Download Authentic Isaca CRISC Exam Questions Answers PDF: https://authenticdumps.com/dumps/crisc/
20% Discount: Use this Coupon [SAVE20]
AuthenticDumps.com Provides 100% Updated Isaca CRISC Exam Questions and it's actual Answers which are verified Isaca Experts. Isaca CRISC Exam Dumps PDF is a recommended way to pass your CRISC Exam with High Marks. Visit AuthenticDumps.com to Get more information about CRISC exam.
that health informaton data is protected. Before HIPAAs personal medical informaton was ofen aiailable to anyone. Security to protect the data was laxs and the data was ofen misused. If your organiiaton handles health informatons HIPAA applies. HIPAA deines health informaton as any data that is created or receiied by health care proiiderss health planss public health authoritess employerss life insurerss schools or uniiersitess and health care clearinghouses. HIPAA deines any data that is related to the health of an indiiiduals including past/present/future healths physical/mental healths and past/present/future payments for health care. Creatng a HIPAA compliance plan iniolies following phasesn Assessmentn An assessment helps in identfying whether organiiaton is coiered by HIPAA. If it iss then further requirement is to identfy what data is needed to protect. Risk analysisn A risk analysis helps to identfy the risks. In this phases analyiing method of handling data of organiiaton is done. Plan creatonn Afer identfying the riskss plan is created. This plan includes methods to reduce the risk. Plan implementatonn In this plan is being implemented. Contnuous monitoringn Security in depth requires contnuous monitoring. Monitor regulatons for changes. Monitor risks for changes. Monitor the plan to ensure it is stll used. Assessmentn Regular reiiews are conducted to ensure that the organiiaton remains in compliance. Answern A is incorrect. SOX designed to hold executies and board members personally responsible for inancial data. Answern B is incorrect. GLBA is not used for handling health care informaton. Answern D is incorrect. FISMA ensures protecton of data of federal agencies. Question 5 You are the project manager of GRT project. You discoiered that by bringing on more qualiied resources or by proiiding eien beter quality than originally planneds could result in reducing the amount of tme required to complete the project. If your organiiaton seiies this opportunity it would be an example of what risk response? A. Share B. Enhance C. Exploit D. Accept Aoswern C Explanatonn Exploit response is one of the strategies to negate risks or threats that appear in a project. This strategy may be selected for risks with positie impacts where the organiiaton wishes to ensure that the opportunity is realiied. Exploitng a risk eient proiides opportunites for positie impact on a project. Assigning more talented resources to the project to reduce the tme to completon is an example of exploit response. Answern A is incorrect. - The share strategy is similar as transfer because in this a porton of the risk is shared with an external organiiaton or another internal entty. Answern B is incorrect. The enhance strategy closely watches the probability or impact of the risk eient to assure that the organiiaton realiies the beneits. The primary point of this strategy is to
atempt to increase the probability and/or impact of positie risks. Answern D is incorrect. Risk acceptance means that no acton is taken relatie to a partcular risk; loss is accepted if it occurs. Question 6 You are the project manager of the NHQ project in Bluewell Inc. The project has an asset ialued at $200s000 and is subjected to an exposure factor of 45 percent. If the annual rate of occurrence of loss in this project is once a months then what will be the Annual Loss Expectancy (ALE) of the project? A. $ 2s160s000 B. $ 95s000 C. $ 90s000 D. $ 108s000 Aoswern D Explanatonn The ALE of this project will be $ 108s000. Single Loss Expectancy is a term related to Quanttatie Risk Assessment. It can be deined as the monetary ialue expected from the occurrence of a risk on an asset. It is mathematcally expressed as followsn SLE = Asset ialue * Exposure factor Therefores SLE = 200s000 * 0.45 = $ 90s000 As the loss is occurring once eiery months therefore ARO is 12. Now ALE can be calculated as followsn ALE = SLE * ARO = 90s000 * 12 = $ 108s000 Question 7 Which of the following is NOT true for Key Risk Indicators? A. The complete set of KRIs should also balance indicators for risks root causes and business impact. B. They help aioid haiing to manage and report on an excessiiely large number of risk indicators C. They are monitored annually D. They are selected as the prime monitoring indicators for the enterprise Aoswern C Explanatonn They are monitored on regular basis as they indicate high probability and high impact risks. As risks change oier tmes hence KRIs should also be monitored regularly for its efectieness on these changing risks.