98%(46)45 out of 46 people found this document helpful
This preview shows page 6 - 8 out of 8 pages.
QUESTION 201.The goal of employee awareness and training is to ensure that individuals are equipped with the tools necessary for the implementation of security policies. Which of the following is one of the other benefits of a successfully enacted training and awareness program?employees will have improved job securityinstituting chances for employees to gather new skills, which can foster enhanced job satisfactionemployees will be easier to disciplinemanagement will have more control over employees4 points QUESTION 211.Consider this scenario: A health insurer in Oklahoma settled a class-action lawsuit after having reported that one laptop was stolen in 2008; this laptop contained personal data of more than 1.6 million customers. Based onthe fact that the laptop was not encrypted, and that employees were lacking in security awareness training, which of the following statements captures the root cause of this breach?
4 points QUESTION 221.After management has created and agreed upon its policies, it must then determine how these policies will be implemented. Which of the following is not one the processes that line management will follow in order to make the new policies operational?4 points QUESTION 231.It is not uncommon that committees will create charters, which are formal documents that offer a blueprint for committee goals and mission. These documents can offer useful information regarding the particular function of the committee.4 points QUESTION 241.One of the many roles of the security compliance committee is to focuson controls that are widely used across a large population of applications, systems, and operations. These types of controls are known as ___________________.compliance controlspervasive controlsoperations controlsautomated controls
4 points QUESTION 251.The Gramm-Leach-Bliley Act (GLBA) was created to protect confidentiality and security of customer information. Thus, under GLBA, organizations are required to inform regulators quickly if any unauthorized access or breach has occurred. Consider this scenario: A bank teller accessesa customer account out of curiosity. What is best course of action following this event?