A computer Risk Policy is a set of ideas to be implemented to overcome the risk associated with computer security incidents. Identify the procedure that is NOT part of the computer risk policy?
A computer Risk Policy is a set of ideas to be implemented to overcome the risk associated with computer security incidents. Identify the procedure that is NOT part of the computer risk policy?
A computer risk policy primarily focuses on preventative measures, detection, response, and recovery related to computer security incidents. Procedures to monitor the efficiency of security controls, continuously train employees authorized to access systems, and provide continuing support in case of system interruptions are all inherent aspects of maintaining and managing security risks. However, identifying security funds to hedge risk is more related to financial and business risk management, not directly to the technical or procedural aspects of a computer security risk policy.
A doesn't even remotely mention insurance policy. its just identifying security funds to hedge risk. identify security funds isnt even related to computer risk policy
I think the answer is letter A
This is letter A for me. A. Procedure to identify security funds to hedge risk - This is more on financial/business side. Security doesn't really govern them. B. Procedure to monitor the efficiency of security controls - Related to risks C. Procedure for the ongoing training of employees authorized to access the system - by providing ongoing training for employees authorized to access the system, you are teaching them what to do and what not to do. This lowers the risk of those users being part/triggering an incident. D. Provisions for continuing support if there is an interruption in the system or if the system crashes - related to availability
Correct answer is C. Read the wording of question, it is asking about Risk and how do you hedge a risk, by taking insurance policy. So A is not the answer.
C is not the correct Awnser. Training employees IS apart of risk as it reduces human error.
I think the key is the word "computer" because it is not about human risks.
Computer security incidents always involves human
As per book answer is A
I think also the answer is A as budgeting is not part of the risk policy and security awareness training for employees accesing the coorporate computers and networks is very important to narrow the possibilities of human error or fall victim of cyber security scams
Definitely the answer here is A. If you even look at the all answers without reading the question, A sticks out like it doesn't belong there.
LETTER C.
Answer is A
Answer should be A. Not fund issue
Answer should be A. Not fund issue