CRISC EXAM PACKAGE DEAL WITH COMPLETE SOLUTIONS.

_________ enables attackers to inject client-side script into web pages viewed by other users - Cross-site scripting (XSS) 3 Steps of Top Down Risk Mgmt. Approach - 1. Risk oversight begins w/ Board 2. Corp. Mgmt. is responsible for operating risk program in line w/ strategy. Set by Board and sub...

A new system introduced into the environment - Triggers an ad hoc risk assessment to be performed before the annual occurrence: Align security strategies among the functional areas of an enterprise and external entities - The primary reason for developing an enterprise security architecture: An ...

Access Control - A security measure that defines who can access a computer, device, or network, when they can access it, and what actions they can take while accessing it. AUP (Acceptable Use Policy) - A Set of rules and guidelines that are set up to regulate Internet use and to protect the user....

Business Impact Analysis - -primary used to: evaluate the impact of disruption on an enterprise's ability to operate over time Business Impact Analysis - analyzes the risk, incidents, and related interdependencies to determine the impact on enterprise goals -measures the total impact of tangibl...

Capability maturity model - shows the maturation of the risk management process year over year levels 0 - 5 CmM level 0 incomplete - process is not implemented or fails to achieve its process purpose. there is little or no evidence of any systematic achievement of the process purpose cmm level 1...

Failure to determine exactly what standards or needs a system must meet in terms of functionality, performance, and security is a vulnerability of which of the following phases of the systems development life cycle? - Requirements For a negative event or action to materialize and cause risk to an...

A BIA is primarily used to: A. estimate the resources required to resume and return to normal operations after a disruption B. evaluate the impact of a disruption to an enterprise's ability to operate over time C. calculate the likelihood and impact of known threats on specific functions D. eva...

4 main objectives of Risk Governance - 1. Establish and maintain a common risk view 2. Integrate Risk Management into the enterprise 3. Make risk-aware business decisions 4. Ensure that risk management controls are implemented and operating correctly A lack of adequate controls represents: A. ...

A business case developed to support risk mitigation efforts for a complex application development project should be retained until: A. the project is approved. B. user acceptance of the application. C. the application is deployed. D. the application's end of life - Answer-D A business impac...