CSEC 102- Information Assurance and Security
Rochester Institute of Technology -RIT
Dubai Campus
FALL 2020
Week 4: Discussion Questions (NOT GRADED)
Multiple-Choice Questions
1. Which formula is
typically used to describe the components of information security
risks?
A. Risk = Likelihood X Vulnerability
B. Risk = Threat X Vulnerability
C. Risk = Threat X Likelihood
D. Risk = Vulnerability X Cost
Answer: B Reference: Defining Risk Management
Explanation: The risk equation is Risk = Threat X Vulnerability. A threat is
the frequency
of any event. In most cases, the events in the threat equation are negative or adverse
events. Vulnerability is the likelihood that a specific threat will successfully be carried
out. Multiplying the probability of a threat and the likelihood of a vulnerability yields the
risk of that particular event
2. Earl is preparing a risk register for his organization's risk management program.
Which data element is
LEAST likely to be included in a risk register?
A. Description of the risk
B. Expected impact
C. Risk survey results
D. Mitigation steps
Answer: C Reference: Defining Risk Management
Explanation: The risk register can contain many different types of information but
should contain at a minimum: a description of the risk, the expected impact if the
associated event occurs, the probability of the event occurring, steps to mitigate the
Which item in a Bring Your Own Device BYOD policy helps resolve intellectual property issues that may arise as the result of business use of persona?
Which item in a Bring Your Own Device (BYOD) policy helps resolve intellectual property issues that may arise as the result of business use of personal devices? Authorization controls include biometric devices.
What compliance regulation applies specifically to the educational records maintained by schools about students Group of answer choices?
The Family Educational Rights and Privacy Act (FERPA) (20 U.S.C. § 1232g; 34 CFR Part 99) is a Federal law that protects the privacy of student education records. The law applies to all schools that receive funds under an applicable program of the U.S. Department of Education.
Which audit data collection method helps ensure that the information gathering process covers all relevant areas?
Which audit data collection method helps ensure that the information-gathering process covers all relevant areas? SOC 2 reports are created for internal and other authorized stakeholders and are commonly implemented for service providers, hosted data centers, and managed cloud computing providers.
Which one of the following measures the average amount of time that it takes to repair a system application or component?
MTTR (mean time to repair) is the average time it takes to repair a system (usually technical or mechanical).