The World Trade Organization’s (WTO) agreement on Trade-Related Aspects of Intellectual Property
Rights (TRIPS) requires authors of computer software to be given the

DRAG DROP
During the risk assessment phase of the project the CISO discovered that a college within the
University is collecting Protected Health Information (PHI) data via an application that was
developed in-house. The college collecting this data is fully aware of the regulations for Health
Insurance Portability and Accountability Act (HIPAA) and is fully compliant.
What is the best approach for the CISO?
Below are the common phases to creating a Business Continuity/Disaster Recovery (BC/DR) plan.
Drag the remaining BC\DR phases to the appropriate corresponding location.

What is the GREATEST challenge to identifying data leaks?

While investigating a malicious event, only six days of audit logs from the last month were available.
What policy should be updated to address this problem?

Who is ultimately responsible to ensure that information assets are categorized and adequate
measures are taken to protect them?

A mobile device application that restricts the storage of user information to just that which is
needed to accomplish lawful business goals adheres to what privacy principle?

Which of the following is the PRIMARY benefit of implementing data-in-use controls?

A health care provider is considering Internet access for their employees and patients. Which of the
following is the organization’s MOST secure solution for protection of data?

Which of the following BEST describes the purpose of the security functional requirements of
Common Criteria?

Drag Drop
Match the objectives to the assessment questions in the governance domain of Software Assurance
Maturity Model (SAMM).