------------ is a risk response where an organization decides to initiate actions to prevent any riskfrom taking place.
Mitigation is the risk response where an organization lowers or reduces the chance of risk but does not prevent all risk from occurring. Avoidance is the risk response where all risk is removed.
----------- are directions, guidance, and provide goals for an organization.
Policies are general guidelines for an organization. Procedures are specific steps or actions. Agendas and manuals are where the guidelines are either documented or noted.
With new advancements in CSP technologies, you don’t need to worry about storing sensitivesufficient for what?
CSPs do offer tools that can meet most if not all the regulatory requirements your organization may require. However, compliance is similar to the shared responsibility model. You will need to take some ownership of compliance.
An organization that does business internationally needs to take into consideration datasovereignty laws on data stored in: (Choose all that apply.)
The nation where the data is stored
The nationality of the user the data is about
The language that the data is stored in
The location of the organization that stores the data
Organizations that do business internationally and store data about users and transactions that originate around the globe must consider three criteria: Where the data is physically stored. The nationality of the users for whom the organization is storing dat
A. The location in which the organization is doing business.
In the event of competing local, state, federal, and international regulatory requirements,which regulations should an organization follow?
Particularly in the US, federal laws preempt all other regulations. However, most nation states have similar rules due to sovereignty laws.
Your organization is in negotiations with a federal contractor that also deals with sensitiveinformation from the federal government. Which federal regulation will apply in thisscenario?
The Federal Information Security Management Act (FISMA) is the federal regulation that deals with sensitive information security for federal agencies. FERPA is a federal law that protects the privacy of student education records. Motion Picture Association of America (MPAA) is the association that provides best practices guidance and control frameworks to help major studio partners and vendors design infrastructure and solutions to ensure the security of digital film assets. National Institute of Standards and Technology (NIST) is a part of the US Commerce Department that maintains and promotes guidelines and measurement standards.
You have been tasked with designing an FIPS 140-2 compliant application. Which technologyare you most concerned with?
User identity and passwords
Mac versus PC
FIPS is a cryptographic standard for encryption. The other answers may use encryption in some fashion, but they are not rated for FIPS compliance.
HIPAA, GLBA, PCI DSS, and FINRA are all examples of based standards.
All the examples are standards that are industry specific. HIPAA is healthcare, GLBA is financial, PCI DSS is credit care, and FINRA is financial.