Risk Management Final, writing homework help

CHSC 235: Principles of Risk Management

Final Exam- Xhudo

Multiple Choice (2 pts each- 30% total)

1. The fourth step in the analytical risk management process is:

a. To assess risks and determine priorities

b. To determine countermeasures

c. To assign cost-benefit analysis

d. B and C

2. The process of evaluating threats and the vulnerabilities of an asset to give an expert

opinion of probable loss or damage and impact of actions to take is part of:

a. Cost benefit analysis

b. Asset protection

c. Risk assessment

d. None of the above

3. An action taken or physical entity used to reduce vulnerabilities is better known as a:

a. A countermeasure

b. A risk manager

c. A threat assessment

d. All of the above

4. Cost benefit analysis;

a. Is part of the management decision making process

b. Includes a process where costs and benefits are weighed and alternatives

compared

c. Neither A nor B

d. Both A and B

5. associated with countermeasures may be measured in terms of

inconvenience or personnel.

a. Actions

b. Vulnerabilities

c. Risks

d. Costs

6. Is offset by measures of risk reduction gained?

a. Threat

b. Risk

c. Benefit

d. Inconvenience

7. Determining costs in other items for a risk manager includes which of the following:

a. Time

b. Inconvenience

c. Personnel

d. All of the above

8. Understanding how does asset value compare to proposed costs of protection is a key

component of:

a. Cost benefit analysis

b. Threat assessment

c. Risk assessment

d. None of the above

9. When determining countermeasures the question that must be answered is;

a. Does it reduce risk to an acceptable level

b. Does it satisfy the customer’s requirement for asset protection

c. Neither A nor B

d. Both A and B

10. As a risk manager which of the following questions become important in justifying to

management limitations of an asset;

a. Did the risk team have access to the best information

b. Were there conflicting interests

c. Neither A nor B

d. Both A and B

11. A is highly recommended if a project, program, or

organization is large enough to afford one.

a. Risk manager

b. Troubleshooter

c. Specialist

d. None of the above

12. The responsibility of risk management;

a. Is part of everyone’s job to some degree

b. Is only for the risk manager and no one else

c. Just happens

d. None of the above

13. General responsibilities of a designated risk manager include;

a. Exposure identification

b. Risk evaluation

c. Risk control

d. All of the above

14. One of the responsibilities of the risk manager is that of in the area of

loss prevention and control

a. Delegation

b. Leadership

c. Avoidance

d. Blaming

15. Decision making involves making which basic decisions;

a. What the cost of threat reduction will be in terms of asset protection

b. The ability to assign blame for failure

c. Ensuring that financial stability comes second to asset protection

d. None of the above

True/False (2 points each- total 20%)

1. Equally vital to asset identification is the vulnerability audit.

2. A government CIAO report states once a risk assessment is completed, results often lead

to one inescapable conclusion, that security enhancements will never exceed allocated

costs and resources.

3. Prior to 9/11 Presidential Decision Directive # 62 and PDD # 63 (Critical Infrastructure

Protection) were created as a response by the Bush Administration’s desire to address a

perceived deficiency in how we as a nation addressed and assessed national threats.

4. In the period immediately prior to 9/11 Public Law 2077 (June 2000) acted on findings of

the Bremer Commission.

5. Evidence that terrorist organizations have established an infrastructure in the western

hemisphere for the support and conduct of terrorist activities was part of the Bremer

Commission Report.

6. A systematic effort to identify and evaluate existing or potential terrorist threats to a

jurisdiction and its target assets was a DHS definition of threat combining all threats.

7. Calculation of threat for the government must similarly review existence and capability

but never history.

8. Assigning threat as both physical and cyber based including coordination with the private

sector was part of EO13010.

9. At the time of HSPD-7 the US infrastructure was manageable and efficient.

10. Critical infrastructure assets are defined by three characteristics the first of which is the

production of essential goods and services.

Essays: Choose two essays below. Each essay is worth 25 points- total 50%

1. Apply a risk management model to one of the eleven CIKR. Explain the threat(s),

countermeasures and whether these are adequate.

2. Of the eight areas relative to 9/11 Risk Management that the US suffered in, which would

you rate the highest. Explain why and provide an example where this has been improved

and how?

3. When looking at the terrorist assessment and the specific factors assessed, which would

consider the most significant? Explain by applying one factor to an example and how

threat assessment comes into play?