News

Quiz: Compliance improvement -- Get better as you go forward

A five-question multiple-choice quiz to test your understanding of the content presented by expert Richard Mackey in this lesson of SearchSecurity.com's Compliance School.

Published: 20 Feb 2007 0:00
This quiz is part of Compliance improvements: Getting better as you go forward , a lesson in SearchSecurity.com's Compliance School. Visit the Compliance improvements: Getting better as you go forward lesson page for additional learning resources.

1. Control and governance frameworks like COBIT and ISO 17799 can help organizations in three ways. Which response is not one of those ways?

  1. Understanding the dimensions of security and governance requirements.
  2. Focusing on the primary importance of firewalls, authentication and authorization mechanisms.
  3. Rating the many options there are to meet requirements.
  4. Structuring an ongoing compliance program.

2. Fill in the blank: Sometimes companies can avoid the need for security mechanisms altogether by ________ .

  1. Making a firm commitment to role-based access control (RBAC).
  2. Investing in an infrastructure product that integrates compliance and access policies.
  3. Setting policies stating that sensitive information should only be stored in certain environments or transmitted in particular ways.
  4. Conducting thorough background checks on all employees who handle sensitive data.

3. Why is scalability important in a compliance product?

  1. Product limitations may make the product useless when dealing with future compliance issues.
  2. Scalability enables easier integration with other security and data warehousing systems.
  3. Purchasing a compliance product that performs one specific function is a poor long-term investment.
  4. All of the above.

4. Why are most compliance products deliberately not security-enabled by default?

  1. To allow interoperability with supporting components like databases and authentication services.
  2. Because most products rely on network security measures.
  3. Because the definition of secure product operation may differ widely from one company to another.
  4. All of the above.

5. Which of the following is not a valid argument in favor of standards-based compliance assessment based on ISO27002/17799?

  1. It represents a superset of most regulatory requirements.
  2. It is used by application service providers.
  3. It provides a logical and objective framework for evaluation.
  4. Enables perfect "apples to apples" comparison of practices among different assessments and different organizations.
  5. None of the above.
  6. Both A and D.

If you answered two or more questions incorrectly, revisit the materials from the lesson Compliance improvement: Getting better as you go forward:

  • Tip: How compliance control frameworks ease risk assessment burdens
  • Podcast: Top 5 questions to ask when shopping for compliance products
  • Webcast: Raising the bar on compliance success

    If you answered four or more questions correctly, return to SearchSecurity.com's Compliance School and begin another lesson, or try another school in SearchSecurity.com's Security School Course Catalog.

    • Read more on IT legislation and regulation