Security And Risk Management Flashcards
(30 cards)
Due Care
Fulfilling legal responsibilities and professional best practices
Due Dilligence
Taking reasonable measures to investigate security risks
COBIT
Control Objective for IT Business-Focused control framework.
ISO 27001
Cybersecurity control objectives
ISO 27002
Cybersecurity control implementation
ISO 27701
Privacy Controls
ISO 31000
Risk management programs
NIST 800-53
Mandatory for federal agencies
CSF
NIST Cybersecurity Framework
NIST Cybersecurity Framework (CSF) functions
Identify, protect, detect, respond, recover
PII
Personal Identifiable Information
PHI
Protected Health Information. Governed under HIPAA (Health Insurance and Accountability Act)
GAPP
Generally accepted privacy principles
GAPP Principles
Management, Notice, Choice and Consent, Collection, (Use, retention and disposal), Access, Disclosure with Third Parties, Security, Quality, (Monitoring and enforcement)
ISO / IEC 27018: 2019
Protection of PII
CFAA
Computer Fraud and Abuse Act
Prohibits unauthorized access to computer systems in commerce
Prohibits the creation of malicious code
ECPA
Electronic Communications Privacy Act
Restricts government interception of communications
ITADA
Identity Theft and Assumption Deterrence Act
Copyrights
Protect creative works (books, music, etc)
Trademarks
Protect words and symbols (indefinite, 10 year renewal)
Patents
Protect inventions
Trade Secret
Not patented as you have to disclosed how it works
ITAR
International Traffic in Arms Regulations
“Defense articles”
EAR
Export Administration Regulations
“Dual use; Military and civil use”
