Chapter 7: Security Governance Processes

Question 1

{Blank} are the bedrock documents that provide the foundation for an organization’s information security program. They are often developed over a long period of time and carefully written to describe an organization’s security expectations.

Compliance with policies is mandatory, and policies are often approved at the very highest levels of an organization.

Answer 1

Security Policies

Question 2

{Blank} prescibe the specific details of security controls that the organization must follow. They derive their authority from policy.

Even though they might not go through as rigorous a process as policies, compliance with them is still mandatory.

Answer 2

Security Standards

Question 3

Security professionals use {blank} to provide advice to the rest of the organization, including best practices for information security.

These are advice and compliance with them are not mandatory.

Answer 3

Security Guidelines

Question 4

{Blank} are step-by-step instructions that employees must follow when performing a specific security tasks. Compliance with this is mandatory.

Answer 4

Security Procedures

Question 5

Compliance with policies, standards, and procedures is always {blank}.

Answer 5

Mandatory

Question 6

Complying with guidelines is {blank}.

Answer 6

Optional

Question 7

What are the common types of security documents?

Answer 7

Polices, Standards, Guidelines, and Procedures

Question 8

{Blank} regulates the storage, processing, and transmission of credit and debit card information.

Answer 8

Payment Card Industry Data Security Standard (PCI DSS)

Question 9

Your organization is planning to accept credit cards for the first time and you are concerned about the regulations that may affect this processing. You already handle a large amount of personally identifiable information (PII). Which new regulation is m ost likely to affect your organization?

A. GDPR
B. PCI DSS
C. CCPA
D. HIPAA

Answer 9

PCI DSS

Question 10

YOuare writing a document that explains the step-by-step process that your organization’s help desk should follow when helping a user reset a forgotten password. Which type if document are you creating?

A. Policy
B. Standard
C. Procedure
D. Guideline

Answer 10

Procedure

Question 11

{Blank} governs protected health ingormation (PHI).

Answer 11

Health Insurance Portability and Accountability Act (HIPAA)

Question 12

The European Union says that thier {blank} applies to the personal information of all EU residents, wherever they might be located.

Answer 12

General Data Protection Regulation (GDPR)