is _______________.
(31) A business _______ emerges when an organization cannot meet its obligation or duty.
(32) Which of the following is a physical control?
(33) What does “tone at the top” refer to?
(34) Which of the following is not a typical method of protecting intellectual property (IP)?
(35) A procedure for cleaning a virus from a system is an example of which type of security
control?
(36) An organization’s security awareness program is an example of which type of security
control?
(37) Which of the following is a key measurement of an organization’s risk appetite?
(38) The core requirement of an automated IT security control library is that the information is
________.
(39) Who is responsible for executing policies and procedures, such as backup and versioning?
(40) Which IT framework extends the COBIT framework and is a comprehensive risk
management approach?
(41) In the financial services sector, the use of the “three lines of defense” includes the business
unit (BU), a risk management program, and ______________.
(42) Which security policy framework focuses on concepts, practices, and processes for
managing and delivering IT services?
(43) ___________ refers to the degree of risk an organization is willing to accept.
(44) To which sector does the Gramm-Leach-Bliley Act apply primarily?
(45) To protect information systems and assess risk, NIST standards describe inventorying
hardware and software, categorizing risk levels, and which controls to apply, among others.
One standard involves certification and accreditation. What is the purpose of this process?
(46) Which compliance law concept states that individuals should know what information about
them is being collected and should be told how that information is being used?
(47) Which law applies to educational institutions and protects students’ records?