A. It assures that asset valuation is consistently applied to all assets across the enterprise.
B. It protects the enterprise from paying more for protection than the net worth of the asset.
C. It ensures assets are linked to processes and classified based on business value.
A. strategic risk.
B. operational risk.
C. market risk.
A. be a direct measure of risk for each business line.
B. measure current risk levels in comparison to past levels.
C. alert there is an increased chance of exceeding risk appetite.
A. Generalizing acceptable risk levels
B. Obfuscating the reasons behind risk
C. Duplicating details of risk status
A. When the goal is to produce results that can be compared over time
B. When the goal is to aggregate risk at the enterprise level
C. When the goal is to prioritize risk response plans
A. establish risk tolerance for each business unit.
B. aggregate risk statements for all lines of business.
C. normalize risk taxonomy across the organization.
A. keeping impact criteria and cost data as generic as possible.
B. using standardized frequency and impact metrics.
C. measuring existing impact criteria exclusively in financial terms.
A. External threat reporting services
B. Risk workshop brainstorming
C. Historical enterprise risk metrics
A. Understanding the impacts of the risk environment to the organization
B. Developing a top-down approach to risk management
C. Developing requirements for risk reporting to executive management
A. The deficiencies have already been resolved.
B. The deficiencies have no business relevance.
C. The deficiencies are actual misconfigurations.
