Compliance & Assessment Flashcards
Applications Architecture
Applications and systems an organization deploys.
Data architecture
Approach to storing and managing information assets.
Business architecture
Governance and organization and explains the interaction between enterprise architectures and business strategy.
Trust Foundry Programs
Set up by DoD. Accredited suppliers that have proved themselves capable of operating a secure supply chain, from design through to manufacture and testing.
NIST Maturity Levels
- Partial 2. Risk Informed 3. Repeatable 4. Adaptive
GLBA
Gramm-Leach-Billey Act. Requires financial institutions to explain their information-sharing practices to their customers and to safeguard sensitive data.
HIPPA
Health Insurance Portability and Accountability Act - created primarily to modernize the flow of healthcare information, stipulate how Personally Identifiable Information maintained by the healthcare and healthcare insurance industries should be protected from fraud and theft
Risk Transference
the response of moving or sharing the responsibility of risk to another entity.
Technical Architecture
the infrastructure needed to support the other architectural domains
Data Sovereignty
a jurisdiction (such as France or the European Union) preventing or restricting processing and storage from taking place on systems that do not physically reside within that jurisdiction.
SLE
single loss expectancy (SLE = AV x RF)
ALE
The annual loss expectancy (ALE) is the total cost of a risk to an organization annually - LE = SLE x ARO
NIST cybersecurity framework Maturity Rating
Partial (tier 1), Risk Informed (tier 2), Repeatable (tier 3), and Adaptive (tier 4)
Data Owner
responsible for the confidentiality, integrity, availability, and privacy of information assets. They are usually senior executives and somebody with authority and responsibility.
Data Steward
primarily responsible for data quality. This involves ensuring data are labeled and identified with appropriate metadata.