Dominio 2 Flashcards
Definition of HITRUST?
Health Information Trust Alliance
Definition of ISF?
Information Security Forum Framework
Definition of CSF?
Common Security Framework
What is ISF all about?
Founded in 1989. Independent, not-for-profit association of global organizations dedicated to investigating, clarifying cybersecurity.
It has a framawork.
Definition of ITIL?
Information Technology Infrastructure Library
5 tiers/pilars/functions of NIST Cybersecurity Framework (CSF)
Identify, Protect, Detect, Respond, Recover.
5 parts of a control lifecycle management?
Select, validate, catalog, implement, monitor.
COSO DEFENSE-IN-DEPTH MODEL (4)
Deterrent, Preventative, Detective, Corrective
What is NIST Special Publication (SP) 800-26 all about?
Guide for Information Security Program Assessments
NIST Special Publication (SP) 800-26 describe 3 classes of security control types:
Management, Operational, Technical
NIST introduced the concept of baseline control (assist organizations in making the appropriate selection of security controls)
High-Impact Baseline, Moderate Impact Baseline, Low-Impact Baseline
What contains NIST SP 800-53?
catalog of information security controls
Two approaches of audits
Compliance-based auditing (CBA) and Risk-based auditing (RBA)
The three main healthcare IS control guidance documents can be found in which three standards?
HIPAA, HITECH, and HITRUST