CIS 502 MENTOR Great Stories/cis502mentor.com CIS 502 MENTOR Great Stories/cis502mentor.com | Page 13

•
9
•
•
The impact of a specific threat is defined as:
10
Annualized loss expectancy is defined as:
11
A security manager is performing a quantitative
risk assessment on a particular asset. The security manager
wants to estimate the yearly loss based on a particular threat.
The correct way to calculate this is::
•
12
An organization wishes to purchase an
application, and is undergoing a formal procurement process to
evaluate and select a product. What documentation should the
organization use to make sure that the application selected has
the appropriate security-related characteristics?
•
13
An organization suffered a virus outbreak when
malware was download by an employee in a spam message.
This outbreak might not have happened had the organization
followed what security principle: