last minute questions Flashcards
All entities include building and maintaining a secure network and systems, protecting cardholder data, maintaining a vulnerability management program, implementing strong access control measures, regularly monitoring, and testing of networks, and maintaining an information security policy.
PCI Data Security Standard goals
cover remedial actions and reporting mechanisms, authority levels, access controls, audit programs, and monitoring procedures. They should also cover organizational structures, committee compositions, and officer approval levels.
Control activities
PINs (personal identification numbers), PKIs (digital certificates using a public key infrastructure), and (OTPs) one-time passwords are used by financial institutions to authenticate customers.
technologies and methodologies used by financial institutions
According to the OCC, while conducting due diligence, banks should consider the quality initiatives, efficiency improvements and employment policies and practices
third party’s strategy and goals
be appropriate for the institution’s specific RDC environment and should clearly identify each party’s roles, responsibilities, and liabilities. In addition, other specific contract provisions should be considered
RDC contracts and agreement
Ensure effective internal control programs are established and revised in response to changes in laws and regulations, asset size, or organizational complexity.
Boards of directors
A self-assessment questionnaire that serves as a validation tool for eligible organizations who are not required to submit a report of compliance.
According to PCI DSS, what is an SAQ
According to COSO, the risk to a chosen strategy is just one aspect that should be considered in enterprise risk management. Two additional aspects to enterprise risk management that can have far greater effects on an entity’s value is the possibility of the
strategy not aligning with the organization’s mission, vision, and core values, and the implications from the chosen strategy.
An Enterprise Risk Management (ERM) program can increase the range of opportunities, increase positive outcomes, reduce negative surprises and unforeseen costs, and enhance resource deployment by assessing the need for and assigning priority for finite resources.
erm
Overall credit risk in the payments system has three components: (1) direct credit risk to the Federal Reserve, (2) private direct credit risk, and (3) systemic risk.
