Page 836 - StudyBook.pdf
P. 836

820    Appendix • Self Test Appendix

                  A. Internet policy, Data Security policy, Personnel Safety policy, Software policy.
                  B. Data Security policy, Internet policy, Software policy, Personnel Safety policy.
                  C. Software policy, Personnel Safety policy, Internet policy, Data Security policy.
                  D. Data Security policy, Internet policy, Personnel Safety policy, Software policy.
              Answer D. Data Security policy, Internet policy, Personnel Safety policy, Software policy.The
                 importance of assets is weighted on a scale of one to ten, with data having the highest weight,
                 followed by Internet connectivity, personnel, and software. By creating policies with the most
                 important first, you will be able to address issues relating to assets with the most importance
                 before those of lesser value.
              Answers A, B and C are incorrect, because they do not address issues dealing with assets in the
                 order of those with the highest weight first.

             12. You are researching the ARO, and need to find specific data that can be used for risk assess-
                 ment.Which of the following will you use to find information?
                  A. Insurance companies
                  B. Stockbrokers
                  C. Manuals included with software and equipment
                  D. None of the above.There is no way to accurately predict the ARO.
              Correct Answer & Explanation: may occur, you can refer to a variety of sources, including
                 insurance companies. Insurance companies commonly keep statistics on how often a particular
                 threat that they insure occurs per year.

              Answer B is incorrect, because stockbrokers wouldn’t carry accurate statistics dealing with the
                 risks that threaten various assets in a company.Answer C is incorrect, because information on
                 how often equipment and software is at risk from certain threats is not included in manuals that
                 come with these assets.Answer D is incorrect, because information can be found through a
                 wide variety of sources, including crime statistics, insurance companies, and other sources.

             13. You are compiling estimates on how much money the company could lose if a risk actually
                 occurred one time in the future.Which of the following would these amounts represent?
                  A. ARO
                  B. SLE
                  C. ALE
                  D. Asset Identification
              Answer B.The SLE is the dollar value relating to the loss of equipment, software, or other
                 assets.This is the total loss of risk that will be incurred by the company should a risk actually
                 occur in the future.
              Answer A is incorrect, because the ARO is the likelihood of a risk occurring within a year.
                 Answer C is incorrect, because the ALE is the expected loss that will be incurred by a company
                 each year from a risk, and is calculated from the SLE and the ARO.Answer D is incorrect,
                 because asset identification is used to identify the assets within a company, which could be at
                 risk from various threats.



          www.syngress.com
   831   832   833   834   835   836   837   838   839   840   841