Domain 1 Flashcards
Corporate Governance
System of rules and practices directing and controlling an organization to achieve its goals.
Security Governance
System directing and controlling the security function to align with organizational goals.
Accountability
Ownership and ultimate answerability for actions, cannot be delegated.
Responsibility
Execution of tasks and obligations, can be delegated.
Due Diligence
Demonstration of care and attention to stakeholders’ interests.
ITAR
International Traffic in Arms Regulations, restricts export of defense-related articles.
Export Administration Regulations (EAR)
Regulates export of dual-use items and certain defense-related products.
Wassenaar Arrangement
Voluntary export control regime among 42 signatory countries.
Trans-Border Data Flow Laws
Regulations governing movement of data across physical borders.
Privacy
Protection of personal information.
Ethics
Principles guiding morally acceptable behavior.
Policies
Rules directing behavior within an organization.
Standards
Specific mandatory requirements for hardware and software.
Procedures
Step-by-step actions to achieve a specific task.
Baselines
Minimum security configurations for systems.
Guidelines
Recommended actions, not mandatory.
Risk Management
Process of identifying, assessing, and mitigating risks.
Procurement
Process of acquiring goods or services.
Awareness
Informal communication to increase understanding of security issues.
Training
Formal instruction to develop specific skills.
Education
Teaching fundamental concepts and principles.