var quiz = { questions : [ { text : 'According to the Privacy Rights Clearinghouse, how many security breaches were reported in the U.S. last year?', img : 'http://media.techtarget.com/WhatIs/images/spacer.gif', responses : [ '239', '329', '923' ], answer : 1, score : 1, expandedAnswer : '', moreInfo : '' }, { text : 'Sarbanes-Oxley Section 404 (a) and Section 404 (b) regulations have cost smaller companies less than pundits predicted, according to Lord & Benoit LLC. How much less has it cost, on average?', img : 'http://media.techtarget.com/WhatIs/images/spacer.gif', responses : [ '75%', '3%', '13.8%' ], answer : 2, score : 1, expandedAnswer : 'The Securities and Exchange Commission had estimated that the average first-year cost for management assessment and additional audit fees would be $91,000 for nonaccelerated filers (those under $75 million in market cap). Lord & Benoit, however, found that the average is $78,474.', moreInfo : '' }, { text : 'The Payment Card Industry Data Security Standard defines four levels of merchants. How many transactions do level-one merchants process each year?', img : 'http://media.techtarget.com/WhatIs/images/spacer.gif', responses : [ 'More than 4 million', 'More than 5 million', 'More than 6 million' ], answer : 2, score : 1, expandedAnswer : 'Level-one merchants are required to have annual on-site PCI DSS audits. Merchants in levels two through three, which include the majority of midmarket companies, can complete self-assessment questionnaires on their own each year.', moreInfo : '' }, { text : 'True or false: Electronic personal health record systems (EPHRs) such as Google Health and Microsoft HealthVault are regulated by the Health Insurance Portability and Accountability Act (HIPAA).', img : 'http://media.techtarget.com/WhatIs/images/spacer.gif', responses : [ 'True', 'False' ], answer : 1, score : 1, expandedAnswer : 'EPHRs are not currently classified as HIPAA-regulated documents because they\'re maintained by individuals and aren\'t even necessarily viewed as true information in the eyes of some physicians, according to Mary Griskewicz, senior director for ambulatory information systems at the Healthcare Information and Management Systems Society.', moreInfo : '' }, { text : 'As of April, how many states have passed some form of data breach notification legislation?', img : 'http://media.techtarget.com/WhatIs/images/spacer.gif', responses : [ '42', '24', '43' ], answer : 0, score : 1, expandedAnswer : 'The District of Columbia has also passed a data breach notification law.', moreInfo : '' }, { text : 'Compliance concerns are driving CIOs to use security information and event management (SIEM) tools, according to Gartner Inc. The SIEM market experienced how much growth last year?', img : 'http://media.techtarget.com/WhatIs/images/spacer.gif', responses : [ '30%', '52%', '85%' ], answer : 0, score : 1, expandedAnswer : 'SIEM saw 85% growth in 2005, followed by 52% and 30% growth in 2006 and 2007, respectively, according to Gartner. Analysts at Gartner expect that growth to hold steady this year and drop off slightly in the following years as the market becomes saturated.', moreInfo : '' }, { text : 'Which state didn\'t have a data breach notification law as of April?', img : 'http://media.techtarget.com/WhatIs/images/spacer.gif', responses : [ 'Arizona', 'Iowa', 'Virginia' ], answer : 1, score : 1, expandedAnswer : '', moreInfo : '' }, { text : 'Which regulations require a full accounting of which employees have access to which systems?', img : 'http://media.techtarget.com/WhatIs/images/spacer.gif', responses : [ 'Sarbanes-Oxley and HIPAA', 'PCI DSS and the Gramm-Leach-Bliley Act', 'All of the above.' ], answer : 2, score : 1, expandedAnswer : 'According to SearchCIO-Midmarket.com columnist Joel Dubin, regular reports are expected to show who has access, their level of access and that users who have left the company no longer have active accounts.', moreInfo : '' }, { text : 'How many data breach notification bills were under consideration by Congress as of May 1?', img : 'http://media.techtarget.com/WhatIs/images/spacer.gif', responses : [ '9', '43', '2' ], answer : 0, score : 1, expandedAnswer : '', moreInfo : '' }, { text : 'True or false: instant messages and short message service (SMS) communications can\'t be requested as part of regulatory actions.', img : 'http://media.techtarget.com/WhatIs/images/spacer.gif', responses : [ 'True', 'False' ], answer : 1, score : 1, expandedAnswer : 'Instant messages and SMS exchanges can be requested by regulatory bodies. If users transmit or receive confidential company information or any content that could factor into a legal action, "they are exposing the company to potential issues," according to Ted Ritter, a research analyst at Nemertes Research Group Inc.', moreInfo : '' } ] };