Scribd
Upload
108 views

Risk Management Quiz ANS

This document summarizes the key points from a 10 question risk management quiz. The quiz questions cover topics like the objectives of addressing risks and opportunities, the steps in the risk management process, elements that must be included in a risk assessment and Statement of Applicability according to ISO 27001. Most of the selected answers to the quiz questions are incorrect, with explanations provided.

Uploaded by

df
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
108 views

Risk Management Quiz ANS

This document summarizes the key points from a 10 question risk management quiz. The quiz questions cover topics like the objectives of addressing risks and opportunities, the steps in the risk management process, elements that must be included in a risk assessment and Statement of Applicability according to ISO 27001. Most of the selected answers to the quiz questions are incorrect, with explanations provided.

Uploaded by

df
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 3

Risk Management Quiz

----------
1.
Risks and opportunities need to be addressed in order to:

Select one or more:


O Achieve continual improvement
X Demonstrate management commitment
- Incorrect! Risks and opportunities should be addressed in order ensure an
effective ISMS. Management should demonstrate commitment by conducting numerous
relevant activities.
O Prevent or reduce undesired effects
X Ensure all employees are aware of the risks and opportunities
- Incorrect! Risks and opportunities should be addressed in order ensure an
effective ISMS.
O Ensure achievement of the ISMS outcomes

----------
2.
Risk assessment include the following:

Select one or more:


O Risk evaluation
X Risk treatment
O Risk analysis

----------
3.
Which of the following represent assets from an information security perspective?

Select one or more:


O Software
O Paper-based information
X Unauthorized modification
- Incorrect! This is a threat.
X Low awareness of information security
- Incorrect! This is a vulnerability.
O People

----------
4.
Which of the following actions are accepted as good risk treatment practices?

Select one or more:


X Ignoring risk
- Incorrect! There are four options for risk treatment: applying controls to
decrease risk, avoiding risk, accepting risk, and risk transfer.
O Risk acceptance
O Avoiding risk
O Risk transfer
X Doubling risk
- Incorrect! There are four options for risk treatment: applying controls to
decrease risk, avoiding risk, accepting risk, and risk transfer.

----------
5.
The Statement of Applicability document should include:
Select one:
O All the controls from Annex A and any additional controls that might be
identified in the risk treatment process
X Only additional controls that might be identified in the risk treatment process
- Incorrect! The Statement of Applicability should list all the controls from
Annex A and any additional controls that might be identified in the risk treatment
process.
X Only the controls from Annex A
- Incorrect! The Statement of Applicability should list all the controls from
Annex A and any additional controls that might be identified in the risk treatment
process.

----------
6.
The risk management process consists of the following steps:

Select one or more:


O Create the risk treatment plan
O Define the risk assessment methodology
O Select risk treatment options
X Understand the organization and its context
- Incorrect! This is a requirement from the standard, but is not a part of the
risk management process.
O Create the Statement of Applicability
X Define the information Security Policy
- Incorrect! This is a requirement from the standard, but is not a part of the
risk management process.
O Conduct the risk assessment

----------
7.
According ISO 27001, the risk assessment must include the following elements:

Select one or more:


O Risk evaluation
X Risk transfer
- Incorrect! Risk transfer represents a risk treatment option; it is not part
of the risk assessment.
X Risk treatment
- Incorrect! Risk treatment is a requirement of the standard, but it is a step
that comes after risk assessment; it is not part of the risk assessment process.
O Risk analysis
O Risk identification

----------
8.
The Statement of Applicability must include the following information:

Select one or more:


O Reason why the controls are implemented and how
X The value of the risk
- Incorrect! This information should be included in the risk assessment table,
not in the Statement of Applicability.
X The risk owner
- Incorrect! This information should be included in the risk assessment table,
not in the Statement of Applicability.
O List of all the controls from Annex A and any additional controls that might be
identified in the risk treatment process
O Justification for exclusion of those controls that are not implemented
O Information regarding whether the listed controls are implemented in the
organization

----------
9.
Risk analysis includes assessment of the impact the risk can have on the company
and assessment of the likelihood that the identified risk can really happen. The
assessment scale for the impact and the likelihood can vary between the values 1
and 10.

Select one:
X True
- Incorrect! Companies can choose different types of assessment scales for the
impact and the likelihood, such as a “high, medium, and low” scale, or one with
numerical values from 1 to 5, etc.
O False

----------
10.
After formulating a risk treatment plan, the Statement of Applicability must be
documented.

Select one:
X True
- Incorrect! First, the Statement of Applicability is documented, and after
that, the risk treatment plan is formulated.
O False

----------

You might also like