Test Questions Flashcards
ISO 31000
International risk management best practices
GDPR
The European Union’s regulation that states that personal data cannot be collected or processed without the individual’s informed consent.
PCI DSS
Outlines how credit card/bank info must be safely managed.
SSAE SOC2
An audit/test that reports on an organization’s controls relative to the CIA triad..
PCI DSS
PCI DSS = Payment Card Industry Data Security Standard
NIST CSF
NIST CSF = National Institute of Standards and Technology, Cyber Security Framework
ISO 22301
ISO 22301 – security & resilience, business continuity management
ISO 27001
ISO 27001 – information security rules and requirements (compliance/regulations)
ISO 27001 ***
ISO 27001Information Security Management Systems
Infosec rules and requirements used by many governing bodies to create compliance/regulations
ISO 27701***
ISO 27701 Privacy Information Management
An extension to 27001 that outlines rules and regulations specifically tied to privacy.
ISO 27002***
ISO 27002 Information Security Best Practices
Guidelines and suggestions for how to start or improve infosec at an organization.
ISO 31000***
ISO 31000 Risk Management Best Practices
Generic (non specific) suggestions for managing risk response within an organization
AES
• Advanced Encryption Standard (AES/AES256)
Compensation
= • Substitutes for a principal control
Common Vulnerability Scoring System (CVSS)
provides a way to capture the principal characteristics of a vulnerability and produce a numerical score reflecting its severity.