CompTIA Security Plus Mock Test Q213

Joe, a security analyst, asks each employee of an organization to sign a statement saying that they understand how their activities may be monitored. Which of the following BEST describes this statement? (Select TWO).

A. Acceptable use policy
B. Risk acceptance policy
C. Privacy policy
D. Email policy
E. Security policy


Correct Answer: A,C
Section: Compliance and Operational Security

Explanation:
Privacy policies define what controls are required to implement and maintain the sanctity of data privacy in the work environment. Privacy policy is a legal document that outlines how data collected is secured. It should encompass information regarding the information the company collects, privacy choices you have based on your account, potential information sharing of your data with other parties, security measures in place, and enforcement.
Acceptable use policies (AUPs) describe how the employees in an organization can use company systems and resources, both software and hardware.

Incorrect Answers:
B: Risk Acceptance policy refers to the choice that must be made when the cost of implementing any of the choices exceeds the value of harm that would occur if the risk actually
came to happen.
D: Email is not bound to any one type of policy when it comes to risk mitigation, etc. email policy and regulations can be found in acceptable use policy as well as privacy policy which
best describes what Joe is doing.
E: Security policies define what controls are required to implement and maintain the security of systems, users, and networks.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 10, 24-25