MOD 23

Question 1

What is it called when you conform to a rule such as a specification, policy, standard or law?

Answer 1

Compliance

Question 2

What does GRC stand for?

Answer 2

Governance, Risk Management, and Compliance

Question 3

Which audit is a comprehensive review of an organization adherence to regulatory guidelines?

Answer 3

Compliance audit

Question 4

What council is responsible for the creation of credit card companies?

Answer 4

PCI Security Standards Council

Question 5

What has a set of requirements for maintaining a secure environment?

Answer 5

PCI-DSS

Question 6

Noncompliance to the PCI-DSS results in ________.

Answer 6

penalties

Question 7

Can the PCI enforce laws?

Answer 7

No!

Question 8

How are audits done?

Answer 8

Qualified Security Assessor

Question 9

Which SOX Section states that companies must publish information on scope, adequacy, and effectiveness of internal controls and procedures?

Answer 9

SOX Section 404

Question 10

Which SOX Section states that signing officers (CEO, CFO) must certify that they’ve evaluated internal controls and report any fraud?

Answer 10

SOX Section 302

Question 11

Internal control is often done in accordance with what?

Answer 11

COBIT

Question 12

What is a framework for GRC developed by ISACA?

Answer 12

COBIT 5

Question 13

What are the COBIT standards?

Answer 13

ISO 38500, 20000, 27000, 31000

Question 14

What applies to PHI (Protected Health Information) and covers health plans and health care providers?

Answer 14

HIPAA

Question 15

What is anything that can identify a usser with health information?

Answer 15

PHI (Protected Health Information

Question 16

What are the 3 requirements from HIPPA?

Answer 16

Administrative, Physical, Technical

Question 17

Which Act protects the privacy of student educational records?

Answer 17

FERPA

Question 18

What is disclosable from FERPA?

Answer 18

directory information (name, address, phone, birthday, etc.)

Question 19

What protects government information, operations, or assets?

Answer 19

FISMA

Question 20

Which Act gave administration to Homeland Security (DHS) and amended the Office of Management and Budget?

Answer 20

FISMA Act (2014)

Question 21

What is the first step of NIST Risk Management Framework?

Answer 21

Categorize

Question 22

What is the last step of NIST Risk Management Framework?

Answer 22

Monitor

Question 23

Which Act allowed banks, security companies and insurance companies to be the same institution?

Answer 23

Gramm-Leach-Bliley Act (GLBA)

Question 24

Which Act focuses on anti-bribery and accounting for US companies doing business outside of the country?

Answer 24

Foreign Corrupt Practices Act (FCPA)

Question 25

What was previously the AICPA/CICA Privacy Network that has accepted privacy principles?

Answer 25

Generally Accepted Privacy Principles (GAPP)

Question 26

Which rule sets how financial institutions and creditors develop identity theft protection programs?

Answer 26

Red Flags Rule

Question 27

The FTC can seek fine up to ________ per violation(maximum) in federal court.

Answer 27

$3,500

Question 28

What sets guidelines and assists courts in setting fines for criminal regulatory cases?

Answer 28

US Sentencing Commission (USCC)

Question 29

What is the median salary for Compliance Officer jobs?

Answer 29

$64,000

Question 30

Compliance Officer jobs will grow _____% through 2024

Answer 30

3.3%