Bash, the Crucial Exams Chat Bot
AI Bot
Regulatory and Legal Compliance (ISC2 CGRC) Flashcards
ISC2 Governance, Risk and Compliance (CGRC) Flashcards
| Front | Back |
| What are the key principles of OECD privacy guidelines | Collection limitation, data quality, purpose specification, use limitation, security safeguards, openness, individual participation, and accountability |
| What are the three key components of CIA triad | Confidentiality, Integrity, Availability |
| What does CCPA stand for | California Consumer Privacy Act |
| What does FIPS 140-3 address | Security standards for cryptographic modules and their implementation within IT systems |
| What does FIPS 200 define | Minimum security requirements for federal information systems |
| What does ISO/IEC 38500 provide guidelines for | IT governance focused on effective, efficient, and acceptable use of IT in organizations |
| What does NERC CIP encompass | Standards for securing bulk electric system cybersecurity in North America |
| What does PII stand for | Personally Identifiable Information |
| What does SOX regulate | Corporate financial practices and reporting |
| What does SP 800-37 from NIST outline | The Risk Management Framework (RMF) for information system security and integration into system lifecycle |
| What does the 'Least Privilege' principle mean | Users should only have the permissions necessary for their job functions |
| What does the Cloud Act regulate | Legal access to data stored by U.S.-based providers on foreign servers under certain conditions |
| What does the Fair Credit Reporting Act (FCRA) regulate | Accuracy, fairness, and privacy of consumer information in the files of credit reporting agencies |
| What does the First Amendment ensure concerning cybersecurity policies | Protecting free speech rights and ensuring policies do not unlawfully restrict expression |
| What does the Freedom of Information Act (FOIA) provide | Public access to records from U.S. federal agencies |
| What does the Gramm-Leach-Bliley Act (GLBA) regulate | Protecting consumer financial information and ensuring institutions explain their information-sharing practices |
| What does the PATRIOT Act authorize concerning security | Enhancing surveillance and intelligence mechanisms to prevent terrorism |
| What does the Privacy Act of 1974 regulate | The collection, maintenance, and dissemination of personal information by federal agencies |
| What does the SAFE Port Act focus on | Enhancing maritime security and protecting U.S. ports from terrorism and other threats |
| What does the Whistleblower Protection Act ensure | Protecting individuals who disclose violations or misconduct within governmental agencies |
| What is a key requirement of HITECH in relation to HIPAA | Expanding HIPAA rules to include stricter breach notification requirements |
| What is COBIT used for | IT management and governance framework focusing on aligning IT with business goals |
| What is FIPS 199 used for | Categorizing information systems based on security requirements |
| What is HIPAA designed to protect | The confidentiality, integrity, and availability of healthcare information |
| What is ITAR concerned with | Controlling the export of defense-related technologies and services |
| What is NIST 800-53 | A cybersecurity framework providing a catalog of security and privacy controls |
| What is the EU-US Data Privacy Framework (formerly Privacy Shield) | A mechanism for transatlantic data transfers aligning GDPR principles with U.S. practices |
| What is the main objective of Basel II compliance | Enhancing risk management and capital adequacy in the banking sector |
| What is the main objective of IT governance under COSO | Ensuring organizations achieve objectives with risk management, reliable reporting, and compliance |
| What is the primary focus of FERPA | Protecting the privacy of student educational records |
| What is the primary focus of ISO 22301 | Providing a management system framework for business continuity planning and resilience in the face of disruptions |
| What is the primary focus of ISO 31000 | Principles and guidelines for risk management across organizations |
| What is the primary focus of the Basel III framework | Strengthening regulation, supervision, and risk management in the banking sector |
| What is the primary focus of the Data Protection Act 2018 | Implementing GDPR principles within the UK legislative framework |
| What is the primary goal of GDPR | To protect the privacy and personal data of EU citizens |
| What is the primary goal of ISO/IEC 27701 | Providing privacy-specific implementation guidelines for managing Personally Identifiable Information (PII) |
| What is the primary purpose of the Cybersecurity Information Sharing Act (CISA) | Facilitating cyber threat information-sharing between government and private sectors |
| What is the primary role of NIST within cybersecurity | Developing and promoting cybersecurity frameworks and standards |
| What is the purpose of alignment under COBIT 2019 | Integrating governance with enterprise objectives and strategies |
| What is the purpose of FISMA | To ensure federal agencies implement proper information security controls |
| What is the purpose of ISO/IEC 27001 | To provide a framework for establishing, implementing, and maintaining information security management systems (ISMS) |
| What is the purpose of the Children's Online Privacy Protection Act (COPPA) | Regulating the collection and use of personal information from children under 13 on websites and online services |
| What is the purpose of the CUI program | Ensuring uniformity in the handling and safeguarding of Controlled Unclassified Information |
| What is the purpose of the Federal Risk and Authorization Management Program (FedRAMP) | Standardizing security assessments for cloud solutions used by federal agencies |
| What is the role of the Cybersecurity Maturity Model Certification (CMMC) | Ensuring compliance with cybersecurity standards among Department of Defense contractors |
| What is the role of the FTC concerning cybersecurity enforcement | Investigating unfair practices and breaches involving consumer data |
| What is the role of the Securities and Exchange Commission (SEC) in cybersecurity | Enforcing regulations and reporting standards for public companies concerning cybersecurity risks and events |
| What is the significance of ICS cybersecurity standards like IEC 62443 | Securing industrial control systems against cyber threats |
| What is the significance of Red Flags Rule compliance | Detecting, preventing, and mitigating identity theft within organizations handling consumer data |
| What is the significance of the Sarbanes-Oxley Act for IT systems | Ensuring reliable electronic records and transparency in financial reporting |
| Who enforces PCI DSS compliance | The Payment Card Industry Security Standards Council (PCI SSC) |
This deck includes key legal, regulatory, and policy requirements relevant to information system governance and compliance frameworks.