Section: Volume C
Explanation:
Laws and regulations of the country of origin may not be enforceable in foreign country and conversely, it is also true that laws and regulations of the foreign outsourcer may also impact the enterprise. Hence violation of applicable laws may not be recognized or rectified due to lack of knowledge of the local laws.
Incorrect Answers:
A: Security breach notification is not a problem and also time difference does not play any role in 24/7 environment. Pagers, cellular phones, telephones, etc. are there to communicate the notifications.
B: Outsourcing does not remove the enterprise's responsibility regarding internal requirements. Hence monitoring the compliance with its internal security and privacy guidelines is not a problem.
D: The need for additional network intrusion detection sensors is not a major problem as it can be easily managed. It only requires addition funding, but can be addressed.

Section: Volume D
Explanation:
Cause-and-effect analysis involves the use of predictive or diagnostic analytical tool for exploring the root causes or factors that contribute to positive or negative effects or outcomes. These tools also help in identifying potential risk.
Incorrect Answers:
A: This analysis is not a method for exposing risk factors. It is used for analyzing scenarios.
B: Sensitivity analysis is the quantitative risk analysis technique that:
* Assist in determination of risk factors that have the most potential impact
* Examines the extent to which the uncertainty of each element affects the object under consideration when all other uncertain elements are held at their baseline values C: Fault tree analysis (FIA) is a technique that provides a systematic description of the combination of possible occurrences in a system, which can result in an undesirable outcome. It combines hardware failures and human failures.

Explanation/Reference:
Explanation:
As quantitative analysis is data driven, it:
Allows data classification and counting.

Allows statistical models to be constructed, which help in explaining what is being observed.

Generalizes findings for a larger population and direct comparisons between two different sets of data

or observations.
Produces statistically reliable results.

Allows discovery of phenomena which are likely to be genuine and merely occurs by chance.

Incorrect Answers:
A: Risk factors are expressed in terms of high/medium/low in qualitative analysis, and not in quantitative analysis.

Section: Volume D