5.4 Flashcards

1
Q

Compliance

A

as observing a rule, such
as a policy, standard, specification, or law

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Regulatory compliance

A

outlines the goals
organizations want to accomplish to certify that they understand and take actions to comply with policies, relevant laws, and regulations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Regulatory compliance example:

A

companies that provide products and services to the U.S. federal government
must meet certain security directives set by NIST

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Compliance monitoring

A

a continuous process to
ensure that all organizational subjects are adhering to all policies and procedures in the published policies and procedures

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Goals of compliance monitoring include:

A
  • Exposing compliance risk issues in an organization’s
    operations or functions
  • Helping organizations achieve consistent regulatory
    compliance and avoid areas of non-compliance
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

compliance monitoring activities include:

A
  • Monitoring for continuous certification and
    accreditation
  • Publishing all compliance and regulatory
    requirements
  • Tracking and recording all compliance and
    remediation initiatives
  • Supporting a compliance manager enforcing a Separation of Duty (SOD) or larger Zero Trust initiative
  • May be an activity for one with the role of a data steward in some organizations
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Due diligence

A

relates to the act of performing thorough research before committing to a
particular plan of action

It involves proper information gathering,
planning, testing, and strategizing before
development, production, and deployment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Due diligence examples:

A
  • Comprehensive background check practices for hiring
  • Investigating a cloud service provider (CSP)
    thoroughly before
    signing a memorandum of understanding (MOU)
  • Testing and evaluating nonrepudiation
    techniques (digital signatures) before signing contracts or using code
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Due care

A

refers to the degree of attention that a
reasonable person takes for a particular entity

Is the level of judgment, attention, and activity that a person would engage in under similar
circumstances

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Compliance attestation

A

a formal validation document that is used to certify an organization’s status to interested external parties

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Compliance acknowledgment

A

typically involves a
statement affirming that an authorized enterprise
understands and will adhere to their
confidentiality obligations and a security and
privacy mandate

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Compliance acknowledgment example:

A
  • Sarbanes-Oxley (SOX)
  • Health Insurance Portability and Accountability Act
    (HIPAA)/Health Information Technology for
    Economic and Clinical Health (HITECH)
  • SOC1/2
  • Payment Card Industry Data Security Standard (PCI
    DSS)
  • General Data Protection Regulation (GDPR)
  • CSA Cloud Controls Matrix (CCM)
  • Other regulations and governance
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Compliance processes

A

are time-consuming, and when there is no
automation involved, it quickly uses productive hours

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

manual workflow vs manual compliance tool time to complete

A

A manual workflow can take around 150 hours, while an automated compliance tool may only need about 10-12 hours to complete

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Compliance automation

A

tools ensure the protection of data and
are governed according to the applicable regulations such as
GDPR

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

compliance automation tasks can include

A

self-assessment, planning and monitoring
controls, testing, and reporting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Compliance automation tools can assist enterprises to:

A

reduce
non-compliance risk, improve efficiency, and attain better
visibility

18
Q

Internal compliance

A

reporting allows organizations
to institute internal controls, monitor employee
behavior, and detect potential fraud, misconduct,
or non-compliant activities

19
Q

Internal compliance examples:

A
  • Adhere to regulatory requirements
  • Maintain stakeholder trust
  • Mitigate risk
  • Support ethical considerations and corporate social
    responsibility (CSR)
  • Establish internal governance and performance
    monitoring
20
Q

External compliance

A

refers to following the rules, laws, and standards set by a Government entity

21
Q

External compliance goals:

A

to avoid any negative impact on
the organization such as fines, penalties, and loss of corporate goodwill

22
Q

Privacy considerations:

A
  • Legal implications
  • Local/regional, national/global distinctives
  • Data subjects (controller vs. processor)
  • Ownership
  • Data inventory and retention
  • Right to be forgotten
23
Q

right to be forgotten

A

right to obtain from the controller the erasure of personal
data concerning him or her without undue delay and the
controller shall have the obligation to erase personal data
without undue delay if one of a number of conditions applies

24
Q

“Undue delay” is typically about:

A

a month

25
Q

Nondisclosure agreement (NDA)

A

legally enforceable contracts that generate a confidential/private relationship between an entity that has
sensitive information and an entity who will gain access to
that information

26
Q

A confidential relationship means:

A

one or both parties has a duty not to share that information

27
Q

NDA’s can be signed:
(examples)

A
  • At the outset of a pre-engagement meeting
  • Early in the interview process
  • As part of the hiring and post-termination process
  • In anticipation of a Memorandum of Agreement (MOA)
    or Memorandum of Understanding (MOU)
28
Q

Memorandum of agreement (MOA)

A

a written document
describing a cooperation between two entities that
want to work together on a project or an agreed-upon objective

**more formal than a verbal agreement but less formal than
a contract

29
Q

memorandum of understanding (MOU)

A

a nonbinding
agreement that declares each party’s objectives in
performing a business transaction or initiating a new partnership

** This form of agreement may also be referred to as a letter
of intent (LOI) or MOA

30
Q

MOU goal is to

A

attain a mutual understanding of the
partnership so that both parties can move forward into an enforceable contract

31
Q

Service Level Agreement (SLA)

A

A provider must realize that the use of contractual agreements such as hosting/connection
agreements and SLAs are used to allocate shared responsibility and risk among both providers and consumers

32
Q

SLA clarifies:

A

the support system (service desk)
response to problems or outages for an agreed level of service (based on support plan)

33
Q

An SLA defines:

A

the precise responsibilities of the
provider and sets customer expectations

34
Q

master service agreement (MSA)

A

is a contract two parties enter into during a
service transaction

  • This agreement details the expectations of both parties
    **like an SLA
35
Q

The goal of a master service agreement is to:

A

make the
contract process faster

It also should make future contract agreements simpler

36
Q

work order (WO)

A

a document that delivers all the information
about an ongoing maintenance task and outlines a process
for completing that activity

37
Q

Work orders can include details regarding:

A
  • Who authorized the job
  • The scope
  • Who the job/task is assigned to
  • What are all expectations (delivery time or date)
38
Q

statement of work (SOW)

A

an agreement that establishes the
expectations for a project or program and aligning the team(s) involved

an SOW is a document of agreement
between a client and service or agent defining the
scope and details of a project

**first piece of paperwork

39
Q

SOW should detail

A

should clarify price, cost, timeline,
deliverables, process, expectations of
requirements, invoicing schedules, and much
more, depending on the scope and breadth of the
project

40
Q

Business partnership agreement (BPA)

A

establishes rules for two or more parties
going into business together

*a legally binding document that outlines every detail of the business operations, ownership stakes,
financials, accountabilities, and decision-making
approach and strategies

41
Q

what are the different partnerships:

A
  • General partnerships
  • Limited partnerships
  • Limited liability partnerships
  • Limited liability limited partnerships