Most Common Questions Asked for Risk Management Role

Common Questions Asked for Risk Management Role

1. Is there an acceptable level of risk?

 

2. Is it a good idea to pay the ransom when your data has been encrypted by ransomware?

 

3. What’s the most comprehensive security standard to manage risk?

 

4. How do you measure risk? Can you give an example of a specific metric that measures information security risk?

 

5. Can you give me an example of risk trade-offs (e.g. risk vs cost)?

 

6. What is incident management?

 

7. What is business continuity management? How does it relate to security?

 

8. What is the primary reason most companies haven’t fixed their vulnerabilities?

 

9. What’s the goal of information security within an organization?

 

10. What’s the difference between a threat, vulnerability, and risk?

 

11. If you were to start a job as a head engineer or CSO at a Fortune 500 company due to the previous guy being fired for incompetence, what would your priorities be? [Imagine you start on day one with no knowledge of the environment]

 

12. As a corporate information security professional, what’s more, important to focus on: threats or vulnerabilities?

 

13. If I’m on my laptop, here inside my company, and I have just plugged in my network cable. How many packets must leave my NIC in order to complete a traceroute to twitter.com?

 

14. How would you build the ultimate botnet?

 

15. What are the primary design flaws in HTTP, and how would you improve it?

 

16. If you could re-design TCP, what would you fix?

 

17. What is the one feature you would add to DNS to improve it the most?

 

18. What is likely to be the primary protocol used for the Internet of Things in 10 years?

 

19. If you had to get rid of a layer of the OSI model, which would it be?

 

20. What is the residual risk?

 

21. What is the difference between a vulnerability and an exploit?

 

22. What role does cyber awareness have in information security?

 

23. What is a tabletop exercise?

 

24. Can you explain threat modeling?

 

25. Why are the incidents relating to insiders more expensive?

Leave a Reply

Also Read


Join GraspHack Family!

We will never spam you.

Be a part of our ever growing community.