Compliance, Laws, Regulations

Question 1

What does (FISMA) stand for?

Answer 1

Federal Information Security Management Act

Question 2

What does (FedRAMP) stand for?

Answer 2

Federal Risk and Authorization Management Program

Question 3

Where does FISMA apply to?

Answer 3

It applies to all US Federal and State Government Agencies That administer federal programs such as Medicare and all private companies that support, sell, or receive grant money from federal government

Question 4

Federal Risk and Authorization Management

Answer 4

This applies to SAAS tools and Cloud platform providers like AWS and AZURE

Question 5

ATO

Answer 5

Authority To Operate

Question 6

What does (HIPAA) Stand for?

Answer 6

The Health insurance portability and accountability act
Founded at (1996)

Question 7

What does (PHI) Stand for?

Answer 7

Protected health information

Question 8

Sarbanes-Oxley Act (SOX) (founded 2002)

Answer 8

Regulates financial data, operation, and assets for publicly held companies

Question 9

Gramm-Leach-Bliley Act (GLBA)

Answer 9

Protects information Such as Personally identifiable information (PII).

Question 10

Children’s Internet Protection ACT (CIPA)

Answer 10

Requires schools and libraries to prevent children from accessing obscene or harmful content over the internet

Question 11

Children Online Privacy Protection Act (COPPA)

Answer 11

Protects the privacy of minors younger than 13 by restricting organizations from collecting their PII

Question 12

The Family Educational Rights and Privacy Act (FERPA) was founded 1974

Answer 12

Insures to protect students at all levels once turned 18. The rights to these records shift from parent to student

Question 13

General Data Protection Regulation (GDPR) European Union 2018

Answer 13

covers data protection and privacy for all individuals in the European Union

Question 14

Payment Card Industry Data Security Standard (PCI DSS)

Answer 14

an information security standard designed to protect cardholder data and reduce fraud and data breaches across the payment ecosystem

Question 15

International Organization for Standardization (ISO) Created in 1926

Answer 15

covers technology, Food safety, and agriculture

Question 16

SP 800-37 Framework

Answer 16

1. Categorize
2. Select
3. Implement
4. Assess
5. Authorize
6. Monitor

Question 17

(SAAS)

Answer 17

Software as a service (EX: Provides access to a specific application or application suite like google Apps)

Question 18

(PAAS)

Answer 18

Platform as a service (EX: Database or web server like azure)

Question 18

(IAAS)

Answer 18

Infrastructure as a service (EX, Virtual Servers and storage like Google Cloud and Amazon web services)

Question 19

NIST

Answer 19

National institute of standards and technology

Question 20

Health Information Technology for Economic and Clinical Health Act (HITECH)

Answer 20

Legislation enacted as part of the American Recovery and Reinvestment Act 2009. HITECH aims to promote the adoption and meaningful use of health information technology (health IT) in the United States.

Question 21

what does due care mean

Answer 21

Often called prudent man rule, which is doing what any responsible person would do

Question 22

Define due diligence

Answer 22

The management of due care ensuring the implemented security measure was done correctly

Question 23

Define Gross negligence

Answer 23

The opposite of due care and suffering a negative loss, you can be legally held liable

Question 24

Human intelligence (Humint)

Answer 24

Any Data that was gathered by talking to people