Bash, the Crucial Exams Chat Bot
AI Bot
Security and Privacy Controls (ISC2 CGRC) Flashcards
ISC2 Governance, Risk and Compliance (CGRC) Flashcards
| Front | Back |
| Access Control Family | Ensures that only authorized users, processes, or devices can access resources. |
| Audit and Accountability Family | Tracks actions and events to detect potential security breaches or policy violations. |
| Awareness and Training Family | Focuses on educating employees regarding security policies, threats, and best practices. |
| Configuration Management Family | Controls the setup and maintenance of secure system configurations. |
| Contingency Planning Family | Prepares for incident response and recovery to maintain critical operations. |
| Continuous Monitoring | Provides ongoing oversight and updates for organizational security systems. |
| Data Quality Family | Ensures the accuracy, completeness, and relevance of organizational data to maintain trustworthiness and functionality. |
| Data Retention and Disposal Family | Addresses protocol for securely retaining or securely disposing of organizational data to prevent unauthorized access. |
| Documentation Family | Promotes thorough, accessible records for systems, policies, and implemented security controls to ensure compliance. |
| Encryption and Cryptographic Controls | Guarantees that sensitive information is safeguarded through robust encryption and applied cryptographic measures. |
| Identification and Authentication Family | Ensures users and systems are uniquely identified and validated before use. |
| Incident Response Family | Defines protocols for detecting, reporting, and mitigating security incidents. |
| Integrity Controls Family | Safeguards data from unauthorized alterations and ensures reliable data exchange within systems. |
| Interconnection Security Agreements (ISAs) | Defines how connected systems interact securely while establishing standards for shared data and communication. |
| Maintenance Family | Ensures proper maintenance of systems to prevent and detect vulnerabilities. |
| Media Protection Family | Protects sensitive media (e.g., drives, paper) from unauthorized access, use, or destruction. |
| Personnel Security Family | Manages insider threats through background checks, role separation, and training. |
| Physical and Environmental Protection Family | Safeguards physical facility and system environment from threats. |
| Planning Family | Provides oversight and organization for security policies and implementations. |
| Privacy Controls | Address the protection of personal and sensitive data within the organization's systems. |
| Privacy Impact Assessment (PIA) | Identifies privacy risks within new or evolving systems and recommends mitigations to uphold data protection laws. |
| Program Management Family | Coordinates an organization-wide security strategy and implementation. |
| Risk Assessment Family | Focuses on evaluating and addressing risks to the organization. |
| Security Assessment and Authorization Family | Ensures proper evaluation, testing, and approval of security controls. |
| Security Awareness Metrics Family | Evaluates the effectiveness of training programs and security comprehension levels across the organization. |
| Security Baseline Family | Establishes minimum required security measures and configurations for systems to uphold uniform compliance. |
| Supply Chain Risk Management | Focuses on ensuring security in external partnerships, procurements, and services. |
| System Acquisition | Development, and Maintenance Family, Focuses on ensuring that new systems and applications are designed securely and tested for vulnerabilities before deployment. |
| System and Communication Protection Family | Protects the integrity, confidentiality, and availability of communications within systems. |
| System and Information Integrity Family | Monitors and protects systems against corruption or unauthorized modifications. |
Front
Security Assessment and Authorization Family
Click the card to flip
Back
Ensures proper evaluation, testing, and approval of security controls.
Front
Access Control Family
Back
Ensures that only authorized users, processes, or devices can access resources.
Front
Identification and Authentication Family
Back
Ensures users and systems are uniquely identified and validated before use.
Front
Physical and Environmental Protection Family
Back
Safeguards physical facility and system environment from threats.
Front
Audit and Accountability Family
Back
Tracks actions and events to detect potential security breaches or policy violations.
Front
System Acquisition
Back
Development, and Maintenance Family, Focuses on ensuring that new systems and applications are designed securely and tested for vulnerabilities before deployment.
Front
System and Information Integrity Family
Back
Monitors and protects systems against corruption or unauthorized modifications.
Front
Continuous Monitoring
Back
Provides ongoing oversight and updates for organizational security systems.
Front
Integrity Controls Family
Back
Safeguards data from unauthorized alterations and ensures reliable data exchange within systems.
Front
Security Baseline Family
Back
Establishes minimum required security measures and configurations for systems to uphold uniform compliance.
Front
Privacy Controls
Back
Address the protection of personal and sensitive data within the organization's systems.
Front
Incident Response Family
Back
Defines protocols for detecting, reporting, and mitigating security incidents.
Front
Interconnection Security Agreements (ISAs)
Back
Defines how connected systems interact securely while establishing standards for shared data and communication.
Front
Encryption and Cryptographic Controls
Back
Guarantees that sensitive information is safeguarded through robust encryption and applied cryptographic measures.
Front
Risk Assessment Family
Back
Focuses on evaluating and addressing risks to the organization.
Front
Documentation Family
Back
Promotes thorough, accessible records for systems, policies, and implemented security controls to ensure compliance.
Front
Security Awareness Metrics Family
Back
Evaluates the effectiveness of training programs and security comprehension levels across the organization.
Front
Data Retention and Disposal Family
Back
Addresses protocol for securely retaining or securely disposing of organizational data to prevent unauthorized access.
Front
Planning Family
Back
Provides oversight and organization for security policies and implementations.
Front
Maintenance Family
Back
Ensures proper maintenance of systems to prevent and detect vulnerabilities.
Front
Personnel Security Family
Back
Manages insider threats through background checks, role separation, and training.
Front
Media Protection Family
Back
Protects sensitive media (e.g., drives, paper) from unauthorized access, use, or destruction.
Front
Privacy Impact Assessment (PIA)
Back
Identifies privacy risks within new or evolving systems and recommends mitigations to uphold data protection laws.
Front
Program Management Family
Back
Coordinates an organization-wide security strategy and implementation.
Front
Configuration Management Family
Back
Controls the setup and maintenance of secure system configurations.
Front
Supply Chain Risk Management
Back
Focuses on ensuring security in external partnerships, procurements, and services.
Front
Data Quality Family
Back
Ensures the accuracy, completeness, and relevance of organizational data to maintain trustworthiness and functionality.
Front
Awareness and Training Family
Back
Focuses on educating employees regarding security policies, threats, and best practices.
Front
Contingency Planning Family
Back
Prepares for incident response and recovery to maintain critical operations.
Front
System and Communication Protection Family
Back
Protects the integrity, confidentiality, and availability of communications within systems.
1/30
This deck outlines different security and privacy control families, emphasizing their implementation and testing to ensure compliance.