Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Practice > (6) Regulations and Corporate Rules > Flashcards

(6) Regulations and Corporate Rules Flashcards

1
Q

What is the Payment Card industry Data Security Standard (PCI DSS)?

A

The PCI DSS lays out specific security controls for metchants who handle credit card transactions and service providers who help merchants with these transactions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What details are including in the vulnerability scans that PCI DSS demands?

A

Organizations must run both internal and external vulnerability scans

Must run scans at least one every three months and after any major change

Internal scans must be conducted by qualified personnel

Orgs must remediate any high risk vulnerability and repeat scans to confirm that they are resolved until they get a clean scan report

External scans must be conducted by an Approved Scanning Vendor (ASV) authorized by PCI SSC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is the Federal Information Security Management Act (FISMA)

A

FISMA requires that gov agencies and other orgs acting on behalf of government agencies comply with a series of security standards.

This depends on if the gov designates the system as low, moderate, or high impact, according to FIPS 199 Standards

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

According to the Federal Information Security Management Act (FISMA), what must all federal information systems meet?

A

According to FISMA, all federal information systems must meet the basic standards found in NIST Special Publication 800-53. (review these standards on your own)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is the Open Web Application Security Project (OWASP)?

A

OWASP is comprised of a large group of developers and security practitioners, and it has many community developed standards, guides, and best practice documents along with many open source tools.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What four industry frameworks do you need to know well?

A

PCI DSS, CIS, OWASP, and the ISO 27000 series

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What helps determine what systems that an org may scan when checking for vulnerabilities?

A

Orgs may ask:

-What is the data classification of the info stored, processed, or transmitted?

-Is the system exposed to the Internet?

-What services are offered by the system?

-Is the system a production, test, or development system?

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Once cybersecurity professionals conduct the scans that they need to run, what are they trying to build?

A

Once cyber security professionals conduct the scans that they need to run, they aim to develop an asset inventory

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

As part of the process of developing an asset inventory, what other information might system administrators add?

A

Sysadmins might add what type of system it is and the information that it handles to help see if the system is critical or non critical.

Asset criticality and asset inventory helps make decisions about the types of scans that are done, how often they are done, and the level of importance that admins should put on fixing what they find

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Practice (89 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions