CSCS Training

Question 1

IoT

Answer 1

Internet of Things

Question 2

IoMT

Answer 2

Internet of Medical Things

Question 3

Mirai

Answer 3

Japanese word for the “future”

Question 4

CCPA

Answer 4

California Consumer Privacy Act

Question 5

When did the CCPA go into affect?

Answer 5

January 1, 2020

Question 6

What does CCPA grant people?

Answer 6

It grants California residents’ new privacy rights and will provide California residents with more control over their personal information.

Question 7

DBIR

Answer 7

Data Breach Investigations Report

Question 8

Ransomware

Answer 8

When the hacker takes the owners information and makes him pay money to get his own files back.

Question 9

GLB

Answer 9

Gramm Leach Bliley

Question 10

GLB applies to financial institutions in the USA

Answer 10

Banks, securities firms, insurance companies, and other companies selling financial products

Question 11

What is 21 CFR Part 11 designed for?

Answer 11

To prevent fraud while permitting the widest possible use of electronic technology.

Question 12

What is the 21 CFR Part 11 effective date?

Answer 12

1997

Question 13

NERC

Answer 13

North American Electric Reliability Council

Question 14

CIP

Answer 14

Critical Infrastructure Protection

Question 15

CIP Standards

Answer 15

CIP-002 Critical Cyber Assets
CIP-003 Security Management Controls
CIP-004 Personnel and Training
CIP-005 Electronic Security
CIP-006 Physical Security 
CIP-007 Systems Security Management
CIP-008 Incident Reporting Response Planning
CIP-009 Recovery Planning

Question 16

SOX

Answer 16

Sarbanes Oxley Act

Question 17

Who is responsible for misrepresentation of financial data?

Answer 17

SOX

Question 18

What is Title I of the SOX legislation?

Answer 18

Public Company Accounting Oversight Board

Question 19

PCAOB

Answer 19

Public Company Accounting Oversight Board

Question 20

What is Title II for the SOX legislation?

Answer 20

Auditor Independence

Question 21

What is Title III for the SOX legislation?

Answer 21

Corporate Responsibility

Question 22

What is Title IV for the SOX legislation?

Answer 22

Enhanced Financial Disclosures?

Question 23

SEC

Answer 23

Securities and Exchange Commission

Question 24

COSO

Answer 24

Committee of Sponsoring Organizations

Question 25

Define COSO

Answer 25

An acceptable framework to define internal controls for financial reporting systems.

Question 26

How many titles are in the SOX?

Answer 26

11

Question 27

What is the SOX title V?

Answer 27

Analyst Conflicts and Interests

Question 28

What is Title VI of the SOX?

Answer 28

Commission Resources and Authority

Question 29

What is Title VII of the SOX?

Answer 29

Studies and Reports

Question 30

What is Title VIII of the SOX?

Answer 30

Corporate and Criminal Fraud Accountability

Question 31

What is section 802?

Answer 31

Criminal Penalties for Altering Documents

Question 32

What is Title IX of the SOW?

Answer 32

White-Collar Crime Penalty Enhancements

Question 33

What is Title X of SOX?

Answer 33

Corporate Tax Returns

Question 34

What is Title XI of SOX?

Answer 34

Corporate Fraud and Accountability

Question 35

FTC

Answer 35

Federal Trade Commission

Question 36

What is the FTC strategic goals?

Answer 36

Protect Consumers, Maintain Competition, and Advance Organizational Performance

Question 37

AICPA

Answer 37

American Institute of Certified Public Accounts

Question 38

SOC

Answer 38

Service Organization Controls

Question 39

SOC 2

Answer 39

Controls at service organization that are relevant to security, availability, and processing integrity

Question 40

5 Trust Service Principals

Answer 40

Security, Availability, Processing integrity, Confidentiality, and Privacy

Question 41

Which country has PIP?

Answer 41

Japan

Question 42

PIP

Answer 42

Personal Information Protection

Question 43

When did PIP get effective

Answer 43

May 2003

Question 44

Which country has PIPEDA?

Answer 44

Canada

Question 45

PIPEDA

Answer 45

Personal Information Protection and Electronic Document Act

Question 46

When did PIPEDA become effective?

Answer 46

April 2000

Question 47

Benefits of ISO

Answer 47

A reduction in security incidents, confidence to interested parties, reduction in financial losses, reduction in costs for correction, protection of brand and reputation, tender advantage, and consistency across sites

Question 48

ISO 27799

Answer 48

Defines guidelines to support the interpretation and implementation in health informatics of ISO

Question 49

ISO

Answer 49

Information Security Organization

Question 50

What does ISO 27799 apply to?

Answer 50

Health information in all aspects

Question 51

Structure of ISO standards

Answer 51

1. Scope
2. Normative References
3. Terms and Definitions
4. Context of Organizations
5. Leadership
6. Planning
7. Support
8. Operation
9. Performance Evaluation
10. Improvements

Question 52

ISO 27001 specifies the requirements

Answer 52

Establishing, implementing, maintaining, and frontally improving ISMS

Question 53

ISMS

Answer 53

Information Security Management System

Question 54

What does the IMS preserve?

Answer 54

CIA which is Confidentiality, Integrity, and Availability.

Question 55

What is scope?

Answer 55

Provide an overview of ISMS and terms and definitions commonly used in the ISMS family of standards

Question 56

How many Terms and Definitions are there?

Answer 56

89

Question 57

Examples of Terms and Definitions?

Answer 57

Confidentiality, Control Objective, Level of Risk, Process, Risk Analysis, and Vulnerability

Question 58

ISMS benefits

Answer 58

Reduction in security incidents, confidence to interested policies, reduction in financial losses, protection of brand and reputation, competitive, and consistency across sites.

Question 59

Context of the Organization

Answer 59

4. 1 Understanding the organization and its context
5. 2 Understanding the needs and expectations of the interested parties
6. 3 Determining the scope
7. 4 Information Security Management System

Question 60

HIPAA

Answer 60

Healthcare

Question 61

Leadership

Answer 61

5. 1 Leadership and Commitment
6. 2 Policy
7. 3 Organizational roles

Question 62

Planning addresses what?

Answer 62

Risk and Opportunities

Question 63

Planning shall

Answer 63

Define and apply an information security risk treatment process

Question 64

Support

Answer 64

Shall determine and provide the resources needed for establishment, implementation, maintenance, and to continue to improve ISMS

Question 65

Operation

Answer 65

Shall plan, implement, and control the process needed to meet information security requirements, and the implement the actions in 6.1

Question 66

7.1

Answer 66

Resources

Question 67

7.2

Answer 67

Competence

Question 68

7.3

Answer 68

Awareness

Question 69

7.4

Answer 69

Communications

Question 70

7.5

Answer 70

Documented Information

Question 71

6.1

Answer 71

Actions to Address risk and opportunities

Question 72

6.2

Answer 72

Information security objective and planning to achieve them

Question 73

5.1

Answer 73

Leadership and Commitment

Question 74

5.2

Answer 74

Policy

Question 75

5.3

Answer 75

Organizational roles, responsibilities, and authorities

Question 76

4.1

Answer 76

Understanding the organization and its context

Question 77

4.2

Answer 77

Understanding the needs and expectations of the interested parties

Question 78

4.3

Answer 78

Determining the scope

Question 79

4.4

Answer 79

Information Security Management System

Question 80

Performance Evaluation

Answer 80

Shall evaluate the information security performance and the effectiveness of the information security management system

Question 81

9.1

Answer 81

Monitoring, measurement, analysis, and evaluation

Question 82

9.2

Answer 82

Internal audit

Question 83

9.3

Answer 83

Management Review

Question 84

Improvement

Answer 84

Corrective actions shall be reasonable to the effects of the nonconformities encountered

Question 85

10.1

Answer 85

Nonconformity and corrective action

Question 86

10.2

Answer 86

Continual Improvement

Question 87

Documentation Requirements

Answer 87

Scope of ISMS
Information security policy
Information security risk assessment process
Information security risk treatment process
Statement of applicability
Information security objectives
Evidence of competence
Documented evidence
Operation planning and control
Risk assessments results 
Risk treatments results
Evidence of monitoring and measurement
Evidence of monitoring and measurement 
Evidence of audit programs and results
Evidence of management reviews/results
Evidence of nonconformities and subsequent actions
Evidence or results of corrective actions

Question 88

What is ISO 27002 designed for?

Answer 88

Reference for selecting controls within the process of implementing an ISMS based ISO 27001 or to guide for developing their own information security guidelines

Question 89

What does ISO 27002 discuss?

Answer 89

Information security requirements 
Selection of Controls
Developing guidelines
Lifecycle considerations 
Related Standards

Question 90

Security Control Clauses

Answer 90

Information Security Policies, Organization of Information Security, Human Resources Security, Asset Management, Access Control, Cryptography, Physical and Environmental Security, Operation Security, System Acquisition, Supplier Relationships, Information Security Incident Management, Information Security Aspects of Business Continuity Management

Question 91

Information security policies should include

Answer 91

Business strategy
Regulations, legislation, and contracts
Current and Projected Information Security Threat Environment

Question 92

Information Security Policies

Answer 92

To provide management direction and support for information security in accordance with business requirements

Question 93

Information Security Policy is approved by what?

Answer 93

The highest level of management and sets out the organization’s approach to managing its information security objectives

Question 94

Information Security Policies Controls what?

Answer 94

Policies for information security and the review of the policies for information security

Question 95

Who publishes DBR?

Answer 95

Verizon

Question 96

Which agency introduced CFR Part II?

Answer 96

FDA

Question 97

Categories for Identity

Answer 97

Asset Management, Business Environment, Governance, Risk Assessment, Risk Management Strategy, Supply Chain Risk Management

Question 98

Categories for Protect

Answer 98

Identify Management and Access Control, Awareness Control, Data Security, Information Protection Processes and Procedures, Maintenance, Protective Technology

Question 99

Detect categories

Answer 99

Anomalies and Events, Security Continuous Monitoring, and Detection Processes

Question 100

Respond categories

Answer 100

Response planning, communications, analysis, mitigation, and improvements

Question 101

Recover categories

Answer 101

Recovery planning, improvements, and communications