Security Best Practices and Addressing Regulatory Mandates Testing Template (Answer Key):

From HORSE - Holistic Operational Readiness Security Evaluation.
Jump to navigation Jump to search

Security Best Practices and Addressing Regulatory Mandates Awareness Testing Template

This exam has been developed by <Your Company Name> to gauge and promote end-user awareness of regulatory compliance solutions through the establishment of effective policy and standards.

True or False: Security can be communicated, taught, or measured effectively without policy.
True
False

Policy:
Provides a framework for consistent, timely, and cost-effective management decisions.
Provides justification for controls/products to be implemented.
Supports compliance with legal requirements to protect data.
All of the above.

True or False: Two-thirds of all federal agencies receive a superior grade for efforts to secure information systems.
True
False

True or False: There are many myths and challenges associated with policy.
True
False

The Policy Framework breaks policy into a hierarchical structure which is traceable to business needs and is based on:
Management best guesses.
Risk Management.
Past legislation.
None of the above.

Organizations need policy management tools and resources to develop and manage:
Company business and interests.
Union and non-union employees.
Critical information security processes.
None of the above.

Critical information security processes include:
Policy Management.
Awareness & Training Management
Security Threat Monitoring & Incident Management.
All of the above.

True or False: Key stakeholders should have significant involvement in the process of creating new policy and contributing implementation ideas.
True
False

True or False: Sound policy development will include the identification and classification of information assets and the identification of threats and vulnerabilities.
True
False

True or False: If no one thinks you are enforcing policy... no one will care!
True
False