Question

In the 5 Code of Federal Regulations (C.F.R.), it is recommended that an individual has security awareness training before s/he can access information. The C.F.R is unusual in that it requires all users to receive broad training in system/application life cycle management, security planning and system/application security management, risk management, and contingency planning.A. TrueB. false

Answer 1

Answer: A it is true.

Explanation: It is true under Subpart C—Information Security Responsibilities for Employees who Manage or Use Federal Information Systems

Number 3 and 4

(3) Program and functional managers must receive training in information security basics; management and implementation level training in security planning and system/application security management; and management and implementation level training in system/application life cycle management, risk management, and contingency planning.

(4) Chief Information Officers (CIOs), IT security program managers, auditors, and other security-oriented personnel (e.g., system and network administrators, and system/application security officers) must receive training in information security basics and broad training in security planning, system and application security management, system/application life cycle management, risk management, and contingency planning.

Answer 2

Answer:

B. False

Explanation:

The Code of Federal Regulations (C.F.R.) also called the administrative law refers to the codes of conducts that governs and sets the boundaries for administrative agencies in the United States.

The C.F.R. code stipulates that every individual who wants to access the Federal Information System be exposed to a certain basic level of security awareness before doing so. However, the C.F.R. does not stipulate that all users undergo broad training in system/application life cycle management, security planning and system/application security management, risk management, and contingency planning.

According to the C.F.R. code, training is made available to individuals based on their roles and responsibilities; Executives receive a basic security training, Program managers receive management training as well as basic security training, Chief Information Officers & other security-oriented personnels are the ones that receive broad training in system/application life cycle management, security planning and system/application security management, risk management, and contingency planning.

The C.F.R. code also stipulates that new employees be introduced & acquainted with security training depending on their roles/positions before granting them access to the systems, that current employees be refreshed often with security training and to make security training available to employees when there is any significant change in the agency's information system procedure or if an employee is given a new role that demands additional training.