Home > Security Security Schools > Compliance School > Compliance improvement: Get better as you go forward > Quiz: Compliance improvement -- Get better as you go forward
Security Schools: Compliance School:
EMAIL THIS
 START   AUTOMATION   VIRTUALIZATION   HIPAA   RISK   PCI DSS   PROVIDERS   TECHNOLOGIES   COMPLIANCE 2.0   SOX   
Compliance improvement: Get better as you go forward

<< PREVIOUS | NEXT >>

Quiz: Compliance improvement -- Get better as you go forward

20 Feb 2007 | SearchSecurity.com

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   

This quiz is part of Compliance improvements: Getting better as you go forward, a lesson in SearchSecurity.com's Compliance School. Visit the Compliance improvements: Getting better as you go forward lesson page for additional learning resources.

1. Control and governance frameworks like COBIT and ISO 17799 can help organizations in three ways. Which response is not one of those ways?

  1. Understanding the dimensions of security and governance requirements.
  2. Focusing on the primary importance of firewalls, authentication and authorization mechanisms.
  3. Rating the many options there are to meet requirements.
  4. Structuring an ongoing compliance program.

2. Fill in the blank: Sometimes companies can avoid the need for security mechanisms altogether by ________ .

  1. Making a firm commitment to role-based access control (RBAC).
  2. Investing in an infrastructure product that integrates compliance and access policies.
  3. Setting policies stating that sensitive information should only be stored in certain environments or transmitted in particular ways.
  4. Conducting thorough background checks on all employees who handle sensitive data.

3. Why is scalability important in a compliance product?

  1. Product limitations may make the product useless when dealing with future compliance issues.
  2. Scalability enables easier integration with other security and data warehousing systems.
  3. Purchasing a compliance product that performs one specific function is a poor long-term investment.
  4. All of the above.

4. Why are most compliance products deliberately not security-enabled by default?

  1. To allow interoperability with supporting components like databases and authentication services.
  2. Because most products rely on network security measures.
  3. Because the definition of secure product operation may differ widely from one company to another.
  4. All of the above.

5. Which of the following is not a valid argument in favor of standards-based compliance assessment based on ISO27002/17799?

  1. It represents a superset of most regulatory requirements.
  2. It is used by application service providers.
  3. It provides a logical and objective framework for evaluation.
  4. Enables perfect "apples to apples" comparison of practices among different assessments and different organizations.
  5. None of the above.
  6. Both A and D.

If you answered two or more questions incorrectly, revisit the materials from the lesson Compliance improvement: Getting better as you go forward:

  • Tip: How compliance control frameworks ease risk assessment burdens
  • Podcast: Top 5 questions to ask when shopping for compliance products
  • Webcast: Raising the bar on compliance success

    If you answered four or more questions correctly, return to SearchSecurity.com's Compliance School and begin another lesson, or try another school in SearchSecurity.com's Security School Course Catalog.

    BROWSE BY TAG
    Compliance School,   Compliance improvement: Get better as you go forward,   VIEW ALL TAGS

    Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


    << PREVIOUS | NEXT >>
    VIEW ALL IN THIS CATEGORY


    RELATED CONTENT
    Compliance improvement: Get better as you go forward
    How compliance control frameworks ease risk assessment burdens

    RELATED RESOURCES
    2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
    Search Bitpipe.com for the latest white papers and business webcasts
    Whatis.com, the online computer dictionary




    • Search Additional Security Research and Solutions
    TechTarget Security Media
    Information Security View this month\\'s issue and subscribe today.
    Information Security Decisions Apply online for free conference admission.
    		SearchSecurity.com
    HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
    SEARCH :     Site Index Powered by: Search Powered by Google

    About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
    TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

    TechTarget Corporate Web Site  |  Media Kits  |  Site Map




    All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy     		  TechTarget - The IT Media ROI Experts