Compliance & Assessment Flashcards

1
Q

Applications Architecture

A

Applications and systems an organization deploys.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Data architecture

A

Approach to storing and managing information assets.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Business architecture

A

Governance and organization and explains the interaction between enterprise architectures and business strategy.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Trust Foundry Programs

A

Set up by DoD. Accredited suppliers that have proved themselves capable of operating a secure supply chain, from design through to manufacture and testing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

NIST Maturity Levels

A
  1. Partial 2. Risk Informed 3. Repeatable 4. Adaptive
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

GLBA

A

Gramm-Leach-Billey Act. Requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

HIPPA

A

Health Insurance Portability and Accountability Act - created primarily to modernize the flow of healthcare information, stipulate how Personally Identifiable Information maintained by the healthcare and healthcare insurance industries should be protected from fraud and theft

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Risk Transference

A

the response of moving or sharing the responsibility of risk to another entity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Technical Architecture

A

the infrastructure needed to support the other architectural domains

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Data Sovereignty

A

a jurisdiction (such as France or the European Union) preventing or restricting processing and storage from taking place on systems that do not physically reside within that jurisdiction.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

SLE

A

single loss expectancy (SLE = AV x RF)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

ALE

A

The annual loss expectancy (ALE) is the total cost of a risk to an organization annually - LE = SLE x ARO

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

NIST cybersecurity framework Maturity Rating

A

Partial (tier 1), Risk Informed (tier 2), Repeatable (tier 3), and Adaptive (tier 4)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Data Owner

A

responsible for the confidentiality, integrity, availability, and privacy of information assets. They are usually senior executives and somebody with authority and responsibility.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Data Steward

A

primarily responsible for data quality. This involves ensuring data are labeled and identified with appropriate metadata.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Data Custodian

A

the role that handles managing the system on which the data assets are stored. This includes responsibility for enforcing access control, encryption, and backup/recovery measures.

17
Q

Privacy Officer

A

responsible for oversight of any PII/SPI/PHI assets managed by the company.