Which of the following represents the procedure managers use to identify whether the company has information that unauthorized individuals want,how these individuals could obtain the information ,the value of the information ,and the probability of unauthorized access occurring?
a. Systems assessment.
b. Risk assessment.
c. Test of controls.
d. Disaster recovery plan assessment.
Answer:B
Choice "b" is correct. The first step in risk assessment is to identify the risks. The question is asking about the risk of unauthorized access to information. The steps would certainly be to identify whether the company has information that unauthorized individuals might want (and what company does not have such information), the value of the information, how those individuals could obtain the information, and the probability of unauthorized access occurring. The steps here are not necessarily in the same order as in the question; regardless, it is risk assessment.
Choice "d" is incorrect. It is not particularly clear exactly what "disaster recovery plan assessment" actually is. It probably means the review of a disaster recovery plan to determine if it will be effective. Regardless, it has nothing to do, per se, with the safeguarding of valuable information.
Choice "a" is incorrect. It is not particularly clear exactly what "system assessment" actually is. It probably means the review of a system to determine if it is operating effectively and efficiently. Regardless, it has nothing to do, per se, with the safeguarding of valuable information.
Choice "c" is incorrect. Test of controls are audit tests to determine if described controls have been placed in operation and are working effectively. Tests of controls have nothing to do with the above scenario, although there are controls involved in the safeguarding of information and those controls may be tested in the course of an audit. This terminology is just terminology that might sound good to an accountant/auditor but which has no real relevance to the question.