Joe, a security analyst, asks each employee of an organization to sign a statement saying that they understand how their activities may be monitored. Which of the
following BEST describes this statement? (Select TWO).

A.
Acceptable use policy

B.
Risk acceptance policy

C.
Privacy policy

D.
Email policy

E.
Security policy

Explanation:
Privacy policies define what controls are required to implement and maintain the sanctity of data privacy in the work environment. Privacy policy is a legal document
that outlines how data collected is secured. It should encompass information regarding the information the company collects, privacy choices you have based on
your account, potential information sharing of your data with other parties, security measures in place, and enforcement. Acceptable use policies (AUPs) describe
how the employees in an organization can use company systems and resources, both software and hardware.
Incorrect Answers:
B: Risk Acceptance policy refers to the choice that must be made when the cost of implementing any of the choices exceeds the value of harm that would occur if
the risk actually came to happen.
D: Email is not bound to any one type of policy when it comes to risk mitigation, etc. email policy and regulations can be found in acceptable use policy as well as
privacy policy which best describes what Joe is doing.
E: Security policies define what controls are required to implement and maintain the security of systems, users, and networks.

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 10, 24-25