After mapping existing controls to new regulations, an organization needs to conduct a(n) ________ analysis.
Which of the following best describes the rights and obligations of individuals and organizations with respect to the collection, use, disclosure, and retention of personal information?
Security management
Compliance management
Privacy management
Personal management
Collection management
The process of selecting security controls is considered within the context of risk management.
True
False
If a baseline security control cannot be implemented, which of the following should be considered?
Compensating control
Baseline security standard revision
Policy revision
None of the above
Account management and separation of duties are examples of what type of controls?
Audit and accountability
Access control
Security assessment and authorization
Personal security
Which one of the following is not one of the seven domains of a typical IT infrastructure?
User Domain
Workstation Domain
LAN-to-LAN Domain
WAN Domain
Remote Access Domain
Which of the following policies would apply to the User Domain concerning the seven domains of a typical IT infrastructure?
Acceptable use policy
Internet access policy
Security incident policy
Firewall policy
Answers A and B
Answers B and D
Mitigating a risk from an IT security perspective is about reducing the risk to zero.
True
False
Which of the following is an example of why an ongoing IT compliance program is important?
Organizations are dynamic, growing environments.
Threats evolve.
Laws and regulations evolve.
All of the above
Policies, standards, and guidelines are part of the policy ________.
Which one of the following is not part of the change management process?
Identify and request
Evaluate change request
Decision response
Implement unapproved change
Monitor change
What can be done to manage risk? (Select three.)
Accept
Transfer
Avoid
Migrate
Regarding the seven domains of IT infrastructure, the Workstation Domain includes which of the following? (Select three.)
Desktop computers
Laptop computers
Remote access systems
Email servers
Handheld devices
Adequate controls over privacy data helps prevent ________ theft.
Which of these is not an effective method used by organizations to protect privacy data?
Develop appropriate privacy policies.
Conduct irregular risk assessments of access controls.
Establish the position of a privacy officer.
Limit data to only what is required.
Personal information, such as a person’s name by itself, can be considered sensitive information
True
False
Which of these domains of security are responsible for the end users’ operating environment?
User Domain
Workstation Domain
LAN Domain
LAN-to-WAN Domain
Which of these domains of security are responsible for the systems on the network that provide the applications and software for the users?
LAN Domain
WAN Domain
Remote Access Domain
Application Domain
A WAN typically covers communication to a smaller defined geographical area.
True
False
Which of the following components of an IT policy framework would require users to use two-factor authentication when accessing the remote network—usually combining a physical one-time token code with a PIN?
Policy
Standard
Guideline