Free Preparation Discussions
MENU
PECB ISO-IEC-27005-Risk-Manager Exam - Topic 1 Question 7 Discussion
Topic #: 1
Scenario 4: In 2017, seeing that millions of people turned to online shopping, Ed and James Cordon founded the online marketplace for footwear called Poshoe. In the past, purchasing pre-owned designer shoes online was not a pleasant experience because of unattractive pictures and an inability to ascertain the products' authenticity. However, after Poshoe's establishment, each product was well advertised and certified as authentic before being offered to clients. This increased the customers' confidence and trust in Poshoe's products and services. Poshoe has approximately four million users and its mission is to dominate the second-hand sneaker market and become a multi-billion dollar company.
Due to the significant increase of daily online buyers, Poshoe's top management decided to adopt a big data analytics tool that could help the company effectively handle, store, and analyze dat
a. Before initiating the implementation process, they decided to conduct a risk assessment. Initially, the company identified its assets, threats, and vulnerabilities associated with its information systems. In terms of assets, the company identified the information that was vital to the achievement of the organization's mission and objectives. During this phase, the company also detected a rootkit in their software, through which an attacker could remotely access Poshoe's systems and acquire sensitive data.
The company discovered that the rootkit had been installed by an attacker who had gained administrator access. As a result, the attacker was able to obtain the customers' personal data after they purchased a product from Poshoe. Luckily, the company was able to execute some scans from the target device and gain greater visibility into their software's settings in order to identify the vulnerability of the system.
The company initially used the qualitative risk analysis technique to assess the consequences and the likelihood and to determine the level of risk. The company defined the likelihood of risk as ''a few times in two years with the probability of 1 to 3 times per year.'' Later, it was decided that they would use a quantitative risk analysis methodology since it would provide additional information on this major risk. Lastly, the top management decided to treat the risk immediately as it could expose the company to other issues. In addition, it was communicated to their employees that they should update, secure, and back up Poshoe's software in order to protect customers' personal information and prevent unauthorized access from attackers.
Based on scenario 4, which scanning tool did Poshoe use to detect the vulnerability in their software?
According to ISO/IEC 27005, the output of the documentation of risk management processes should include detailed information about the results of the risk assessment and the chosen risk treatment options. This ensures transparency and provides a clear record of the decision-making process related to information security risk management. Therefore, option B is the correct answer.
Harrison
6 months agoArleen
6 months agoVallie
6 months agoLavonda
7 months agoJeff
7 months agoJacob
7 months agoBev
7 months agoDierdre
7 months agoAbel
8 months agoLashawna
8 months agoDaron
8 months agoWillodean
8 months agoDorathy
8 months agoZena
8 months agoMarget
8 months agoMary
1 year agoWilson
11 months agoRhea
11 months agoNicolette
11 months agoKirby
11 months agoMillie
11 months agoMertie
11 months agoCarissa
11 months agoYolando
1 year agoCarline
11 months agoLeontine
11 months agoIsaac
12 months agoLoreen
1 year agoPaulina
11 months agoTamar
12 months agoCorazon
12 months agoStephane
1 year agoRosendo
1 year agoHelene
1 year agoVan
1 year agoSolange
1 year agoMelodie
1 year agoKaycee
1 year agoMalcom
1 year agoChristene
1 year agoRenea
1 year agoElvis
1 year agoGerald
1 year ago