six. True or False – COBIT P09 Risk Management regulates objectives give attention to assessment and management from it risk. several.
Why is it essential to address each identified threat or vulnerability from a C-I-A perspective? almost 8. When assessing the risk influence a danger or weakness has on your “information” possessions, why must you align this kind of assessment along with your Data Classification Standard? How can a Data Category Standard help you assess the risk impact on your “information” resources? 9. When ever assessing the danger impact a threat or vulnerability has on your “application” and “infrastructure”, why must you align this assessment with both a hardware and application software weeknesses assessment and remediation plan? 10.
Once assessing the chance impact a threat or perhaps vulnerability is wearing your “people”, we are interested in users and employees in the User Site as well as the THAT security experts who must implement the risk mitigation measures identified. How may you communicate to your end-user community that a reliability threat or perhaps vulnerability continues to be identified to get a production system or app? How can you prioritize risk remediation tasks?
11. What is the objective of using the COBIT risk management construction and strategy? Assess the probability and effects of risks, using qualitative and quantitative methods. doze. What is the between effectiveness versus effectiveness when assessing risk and risk management? Performance is following a instruction of a specific job while efficiency is doing the instruction in lesser some cost.
I have heard it said Effectiveness is performing what’s correct and effectiveness is doing points rightly carried out. 13. Which will three from the seven emphasis areas associated with IT risk management are major focus areas of risk assessment and risk management and immediately relate to details system security? 14. What makes it important to evaluate risk effects from several different viewpoints as part of the COBIT P09 Construction?
It assigns responsibility. 15. What is the organization who have defined the COBIT P09 Risk Management Construction Definition? Info Systems Examine and Control Association (ISACA).