Chapter 6 Flashcards

1
Q

Your adherence to the rules and regulations that govern the information you handle and the industry within which you operate

A

Compliance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Your adherence to the laws specific to the industry in which you’re operating

A

Regulatory Compliance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Adherence to regulations that aren’t mandated by law but that can nonetheless have severe impacts upon your ability to conduct business

A

Industry Compliance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Mitigate risks to physical security

A

Physical Controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Mitigate risks by implementing certain processes and procedures

A

Administrative Controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Manages risks using technical measures

A

Technical Controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

A document that defines information security for an organization

A

Information Security Policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

The primary controls used to manage risk in your environment

A

Key Controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Controls that replace impractical or unfeasible key controls

A

Compensating Controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

ATO

A

Authority To Operate

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

After an organization passes an audit, the federal agency they’re working with grants it an ____________.

A

Authority To Operate (ATO)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

FISMA

A

Federal information Security Management Act

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Provides a framework for ensuring the effectiveness of information security controls in all government agencies

A

Federal Information Security Modernization Act (FISMA)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

FedRAMP

A

Federal Risk and Authorization Management Program (FedRAMP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Defines rules for government agencies contracting with cloud providers

A

Federal Risk and Authorization Management Program (FedRAMP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Certifications that consists of a single Authority To Operate (ATO) that allows an organization to do business with any number of federal agencies

A

Federal Risk and Authorization Management Program (FedRAMP)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

HIPAA

A

Health Insurance Portability and Accountability Act

18
Q

Protects the rights and data of patients in the US healthcare system

A

Health Insurance Portability and Accountability Act (HIPAA)

19
Q

PHI

A

Protected Health Information

20
Q

SOX

A

Sarbanes-Oxley Act

21
Q

Regulates financial data, operations, and assets for publicly held companies

A

Sarbanes-Oxley Act (SOX)

22
Q

GLBA

A

Gramm-Leach-Bliley Act

23
Q

Protects the customers of financial institutions. Also mandates the disclosure of an institution’s information collection and information sharing practices, and established requirements for providing privacy notices and opt-outs to consumers.

A

Gramm-Leach-Bliley Act (GLBA)

24
Q

COPPA

A

Children’s Online Privacy Protection Act of 1998

25
Q

Imposes certain requirements on operators of websites or online directed to children under 13 years of age, and on operators of other websites or online services that have actual knowledge that they are collecting personal information online from a child under 13 years of age

A

Children’s Online Privacy Protection Act of 1998 (COPPA)

26
Q

PCI-DSS

A

Payment Card Industry Standard

27
Q

A set of security standards designed to ensure that ALL companies that accept, process, store or transmit credit card information maintain a secure environment

A

Payment Card Industry Standard (PCI-DSS)

28
Q

Is Payment Card Industry Standard (PCI-DSS) a law?

A

No

29
Q

The state or condition of being free from being observed or disturbed by other people

A

Privacy

30
Q

The concept of an individual’s right to privacy is something that has been discussed for many years

A

Privacy Rights

31
Q

Safeguards privacy through creating four procedural and substantive rights in personal data

A

Federal Privacy Act of 1974

32
Q

What are the four procedural and substantive rights

A
  1. Requires government agencies to show an individual any records kept on him or her
  2. Requires agencies to follow certain principles, called ‘fair information practices,’ when gathering and handling personal data
  3. Places restrictions on how agencies can share an individual’s data with other people and agencies
  4. Lets individuals sue the government for violating its provisions
33
Q

PII

A

Personally Identifiable Information

34
Q

Information that can be used to identify an individual in any search (name, address, social security number, etc..)

A

Personal Identifiable Informaion (PII)

35
Q

CIPA

A

Children’s Internet Protection Act

36
Q

Requires schools and libraries to prevent children from accessing obscene or harmful content over the internet

A

Children’s Internet Protection Act

37
Q

FERPA

A

Family Educational Rights and Privacy Act

38
Q

Protects students’ records. Applies to students at all level.

A

Family Education Rights and Privacy Act (FERPA)

39
Q

ISO

A

International Organization for Standardization

40
Q

HITECH

A
41
Q

FCRA

A