Governance Standards And Control Frameworks

Question 1

PCI-DSS

Answer 1

Payment Card Industry Data Security Standard
Standard that is required to handle or issue credit and debit cards

Question 2

OCTAVE (Operationally Critical Threat Asset Vulnerability Evaluation)

Answer 2

Self directed risk management
Team oriented approach identify assets important to the organization, threats to those assets, and vulnerabilities that may expose those assets

Question 3

COBIT (Control Objectives for Information and Technology)

Answer 3

Control Objectives for Information and Technology
Goals for IT stakeholders needs are mapped down to IT related goals.
Operational level

Question 4

ITIL

Answer 4

Information Technology Infrastructure Library
IT services Management (ITSM)
Set of frameworks and best practices that is used to align IT services with business needs

Question 5

COSO

Answer 5

Committee of Sponsoring Organizations
Goals for the entire organization
High strategic level

Question 6

FRAP

Answer 6

Facilitated Risk Analysis Process
Analyzes 1 business unit applications or system at a time in a round table brainstorm with internal employees

Question 7

ISO 27001

Answer 7

International Organization for Standardization
Focus on creation and maintenance of an information security management system
Can be certified in

Question 8

ISO 27002

Answer 8

Provide practical advice on how to implement security controls

Question 9

ISO 27004

Answer 9

Provide metrics for measuring the success of your ISMS

Question 10

ISO 27005

Answer 10

Standard based approach to risk management. Gives detail and structure to the information security risks by defining the context for information security risk decision making

Question 11

ISO 27799

Answer 11

Directives on how to protect PHI(Protect Health Information)