The PRIMARY advantage of involving end users in continuity planning is that they:
Which of the following approaches BEST identifies information systems control deficiencies?
Which of the following provides the BEST measurement of an organization's risk management maturity level?
A risk practitioner identifies a database application that has been developed and implemented by the business independently of IT. Which of the following is the BEST course of action?
When updating the risk register after a risk assessment, which of the following is MOST important to include?
Which of the following is the BEST evidence that risk management is driving business decisions in an organization?
An organization discovers significant vulnerabilities in a recently purchased commercial off-the-shelf software product which will not be corrected until the next release. Which of the following is the risk manager's BEST course of action?
Which of the following is the MOST important objective of an enterprise risk management (ERM) program?
Winch of the following can be concluded by analyzing the latest vulnerability report for the it infrastructure?
In response to the threat of ransomware, an organization has implemented cybersecurity awareness activities. The risk practitioner's BEST recommendation to further reduce the impact of ransomware attacks would be to implement:
An organization is implementing encryption for data at rest to reduce the risk associated with unauthorized access. Which of the following MUST be considered to assess the residual risk?
Which of the following BEST facilitates the mitigation of identified gaps between current and desired risk environment states?
An organization recently received an independent security audit report of its cloud service provider that indicates significant control weaknesses. What should be done NEXT in response to this report?
Which of the following is the BEST source for identifying key control indicators (KCIs)?
Of the following, who is accountable for ensuing the effectiveness of a control to mitigate risk?
Which of the following is the BEST course of action to help reduce the probability of an incident recurring?
Which of the following is the MOST important objective of establishing an enterprise risk management (ERM) function within an organization?
What should be the PRIMARY driver for periodically reviewing and adjusting key risk indicators (KRIs)?
When a high-risk security breach occurs, which of the following would be MOST important to the person responsible for managing the incident?