Certified Incident Handler (ECIH v3) — Question 4

A computer Risk Policy is a set of ideas to be implemented to overcome the risk associated with computer security incidents. Identify the procedure that is NOT part of the computer risk policy?

Answer options

• A. Procedure to identify security funds to hedge risk
• B. Procedure to monitor the efficiency of security controls
• C. Procedure for the ongoing training of employees authorized to access the system
• D. Provisions for continuing support if there is an interruption in the system or if the system crashes

Correct answer: A

Explanation

The correct answer, A, is not part of the computer risk policy as it focuses on financial aspects rather than security measures. Options B, C, and D are essential components of a risk policy, ensuring that security controls are effective, employees are trained, and support is available during system interruptions.