GRANBY COLLEGES OF SCIENCE & TECHNOLOGY

College of Information and Communication Technology

Naic, Cavite, Philippines
Tel: (046) 412-0437B

Name: Score: Page | 1

Year and Section: Date:
LONG TEST - MIDTERM
 GRANBY COLLEGES OF SCIENCE & TECHNOLOGY
College of Information and Communication Technology
Naic, Cavite, Philippines
Tel: (046) 412-0437B

________________ 18. Is the highest level of planning, concerned with defining the organization's long term goals, objectives,Page and | 2
overall direction. It involves making decisions that shape the organization's future.
________________ 19. is the systematic process of identifying, assessing, and mitigating threats or uncertainties that can affect
an organization. It involves analyzing the likelihood and impact of risks, developing strategies to minimize harm, and monitoring the
effectiveness of those measures.
________________ 20. provides a comprehensive, flexible, repeatable, and measurable 7-step process that any organization can
use to manage information security and privacy risk for organizations and systems and links to a suite of NIST standards and
guidelines.
II. TRUE or FALSE. Write T if the statement is correct. If false, change the underlined word/s to make the statement
correct. Please answer correctly. Write your answer in the space provided. 2pts each
________________ 1. Risk Control focuses on implementing solutions to manage risks effectively. It includes risk avoidance,
prevention, and reduction.
________________ 2. Interest Rate Risk is related to a company's capital structure. It includes factors such as the degree of
financial leverage (debt burden) and the company's ability to manage its financial obligations
________________ 3. Systematic Risk is also called asset-specific risk, this type of risk is specific to an individual investment. It
represents uncertainties related to a particular company or asset.
________________ 4. Security Policy is a comprehensive document that outlines an organization's approach to managing and
mitigating information security risks. It provides a structured framework for implementing security measures and controls to
safeguard sensitive information, systems, and networks.
________________ 5. Planning misalignment refers to a situation where there is a lack of coherence or synchronization between
different levels of planning within an organization.
________________ 6. Financial Risk deals with how an organization funds its risk management efforts. It includes insurance, self-
insurance, and other financial strategies.
________________ 7. Operational Planning is the most detailed level of planning, focusing on day to day activities and processes
required to meet tactical objectives. It involves short term planning to support daily operations.
________________ 8. Political/Regulatory Risk arises from political decisions and changes in regulations. It can significantly
impact businesses, especially those operating in multiple countries with varying political climates.
________________ 9. The Security Plan is a crucial component of the overall risk management process within an organization,
providing a detailed description of the security measures in place and serving as a reference for system security.
________________ 10. Strategic Planning is concerned with the implementation of the broader strategies outlined in the strategic
plan. It involves detailed planning to achieve specific objectives.
________________ 11. An Acceptable Use Policy (AUP) defines the acceptable and prohibited uses of a system, network, or
application.
________________ 12. Incident Response Plan identifies the risks faced by an organization and outlines the steps that should be
taken to manage those risks
________________ 13. The degree of Communication in an industry affects individual companies. Choices made by competitors
can influence a company's success.
________________ 14. The purpose of this Security Plan and Policy is to provide a comprehensive framework for protecting the
organization's assets and ensuring that the organization remains secure in the face of evolving security threats.
________________ 15. Risk management is the systematic process of identifying, assessing, and mitigating threats or
uncertainties that can affect an organization. It involves analyzing the likelihood and impact of risks, developing strategies to
minimize harm, and monitoring the effectiveness of those measures.
________________ 16. Mobile Device Policy outlines the rules and procedures for employees who use their personal devices to
access an organization's resources and systems.
________________ 17. Environmental Risk is specific to a particular country. It includes uncertainties related to economic stability,
currency exchange rates, and political stability in that country
________________ 18. Operational Risk relates to a company's day-to-day operations. It includes supply chain disruptions,
product delivery issues, and other operational challenges.
________________ 19. Risk Management Plan identifies the risks faced by an organization and outlines the steps that should be
taken to manage those risks
 GRANBY COLLEGES OF SCIENCE & TECHNOLOGY
College of Information and Communication Technology
Naic, Cavite, Philippines
Tel: (046) 412-0437B

________________ 20. Access Control Policy is a document that outlines the rules and procedures for remote access to an Page | 3
organization's network and resources.

“There are no secrets to success. It is the result of preparation, hard work, and learning from failure” – Gen. Colin Powell
Goodluck! 