Home > Quiz: Developing a risk-based compliance program
Quiz:
EMAIL THIS

Quiz: Developing a risk-based compliance program

28 Jan 2008 | SearchSecurity.com

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   

This quiz is part of Developing a risk-based compliance program, a lesson in SearchSecurity.com's Compliance School. Visit the Developing a risk-based compliance program lesson page for additional learning resources.

1. Of the following, which is not one of the primary benefits of compliance training?

  1. Better user understanding of risks and controls
  2. Lower risk of inadvertent exposure
  3. Better technology selection
  4. Better and more efficient training

2. ISO 27002 provides guidance in the following area

  1. PCI environment scoping
  2. Information handling recommendations
  3. Framework for an overall security and compliance program
  4. Detailed lists of required policies and procedures

3. Companies use 27002 for compliance for which of the following reasons:

  1. A structured program that helps with security and compliance
  2. Explicit requirements for all regulations
  3. Compliance with ISO 27002 is sufficient to comply with all regulations

4. Of the following, which is the best organization or set of organizations to contribute to compliance?

  1. IT only
  2. IT, business management, HR and legal
  3. IT and management
  4. IT and legal

5. True or false: users don't need to know why they are required to use particular procedures

  1. True: The responsibility falls primarily to the IT staff, not users.
  2. False: If users are trusted to understand the spirit of the law, they may be able to deal with unanticipated problems and may be able to suggest better approaches to solve a problem.

If you answered two or more questions incorrectly, revisit the materials from the lesson Developing a risk-based compliance program:

  • Video: Making standards work for you
  • Tip: How to apply ISO 27002 to PCI DSS compliance
  • Podcast: Fact or fiction: Involving end users in the compliance program

    If you answered four or more questions correctly, return to SearchSecurity.com's Compliance School and begin another lesson, or try another school in SearchSecurity.com's Security School Course Catalog.

    BROWSE BY TAG
    Security Audit, Compliance and Standards,   PCI Data Security Standard,   Enterprise Risk Management: Metrics and Assessments,   Information Security Management,   VIEW ALL TAGS

    Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


    RELATED CONTENT
    PCI Data Security Standard
    PCI management: The case for Web application firewalls
    MasterCard increases PCI compliance requirements for some merchants
    PCI compliance requirement 1: Firewalls
    PCI compliance requirement 2: Defaults
    PCI compliance requirement 5: Antivirus
    PCI compliance requirement 4: Encrypt transmissions
    PCI compliance requirement 3: Protect data
    PCI compliance requirement 6: Systems and applications
    PCI compliance requirement 8: Unique IDs
    PCI compliance requirement 10: Auditing

    Enterprise Risk Management: Metrics and Assessments
    The basics of enterprise GRC project management
    RSA council addresses growing security risks in the cloud
    How to write a risk methodology that blends business, security needs
    Mature SIMs do more than log aggregation and correlation
    Risk management must include physical-logical security convergence
    New partnerships, creative thinking help security bust recession
    Security budgets take hit in media, tech industry, survey finds
    Service-focused security offers best value to organization
    Ease the compliance burden with automation
    Forensic accounting success depends on information security support
    Enterprise Risk Management: Metrics and Assessments Research

    RELATED GLOSSARY TERMS
    Terms from Whatis.com − the technology online dictionary
    PCI DSS (Payment Card Industry Data Security Standard )  (SearchSecurity.com)

    RELATED RESOURCES
    2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
    Search Bitpipe.com for the latest white papers and business webcasts
    Whatis.com, the online computer dictionary




    • Search Additional Security Research and Solutions
    Find Security Channel Research for Resellers and Partners
    TechTarget Security Media
    Information Security View this month\\'s issue and subscribe today.
    Information Security Decisions Apply online for free conference admission.
    		SearchSecurity.com
    HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
    SEARCH :     Site Index Powered by: Search Powered by Google

    About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
    TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

    TechTarget Corporate Web Site  |  Media Kits  |  Site Map




    All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy     		  TechTarget - The IT Media ROI Experts