Security Policies and Risk Assessments Quiz

A guideline for user behavior

A mandatory rule to support procedures

A formal statement driven by business objectives

A step-by-step instruction manual

Guidelines

Policies

Procedures

Standards

Provide flexibility for unforeseen circumstances

Recommend user behaviors

Enforce expected user behavior and support policies

Outline business objectives

Guidelines are mandatory

Guidelines are general and flexible

Guidelines are approved by senior management

Guidelines contain strict rules

Reviewed regularly

Approved by external vendors

Easily accessible

Created to last several years

To install firewalls

To evaluate financial audits

To identify, assess, and mitigate vulnerabilities

To train staff

Risk mitigation planning

Ignoring low-risk vulnerabilities

Continuous monitoring

Identifying potential risks

Log analyzer

Compliance register

Risk register

Audit trail

Manual log review

Weekly email scans

Automated tools

Quarterly meetings

Delete all documentation

Share results with clients

Implement risk mitigation plans

Halt system operations