Module 11 - 13: Data, Risk, Governance

Not designed for any specific entity, the act mandates the implementation of risk assessments, internal controls and audit procedures.

One of the earliest requires federal agencies to develop security policies for computer systems that process confidential information.

Provide best practices of an overall Information Security Management System (ISMS)

The process of eliminating a risk by choosing not to participate in an action or activity describes which of the following?

A security breach can have a negative long-term impact on an organization’s _______ that has taken years to build.

A company recently set up an e-commerce portal to sell its product online. The company wants to start accepting credit cards for payment, which requires compliance with a security standard. Which of the following standards must the company comply with before accepting credit cards on its e-commerce platform?

What is the primary benefit of mandatory vacation in an organization?

Job rotation involves rotating employees through various positions to prevent any single person from holding particular job responsibilities for an extended period.

An employee who never takes vacation is not considered a security risk.

Which of the following are components of onboarding? (Select all that apply)