Security And Risk Management

Question 1

Due Care

Answer 1

Fulfilling legal responsibilities and professional best practices

Question 2

Due Dilligence

Answer 2

Taking reasonable measures to investigate security risks

Question 3

COBIT

Answer 3

Control Objective for IT Business-Focused control framework.

Question 4

ISO 27001

Answer 4

Cybersecurity control objectives

Question 5

ISO 27002

Answer 5

Cybersecurity control implementation

Question 6

ISO 27701

Answer 6

Privacy Controls

Question 7

ISO 31000

Answer 7

Risk management programs

Question 8

NIST 800-53

Answer 8

Mandatory for federal agencies

Question 9

CSF

Answer 9

NIST Cybersecurity Framework

Question 10

NIST Cybersecurity Framework (CSF) functions

Answer 10

Identify, protect, detect, respond, recover

Question 11

PII

Answer 11

Personal Identifiable Information

Question 12

PHI

Answer 12

Protected Health Information. Governed under HIPAA (Health Insurance and Accountability Act)

Question 13

GAPP

Answer 13

Generally accepted privacy principles

Question 14

GAPP Principles

Answer 14

Management, Notice, Choice and Consent, Collection, (Use, retention and disposal), Access, Disclosure with Third Parties, Security, Quality, (Monitoring and enforcement)

Question 15

ISO / IEC 27018: 2019

Answer 15

Protection of PII

Question 16

CFAA

Answer 16

Computer Fraud and Abuse Act

Prohibits unauthorized access to computer systems in commerce

Prohibits the creation of malicious code

Question 17

ECPA

Answer 17

Electronic Communications Privacy Act

Restricts government interception of communications

Question 18

ITADA

Answer 18

Identity Theft and Assumption Deterrence Act

Question 19

Copyrights

Answer 19

Protect creative works (books, music, etc)

Question 20

Trademarks

Answer 20

Protect words and symbols (indefinite, 10 year renewal)

Question 21

Patents

Answer 21

Protect inventions

Question 22

Trade Secret

Answer 22

Not patented as you have to disclosed how it works

Question 23

ITAR

Answer 23

International Traffic in Arms Regulations

“Defense articles”

Question 24

EAR

Answer 24

Export Administration Regulations

“Dual use; Military and civil use”

Question 25

OFAC

Answer 25

Office of Foreign Assets Control

Cover sanctioned countries

Question 26

Security Policy Framework components

Answer 26

Policies, Standards, Guidelines and Procedures

Question 27

Security Policies

Answer 27

Provide a foundation for a security program
Are written carefully over a long period of time
Mandatory
Approved high level of the organization

Question 28

Security Standards

Answer 28

Specific details of security controls
Mandatory
Less rigorous approval process

Question 29

Guidelines

Answer 29

Advice for the organization
Follow best practices
Not Mandatory

Question 30

Procedures

Answer 30

Step by step

Can be mandatory or not