Quiz: Developing a risk-based compliance program

A five-question multiple-choice quiz to test your understanding of the content presented by expert Richard Mackey in this lesson of SearchSecurity.com's Compliance School.

This quiz is part of Developing a risk-based compliance program , a lesson in SearchSecurity.com's Compliance School. Visit the Developing a risk-based compliance program lesson page for additional learning resources.

1. Of the following, which is not one of the primary benefits of compliance training?

  1. Better user understanding of risks and controls
  2. Lower risk of inadvertent exposure
  3. Better technology selection
  4. Better and more efficient training

2. ISO 27002 provides guidance in the following area

  1. PCI environment scoping
  2. Information handling recommendations
  3. Framework for an overall security and compliance program
  4. Detailed lists of required policies and procedures

3. Companies use 27002 for compliance for which of the following reasons:

  1. A structured program that helps with security and compliance
  2. Explicit requirements for all regulations
  3. Compliance with ISO 27002 is sufficient to comply with all regulations

4. Of the following, which is the best organization or set of organizations to contribute to compliance?

  1. IT only
  2. IT, business management, HR and legal
  3. IT and management
  4. IT and legal

5. True or false: users don't need to know why they are required to use particular procedures

  1. True: The responsibility falls primarily to the IT staff, not users.
  2. False: If users are trusted to understand the spirit of the law, they may be able to deal with unanticipated problems and may be able to suggest better approaches to solve a problem.

If you answered two or more questions incorrectly, revisit the materials from the lesson Developing a risk-based compliance program:

  • Video: Making standards work for you
  • Tip: How to apply ISO 27002 to PCI DSS compliance
  • Podcast: Fact or fiction: Involving end users in the compliance program

    If you answered four or more questions correctly, return to SearchSecurity.com's Compliance School and begin another lesson, or try another school in SearchSecurity.com's Security School Course Catalog.

  • This was last published in January 2008

    Dig Deeper on PCI Data Security Standard