WGU D373 MODULE 6 RISK MANAGEMENT
ASSESSING RISK 33 QUESTIONS WITH VERIFIED
ANSWERS 2025/2026
The evaluation and reaction to risk to the entire organization; ERM is not
restricted to the risk facing information assets. - CORRECT ANSWER enterprise risk
management (ERM)
The entire program of planning for and managing risk to information assets in the
organization. - CORRECT ANSWER risk management (RM) / InfoSec risk
management
An approach to combining risk identification, risk analysis, and risk evaluation into
a single strategy. - CORRECT ANSWER risk assessment
The overall structure of the strategic planning and design for the entirety of the
organization's RM efforts. - CORRECT ANSWER RM framework
The identification, analysis, evaluation, and treatment of risk to information
assets, as specified in the RM framework. - CORRECT ANSWER RM process
Policy designed to regulate organizational efforts related to the identification,
assessment, and treatment of risk to information assets. - CORRECT ANSWER risk
management policy
, The risk to information assets that remains even after current controls have been
applied. - CORRECT ANSWER residual risk
The quantity and nature of risk that organizations are willing to accept as they
evaluate the trade-offs between perfect security and unlimited accessibility. -
CORRECT ANSWER risk appetite
The assessment of the amount of risk an organization is willing to accept for a
particular information asset, typically synthesized into the organization's overall
risk appetite. - CORRECT ANSWER risk tolerance / risk threshold
A formal document developed by the organization that specifies its overall
willingness to accept risk to its information assets, based on a synthesis of
individual risk tolerances. - CORRECT ANSWER risk appetite statement
An extreme level of risk tolerance whereby the organization is unwilling to allow
any successful attacks or suffer any loss to an information asset. - CORRECT
ANSWER zero tolerance risk exposure
A document that contains specifications for the implementation and conduct of
RM efforts. - CORRECT ANSWER risk management plan
The recognition, enumeration, and documentation of risks to an organization's
information assets. - CORRECT ANSWER Risk identification
Within the context of risk management, any collection, set, or database of
information or any asset that collects, stores, processes, or transmits information
ASSESSING RISK 33 QUESTIONS WITH VERIFIED
ANSWERS 2025/2026
The evaluation and reaction to risk to the entire organization; ERM is not
restricted to the risk facing information assets. - CORRECT ANSWER enterprise risk
management (ERM)
The entire program of planning for and managing risk to information assets in the
organization. - CORRECT ANSWER risk management (RM) / InfoSec risk
management
An approach to combining risk identification, risk analysis, and risk evaluation into
a single strategy. - CORRECT ANSWER risk assessment
The overall structure of the strategic planning and design for the entirety of the
organization's RM efforts. - CORRECT ANSWER RM framework
The identification, analysis, evaluation, and treatment of risk to information
assets, as specified in the RM framework. - CORRECT ANSWER RM process
Policy designed to regulate organizational efforts related to the identification,
assessment, and treatment of risk to information assets. - CORRECT ANSWER risk
management policy
, The risk to information assets that remains even after current controls have been
applied. - CORRECT ANSWER residual risk
The quantity and nature of risk that organizations are willing to accept as they
evaluate the trade-offs between perfect security and unlimited accessibility. -
CORRECT ANSWER risk appetite
The assessment of the amount of risk an organization is willing to accept for a
particular information asset, typically synthesized into the organization's overall
risk appetite. - CORRECT ANSWER risk tolerance / risk threshold
A formal document developed by the organization that specifies its overall
willingness to accept risk to its information assets, based on a synthesis of
individual risk tolerances. - CORRECT ANSWER risk appetite statement
An extreme level of risk tolerance whereby the organization is unwilling to allow
any successful attacks or suffer any loss to an information asset. - CORRECT
ANSWER zero tolerance risk exposure
A document that contains specifications for the implementation and conduct of
RM efforts. - CORRECT ANSWER risk management plan
The recognition, enumeration, and documentation of risks to an organization's
information assets. - CORRECT ANSWER Risk identification
Within the context of risk management, any collection, set, or database of
information or any asset that collects, stores, processes, or transmits information
