Security Program Integration
Professional Certification (SPIPC)
Questions and Answers Graded A+
What is the purpose of the asset assessment
step of the risk management process? ✔✔• Identify assets requiring protection and/or that are
important to the organization and to national security
• Identify undesirable events and expected impacts
• Prioritize assets based on consequences of loss
What is the purpose of the threat assessment
step of the risk management process? ✔✔• Determine threats to identified assets
• Assess intent and capability of identified threats
• Assess current threat level for the identified assets
What is the purpose of the vulnerability
assessment step of the risk management
process? ✔✔• Identify existing countermeasures and their level of effectiveness in reducing
vulnerabilities
, • Identify potential vulnerabilities related to identified assets and their undesirable events
• Identify current vulnerability level for the identified assets that can be exploited by the
identified threats
What is the purpose of the risk assessment step of the risk management process? ✔✔• Integrate
information about the impact of undesirable events (collected during the asset assessment step)
and the likelihood of undesirable events (based on information collected during the threat and
vulnerability assessment steps) to determine risks to identified assets
What is the purpose of the countermeasure determination step of the risk management process?
✔✔• Identify potential countermeasures to reduce vulnerability and/or threat and/or impact
• Identify countermeasure benefits in terms of risk reduction
• Identify countermeasure costs
• Conduct cost/benefit analysis
• Prioritize options and prepare recommendation for decision maker
What is the primary benefit of conducting the risk management process? ✔✔• National-level
security policy endorses a holistic risk management approach, allowing decision makers to
effectively allocate resources that provide the necessary security to assets that match the threat to
those assets
Professional Certification (SPIPC)
Questions and Answers Graded A+
What is the purpose of the asset assessment
step of the risk management process? ✔✔• Identify assets requiring protection and/or that are
important to the organization and to national security
• Identify undesirable events and expected impacts
• Prioritize assets based on consequences of loss
What is the purpose of the threat assessment
step of the risk management process? ✔✔• Determine threats to identified assets
• Assess intent and capability of identified threats
• Assess current threat level for the identified assets
What is the purpose of the vulnerability
assessment step of the risk management
process? ✔✔• Identify existing countermeasures and their level of effectiveness in reducing
vulnerabilities
, • Identify potential vulnerabilities related to identified assets and their undesirable events
• Identify current vulnerability level for the identified assets that can be exploited by the
identified threats
What is the purpose of the risk assessment step of the risk management process? ✔✔• Integrate
information about the impact of undesirable events (collected during the asset assessment step)
and the likelihood of undesirable events (based on information collected during the threat and
vulnerability assessment steps) to determine risks to identified assets
What is the purpose of the countermeasure determination step of the risk management process?
✔✔• Identify potential countermeasures to reduce vulnerability and/or threat and/or impact
• Identify countermeasure benefits in terms of risk reduction
• Identify countermeasure costs
• Conduct cost/benefit analysis
• Prioritize options and prepare recommendation for decision maker
What is the primary benefit of conducting the risk management process? ✔✔• National-level
security policy endorses a holistic risk management approach, allowing decision makers to
effectively allocate resources that provide the necessary security to assets that match the threat to
those assets
