Black Friday Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: Board70

PECB ISO-IEC-27005-Risk-Manager Based on Real Exam Environment

Page: 4 / 4
Question 16

Scenario 8: Biotide is a pharmaceutical company that produces medication for treating different kinds of diseases. The company was founded in 1997, and since then it has contributed in solving some of the most challenging healthcare issues.

As a pharmaceutical company, Biotide operates in an environment associated with complex risks. As such, the company focuses on risk management strategies that ensure the effective management of risks to develop high-quality medication. With the large amount of sensitive information generated from the company, managing information security risks is certainly an important part of the overall risk management process. Biotide utilizes a publicly available methodology for conducting risk assessment related to information assets. This methodology helps Biotide to perform risk assessment by taking into account its objectives and mission. Following this method, the risk management process is organized into four activity areas, each of them involving a set of activities, as provided below.

1. Activity area 1: The organization determines the criteria against which the effects of a risk occurring can be evaluated. In addition, the impacts of risks are also defined.

2. Activity area 2: The purpose of the second activity area is to create information asset profiles. The organization identifies critical information assets, their owners, as well as the security requirements for those assets. After determining the security requirements, the organization prioritizes them. In addition, the organization identifies the systems that store, transmit, or process information.

3. Activity area 3: The organization identifies the areas of concern which initiates the risk identification process. In addition, the organization analyzes and determines the probability of the occurrence of possible threat scenarios.

4. Activity area 4: The organization identifies and evaluates the risks. In addition, the criteria specified in activity area 1 is reviewed and the consequences of the areas of concerns are evaluated. Lastly, the level of identified risks is determined.

The table below provides an example of how Biotide assesses the risks related to its information assets following this methodology:

Based on the table provided in scenario 8, did Biotide follow all the steps of the risk assessment methodology regarding the identification of assets?

Options:

A.

No, Biotide should identify only critical assets and electronic health records is not a critical asset

B.

No, after identifying critical assets, Biotide should define the asset owners

C.

Yes, the identification of assets involves only the identification of critical information assets and their security requirements

Question 17

What should an organization do after it has established the risk communication plan?

Options:

A.

Change the communication approach and tools

B.

Update the information security policy

C.

Establish internal and external communication

Question 18

Does information security reduce the impact of risks?

Options:

A.

Yes, information security reduces risks and their impact by protecting the organization against threats and vulnerabilities

B.

No, information security does not have an impact on risks as information security and risk management are separate processes

C.

Yes, information security reduces the impact of risks by eliminating the likelihood of exploitation of vulnerabilities by threats

Page: 4 / 4
Free Access PECB ISO-IEC-27005-Risk-Manager New Release, ISO-IEC-27005-Risk-Manager Questions Bank, PECB ISO-IEC-27005-Risk-Manager Based on Real Exam Environment,
Exam Name: PECB Certified ISO/IEC 27005 Risk Manager
Last Update: Nov 24, 2024
Questions: 60
ISO-IEC-27005-Risk-Manager pdf

ISO-IEC-27005-Risk-Manager PDF

$25.5  $84.99
ISO-IEC-27005-Risk-Manager Engine

ISO-IEC-27005-Risk-Manager Testing Engine

$28.5  $94.99
ISO-IEC-27005-Risk-Manager PDF + Engine

ISO-IEC-27005-Risk-Manager PDF + Testing Engine

$40.5  $134.99