Classify 15 Activities as G, R, or C

Quick check

Activity: Writing an access control policy

Quick check

Activity: Appointing a Data Protection Officer

Quick check

Activity: Creating a data classification scheme

Quick check

Activity: Presenting the security budget to the board

Quick check

Activity: Setting the maximum acceptable downtime (RTO) for production

Quick check

Activity: Evaluating the likelihood of a phishing attack succeeding

Quick check

Activity: Deciding to accept the residual risk of unpatched legacy servers

Quick check

Activity: Scoring a vendor's security posture before signing a contract

Quick check

Activity: Determining which regulations apply to a new product line

Quick check

Activity: Performing a DPIA before launching in the EU

Quick check

Activity: Running a quarterly access review for an auditor

Quick check

Activity: Collecting CloudTrail logs as SOC 2 evidence

Quick check

Activity: Mapping CIS Controls to existing technical implementations

Quick check

Activity: Writing a control narrative explaining how MFA is enforced

Quick check

Activity: Generating an automated compliance report from Vanta