My answers to the 2024 Enterprise Risk exam are in the PDF below. Once I have the mark, I’ll add it.
Exam questions:
Task 1:
1. How can subjective probabilities be used in enterprise risk assessments, and how does this impact the process and communication of results?
2. J.P. Hansson suggests a risk concept using (C, Pf), where “C” represents consequences and “Pf” measures the uncertainty about “C.” Would you support or oppose this approach? Write an email to the ERM team justifying your stance.
3. In the (A, C, U) risk framework, reflect on how knowledge characterization and knowledge strength (SoK) assessments contribute to risk understanding, surprise management, and strategy development.
4. Using the conceptual model in Figure 1, explain how to develop a risk management strategy for a dry feed vendor. Make necessary assumptions and outline your reasoning.
Task 2:
Select three enterprise risk drivers from Figure 3, and explain how they contribute to various types of enterprise risk (operational, financial, strategic) outlined in Figure 2. Additionally, propose relevant mitigation measures for each.
Task 3:
You are the Chief Information Security Officer (CISO) at a cloud-based service provider for healthcare and education. The management team has flagged two major cybersecurity risks:
Phishing attacks targeting employees.
Vulnerabilities in the supply chain exploited by cybercriminals.
Address these concerns by:
Explaining the threats posed by phishing and supply chain vulnerabilities.
Proposing measures based on specific cybersecurity principles.
Applying the Plan-Do-Check-Act (PDCA) cycle for continuous cybersecurity improvement.
Lastley; Address the risk of outdated user credentials, such as former employees with active login credentials.
Leave a Reply