|Question 1||1 / 1 point|
Risk is the uncertain outcome of a (an)____________ that has not yet happened.
|d. security control|
|Question 2||1 / 1 point|
Security controls are ____________ measures that an organization takes to control (limit) the impact of a threat.
|a. risk assessment|
|d. system monitoring|
|Question 3||1 / 1 point|
The four elements of an organization-wide risk management process are:
|a. identify, assess, mitigate, control|
|b. impacts, threats, vulnerabilities, controls|
|c. monitor, assess, evaluate, and secure|
|d. frame, assess, respond, monitor|
|Question 4||1 / 1 point|
System authorization is part of the ____________ risk management process.
|b. information systems security|
|c. federal agency|
|Question 5||5 / 5 points|
Explain the relationship between risk management and the integration of confidentiality, integrity, and availability into an information security program. Type your answer in the box below.
All threats and vulnerabilities have the potential to harm/threaten the confidentiality, integrity, and availability of a system. Risk management is implemented in order to protect one or all three of these entities at any given time. Implemented correctly, the risk of any of these entities being compromised is decreased significantly which also decreases loss experienced by the organization.