Information Security and Governance

Flashcards covering key terms and definitions related to information security principles, governance, risk management, and compliance.

ISC2 Code of Ethics

A set of principles that information security professionals must adhere to, ensuring their commitment to ethical standards.

Preamble

Introduces the ISC2 Code of Ethics and emphasizes the importance of safety, welfare, and ethical behavior.

The Canons

Fundamental beliefs of ISC2 members regarding their duties to society, honesty, service, and the profession.

Privacy in the Working Environment

A critical aspect of information security focused on protecting sensitive information from unauthorized access.

HIPAA

Health Insurance Portability and Accountability Act, establishing standards for the protection of medical information in the United States.

GDPR

General Data Protection Regulation, a framework in the EU that gives individuals control over their personal data and imposes heavy penalties for breaches.

Risk Management Terminology

Key concepts in cybersecurity including assets, vulnerabilities, and threats used in assessing and managing organizational risk.

Asset

Anything that needs protection within an organization, such as data or systems.

Vulnerability

A weakness or gap in an organization's security that can be exploited by threats.

Threat

Any potential danger that can exploit a vulnerability to cause harm to an asset.

Risk Tolerance

The level of risk an organization is willing to accept in pursuit of its goals.

Governance

The framework of rules, practices, and processes used to guide and control an organization.

Compliance

Adherence to laws, regulations, and standards as required by governing authorities.

Security Controls

Measures implemented to protect information systems; includes physical, technical, and administrative controls.

Physical Controls

Security measures that use physical devices to protect assets, such as locks and badge readers.

Technical Controls

Security measures implemented through technology, such as firewalls and encryption.

Administrative Controls

Policies and procedures aimed at managing organizational behaviors and operations concerning security.

NIST

National Institute of Standards and Technology, a U.S. government agency that develops and publishes standards for various industries.

ISO

International Organization for Standardization, an organization that develops and publishes international standards.