CHAPTER 1

1. 1. When it comes to planning for how you will deal with cybersecurity risks, what are the first steps your organization should take? (Select One)
   1. a. Form a working group across the organization’s various departments (business, technical, legal, sales) to develop a plan. [Answer: Wrong. Although very important to how your organization manages risks, forming a working group of colleagues across your organization should occur later in the planning process after some key building blocks, such as building asset inventories, are completed.]
   2. b. Make a list of the vulnerabilities we know we have and start building our plan to address those vulnerabilities. [Answer: Wrong. Identifying your vulnerabilities is a crucial first step to conducting a risk assessment, but that comes later in the risk planning process.]
   3. c. Conduct an inventory of all our hardware and software assets. [Answer: Correct! As the saying goes, you can’t protect what you don’t know you have. The essential step in developing risk planning and management is to conduct an inventory of all IT- and IP-connected equipment and software.]
2. 2. Which of the following devices should you include in your asset inventory? (Select all that apply.)
   1. a. Desktops, laptops, and servers. [Answer: Correct. Virtually all desktops, laptops, and servers have IP addresses and therefore are open to attack.]
   2. b. Mobile devices owned by the organization. [Answer: Correct. Virtually all modern mobile phones ...