During what activity does an organization identify and prioritize technical, organizational, procedural,
administrative, and physical security weaknesses?
The Backup Recovery Plan is dependent on what effort?
What must be done before returning a compromised laptop to normal operations in the environment?
What database is used to record and manage assets?
A company suffers a data breach and determines that the threat actors stole or compromised 10,000 user
profiles. The company had planned for such a breach and determined the loss would be around $2 million.
Soon after restoration, the company stock suffered a 30% drop and the loss was nearly $20 million. In addition, the company received negative press.
Which area of risk did the business forget to account for?
The project manager of a data center has a budget of $1,500,000 to install critical infrastructure systems. The project will take 24 months to complete.
The project manager is working with the project management team, security experts, and stakeholders to
identify cyber risks. After reviewing the project plan, the CIO wants to know why so many risk identification meetings are requested.
What a valid reason for the repeated risk identification meetings?
You need to review your current security baseline policy for your company and determine which security
controls need to be applied to the baseline and what changes have occurred since the last update.
Which category addresses this need?
Which document provides an implementation plan to recover business functions and processes during and after an event?
What is considered outside the scope of a BIA?