Controls, frameworks, and compliance Flashcards
What is the CIA model?
The confidentiality, integrity, and availability (CIA) triad is a model that helps inform how organizations consider risk when setting up systems and security policies. CIA are the three foundational principles used by cybersecurity professionals to establish appropriate controls that mitigate threats, risks, and vulnerabilities.
what are the four main components of security frameworks?
Identifying and documenting security goals
Setting guidelines to achieve security goals
Implementing strong security processes
Monitoring and communicating results
what is compliance?
Compliance is the process of adhering to internal standards and external regulations.
Give some examples of frameworks?
The NIST Cybersecurity Framework (CSF) and the NIST risk management Framework (RMF)
What is the NIST
The National Institute of Standards and Technology (NIST) is a U.S.-based agency that develops multiple voluntary compliance frameworks that organizations worldwide can use to help manage risk. The more aligned an organization is with compliance, the lower the risk.
What does FERC-NERC stand for?
The Federal Energy Regulatory Commission - North American Electric Reliability Corporation
What is the FERC-NERC regulation?
FERC-NERC is a regulation that applies to organizations that work with electricity or that are involved with the U.S. and North American power grid. These types of organizations have an obligation to prepare for, mitigate, and report any potential security incident that can negatively affect the power grid. They are also legally required to adhere to the Critical Infrastructure Protection (CIP) Reliability Standards defined by the FERC.
What is CIP?
Critical Infrastructure Protection
What does FedRAMP stand for?
The Federal Risk and Authorization Management Program
What is the FedRAMP
FedRAMP is a U.S. federal government program that standardizes security assessment, authorization, monitoring, and handling of cloud services and product offerings. Its purpose is to provide consistency across the government sector and third-party cloud providers.
What does CIS stand for?
Centre for Internet Security
What is CIS?
CIS is a nonprofit with multiple areas of emphasis. It provides a set of controls that can be used to safeguard systems and networks against attacks. Its purpose is to help organizations establish a better plan of defense. CIS also provides actionable controls that security professionals may follow if a security incident occurs.
What does GDPR stand for?
General Data Protection Regulation
What is GDPR?
GDPR is a European Union (E.U.) general data regulation that protects the processing of E.U. residents’ data and their right to privacy in and out of E.U. territory. For example, if an organization is not being transparent about the data they are holding about an E.U. citizen and why they are holding that data, this is an infringement that can result in a fine to the organization. Additionally, if a breach occurs and an E.U. citizen’s data is compromised, they must be informed. The affected organization has 72 hours to notify the E.U. citizen about the breach.
What does PCI DSS stand for?
PCI DSS is an international security standard meant to ensure that organizations storing, accepting, processing, and transmitting credit card information do so in a secure environment. The objective of this compliance standard is to reduce credit card fraud
