Domain 1

Question 1

Corporate Governance

Answer 1

System of rules and practices directing and controlling an organization to achieve its goals.

Question 2

Security Governance

Answer 2

System directing and controlling the security function to align with organizational goals.

Question 3

Accountability

Answer 3

Ownership and ultimate answerability for actions, cannot be delegated.

Question 4

Responsibility

Answer 4

Execution of tasks and obligations, can be delegated.

Question 5

Due Diligence

Answer 5

Demonstration of care and attention to stakeholders’ interests.

Question 6

ITAR

Answer 6

International Traffic in Arms Regulations, restricts export of defense-related articles.

Question 7

Export Administration Regulations (EAR)

Answer 7

Regulates export of dual-use items and certain defense-related products.

Question 8

Wassenaar Arrangement

Answer 8

Voluntary export control regime among 42 signatory countries.

Question 9

Trans-Border Data Flow Laws

Answer 9

Regulations governing movement of data across physical borders.

Question 10

Privacy

Answer 10

Protection of personal information.

Question 11

Ethics

Answer 11

Principles guiding morally acceptable behavior.

Question 12

Policies

Answer 12

Rules directing behavior within an organization.

Question 13

Standards

Answer 13

Specific mandatory requirements for hardware and software.

Question 14

Procedures

Answer 14

Step-by-step actions to achieve a specific task.

Question 15

Baselines

Answer 15

Minimum security configurations for systems.

Question 16

Guidelines

Answer 16

Recommended actions, not mandatory.

Question 17

Risk Management

Answer 17

Process of identifying, assessing, and mitigating risks.

Question 18

Procurement

Answer 18

Process of acquiring goods or services.

Question 19

Awareness

Answer 19

Informal communication to increase understanding of security issues.

Question 20

Training

Answer 20

Formal instruction to develop specific skills.

Question 21

Education

Answer 21

Teaching fundamental concepts and principles.

Question 22

Risk Management

Answer 22

An essential component of any comprehensive security program that focuses on the identification assessment prioritization and treatment of risks to minimize monitor and control their probability and/or impact.

Question 23

Asset Valuation

Answer 23

Assigning a value to each asset in an organization to understand its importance and prioritize them accordingly.

Question 24

Quantitative Analysis

Answer 24

Assigning monetary values to assets or risks to quantify their impact or value.

Question 25

Qualitative Analysis

Answer 25

A relative ranking system where assets or risks are compared to each other based on their importance or value.

Question 26

Threats

Answer 26

Potential dangers or events that have the potential to cause harm or damage to an organization’s assets operations or reputation.

Question 27

Vulnerabilities

Answer 27

Weaknesses or gaps in an organization’s security or control systems that can be exploited by threats to cause harm or damage.

Question 28

Likelihood

Answer 28

The chance or probability of a particular risk event occurring indicating the likelihood of a potential risk turning into an actual event.

Question 29

Impact

Answer 29

The potential harm or damage that could result from a particular risk occurring including downtime reputational damage data integrity issues etc.

Question 30

Risk Analysis

Answer 30

The process of identifying and understanding the risks associated with each asset including threats vulnerabilities likelihood and impact.

Question 31

Risk Treatment

Answer 31

Determining how to address or handle the risks identified through risk analysis including methods such as avoidance transfer mitigation or acceptance.

Question 32

Risk Avoidance

Answer 32

Implementing measures to prevent a risk from occurring or choosing not to engage in activities that would cause the risk to occur.

Question 33

Risk Transfer

Answer 33

Transferring the financial burden of a particular risk to an insurance policy or another party while still maintaining accountability for the risk.

Question 34

Risk Mitigation

Answer 34

Implementing controls or measures to reduce the likelihood or impact of a risk such as administrative technical or physical controls.

Question 35

Residual Risk

Answer 35

The risk that remains after mitigating controls have been implemented representing the remaining level of risk exposure.

Question 36

Safeguards

Answer 36

Controls or measures put in place to prevent or reduce the likelihood of a risk occurring including directive preventative detective corrective recovery and compensating controls.

Question 37

Countermeasures

Answer 37

Actions or measures taken to counteract or respond to a risk or threat typically implemented as part of risk mitigation strategies.

Question 38

Assurance

Answer 38

The confidence or certainty that a control is working correctly and effectively often achieved through monitoring testing or auditing.

Question 39

Privacy

Answer 39

The state or condition of being free from being observed or disturbed by other people

Question 40

Intellectual Property

Answer 40

Legal rights protecting creations of the mind such as inventions works of art symbols designs and so forth these rights allow the owners to have exclusive control over the use distribution and commercialization of their creations and to prevent others from using or exploiting them without permission.

Question 41

Data Controller

Answer 41

Individual or entity responsible for managing personal data and ensuring compliance with privacy regulations within an organization

Question 42

Personal Data

Answer 42

Information that can identify an individual such as personally identifiable information (PII) which includes various identifiers like names social security numbers and biometric data

Question 43

Data Life Cycle

Answer 43

The stages through which data passes from creation to destruction including creation storage use sharing archiving and disposal

Question 44

OECD Privacy Principles

Answer 44

A set of guidelines from the Organization for Economic Cooperation and Development outlining best practices for privacy protection

Question 45

GDPR

Answer 45

General Data Protection Regulation a European Union regulation governing data protection and privacy for individuals within the EU and the European Economic Area

Question 46

Supervisory Authorities

Answer 46

Independent public authorities established in each EU member state to enforce GDPR compliance and handle data protection issues

Question 47

Trade Secrets

Answer 47

Confidential information giving a business a competitive advantage protected by law from unauthorized disclosure or use

Question 48

Patents

Answer 48

Legal protection granted to inventors giving exclusive rights to their inventions for a set period

Question 49

Copyright

Answer 49

Legal protection of original works of authorship fixed in any tangible medium of expression granting exclusive rights to the creator

Question 50

Trademarks

Answer 50

Symbols words or designs distinguishing and identifying products or brands in the marketplace protected by law from unauthorized use

Question 51

Data Destruction

Answer 51

Secure disposal of data when it is no longer needed ensuring it cannot be accessed or recovered by unauthorized parties

Question 52

Data Classification

Answer 52

Categorization of data based on its sensitivity value and handling requirements throughout its life cycle

Question 53

Encryption

Answer 53

Process of encoding information to make it unreadable without the proper decryption key enhancing data security and confidentiality