1. Right Answer: B
Explanation: HIPAA handles health care information of an organization.The Health Insurance Portability and Accountability Act (HIPAA) were introduced in 1996. It ensures that health information data is protected. Before HIPAA, personal medical information was often available to anyone. Security to protect the data was lax, and the data was often misused.If your organization handles health information, HIPAA applies. HIPAA defines health information as any data that is created or received by health care providers, health plans, public health authorities, employers, life insurers, schools or universities, and health care clearinghouses.HIPAA defines any data that is related to the health of an individual, including past/present/future health, physical/mental health, and past/present/future payments for health care.Creating a HIPAA compliance plan involves following phases: Assessment: An assessment helps in identifying whether organization is covered by HIPAA. If it is, then further requirement is to identify what data is needed to protect. Risk analysis: A risk analysis helps to identify the risks. In this phase, analyzing method of handling data of organization is done. Plan creation: After identifying the risks, plan is created. This plan includes methods to reduce the risk.Plan implementation: In this plan is being implemented. Continuous monitoring: Security in depth requires continuous monitoring. Monitor regulations for changes. Monitor risks for changes. Monitor the plan to ensure it is still used. Assessment: Regular reviews are conducted to ensure that the organization remains in compliance.Incorrect Answers:A: GLBA is not used for handling health care information.C: SOX designed to hold executives and board members personally responsible for financial data.D: FISMA ensures protection of data of federal agencies.

2. Right Answer: D
Explanation: Risk threshold helps to identify those risks for which specific responses are needed.

3. Right Answer: A,D
Explanation: The enterprise must consider risk that has not yet occurred and should develop scenarios around unlikely, obscure or non-historical events.Such scenarios can be developed by considering two things: Visibility RecognitionFor the fulfillment of this task enterprise must: Be in a position that it can observe anything going wrong Have the capability to recognize an observed event as something wrong

4. Right Answer: A,C,D
Explanation: Frameworks, standards and practices are necessary as: They provide a systematic view of 'things to be considered' that could harm clients or an enterprise. They act as a guide to focus efforts of variant teams. They save time and revenue, such as training costs, operational costs and performance improvement costs. They assist in achieving business objectives quickly and easily.

5. Right Answer: B
Explanation: Operation risks encompass any potential interruption in business. Operational risks are those risk that are associated with the day-to-day operations of the enterprise. They are generally more detailed as compared to strategic risks. It is the risk of loss resulting from inadequate or failed internal processes, people and systems, or from external events. Some sub-categories of operational risks include: Organizational or management related risks Information security risks Production, process, and productivity risks Profitability operational risks Business interruption risks Project activity risks Contract and product liability riss Incidents and crisis Illegal or malicious actsIncorrect Answers:A: Reporting risks are those occurrences which prevent accurate and timely reporting.C: Legal risks are dealing with those events which can deteriorate the company's legal status. Legal compliance is the process or procedure to ensure that an organization follows relevant laws, regulations and business rules. The definition of legal compliance, especially in the context of corporate legal departments, has recently been expanded to include understanding and adhering to ethical codes within entire professions, as well. Hence legal and compliance risk has the potential to deteriorate company's legal or regulatory status.D: Strategic risks have potential which breaks in obtaining strategic objectives. Since the strategic objective will shape and impact the entire organization, the risk of not meeting that objective can impose a great threat on the organization.