Bash, the Crucial Exams Chat Bot
AI Bot
Security and Privacy Controls (ISC2 CGRC) Flashcards
ISC2 Governance, Risk and Compliance (CGRC) Flashcards
| Front | Back |
| Access Control Family | Ensures that only authorized users, processes, or devices can access resources. |
| Audit and Accountability Family | Tracks actions and events to detect potential security breaches or policy violations. |
| Awareness and Training Family | Focuses on educating employees regarding security policies, threats, and best practices. |
| Configuration Management Family | Controls the setup and maintenance of secure system configurations. |
| Contingency Planning Family | Prepares for incident response and recovery to maintain critical operations. |
| Continuous Monitoring | Provides ongoing oversight and updates for organizational security systems. |
| Data Quality Family | Ensures the accuracy, completeness, and relevance of organizational data to maintain trustworthiness and functionality. |
| Data Retention and Disposal Family | Addresses protocol for securely retaining or securely disposing of organizational data to prevent unauthorized access. |
| Documentation Family | Promotes thorough, accessible records for systems, policies, and implemented security controls to ensure compliance. |
| Encryption and Cryptographic Controls | Guarantees that sensitive information is safeguarded through robust encryption and applied cryptographic measures. |
| Identification and Authentication Family | Ensures users and systems are uniquely identified and validated before use. |
| Incident Response Family | Defines protocols for detecting, reporting, and mitigating security incidents. |
| Integrity Controls Family | Safeguards data from unauthorized alterations and ensures reliable data exchange within systems. |
| Interconnection Security Agreements (ISAs) | Defines how connected systems interact securely while establishing standards for shared data and communication. |
| Maintenance Family | Ensures proper maintenance of systems to prevent and detect vulnerabilities. |
| Media Protection Family | Protects sensitive media (e.g., drives, paper) from unauthorized access, use, or destruction. |
| Personnel Security Family | Manages insider threats through background checks, role separation, and training. |
| Physical and Environmental Protection Family | Safeguards physical facility and system environment from threats. |
| Planning Family | Provides oversight and organization for security policies and implementations. |
| Privacy Controls | Address the protection of personal and sensitive data within the organization's systems. |
| Privacy Impact Assessment (PIA) | Identifies privacy risks within new or evolving systems and recommends mitigations to uphold data protection laws. |
| Program Management Family | Coordinates an organization-wide security strategy and implementation. |
| Risk Assessment Family | Focuses on evaluating and addressing risks to the organization. |
| Security Assessment and Authorization Family | Ensures proper evaluation, testing, and approval of security controls. |
| Security Awareness Metrics Family | Evaluates the effectiveness of training programs and security comprehension levels across the organization. |
| Security Baseline Family | Establishes minimum required security measures and configurations for systems to uphold uniform compliance. |
| Supply Chain Risk Management | Focuses on ensuring security in external partnerships, procurements, and services. |
| System Acquisition | Development, and Maintenance Family, Focuses on ensuring that new systems and applications are designed securely and tested for vulnerabilities before deployment. |
| System and Communication Protection Family | Protects the integrity, confidentiality, and availability of communications within systems. |
| System and Information Integrity Family | Monitors and protects systems against corruption or unauthorized modifications. |
This deck outlines different security and privacy control families, emphasizing their implementation and testing to ensure compliance.