Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

ag-Cybersecurity Bootcamp Study Aid > 2.3 Governance, Risk, and Compliance III > Flashcards

2.3 Governance, Risk, and Compliance III Flashcards

1
Q

Codifying and enforcing proper behavior and operations. That is, establishing standards of “right” and “wrong,” and enforcing those standards is ______________?

A

Governance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Enforcing the policies in order to meet those

standards is ______________?

A

Compliance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

A __________ is a rule that defines the “right”

behavior.

A

A policy is a rule that defines the “right”

behavior.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

__________ inform standards for behavior and operations.

A

Policies inform standards for behavior and operations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A _____________ defines the policies an organization must have in place.

A

A governance framework defines the policies an organization must have in place.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

The two main types of business goals are:

A
  1. Internal/Volitional - Targets that the business sets in its own interest. Ex. An organization might aim to reduce long-term security expenses to less than $400,000.
  2. External/Imposed - Targets that the business must hit because they will suffer consequences if they do not.
    Ex. The requirement that online merchants process all credit card transactions securely, or suffer legal penalties if a customer’s PII is breached.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

There are some rules and policies that must be followed by everyone within an organization or industry. Collections of such policies are called ____________.

A

There are some rules and policies that must be followed by everyone within an organization or industry. Collections of such policies are called governance frameworks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Frameworks originate from the __________________, the regulatory organization in charge of proposing and enforcing laws regarding financial instruments (for example, stocks, bonds, options), and protecting consumers from fraud.

A

Frameworks originate from the Securities and Exchange
Commission (SEC), the regulatory organization in charge of proposing and enforcing laws regarding financial instruments (for example, stocks, bonds, options), and protecting consumers from fraud.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is General Data Protection Regulation (GDPR)

A

protects the private data of all citizens of the EU and European Economic Area (EEA).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is Health Insurance Portability and Accountability Act (HIPAA)

A

Mandates the protection of medical information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Payment Card Industry Data Security Standard (PCI DSS) requires that companies

A

Requires that companies handling credit

card transactions do so securely.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Title II: ___________________ is a provision establishing privacy standards around electronic access to healthcare data. Organizations must uphold the following standards to remain HIPAA compliant:

A

Title II: HIPAA Administrative Specification is a provision establishing privacy standards around electronic access to healthcare data. Organizations must uphold the following standards to remain HIPAA compliant:

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Businesses must enforce policies in order to guarantee __________ with regulations.

A

Compliance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

_________ refer to each rule in the framework, and check that the business is following it.

A

Auditors refer to each rule in the framework, and check that the business is following it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

In the event a business is found to be non-compliant in any way, the organization will typically respond by:

A
  • Acknowledging that they are aware of the non-compliance.
  • Determining a timeline to fix the issue.
  • Developing a plan to bring the organization back into compliance.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

________________ and ________________ planning focus on contingency plans in the event of a disruption or disaster, and ensure that the business can resume daily operations.

A

Business continuity planning (BCP) and disaster recovery (DR) planning focus on contingency plans in the event of a disruption or disaster, and ensure that the business can resume daily operations.

17
Q

A breach can have one of two results:

A
  1. Mild / Moderate Breach: The business has been impacted, but can still handle day-to-day operations at a greater cost.
  2. Serious / Catastrophic Breach: The business has been impacted so severely that they cannot operate.
18
Q

Instead, they must use their __________ to contain the incident, __________ from the disaster, and eventually __________ to operation.

A

Instead, they must use their resources to contain the incident, recover from the disaster, and eventually return to operation.

19
Q

What’s the differences between BCP and DR?

A

Business Continuity Planning focuses on processes
and procedures an organization must consider in
order to ensure business critical functions continue during and after a disaster.

Disaster Recovery focuses on the specific steps an organization must take to resume work after a disaster.

20
Q

Contingency planning results in a contingency policy statement, which establishes the organization’s framework and responsibilities for maintaining
confidentiality, integrity, and availability of data. It includes:

A
  • Responsibilities of an emergency response team
  • Resource requirements
  • Training requirements
  • Schedule for plan maintenance
21
Q

_____________ represents the amount of data that a business can afford to lose/recover (given the most recent backup copy of the data) after a disruption or system outage.

A

Recovery Point Objective (RPO) represents the amount of data that a business can afford to lose/recover (given the most recent backup copy of the data) after a disruption or system outage.

22
Q

A pivotal step in BCP and DR planning is the Business Impact Analysis and Risk Assessment. Goals include:

A
  • Identify key processes and functions of the business.
  • Establish a detailed list of requirements for business recovery.
  • Determine the resource requirements needed to resume key processes.
  • Evaluate the impact on daily operations.
  • Develop priorities and classifications of business processes and functions.
  • Develop recovery time requirements.
  • Determine financial, operations, and legal impact of disruptions.
23
Q

__________________ is the total amount of time a system can afford to be unavailable for users and the business.

A

Maximum Tolerable Downtime (MTD) is the total amount of time a system can afford to be unavailable for users and the business.

  • Recovery Time Objective (RTO) is the maximum tolerable amount of time needed to bring all critical systems back online after a disaster has occured.
  • Work Recovery Time (WRT) is the time available to get the systems working again. WRT is the remainder of the MTD after the RTO. If MTD is four days and RTO is one day, WRT is three days.

ag-Cybersecurity Bootcamp Study Aid (55 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions