CRISC IT Risk Identification 2

Question 1

What role does a risk owner play in the IT risk identification process?

Accepted Answer

Accountable for managing a specific risk and ensuring appropriate responses are taken

Answer

A risk owner is accountable for monitoring and managing a specific risk, including ensuring that responses are implemented and effective.

Question 2

Which of the following is an example of an internal threat source?

Accepted Answer

A disgruntled employee with access to sensitive systems

Answer

Internal threat sources originate from within the organization, such as employees, contractors, or insiders with system access.

Question 3

What is the difference between a vulnerability and a threat in IT risk identification?

Accepted Answer

A vulnerability is a weakness that can be exploited; a threat is a potential event that could exploit it

Answer

A vulnerability is a weakness in a system or process, while a threat is an event or actor that could exploit that weakness to cause harm.

Question 4

Which CRISC concept refers to the combination of likelihood and impact of a risk?

Accepted Answer

Risk level

Answer

Risk level is the overall measure of a risk derived from its likelihood of occurrence multiplied by its potential impact on the organization.

Question 5

What is the purpose of a threat landscape analysis in CRISC risk identification?

Accepted Answer

To understand current and emerging threats relevant to the organization's industry and environment

Answer

Threat landscape analysis surveys the external and internal environment to identify the types of threats most likely to affect the organization.

CRISC - Certified in Risk and Information Systems Control Practice Test