User Account

All Pages

What is the CBA for the threat and control combination

Assignment Help Risk Management
Reference no: EM132905120

Question 1. Which of the following best describes economy of mechanism?
• Door locks stay open when power is on
• Security should be complex to defend against attack
• Door lock stay closed when power is off
• Security should be simple so that less errors can be made

Question 2. Which of the following best represents defence in depth?
• Setting a mantrap deep enough that both doors can be reached at once
• Using either facial recognition or password
• Using facial recognition and password
• Using the plenum space to hide pinhole cameras

Question 3. Which of the following best represents identification?
• Has rights to perform tasks or access data
• Has responsibility for a component of an information system
• Assuring that each principal is who they claim to be
• Assuring that a neutral third party transaction or event did (or did not) occur

Question 4. Prospect theory finds that most people are ?
• risk seeking
• risk averse
• risk neutral
• psyhologically incapable of rating outcomes

Question 5. It has been found that most people will weight a loss,
• The same as a gain
• One third as much as a gain
• Half as much as a gain
• Twice as much as a gain

Question 6. Give the best match of the following options with their descriptions
• Transfer ( )
• Avoid ( )
• Accept ( )
• Mitigate ( )

Question 7. Which part of the CIA triangle is most affected by a DoS attack?
• I
• None of the other options
• A
• C

Question 8. Which of the following is most correct?
• Over time, attacks have become more sophisticated, but require less intruder knowledge.
• Password guessing requires high intruder knowledge and is a highly sophisticated attack.
• Self-replicating code is a relatively new form of attack
• Over time, attacks require more hacker knowledge as they have become more sophisticated.

Question 9. Find the closest matching description to the attack
• Spam ( )
• URL Spoof ( )
• SQL Injection ( )
• Buffer Overflow ( )

Question 10. Technically, the acronym VPN represents,
• A server for making web traffic anonymous
• A network established by a Telco to cover a city or a wider area
• A website to entice potential hackers
• An encrypted 'tunnel' on a network (typically the Internet)

Question 11. Which of the following devices has the following capabilities
1) can learn MAC addresses on the local network
2) use full duplex
• Router
• Hub
• Switch
• Modem

Question 12. While of the following physical systems have been used to convey IP packets?
• Ethernet
• All the other options are correct
• Coaxial cable
• Homing pigeons

Question 13. Which of the following best describes ARO?
• The monetary loss or impact of each occurrence of a threat
• The frequency with which an event is expected to occur on an annualized basis
• A measure of the magnitude of loss of an asset. It is used in the calculation of single loss expectancy
• The estimate of how much an event is expected to cost per year

Question 14. Which of the following best describes SLE?
• The estimate of how much an event is expected to cost per year
• A measure of the magnitude of loss of an asset. It is used in the calculation of single loss expectancy
• The frequency with which an event is expected to occur on an annualized basis
• The monetary loss or impact of each occurrence of a threat

Question 15. Suppose the loss from a single attack (before or after control) is $10,000. However, after implementing a control, the expected rate of attack changed from two per year to one every 5 years. Suppose the control costs 25,000 (to be depreciated evenly to zero over 5 years). What is the CBA for the threat and control combination?
• $7,000/yr
• $5,000/yr
• $13,000/yr
• $21,000/yr

Question 16. Suppose that a control has zero cost, but it does mitigate some of the risk. Supposed that the cost/benefit analysis is simply calculated as, CBA=ALE(prior)-ALE(post)-ACS where ACS is the annualized cost of the safeguard. The CBA is then ?
• Impossible to tell without further information
• Negative
• Positive
• Zero

Question 17. Which of the following best describes quantitative risk assessment?
• The process of numerically measuring the impact of an event and its ongoing likelihood to determine the impact of an event on a project, program, or business
• The decision-making process of identifying threats and vulnerabilities and their potential impacts
• A measure to detect, prevent, or mitigate the risk associated with a threat
• The process of analysing an environment to identify the threats, vulnerabilities, and mitigating actions to determine the impact of an event on a project, program, or business


Question 18. Which of the following is most correct about NIST and ISO standards?
• NIST is freely available while ISO is not
• ISO standards deal exclusively with security and/or risk analysis
• ISO is a lower level standard than NIST, with deeper levels of technical detail
• NIST standards deal exclusively with security and/or risk analysis

Question 19. Which of the following steps best characterises risk analysis?
• Specify vulnerable assets.
• Calculate relative risk factor for assets.
• Inventory & prioritize assets.
• Identify & prioritize threats

Question 20. In PKI, decommissioning public keys is most often associated with,
• The updating of public keys
• The deletion of a node from communication
• The updating of session keys
• The deletion of a user's rights to use the PKI system

Question 21. Bruce Schneier...........................
• Claims that "obscurity means insecurity."
• Claims that encryption algorithms must be closely guarded.
• Advocates "security by obscurity" in all cases.
• Advocates biometrics rather than encryption.

Question 22. Which of the following is needed as part of the system to avoid man-in-the-middle attacks?
• All the other options are correct
• CA
• PKI
• TTP

Question 23. Which of the following best matches the meaning of steganography?
• The process of cryptanalysis.
• The process of hiding messages in a picture or graphic.
• The entire range of values that can be used to construct a key.
• The amount of work needed to perform cryptanalysis.

Question 24. Which of the following is NOT a typical aspect of the key distribution problem?
• It depends on security through obscurity
• Is more a problem for symmetric key encryption as opposed to asymmetric
• Is a problem of a large number of keys
• It is a problem of distribution of keys out of band

Question 25. Which of the following most applies to a security program policy?
• It sets the strategic direction, scope, and tone for all security efforts within the organization
• It lists rules such as ACL lists
• It contains guidelines to support routine operations, and to instruct employees to use technologies and processes properly
• It details what to do in case of specifc violations of policy

Question 26. A general security policy is also known as
• Information security policy
• IT security policy
• SPP
• All the other options

Question 27. Which of the following is most likely to contain specific statements of instructions?
• Policies
• Procedures
• Processes
• Standards

Question 28. Which of the following is the best predefine indicator of an incident?
• Violation of policy
• Unknown programs or processes
• Presence of unfamiliar files
• Activities at unexpected times

Question 29. Which is most accurate?
• contingency planning documentation must contain all the technical details of an incident
• the involvement of law enforcement improves the organisation's control over events
• crisis management requires the skills of a computer forensics expert
• the organization decides which incidents are to be classified as disasters

Question 30. Which of the following is true of the IR/DR documentation
• All the other options are correct
• It should be clearly marked on the spine
• It should contain full details of the incident/disaster
• The drafting should be driven by technical staff

Question 31. What usually most determines an upgrade from a disaster to BC?
• If the event requires a warm site
• If the event can't be resolved in the primary premises
• If the event can't be resolved in the time frame of the event
• If the event requires a hot site

Question 32. What is needed to make a mantrap usable?
• There must be no entry point through the ceiling
• Only the inner door needs to be locked
• Custodial staff must keep the area tidy
• A person should not be trapped unattended

Question 33. A 'sag' is a,
• momentary drop in power voltage levels
• prolonged interruption in power
• momentary interruption in power
• prolonged drop in power voltage levels

Question 34. A soda acid system works by depriving a fire of which element of the fire triangle?
• Oxygen
• Heat
• Water
• Fuel

Question 35. A powered door lock is fail safe if,
• It is open when the power comes on
• It is closed when the power fails
• It is open when the power fails
• It is closed when the power comes on

Question 36. The headquarters of Van Diesel Shipping & Co. are situatied near a seizmic fault, and it is estimated that a damaging earthquake could occur about once every 30 years. It is value, and their entire estimated that the company could only recover 30% of their assets are estimated at $8,000,000. Vincent van Diesel is considering an earthquake insurance policy costing $5,000/year. With an insurance payout the firm would recover 80% of their business in the event of an earthquake. (Note carefully that percentages are what they could recover). The use of insurance has no effect on the likelihood of a fire.
What is the CBA for this risk/control pair?

by steps

Question 37. With Al software costing $7,000, Erkle Fnerkle from Fnerkle & Sons estimates that phishing ttacks would occur at the rate of 4/yr, with the damage from an average attack costing $230. Without the control, the average cost of single attack is estimated at $450 and the ARO is 50 times/yr. (The software is to be depreciated linearly over 5 years.) Find the CBA for this risk/control pair

by steps

Question 38. Fnerkle & Sons has a serious data loss vulnerability. Without any security investment, the annual loss from the vulnerability is $11,300/yr. User training seems to be the best control for the vulnerability. The control has two parts:
• a $29,000/year cost for the training fee and lost employee time.
• a one-off cost of developing the training material of $14000 (to be depreciated linearly over 5 years).
The annual loss of the vulnerabilty with the security expenditure included is $4800/yr. What is the CBA for this risk/control pair?

by steps

Question 39. A firm's CEO, Erkle Fnerkle, has discussed an insurance offer against fire valued at $56,000/yr. Erkle estimates that he could lose about 83% of his assets in the event of a fire. His assets are valued at $10,000,000.
If he pays the insurance, there will only be a loss of around 5%. Note that insurance payments do not affect the rate of fires. However, Erkle has no good data on the likelihood of such an event.
What annual rate of occurrence would result in a break-even scenario? (Zero CBA) Give your answer in terms of the number of years between fires for a breakeven point. In other words, how many years between attacks for a break-even proposition? WARNING, DO NOT give the answer in attacks per year, but as the average number of years between attacks.

by steps

Question 40. Erkle anticipates that there is a 15% chance that Van Damm stock could treble in value over a year, otherwise it will halve in value. If the trader decides to place $1800 on the stock, what is its expected value in a year?

by steps

Question 41. Encrypt the following string KEYLOGGER with the key FILE using the polyalphabetic method shown in class (use the Caesar cipher table).

Question 42. Explain the key differences between ALE, Gordon Loeb, Risk Matrix and Blueprint approaches to information security.

Question 43. Briefly explain the major threats and controls of the "human firewall" (the "people" layer in the sphere of security)

Reference no: EM132905120

Questions Cloud

Discuss the screening age recommendations : Select a disease for example colon cancer and discuss the screening age recommendations and the screening tools recommended for early prevention?
Stakeholder engagement in policy making : Importance of stakeholder engagement in policy making. what measures would you take to engage stakeholders in that project?
What happens to patient care : What happens to patient care? How is this related to possible ethic and legal issues? Discuss how nurses can manage or reduce role stress and role strain.
Do think nurses were complicit from the beginning : Do you think these nurses were complicit from the beginning, or did they slowly become involved over time until it became easier to cross the line?
What is the CBA for the threat and control combination : What is the CBA for the threat and control combination - Which of the following best describes quantitative risk assessment
Basic model for information security : The CIA triad is widely referenced in today's information security environments as a basic model for information security.
How much of the drug should the patient receive : How much of the drug should the patient receive? How often should the drug be administered? When should the drug not be prescribed?
How issues may affect aspects of the strategic plan : Prepare a strategic plan to address issues pertaining to network growth, nurse staffing, resource management, and patient satisfaction.
Criminal or civil cases : Research at least two criminal or civil cases in which recovered files played a significant role in how the case was resolved.

Reviews

len2905120

6/2/2021 10:01:06 PM

Hi, I just only want answers to questions. Please, assign this task to a good expert in risk management.

Write a Review

Risk Management Questions & Answers

  How would your projected financial performance change

How would your projected financial performance change if sales fall 20% short of or are 20% higher than your base assumption?

  Describe and explain how you will measure this indicator

For each indicator, include the following information: Indicator - Describe the indicator. Rationale - Explain why this indicator is suitable for the high-risk area you have chosen. Measurement - Describe and explain how you will measure this indi..

  The firm at fixed price for stated period of time

obligation to sell securities directly to the firm at a fixed price for a stated period of time.

  1 why is it important to consider cannibalization in

1 why is it important to consider cannibalization in situations where a company is considering adding substitute

  Question on pitching machine

Refer to the information in Pitching Machine to answer this question. The initial speed of the second ball is?

  Determine the political and capital risks

Determine the political, economic, social, and capital risks associated with doing business in China. What are the most important factors to consider? Why?

  Discuss the risks the company faces

Using the annual report from the company Amazon Inc., discuss the risks the company faces and the actions they take to mitigate those risks.

  Discuss about the specific risk management issue

An introduction that provides discussion about the specific risk management issue and the specific type of health care facility or organization that you will target in this organizational risk management plan.

  Repulsive force between two electrons

At what distance would the repulsive force between two electrons have a magnitude of one Newton.

  Compute the anticipated return for stock

Using the formula for the security market line, if the risk-free rate (RF) is 8%, the market rate of return (KM) is 11%, compute anticipated return for stock i

  What is the value of the companys inventory at year end

What is the value of the company's inventory at year end? What was the amount of cost of goods sold for the year? What income statement format does the company use? Explain.

  Stakeholder roles of social media-patients

What are the Five major stakeholder roles of social media-patients, physicians (and other outpatient care), hospitals, payers

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd