( 43 ) ___________ refers to the degree of risk an organization is willing to accept .
( 44 ) To which sector does the Gramm-Leach-Bliley Act apply primarily ?
( 45 ) To protect information systems and assess risk , NIST standards describe inventorying hardware and software , categorizing risk levels , and which controls to apply , among others . One standard involves certification and accreditation . What is the purpose of this process ?
( 46 ) Which compliance law concept states that individuals should know what information about them is being collected and should be told how that information is being used ?
( 47 ) Which law applies to educational institutions and protects students ’ records ?
( 48 ) Which of the following is not a key component that must be covered in an organization ’ s security policy for CIPA compliance ?