Bash, the Crucial Exams Chat Bot
AI Bot
Security and Privacy Controls (ISC2 CGRC) Flashcards
ISC2 Governance, Risk and Compliance (CGRC) Flashcards
Study our Security and Privacy Controls (ISC2 CGRC) flashcards for the ISC2 Governance, Risk and Compliance (CGRC) exam with 30+ flashcards. View as flashcards, a searchable table, or as a fun matching game.
| Front | Back |
| Access Control Family | Ensures that only authorized users, processes, or devices can access resources. |
| Audit and Accountability Family | Tracks actions and events to detect potential security breaches or policy violations. |
| Awareness and Training Family | Focuses on educating employees regarding security policies, threats, and best practices. |
| Configuration Management Family | Controls the setup and maintenance of secure system configurations. |
| Contingency Planning Family | Prepares for incident response and recovery to maintain critical operations. |
| Continuous Monitoring | Provides ongoing oversight and updates for organizational security systems. |
| Data Quality Family | Ensures the accuracy, completeness, and relevance of organizational data to maintain trustworthiness and functionality. |
| Data Retention and Disposal Family | Addresses protocol for securely retaining or securely disposing of organizational data to prevent unauthorized access. |
| Documentation Family | Promotes thorough, accessible records for systems, policies, and implemented security controls to ensure compliance. |
| Encryption and Cryptographic Controls | Guarantees that sensitive information is safeguarded through robust encryption and applied cryptographic measures. |
| Identification and Authentication Family | Ensures users and systems are uniquely identified and validated before use. |
| Incident Response Family | Defines protocols for detecting, reporting, and mitigating security incidents. |
| Integrity Controls Family | Safeguards data from unauthorized alterations and ensures reliable data exchange within systems. |
| Interconnection Security Agreements (ISAs) | Defines how connected systems interact securely while establishing standards for shared data and communication. |
| Maintenance Family | Ensures proper maintenance of systems to prevent and detect vulnerabilities. |
| Media Protection Family | Protects sensitive media (e.g., drives, paper) from unauthorized access, use, or destruction. |
| Personnel Security Family | Manages insider threats through background checks, role separation, and training. |
| Physical and Environmental Protection Family | Safeguards physical facility and system environment from threats. |
| Planning Family | Provides oversight and organization for security policies and implementations. |
| Privacy Controls | Address the protection of personal and sensitive data within the organization's systems. |
| Privacy Impact Assessment (PIA) | Identifies privacy risks within new or evolving systems and recommends mitigations to uphold data protection laws. |
| Program Management Family | Coordinates an organization-wide security strategy and implementation. |
| Risk Assessment Family | Focuses on evaluating and addressing risks to the organization. |
| Security Assessment and Authorization Family | Ensures proper evaluation, testing, and approval of security controls. |
| Security Awareness Metrics Family | Evaluates the effectiveness of training programs and security comprehension levels across the organization. |
| Security Baseline Family | Establishes minimum required security measures and configurations for systems to uphold uniform compliance. |
| Supply Chain Risk Management | Focuses on ensuring security in external partnerships, procurements, and services. |
| System Acquisition | Development, and Maintenance Family, Focuses on ensuring that new systems and applications are designed securely and tested for vulnerabilities before deployment. |
| System and Communication Protection Family | Protects the integrity, confidentiality, and availability of communications within systems. |
| System and Information Integrity Family | Monitors and protects systems against corruption or unauthorized modifications. |
About the Flashcards
Flashcards for the ISC2 Governance, Risk and Compliance (CGRC) exam provide a concise walkthrough of essential security control families, from Access Control and Identification & Authentication to Audit, Configuration Management, and Risk Assessment. Each card defines purpose and responsibilities, helping you quickly recall how organizations restrict access, log activity, maintain secure configurations, and evaluate threats.
The deck also covers Incident Response, Contingency Planning, System and Communication Protection, Privacy controls, and Supply Chain Risk Management, rounding out both technical and managerial domains. Use these cards to sharpen familiarity with baseline requirements, encryption practices, continuous monitoring, and documentation processes frequently tested on exam day.
Topics covered in this flashcard deck:
- Access control & IAM
- Risk assessment & planning
- Incident response & monitoring
- Privacy & data protection
- Encryption & media security