Blog

True or False? Users are ultimately accountable for protecting information.

True or False? President Theodore Roosevelt’s “speak softly and carry a big stick” is considered to be a poor approach to implementing security policies.

True or False? Incident classification is used to assess the severity of an incident.

No mandatory data classification scheme exists for private industry. However, there are four classifications used most frequently. Which of the following is not one of the four?

Most organizations add security awareness training to the list of items the __________ provides to new employees.

If a vulnerability is not fixed at the root cause, there is a possibility that another avenue of attack can emerge. This avenue is known as the:

True or False? Organizations should create a governance policy committee to monitor policy adoption and effectiveness.

Which of the following outcomes is one of the benefits of a risk management approach to security policies?

All of the following are true of a computer-based training (CBT) approach to security awareness training, except:

True or False? From the point where a vulnerability becomes known to the point where a security fix can be distributed is called the vulnerability window.