A policy should state that if employees violate a company policy or any law using company technologies, the company will protect them, and the company is liable for the employee’s actions.

Security ____ are the areas of trust within which users can freely communicate.

NNIST Special Publication 800-18 Rev. 1, The Guide for Developing Security Plans for Federal Information Systems, includes templates for major application security plans.

The bottom-up approach to information security has a higher probability of success than the top-down approach.

The ____ is based on and directly supports the mission, vision, and direction of the organization and sets the strategic direction, scope, and tone for all security efforts.

ISO/IEC 17799 is more useful than any other information security management approach.

____ often function as standards or procedures to be used when configuring or maintaining systems.

A(n) ____ plan deals with the identification, classification, response, and recovery from an incident.

Security training provides detailed information and hands-on instruction to employees to prepare them to perform their duties securely.

Technical controls guide the development of education, training, and awareness programs for users, administrators, and management.