Home > Quiz: Developing a risk-based compliance program
Quiz:
EMAIL THIS

Quiz: Developing a risk-based compliance program

28 Jan 2008 | SearchSecurity.com

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   

This quiz is part of Developing a risk-based compliance program, a lesson in SearchSecurity.com's Compliance School. Visit the Developing a risk-based compliance program lesson page for additional learning resources.

1. Of the following, which is not one of the primary benefits of compliance training?

  1. Better user understanding of risks and controls
  2. Lower risk of inadvertent exposure
  3. Better technology selection
  4. Better and more efficient training

2. ISO 27002 provides guidance in the following area

  1. PCI environment scoping
  2. Information handling recommendations
  3. Framework for an overall security and compliance program
  4. Detailed lists of required policies and procedures

3. Companies use 27002 for compliance for which of the following reasons:

  1. A structured program that helps with security and compliance
  2. Explicit requirements for all regulations
  3. Compliance with ISO 27002 is sufficient to comply with all regulations

4. Of the following, which is the best organization or set of organizations to contribute to compliance?

  1. IT only
  2. IT, business management, HR and legal
  3. IT and management
  4. IT and legal

5. True or false: users don't need to know why they are required to use particular procedures

  1. True: The responsibility falls primarily to the IT staff, not users.
  2. False: If users are trusted to understand the spirit of the law, they may be able to deal with unanticipated problems and may be able to suggest better approaches to solve a problem.

If you answered two or more questions incorrectly, revisit the materials from the lesson Developing a risk-based compliance program:

  • Video: Making standards work for you
  • Tip: How to apply ISO 27002 to PCI DSS compliance
  • Podcast: Fact or fiction: Involving end users in the compliance program

    If you answered four or more questions correctly, return to SearchSecurity.com's Compliance School and begin another lesson, or try another school in SearchSecurity.com's Security School Course Catalog.

    BROWSE BY TAG
    PCI Data Security Standard,   Security Audit, Compliance and Standards,   Enterprise Risk Management: Metrics and Assessments,   Information Security Management,   VIEW ALL TAGS

    Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   



    RELATED CONTENT
    PCI Data Security Standard
    Chip and PIN adoption
    Chip and PIN adoption serves lesson for U.S. payment industry
    Heartland CIO is critical of First Data's credit card tokenization plan
    Heartland CIO on end-to-end encryption, credit card tokenization
    Heartland CIO on PCI, E3 project
    Wireless network guidelines for PCI DSS compliance
    Visa probes tokens, encryption for PCI card data protection
    Feds push cybersecurity jobs, PCI DSS changes ahead.
    Voltage, RSA spar over tokenization, data protection
    Experts, vendors search for PCI's holy grail

    Enterprise Risk Management: Metrics and Assessments
    Layoffs prompt insider threat fears, cybersecurity survey finds
    How to avoid Internet liability lawsuits
    Bruce Jones: Report Security and Risk Metrics in a Business-Friendly Way
    Bernie Rominski: Communicate Effectively with Management about Risk
    Best Policy and Risk Management Products
    Monitoring program data and internal controls for risk management
    Risk management strategy for an information technology solution provider
    Align your data protection efforts with GRC
    The basics of enterprise GRC project management
    RSA council addresses growing security risks in the cloud
    Enterprise Risk Management: Metrics and Assessments Research

    RELATED GLOSSARY TERMS
    Terms from Whatis.com − the technology online dictionary
    PCI DSS (Payment Card Industry Data Security Standard )  (SearchSecurity.com)

    RELATED RESOURCES
    2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
    Search Bitpipe.com for the latest white papers and business webcasts
    Whatis.com, the online computer dictionary




    • Search Additional Security Research and Solutions
    TechTarget Security Media
    Information Security View this month\\'s issue and subscribe today.
    Information Security Decisions Apply online for free conference admission.
    		SearchSecurity.com
    HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
    SEARCH :     Site Index Powered by: Search Powered by Google

    About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
    TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

    TechTarget Corporate Web Site  |  Media Kits  |  Site Map




    All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy     		  TechTarget - The IT Media ROI Experts