Module 4: Risk Management
Assessment
True/False
Indicate whether the statement is true or false.
____ 1. NIST developed the Cybersecurity Framework as a mandatory set of standards to manage risks to critical infrastructure.
____ 2. Risk tolerance is the acceptable level of risk a company is willing to take.
Multiple Choice
Identify the choice that best completes the statement or answers the question.
____ 3. Which of the following is not considered a basic security service?
- a. Confidentiality
- b. Authentication
- c. Integrity
- d. Network Security
____ 4. All of the following are standards defined in the NERC CIP standards, except:
- a. Personnel and Training
- b. Sabotage Reporting
- c. Authentication and Access Controls
- d. Recovery Plans for Critical Cyber Assets
____ 5. Continuous Monitoring activities occur under which Framework Core activity?
- a. Identify
- b. Detect
- c. Respond
- d. Protect
____ 6. An impact analysis is a part of which step in the risk management process?
- a. Risk control
- b. Risk assessment
- c. Risk identification
- d. Risk mitigation
____ 7. Which risk handling method reduces the likelihood of the risk occurring to as much as zero?
- a. Mitigation
- b. Avoidance
- c. Transference
- d. Acceptance
Multiple Response
Identify one or more choices that best complete the statement or answer the question.
____ 8. Which of the following are a part of the Framework Processes (Select all that apply)?
- a. Framework Profile
- b. Framework Drivers
- c. Framework Implementation Tiers
- d. Framework Core Functions
Completion
Complete each statement.
9. The Framework ________________ provides background on how an organization views cybersecurity risk and the processes that are in place to manage that risk.
10. ____________________ is defined as the process of identifying vulnerabilities and taking carefully reasoned steps to ensure the confidentiality, integrity, and availability of the information system.