Certified Incident Handler (CIH) Practice Ecam

Disable ads (and more) with a membership for a one time $2.99 payment

Prepare for the Certified Incident Handler (CIH) Exam. Enhance your knowledge with interactive quizzes and detailed insights into cyber incident handling. Boost your exam readiness with our expert-designed questions!

Start Multiple Choice Practice Test
Start Flash Cards

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.

Which procedure is NOT part of a computer risk policy?

  1. Ongoing employee training

  2. Incident reporting procedures

  3. Access control measures

  4. System monitoring policies

The correct answer is: Ongoing employee training

Ongoing employee training plays a crucial role in an organization's overall security posture, but it is typically considered a broader aspect of risk management and security awareness rather than a specific component of a formal computer risk policy. A computer risk policy generally outlines the specific risk management strategies and measures in place to protect the organization's information systems and data from various threats. Incident reporting procedures, access control measures, and system monitoring policies are all integral parts of a computer risk policy. Incident reporting procedures ensure that any security incidents are documented and addressed promptly, access control measures define how users can interact with the system and protect sensitive information, and system monitoring policies establish how the organization will track system performance and detect anomalies that could indicate a potential security threat. Collectively, these elements form a structured approach to managing and mitigating risks associated with computer systems, making them essential components of a comprehensive computer risk policy.

More Questions Like This