4-15. After  a  preliminary screening to identify the critical tasks, the AIS technical  manager  should perform which of the following  tasks  next? 1. Determine the scope of the critical tasks 2. Develop an estimate of annual  loss  expectancy 3. Quantify  loss  potential with the help of user representatives 4. Determine  the  back-up system  requirements  for the critical tasks 4-16. The second step to be considered when you prepare the risk analysis is to 1. develop an estimate of annual  loss  expectancy 2. estimate  the  potential losses to which the AIS facility is exposed 3. evaluate the threats to the AIS facility 4. review  the  security program  objectives 4-17. To develop estimates of the occurrence  probability  for each type of threat, the AIS technical manager should use all except which of the following  resources? 1. Standardized  Navy-wide formula 2. Higher  authority instructions/manuals 3. Common sense 4. Data 4-18. The third step to be considered  when  you  prepare the risk analysis is to 1. develop an estimate of annual  loss  expectancy 2. estimate  the  potential losses to which the AIS facility  is  exposed 3. evaluate the threats to the AIS facility 4. review  the  security program  objectives 4-19. Fire, flood, and  sabotage, in varying degrees, result in which of the following losses? 1. Indirect loss of assets 2. Physical   destruction 3. Data  compromise 4. Theft  of  information 4-20. Reducing  the  probability  of some  occurrence  by  altering the environment could be accomplished in which of the following ways? 1. 2. 3. 4. Implementing  more rigorous  standards  for programming  and  software testing Preparing  a  backup system  for  offsite operations Providing  military guards  and  special  door locks Relocating  the  AIS facility 33