The ISO 27005 Standard for InfoSec Risk Management has a five-stage management methodology that includes risk treatment and risk communication.

Which of the following was given the authority to bring criminal action against covered entities that wrongly disclose ePHI?

A) Department of Justice B) Local law enforcement C) Department of Health and Human Services D) State Attorney

?Which of the following shortcoming may be revealed during an IT security audit?

A. ?whether the IT budget is adequate or not B. ?whether the users are satisfied with IT services or not C. whether only a limited number of people have access to critical data or not D. whether the firewall is tall enough 

Given a subnet mask of 255.255.255.0, How many usable IP addresses would be in that subnet?

A. 250 B. 254 C. 255 D. 256

_____________ seeks to analyze the data flow and to identify the system’s input and output. When you do analysis, it helps to identify what the output is first, and then figure out what input data you need in order to produce the output.

a. Requirements specification b. Analysis c. Design d. Implementation e. Testing