7.5: Assessment
- Page ID
- 4368
True/False
Indicate whether the statement is true or false.
____ 1. A risk assessment that uses descriptive terminology, such as “high,” “medium,” and “low,” is called a quantitative risk assessment.
Multiple Choice
Identify the choice that best completes the statement or answers the question.
____ 2. In which phase of the Critical Infrastructure Risk Management Framework is the goal to identify, detect, disrupt, and prepare for hazards and threats; reduce vulnerabilities; and mitigate consequences.
a. Assess and analyze risk | c. Implement risk management activities |
b. Establish program goals | d. Identify assets |
____ 3. _________________ is a computerized, open-source risk assessment tool that consists of UML-based packages.
a. OCTAVE | c. CSET |
b. CORAS | d. SNORT |
____ 4. _________________ was developed by Carnegie Mellon as a suite of tools, techniques, and methods for risk-based information security assessment and planning; it utilizes event/fault trees.
a. OCTAVE | c. CSET |
b. CORAS | d. SNORT |
Completion
Complete the sentence.
5. ___________________________________________________________ refers to the logistics associated with obtaining needed components.
Short Answer
6. Discuss the impact that an industry’s regulatory environment might have on risk assessment. Provide an example of a regulation in a sector that would have to be security tested.
For the answers to these questions, email your name, the name of your college or other institution, and your position there toinfo@cyberwatchwest.org. CyberWatch West will email you a copy of the answer key.