Interested to Buy Any Domain ? << Click Here >> for more details...
A team conducting a risk analysis is having difficulty
projecting the financial losses that could result from a
risk. To evaluate the potential losses the team should:
A. compute the amortization of the related assets.
B. calculate a return on investment (ROI).
C. apply a qualitative approach.
D. spend the time needed to define exactly the loss amount.
- 1 Answers
- 7658 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: C
The common practice, when it is difficult to calculate the
financial losses, is to take a qualitative approach, in
which the manager affected by the risk defines the financial
loss in terms of a weighted factor (e.g., 1 is a very low
impact to the business and 5 is a very high impact). A ROI
is computed when there is a predictable savings or revenues,
which can be compared to the investment needed to realize
the revenues. Amortization is used in a profit and loss
statement, not in computing potential losses. Spending the
time needed to define exactly the total amount is normally a
wrong approach. If it has been difficult to estimate
potential losses (e.g., losses derived from erosion of
public image due to a hack attack) that situation is not
likely to change, and at the end of the day, you will arrive
with a not well-supported evaluation.
| Is This Answer Correct ? | 3 Yes | 1 No |
Of the following, the MAIN purpose for periodically testing offsite backup facilities is to: A. ensure the integrity of the data in the database. B. eliminate the need to develop detailed contingency plans. C. ensure the continued compatibility of the contingency facilities. D. ensure that program and system documentation remains current.
When performing a general controls review, an IS auditor checks the relative location of the computer room inside the building. What potential threat is the IS auditor trying to identify? A. Social engineering B. Windstorm C. Earthquake D. Flooding
Which of the following would be the BEST method for ensuring that critical fields in a master record have been updated properly? A. Field checks B. Control totals C. Reasonableness checks D. A before-and-after maintenance report
Which of the following concerns associated with the World Wide Web would be addressed by a firewall? A. Unauthorized access from outside the organization B. Unauthorized access from within the organization C. A delay in Internet connectivity D. A delay in downloading using file transfer protocol (FTP)
The BEST time to perform a control self-assessment involving line management, line staff and the audit department is at the time of: A. compliance testing. B. the preliminary survey. C. substantive testing. D. the preparation of the audit report.
During a review of a business continuity plan, an IS auditor noticed that the point at which a situation is declared to be a crisis has not been defined. The MAJOR risk associated with this is that: A. assessment of the situation may be delayed. B. execution of the disaster recovery plan could be impacted. C. notification of the teams might not occur. D. potential crisis recognition might be delayed.
The extent to which data will be collected during an IS audit should be determined, based on the: A. availability of critical and required information. B. auditor's familiarity with the circumstances. C. auditee's ability to find relevant evidence. D. purpose and scope of the audit being done.
Which of the following BEST determines that complete encryption and authentication protocols exist for protecting information while transmitted? A. A digital signature with RSA has been implemented. B. Work is being done in tunnel mode with the nested services of AH and ESP C. Digital certificates with RSA are being used. D. Work is being done in transport mode, with the nested services of AH and ESP
Which of the following would be the LEAST important aspect of a business continuity plan? A. Redundant facilities B. Relocation procedures C. Adequate insurance coverage D. Current and available business continuity manual
To check the performance of flow and error control, an IS auditor should focus the use of a protocol analyzer on which of the following layers? A. Network B. Transport C. Data link D. Application
Receiving an EDI transaction and passing it through the communications interface stage usually requires: A. translating and unbundling transactions. B. routing verification procedures. C. passing data to the appropriate application system. D. creating a point of receipt audit log.
Which of the following is the primary purpose for conducting parallel testing? A. To determine if the system is cost-effective. B. To enable comprehensive unit and system testing. C. To highlight errors in the program interfaces with files. D. To ensure the new system meets user requirements.
Cisco Certifications 
