Security and Privacy Program Elements Quiz

Questions and Answers

What is the purpose of the security plan?

To ensure security in each layer (correct)

To provide executive guidance

To outline the principles of security and privacy

To define reporting requirements

Why are policies and procedures mentioned together?

Because they both focus on technical guidance

Because policy is the written statement while procedure is the way to implement it (correct)

Because they both provide executive guidance

Because they both address incident reporting

What does the security and privacy program provide?

Solutions

Processes

Standard operating procedures

Security (correct)

Which layer does 'Content Assurance' affect?

Business layer

Which key element of physical security affects the business and technology layers?

All of the above

What is the key element of information security that affects all layers?

Source authentication

Which key element of personnel security affects the systems and technology layers?

User authentication

What does 'Certification and accreditation' aim to prove?

That security actions have been implemented

What is the aim of 'Disaster recovery'?

Getting things back to normal after a natural disaster

Which key element of information security affects the information flow, technology, and systems layers?

Data Access

What is the purpose of 'source authentication' in information security?

To ensure the origin of information is verified, for example, through digital signatures

What is the key element of personnel security that affects all layers?

Awareness training

What is the aim of 'Vulnerability remediation' in operational security?

To correct any vulnerabilities found during testing

What is the aim of 'Testing and evaluation' in operational security?

To test components to identify vulnerability

Which key element of information security affects the information flow, technology, and systems layers?

Data Access