Interested to Buy Any Domain ? << Click Here >> for more details...
The MAJOR advantage of the risk assessment approach over the
baseline approach to information security management is that
it ensures:
A. information assets are over protected.
B. a basic level of protection is applied regardless of
asset value.
C. appropriate levels of protection are applied to
information assets.
D. an equal proportion of resources are devoted to
protecting all information assets.
- 1 Answers
- 7695 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: C
Full risk assessment determines the level of protection most
appropriate to a given level of risk, while the baseline
approach merely applies a standard set of protection
regardless of risk. There is a cost advantage in not over
protecting information. However, an even bigger advantage is
making sure that no information assets are over or under
protected. The risk assessment approach will ensure an
appropriate level of protection is applied commensurate with
the level of risk and asset value, and therefore, considers
asset value. The baseline approach allows more resources to
be directed towards the assets at greater risk rather than
equally directing resources to all assets.
| Is This Answer Correct ? | 5 Yes | 0 No |
The responsibility for designing, implementing and maintaining a system of internal control lies with: A. the IS auditor. B. management. C. the external auditor. D. the programming staff.
Which of the following is a data validation edit and control? A. Hash totals B. Reasonableness checks C. Online access controls D. Before and after image reporting
The document used by the top management of organizations to delegate authority to the IS audit function is the: A. long-term audit plan. B. audit charter. C. audit planning methodology. D. steering committee minutes.
LANs: A. protect against virus infection. B. protect against improper disclosure of data. C. provide program integrity from unauthorized changes. D. provide central storage for a group of users.
The Primary purpose of audit trails is to
To determine which users can gain access to the privileged supervisory state, which of the following should an IS auditor review? A. System access log files B. Enabled access control software parameters C. Logs of access control violations D. System configuration files for control options used
An IS auditor discovers evidence of fraud perpetrated with a manager's user id. The manager had written the password, allocated by the system administrator, inside his/her desk drawer. The IS auditor should conclude that the: A. manager's assistant perpetrated the fraud. B. perpetrator cannot be established beyond doubt. C. fraud must have been perpetrated by the manager. D. system administrator perpetrated the fraud.
Which of the following controls will detect MOST effectively the presence of bursts of errors in network transmissions? A. Parity check B. Echo check C. Block sum check D. Cyclic redundancy check
Which of the following statements relating to packet switching networks is CORRECT? A. Packets for a given message travel the same route. B. Passwords cannot be embedded within the packet. C. Packet lengths are variable and each packet contains the same amount of information. D. The cost charged for transmission is based on packet, not distance or route traveled.
1 Answers Karura Community Chapel,
E-mail message authenticity and confidentiality is BEST achieved by signing the message using the:
For which of the following applications would rapid recovery be MOST crucial? A. Point-of-sale system B. Corporate planning C. Regulatory reporting D. Departmental chargeback
Which of the following is a network architecture configuration that links each station directly to a main hub? A. Bus B. Ring C. Star D. Completed connected
Cisco Certifications 
