07. Quiz: Risk Statements

Quiz: Risk Statements

Question 1

Risk statements should be relatively generic without mentioning or taking into account an organization's existing controls? True or False?
SOLUTION: True

Question 2

Which of the following are good risk statements. Choose all that apply.
SOLUTION:
  • Egress traffic is not inspected and blocked which may allow bad actors to penetrate the network
  • Users are unaware of their responsiblities in reporting incidents which may lead to unreported security concerns.

Next Concept