A security officer observes that a software development team is not complying with its corporate security policy on encrypting confidential data. Which of the following categories refers to this type of non-compliance?

Question

Certilyst · Accepted Answer

D Rationale: This type of non-compliance refers to internal issues within the organization. It highlights the software development team’s failure to adhere to corporate policies, which are established to protect internal data and maintain security standards.

External compliance refers to adherence to laws or regulations imposed by outside entities, which is not applicable here as the issue arises from internal policy.

Standard compliance relates to industry benchmarks or best practices, but in this scenario, the focus is specifically on corporate policies rather than broader industry standards.

Regulation compliance pertains to legal requirements set forth by governmental bodies, which does not apply, as the situation involves internal corporate policies rather than external legal mandates.

Internal compliance issues arise when employees do not follow their organization's own established policies, making this the correct classification for the observed non-compliance.

Free CompTIA Security Plus Practice Test

A security officer observes that a software development team is not complying with its corporate security policy on encrypting confidential data. Which of the following categories refers to this type of non-compliance?