Is it true or false that an enterprise cybersecurity framework can establish how technology supports business objectives’ design flaws?
Is it true or false that risk issues are always identified via assessments?
Is it true or false that standards and regulations measure cybersecurity risk?
Is it true or false that an event that has occurred brings the probability of an event in its risk category to 100%?
Is it true or false that risk managers rely on business managers for information required to evaluate cybersecurity risk?
B Multiple Choice
What is the difference between a risk issue and a risk register?
A risk issue is a preliminary draft of an entry in a risk register.
A risk issue is monitored with metrics, but risks are not.
A risk issue presents evidence that is helpful in evaluating risk, a risk register lists the risks themselves.
There is no difference, they are the same thing.
In what sense do standards and regulations measure cybersecurity risk?
Standards and regulations provide comprehensive yardsticks by which to measure cybersecurity risk.
Standards and regulations present control requirements that reduce risk.
Standards and regulations can be used to identify potential cybersecurity risk issues.
Standards and regulations are of minimal utility in measuring cybersecurity risk.
Why might an enterprise maintain a threat catalog?
Because most standards and regulations ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month, and much more.