MOD 23 Flashcards
What is it called when you conform to a rule such as a specification, policy, standard or law?
Compliance
What does GRC stand for?
Governance, Risk Management, and Compliance
Which audit is a comprehensive review of an organization adherence to regulatory guidelines?
Compliance audit
What council is responsible for the creation of credit card companies?
PCI Security Standards Council
What has a set of requirements for maintaining a secure environment?
PCI-DSS
Noncompliance to the PCI-DSS results in ________.
penalties
Can the PCI enforce laws?
No!
How are audits done?
Qualified Security Assessor
Which SOX Section states that companies must publish information on scope, adequacy, and effectiveness of internal controls and procedures?
SOX Section 404
Which SOX Section states that signing officers (CEO, CFO) must certify that they’ve evaluated internal controls and report any fraud?
SOX Section 302
Internal control is often done in accordance with what?
COBIT
What is a framework for GRC developed by ISACA?
COBIT 5
What are the COBIT standards?
ISO 38500, 20000, 27000, 31000
What applies to PHI (Protected Health Information) and covers health plans and health care providers?
HIPAA
What is anything that can identify a usser with health information?
PHI (Protected Health Information