5.2 - Explain the importance of applicable regulations, standards, or frameworks that impact organizational security posture. Flashcards

Question 1

Q

International Organization for Standardization (ISO) 27001/27002/27701/31000

Answer

A

ISO/IEC frameworks

International Organization for Standardization/International Electrotechnical Commission

Question 2

Q

ISO 27001

Answer

A

International Organization for Standardization

– Standard for an Information Security Management System (ISMS)

Question 3

Q

ISO 27002

Answer

A

International Organization for Standardization

– Code of practice for information security controls

Question 4

Q

ISO 27701

Answer

A

International Organization for Standardization

– Privacy Information Management Systems (PIMS)

-extends the ISO 27001 + 27002 standards to include detailed mgmt of PII (Personally Identifiable Information) + data privacy

-extends 27001 wth enhancements 4 privacy to establish + maintain info mgmt systems specific to privacy

Question 5

Q

ISO 31000

Answer

A

International Organization for Standardization

– International standards for risk management practices

-provides framework 4 risk mgmt process

Question 6

Q

SSAE SOC 2 Type I/II

Answer

A

The American Institute of Certified Public Accountants (AICPA) auditing standard Statement on Standards for Attestation Engagements number 18 (SSAE 18)
* SOC 2 - Trust Services Criteria (security controls) – Firewalls, intrusion detection, and
multi-factor authentication

Type I audit
– Tests controls in place at a particular point in time
Type II
– Tests controls over a period of at least six
consecutive months

Brainscape's Knowledge GenomeTM

5.2 - Explain the importance of applicable regulations, standards, or frameworks that impact organizational security posture. Flashcards

Brainscape's Knowledge Genome^TM