Bash, the Crucial Exams Chat Bot
AI Bot
Regulatory and Legal Compliance (ISC2 CGRC) Flashcards
ISC2 Governance, Risk and Compliance (CGRC) Flashcards
| Front | Back |
| What are the key principles of OECD privacy guidelines | Collection limitation, data quality, purpose specification, use limitation, security safeguards, openness, individual participation, and accountability |
| What are the three key components of CIA triad | Confidentiality, Integrity, Availability |
| What does CCPA stand for | California Consumer Privacy Act |
| What does FIPS 140-3 address | Security standards for cryptographic modules and their implementation within IT systems |
| What does FIPS 200 define | Minimum security requirements for federal information systems |
| What does ISO/IEC 38500 provide guidelines for | IT governance focused on effective, efficient, and acceptable use of IT in organizations |
| What does NERC CIP encompass | Standards for securing bulk electric system cybersecurity in North America |
| What does PII stand for | Personally Identifiable Information |
| What does SOX regulate | Corporate financial practices and reporting |
| What does SP 800-37 from NIST outline | The Risk Management Framework (RMF) for information system security and integration into system lifecycle |
| What does the 'Least Privilege' principle mean | Users should only have the permissions necessary for their job functions |
| What does the Cloud Act regulate | Legal access to data stored by U.S.-based providers on foreign servers under certain conditions |
| What does the Fair Credit Reporting Act (FCRA) regulate | Accuracy, fairness, and privacy of consumer information in the files of credit reporting agencies |
| What does the First Amendment ensure concerning cybersecurity policies | Protecting free speech rights and ensuring policies do not unlawfully restrict expression |
| What does the Freedom of Information Act (FOIA) provide | Public access to records from U.S. federal agencies |
| What does the Gramm-Leach-Bliley Act (GLBA) regulate | Protecting consumer financial information and ensuring institutions explain their information-sharing practices |
| What does the PATRIOT Act authorize concerning security | Enhancing surveillance and intelligence mechanisms to prevent terrorism |
| What does the Privacy Act of 1974 regulate | The collection, maintenance, and dissemination of personal information by federal agencies |
| What does the SAFE Port Act focus on | Enhancing maritime security and protecting U.S. ports from terrorism and other threats |
| What does the Whistleblower Protection Act ensure | Protecting individuals who disclose violations or misconduct within governmental agencies |
| What is a key requirement of HITECH in relation to HIPAA | Expanding HIPAA rules to include stricter breach notification requirements |
| What is COBIT used for | IT management and governance framework focusing on aligning IT with business goals |
| What is FIPS 199 used for | Categorizing information systems based on security requirements |
| What is HIPAA designed to protect | The confidentiality, integrity, and availability of healthcare information |
| What is ITAR concerned with | Controlling the export of defense-related technologies and services |
| What is NIST 800-53 | A cybersecurity framework providing a catalog of security and privacy controls |
| What is the EU-US Data Privacy Framework (formerly Privacy Shield) | A mechanism for transatlantic data transfers aligning GDPR principles with U.S. practices |
| What is the main objective of Basel II compliance | Enhancing risk management and capital adequacy in the banking sector |
| What is the main objective of IT governance under COSO | Ensuring organizations achieve objectives with risk management, reliable reporting, and compliance |
| What is the primary focus of FERPA | Protecting the privacy of student educational records |
| What is the primary focus of ISO 22301 | Providing a management system framework for business continuity planning and resilience in the face of disruptions |
| What is the primary focus of ISO 31000 | Principles and guidelines for risk management across organizations |
| What is the primary focus of the Basel III framework | Strengthening regulation, supervision, and risk management in the banking sector |
| What is the primary focus of the Data Protection Act 2018 | Implementing GDPR principles within the UK legislative framework |
| What is the primary goal of GDPR | To protect the privacy and personal data of EU citizens |
| What is the primary goal of ISO/IEC 27701 | Providing privacy-specific implementation guidelines for managing Personally Identifiable Information (PII) |
| What is the primary purpose of the Cybersecurity Information Sharing Act (CISA) | Facilitating cyber threat information-sharing between government and private sectors |
| What is the primary role of NIST within cybersecurity | Developing and promoting cybersecurity frameworks and standards |
| What is the purpose of alignment under COBIT 2019 | Integrating governance with enterprise objectives and strategies |
| What is the purpose of FISMA | To ensure federal agencies implement proper information security controls |
| What is the purpose of ISO/IEC 27001 | To provide a framework for establishing, implementing, and maintaining information security management systems (ISMS) |
| What is the purpose of the Children's Online Privacy Protection Act (COPPA) | Regulating the collection and use of personal information from children under 13 on websites and online services |
| What is the purpose of the CUI program | Ensuring uniformity in the handling and safeguarding of Controlled Unclassified Information |
| What is the purpose of the Federal Risk and Authorization Management Program (FedRAMP) | Standardizing security assessments for cloud solutions used by federal agencies |
| What is the role of the Cybersecurity Maturity Model Certification (CMMC) | Ensuring compliance with cybersecurity standards among Department of Defense contractors |
| What is the role of the FTC concerning cybersecurity enforcement | Investigating unfair practices and breaches involving consumer data |
| What is the role of the Securities and Exchange Commission (SEC) in cybersecurity | Enforcing regulations and reporting standards for public companies concerning cybersecurity risks and events |
| What is the significance of ICS cybersecurity standards like IEC 62443 | Securing industrial control systems against cyber threats |
| What is the significance of Red Flags Rule compliance | Detecting, preventing, and mitigating identity theft within organizations handling consumer data |
| What is the significance of the Sarbanes-Oxley Act for IT systems | Ensuring reliable electronic records and transparency in financial reporting |
| Who enforces PCI DSS compliance | The Payment Card Industry Security Standards Council (PCI SSC) |
Front
What are the three key components of CIA triad
Click the card to flip
Back
Confidentiality, Integrity, Availability
Front
What does the Whistleblower Protection Act ensure
Back
Protecting individuals who disclose violations or misconduct within governmental agencies
Front
What does the Fair Credit Reporting Act (FCRA) regulate
Back
Accuracy, fairness, and privacy of consumer information in the files of credit reporting agencies
Front
What is the role of the Cybersecurity Maturity Model Certification (CMMC)
Back
Ensuring compliance with cybersecurity standards among Department of Defense contractors
Front
What are the key principles of OECD privacy guidelines
Back
Collection limitation, data quality, purpose specification, use limitation, security safeguards, openness, individual participation, and accountability
Front
What is the primary goal of GDPR
Back
To protect the privacy and personal data of EU citizens
Front
What is COBIT used for
Back
IT management and governance framework focusing on aligning IT with business goals
Front
What is the significance of ICS cybersecurity standards like IEC 62443
Back
Securing industrial control systems against cyber threats
Front
What is ITAR concerned with
Back
Controlling the export of defense-related technologies and services
Front
What is the main objective of Basel II compliance
Back
Enhancing risk management and capital adequacy in the banking sector
Front
What does the First Amendment ensure concerning cybersecurity policies
Back
Protecting free speech rights and ensuring policies do not unlawfully restrict expression
Front
What is the primary focus of FERPA
Back
Protecting the privacy of student educational records
Front
What is FIPS 199 used for
Back
Categorizing information systems based on security requirements
Front
What is the primary focus of ISO 22301
Back
Providing a management system framework for business continuity planning and resilience in the face of disruptions
Front
What is the primary focus of the Basel III framework
Back
Strengthening regulation, supervision, and risk management in the banking sector
Front
What is the significance of Red Flags Rule compliance
Back
Detecting, preventing, and mitigating identity theft within organizations handling consumer data
Front
What is the role of the Securities and Exchange Commission (SEC) in cybersecurity
Back
Enforcing regulations and reporting standards for public companies concerning cybersecurity risks and events
Front
What does NERC CIP encompass
Back
Standards for securing bulk electric system cybersecurity in North America
Front
What is the purpose of the Federal Risk and Authorization Management Program (FedRAMP)
Back
Standardizing security assessments for cloud solutions used by federal agencies
Front
What is a key requirement of HITECH in relation to HIPAA
Back
Expanding HIPAA rules to include stricter breach notification requirements
Front
What is the main objective of IT governance under COSO
Back
Ensuring organizations achieve objectives with risk management, reliable reporting, and compliance
Front
What is the role of the FTC concerning cybersecurity enforcement
Back
Investigating unfair practices and breaches involving consumer data
Front
What does FIPS 200 define
Back
Minimum security requirements for federal information systems
Front
What is the primary purpose of the Cybersecurity Information Sharing Act (CISA)
Back
Facilitating cyber threat information-sharing between government and private sectors
Front
What does the Freedom of Information Act (FOIA) provide
Back
Public access to records from U.S. federal agencies
Front
What is the purpose of ISO/IEC 27001
Back
To provide a framework for establishing, implementing, and maintaining information security management systems (ISMS)
Front
What is the EU-US Data Privacy Framework (formerly Privacy Shield)
Back
A mechanism for transatlantic data transfers aligning GDPR principles with U.S. practices
Front
What does the SAFE Port Act focus on
Back
Enhancing maritime security and protecting U.S. ports from terrorism and other threats
Front
What is the significance of the Sarbanes-Oxley Act for IT systems
Back
Ensuring reliable electronic records and transparency in financial reporting
Front
What is the purpose of the CUI program
Back
Ensuring uniformity in the handling and safeguarding of Controlled Unclassified Information
Front
What is the purpose of alignment under COBIT 2019
Back
Integrating governance with enterprise objectives and strategies
Front
Who enforces PCI DSS compliance
Back
The Payment Card Industry Security Standards Council (PCI SSC)
Front
What is the primary focus of ISO 31000
Back
Principles and guidelines for risk management across organizations
Front
What does the Cloud Act regulate
Back
Legal access to data stored by U.S.-based providers on foreign servers under certain conditions
Front
What is the purpose of the Children's Online Privacy Protection Act (COPPA)
Back
Regulating the collection and use of personal information from children under 13 on websites and online services
Front
What does the Gramm-Leach-Bliley Act (GLBA) regulate
Back
Protecting consumer financial information and ensuring institutions explain their information-sharing practices
Front
What is the primary focus of the Data Protection Act 2018
Back
Implementing GDPR principles within the UK legislative framework
Front
What does FIPS 140-3 address
Back
Security standards for cryptographic modules and their implementation within IT systems
Front
What does SOX regulate
Back
Corporate financial practices and reporting
Front
What does CCPA stand for
Back
California Consumer Privacy Act
Front
What is HIPAA designed to protect
Back
The confidentiality, integrity, and availability of healthcare information
Front
What does the Privacy Act of 1974 regulate
Back
The collection, maintenance, and dissemination of personal information by federal agencies
Front
What is NIST 800-53
Back
A cybersecurity framework providing a catalog of security and privacy controls
Front
What does PII stand for
Back
Personally Identifiable Information
Front
What does the 'Least Privilege' principle mean
Back
Users should only have the permissions necessary for their job functions
Front
What is the purpose of FISMA
Back
To ensure federal agencies implement proper information security controls
Front
What is the primary goal of ISO/IEC 27701
Back
Providing privacy-specific implementation guidelines for managing Personally Identifiable Information (PII)
Front
What does the PATRIOT Act authorize concerning security
Back
Enhancing surveillance and intelligence mechanisms to prevent terrorism
Front
What does SP 800-37 from NIST outline
Back
The Risk Management Framework (RMF) for information system security and integration into system lifecycle
Front
What does ISO/IEC 38500 provide guidelines for
Back
IT governance focused on effective, efficient, and acceptable use of IT in organizations
Front
What is the primary role of NIST within cybersecurity
Back
Developing and promoting cybersecurity frameworks and standards
1/51
This deck includes key legal, regulatory, and policy requirements relevant to information system governance and compliance frameworks.