Joe, a security analyst, asks each employee of an organization to sign a statement saying that they
understand how their activities may be monitored. Which of the following BEST describes this statement?
(Select TWO).

A.
Acceptable use policy

B.
Risk acceptance policy

C.
Privacy policy

D.
Email policy

E.
Security policy

Explanation:
Privacy policies define what controls are required to implement and maintain the sanctity of data privacy
in the work environment. Privacy policy is a legal document that outlines how data collected is secured. It
should encompass information regarding the information the company collects, privacy choices you have
based on your account, potential information sharing of your data with other parties, security measures
in place, and enforcement.
Acceptable use policies (AUPs) describe how the employees in an organization can use company systems
and resources, both software and hardware.
Incorrect Answers:
B: Risk Acceptance policy refers to the choice that must be made when the cost of implementing any of
the choices exceeds the value of harm that would occur if the risk actually came to happen.
D: Email is not bound to any one type of policy when it comes to risk mitigation, etc. email policy and
regulations can be found in acceptable use policy as well as privacy policy which best describes what Joe
is doing.
E: Security policies define what controls are required to implement and maintain the security of systems,
users, and networks.
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis,
2014, pp. 10, 24-25