首页
外语
计算机
考研
公务员
职业资格
财经
工程
司法
医学
专升本
自考
实用职业技能
登录
计算机
As his company’s CISO, George needs to demonstrate to the Board of Directors the necessity of a strong risk management program.
As his company’s CISO, George needs to demonstrate to the Board of Directors the necessity of a strong risk management program.
admin
2013-12-19
68
问题
As his company’s CISO, George needs to demonstrate to the Board of Directors the necessity of a strong risk management program. Which of the following should George use to calculate the company’s residual risk?
选项
A、threats × vulnerability × asset value = residual risk
B、SLE × frequency = ALE, which is equal to residual risk
C、(threats × asset value × vulnerability) x control gap = residual risk
D、(total risk - asset value) × countermeasures = residual risk
答案
C
解析
C正确。实施防护措施是为了把总风险降到一个可接受的程度。然而,没有任何系统或环境是100%安全的,不管采取哪种对策,总是会有一些风险存在。在实施防护措施之后继续存在的风险叫做剩余风险(residual risk)。剩余风险不同于总风险,总风险指的是公司选择不采取任何防护措施的情况下所面临的风险。总风险的计算公式是:威胁×脆弱性×资产价值=总风险。剩余风险的计算公式为:(威胁×脆弱性×资产价值)×控制差距=剩余风险。控制差距指的是控制所不能提供的保护的数量。
A不正确。因为威胁×脆弱性×资产价值不等于剩余风险,这是计算总风险的公式。总风险是公司在没有采取任何防护措施或行动以降低整体风险的情况下所面临的风险。总风险可以通过实施安全保障措施或实施对策来减少,使得公司仅面临剩余风险——即安全措施实施之后剩下的风险。
B不正确。因为单一损失期望(single loss expectancy,SLE)×频率(frequency)是计算年度损失期望(Annualized Loss Expectancy,ALE)的公式,它可以用来衡量利用脆弱性的威胁和对业务造成的影响。频率是指威胁的年发生率(Annual Rate of Occurrence,ARO)。ALE不等于剩余风险。ALE指出了在过去的一年里,某种特定类型的威胁对公司可能造成的损失。了解某个威胁真正发生的概率和该威胁造成的损失折合多少钱对确定应该花费多少钱来试图抵制这个威胁非常重要。
D不正确,而且是一个干扰选项。风险评估中并没有这样的公式。真正的公式为:威胁×脆弱性×资产价值=总风险:(威胁×脆弱性×资产价值)×控制差距=剩余风险。
转载请注明原文地址:https://www.kaotiyun.com/show/VNhZ777K
0
CISSP认证
相关试题推荐
Individualsandbusinesseshavelegalprotectionforintellectualpropertytheycreateandown.Intellectualproper【C1】______fro
Inthe1930s,anAmericanmeatcompanycameoutwithaspicedhamproductsoldinacan.Beforelong,Spam,asitwascalled,be
Severaltypesoffinancialriskareencounteredininternationalmarketing;themajorproblemsincludecommercial,political,an
In1930,whentheworldwas"sufferingfromabadattackofeconomicpessimism",JohnMay-nardKeyneswroteabroadlyoptimisti
In1930,whentheworldwas"sufferingfromabadattackofeconomicpessimism",JohnMay-nardKeyneswroteabroadlyoptimisti
Writeanessayof160-200wordsbasedonthefollowingdrawing.Inyouressay,youshould1)describethedrawingbriefly,
Writeanessayof160-200wordsbasedonthefollowingdrawing.Inyouressay,youshould1)describethedrawingbriefly,
Americanfarmershavebeencomplainingoflaborshortagesforseveralyearsnow.Givenamulti-yeardeclineinillegalimmigrati
Manypeopletalkedofthe288,000newjobstheLaborDepartmentreportedforJune,alongwiththedropintheunemploymentrate
随机试题
设xn=a0+a1q+…+anqn,|ak|<M,k=0,1,2,…,且|q|<1,问{xn}是否收敛?
StandingaloneattheBrowns’party,AnnaMackintoshthoughtaboutherhusbandEdward,establishinghimclearlyinhermind’sey
A.Thanks,DaddyB.I’mproudofyouC.Youcan’tbelieveitD.CongratulationsE.Whatmakes
A.雌激素水平过高B.雄激素减少,雌激素相对增多C.尿中hCG明显增高D.雄激素水平过高子宫内膜腺癌是由于
男性,40岁。痔疮出血1年,乏力、面色苍白3个月。查体:贫血貌,巩膜无黄染。血象:白细胞4.6×109/L,红细胞3.9×1012/L。Hb65g/L,血小板330×109/L。该患者为何种细胞形态学贫血
××房地产开发公司,计划在××市××规划小区拟建4栋6层住宅楼,楼号为9号、10号、11号、12号。拟建工程位于××以东、××以北,两者交叉口东北。××公司承担了住宅楼的岩土工程勘察任务。场地地形基本平坦,最高地面高程38.24m,最低地面高程3
立面图的绘制中整个建筑的外轮廓尺寸线用()线绘制。
飓风:酸雨
以下关于操作型数据和分析型数据的描述中,正确的是
Therewerewarningsagainstthe2004tsunamibutthewarningscouldn’treachthespot.Mosttsunamisaretriggeredbyearthqua
最新回复
(
0
)
