Ch 4 Sec Standards and policies

0.0(0)
Studied by 0 people
linked notesView linked note
call kaiCall Kai
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
GameKnowt Play
Card Sorting

1/22

encourage image

There's no tags or description

Looks like no tags are added yet.

Last updated 1:36 AM on 5/25/26
Name
Mastery
Learn
Test
Matching
Spaced
Call with Kai

No analytics yet

Send a link to your students to track their progress

23 Terms

1
New cards

Due diligence

Process of setting controls to maintain compliance.

2
New cards

Due care

Process of implementing, maintaining, and responding to those controls.

3
New cards

General Data Protection Regulation (GDPR)

Regulation for EU residents that protects personal information and privacy.

4
New cards

Right to be informed

Right of EU residents to be informed about the processing of their personal data.

5
New cards

Right of access

Right of EU residents to access their personal data held by organizations.

6
New cards

Right to rectification

Right of EU residents to correct inaccurate personal data.

7
New cards

Right to be forgotten

Right of EU residents to request deletion of their personal data.

8
New cards

Payment Card Industry Data Security Standard (PCI DSS)

Compliance requirements for the security of cardholder data.

9
New cards

CIS Critical Security Controls (CSC)

Security framework consisting of recommended security controls organized in 18 areas.

10
New cards

Risk Management Framework (RMF)

Systematic process required by public sector organizations to address risks.

11
New cards

ISO/IEC 27001

Standard for implementing an information management security system (ISMS).

12
New cards

SOC 2 Type 1

AICPA point-in-time audit of a service entity's security controls.

13
New cards

SOC 2 Type 2

Periodic, annual audit of a service entity's security controls.

14
New cards

Secure baseline

Set of standardized security configurations and controls to provide minimum security.

15
New cards

Business continuity plan (BCP)

Set of processes followed to maintain business continuity during a disaster.

16
New cards

Data governance

How data is collected and accessed during its life cycle.

17
New cards

Gamification

Use of game-like elements to enhance personnel training.

18
New cards

Instructor-led training (ILT)

Live training delivered by an instructor.

19
New cards

Anomalous behavior

Recognizing actions or patterns that deviate from normal operational behavior.

20
New cards

Password policy

Guidelines for password complexity and expiration.

21
New cards

Background check policy

Policy requiring background checks for new employees.

22
New cards

Mandatory vacation policy

Policy requiring employees to take paid time off to expose security issues.

23
New cards

Incident response plan (IRP)

Processes followed to recognize, respond, and recover from an incident.