CSCS Training Flashcards
(101 cards)
1
Q
IoT
A
Internet of Things
2
Q
IoMT
A
Internet of Medical Things
3
Q
Mirai
A
Japanese word for the “future”
4
Q
CCPA
A
California Consumer Privacy Act
5
Q
When did the CCPA go into affect?
A
January 1, 2020
6
Q
What does CCPA grant people?
A
It grants California residents’ new privacy rights and will provide California residents with more control over their personal information.
7
Q
DBIR
A
Data Breach Investigations Report
8
Q
Ransomware
A
When the hacker takes the owners information and makes him pay money to get his own files back.
9
Q
GLB
A
Gramm Leach Bliley
10
Q
GLB applies to financial institutions in the USA
A
Banks, securities firms, insurance companies, and other companies selling financial products
11
Q
What is 21 CFR Part 11 designed for?
A
To prevent fraud while permitting the widest possible use of electronic technology.
12
Q
What is the 21 CFR Part 11 effective date?
A
1997
13
Q
NERC
A
North American Electric Reliability Council
14
Q
CIP
A
Critical Infrastructure Protection
15
Q
CIP Standards
A
CIP-002 Critical Cyber Assets CIP-003 Security Management Controls CIP-004 Personnel and Training CIP-005 Electronic Security CIP-006 Physical Security CIP-007 Systems Security Management CIP-008 Incident Reporting Response Planning CIP-009 Recovery Planning
16
Q
SOX
A
Sarbanes Oxley Act
17
Q
Who is responsible for misrepresentation of financial data?
A
SOX
18
Q
What is Title I of the SOX legislation?
A
Public Company Accounting Oversight Board
19
Q
PCAOB
A
Public Company Accounting Oversight Board
20
Q
What is Title II for the SOX legislation?
A
Auditor Independence
21
Q
What is Title III for the SOX legislation?
A
Corporate Responsibility
22
Q
What is Title IV for the SOX legislation?
A
Enhanced Financial Disclosures?
23
Q
SEC
A
Securities and Exchange Commission
24
Q
COSO
A
Committee of Sponsoring Organizations
25
Define COSO
An acceptable framework to define internal controls for financial reporting systems.
26
How many titles are in the SOX?
11
27
What is the SOX title V?
Analyst Conflicts and Interests
28
What is Title VI of the SOX?
Commission Resources and Authority
29
What is Title VII of the SOX?
Studies and Reports
30
What is Title VIII of the SOX?
Corporate and Criminal Fraud Accountability
31
What is section 802?
Criminal Penalties for Altering Documents
32
What is Title IX of the SOW?
White-Collar Crime Penalty Enhancements
33
What is Title X of SOX?
Corporate Tax Returns
34
What is Title XI of SOX?
Corporate Fraud and Accountability
35
FTC
Federal Trade Commission
36
What is the FTC strategic goals?
Protect Consumers, Maintain Competition, and Advance Organizational Performance
37
AICPA
American Institute of Certified Public Accounts
38
SOC
Service Organization Controls
39
SOC 2
Controls at service organization that are relevant to security, availability, and processing integrity
40
5 Trust Service Principals
Security, Availability, Processing integrity, Confidentiality, and Privacy
41
Which country has PIP?
Japan
42
PIP
Personal Information Protection
43
When did PIP get effective
May 2003
44
Which country has PIPEDA?
Canada
45
PIPEDA
Personal Information Protection and Electronic Document Act
46
When did PIPEDA become effective?
April 2000
47
Benefits of ISO
A reduction in security incidents, confidence to interested parties, reduction in financial losses, reduction in costs for correction, protection of brand and reputation, tender advantage, and consistency across sites
48
ISO 27799
Defines guidelines to support the interpretation and implementation in health informatics of ISO
49
ISO
Information Security Organization
50
What does ISO 27799 apply to?
Health information in all aspects
51
Structure of ISO standards
1. Scope
2. Normative References
3. Terms and Definitions
4. Context of Organizations
5. Leadership
6. Planning
7. Support
8. Operation
9. Performance Evaluation
10. Improvements
52
ISO 27001 specifies the requirements
Establishing, implementing, maintaining, and frontally improving ISMS
53
ISMS
Information Security Management System
54
What does the IMS preserve?
CIA which is Confidentiality, Integrity, and Availability.
55
What is scope?
Provide an overview of ISMS and terms and definitions commonly used in the ISMS family of standards
56
How many Terms and Definitions are there?
89
57
Examples of Terms and Definitions?
Confidentiality, Control Objective, Level of Risk, Process, Risk Analysis, and Vulnerability
58
ISMS benefits
Reduction in security incidents, confidence to interested policies, reduction in financial losses, protection of brand and reputation, competitive, and consistency across sites.
59
Context of the Organization
4. 1 Understanding the organization and its context
4. 2 Understanding the needs and expectations of the interested parties
4. 3 Determining the scope
4. 4 Information Security Management System
60
HIPAA
Healthcare
61
Leadership
5. 1 Leadership and Commitment
5. 2 Policy
5. 3 Organizational roles
62
Planning addresses what?
Risk and Opportunities
63
Planning shall
Define and apply an information security risk treatment process
64
Support
Shall determine and provide the resources needed for establishment, implementation, maintenance, and to continue to improve ISMS
65
Operation
Shall plan, implement, and control the process needed to meet information security requirements, and the implement the actions in 6.1
66
7.1
Resources
67
7.2
Competence
68
7.3
Awareness
69
7.4
Communications
70
7.5
Documented Information
71
6.1
Actions to Address risk and opportunities
72
6.2
Information security objective and planning to achieve them
73
5.1
Leadership and Commitment
74
5.2
Policy
75
5.3
Organizational roles, responsibilities, and authorities
76
4.1
Understanding the organization and its context
77
4.2
Understanding the needs and expectations of the interested parties
78
4.3
Determining the scope
79
4.4
Information Security Management System
80
Performance Evaluation
Shall evaluate the information security performance and the effectiveness of the information security management system
81
9.1
Monitoring, measurement, analysis, and evaluation
82
9.2
Internal audit
83
9.3
Management Review
84
Improvement
Corrective actions shall be reasonable to the effects of the nonconformities encountered
85
10.1
Nonconformity and corrective action
86
10.2
Continual Improvement
87
Documentation Requirements
```
Scope of ISMS
Information security policy
Information security risk assessment process
Information security risk treatment process
Statement of applicability
Information security objectives
Evidence of competence
Documented evidence
Operation planning and control
Risk assessments results
Risk treatments results
Evidence of monitoring and measurement
Evidence of monitoring and measurement
Evidence of audit programs and results
Evidence of management reviews/results
Evidence of nonconformities and subsequent actions
Evidence or results of corrective actions
```
88
What is ISO 27002 designed for?
Reference for selecting controls within the process of implementing an ISMS based ISO 27001 or to guide for developing their own information security guidelines
89
What does ISO 27002 discuss?
```
Information security requirements
Selection of Controls
Developing guidelines
Lifecycle considerations
Related Standards
```
90
Security Control Clauses
Information Security Policies, Organization of Information Security, Human Resources Security, Asset Management, Access Control, Cryptography, Physical and Environmental Security, Operation Security, System Acquisition, Supplier Relationships, Information Security Incident Management, Information Security Aspects of Business Continuity Management
91
Information security policies should include
Business strategy
Regulations, legislation, and contracts
Current and Projected Information Security Threat Environment
92
Information Security Policies
To provide management direction and support for information security in accordance with business requirements
93
Information Security Policy is approved by what?
The highest level of management and sets out the organization’s approach to managing its information security objectives
94
Information Security Policies Controls what?
Policies for information security and the review of the policies for information security
95
Who publishes DBR?
Verizon
96
Which agency introduced CFR Part II?
FDA
97
Categories for Identity
Asset Management, Business Environment, Governance, Risk Assessment, Risk Management Strategy, Supply Chain Risk Management
98
Categories for Protect
Identify Management and Access Control, Awareness Control, Data Security, Information Protection Processes and Procedures, Maintenance, Protective Technology
99
Detect categories
Anomalies and Events, Security Continuous Monitoring, and Detection Processes
100
Respond categories
Response planning, communications, analysis, mitigation, and improvements
101
Recover categories
Recovery planning, improvements, and communications
