Your project spans the entire organization. You would like to assess the risk of the project
but are worried that some of the managers involved in the project could affect the outcome of any risk identification meeting. Your worry is based on the fact that some employees would not want to publicly identify risk events that could make their supervisors look bad. You would like a method that would allow participants to anonymously identify risk events. What risk identification method could you use?

Benchmarking is a continuous process that can be time consuming to do correctly.
Which of the following guidelines for performing benchmarking identifies the critical processes and creates measurement techniques to grade the process?

An independent consultant has been hired to conduct an ad hoc audit of an enterprise's information security office with results reported to the IT governance committee and the board. Which of the following is MOST important to provide to the consultant before the audit begins?

Marsha is the project manager of the NHQ Project. There's a risk that her project team has identified, which could cause the project to be late by more than a month. Marsha does not want this risk event to happen so she devises extra project activities to ensure that the risk event will not happen. The extra steps, however, will cost the project an additional $10,000. What type of risk response is this approach?

You are hosting a collection of stakeholders from across the organization to identify the ideas and attitudes about your company's help desk. You want the stakeholders to honestly share their opinions about the help desk service so you can identify problems, solutions, and take actions to improve the service. What type of requirements elicitation activity is this?