Return to course: Requirement 12: An overview of the Information Security Policy and Supporting Security Policies and Programs
Previous Lesson
Previous
Next
Next Section
Requirement 12: An overview of the Information Security Policy and Supporting Security Policies and Programs
Information Security Policy and Acceptable Use Policy
Requirement 12.1 and 12.2
Test your understanding of 12.1 and 12.2
Target Risk Analysis and PCI Compliance Program
Requirement 12.3 and 12.4
Test your understanding of requirements 12.3 and 12.4
Scope, Security Awareness Training, and HR Background Checks
Requirements 12.5, 12.6, and 12.7
Test your understand of 12.5, 12.6, and 12.7
Third Part Service Providers
Requirements 12.8 and 12.9
Test your understanding of requirements 12.8 and 12.9
Incident Response Plan
Requirement 12.10
Test your understanding of requirement 12.10
Test your understanding of 12.1 and 12.2
An information security policy governs and provides direction for the protection of the entity's information assets
*
True
False
The information security policy must be reviewed at least every 12 months and
*
When the CISO leaves
Updated as needed when there are changes to business objectives or risks to the environment
At time of assessment
When there's at least 12 inches of dust on the document.
Roles and responsibilities for all personnel must be defined in the info sec policy
*
True
False
Evidence of acknowledgement of information security responsibilities is not required
*
True
False
Responsibility of the info sec policy must be assigned to a chief information security officer or __________________
*
Anyone who knows how to pen test
No one. It’s not necessary to have the info sec policy formally assigned
Other information security knowledgeable member of executive management
A junior compliance analyst
A list of company approved products for employee use must be listed in the acceptable use policies
*
True
False
Employees can use company approved products any way they choose
*
True
False