Which of the following will BEST ensure that information security risk factors are mitigated when developing in-house applications?

A. Include information security control specifications in business cases.
B. Identify key risk indicators (KRIs) as process output.
C. Identify information security controls in the requirements analysis.
D. Design key performance indicators (KPIs) for security in system specifications.

Which of the following is MOST effective against external threats to an organization’s confidential information?

A. Single sign-on
B. Strong authentication
C. Data integrity checking
D. Intrusion detection system

The head of a business operations department asks to review the entire IT risk register. Which of the following would be the risk manager’s BEST approach to this request before sharing the register?

A. Determine the purpose of the request.
B. Require a nondisclosure agreement.
C. Sanitize portions of the register.
D. Escalate to senior management.

When developing a new risk register, a risk practitioner should focus on which of the following risk management activities?

A. Risk response planning
B. Risk identification
C. Risk monitoring and control
D. Risk management strategy planning

Which of the following is the MOST useful indicator to measure the efficiency of an identity and access management process?

A. Average time to provision user accounts
B. Password reset volume per month
C. Number of tickers for provisioning new accounts
D. Average account lockout time

Which of the following is the GREATEST benefit of analyzing logs collected from different systems?

A. Developing threats are detected earlier.
B. Forensic investigations are facilitated.
C. Security violations can be identified.
D. A record of incidents is maintained.

Which of the following changes would be reflected in an organization’s risk profile after the failure of a critical patch implementation?

A. Inherent risk is increased.
B. Risk tolerance is decreased.
C. Risk appetite is decreased.
D. Residual risk is increased.

Which of the following approaches will BEST help to ensure the effectiveness of risk awareness training?

A. Reviewing content with senior management
B. Using reputable third-party training programs
C. Piloting courses with focus groups
D. Creating modules for targeted audiences

Which of the following is the MOST important consideration when multiple risk practitioners capture risk scenarios in a single risk register?

A. Using a consistent method for risk assessment
B. Developing risk escalation and reporting procedures
C. Maintaining up-to-date risk treatment plans
D. Aligning risk ownership and control ownership

In an organization dependent on data analytics to drive decision-making, which of the following would BEST help to minimize the risk associated with inaccurate data?

A. Evaluating each of the data sources for vulnerabilities
B. Establishing an intellectual property agreement
C. Benchmarking to industry best practice
D. Periodically reviewing big data strategies