22.3.2. Security Standards and Frameworks

0.0(0)
studied byStudied by 0 people
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
Card Sorting

1/6

flashcard set

Earn XP

Description and Tags

22.3 Governance Risk and Compliance

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

7 Terms

1
New cards

SOX

Sarbanes-Oxley Act

US law_ that makes sure publicly traded companies (stocks) are honest and clear about their money.

2
New cards

Legal Requirements

cybersecurity rules and laws set by the government that all businesses must follow. If they don't, there can be serious punishments.

3
New cards

Regulatory Requirements

rules and standards set by specific industries or governments that businesses must follow, especially regarding how they handle data and security.

more specific rules for certain types of businesses or data (like healthcare, finance, or credit card data).

4
New cards

NERC CIP

Security rules for power companies

5
New cards

Industry Requirements

private sector-driven standards that are not laws, but are essential for doing business.

(like healthcare, finance, or retail)

6
New cards

PCI-DSS

Payment Card Industry Data Security Standard

The strict security rules businesses must follow to keep your credit card info safe when you pay.

7
New cards

3 requirements businesses needs to follow

legal, regulatory, and industry-specific – by looking for overlapping security controls to simplify meeting them all, such as using a single strong password policy (e.g., 16-character passwords) that satisfies various individual requirements.