85%(20)17 out of 20 people found this document helpful
This preview shows page 3 - 5 out of 7 pages.
TrueFalseQUESTION 18In order for security policies to be HIPAA-compliant, they must include the following three key control requirements: administrativesafeguards, physical safeguards, and technical safeguards.2 points SavedSavedQUESTION 19In order to be compliant with the NIST publications, policies must include key security control requirements. One of these keyrequirements includes certification and accreditation, which is a process that occurs after the system is documented, controls tested,and risk assessment completed. It is required before going live with a major system. Once a system is certified and accredited,responsibility shifts to the owner to operate the system.2 points SavedQUESTION 20Of the types of U.S. compliance laws, there are a number of laws that are designed to provide confidence in the markets._______________ are the beneficiaries of these laws.2 points SavedSavedQUESTION 21The Committee of Sponsoring Organizations (COSO) is an endorsed framework that companies commonly use to meet SOX 404requirements. Formerly known as the Information Systems Audit and Control Association, this framework is an internationallyrecognized best practice.2 points SavedQUESTION 22The SOX act created the ______________________, which sets accounting and auditing standards.Public Company Accounting Oversight Board (PCAOB)Committee of Sponsoring Organizations (COSO)Control Objectives for Information and related Technology (COBIT)The Family Educational Rights and Privacy Act (FERPA)2 points SavedQUESTION 23An organization’s _________________ is a good source for determining what should be in security policies to meet regulatoryrequirements.2 points SavedQUESTION 242 points SavedSavedSave All AnswersClose WindowSClick Save and Submit to save and submit. Click Save All Answers to save all answers.
10/13/2018Take Test: Mid Term Exam Chapters 1 - 7 – 2018_...;4/7FalseIn 2012, the Federal Financial Institutions Examination Council (FFIEC) began requiring financial institutions to go beyond using justIDs and passwords when it issued the guidance “Authentication in an Electronic Banking Environment;” this type of authenticationprocess is known as multifactor authentication.