What is the first step in a disaster recovery effort? Respond to the disaster. Follow the disaster recovery plan (DRP). Communicate with all affected parties. Ensure that everyone is safe. Screen locks are a form of endpoint device security control. True False The Children's Online Privacy Protection Act (COPPA) restricts the collection of information online from children. What is the cutoff age for COPPA regulation? 11 13 15 18 Betsy recently assumed an information security role for a hospital located in the United States. What compliance regulation applies specifically to healthcare providers? FFIEC FISMA HIPAA PCI DSS A disaster recovery plan (DRP) directs the actions necessary to recover resources after a disaster. True False In a Bring Your Own Device (BYOD) policy, the user acceptance component may include separation of private data from business data. True False A detailed plan that outlines everything to ensure that business processes and systems are running at all the time is called a(n): disaster response plan incident response plan security plan business continuity plan A security policy is a comparison of the security controls you have in place and the controls you need in order to address all identified threats. True False When creating a business continuity plan, the only parties needed are business owners and managers. True False This disaster recovery activity involves taking a single image of data or device, including the operating system and making an exact copy somewhere else: backups account recovery power protection cloud storage Which term describes a disaster recovery site that is a replica of an organization's existing production system? empty site hot site warm site cold site The following choices describe risks associated with BYOD except: geo-fencing data ownership and privacy forensic and legal concerns security disabling features by patching Removing all embedded links and attached files in a digital communication before it reaches the end-user is a countermeasure to reduce vulnerabilities associated with which type of threat vector: USBs rogue acccess points emails web browsers Alan is developing a business impact assessment for his organization. He is working with business units to determine the maximum allowable time to recover a particular function. What value is Alan determining? Recovery time objective (RTO) Recovery point objective (RPO) Business recovery requirements Technical recovery requirement Authentication controls include passwords and personal identification numbers (PINs). True False