Reference no: EM132307419
1. Which of the following assessments of an enterprise’s operational risk monitoring process will provide the BEST information about its alignment with industry-leading practices?
A capability assessment by an outside firm
A self-assessment of capabilities
An independent benchmark of capabilities
An internal audit review of capabilities
2. A global financial institution has decided not to take any further action on a denial of service (DoS) risk found by the IT risk assessment team. The MOST likely reason for making this decision is that business is unaffected by :
Availability of information
Integrity of information
Storage media of information
Confidentiality of information
3. An enterprise has learned of a security breach at another company that utilizes similar technology. The FIRST thing the enterprise should do is:
Discontinue the use of the vulnerable technology.
Assess the likelihood of incidents from the reported cause.
Remind staff that no similar security breaches have taken place.
Report to senior management that the enterprise is not affected.
4. Which of the following is the BEST way to ensure that an accurate risk register is maintained?
Monitor key risk indicators (KRIs), and record the findings in the risk register.
Publish the risk register in a knowledge management platform with workflow features that periodically contacts and polls risk assessors to ensure accuracy of content.
Distribute the risk register to business process owners for review and updating.
Utilize audit personnel to perform regular audits and to maintain the risk register.
5. Which of the following would BEST assist an operational risk/ control professional in measuring the existing level of development of risk management processes against their desired state?
A capability Maturity Model (CMM)
Risk management audit reports
A balanced scorecard (BSC)
Enterprise security architecture
6. A global bank that is subject to customer privacy regulations by multiple governmental jurisdictions with differing requirements should:
Bring all locations into conformity with the aggregate requirements of all governmental jurisdictions.
Bring all location info conformity with a generally accepted set of industry best practices.
Establish a baseline standard incorporating those requirements that all jurisdictions have in common.
Establish baseline standards for all locations and add supplemental standards as required.