Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CompTIA Security + (SY0-701) > Section 13.116 External Audits and Assessments > Flashcards

Section 13.116 External Audits and Assessments Flashcards

Objective 5.5 Explain types and purposes of audits and assessments

1
Q

External Audits and Assessments

A

Essential tools for maintaining a robust security posture and ensuring regulatory compliance

■ Conducted by independent third parties to provide an unbiased perspective on an organision security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

External Audits

A

Systematic evaluations conducted by independent entities to assess information systems, applications, and security controls

Focuses on various areas:
● Data protection
● Network security
● Access controls
● Incident response procedures

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Goals of External Audits

A

to identify gaps in security policies and controls for compliance with regulatory standards such as

● GDPR
● HIPAA
● PCI DSS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

External Assessments

A

Detailed analysis by independent entities to identify vulnerabilities and risks in an organisations security systems

External assessments can take various forms

● Risk assessments
● Vulnerability assessments
● Threat assessments

Utilize automated scanning tools and manual testing techniques

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Regulatory Compliance

A

The goal is to ensure organisations comply with relevant laws, policies, and
regulations

■ Organizations adopt consolidated and harmonized sets of compliance controls to achieve regulatory compliance, e.g., NIST Cybersecurity Framework

■ Compliance includes adherence to industry-specific rules (e.g., HIPAA, PCI DSS) and more generalized regulations like GDPR

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Examinations

A

Detailed inspections of an organisations security infrastructure conducted externally

Cover various areas:

● Network security
● Data Protection
● Access controls

May include testing of the following

● Key personnel
● Certifications up to date
● Standardised assessments

Crucial for maintaining a strong security posture and regulatory compliance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Independent Third-Party Audits

A

Provide an unbiased perspective on an organisations security posture

■ Validate security measures and build trust with
● Customers
● Stakeholder
● Regulatory bodies

■ Required by regulations like GDPR and PCI DSS for organizations to undergo regular independent third-party audits

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

CompTIA Security + (SY0-701) (205 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions