PDH Engineer     PE PDH
PDH Online

Risk Management Guide for Information Technology System


Quiz Questions

1.Risk management encompasses three processes: risk assessment, risk mitigation, and evaluation and assessment.
True
False
2.

Risk management is the process that allows IT managers to balance the operational and economic costs of protective measures and achieve gains in mission capability by protecting the IT systems and data that support their organization’s missions.

True
False
3.The IT system’s system development life cycle (SDLC) has five phases: initiation, development or acquisition, implementation, operation or maintenance, and disposal.
True
False
4. ______________________ describes the characteristics of each SDLC phase and indicates how risk management can be performed in support of each phase.
Table 2-1
Table 2-2
5.The ______________________ is responsible for the agency’s IT planning, budgeting, and performance including its information security components. Decisions made in these areas should be based on an effective risk management program.
System and Information Owners
Chief Information Officer (CIO)
6.

IT security practitioners (e.g., network, system, application, and database administrators; computer specialists; security analysts; security consultants) are responsible for proper implementation of security requirements in their IT systems.

True
False
7. Risk Assessment Methodology Flowchart is illustrated in _______________________.
Figure 2-1
Figure 3-1
8.Cryptographic keys must be securely managed when cryptographic functions are implemented in various other controls. Cryptographic key management includes key generation, distribution, storage, and maintenance.
True
False
9.

________________________ the second process of risk management involves prioritizing, evaluating, and implementing the appropriate risk-reducing controls recommended from the risk assessment process.

Risk assessment
Risk mitigation
10.A flaw or weakness in system security procedures, design, implementation, or internal controls that could be exercised (accidentally triggered or intentionally exploited) and result in a security breach or a violation of the system’s security policy is called ____________________________.
Vulnerability
Threat