Regulations Standards Framework

Question 1

What is NIST (National Institute of Standards and Technology)
SP 800-53?

Answer 1

• A standard that focuses on security and privacy.
• All US federal info systems MUST FOLLOW 800-53, EXCEPT FOR MILITARY / INTELLIGENCE.
• It is NOT MANDATORY to follow this standard
• This standard has 20 control families that must be implemented by federal agencies and their contractors

Question 2

What is CIS?

Answer 2

• Center for Internet Security.
• It has 18 security controls.
• It’s an international organization of volunteers and organizations that share info about attacks and defensive actions.

Question 3

What is CIA?

Answer 3

• Confidentiality, Integrity, and Availability.
• It is a cybersecurity model that focuses on DATA RECOVERY.

Question 4

What is COBIT 2019?

Answer 4

• “Control Objectives for Information Technologies.”
• It is an IT governance framework.
• Based on 2 core concepts: Governance SYSTEM principles and governance FRAMEWORK principles.
• Governance SYSTEM principles describe the requirements of a governance system for IT.
• Governance FRAMEWORK principles are used to build a governance system.

Question 5

COBIT 2019 GOVERNANCE FRAMEWORK principles

Answer 5

• Governance framework should be based on a conceptual model.
• Governance framework should be open and flexible.
• Governance framework should align to standards, framework, and regulations.

Question 6

Under EU GDPR (General Data Protection Regulation), if there is a data breach, the controller must notify the appropriate SUPERVISORY AUTHORITY within

Answer 6

72 hours of noticing the incident.

Question 7

EU GDPR 6 Principles

LOVE PUTS DOGS AT SOME INTEREST

Answer 7

1) Lawfulness, Fairness, Transparency
2) Purpose limitation
3) Data Minimization
4) Accuracy
5) Storage limitation
6) Integrity and confidentiality

Question 8

Under EU GDPR, personal data can be:

Answer 8

Processed without a data subject’s consent when a controller must do so to comply with legal obligations

Question 9

GDPR is an EU law that:

Answer 9

• Imposes rules on the processing of personal data of EU citizens.
• GDPR respects the rights of individuals to their personal data and ensures the free movement of data between EU member states.
• GDPR can apply to individuals/orgs outside the EU if they monitor the behavior of data subjects who live in the EU.

Question 10

Applicability of the GDPR is not limited by

Answer 10

• Citizenship, company size, or location.
• The regulation’s protection extends to the personal data and privacy of all individuals residing in the EU.

Question 11

According to the GDPR’s accuracy principle, what must be accurate?

Answer 11

Personal data. It also must be kept up to date.

Question 12

What are automated discovery tools?

Answer 12

• They are tools that can find software within a network and determine its version.

Question 13

What is the NIST (National Institute of Standards and Technology) cybersecurity framework (CSF)?

Answer 13

• It is a risk-based approach to cybersecurity assessment and decision making.

Question 14

What are the 3 main parts of the NIST (National Institute of Standards and Technology) Cybersecurity Framework?

COME IN PLEASE

Answer 14

1) Core
2) Implementation Tiers (there are 4 tiers)
3) Profiles

Question 15

What is the primary focus of implementation tiers under NIST (National Institute of Standards and Technology) CSF?

Answer 15

The sophistication of an entity’s cybersecurity risk management program.

Question 16

To deal with the problem of the organizations that have implemented the NIST CSF (National Institute of Standards and Technology Cybersecurity Framework) but not properly manage the privacy risks, what did NIST do to solve that problem?

Answer 16

• NIST developed a VOLUNTARY Privacy Framework that follows the same structure as CSF (Cybersecurity Framework).
• This alignment makes it easier to combine frameworks to address cybersecurity related privacy incidents.
• The CSF functions help organizations detect, respond to, and recover from cybersecurity incidents that involve personal data.

Question 17

Under PCI DSS (Payment Card Industry Data Security Standard), what does risk assessment require?

Answer 17

It requires INVENTORYING all system components, including hardware, software data, and networks.

Question 18

Under CIS (Center for Internet Security) controls, data protection is implemented to do what?

Answer 18

• To comply with various laws that govern data and privacy security.
• These controls ensure data are handled, stored, and disposed of in a manner that meets legal and regulatory requirements.

Question 19

NIST (National Institute of Standards and Technology) Privacy Framework functions in order

IN GOOD CONTROL COMMUNICATE PLEASE

Answer 19

1) Identify-P
2) Govern-P
3) Control-P
4) Communicate-P
5) Protect-P

Question 20

COBIT 2019 GOVERNANCE SYSTEM Principles

Answer 20

• Provide stakeholder value
• Holistic approach
• Dynamic Governance system
• Governance distinct from management
• Tailored to enterprise needs
• End-to-end governance system

Question 21

COBIT 2019 COMPONENTS of a GOVERNANCE SYSTEM

Answer 21

• Processes
• Services, Infrastructure, applications
• People, skills, competencies
• Culture, ethics, behavior
• Information
• Principles, policies, procedures
• Organizational structures