Compliance with Standards, Regulations, and Laws

These flashcards cover key concepts, laws, and regulations surrounding compliance with standards in information security.

What is the fourth wave of information security management characterized as?

Governance

What key outcome drives information security governance?

Prevention of financial fraud through data manipulation.

Which organization publishes the COBIT guidelines?

ISACA, the Information Systems Audit and Control Association.

What does COBIT stand for?

Control Objectives for Information and related Technology.

What high-level specification does ISO 27001 provide for organizations?

Information Security Management System (ISMS).

What is the purpose of ISO 27002?

To provide a detailed set of information security controls based on risk assessment outputs.

What does NIST stand for?

National Institute of Standards and Technology.

What act applies to the protection of patient information in the healthcare sector?

Health Insurance Portability and Accountability Act (HIPAA).

What does PCI DSS stand for?

Payment Card Industry Data Security Standard.

What is one requirement of the Gramm-Leach-Bliley Act (GLBA)?

Financial institutions must develop and maintain a comprehensive information security program.

What must organizations do under the Sarbanes-Oxley Act (SOX) regarding financial reporting?

Establish and maintain adequate internal controls.

Which law governs the interception of electronic communications?

The Electronic Communications Privacy Act (ECPA).

What does the Computer Fraud and Abuse Act (CFAA) primarily target?

Unauthorized access to computers and the resulting damage or loss.

What is one key attribute defined by the CFAA for establishing a computer crime?

Access without or in excess of authorization.

What type of crimes can be defined under hacking laws?

Intrusions into computer networks resulting in fraud, theft, or damage.

What does the term 'duty of care' refer to in information security?

The responsibility of organizations to safeguard information adequately.

What significant change did the HITECH Act bring to HIPAA enforcement?

Increased penalties for willful neglect and breach notification requirements.

What are essential components of the HIPAA Security Rule?

Confidentiality, integrity, availability, and protection against anticipated threats.

Which agency is responsible for overseeing compliance with the NERC CIP standards?

North American Electric Reliability Corporation (NERC).

What is the primary focus of the PCI DSS?

To protect cardholder data and ensure secure credit card transactions.

What are the four general requirements outlined by the HIPAA Security Rule?

Ensure confidentiality, integrity, availability, protect against threats, ensure compliance.

What are the key indicators of liability for organizations regarding regulations?

Failure to apply requisite safeguards and prepare for security breaches.

What does the ECPA protect regarding electronic communications?

Unauthorized interception and access of e-mails and keystrokes.