Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

xx. Udemy - CISM Domain 1 - Information Security Governance > 02. Standards and Frameworks > Flashcards

02. Standards and Frameworks Flashcards

1
Q

Standards and Frameworks

PCI-DSS

A

Payment Card Industry Data Security Standard

  • Standard required if handling debit or credit cards
  • it is a standard, but REQUIRED
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Standards and Frameworks

OCTAVE

A

Operationally Critical Threat, Asset, and Vulnerability Evaluation

  • SELF DIRECTED Risk Management
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Standards and Frameworks

COBIT

A

Control Objectives for Information and related Technology

  • GOALS for IT
  • Stakeholder needs mapped to IT related goals
  • REMEMBER COBIT - IT for IT
  • COBIT - Operational Level
  • COSO - Oganisational Level
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Standards and Frameworks

COSO

A

Committee Of Sponsoring Organisations

  • GOALS for entire organisation
  • REMEMBER COSO - O at the end for entire organisation
  • COBIT - Operational Level
  • COSO - Oganisational Level
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Standards and Frameworks

ITIL

A

Information Technology Infrastructure Library

  • ITSM - IT Service Management
  • Frameworks and best practices to align IT services with businesses needs
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Standards and Frameworks

FRAP

A

Facilitated Risk Analysis Process

  • Analysed one business unit, application or system at a time
  • Focused on one system at a time
  • Brainstorming with INTERNAL employees
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Standards and Frameworks

ISO 27001

A
  • Establish, Implement, Control and Improvement of ISMS
  • Plan, Do Check, Act

  • Organisation can be certified in ISO 27001
  • Shows organisation adheres to industry best practices
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Standards and Frameworks

ISO 27002

A
  • Practical Advice; How to implement security controls
  • 10 Domains used for ISMS

  • More indepth than ISO 27001
  • Cannot be certified against
  • Practical implementation
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Standards and Frameworks

ISO 27004

A

Metrics and measuring success of ISMS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Standards and Frameworks

ISO 27005

A

Standards Based Approach to Risk Management

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Standards and Frameworks

ISO 27799

A

Directives on how to protect PHI

Protected Health Information

  • Key word PROTECTED Health Information
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Standards and Frameworks

Defense in Depth

A

Layered Defense

  • Implement multiple overlapping security controls to protect an asset
  • Applies to physical, administrative, and logical controls
  • No single security control secures an asset
  • Defense in Depth improves organisations CIA

EXAMPLE;
* Getting through locked doors, security guards, locked cage
* Getting through IPS, Firewall, switches

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Standards and Frameworks

CIA

A
  1. Confidentiality
  2. Integrity
  3. Availbility
How well did you know this?
1
Not at all
2
3
4
5
Perfectly

xx. Udemy - CISM Domain 1 - Information Security Governance (34 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions