Question 1 : Which of the following statements is true regarding treating risks?
a. Treating risk is identical to identical to identifying and assessing risks.
b. Treating risks means making changes based on a risk assessment and a few difficult decisions.
c. Documenting a change and the reasoning behind it usually results in the mitigation being reversed and the risk being introduced.
d. Documenting the steps you are taking to mitigate a risk is only necessary for the most critical risks.
Question 2 : After you've addressed a risk, it is important to appoint someone to make certain that the risk treatment is being regularly applied so that if a security incident arises, that person can:
a. alert supervisors and any appropriate law-enforcement agencies
b. assume blame and responsibility
c. ensure that any corrective action aligns with the risk mitigation plan.
d. assign fault and liability accurately
Question 3 : The purpose of a risk-mitigation plan is to define and document procedures and processes to establish a __________ for ongoing mitigation of risks in the seven domains of an IT
a. security baseline definiation
b. quantitative risk assessment
c. training and development program
d. liability protection plan