A.Determine the impact on the financial, operational, compliance and reputation of the organization.

B.Determine the impact on confidentiality, integrity and availability of the information system.

C.Determine the impact on the controls that were selected by the organization to respond to identified risks.

D.Determine the impact on the physical and environmental security of the organization, excluding informational assets.

A.application programmers moved programs into production.

B.application programmers accessed test data.

C.operations staff modified batch schedules.

D.database administrators (DBAs) modified the structure of user tables.

A.Vulnerability management, cyber security reviews, patching

B.Patching, configuration, hypervisor, backups

C.Identity and access management, data protection

D.Patching, source code reviews, hypervisor, access controls

A.The process of completing all forms and paperwork necessary to develop a defensible paper trail.

B.The development of a routine that covers all necessary security measures.

C.The awareness and adherence to obligations, including the assessment and prioritization of corrective actions deemed necessary and appropriate.

D.The timely and efficient filing of security reports.

E.The diligent habits of good security practices and recording of the same.

A.Organizational security policies

B.The presence of PII

C.Cost-benefit analysis

D.Cloud Service Provider encryption capabilities