( 31 ) A business _______ emerges when an organization cannot meet its obligation or duty . ( 32 ) Which of the following is a physical control ? ( 33 ) What does “ tone at the top ” refer to ? ( 34 ) Which of the following is not a typical method of protecting intellectual property ( IP )?
( 35 ) A procedure for cleaning a virus from a system is an example of which type of security control ?
( 36 ) An organization ’ s security awareness program is an example of which type of security control ?
( 37 ) Which of the following is a key measurement of an organization ’ s risk appetite ?
( 38 ) The core requirement of an automated IT security control library is that the information is ________.
( 39 ) Who is responsible for executing policies and procedures , such as backup and versioning ?
( 40 ) Which IT framework extends the COBIT framework and is a comprehensive risk management approach ?
( 41 ) In the financial services sector , the use of the “ three lines of defense ” includes the business unit ( BU ), a risk management program , and ______________.
( 42 ) Which security policy framework focuses on concepts , practices , and processes for managing and delivering IT services ?
( 43 ) ___________ refers to the degree of risk an organization is willing to accept . ( 44 ) To which sector does the Gramm-Leach-Bliley Act apply primarily ?
( 45 ) To protect information systems and assess risk , NIST standards describe inventorying hardware and software , categorizing risk levels , and which controls to apply , among others . One standard involves certification and accreditation . What is the purpose of this process ?
( 46 ) Which compliance law concept states that individuals should know what information about them is being collected and should be told how that information is being used ?
( 47 ) Which law applies to educational institutions and protects students ’ records ?
( 48 ) Which of the following is not a key component that must be covered in an organization ’ s security policy for CIPA compliance ?