Which of the following policies is implemented in order to minimize data loss or theft?

A.
PII handling

B.
Password policy

C.
Chain of custody

D.
Zero day exploits

Explanation:
Although the concept of PII is old, it has become much more important as information technology and
the Internet have made it easier to collect PII through breaches of internet security, network security and
web browser security, leading to a profitable market in collecting and reselling PII. PII can also be
exploited by criminals to stalk or steal the identity of a person, or to aid in the planning of criminal acts.
Personally identifiable information (PII) is a catchall for any data that can be used to uniquely identify an
individual. This data can be anything from the person’s name to a fingerprint (think biometrics), credit
card number, or patient record.
Thus a PII handling policy can be used to protect data.
Incorrect Answers:
B: Password policy is usually implemented to control access to resources.
C: Chain of custody refers to a basic forensic procedure that is taken into account after an event
occurred.
D: When a hole is found in a web browser or other software and attackers begin exploiting it the very day
it is discovered by the developer (bypassing the one-to-two-day response time that many software
providers need to put out a patch once the hole has been found), it is known as a zero-day exploit.

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis,
2014, pp. 338, 404