Domain 5: Governance, Risk, and Compliance Flashcards
What is risk management?
Risk management is the process of identifying, assessing, and mitigating risks to an organization’s assets, operations, and data.
What is a security policy?
A security policy is a formal document that outlines an organization’s security expectations, responsibilities, and requirements.
What is GDPR (General Data Protection Regulation)?
GDPR is a regulation in the European Union that governs data protection and privacy for individuals, requiring organizations to protect personal data and uphold privacy rights.
What is PCI DSS (Payment Card Industry Data Security Standard)?
PCI DSS is a set of security standards designed to protect cardholder data and ensure the secure processing, storage, and transmission of credit card information.
What is data classification?
Data classification is the process of categorizing data based on its sensitivity and criticality to the organization, determining the level of protection required.