Security Controls, Frameworks & Compliance Flash Cards
What is the CIA triad?
The confidentiality, integrity, and availability triad is a model that helps organizations consider risk when setting up systems and security policies. These are the three foundational principles used by cybersecurity professionals to establish appropriate controls.
What are security controls?
Security controls are safeguards designed to reduce specific security risks. They are used alongside frameworks to ensure security goals and processes are implemented correctly and organizations meet regulatory compliance requirements.
What are the four core components of security frameworks?
- Identifying and documenting security goals
- Setting guidelines to achieve security goals
- Implementing strong security processes
- Monitoring and communicating results
What is compliance?
The process of adhering to internal standards and external regulations.
What is FERC-NERC?
A regulation that applies to organizations working with electricity or the U.S./North American power grid. These organizations must prepare for, mitigate, and report potential security incidents affecting the power grid and adhere to Critical Infrastructure Protection Standards.
What is FedRAMP?
The Federal Risk and Authorization Management Program - a U.S. federal government program that standardizes security assessment, authorization, monitoring, and handling of cloud services and product offerings across the government sector and third-party cloud providers.
What is CIS?
The Center for Internet Security - a nonprofit that provides controls to safeguard systems and networks against attacks and helps organizations establish better defense plans.
What is GDPR?
General Data Protection Regulation - an E.U. regulation that protects the processing of E.U. residents’ data and their right to privacy both in and out of E.U. territory. Organizations have 72 hours to notify E.U. citizens of data breaches.
What is PCI DSS?
Payment Card Industry Data Security Standard - an international security standard ensuring organizations storing, accepting, processing, and transmitting credit card information do so securely to reduce credit card fraud.
What are the three main rules of HIPAA?
- Privacy
- Security
- Breach notification
What is Protected Health Information (PHI)?
Information relating to the past, present, or future physical or mental health or condition of an individual, including plans of care or payments for care.
What is ISO?
International Organization for Standardization - created to establish international standards related to technology, manufacturing, and management across borders, helping organizations improve processes and procedures.
What do SOC type 1 and type 2 reports focus on?
They focus on an organization’s user access policies at different organizational levels (Associate, Supervisor, Manager, Executive, Vendor, etc.) and are used to assess financial compliance and risk levels. They cover confidentiality, privacy, integrity, availability, security, and overall data safety.
What is NIST?
The National Institute of Standards and Technology - a U.S.-based agency that develops voluntary compliance frameworks that organizations worldwide can use to help manage risk.
What is HITRUST?
The Health Information Trust Alliance - a security framework and assurance program that helps institutions meet HIPAA compliance.
