Blog

Which of the following is a security control classification that relies on a human to take some action?

A good security awareness program makes employees aware of the behaviors expected of them. All security awareness programs have two enforcement components: the carrot and the stick. Which of the following best captures the relationship of the two components?

Carl is a security professional. He is reviewing his organization’s security policies and related documents. One document contains general rules, a description of the organizations’ core values, as well as a description of areas in which there is zero tolerance for transgressions. What type of document is Carl reviewing?

True or False? A confidentiality agreement (CA) is a non-legal agreement between human resources and employees.

True or False? The Committee of Sponsoring Organizations (COSO) is an endorsed framework that companies commonly use to meet SOX 404 requirements.

Which of the following is not one of the five pillars of the information assurance (IA) model?

True or False? The Sarbanes-Oxley (SOX) Act was meant to repeal existing laws so that banks, investment companies, and other financial services companies could merge.

True or False? ISO 38500 provides guidance for managing IT governance.

True or False? A mitigating control limits the damage caused by not having a control in place.

Once an organization clearly defines its intellectual property (IP), the security policies should specify how to ___________ documents with marks or comments and how to ____________ the data, which determines in what location the sensitive file should be placed.