Chapter 6

Question 1

Your adherence to the rules and regulations that govern the information you handle and the industry within which you operate

Answer 1

Compliance

Question 2

Your adherence to the laws specific to the industry in which you’re operating

Answer 2

Regulatory Compliance

Question 3

Adherence to regulations that aren’t mandated by law but that can nonetheless have severe impacts upon your ability to conduct business

Answer 3

Industry Compliance

Question 4

Mitigate risks to physical security

Answer 4

Physical Controls

Question 5

Mitigate risks by implementing certain processes and procedures

Answer 5

Administrative Controls

Question 6

Manages risks using technical measures

Answer 6

Technical Controls

Question 7

A document that defines information security for an organization

Answer 7

Information Security Policy

Question 8

The primary controls used to manage risk in your environment

Answer 8

Key Controls

Question 9

Controls that replace impractical or unfeasible key controls

Answer 9

Compensating Controls

Question 10

ATO

Answer 10

Authority To Operate

Question 11

After an organization passes an audit, the federal agency they’re working with grants it an ____________.

Answer 11

Authority To Operate (ATO)

Question 12

FISMA

Answer 12

Federal information Security Management Act

Question 13

Provides a framework for ensuring the effectiveness of information security controls in all government agencies

Answer 13

Federal Information Security Modernization Act (FISMA)

Question 14

FedRAMP

Answer 14

Federal Risk and Authorization Management Program (FedRAMP)

Question 15

Defines rules for government agencies contracting with cloud providers

Answer 15

Federal Risk and Authorization Management Program (FedRAMP)

Question 16

Certifications that consists of a single Authority To Operate (ATO) that allows an organization to do business with any number of federal agencies

Answer 16

Federal Risk and Authorization Management Program (FedRAMP)

Question 17

HIPAA

Answer 17

Health Insurance Portability and Accountability Act

Question 18

Protects the rights and data of patients in the US healthcare system

Answer 18

Health Insurance Portability and Accountability Act (HIPAA)

Question 19

PHI

Answer 19

Protected Health Information

Question 20

SOX

Answer 20

Sarbanes-Oxley Act

Question 21

Regulates financial data, operations, and assets for publicly held companies

Answer 21

Sarbanes-Oxley Act (SOX)

Question 22

GLBA

Answer 22

Gramm-Leach-Bliley Act

Question 23

Protects the customers of financial institutions. Also mandates the disclosure of an institution’s information collection and information sharing practices, and established requirements for providing privacy notices and opt-outs to consumers.

Answer 23

Gramm-Leach-Bliley Act (GLBA)

Question 24

COPPA

Answer 24

Children’s Online Privacy Protection Act of 1998

Question 25

Imposes certain requirements on operators of websites or online directed to children under 13 years of age, and on operators of other websites or online services that have actual knowledge that they are collecting personal information online from a child under 13 years of age

Answer 25

Children’s Online Privacy Protection Act of 1998 (COPPA)

Question 26

PCI-DSS

Answer 26

Payment Card Industry Standard

Question 27

A set of security standards designed to ensure that ALL companies that accept, process, store or transmit credit card information maintain a secure environment

Answer 27

Payment Card Industry Standard (PCI-DSS)

Question 28

Is Payment Card Industry Standard (PCI-DSS) a law?

Answer 28

No

Question 29

The state or condition of being free from being observed or disturbed by other people

Answer 29

Privacy

Question 30

The concept of an individual’s right to privacy is something that has been discussed for many years

Answer 30

Privacy Rights

Question 31

Safeguards privacy through creating four procedural and substantive rights in personal data

Answer 31

Federal Privacy Act of 1974

Question 32

What are the four procedural and substantive rights

Answer 32

1. Requires government agencies to show an individual any records kept on him or her
2. Requires agencies to follow certain principles, called ‘fair information practices,’ when gathering and handling personal data
3. Places restrictions on how agencies can share an individual’s data with other people and agencies
4. Lets individuals sue the government for violating its provisions

Question 33

PII

Answer 33

Personally Identifiable Information

Question 34

Information that can be used to identify an individual in any search (name, address, social security number, etc..)

Answer 34

Personal Identifiable Informaion (PII)

Question 35

CIPA

Answer 35

Children’s Internet Protection Act

Question 36

Requires schools and libraries to prevent children from accessing obscene or harmful content over the internet

Answer 36

Children’s Internet Protection Act

Question 37

FERPA

Answer 37

Family Educational Rights and Privacy Act

Question 38

Protects students’ records. Applies to students at all level.

Answer 38

Family Education Rights and Privacy Act (FERPA)

Question 39

ISO

Answer 39

International Organization for Standardization

Question 40

HITECH

Question 41

FCRA