The means of managing risk, including policies, procedures, guidelines, practices or organizational structures, is called what?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Prepare for the ISACA IT Risk Fundamentals Test. Find flashcards and multiple choice questions, complete with hints and explanations. Ace your exam with confidence!

Multiple Choice

The means of managing risk, including policies, procedures, guidelines, practices or organizational structures, is called what?

Explanation:
In risk management, the means of managing risk are control activities. Controls are the measures an organization puts in place to reduce the likelihood of a risk event occurring or to lessen its impact. They come in many forms, including policies, procedures, guidelines, practices, and the way the organization is structured. For example, a security policy sets expectations, a change management procedure governs how changes are approved and tracked, and an access control mechanism limits who can do what. These controls can be preventive (stopping a risk before it materializes), detective (identifying when something goes wrong), or corrective (restoring control after an incident). The other options describe the types of risk themselves, not the mechanisms used to manage them, so they don’t fit as the term for the means of managing risk.

In risk management, the means of managing risk are control activities. Controls are the measures an organization puts in place to reduce the likelihood of a risk event occurring or to lessen its impact. They come in many forms, including policies, procedures, guidelines, practices, and the way the organization is structured. For example, a security policy sets expectations, a change management procedure governs how changes are approved and tracked, and an access control mechanism limits who can do what. These controls can be preventive (stopping a risk before it materializes), detective (identifying when something goes wrong), or corrective (restoring control after an incident). The other options describe the types of risk themselves, not the mechanisms used to manage them, so they don’t fit as the term for the means of managing risk.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy