Which term describes the method of identifying vulnerabilities and threats and assessing the possible damage to determine where to implement security safeguards?

Proper security management dictates separation of duties for all the following reasons except which one?

As a potential CISSP, you need to know common Request for Comments (RFCs) and National Institute of Standards and Technology (NIST) standards. One such RFC is 2196. This Internet Engineering Task Force (IETF) document provides basic guidance on security in a networked environment. What is the title of this document?

Mr. Hunting, your former college math teacher, hears that you are studying for your CISSP exam and asks if you know the formula for total risk. What is the correct response?

What document gives detailed instructions on how to perform specific operations, providing a step-by-step guide?

Your CEO has hinted that security audits may be implemented next year. As a result, your director has become serious about performing some form of risk assessment. You are delegated the task of determining which type of risk assessment to perform. The director wants to learn more about the type of risk assessment that involves a team of internal business managers and technical staff. He does not want the assessment to place dollar amounts on identified risks. He wants the group to assign one of 26 common controls to each threat as it is identified. Which type of risk assessment does your manager want?

You have just won a contract for a small software development firm, which has asked you to perform a risk analysis. The firm provided you information on previous incidents and has a list of the known environmental threats in the geographic area. The firm’s president believes that risk is something that can be eliminated. As a Information Security Professional, how should you respond to this statement?