Module 1 Quiz: The Risk Management Process

Who should be responsible for the risk management process in an organization?

Staff members
External IT consultants
External consultants
Management of the organization

Reorganize the steps of the risk management process in the correct order to find out which come first:

1. Deciding how to deal with risks and problems; 2. Identifying and prioritizing primary risks and problems
1. Identifying and prioritizing primary risks and problems; 2. Deciding how to deal with risks and problems

Match the following statements by dragging and dropping them into the correct pairs:

Sort elements

Helps us specify what we want to protect
Is a list of assets
Has to be regularly updated
Include everything we want to protect

Assets enumeration
The output of the assets enumeration
The list of assets
Assets

Which of the following statements describes the threat modeling process?

We take the list of our assets, and explore what “bad” (unwanted event) could happen to each of them, or who can do what to our assets
There can be more than one unwanted event associated with each of our assets
It is important to conduct our threat modeling in a collaborative way
All of the above

Four months ago, your organization was hit by a DDoS attack, temporarily shutting down your website and disrupting communications. As you assess your future cybersecurity risks, how should you rate the probability of facing another DDoS attack?

Low – it already happened once, so it is unlikely to happen again anytime soon
Medium – the attackers might try again, but four months is a long time in cybersecurity
High – if an attack occurred within the past year, the risk remains significantly elevated
It depends entirely on how severe the last attack was

Your organization’s financial director’s email has been hacked! But before panicking, you need to assess the potential impact. How serious could this breach be?

Low – financial emails do not usually contain sensitive information
Medium – it could cause some trouble, but it is unlikely to be a major crisis
High – any email hack is always a serious security threat
We do not know – the impact depends on the organization’s context, operations, and the type of information compromised

How would you define a “risk”?

Please enter your own definition based on the materials provided in this e-course so far:

This response will be awarded full points automatically, but it can be reviewed and adjusted after submission.

How can a risk be dealt with? Match the correct pairs by dragging and dropping them:

Sort elements

Eliminate the risk by completely not doing the activity that might cause the risk
Develop and implement security measures that scale down the impact and likelihood of the risk
Partially or fully share the risk with someone else
Acknowledge the risk and do nothing about it