CRISC Exam Questions & Answers

What is the primary force for driving privacy? - ANS - Regulation

What is Confidentiality? - ANS - Maintains the secrecy and privacy of data

"need to know / least privilege"

What is Integrity? - ANS - Guarding against improper information modification, exclusion, or

destruction

"authenticity"

What is Availability? - ANS - Providing timely and reliable access to information

What is the order of Information Security Risk Management Process steps? - ANS - 1) Context

Establishment

2) Risk Identification

3) Risk Analysis

4) Risk Evaluation

5) Risk Treatment

What does the Risk Identification Process involve? - ANS - 1) Identify Assets

2) Identify Threats

3) Identify Existing Controls

4) Identify Vulnerabilities

5) Identify Consequences

6) Risk Estimation