Blog

True or False? Incident classification is used to assess the severity of an incident.

No mandatory data classification scheme exists for private industry. However, there are four classifications used most frequently. Which of the following is not one of the four?

Most organizations add security awareness training to the list of items the __________ provides to new employees.

If a vulnerability is not fixed at the root cause, there is a possibility that another avenue of attack can emerge. This avenue is known as the:

True or False? Organizations should create a governance policy committee to monitor policy adoption and effectiveness.

Which of the following outcomes is one of the benefits of a risk management approach to security policies?

All of the following are true of a computer-based training (CBT) approach to security awareness training, except:

True or False? From the point where a vulnerability becomes known to the point where a security fix can be distributed is called the vulnerability window.

Human factors, in addition to technical challenges, can delay security policies from being implemented. Which of the following is associated with different parts of an organization having different views of risk, and this diverse set of leaders delaying security policy implementation?

Regarding data handling, classifying and labeling data is most significant during: