PSP's
True or False:
Over 50% of the people in the United States have literacy below a 6th-grade level.
True:
54% of people in the United States have literacy below a 6th-grade level.
What is the difference between someone's initial and primary attention span?
Initial: Time someone spends concentrating on one thing BEFORE deciding if they want to further concentrate.
Primary: Time spent concentrating on one thing.
What meaning does the color green represent?
Life, nature, newness, transformation, "good to go", compliant, ready, etc.
[????] is the firm belief in the reliability, truth, ability, or strength of someone or something.
TRUST
What is the purpose of an audit?
To review if we are compliant with something.
Plain Language
[????] are a collection of visual representations of information/data, often used in cyber security training.
Infographics
What can the color red represent?
Passion (either anger or love), alert, attention-grabbing, emergency, critical, not ok, etc.
How many pillars of trust are described in books published by David Horsager?
8 Pillars of Trust
What is the difference between a third-party and internal audit?
Third-Party: Auditor is not associated with the organization. (Specialized expertise, Unbiased actions, No conflict of interest, Enhances credibility.
Internal: Auditor is associated with the organization (Specialized expertise possible, Biased actions, Can have a conflict of interest, Limited credibility)
What did the Plain Writing Act of 2010 do?
Required federal agencies to write documents that were created for citizens in Plain Language.
Name two tools that can be used to create an infographic.
Venngage, Canva, Microsoft PP/Publisher/etc.
When do we see the colors red, yellow, and green together in risk analysis activities?
On a risk matrix
You are a compliance analyst for a hospital. You find that the hospital is not actually in compliance with a part of the HIPAA Security Rule. You inform your supervisor verbally and they say “We have known about that for years, there just isn’t any budget to fix it. You can ignore it”. What pillar of trust is at play here?
Character
Doing the right thing even when it is hard.
What is an artifact?
A piece of evidence.
Describe the difference between an issue-specific policy and a system-specific policy.
Issue Specific Policies:
Apply to everyone (Acceptable Use Policy, WiFi Policy)
System Specific Policies:
Apply to one system and it's users (Backup and Recovery Policy for BrightSpace, Access Control Policy for Netlab)
Explain each step in the A-D-D-I-E framework for developing training.
Analyze, Design, Develop, Implement, Evaluate
In the context of infographics, explain the significance of font choices and share an example of when a "creepy" font might be appropriate.
Maybe combining security training with spooky season for security awareness month (October) or if the topic of your infographic is about something scary, spooky, or creepy.
You have just started your first compliance analyst role. What might help you to learn who the key stakeholders at the company are?
An Organizational Chart
When is a third-party audit required?
It depends on your industry, partners, regulators, and applicable laws.
FISMA requires all federal agencies to conduct a third-party audit annually to check for compliance with NIST.
Explain the difference between a Policy, Standard, and Procedure.
Policies: High-level directives
Standards: Specifies uniform use of technology, parameters, or procedures
Procedures: Step-by-step instructions
Explain what it means to create a "human firewall"
Humans can be both our greatest and weakest links in security
Training programs are meant to help bolster our “human firewall”
We talked about 7 unique considerations when developing infographics. Explain 3 of them.
Layout, Illustration, Data, Color, Font, Icons, Content
Describe three pillars of trust and how you might practice them as a compliance professional.
Options: Clarity, Compassion, Character, Competency, Commitment, Connection, Contribution, and Consistency.
Name 5 examples of artifacts.
Email, Reports, Policies, Standards, Procedures, Logs, Interviews, Meeting Notes, Inventories, etc.