Exam (elaborations)
CRISC Review: Questions With Complete Solutions
- Course
- Institution
CRISC Review: Questions With Complete Solutions
[Show more]
Content preview
CRISC Review: Questions With Complete SolutionsGovernance answers what four Questions Right Ans - 1. Are we doing the
right thing?
2. Are we doing them the right way?
3. Are we going them well?
4. Are we getting the benefits?
Establish and Maintain a common risk view is for what and why? Right Ans
- This is done for the Enterprise to determine the controls needed to mitigate
risk and integrate in the the business process.
This sets the tone of the business regarding how to determine and accepted
level of tolerance. This is the life cycle for regular reporting and review
process and oversees the operations of risk management
Why should you integrate risk management into the Enterprise? Right Ans
- This enforces holistic ERM (Enterprise Risk Management) approach. This
includes: all departments, functions, systems and GEO locations.
This is the authority that is required for all business processes that undergo
analysis or when a change is made whether internal or external.
Why do you make risk aware business decisions? Right Ans - To ensure the
full function of governance and range of opportunities with the consequences
for each decision that will impact the enterprise or the environment.
What are the Risk Management controls to be implemented and operating
correctly? Right Ans - For oversight and due diligence. For mitigating risk
and ensuring the protection of the organization with the implemented and
monitoring controls that are effective.
What is the process of he Risk Management Life Cycle? Right Ans - IT Risk
Identification
IT Risk Assessment
Risk Response & Mitigation
Risk & Control Monitoring & Report
,Risk & Business Continuity Right Ans - If the BCP (Business Continuity
Plan) is inadequate or inaccurate, the organization/enterprise may not meet
their goals for recovery after an incident. This is where the IT Risk
Management connections with Business Continuity. IT Risk Management and
the Business ensure that all functions are organized and are meeting the firms
missions and goals to reduces risk to an acceptable level and mitigate any
failures that occur in timely fashion.
Risk & Audit Right Ans - Risk associates with Audit to ensure that the
effectiveness of the Control Framework. This helps with Legislation,
Government oversight and Media scrutiny. All IS (information systems)
auditors are required to be: objective, skilled, and independent. They should
be able to assess, identify, document and provide recommendations for risks,
vulnerabilities and addressed issues.
Risk & Information Security Right Ans - This drives the selection of
controls and justifies the initial and continued operations. Every control
should be traceable back to specific risk that the control is designed to
mitigate. Types of risk: Control, Project & Change
Control Risk Right Ans - The risk that a material error exists that would not
be prevented or detected on a timely basis by the system of internal control.
Project Risk Right Ans - A structured set of activities concerned with
delivering a defined capability (that is necessary, but not sufficient, to achieve
a required business outcome) to the enterprise, based on agreed-on schedule
and budget.
Change Risk Right Ans - Risk that is not static, changes in the technology,
regulations, business processes, functionality, architecture, users and other
variables that affect the business and technical environments of the
organization may affect the levels of risk associated with system operations.
What are the SIX NIST Risk Management Framework Steps? Right Ans - 1.
Categorize Information Systems
2. Select Security Controls
3. Implement Security Controls
4. Assess Security Controls
5. Authorize Information Systems
, 6. Monitor Security Control
1.1 Which of the following business requirements BEST relates to the need for
resilient business and information system processes?
A. Effectiveness
B. Confidentiality
C. Integrity
D. Availability Right Ans - D. AVAILABILITY relates to information being
available when required by the business process - now and in the future.
Resilience is the ability to provide and maintain an acceptable level of service
during disasters or when casing operational challenges.
1.2 Which of the following Statements BEST describes the value of a risk
register?
A. It captures the Risk inventory.
B. It drives the risk response plan.
C. It is a risk reporting tool.
D. It lists internal and external risk Right Ans - B. Risk registers serve as the
main reference for all risk-related information, supporting risk-related
decisions such as risk response activities and their prioritization.
1.3 Shortly after preforming the annual review and revision of corporate
policies, a risk practitioner becomes aware that a new law may affect security
requirements for the human resources system. The risk practitioner should:
A. analyze in detail how the law may affect the enterprise.
B. ensure that necessary adjustments are implemented during the next review
cycle.
C. initiate the AD-HOC revision f the corporate policy.
D. notify the system custodian to implement changes. Right Ans - A.
Assessing how the law may affect the enterprise is the best course of action.
the analysis must also determine whether existing controls already address
the new requirements.
1.4 An information system that processes weather forecasts for public
consumption is MOST likely to place its highest priority on:
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Studyhall. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $19.99. You're not tied to anything after your purchase.
Can Stuvia be trusted?
4.6 stars on Google & Trustpilot (+1000 reviews)
75057 documents were sold in the last 30 days
Founded in 2010, the go-to place to buy study notes for 14 years now