A signed user acknowledgment of the corporate security policy:
A.
Ensures that users have read the policy
B.
Ensures that users understand the policy, as well as the consequences for not following the policy
C.
Can be waived if the organization is satisfied that users have an adequate understanding of the policy
D.
Helps to protect the organization if a user�s behavior violates the policy
Explanation:
B: In the field, it is common to identify vulnerabilities as they are related to people, processes, data, technology, and facilities. Examples of vulnerabilities could include neglecting to require users to sign an acknowledgment of their responsibilities with regard to security, as well as an acknowledgment that they have read, understand, and agree to abide by the organizations security policies. Page 431.
The answer should be D.
Agree Zhen. Signing does not ensure that they understand what they sign.
The answer should be D
I totally get what you guys are saying. Here is a counter-argument:
The user’s signature on a piece of paper doesn’t actually protect the company from anything. It will only allow for dishing out punishment on the offending employee.
along those same lines, the signature doesn’t ensure the user understands the policy. The answer I would pick would be B, but it should read “Ensures that users *claim to* understand the policy.”