Module 7: Risk Assessments

Module 7 Assessment

True/False

Indicate whether the statement is true or false.

____ 1. A risk assessment that uses descriptive terminology, such as “high,” “medium,” and “low,” is called a quantitative risk assessment.

 

Multiple Choice

Identify the choice that best completes the statement or answers the question.

 

____ 2. In which phase of the Critical Infrastructure Risk Management Framework is the goal to identify, detect, disrupt, and prepare for hazards and threats; reduce vulnerabilities; and mitigate consequences.

a. Assess and analyze risk c. Implement risk management activities
b. Establish program goals d. Identify assets

 

____ 3. _________________ is a computerized, open-source risk assessment tool that consists of UML-based packages.

a. OCTAVE c. CSET
b. CORAS d. SNORT

 

____ 4. _________________ was developed by Carnegie Mellon as a suite of tools, techniques, and methods for risk-based information security assessment and planning; it utilizes event/fault trees.

a. OCTAVE c. CSET
b. CORAS d. SNORT

 

Completion

Complete the sentence.

5. ___________________________________________________________ refers to the logistics associated with obtaining needed components.

 

Short Answer

6. Discuss the impact that an industry’s regulatory environment might have on risk assessment. Provide an example of a regulation in a sector that would have to be security tested.

 

 

 

 

For the answers to these questions, email your name, the name of your college or other institution, and your position there to info@cyberwatchwest.org. CyberWatch West will email you a copy of the answer key.

License

Icon for the Creative Commons Attribution 4.0 International License

Critical Infrastructure Cybersecurity by Whatcom Community College and CyberWatch West is licensed under a Creative Commons Attribution 4.0 International License, except where otherwise noted.

Share This Book