Course Hero Logo

C weighted loss assessment wla is not a method for

Course Hero uses AI to attempt to automatically extract content from documents to surface to you and others so you can study better, e.g., in search results, to enrich docs, and more. This preview shows page 163 - 165 out of 526 pages.

C.Weighted Loss Assessment (WLA) is not a method for Systems’ Risk Ranking.D.Annualized Loss Expectancy (ALE) is the method for Systems’Risk Ranking where probability of adverse disruptions ismultiplied with monetary impact of disruptions to determinemaximum reasonable cost of prevention.196. Which of the following is the BIGGEST concern for an IS auditor whileevaluating the Business Continuity Plan?A.The plan contains conflicting responsibilitiesB.The plan is not testedC.The plan is not read by the team membersD.The plan is not updated for last six monthsA.A plan containing conflicting responsibility is a concern but not as bigas the one which is not tested.B.BCP, even though thoughtfully designed and developed,provides no guarantee for its successful execution unless it istested with the appropriate method. Hence, non-tested BCP isthe BIGGEST concern for the IS auditor.C.If plan is not read by the team members, it is not a biggest concern forthe IS Auditor.D.Requirements for updation of a plan depend on the System andtechnology changes. It might be possible that it is reviewed for updationonce in a year or two. Hence, this is not a biggest concern for the auditor.197. When an enterprise has an insurance coverage as a part of itsDisaster Recovery Plan, which risk treatment approach is followed?A.Risk avoidanceB.Risk mitigationC.Risk transferD.Risk acceptanceA.Risk avoidance seeks to avoid compromising events entirely. Insurancecoverage is not following the risk avoidance approach of risk treatment.163
DISA AT Mock Test PapersB.Risk mitigation is defined as taking steps to reduce adverse effects ofpossible threats. Insurance coverage is not following the riskmitigation approach of risk treatment.C.Risk transfer is a risk management and control strategy that involves thecontractual shifting of a pure risk from one party to another. Insurancepolicy is one such example where by paying premium the risk of loss dueto disaster is transferred from policy holder to the insurer.D.Accepting risk occurs when the cost of managing a certain type of risk isaccepted, because the risk involved is not adequate enough to warrantthe added cost it will take to avoid that risk. Insurance coverage is notfollowing the risk acceptance approach of risk treatment.198. Which of the following Business Continuity Planning test is a cost-effective way of simulating a system crash locally without causingmuch harm to the actual facilities?A.Preparedness testB.Paper testC.Desk based evaluationD.Pre-testA.Preparedness test is a localized version of full operational testwherein actual resources are applied in the simulation of systemcrash and thereby giving a cost-effective way to gradually obtainevidence about the working of plan.

Upload your study docs or become a

Course Hero member to access this document

Upload your study docs or become a

Course Hero member to access this document

End of preview. Want to read all 526 pages?

Upload your study docs or become a

Course Hero member to access this document

Term
Spring
Professor
Ramesh
Tags

Newly uploaded documents

Show More

Newly uploaded documents

Show More

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture