Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CISM 1.0 - ISACA > I. Control Frameworks > Flashcards

I. Control Frameworks Flashcards

1
Q

Approach recommended by ISO/IEC 27001 to select a control framework

A

Start with a well-known control framework and then create additional control if needed, to address risks specifics to the organization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

COBIT

A

Control Objectives for Information and Related Technologies.

Is an IT management framework developed by the IT Governance Institute and ISACA.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Four domain of COBIT

A

Plan and Organize,
Acquire and Implement,
Deliver and Support,
Monitor and Evaluate

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is COBIT

A

an IT process framework that includes security processes that are interspersed throughout the framework.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

ISO/IEC 27001

A

is an international standard for information security and risk management.

It has two sections: Requirements and Controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

ISO/IEC 38500

A

an international standard on the corporate governance of information technology, suitable for small and large organizations in the public or private sector.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

ITIL / ISO/IEC 20000

A

Known as the IT Infrastructure Library, ITIL is a framework of processes for IT service delivery and IT service management.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

HIPAA

A

The U.S. Health Insurance Portability and Accountability Act established requirements for the protection of electronic protected health information (EPHI).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

HIPAA requirements

A
  • Administrative safeguards
  • Physical safeguards
  • Technical safeguards
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

NIST SP 800-53

A

Required for all U.S. government information systems as well as all private company that store or process information on behalf of the U.S. federal government.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

NIST Cybersecurity Framework or NIST CSF

A

It is a risk-based life-cycle methodology for assessing risk, enacting controls, and measuring control effectiveness that is not unlike ISO/IEC 27001.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Components of NIST CSF

A

Framework Core - Includes functions such as Identify, Protect, Detect. Respond, Recover.

Framework Implementation Tiers

Framework Profile

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

The Critical Security Controls (CSC) framework

A

a well-known control framework that traces its lineage back to the SANS organization. The framework is still commonly referred to as the “SANS 20” or “SANS 20 Critical Security Controls.”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

The Payment Card Industry Data Security Standard or PCI-DSS

A

a control framework specifically for the protection of credit card numbers and related information when stored, processed, and transmitted on an organization’s networks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

CISM 1.0 - ISACA (22 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions