( 41) In the financial services sector, the use of the“ three lines of defense” includes the business unit( BU), a risk management program, and ______________.( 42) Which security policy framework focuses on concepts, practices, and processes for managing and delivering IT services?( 43) ___________ refers to the degree of risk an organization is willing to accept.( 44) To which sector does the Gramm-Leach-Bliley Act apply primarily?( 45) To protect information systems and assess risk, NIST standards describe inventorying hardware and software, categorizing risk levels, and which controls to apply, among others. One standard involves certification and accreditation. What is the purpose of this process?( 46) Which compliance law concept states that individuals should know what information about them is being collected and should be told how that information is being used?( 47) Which law applies to educational institutions and protects students’ records?( 48) Which of the following is not a key component that must be covered in an organization’ s security policy for CIPA compliance?( 49) A popular social networking site recently changed its privacy policy regarding personal profiles. To prevent your profile information from being shared with anyone on the Internet, you must check a box requesting privacy. What is this an example of?( 50) Which of the following focuses on the payment card industry?
CIS 462 Midterm Exam Set 2
• Question 1 Who is responsible for data quality within an enterprise?
• Question 2 ___________ refers to the degree of risk an organization is willing to accept.
• Question 3 Which security policy framework, developed by CERT, focuses on information security assessment and planning?
• Question 4 Which IT framework extends the COBIT framework and is a comprehensive risk management approach?