5.3-5.6

Question 1

supply chain analysis

Answer 1

get a product or service from supplier to customer.

Question 2

rules of engagement

Answer 2

an important document, defines purpose and scope, makes everyone aware of the test parameters.

Question 3

vendor independent assessments

Answer 3

bring in a smart person or team to evaluate security and provide recommendations

Question 4

conflict of interest

Answer 4

a personal interest could compromise judgement, a potential partner also does business with your largest competior

Question 5

MOA

Answer 5

memorandum of agreement. next step above a mou, is legally binding

Question 6

MSA

Answer 6

Master Service Agreement. legal contract and agreement of terms. future projects will based on this

Question 7

wo/SOW

Answer 7

work order/scope of work
specific list of items to be completed. details the scope of the job, location, etc…

Question 8

bpa

Answer 8

business partners agreement, going into business togethers

Question 9

compliance

Answer 9

internal- monitor and report on organizational compliance efforts.
external-documentation required by external or industry regulators

Question 10

contractual impacts

Answer 10

some business deals may require a minimum compliance level.

Question 11

attestation and acknowledgement

Answer 11

someone must sign off on formal compliance documentation

Question 12

privacy legal implications

Answer 12

a constantly evolving set of guidelines.
local/regional-state
national-country
global-countries

Question 13

gdpr

Answer 13

General Data Protection Regulation gives data subjects control of their personal data in europe

Question 14

data subject

Answer 14

any information relating to an identified or identifiable natural person

Question 15

data responsibilities

Answer 15

data owner-accountable for specific data

Question 16

data inventory and retention

Answer 16

a listing of all managed data, owner, update frequency, format of the data

Question 17

RTBF

Answer 17

right to be forgotten (RTBF) is the right to have private information about a person be removed from Internet searches and other directories under some circumstances.

Question 18

audit comittee

Answer 18

oversees risk management activities

Question 19

anomalous behavior recognition

Answer 19

when something looks out of the ordinary, ex:someone logging in from another country

Question 20

unintentional

Answer 20

someone typing in the wrong domain name

Question 21

initial reporting/monitoring

Answer 21

when something occurs for the first time it’s a chance for someone to learn so it doesn’t happen again

Question 22

operational security

Answer 22

view security from the attacker’s perspective