Security and Risk Management: Awareness Program and Risk Assessment

What control can Alyssa put in place to protect against the risk of outdated content in her organization’s security awareness program?

In Gavin's report to management, what term best describes the current level of risk to the organization after adopting security controls?

Which law governs the actions that Francine must take regarding the copyright claim she received?

What law governs the actions that Francine must take regarding the copyright claim she received?

Which law governs actions related to copyright claims for online service providers?

What is the term for the level of risk remaining after security controls have been implemented?

Under the General Data Protection Regulation (GDPR), which requirement for processing personal information states that individuals may request that their data no longer be disseminated or processed?

After conducting a qualitative risk assessment of her organization, Sally recommends purchasing cybersecurity breach insurance. What type of risk response behavior is she recommending?

Which one of the following elements of information is not considered personally identifiable information that would trigger most United States (U.S.) state data breach laws?

Renee is speaking to her board of directors about their responsibilities to review cybersecurity controls. What rule requires that senior executives take personal responsibility for information security matters?

Henry recently assisted one of his co-workers in preparing for the CISSP exam. During this process, Henry disclosed confidential information about the content of the exam, in violation of Canon IV of the Code of Ethics: 'Advance and protect the profession.' Who may bring ethics charges against Henry for this violation?

Wanda is working with one of her organization’s European Union business partners to facilitate the exchange of customer information. Wanda’s organization is located in the United States. What would be the best method for Wanda to use to ensure GDPR compliance?

Yolanda is the chief privacy officer for a financial institution and is researching privacy requirements related to customer checking accounts. Which one of the following laws is most likely to apply to this situation?

Tim’s organization recently received a contract to conduct sponsored research as a government contractor. What law now likely applies to the information systems involved in this contract?

Chris is advising travelers from his organization who will be visiting many different countries. What is a potential concern that Chris should advise the travelers about regarding cybersecurity?