Interested to Buy Any Domain ? << Click Here >> for more details...
A primary function of risk management is the identification
of cost-effective controls. In selecting appropriate
controls, which of the following methods is best to study
the effectiveness of adding various safeguards in reducing
vulnerabilities?
A. "What if" analysis
B. Traditional cost/benefit analysis
C. Screening analysis
D. A "back-of-the-envelope" analysis
- 1 Answers
- 4526 Views
- I also Faced
- E-Mail Answers
Answer / guest
Answer: A
Choice (A) is the correct answer. With the "what if"
analysis method, the effect of adding various safeguards
(and therefore reducing vulnerabilities) is tested to see
what difference each makes. Trade-offs can then be made
based on the cost of the safeguard and its benefit in terms
of reduced risk. Choice (B) is incorrect. In traditional
cost/benefit analysis, the cost is based on the purchase and
operating costs of safeguards. The benefit is calculated
based on an expected decrease in future losses. Choice (C)
is incorrect. Screening analysis can be used to concentrate
on the highest-risk areas. One method is to examine risks
with very severe consequences, such as a high dollar loss or
loss of life. Choice (D) is incorrect. With "back-of-the
envelope" analysis, a high-medium-low ranking can often
provide all the information needed. However, especially for
the selection of expensive safeguards or the analysis of
systems with unknown consequences, more in-depth analysis
may be warranted.
| Is This Answer Correct ? | 3 Yes | 0 No |
When reviewing the quality of an IS department's development process, the IS auditor finds that they do not use any formal, documented methodology and standards. The IS auditor's MOST appropriate action would be to: A. complete the audit and report the finding. B. investigate and recommend appropriate formal standards. C. document the informal standards and test for compliance. D. withdraw and recommend a further audit when standards are implemented.
Which of the following would be the LEAST likely indication that complete or selected outsourcing of IS functions should be considered? A. The applications development backlog is greater than three years. B. It takes one year to develop and implement a high-priority system. C. More than 60 percent of programming costs are spent on system maintenance. D. Duplicate information systems functions exist at two sites.
Involvement of senior management is MOST important in the development of: A. strategic plans. B. IS policies. C. IS procedures. D. standards and guidelines.
Which of the following provides nonrepudiation services for e-commerce transactions? A. Public key infrastructure (PKI) B. Data encryption standard (DES) C. Message authentication code (MAC) D. Personal identification number (PIN)
Which of the following is intended to detect the loss or duplication of input? A. Hash totals B. Check digits C. Echo checks D. Transaction codes
While designing the business continuity plan (BCP) for an airline reservation system, the MOST appropriate method of data transfer/back up at an offsite location would be: A. shadow file processing. B. electronic vaulting. C. hard-disk mirroring. D. hot-site provisioning.
Which of the following is a network architecture configuration that links each station directly to a main hub? A. Bus B. Ring C. Star D. Completed connected
In an online transaction processing system, data integrity is maintained by ensuring that a transaction is either completed in its entirety or not at all. This principle of data integrity is known as: A. isolation. B. consistency. C. atomicity. D. durability.
A retail company recently installed data warehousing client software at geographically diverse sites. Due to time zone differences between the sites, updates to the warehouse are not synchronized. Which of the following will be affected the MOST? A. Data availability B. Data completeness C. Data redundancy D. Data inaccuracy
The PRIMARY reason for separating the test and development environments is to: A. restrict access to systems under test. B. segregate user and development staff. C. control the stability of the test environment. D. secure access to systems under development.
Which of the following procedures would MOST effectively detect the loading of illegal software packages onto a network? A. The use of diskless workstations B. Periodic checking of hard drives C. The use of current antivirus software D. Policies that result in instant dismissal if violated
An IS auditor discovers that an organization?s business continuity plan provides for an alternate processing site that will accommodate fifty percent of the primary processing capability. Based on this, which of the following actions should the IS auditor take? A. Do nothing, because generally, less than twenty-five percent of all processing is critical to an organization?s survival and the backup capacity, therefore is adequate. B. Identify applications that could be processed at the alternate site and develop manual procedures to backup other processing. C. Ensure that critical applications have been identified and that the alternate site could process all such applications. D. Recommend that the information processing facility arrange for an alternate processing site with the capacity to handle at least seventy-five percent of normal processing.
Cisco Certifications 
