CIS 502 All Assignments CIS 502 All Assignments | Page 9

•
5 A security manager is performing a quantitative risk assessment on a particular asset.
The security manager wants to estimate the yearly loss based on a particular threat. The correct
way to calculate this is::
•
6
A qualitative risk assessment is used to identify:
•
7
An employee with a previous criminal history was terminated. The former
employee leaked several sensitive documents to the news media. To prevent this, the
organization should have:
• 8 CIA is known as:
• 9 The options for risk treatment are:
•
10 The statement, “Information systems should be configured to require strong
passwords”, is an example of a/an:
•
11 An organization has a strong, management-driven model of security related
activities such as policy, risk management, standards, and processes. This model is better
known as:
•
12 An organization wishes to purchase an application, and is undergoing a formal
procurement process to evaluate and select a product. What documentation should the
organization use to make sure that the application selected has the appropriate security-related
characteristics?