Question: Question 6 Perfect compliance with an IT Control Framework is not a guarantee of security because: New threats and vulnerabilities are constantly emerging None of
Question 6
Perfect compliance with an IT Control Framework is not a guarantee of security because:
| New threats and vulnerabilities are constantly emerging | ||
| None of the current IT Control Framework are certified by the US Federal Govt | ||
| They do not address the Internet of Things (IoT) | ||
| The EU's General Data Protection Regulation superseded all other frameworks |
Question 7
Aubrielle is evaluating risk. She knows that laptops carried by traveling employees get stolen. She estimates the typical replacement value of those computers is $2,000, but she's trying to find a way to estimate the value of the data stored on those computers. Which aspect of Risk is Aubrielle evaluating?
| A. | Likelihood | |
| B. | Threat | |
| C. | Frequency | |
| D. | Impact |
Question 8
Which part of an organization is never responsible for planning, organizing, directing, and controlling business activities?
| Internal Audit | ||
| Management | ||
| President or CEO | ||
| Compliance |
Question 9
Davian's boss just sent him a copy of the Customer Privacy Act that was signed into law by the President last week. The new law is said to have a number of required controls. Davian is supposed to review the law, identify the requirements, and see if there are any gaps in his company's current controls. This new law is an example of:
| A. | Industry Compliance | |
| B. | Corporate Compliance | |
| C. | Self-Imposed Compliance | |
| D. | Regulated or Imposed Compliance |
Question 10
When interpreting a law, standard, or policy, which of the following words indicates compliance is mandatory (not optional)?
| Must | ||
| Should | ||
| May | ||
| Could |
Step by Step Solution
There are 3 Steps involved in it
Get step-by-step solutions from verified subject matter experts
Study Help