Skip to main content
Workforce LibreTexts

7.5: Assessment

  • Page ID
  • \( \newcommand{\vecs}[1]{\overset { \scriptstyle \rightharpoonup} {\mathbf{#1}} } \) \( \newcommand{\vecd}[1]{\overset{-\!-\!\rightharpoonup}{\vphantom{a}\smash {#1}}} \)\(\newcommand{\id}{\mathrm{id}}\) \( \newcommand{\Span}{\mathrm{span}}\) \( \newcommand{\kernel}{\mathrm{null}\,}\) \( \newcommand{\range}{\mathrm{range}\,}\) \( \newcommand{\RealPart}{\mathrm{Re}}\) \( \newcommand{\ImaginaryPart}{\mathrm{Im}}\) \( \newcommand{\Argument}{\mathrm{Arg}}\) \( \newcommand{\norm}[1]{\| #1 \|}\) \( \newcommand{\inner}[2]{\langle #1, #2 \rangle}\) \( \newcommand{\Span}{\mathrm{span}}\) \(\newcommand{\id}{\mathrm{id}}\) \( \newcommand{\Span}{\mathrm{span}}\) \( \newcommand{\kernel}{\mathrm{null}\,}\) \( \newcommand{\range}{\mathrm{range}\,}\) \( \newcommand{\RealPart}{\mathrm{Re}}\) \( \newcommand{\ImaginaryPart}{\mathrm{Im}}\) \( \newcommand{\Argument}{\mathrm{Arg}}\) \( \newcommand{\norm}[1]{\| #1 \|}\) \( \newcommand{\inner}[2]{\langle #1, #2 \rangle}\) \( \newcommand{\Span}{\mathrm{span}}\)


    Indicate whether the statement is true or false.

    ____ 1. A risk assessment that uses descriptive terminology, such as “high,” “medium,” and “low,” is called a quantitative risk assessment.


    Multiple Choice

    Identify the choice that best completes the statement or answers the question.


    ____ 2. In which phase of the Critical Infrastructure Risk Management Framework is the goal to identify, detect, disrupt, and prepare for hazards and threats; reduce vulnerabilities; and mitigate consequences.

    a. Assess and analyze risk c. Implement risk management activities
    b. Establish program goals d. Identify assets


    ____ 3. _________________ is a computerized, open-source risk assessment tool that consists of UML-based packages.

    a. OCTAVE c. CSET
    b. CORAS d. SNORT


    ____ 4. _________________ was developed by Carnegie Mellon as a suite of tools, techniques, and methods for risk-based information security assessment and planning; it utilizes event/fault trees.

    a. OCTAVE c. CSET
    b. CORAS d. SNORT



    Complete the sentence.

    5. ___________________________________________________________ refers to the logistics associated with obtaining needed components.


    Short Answer

    6. Discuss the impact that an industry’s regulatory environment might have on risk assessment. Provide an example of a regulation in a sector that would have to be security tested.





    For the answers to these questions, email your name, the name of your college or other institution, and your position there CyberWatch West will email you a copy of the answer key.

    7.5: Assessment is shared under a CC BY license and was authored, remixed, and/or curated by LibreTexts.

    • Was this article helpful?