CHAPTER 1 INFORMATION SECURITY COMPLIANCE Flashcards
ASSURANCE
A level of confidence that appropriate and effective IT controls are in place.
AUDIT
An independent assessment that takes a well-defined approach to examining an organization’s internal plicies, controls, and activities.
COMPLIANCE
The act of adhering to internal policies, as well as applicable laws, regulations and indrustry requirements.
CONTROL OBJECTIVES FOR INFORMATION AND RELATED TECHNOLOGY (COBIT)
A framework providing best practices for IT governance and control
CONTROLS
Actions or changes put in place to reduce a weakness or potential loss. Referred to as a countermeasure.
ENRON
A large US-based energy company that went bankrupt in 2001 and has become a symbol of corporate fraud and corruption.
GOVERNANCE
The process through which an organization’s processes and assets are directed and controlled.
NATIONAL INSITUTE OF STANDARDS AND TECHNOLOGY (NIST)
Organization with the mission of promoting innovation and competitiveness through the advancement of science, standards and technology to improve economic security and quality of life
OBJECTIVES
A set of goals. Used as part of an assessment to determine what needs to be accomplished to validate a control
PAYMENT CARD INDUSTRY DATA SECURITY STANDARD (PCI DSS)
Industry-created standards to prevent payment card theft and fraud.
PENETRATION TESTING
A method for assessing information systems in and attempt to bypass controls and gain access.
RISK
An uncertainty that might lead to a loss. Losses occur when a threat exports vulnerability.
RISK MANAGEMENT
The practice of identifying, assess, controlling, and mitigating risks.
SARBANES-OXLEY ACT OF 2002
An act that was created in the wake of accounting scandals from the likes of Enron and WorldCom. This set new accountability and corporate reponsibility standards for public companies and accounting firms.
THE TJX COMPANIES, INC.
A large off-price retailer of apparel and home fashions that suffered one of the most severe breaches of private data in history.
