Regulations, standards, and frameworks Flashcards
What is the ISO 27701?
Provides specific requirements and guidance for establishing, implementing, maintaining and constantly improving an information system with private data
What is ISO 31000
A risk management framework that assists an organization in integrating risk management into day to day functions
What is ISO 27001
A standard that sets out the best practice specification for an information system. The guides information security by addressing people and processes as well as technology
What is ISO 27002?
A supplementary standard that focuses on the info security controls that organizations might choose to implement
What is the Cloud security alliance cloud controls matrix (CSA CCM)?
A framework that provides guidance in security domains, including application security, identify and access management, mobile security, encryption and key management, and data center operations.
What the national institute of standards and technology and technology (NIST) Cyber security framework (CSF)
A security policy for how private sector organizations can assess and improve their ability to prevent, detect, and respond to cybersecurity attacks
The Statements on Standards for Attestation Engagements (SSAE)
Is an audit specification guide developed for accountants
What is a clean desk policy?
AN employers work area should be free from any documents or information
What is a fair use (acceptable use) policy?
Defines what someone is allowed to use a particular service or resource
What is a Standard Operating Procedure (SOP)?
Is a documented list of steps or actions used to perform a task to a specified and expected standard
What is a Non-disclosure agreement?
A legal basis for protecting info assests
What is End of Life (EOL)?
When a product will no longer prudced or sold
What is End of service life (EOSL)?
Describes when a vendor will no longer support a product. as well as updates and patches will no longer be produced
What is the annual rate of occurrence (ARO)
Indicates how many times a loss will occur within a year
What is a legacy system?
An outdated computing software OR HARDWARE THAT IS STILL IN USE
What is a workflow
An onboarding process that involves identifying the roles and permissions users need
What is Offboarding?
Process by which accounts are dleeted or disabled
What is User Account control (UAC)?
A windows-specific function that prevents users from permission to a resource for the duration of a specific authorization
What is privilege bracketing
An account management practice that involves giving users permission to a resource for the duration of a specific project or a need-to-know situation
What is a Service Level Agreement?
A contractual agreement setting out detailed terms for future provided services
What is a Business Partners Agreement?
A partner agreement type that large IT companies, such as Microsoft and Cisco, set up with resellers and solution providers
What is a Interconnection Security Agreement (ISA)?
used when any federal agency interconnecting its IT system to a third part
What ia User Training
Teaches users new functionality, as well as proper policies and procedures for both the company and the software
What is Vendor-specific guides
Instructions on how to install and securely configure hardware and software, specifically for a certain vendor
