Alyssa is responsible for her organization’s security awareness program. She is concerned that changes in technology may make the content outdated. What control can she put in place to protect against this risk?

Gavin is creating a report to management on the results of his most recent risk assessment. In his report, he would like to identify the remaining level of risk to the organization after adopting security controls. What term best describes this current level of risk?

Francine is a security specialist for an online service provider in the United States. She recently received a claim from a copyright holder that a user is storing information on her service that violates the third party’s copyright. What law governs the actions that Francine must take?

FlyAway Travel has offices in both the European Union (EU) and the United States and transfers personal information between those offices regularly. They have recently received a request from an EU customer requesting that their account be terminated. Under the General Data Protection Regulation (GDPR), which requirement for processing personal information states that individuals may request that their data no longer be disseminated or processed?

After conducting a qualitative risk assessment of her organization, Sally recommends purchasing cybersecurity breach insurance. What type of risk response behavior is she Recommending?

Which one of the following elements of information is not considered personally identifiable information that would trigger most United States (U.S.) state data breach laws?

Renee is speaking to her board of directors about their responsibilities to review cyberse- curity controls. What rule requires that senior executives take personal responsibility for information security matters?