5.3-5.6 Flashcards

1
Q

supply chain analysis

A

get a product or service from supplier to customer.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

rules of engagement

A

an important document, defines purpose and scope, makes everyone aware of the test parameters.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

vendor independent assessments

A

bring in a smart person or team to evaluate security and provide recommendations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

conflict of interest

A

a personal interest could compromise judgement, a potential partner also does business with your largest competior

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

MOA

A

memorandum of agreement. next step above a mou, is legally binding

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

MSA

A

Master Service Agreement. legal contract and agreement of terms. future projects will based on this

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

wo/SOW

A

work order/scope of work
specific list of items to be completed. details the scope of the job, location, etc…

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

bpa

A

business partners agreement, going into business togethers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

compliance

A

internal- monitor and report on organizational compliance efforts.
external-documentation required by external or industry regulators

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

contractual impacts

A

some business deals may require a minimum compliance level.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

attestation and acknowledgement

A

someone must sign off on formal compliance documentation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

privacy legal implications

A

a constantly evolving set of guidelines.
local/regional-state
national-country
global-countries

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

gdpr

A

General Data Protection Regulation gives data subjects control of their personal data in europe

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

data subject

A

any information relating to an identified or identifiable natural person

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

data responsibilities

A

data owner-accountable for specific data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

data inventory and retention

A

a listing of all managed data, owner, update frequency, format of the data

17
Q

RTBF

A

right to be forgotten (RTBF) is the right to have private information about a person be removed from Internet searches and other directories under some circumstances.

18
Q

audit comittee

A

oversees risk management activities

19
Q

anomalous behavior recognition

A

when something looks out of the ordinary, ex:someone logging in from another country

20
Q

unintentional

A

someone typing in the wrong domain name

21
Q

initial reporting/monitoring

A

when something occurs for the first time it’s a chance for someone to learn so it doesn’t happen again

22
Q

operational security

A

view security from the attacker’s perspective