IS4680 Chapter 5 Flashcards
Audit frequency
The rate of occurrence for an audit.
Audit objective
The goal of an audit
Audit scope
The range of the organization to be included in an audity within a defined time frame.
CPO - Chief Privacy Officer
Senior-level position responsible for the overall management of an organization’s privacy program.
CAG - Consensus Audity Guidelines
A listing of the top 20 critical security controls, published by SANS.
ERM - Enterprise risk management
The process organizations use to manage risks related to achieving their goals.
FIPS - Federal Information Processing Standards
Technical standards published by NIST and approved by the secretary of commerce.
GAPP - Generally Accepted Privacy Principles
Set of principles developed to provide guidance for privacy audits.
ITL - Information Technology Laboratory Bulletins
NIST publications that provide in-depth coverage of important topics.
ISO/IEC 27005
A security risk-management framework developed by ISO/IEC.
IT universe
All the resources or auditable components within an organization.
NCP - National Checklist Program
A government repository of baseline security checklists.
NIST 800-30
A guide developed by NIST for the management of risk for IT systems.
NISTIR - NIST Internal Reports
NIST publications that describe niche technical research.
Special Publications
A series of standards developed by NIST.
