6. Which of the following are actions and/or steps that can be taken to avoid leaks and disclosures when handling sensitive data?
- Giving the employees the right tools to get their work done without compromising security.
- Understanding what employees need to do to accomplish their jobs.
- Giving unrestricted access to the employees handling sensitive data
- Allowing employees to write their passwords on a post-it note
7. When evaluating the services of a vendor company, which of the following can be used to assess their security capabilities? Check all that apply.
- Ask the vendor to complete a questionnaire
- Assume that they’re using industry-standard solutions
- Request full access to the vendor systems to perform an assessment
- Ask them to provide any penetration testing or security assessment reports
8. What is the goal of mandatory IT security training for an organization? Check all that apply.
9. Which of the following are necessary in the organization to create a culture that makes security a priority? Select all that apply.
- Reinforce and reward behaviors that boost the security of the organization
- A working environment that encourages people to speak up.
- Punish employees every time they make poor security practices
- Designated communication channels