Question 1

A university is updating its information security risk assessment for its research data storage systems. To identify risks effectively, what method should be emphasized?

Options :

A : Asset-based risk identification, including physical and digital data assets.

B : Conducting vulnerability scans of the data storage systems.

C : Reviewing compliance with academic data management standards.

D : Assessing the impact of potential data breaches on research integrity.

Answer: A

Question 2

A healthcare provider is evaluating the risk of unauthorized access to electronic health records (EHRs). The provider's risk criteria prioritize patient confidentiality and regulatory compliance. How should the risk level be assessed in this scenario?

Options :

A : Moderate, given the presence of basic access controls.

B : High, due to the critical importance of maintaining patient confidentiality and meeting regulatory requirements.

C : Low, as there is a low probability of such an incident occurring.

D : Negligible, assuming the healthcare provider conducts regular security audits.

Answer: B

Question 3

The C-suite of a technology firm is committed to enhancing the risk management program. Which action reflects their leadership in promoting a risk-aware culture within the firm?

Options :

A : Restricting the dissemination of risk management information to a select few senior executives.

B : Ignoring the need for ongoing risk management training and awareness programs.

C : Treating risk management as an issue only relevant to the IT security team.

D : Regularly communicating the importance of risk management to all employees and encouraging their active involvement.

Answer: D

Question 4

A financial services firm is implementing a risk assessment program for its digital banking services. What factor is important to consider when selecting a risk assessment methodology?

Options :

A : Using an outdated risk assessment methodology that does not consider current digital banking trends and threats.

B : Selecting a methodology that disregards the specific risks associated with digital banking.

C : Focusing only on quantitative analysis and disregarding the qualitative aspects of risk.

D : Choosing a methodology that aligns with the firm-s digital banking services and regulatory compliance requirements.

Answer: D

Question 5

An IT service provider is using quantitative risk analysis for its data center operations. In which situation is this approach most appropriate?

Options :

A : For estimating the probability and financial impact of risks such as system downtime or data breaches.

B : Applying quantitative analysis to risks that are purely based on speculation and lack data.

C : When the risks cannot be expressed in numerical terms.

D : Using quantitative analysis to cover all aspects of risk without considering qualitative factors.

Answer: A