Module 4: Governance Elements

Question 1

Procedures

Answer 1

Are the detailed steps to complete a task that support departmental or organizational policies.

Question 2

Policies

Answer 2

Are put in place by organizational governance, such as executive management, to provide guidance in all activities to ensure that the organization supports industry standards and regulations.

Question 3

Standards

Answer 3

Are often used by governance teams to provide a framework to introduce policies and procedures in support of
Regulations.

Question 4

Regulations

Answer 4

Are commonly issued in the form of laws, usually from the government ( not to be confused with governance) and typically carry financial penalties for noncompliance.

Question 5

Regulations and laws :
The Health insurance Portability and Accountability Act (HIPPA) of 1996

Answer 5

Is an example of a law that governs the use of protected health information (PHI) in the United States.
Violation of the HIPPA rule carries the possibility of fines and/or imprisonment for both individual and companies.

Question 6

The General Data Protection Regulation (GDPR)

Answer 6

Was enacted by the European Union ( EU) to control use of Personally Identifiable information (PII) of its citizens and those in the EU.

Question 7

IETF

Answer 7

Internet Engineering Task Force

Question 8

NIST

Answer 8

National institute of Standards and Technology

Question 9

ISO

Answer 9

International Organization for Standardization

Question 10

(ISC)2 code of ethics Preamble

Answer 10

The safety and welfare of society and the common good, duty to our principals, and to each other , requires that we adhere, and be seen to adhere, to the highest ethical standards of behavior.
The preamble states the purpose and intent of the (ISC)2 Code of Ethics.

Question 11

(ISC)2 Code of Ethics Canons

Answer 11

The Canons represent the important beliefs held in common by the members of (ISC)2.

Question 12

Cybersecurity professionals who are members of (ISC)2 have a duty to the following four entities in the Canons:

Answer 12

1. Protect society, the common ground, necessary public trust and confidence, and infrastructure.
2. Act honorably, honestly, justly, responsibly and legally.
3. Provide diligent and competent service to principals.
4. Advance and protect the profession.

Question 13

Adequate security

Answer 13

Security commensurate with the risk and the magnitude of harm resulting from the loss, misuse or unauthorized access to or modification of information.

Question 14

Administrative Controls

Answer 14

Controls implemented through policy and procedures. Examples include access control processes and requiring multiple personnel to conduct a specific operation.

Question 15

Artificial intelligence

Answer 15

The ability of computers and robots to simulate human intelligence and behavior.

Question 16

Asset

Answer 16

Anything of value that is owned by an organization. Assets include both tangible items such as information systems and physical property and intangible assets such as intellectual property.