Bash, the Crucial Exams Chat Bot
AI Bot
Regulatory and Legal Compliance (ISC2 CGRC) Flashcards
ISC2 Governance, Risk and Compliance (CGRC) Flashcards
Study our Regulatory and Legal Compliance (ISC2 CGRC) flashcards for the ISC2 Governance, Risk and Compliance (CGRC) exam with 51+ flashcards. View as flashcards, a searchable table, or as a fun matching game.
| Front | Back |
| What are the key principles of OECD privacy guidelines | Collection limitation, data quality, purpose specification, use limitation, security safeguards, openness, individual participation, and accountability |
| What are the three key components of CIA triad | Confidentiality, Integrity, Availability |
| What does CCPA stand for | California Consumer Privacy Act |
| What does FIPS 140-3 address | Security standards for cryptographic modules and their implementation within IT systems |
| What does FIPS 200 define | Minimum security requirements for federal information systems |
| What does ISO/IEC 38500 provide guidelines for | IT governance focused on effective, efficient, and acceptable use of IT in organizations |
| What does NERC CIP encompass | Standards for securing bulk electric system cybersecurity in North America |
| What does PII stand for | Personally Identifiable Information |
| What does SOX regulate | Corporate financial practices and reporting |
| What does SP 800-37 from NIST outline | The Risk Management Framework (RMF) for information system security and integration into system lifecycle |
| What does the 'Least Privilege' principle mean | Users should only have the permissions necessary for their job functions |
| What does the Cloud Act regulate | Legal access to data stored by U.S.-based providers on foreign servers under certain conditions |
| What does the Fair Credit Reporting Act (FCRA) regulate | Accuracy, fairness, and privacy of consumer information in the files of credit reporting agencies |
| What does the First Amendment ensure concerning cybersecurity policies | Protecting free speech rights and ensuring policies do not unlawfully restrict expression |
| What does the Freedom of Information Act (FOIA) provide | Public access to records from U.S. federal agencies |
| What does the Gramm-Leach-Bliley Act (GLBA) regulate | Protecting consumer financial information and ensuring institutions explain their information-sharing practices |
| What does the PATRIOT Act authorize concerning security | Enhancing surveillance and intelligence mechanisms to prevent terrorism |
| What does the Privacy Act of 1974 regulate | The collection, maintenance, and dissemination of personal information by federal agencies |
| What does the SAFE Port Act focus on | Enhancing maritime security and protecting U.S. ports from terrorism and other threats |
| What does the Whistleblower Protection Act ensure | Protecting individuals who disclose violations or misconduct within governmental agencies |
| What is a key requirement of HITECH in relation to HIPAA | Expanding HIPAA rules to include stricter breach notification requirements |
| What is COBIT used for | IT management and governance framework focusing on aligning IT with business goals |
| What is FIPS 199 used for | Categorizing information systems based on security requirements |
| What is HIPAA designed to protect | The confidentiality, integrity, and availability of healthcare information |
| What is ITAR concerned with | Controlling the export of defense-related technologies and services |
| What is NIST 800-53 | A cybersecurity framework providing a catalog of security and privacy controls |
| What is the EU-US Data Privacy Framework (formerly Privacy Shield) | A mechanism for transatlantic data transfers aligning GDPR principles with U.S. practices |
| What is the main objective of Basel II compliance | Enhancing risk management and capital adequacy in the banking sector |
| What is the main objective of IT governance under COSO | Ensuring organizations achieve objectives with risk management, reliable reporting, and compliance |
| What is the primary focus of FERPA | Protecting the privacy of student educational records |
| What is the primary focus of ISO 22301 | Providing a management system framework for business continuity planning and resilience in the face of disruptions |
| What is the primary focus of ISO 31000 | Principles and guidelines for risk management across organizations |
| What is the primary focus of the Basel III framework | Strengthening regulation, supervision, and risk management in the banking sector |
| What is the primary focus of the Data Protection Act 2018 | Implementing GDPR principles within the UK legislative framework |
| What is the primary goal of GDPR | To protect the privacy and personal data of EU citizens |
| What is the primary goal of ISO/IEC 27701 | Providing privacy-specific implementation guidelines for managing Personally Identifiable Information (PII) |
| What is the primary purpose of the Cybersecurity Information Sharing Act (CISA) | Facilitating cyber threat information-sharing between government and private sectors |
| What is the primary role of NIST within cybersecurity | Developing and promoting cybersecurity frameworks and standards |
| What is the purpose of alignment under COBIT 2019 | Integrating governance with enterprise objectives and strategies |
| What is the purpose of FISMA | To ensure federal agencies implement proper information security controls |
| What is the purpose of ISO/IEC 27001 | To provide a framework for establishing, implementing, and maintaining information security management systems (ISMS) |
| What is the purpose of the Children's Online Privacy Protection Act (COPPA) | Regulating the collection and use of personal information from children under 13 on websites and online services |
| What is the purpose of the CUI program | Ensuring uniformity in the handling and safeguarding of Controlled Unclassified Information |
| What is the purpose of the Federal Risk and Authorization Management Program (FedRAMP) | Standardizing security assessments for cloud solutions used by federal agencies |
| What is the role of the Cybersecurity Maturity Model Certification (CMMC) | Ensuring compliance with cybersecurity standards among Department of Defense contractors |
| What is the role of the FTC concerning cybersecurity enforcement | Investigating unfair practices and breaches involving consumer data |
| What is the role of the Securities and Exchange Commission (SEC) in cybersecurity | Enforcing regulations and reporting standards for public companies concerning cybersecurity risks and events |
| What is the significance of ICS cybersecurity standards like IEC 62443 | Securing industrial control systems against cyber threats |
| What is the significance of Red Flags Rule compliance | Detecting, preventing, and mitigating identity theft within organizations handling consumer data |
| What is the significance of the Sarbanes-Oxley Act for IT systems | Ensuring reliable electronic records and transparency in financial reporting |
| Who enforces PCI DSS compliance | The Payment Card Industry Security Standards Council (PCI SSC) |
About the Flashcards
Flashcards for the ISC2 Governance, Risk and Compliance (CGRC) exam deliver a fast-paced review of the statutes, standards, and frameworks that dominate modern governance, risk, and compliance work. You will drill essential mandates such as FISMA, SOX, HIPAA, GDPR, CCPA, and PCI DSS while connecting them to operational control catalogs like NIST 800-53, ISO/IEC 27001, and COBIT 2019.
Each card pairs crisp questions with clear answers on data protection principles, least-privilege access, the CIA triad, FedRAMP cloud authorizations, Basel banking rules, and more. Use them to sharpen terminology, map laws to enforcement bodies, and cement the governance concepts most likely to appear on test day.
Topics covered in this flashcard deck:
- Information security laws
- Data privacy regulations
- Cybersecurity frameworks
- Risk governance standards
- Compliance control catalogs