Regulations, standards, and frameworks

Question 1

What is the ISO 27701?

Answer 1

Provides specific requirements and guidance for establishing, implementing, maintaining and constantly improving an information system with private data

Question 2

What is ISO 31000

Answer 2

A risk management framework that assists an organization in integrating risk management into day to day functions

Question 3

What is ISO 27001

Answer 3

A standard that sets out the best practice specification for an information system. The guides information security by addressing people and processes as well as technology

Question 4

What is ISO 27002?

Answer 4

A supplementary standard that focuses on the info security controls that organizations might choose to implement

Question 5

What is the Cloud security alliance cloud controls matrix (CSA CCM)?

Answer 5

A framework that provides guidance in security domains, including application security, identify and access management, mobile security, encryption and key management, and data center operations.

Question 6

What the national institute of standards and technology and technology (NIST) Cyber security framework (CSF)

Answer 6

A security policy for how private sector organizations can assess and improve their ability to prevent, detect, and respond to cybersecurity attacks

Question 7

The Statements on Standards for Attestation Engagements (SSAE)

Answer 7

Is an audit specification guide developed for accountants

Question 8

What is a clean desk policy?

Answer 8

AN employers work area should be free from any documents or information

Question 9

What is a fair use (acceptable use) policy?

Answer 9

Defines what someone is allowed to use a particular service or resource

Question 10

What is a Standard Operating Procedure (SOP)?

Answer 10

Is a documented list of steps or actions used to perform a task to a specified and expected standard

Question 11

What is a Non-disclosure agreement?

Answer 11

A legal basis for protecting info assests

Question 12

What is End of Life (EOL)?

Answer 12

When a product will no longer prudced or sold

Question 13

What is End of service life (EOSL)?

Answer 13

Describes when a vendor will no longer support a product. as well as updates and patches will no longer be produced

Question 14

What is the annual rate of occurrence (ARO)

Answer 14

Indicates how many times a loss will occur within a year

Question 15

What is a legacy system?

Answer 15

An outdated computing software OR HARDWARE THAT IS STILL IN USE

Question 16

What is a workflow

Answer 16

An onboarding process that involves identifying the roles and permissions users need

Question 17

What is Offboarding?

Answer 17

Process by which accounts are dleeted or disabled

Question 18

What is User Account control (UAC)?

Answer 18

A windows-specific function that prevents users from permission to a resource for the duration of a specific authorization

Question 19

What is privilege bracketing

Answer 19

An account management practice that involves giving users permission to a resource for the duration of a specific project or a need-to-know situation

Question 20

What is a Service Level Agreement?

Answer 20

A contractual agreement setting out detailed terms for future provided services

Question 21

What is a Business Partners Agreement?

Answer 21

A partner agreement type that large IT companies, such as Microsoft and Cisco, set up with resellers and solution providers

Question 22

What is a Interconnection Security Agreement (ISA)?

Answer 22

used when any federal agency interconnecting its IT system to a third part

Question 23

What ia User Training

Answer 23

Teaches users new functionality, as well as proper policies and procedures for both the company and the software

Question 24

What is Vendor-specific guides

Answer 24

Instructions on how to install and securely configure hardware and software, specifically for a certain vendor

Question 25

What is General Purpose gudies

Answer 25

Help increase security in hardware and software by providing instructions to configuring a system based on roles and appliances

Question 26

What is Change Management?

Answer 26

A process that involves the prevention of unauthorized changes to a system

Question 27

Why is the Sarbanes-Oxley (SOX) act?

Answer 27

An act that helps investors from fraudulent financial reporting by large corporations