When dealing with third parties, which of the following is NOT a way to ensure a level of security that the data involved warrants?
A. Include contract clauses that detail the exact security measures that are expected of the third party.
B. Allow for specific implementation of a security measure to be determined by the third party.
C. Periodically audit and test the security provided to ensure compliance.
D. Consider executing a Interconnection security agreements (ISA) which in some areas, such as healthcare, may be required.
B
Explanation: The security measures to be implemented should be agreed upon, including the specific implementation of each measure. There should be no room left for interpretation on the part of the third party.
You might also like to view...
What is the most common use for Bluetooth?
A) printers and plotters B) keyboards and trackballs C) hands-free headsets for cell phones D) optical mouse
Answer the following statements true (T) or false (F)
1. Automated data dictionaries are useful for only printing summary lists of data. 2. A data dictionary contains information about a data flow diagram, but not entities or use cases. 3. Databases are usually the first component of a data dictionary to be defined. 4. An internal data flow is one that connects two processes.