Regulations

Question 1

ISO/IEC 27001

Answer 1

Provides a framework for implementing an information security management system (ISMS). 14 Domains

Question 2

ISO/IEC 15408

Answer 2

Establishes common criteria for evaluating IT security capabilities and assurance.

Question 3

Evaluation Assurance Level (EAL)

Answer 3

Seven levels of IT security assurance, from functionally tested (EAL1) to formally verified (EAL7).

Question 4

ISO/IEC 27701

Answer 4

Extends ISO 27001 for privacy information management, aligning with global privacy standards.

Question 5

NIST SP 800-53

Answer 5

Outlines security and privacy controls for federal and enterprise information systems.

Question 6

PCI DSS

Answer 6

Sets standards for securing payment card transactions and protecting cardholder data.

Question 7

GDPR

Answer 7

General Data Protection Regulation for EU citizens’ personal data privacy and security.

Question 8

CCPA

Answer 8

California Consumer Privacy Act protects residents’ data and grants opt-out rights.

Question 9

LGPD

Answer 9

Brazil’s General Data Protection Law governs data privacy and rights similar to GDPR.

Question 10

HIPAA

Answer 10

Regulates security and privacy of healthcare data in the U.S.

Question 11

PIPEDA

Answer 11

Personal Information Protection and Electronic Documents Act governs data privacy in Canada.

Question 12

SOX (Sarbanes-Oxley Act)

Answer 12

Ensures accurate financial reporting and protects shareholders against fraud.

Question 13

CMMC

Answer 13

Cybersecurity Maturity Model Certification ensures supply chain security for U.S. defense sector.

Question 14

COBIT

Answer 14

Framework for managing and governing enterprise IT to align with business goals.

Question 15

CSA STAR

Answer 15

Cloud Security Alliance Security, Trust, and Assurance Registry evaluates cloud providers.

Question 16

IEC 62443

Answer 16

Standards for securing industrial automation and control systems against cyber threats.

Question 17

SOC 1

Answer 17

Focuses on financial reporting controls and their effectiveness for auditors and organizations.

Question 18

SOC 2

Answer 18

Evaluates controls for security, availability, processing integrity, confidentiality, and privacy.

Question 19

SOC 3

Answer 19

General-use report of SOC 2 compliance for public sharing without detailed control information.

Question 20

FIPS 140-2

Answer 20

U.S. standard for cryptographic modules, with 4 levels of security for safeguarding data.

Question 21

FIPS 140-2 Levels

Answer 21

Level 1: Basic security requirements.
Level 2: Tamper-evident features required.
Level 3: Physical security to prevent tampering.
Level 4: Complete security against physical/logical attacks.

Question 22

ISO/IEC 27017

Answer 22

Provides guidelines for information security controls specific to cloud services.

Question 23

GLBA

Answer 23

Requires financial institutions to protect consumer data and provide privacy notices.

Question 24

ISO/IEC 27018

Answer 24

Protection of PII in Public Cloud

Question 25

ISO/IEC 27050

Answer 25

Electronic Discovery (eDiscovery)

Question 26

ISO/IEC 11900

Answer 26

Coding of Audio-Visual Objects

Question 27

ISO/IEC 11889

Answer 27

Trusted Platform Module (TPM) Standard

Question 28

ISO/IEC 20000-1

Answer 28

ITIL like

Question 29

ISO/IEC 19011

Answer 29

Guidelines for Auditing Management Systems

Question 30

ISO/IEC 18772

Answer 30

Guidance on Managing Personal Financial Planning