3. Because vulnerabilities are actually: a. The risk factor over which the organization has b. Impossible to assess by an outside consultant c. The risk factor that is most expensive to correct d. The only risk factor that can be influenced

a. The risk factor over which the organization has b. Impossible to assess by an outside consultant c. The risk factor that is most expensive to correct d. The only risk factor that can be influenced●

4. According to “Primer on Security Risk Management,” the primary categories of threats are (circle all correct answers): a. Criminal b. Intentional c. Inadvertent d. Terrorist e. Natural

a. Criminal b. Intentional● c. Inadvertent● d. Terrorist e. Natural ●

5. In a scatter chart used for risk analysis, which quadrant represents a “high-likelihood high-consequence” risk? a. Quadrant 1 b. Quadrant 2 c. Quadrant 3 d. Quadrant 4

a. Quadrant 1● b. Quadrant 2 c. Quadrant 3 d. Quadrant 4

6. In order to effectively mitigate risks, a security professional should: a. Using proven security measures only b. Assess all possible threats c. Apply a protection strategy d. Ensure that management is aware of existing vulnerabilities

a. Limit their strategy to using proven security measures only b. Assess all possible threats to the organization● c. Apply a protection strategy that employs a suite of solutions d. Ensure that management is aware of existing vulnerabilities

7. Buying insurance is one example of: a. Risk spreading b. Risk transfer c. Risk avoidance d. Risk reduction

a. Risk spreading b. Risk transfer● c. Risk avoidance d. Risk reduction

8. Which one of the following is not one of the underlying concepts on which a risk mitigation strategy should be based? a. The five avenues to address risk b. The “four D’s” c. Layered security d. Quantitative analysis

a. The five avenues to address risk b. The “four D’s” c. Layered security d. Quantitative analysis●

Help

Options

Question

1. The terms “”threat” and “risk” can be used interchangeably; for example, a “threat assessment” is the same as a “risk assessment.”
a. True
b. False

click to flip

focusNode

Didn't know it?
click below

Knew it?
click below

Don't know

Question

2. The concept of “risk management” originated within the security profession.
a. True
b. False

Remaining cards (9)

Know

retry

shuffle

restart

0:00

Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.

Normal Size Small Size show me how

CPO Study Guide

Chapter 27

Question	Answer
1. The terms “”threat” and “risk” can be used interchangeably; for example, a “threat assessment” is the same as a “risk assessment.” a. True b. False	a. True● b. False
2. The concept of “risk management” originated within the security profession. a. True b. False	a. True b. False●
3. Because vulnerabilities are actually: a. The risk factor over which the organization has b. Impossible to assess by an outside consultant c. The risk factor that is most expensive to correct d. The only risk factor that can be influenced	a. The risk factor over which the organization has b. Impossible to assess by an outside consultant c. The risk factor that is most expensive to correct d. The only risk factor that can be influenced●
4. According to “Primer on Security Risk Management,” the primary categories of threats are (circle all correct answers): a. Criminal b. Intentional c. Inadvertent d. Terrorist e. Natural	a. Criminal b. Intentional● c. Inadvertent● d. Terrorist e. Natural ●
5. In a scatter chart used for risk analysis, which quadrant represents a “high-likelihood high-consequence” risk? a. Quadrant 1 b. Quadrant 2 c. Quadrant 3 d. Quadrant 4	a. Quadrant 1● b. Quadrant 2 c. Quadrant 3 d. Quadrant 4
6. In order to effectively mitigate risks, a security professional should: a. Using proven security measures only b. Assess all possible threats c. Apply a protection strategy d. Ensure that management is aware of existing vulnerabilities	a. Limit their strategy to using proven security measures only b. Assess all possible threats to the organization● c. Apply a protection strategy that employs a suite of solutions d. Ensure that management is aware of existing vulnerabilities
7. Buying insurance is one example of: a. Risk spreading b. Risk transfer c. Risk avoidance d. Risk reduction	a. Risk spreading b. Risk transfer● c. Risk avoidance d. Risk reduction
8. Which one of the following is not one of the underlying concepts on which a risk mitigation strategy should be based? a. The five avenues to address risk b. The “four D’s” c. Layered security d. Quantitative analysis	a. The five avenues to address risk b. The “four D’s” c. Layered security d. Quantitative analysis●
9. Risk management is a critical process that touches every aspect of organizational asset protection-and the activities of the professional protection officer. a. True b. False	a. True● b. False
10. Service providers should not base their core business model on risk management principles. a. True b. False	a. True b. False●

Created by: dagger9701

"Know" box contains:
Time elapsed:
Retries: