In US compliance laws affecting information security policies there exists a

In us compliance laws affecting information security

This preview shows page 3 - 5 out of 6 pages.

QUESTION 11
Image of page 3
1.In U.S. compliance laws affecting information security policies, there exists a number of concepts with matching objectives. What is the matching objective for the concept of full disclosure ? 2.The practice of asking permission on how personal information can be used beyond its original purpose. For example, a real estate company might ask permission of someone who sold their home if their information can be shared with a moving company.The concept that an organization has an obligation to the general public beyond its self-interest. It’s not unusual for regulators to look at the impact an organization has on the industry or the economy in general.The key idea is that the company can use information collected only for the immediate service provided, or transaction made, such as a purchase. For example, assume a bank just approved your credit card purchase of ski equipment. In most states the bank could not then share that information with someone who will try to sell you a ski vacation.The concept that individuals should know what information about them is being collected. A company must give written notice on how it plans to use your information. 10 points QUESTION 121.In order to be compliant with Payment Card Industry Data Security Standard (PCI DSS), one of the control objectives that should be included in one’s security policies and controls is building and maintaining a secure network. The reason for this is as follows: 10 points
Image of page 4
Image of page 5

You've reached the end of your free preview.

Want to read all 6 pages?

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture