  • photoluminescence
  • electrotechnology

Q11. ISO/IEC 27001, a standard in information security management systems has become one of ISO’s _____ security-related standards.

  • most popular
  • least popular
  • best written
  • most widely used

Q12. One of the most significant improvements between revision 1 and 2 of the Risk Management Framework (SP 800-37) is the _____.

  • removal of the seventh step, Agency Certification, from the methodology
  • addition of a new step, Agency Certification, from the methodology
  • addition of a detailed preparation phase to the previously six step methodology
  • removal of an eighth step, Agency Re-Certification, from the methodology

Q13. The RMF promotes _____.

  • near real-time risk management
  • real-time risk management
  • periodic risk management
  • bi-annual risk management

Q14. The target audience for NIST’s RMF _____.

  • has always included any organization with the responsibility to protect information.
  • is exclusively U.S. Federal agencies
  • has been revised to include any organization with the responsibility to protect information
  • has been narrowed to exclude non-government organizations

Q15. The RMF _____ step provides a structured way to determine the criticality of the information being processed, stored, and transmitted by a system.

  • Prepare Step
  • Categorize
  • Assess
  • Monitor

Q16. The RMF _____ step allows an organization to maintain the authorization of a system over time in a highly dynamic operating environment where systems adapt to changing threats, vulnerabilities, technologies, and mission and business processes.

  • Prepare Step
  • Categorize
  • Assess
  • Monitor

Q17. The RMF _____ step is to determine that selected security and privacy controls are implemented correctly, operate as intended, produce the desired outcome, and meet organizational or system security and privacy requirements.

  • Prepare Step
  • Categorize
  • Assess
  • Monitor

Q18. Risk is a measure of the extent to which an entity is threatened by a potential circumstance or event, and is typically a function of _____ and _____.

  • impact, likelihood
  • impact, uncertainty
  • uncertainty, likelihood
  • likelihood, vulnerability

Q19. An approach to risk and its factors is _____ when it assess risk based on numbers — with standardized values understood outside the assessment.

  • quantitative
  • qualitative
  • semi-quantitative
  • partially qualitative

Q20. An approach to risk and its factors is _____ when it assess risk using ranges, scales, or representative values.

  • quantitative
  • qualitative
  • semi-quantitative
  • partially qualitative

Q21. Risk remediation is the process of identifying, estimating, and prioritizing cybersecurity risks.

  • True
  • False

Q22. According to NIST, risk _____ is the appropriate strategy when the identified risk is within the organizational risk appetite.

  • removal
  • sharing
  • acceptance
  • transfer

Q23. According to NIST, risk _____ is the appropriate response for that portion of risk that cannot be accepted, avoided, shared, or transferred.

  • mitigation
  • sharing
  • acceptance
  • transfer

Q24. Once the organization has calculated the risk for each Threat/Vulnerability/Asset triple – regardless of the risk approach used, they need to decide whether the current level of risk is acceptable.

  • True
  • False

Q25. Some risk response measures may be more strategic in nature and reflect solutions that take a much shorter time to implement.

  • True
  • False

Q26. The International Organization for Standardization has two families of publications that include risk management; They are _____ and _____.

  • ISO 31000 Risk Management Guidelines, ISO 27005 Information Security Risk Management
  • ISO 37000 Risk Management for IT, ISO 27005 Healthcare Risk Management
  • ISO 31000 Risk Management Guidelines, ISO 28005 Information Security Risk Management
  • ISO 31500 Healthcare Risk Management Guidelines, ISO 31005 Information Technology Risk Management

Q27. ISO defines _____ as a scheme within the risk management framework specifying the approach, the management components and resources to be applied to the management of risk

  • a risk management plan
  • a risk management policy
  • a risk treatment design
  • a risk practice

Q28. ISO defines _____ as a statement of the overall intentions and direction of an organization related to risk management.

  • a risk management plan
  • a risk management policy
  • a risk treatment design
  • a risk practice

Q29. ISO defines _____ as the amount and type of risk that an organization is willing to pursue or retain

  • residual risk
  • risk appetite
  • risk tolerance
  • risk process

Q30. ISO defines _____ as the organization’s or stakeholder’s readiness to bear the risk after risk treatment in order to achieve its objectives.

  • residual risk
  • risk appetite
  • risk tolerance
  • risk process

Q31. The ISO 31000 series has two key standards that focus on risk management: _____ and _____.

  • ISO 31900: 2005 Guidelines for Risk Management, IEC 31010: 2019 Risk assessment techniques
  • ISO 31000: 2018 Guidelines for Risk Management, IEC 31999: 2005 Risk treatment techniques
  • Part 1: Guidelines for Risk Management, Part 2: Risk treatment techniques
  • ISO 31000: 2018 Guidelines for Risk Management, IEC 31010: 2019 Risk assessment techniques

Q32. The ISO 31000 approach to risk management involves three cyclic components: the Principles, the _____ and the Process.

  • Prototype
  • Framework
  • Foundation
  • Architecture

Q33. An ISO risk management principle of being _____ states that the risk management approach can evolve and react to changes in risk in a timely fashion, as the internal and external environments change

  • integrated
  • customized
  • structured
  • dynamic

Q34. In the ISO process, the _____ and review activities are where the managers review collected information on the performance and successes of the process team and then use those to improve the process.

  • oversight
  • supervision
  • monitoring
  • feedback

Q35. ISO 27005 specifies two types of assets within the standard; _____ and _____.

  • business processes, information
  • business practices, data
  • computers. networks
  • data in transit, data at rest

Q36. The risk management process promoted in ISO 31000 is the basis for the 27005 approach.

  • True
  • False

Q37. Known in business circles as an _____ feasibility study, a cost-benefit analysis approach to risk management has the major advantage of being easily understood by traditional managers.

  • technical
  • capacity
  • practical
  • economic

Q38. The heart of the CBA comes down to two areas; _____ and _____.

  • cost, benefit
  • cost, capability
  • technical ability, benefit
  • technical ability, capability

Q39. The _____ is the entire amount of time, effort and money the organization spends to specify, select, acquire, use, support, maintain, improve and eventually terminate the technology or activity.

  • total cost to specify
  • total cost of ownership
  • total cost to select
  • net operating cost

Q40. A(n) _____ is the calculated value associated with the most likely loss from a single occurrence of a specific attack (impact).

  • Annualized Loss Expectancy (ALE)
  • Single Attack Loss (SAL)
  • Single Loss Expectancy (SLE)
  • Annualized Cost of Safeguard (ACS)

Q41. A(n) _____ is the probability of a threat occurring within a one year period.

  • Annualized Loss Expectancy (ALE)
  • Single Attack Loss (SAL)
  • Single Loss Expectancy (SLE)
  • Annualized Rate of Occurrence (ARO)

Q42. The _____ approach was designed by Security consultant Jack Jones to help organizations understand, analyze, and measure information risk using a formal yet simplistic framework.

  • Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE)
  • Risk Assets Information Dialog (RAID)
  • Factor Analysis of Information Risk (FAIR)
  • European Network and Information Security Agency (ENISA)

Q43. The _____ approach is a security risk evaluation methodology developed by the Software Engineering Institute of Carnegie Mellon University, that allows organizations to balance the protection of critical information assets against the costs of providing protective and detection controls.

  • Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE)
  • Risk Assets Information Dialog (RAID)
  • Factor Analysis of Information Risk (FAIR)
  • European Network and Information Security Agency (ENISA)

Q44. The OCTAVE methodologies also provide pen and paper forms for working through the risk assessment and risk management process for their respectively-sized organizations.

  • True
  • False

Q45. The original OCTAVE Method, which forms the basis for the OCTAVE body of knowledge was designed for very small organizations (30 or fewer users).

  • True
  • False

Q46. Which version of OCTAVE is designed for small and medium businesses to use a pen and paper approach to risk management?

  • FAIR
  • Allegro
  • Forte
  • OCTAVE-S

Q47. The initial step in the ALLEGRO process is to _____.

  • Select Mitigation Approach
  • Purchase Computer Equipment
  • Analyze Risks
  • Establish Risk Measurement Criteria

Q48. The final step in the ALLEGRO process is to _____.

  • Select Mitigation Approach
  • Purchase Computer Equipment
  • Analyze Risks
  • Establish Risk Measurement Criteria

Q49. Clearwater Compliance, Information Risk Management Analysis is an example of _____.

  • an automated commercial risk management application
  • a manual risk management solution from the Carnegie Mellon SEI
  • an automated risk management application provided to government contractors by NIST
  • a commercial risk management application that uses paper and pen by very small businesses

Q50. Using CC|IRM, an organization would typically begin by _____ for the information assets to be evaluated in the application.

  • preparing an asset inventory
  • estimating threat likelihood
  • estimating threat impact
  • defining it’s risk threshold
Conclusion:

I hope this Dominant Risk Management Standards and Frameworks Coursera Quiz Answers would be useful for you to learn something new from this problem. If it helped you then don’t forget to bookmark our site for more Coding Solutions.

This Problem is intended for audiences of all experiences who are interested in learning about Data Science in a business context; there are no prerequisites.

Keep Learning!

More Coding Solutions >>

LeetCode Solutions

Hacker Rank Solutions

CodeChef Solutions

Leave a Reply

Your email address will not be published.