module 7

Pataasin ang iyong marka sa homework at exams ngayon gamit ang Quizwiz!

Risk management

the process of identifying, prioritizing, and addressing risks.

ISO/IEC 27002

An update to the ISO 17799 standard

Nonpublic personal information (NPI)

Any personally identifiable financial information that a consumer provides to a financial institution. This term is defined by the Gramm-Leach-Bliley Act.

Publicly traded companies

Companies owned by a number of different investors, who own shares of their stock

Recommendations

Formal term for ITU-T international standards

Electronic protected health information (EPHI)

Patient health information that is computer based. It is PHI stored electronically

Technology protection measure (TPM)

Technology used to filter content from which children are to be protected

True

The Federal Information Security Management Act (FISMA) of 2014 defines the roles, responsibilities, accountabilities, requirements, and practices that are needed to fully implement FISMA security controls and requirements. True/False

True

The International Electrotechnical Commission (IEC) was instrumental in the development of standards for electrical measurements, including gauss, hertz, and weber. True/False?

True

The Internet Architecture Board (IAB) is a subcommittee of the IETF. True/False?

False

The main goal of the Gramm-Leach-Bliley Act (GLBA) is to protect investors from financial fraud. True/False?

True

Visa, MasterCard, and other payment card vendors helped to create the Payment Card Industry Data Security Standard (PCI DSS). True/False?

Qualified security assessor (QSA)

a certified individual qualified and authorized to perform PCI compliance assessment

Protected health information (PHI)

any individually identifiable information that relates to the physical or mental condition or the provision of healthcare to an individual

Privately held companies

A company held by a small group of private investors

Covered entity

Health plans, health care clearinghouses, and health care providers who transmit health information by electronic means.

International Telecommnication Union (ITU)

The main united nations agency responsible for managing and promoting information and technology issues

Report of compliance (ROC)

defined by the PCI Data Security Standard, this is a summary of the assessment activities performed during an audit, It is included as part of the Attestation of Compliance

Directory information

information that is publicly available about users of a computer system, such as students at a school

American National Standards Institute (ANSI)

A US standards organization whose goal is to empower its members and constitutents to strengthen the US marketplace position in the global economy, while helping to ensure the safety and health of consumers and the protection of the environment.

Internet Engineering Task Force (IETF)

A standards organization that develops and promotes Internet standards.

ISO 17799

An international security standard that documents a comprehensive set of controls that represent information system best practics

Request for comments (RFC)

documents are how standards and protocols are defined and published for all to see on the IETF website.

World Wide Web Consortium (W3C)

An organization formed in 1994 to develop and publish standards for the World Wide Web

Chief information security officer (CISO)

Federal agencies are required to name a senior official in charge of information security. What title is normally given to these individuals?

Authorize the IT system for processing.

Howard is leading a project to commission a new information system that will be used by a federal government agency. He is working with senior officials to document and accept the risk of operation prior to allowing use. What step of the risk management framework is Howard completing?

International Electrotechnical Commission (IEC)

The predominant organization for developing and publishing international standards for technologies related to electrical and electronic devices and processes

Miller test

The three-prong approach defined by the US supreme court to decide whether to label something as obscene.

National Institute of Standards and Technology (NIST)

a federal agency within the US department of Commerce whose mission is to promote US innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life.

Standards

a mandated requirement for a hardware or software solution that is used to deal with a security risk throughout the organization

Approved scanning vendor (ASV)

a qualified and approved company able to perform payment card Industry (PCI) vulnerability assessment scans

Electrotechnology

the collective body of knowledge addressed by the International Electrotechnical Commission (IEC)

Control objectives

the goal or final outcome of what a control or requirement must achieve when implemented correctly

Sarbanes-Oxley Act of 2002

A US federal law requiring officers of publicly traded companies to have accurate and audited financial statements.

Minimum necessary rule

A rule that covered entities may disclose only the amount of protected health information absolutely necessary to carry out a particular function

False

All request for comments (RFC) originate from the Internet Engineering Task Force (IETF). True/False?

Personally identifiable information

Data that can be used to individual identify a person

Attestation of compliance (AOC)

Defined by the PCI Data Science Security Standard, this is an annual written statement of an organization's compliance signed by the Chief Executive Officer with any gaps or compensating security controls identified and documented.

Self-assessment questionnaire (SAQ)

Defined by the PCI Data Security Standard, this is a series of yes-or-no questions used to guide the organization toward determining their own compliance with the standard's requirements

Business associates

Under HIPAA, organizations that perform a health care activity on behalf of a covered entity

True

Under the Federal Information Security Management Act (FISMA), all federal agencies must report security incidents to the U.S. Computer Emergency Readiness Team (US-CERT). True/False

Network

Which term accurately describes Layer 3 of the Open Systems Interconnection (OSI) model?

International Organization for Standardization (ISO)

an international nongovernmental organization with the goal of developing and publishing international standards

Compliance

the act of following laws, rules, and regulations that apply to your organization and its use of IT systems, applications, and data.

ITU Telecommunication Sector (ITU-T)

the committee of the ITU responsible for ensuring the efficient and effective production of standards covering all fields of telecommunciations for all nations.


Kaugnay na mga set ng pag-aaral

English 12:7.22.3 Lesson: Documenting Sources: In-Text Citations

View Set

Modules 16-17: Building and Securing a Small Network

View Set

Gaddis Chapter Two Review Questions

View Set

PCAT Chemical Processes: Organic Chemistry Alkanes, Alkenes, and Alkynes

View Set

8.07 Unit Test | Personal, Community, and Environmental Health - Part 2

View Set

Thesis Statement & Topic Sentence

View Set

Google Adwords Final Practice Questions

View Set