Question

13.10 Assessment

1.   Which of the following groups should be included in an effort to develop an effective community of practice?

a.   Senior management

b.   Middle managers

c.   Information security personnel

d.   Users

e.   All of the above

f.   None of the above

2.   Changing the developer’s mindset and culture requires leadership, but also policy.

a.   True

b.   False

3.   NIST publication 800-30 promotes the integration of risk management practices into the Software Development Lifecycle (SDLC) using the ___.

a.   Comprehensive Assessment Plan

b.   2009 Risk Management Methodology

c.   Nine-step risk-assessment methodology

d.   SSDLC Methodology Outline

4.   HIPAA’s Title II deals with standards that relate to ___.

a.   Data systems that process and transmit PHI

b.   A child’s right to privacy

c.   Encryption of PHI

d.   Email use in the organization

e.   All of the above

f.   None of the above

5.   The CIO is responsible for the oversight of all data and information that flows in and out of the organization.

a.   True

b.   False

6.   The Family Educational Rights and Privacy Act (FERPA) applies to colleges and universities and any records that provide ___ of the student.

a.   Personal identification

b.   Document losses to the organization

c.   Student library cards

d.   Auditing software records

7.   Security awareness and training is essential to developing an employee force that is aware of the threats that are imminent to an organization.

a.   True

b.   False

8.   Policy enforcement can be done by using nontechnical controls only.

a.   True

b.   False

9.   Tacit knowledge is easy to transfer to users throughout the organization.

a.   True

b.   False

10.   An organization’s security policies should align with the following option or options:

a.   Risk management

b.   Federal regulations

c.   Local laws

d.   All of the above

Answer 1

Answer:------------

13.10 Assessment

1.   Which of the following groups should be included in an effort to develop an effective community of practice?

e.   All of the above

2.   Changing the developer’s mindset and culture requires leadership, but also policy.

a.   True

3.   NIST publication 800-30 promotes the integration of risk management practices into the Software Development Lifecycle (SDLC) using the ___.

c.   Nine-step risk-assessment methodology

4.   HIPAA’s Title II deals with standards that relate to ___.

b.   A child’s right to privacy

5.   The CIO is responsible for the oversight of all data and information that flows in and out of the organization.

a.   True

6.   The Family Educational Rights and Privacy Act (FERPA) applies to colleges and universities and any records that provide ___ of the student.

a.   Personal identification

7.   Security awareness and training is essential to developing an employee force that is aware of the threats that are imminent to an organization.

a.   True

8.   Policy enforcement can be done by using nontechnical controls only.

b.   False

9.   Tacit knowledge is easy to transfer to users throughout the organization.

b.   False

10.   An organization’s security policies should align with the following option or options:

d.   All of the above