New Year Sale ! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

PECB Exam ISO-IEC-27005-Risk-Manager Topic 1 Question 12 Discussion

Actual exam question for PECB's ISO-IEC-27005-Risk-Manager exam
Question #: 12
Topic #: 1
[All ISO-IEC-27005-Risk-Manager Questions]

Scenario 4: In 2017, seeing that millions of people turned to online shopping, Ed and James Cordon founded the online marketplace for footwear called Poshoe. In the past, purchasing pre-owned designer shoes online was not a pleasant experience because of unattractive pictures and an inability to ascertain the products' authenticity. However, after Poshoe's establishment, each product was well advertised and certified as authentic before being offered to clients. This increased the customers' confidence and trust in Poshoe's products and services. Poshoe has approximately four million users and its mission is to dominate the second-hand sneaker market and become a multi-billion dollar company.

Due to the significant increase of daily online buyers, Poshoe's top management decided to adopt a big data analytics tool that could help the company effectively handle, store, and analyze dat

a. Before initiating the implementation process, they decided to conduct a risk assessment. Initially, the company identified its assets, threats, and vulnerabilities associated with its information systems. In terms of assets, the company identified the information that was vital to the achievement of the organization's mission and objectives. During this phase, the company also detected a rootkit in their software, through which an attacker could remotely access Poshoe's systems and acquire sensitive data.

The company discovered that the rootkit had been installed by an attacker who had gained administrator access. As a result, the attacker was able to obtain the customers' personal data after they purchased a product from Poshoe. Luckily, the company was able to execute some scans from the target device and gain greater visibility into their software's settings in order to identify the vulnerability of the system.

The company initially used the qualitative risk analysis technique to assess the consequences and the likelihood and to determine the level of risk. The company defined the likelihood of risk as ''a few times in two years with the probability of 1 to 3 times per year.'' Later, it was decided that they would use a quantitative risk analysis methodology since it would provide additional information on this major risk. Lastly, the top management decided to treat the risk immediately as it could expose the company to other issues. In addition, it was communicated to their employees that they should update, secure, and back up Poshoe's software in order to protect customers' personal information and prevent unauthorized access from attackers.

According to scenario 4, which type of assets was identified during the risk identification process?

Show Suggested Answer Hide Answer
Suggested Answer: B

During the risk identification process, Poshoe identified the information that was vital to the achievement of the organization's mission and objectives. Such information is considered a primary asset because it directly supports the organization's core business objectives. Primary assets are those that are essential to the organization's functioning and achieving its strategic goals. Option A (Tangible assets) refers to physical assets like hardware or facilities, which is not relevant here. Option C (Supporting assets) refers to assets that support primary assets, like IT infrastructure or software, which also does not fit the context.


Contribute your Thoughts:

Stevie
1 months ago
Haha, yeah, can't have those pesky hackers messing with the second-hand sneaker market. That would really put a damper on the whole operation.
upvoted 0 times
...
Gracia
1 months ago
Well, that's a relief they caught the rootkit before it caused more damage. I hope they gave the IT team a raise for their quick thinking!
upvoted 0 times
Daniel
14 days ago
The company made the right decision to treat the risk immediately and communicate the importance of software updates to their employees.
upvoted 0 times
...
Delisa
25 days ago
It's important for companies to prioritize cybersecurity measures to protect customer data.
upvoted 0 times
...
Nell
1 months ago
I'm glad they were able to identify the vulnerability in their system before it led to more serious consequences.
upvoted 0 times
...
Sonia
1 months ago
I agree, the IT team definitely deserves recognition for their quick response.
upvoted 0 times
...
...
Leatha
2 months ago
I agree, the scenario clearly states that the company identified the information that was crucial to their goals as the assets during the risk assessment.
upvoted 0 times
...
Adell
2 months ago
The company identified the information that was vital to the achievement of the organization's mission and objectives as the primary assets during the risk identification process.
upvoted 0 times
Mariann
10 days ago
The company identified the information that was vital to the achievement of the organization's mission and objectives as the primary assets during the risk identification process.
upvoted 0 times
...
Benedict
22 days ago
C) Supporting assets
upvoted 0 times
...
Nilsa
1 months ago
B) Primary assets
upvoted 0 times
...
Mozell
1 months ago
A) Tangible assets
upvoted 0 times
...
...
Norah
2 months ago
I agree with you, Christiane. Tangible assets are physical items that can be touched and seen.
upvoted 0 times
...
Christiane
2 months ago
I think the answer is A) Tangible assets.
upvoted 0 times
...

Save Cancel