var quiz = {
	questions : [
		{
			text : 'The most important component of a HIPAA compliance program is:',
			img : 'http://media.techtarget.com/WhatIs/images/spacer.gif',
			responses : [
				'a) A strong technical product for encryption of protected health information (PHI)',
				'b) High-quality identity management and access control (IAM)',
				'c) A strong governance structure that assigns responsibility to appropriate parts of the organization and ensures policies will be defined and enforced',
				'd) Good monitoring and intrusion detection'
			],
			answer : 2,
			score : 1,
			expandedAnswer : '<br>\nGovernance is the driving force behind all compliance activities.  Without good governance, requirements fall between the cracks, technical solutions don\'t receive the proper attention and support, and an organization tends to drift out of compliance without recognizing it.',
			moreInfo : 'Richard Mackey offers expert advice on frameworks that can help security pros find their <a href="http://searchsecurity.techtarget.com/video/0,297151,sid14_gci1337170,00.html" target="_blank">compliance and regulatory needs</a>, and most importantly, meet them. '
		},
		{
			text : 'Risk assessment needs to take place in which of the following circumstances?',
			img : 'http://media.techtarget.com/WhatIs/images/spacer.gif',
			responses : [
				'a) At a business level, taking into account the risk to information because of the service provided, the technology deployed and the kind of information processed',
				'b) Each time the organization engages new business associates',
				'c) When the organization makes changes to its technical infrastructure',
				'd) When vulnerability fixes are contemplated',
				'e) All of the above'
			],
			answer : 4,
			score : 1,
			expandedAnswer : '<br>\nRisk assessments need to take place at an organizational/business level, and each time changes have a potential to affect the security of the protected information.',
			moreInfo : 'Learn more guidelines for conducting a <a href="http://searchfinancialsecurity.techtarget.com/news/interview/0,289202,sid185_gci1289680,00.html" target="_blank">risk assessment</a>.'
		},
		{
			text : 'Isolation and segregation of systems and networks that process protected health information is most helpful because:',
			img : 'http://media.techtarget.com/WhatIs/images/spacer.gif',
			responses : [
				'a) It restricts the number of users that will have access to health information.',
				'b) It reduces the scope configuration management, monitoring and access controls necessary for compliance.',
				'c) It allows encryption to be accomplished more efficiently.',
				'd) It irritates auditors because they have fewer systems to check.'
			],
			answer : 1,
			score : 1,
			expandedAnswer : '<br>\nSegregating systems simplifies management, monitoring, configuration, intrusion detection, key management, backup and change management for the regulated systems.  That said, it also tends to create a separate domain that administrators need to deal with.',
			moreInfo : 'See why <a href="http://searchsecurity.techtarget.com/tip/0,289483,sid14_gci1314605,00.html" target="_blank">network segmentation and PCI compliance</a> have created a security standards dilemma.'
		},
		{
			text : 'An auditor would find you non-compliant for which of the following practices?',
			img : 'http://media.techtarget.com/WhatIs/images/spacer.gif',
			responses : [
				'a) No technology deployed to automatically track the request and approval associated with systems holding protected health information',
				'b) No automated vulnerability management software',
				'c) No data loss prevention products deployed',
				'd) No audit trail for creation, disablement and recertification of accounts',
				'e) All of the above'
			],
			answer : 3,
			score : 1,
			expandedAnswer : '<br>\nHIPAA has no requirements for specific products or technology.  It does require that there be strict controls (either process or technology) around the creation and recertification of accounts.',
			moreInfo : 'In another lesson from our Compliance School, learn about the <a href="http://searchsecurity.techtarget.com/guide/securitySchool/category/1,296296,sid14_tax307728,00.html" target="_blank">technologies</a> that <i>are</i> necessary for compliance.'
		},
		{
			text : 'Which of the following statements about risk assessment are true?',
			img : 'http://media.techtarget.com/WhatIs/images/spacer.gif',
			responses : [
				'a) Risk assessments can help justify the controls and budget needed for HIPAA compliance.',
				'b) Risk assessments can reveal potential exposures in business associates.',
				'c) Risk assessments can help to avoid outages when addressing vulnerabilities.',
				'd) Risk assessments can help to unite business and technical groups in working out solutions to security, compliance and business problems.',
				'e) All of the above'
			],
			answer : 4,
			score : 1,
			expandedAnswer : '<br>\nWhen they involve representatives of business, technical, legal, and human resources organizations, high-level risk assessments provide a common basis for understanding both the risk and the range of possible approaches. At a low level, risk assessments help to ensure that development and administration decisions are made to preserve uptime and address vulnerabilities in the most prudent way.',
			moreInfo : 'For more on risk assessments and security regulations, make sure to check out the rest of SearchSecurity.com\'s <a href="http://searchsecurity.techtarget.com/guide/securitySchool/0,296293,sid14_gci1261778,00.html" target="_blank">Compliance School</a>.'
		}
	]
};