The MAJOR advantage of the risk assessment approach over the
baseline approach to information security management is that
it ensures:
A. information assets are over protected.
B. a basic level of protection is applied regardless of
asset value.
C. appropriate levels of protection are applied to
information assets.
D. an equal proportion of resources are devoted to
protecting all information assets.
- 1 Answers
- 6945 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: C
Full risk assessment determines the level of protection most
appropriate to a given level of risk, while the baseline
approach merely applies a standard set of protection
regardless of risk. There is a cost advantage in not over
protecting information. However, an even bigger advantage is
making sure that no information assets are over or under
protected. The risk assessment approach will ensure an
appropriate level of protection is applied commensurate with
the level of risk and asset value, and therefore, considers
asset value. The baseline approach allows more resources to
be directed towards the assets at greater risk rather than
equally directing resources to all assets.
| Is This Answer Correct ? | 5 Yes | 0 No |
Which of the following should be included in an organization's IS security policy? A. A list of key IT resources to be secured B. The basis for access authorization C. Identity of sensitive security features D. Relevant software security features
The PRIMARY objective of an IS audit function is to: A. determine whether everyone uses IS resources according to their job description. B. determine whether information systems safeguard assets, and maintain data integrity. C. examine books of accounts and relative documentary evidence for the computerized system. D. determine the ability of the organization to detect fraud.
An IS auditor's MAJOR concern as a result of reviewing a business process reengineering (BPR) project should be whether the: A. newly designed business process has key controls in place. B. changed process will affect organization structure, finances and personnel. C. roles for suppliers have been redefined. D. process has been documented before and after reengineering.
As part of the business continuity planning process, which of the following should be identified FIRST in the business impact analysis (BIA)? A. Organizational risks, such as single point-of-failure and infrastructure risk B. Threats to critical business processes C. Critical business processes for ascertaining the priority for recovery D. Resources required for resumption of business
LANs: A. protect against virus infection. B. protect against improper disclosure of data. C. provide program integrity from unauthorized changes. D. provide central storage for a group of users.
The use of a GANTT chart can: A. aid in scheduling project tasks. B. determine project checkpoints. C. ensure documentation standards. D. direct the post-implementation review.
Which of the following would be included in an IS strategic plan?
A decrease in amplitude as a signal propagates along a transmission medium is known as: A. noise. B. crosstalk. C. attenuation. D. delay distortion.
The implementation of cost-effective controls in an automated system is ultimately the responsibility of the: A. system administrator. B. quality assurance function. C. business unit management. D. chief of internal audit.
Which of the following is a detective control? A. Physical access controls B. Segregation of duties C. Backup procedures D. Audit trails
The secure socket layer (SSL) protocol addresses the confidentiality of a message through: A. symmetric encryption. B. message authentication code. C. hash function. D. digital signature certificates.
Which of the following would be of MOST concern to an IS auditor reviewing a VPN implementation? Computers on the network that are located: A. on the enterprise's facilities. B. at the backup site. C. in employees' homes. D. at the enterprise's remote offices.
Cisco Certifications 
