CRISC EXAM WITH GUARANTEED ACCURATE ANSWERS |VERIFIED
5 views 0 purchase
Course
CRISC
Institution
CRISC
What is the difference between a standard and a policy? - ACCURATE ANSWERS Standard = A mandatory action, explicit rules, controls or configuration settings that are designed to support and conform to a policy. A standard should make a policy more meaningful and effective by including accepted spec...
CRISC EXAM
CRISC EXAM WITH GUARANTEED ACCURATE ANSWERS |VERIFIED
What is the difference between a standard and a policy? - ACCURATE
ANSWERS✔✔ Standard = A mandatory action, explicit rules, controls
or configuration settings that are designed to support and conform to a
policy. A standard should make a policy more meaningful and effective
by including accepted specifications for hardware, software or behavior.
Standards should always point to the policy to which they relate.
Policy = IT policies help organizations to properly articulate the
organization's desired behavior, mitigate risk and contribute to achieving
the organization's goals.
What are the 4 risk elements? - ACCURATE ANSWERS✔✔ Threats,
Vulnerabilities, Likelihood, and Impact. Threats exploit vulnerabilities
and the level of risk is based on likelihood and the impact to the system.
,Describe risk appetite vs. risk tollerance - ACCURATE ANSWERS✔✔
Risk appetite is how much risk an organization is willing to endure; Risk
Tolerance is how much variation from that amount is acceptable.
Name the 6 steps of the NIST Risk Management Framework (RMF) -
ACCURATE ANSWERS✔✔ 1. Categorize Information Systems
2. Select Security Controls
3. Implement Security Controls
4. Assess Security Controls
5. Authorize Information Systems
6. Monitor Security Controls
Which framework is developed by ISACA and integrates other
frameworks?
a) (Val) IT
b) IT Assurance Framework (ITAF)
c) COBIT 5
d) Risk IT - ACCURATE ANSWERS✔✔ c. COBIT 5
What are the 3 domains of ISACA's Risk IT Framework? - ACCURATE
ANSWERS✔✔ Risk Governance (RG), Risk Evaluation (RE), Risk
Response (RR)
What are the tenets of risk management? - ACCURATE ANSWERS✔✔
confidentiality, integrity, and availability
, Which legal act requires U.S. Federal Govt agencies to establish an
information security program? - ACCURATE ANSWERS✔✔ Federal
Information Security Management Act (FISMA)
What is the Gramm-Leach-Bliley Act (GLBA) - ACCURATE
ANSWERS✔✔ GLBA requires periodic risk analysis performed on
processes that deal with nonpublic financial information and personal
financial data.
The Risk Governance (RG) domain of the Risk IT framework is
comprised of what 3 processes? - ACCURATE ANSWERS✔✔ RG1:
Establish and maintain a common risk view
RG2: Integrate with ERM
RG3: Make risk-aware business decisions
The Risk Evaluation (RE) domain of the Risk IT framework is
comprised of what 3 processes? - ACCURATE ANSWERS✔✔ RE1:
Collect Data
RE2: Analyze Risk
RE3: Maintain risk profile
The Risk Response (RR) domain of the Risk IT framework is comprised
of what 3 processes? - ACCURATE ANSWERS✔✔ RR1: Articulate
risk
RR2: Manage risk
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller GRADEUNITS. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $15.49. You're not tied to anything after your purchase.