Human Resources Certification Institute (HRCI) Practice Exam

Which of the following mitigation efforts will improve data security?

• A. Purchasing EPL insurance
• B. A computer monitoring system of employee keystrokes
• C. Writing a policy that prohibits the sharing of passwords
• D. Not collecting the data at all

The correct answer is: Writing a policy that prohibits the sharing of passwords

Writing a policy that prohibits the sharing of passwords is the correct answer because this measure directly addresses a common security vulnerability - the sharing of passwords. By implementing a policy that prohibits the sharing of passwords, organizations can enhance data security by ensuring that access to sensitive information is restricted to authorized personnel only. This mitigates the risk of unauthorized access and helps to protect the confidentiality and integrity of the data. On the other hand: - Option A, purchasing EPL insurance, is a measure related to employment practices liability insurance, which covers liabilities resulting from employment-related claims such as discrimination and wrongful termination. While this type of insurance is important for mitigating risks associated with employment practices, it is not directly related to data security. - Option B, a computer monitoring system of employee keystrokes, could potentially be invasive and raise privacy concerns among employees. While such monitoring systems can be used for productivity or security purposes, they may not always directly improve data security. - Option D, not collecting the data at all, may be an extreme measure and might not always be practical depending on the nature of the organization's operations. Data collection is often necessary for business processes, so completely avoiding data collection may not always be a feasible solution for improving data security.