Blog

True or False? In U.S. compliance laws, the intended objective of the concept of “limited use of personal data” is the practice of asking permission for how personal information can be used beyond its original purpose.

True or False? One of the foundational reasons for using and enforcing security policies is to protect systems from insider threats.

Devaki is a human resources (HR) professional. She is revising a document her company requires all new hires to sign and abide by. The document states that the employee promises not to divulge any information described in the document to a third party. What kind of document is Devaki revising?

True or False? A risk-aware culture means the people in an organization share a common set of values, beliefs, and knowledge about the importance of managing risks.

True or False? The American Institute of Certified Public Accountants (AICPA) created the Statement on Standards for Attestation Engagements No. 16 (SSAE16) to replace SAS 70.

True or False? Public interest is the practice of telling individuals how their personal information will be protected.

True or False? In Information Technology Infrastructure Library (ITIL), service strategy relates to ongoing support of a service, and service operation relates to how to define the governance and portfolio of services.

Which of the following is a security control classification that relies on a human to take some action?

A good security awareness program makes employees aware of the behaviors expected of them. All security awareness programs have two enforcement components: the carrot and the stick. Which of the following best captures the relationship of the two components?

Carl is a security professional. He is reviewing his organization’s security policies and related documents. One document contains general rules, a description of the organizations’ core values, as well as a description of areas in which there is zero tolerance for transgressions. What type of document is Carl reviewing?