What do the Common Criteria do$?$

Question $37$ Answer

a$.$

Rate strength of a device$$s security features.

b$.$

Establish the protocol for formal verification.

c$.$

Define Protection Profiles.

d$.$

Verify Targets of Evaluation.

e$.$

Provide assurance to users that a device$$s security features perform as its vendor claims.

Question $38$

Answer saved

Marked out of $2\mathrm{.}00$

Flag question

Question text

Which of the following would not be considered information security assurance best practice?

Question $38$ Answer

a$.$

Evidence is gathered from the widest possible range of sources.

b$.$

Interviews with non$-$technical staff.

c$.$

Mandatory training sessions on information security led by Chief Executive Officer.

d$.$

Audits are carried out by external information security experts.

e$.$

Assurance activity outcomes determined by the Chief Executive Officer.