Regulation & Standards

Question 1

What is the CIA Triad?

Answer 1

The Center for Internet Security
Confidentiality, Integrity, and Availability
Data recovery - 11 CIS control is critical

Question 2

What is the purpose of Automated Discovery tools?

Answer 2

They can find software within a network, determine its version, and create a baseline configuration.

Question 3

What are the 3 main parts of NIST CSF?

Answer 3

The core, implementation tiers, and profiles.

Question 4

What is the primary focus of NIST Cybersecurity Framework?

Answer 4

The sophistication of an entity’s cybersecurity risk management program.

Question 5

How long does the controller have to report a data breach under the European Union GDPR?

Answer 5

72 hours of noticing the incident

Question 6

What is a plan to evaluate, track, and remediate security weaknesses to minimize the opportunity for attacks?

Answer 6

Continuous vulnerability management (7th control)

Question 7

What is PCI DSS?

Answer 7

Payment Card Industry Data Security Standard (12 requirements to regularly monitoring networks that access cardholder data)

Question 8

Who is required to comply with NIST SP 800-53?

Answer 8

Any agency or contractor of an agency that processes, stores, or transmits data for a US federal information system. Other than if the system involves national securtiy. (20 specific security and privacy controls)

Question 9

What would an org use both the NIST CSF and the NIST Privacy Framework?

Answer 9

To find techniques to mitigate privacy incidents.

Question 10

What is COBIT 2019?

Answer 10

“An IT governance framework developed by ISACA.
2 core concepts - governance system principle and governance framework principles”

Question 11

What safeguards does the HIPAA Security Rule Include?

Answer 11

General , Administrative, Physical, and Technical safeguards. Designed to protect PHI(ePHI)

Question 12

When is processing personal data lawful under General Data Protection Regulation (GDPR)?

Answer 12

When a controller is required to comply with their legal obilgation.

Question 13

What is the difference between the orgs current and target profiles?

Answer 13

It identifies the outcomes an organization has prioritized and selected to remediate control gaps.

Question 14

Under HIPAA, when can a covered entity release Protected Health information?

Answer 14

To a public health agency, medical researchers, or law enforcement when it benefits the public interest.

Question 15

Which part of the NIST Privacy Framework includes categories and subcategories?

Answer 15

Core

Question 16

Penetration Testing (18th CIS Control) has what purpose?

Answer 16

To evaluate if existing security controls in a real world incident.

Question 17

What is a healthcare clearinghouse?

Answer 17

They process nonstandard health information from another covered entity into a standard format.

Question 18

What is the CIS control “Continuous Vulnerability Management” underscore?

Answer 18

The criticality of regular review of the cyberenvironment to identify weaknesses.

Question 19

What does access control management focus on implementing?

Answer 19

Multi factor authentication (6th CIS control)

Question 20

Why is data protection implemented under the CIS (Center for Internet Security) Control Framework?

Answer 20

To comply with laws and regulations.

Question 21

What are the 5 funtions of the NIST Privacy Framework?

Answer 21

Identify, Govern, Control, Communicate and Protect

Question 22

To whom does the General Data Protection Regulation (GDPR) in the EU apply?

Answer 22

All individuals residing in the EU. Not limited by citizenship, company size or location.