Explanation/Reference:
Explanation:
NIST SP 800-53 is used to review security in any organization, that is, in reviewing physical security. The Physical and Environmental Protection family includes 19 different controls. Organizations use these controls for better physical security. These controls are reviewed to determine if they are relevant to a particular organization or not. Many of the controls described include additional references that provide more details on how to implement them. The National Institute of Standards and Technology (NIST) SP
800-53 rev 3 identifies 18 families of controls. It groups these controls into three classes:
Technical

Operational

Management

The proposed benefit that is most likely to influence senior management approval to reallocate budget for a new security initiative is the reduction in residual risk, as it indicates the expected value and outcome of the initiative in terms of reducing the risk exposure and impact to the level that is aligned with the risk tolerance and appetite of the organization. The other options are not the most likely benefits, as they may not reflect the actual or optimal risk reduction, or may not be relevant or measurable for the senior management, respectively. References = CRISC Review Manual, 7th Edition, page 111.

Section: Volume D
Explanation/Reference:

The best course of action for the risk practitioner is to follow the incident reporting procedures established by the organization. This will ensure that the incident is properly documented, escalated, and resolved in a timely and consistent manner. Reporting the incident to the chief risk officer, advising the employee to forward the email to the phishing team, or advising the employee to permanently delete the email are not the best courses of action, as they may not comply with the organization's policies and standards, and may not address the root cause and impact of the incident. References = Risk and Information Systems Control Study Manual, 7th Edition, Chapter 4, Section 4.2.2.1, page 193.