nist/ iso / soc
Studied by 0 people
Learn
Practice Test
Spaced Repetition
Match
Flashcards1/13
There's no tags or description
Looks like no tags are added yet.
Name | Mastery | Learn | Test | Matching | Spaced |
|---|
No study sessions yet.
14 Terms
nist 800-92
log management
nist 800-37
guidance for implementing RMF
iso 27001
most recognized security program
iso 27017
about cloud specific security controls
iso 27034
overview of application security
iso 31000
design implementation / management
SOC 1
A report focused on internal controls related to financial reporting. It shows how a company handles processes that could impact financial statements. It's mainly for auditors.
SOC 2
A report focused on how a company secures customer data. It reviews controls related to security, availability, processing integrity, confidentiality, and privacy. It's useful for customers and partners.
soc 2 type 1
A report that evaluates the design of a company’s controls at a specific point in time. It checks whether the controls are properly designed but doesn’t test if they work over time.
soc 2 type 2
A report that evaluates both the design and the operating effectiveness of a company’s controls over a period of time (typically 3 to 12 months). It shows whether the controls consistently worked as intended.
Note 
Flashcards (20)