Chapter 6 Flashcards
Your adherence to the rules and regulations that govern the information you handle and the industry within which you operate
Compliance
Your adherence to the laws specific to the industry in which you’re operating
Regulatory Compliance
Adherence to regulations that aren’t mandated by law but that can nonetheless have severe impacts upon your ability to conduct business
Industry Compliance
Mitigate risks to physical security
Physical Controls
Mitigate risks by implementing certain processes and procedures
Administrative Controls
Manages risks using technical measures
Technical Controls
A document that defines information security for an organization
Information Security Policy
The primary controls used to manage risk in your environment
Key Controls
Controls that replace impractical or unfeasible key controls
Compensating Controls
ATO
Authority To Operate
After an organization passes an audit, the federal agency they’re working with grants it an ____________.
Authority To Operate (ATO)
FISMA
Federal information Security Management Act
Provides a framework for ensuring the effectiveness of information security controls in all government agencies
Federal Information Security Modernization Act (FISMA)
FedRAMP
Federal Risk and Authorization Management Program (FedRAMP)
Defines rules for government agencies contracting with cloud providers
Federal Risk and Authorization Management Program (FedRAMP)
Certifications that consists of a single Authority To Operate (ATO) that allows an organization to do business with any number of federal agencies
Federal Risk and Authorization Management Program (FedRAMP)