The first step of risk identification is to identify the threats the organization is exposed to with respect to each function within the organization. True False Question 6 Which of the following reprsents a level of low impact on the confidentiality security objective? The unauthorized disclosure of information could be expected to have a limited adverse effect on organizational operations, organizational assets, or individuals. The unauthorized disclosure of information could be expected to have a serious adverse effect on organizational operations, organizational assets, or individuals. The unauthorized disclosure of information could be expected to have a severe or cataxtrophic adverne effect on organizational operations, organizational assets, or individuals. The disruption of access to or use of information or an information system could be expected to have a serious adverse effect on organizational operations, organizational assets, or individuals: e-Discovery requires agencies and organizations to archive and retrieve electronic records for litigation purposes, such as e-mail and instant messages. True False Question 10 2 pts APTs include nation-state organizations, "hacktivist" groups attempting to publicize or further a cause, and organized crime True False Operational risk results from the failure of the development staff to meet its deadines. True False Question 15 2 pts: Cybersecurity is the set of controls and organizational measures, as well as the resources (human, technical, etc.) used to protect the components of the information system and communication networks against all logical attacks, whether carried out through physical or fogicai. security breaches. True False The first step of risk identification is to identify the threats the organization is exposed to with respect to each function within the organization. True False Question 6 Which of the following reprsents a level of low impact on the confidentiality security objective? The unauthorized disclosure of information could be expected to have a limited adverse effect on organizational operations, organizational assets, or individuals. The unauthorized disclosure of information could be expected to have a serious adverse effect on organizational operations, organizational assets, or individuals. The unauthorized disclosure of information could be expected to have a severe or catastrophic adversie effect on organizational operations, organizational assets, or individuals. The disruption of access to or use of information or an information system could be expected to have a serious adverse effect on organizational operations, organizational assets, or individuak. APIs include nation-state organizations, "hacktivist" groups attempting to publicize or furtheracause, and organized crime True False Question 11 2 pts Which of the following is not one of the "Nine Irrefutable Laws of Information Risk." listed by Malcolm Harkins in the book Managing Risk and Information Security? Information wants to be free Users want to dick Code needs to execute A security feature cannot be used for harm Question 12 A business may devote significant resources to implementing security controls that are irrelevant to Environmental Technical Question 14 3 pts A zero-day vulnerability is unknown to, or has remained unaddressed by, those who normally want to remove the vulnerability. True False A level of low impact on the amplification security objective may include a limited adverse effect means that results in minor damage to organizational assets, a minor financial loss, or result in minor harm to individuals. True False Question 8 2 pts The second step in risk identification is to identify the controls already in place to manage the risks found. True False Using firewalls to prevent data theft from applications that areallowed to operate through the frewall Using standard antivirus tools that are effective only againstpreviously identified thrents, to protect azainst zero-day attacks Using controls at the operating-system level to detect Application layer attacks: Requiring authorized company-issued ID badges to enter secured spaces. Question 13 2 pts Capacity management failures include such events as an overioaded network connection that causes inefficiencies that result in process failures. True False Question 14 Operational risk results from the failure of the development staff to meet its deadines