Author: Anonymous

True or False? A risk-aware culture means the people in an organization share a common set of values, beliefs, and knowledge about the importance of managing risks.

True or False? The American Institute of Certified Public Accountants (AICPA) created the Statement on Standards for Attestation Engagements No. 16 (SSAE16) to replace SAS 70.

True or False? Public interest is the practice of telling individuals how their personal information will be protected.

True or False? In Information Technology Infrastructure Library (ITIL), service strategy relates to ongoing support of a service, and service operation relates to how to define the governance and portfolio of services.

Which of the following is a security control classification that relies on a human to take some action?

A good security awareness program makes employees aware of the behaviors expected of them. All security awareness programs have two enforcement components: the carrot and the stick. Which of the following best captures the relationship of the two components?

Carl is a security professional. He is reviewing his organization’s security policies and related documents. One document contains general rules, a description of the organizations’ core values, as well as a description of areas in which there is zero tolerance for transgressions. What type of document is Carl reviewing?

True or False? A confidentiality agreement (CA) is a non-legal agreement between human resources and employees.

True or False? The Committee of Sponsoring Organizations (COSO) is an endorsed framework that companies commonly use to meet SOX 404 requirements.

Which of the following is not one of the five pillars of the information assurance (IA) model?