Security and Privacy Program Elements Quiz

Questions and Answers

What is the purpose of the security plan?

• To ensure security in each layer (correct)
• To provide executive guidance
• To outline the principles of security and privacy
• To define reporting requirements

Why are policies and procedures mentioned together?

• Because they both focus on technical guidance
• Because policy is the written statement while procedure is the way to implement it (correct)
• Because they both provide executive guidance
• Because they both address incident reporting

What does the security and privacy program provide?

• Solutions
• Processes
• Standard operating procedures
• Security (correct)

Which layer does 'Content Assurance' affect?

Business layer (B)

Which key element of physical security affects the business and technology layers?

All of the above (D)

What is the key element of information security that affects all layers?

Source authentication (B)

Which key element of personnel security affects the systems and technology layers?

User authentication (A)

What does 'Certification and accreditation' aim to prove?

That security actions have been implemented (A)

What is the aim of 'Disaster recovery'?

Getting things back to normal after a natural disaster (A)

Which key element of information security affects the information flow, technology, and systems layers?

Data Access (B)

What is the purpose of 'source authentication' in information security?

To ensure the origin of information is verified, for example, through digital signatures (B)

What is the key element of personnel security that affects all layers?

Awareness training (A)

What is the aim of 'Vulnerability remediation' in operational security?

To correct any vulnerabilities found during testing (C)

What is the aim of 'Testing and evaluation' in operational security?

To test components to identify vulnerability (B)

Which key element of information security affects the information flow, technology, and systems layers?

Data Access (A)