Question 4A. When developing policies or standards, there are some keyquestions that can lead to building comprehensive information inthe policy or standard documentation which makes it thoroughand useful These techniques are used by journalists to developthe “full story”. This is accomplished by asking: (Select the bestanswer)Answers:Who, what, when, where?10 out of 10 points10 out of 10 points
6/9/2019Review Test Submission: Quiz 2:Policy Framework and ...;3/8B. C.D.Where, how, who, what, when, why?What are the controls and how are they used?Does this standard or policy have personalidentifiable information included?Question 5D. In order to convince an organization to adopt security policies, itis necessary for a manager to have some proficiency in________________, which refers to certain social personalitytraits such as the ability to communicate and project optimism.Question 6In the ISO/IEC 27002 framework,_________________ describes the use andcontrols related to encryption.Question 7_________________describes how to design and implement aninformation security governance structure, whereas__________________ describes security aspects for employeesjoining, moving within, or leaving an organization.10 out of 10 points10 out of 10 points10 out of 10 points
6/9/2019Review Test Submission: Quiz 2:Policy Framework and ...;4/8B.C.D.Human resources security, organization ofinformation securityInformation security policy, organization ofinformation securityOrganization of information security, humanresources securityHuman resources security, asset managementQuestion 8D. Transparency is an important concept in policies related to thehandling and use of customer data. Organizations should betransparent and should notify individuals of the distribution, use,collection, and maintenance of personally identifiableinformation (PII). Which of the following elements does not needto be included with regard to handling of customer data?