5.2 Governance - Regulations, Standards & Frameworks Flashcards

1
Q

Define General Data Protection Regulation (GDPR) (4)

A
  1. Laws applying to personal information in data in the EU
  2. Allows people to understand and control their personal data collected by companies
  3. Prohibits export of personal data outside of the EU
  4. Requires posting of detailed privacy policies regarding personal data
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Define Payment Card Industry Data Security Standard (PCI DSS) (2)

A
  1. Rules regarding credit card transaction transmissions and credit card data storage
  2. Not laws, but an organization setup by credit card companies to develop standards
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Define Center for Internet Security (CIS) Framework

A

Developed critical security controls (CSC) framework with different security recommendations based on the size of an organization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Define NIST Risk Management Framework (RMF)

A

Framework federal government agencies are required to follow

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Define NIST Cybersecurity Framework (CSF)

A

Framework for non-government corporate entities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Define International Organization Standardization (ISO) Frameworks

A

Developed for international organizations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Define SSAE SOC 2 Type I/II (3)

A
  1. Security auditing standard developed by the American Institute of Certified Public Accountants, or the AICPA
  2. Type I - audits/tests controls at a particular date/time
  3. Type II - audits/tests controls over a 6 month or longer time frame
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Define benchmarks/secure configuration guides

A
  1. Hardening secure configuration guides created for specific OS or platforms
  2. Can be from vendor or industry groups
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What devices types do benchmarks/secure configuration guides apply to?

A
  1. Web servers
  2. OS
  3. Application servers
  4. Network devices
How well did you know this?
1
Not at all
2
3
4
5
Perfectly