5_2_1 Section 5 – Governance, Risk, and Compliance - 5.2 – Regulations, Standards, and Frameworks - Security Regulations and Standards

Questions and Answers

What is the primary reason for tracking compliance regulations closely?

• To improve organization's reputation
• To ensure job security
• To reduce data storage costs
• To avoid significant penalties (correct)

What aspect of an organization's business may be covered by compliance regulations?

• Only employee salaries and benefits
• Only data storage and privacy
• Only financial transactions
• Multiple aspects, including finance and data storage (correct)

What is the scope of compliance regulations based on?

• Employee count
• Industry type
• Local geography (correct)
• Company size

What may be the consequence of not following compliance regulations?

Fines and possible incarceration (C)

What is the role of the security team in compliance regulations?

To ensure compliance with all applicable regulations (C)

Why is it important to understand the scope of compliance regulations?

To avoid penalties and ensure job security (C)

What is the main goal of the GDPR?

To give individuals control over their private information (C)

What type of information is protected by the GDPR?

Any information specific to an individual (C)

What is the purpose of the PCI DSS?

To provide protection for credit card transactions (C)

What is a requirement of the PCI DSS?

Building and maintaining a secure network and systems (A)

What is NOT a goal of the PCI DSS?

Regulating websites' privacy policies (A)

How often should organizations that store credit card information be audited and tested?

Periodically, to ensure security controls are in place (D)

What is the primary focus of the GDPR?

To control the use of private information within the EU (B)

What is the main purpose of the PCI DSS?

To provide a framework for credit card transaction security (B)

What is a requirement of the GDPR?

Providing detailed information about website privacy policies (B)

What is the role of periodic audits and tests in the PCI DSS?

To ensure security policies are up to date (A)

What type of information is protected by the PCI DSS?

Credit card information (C)

What is the goal of strong access control measures in the PCI DSS?

To limit access to credit card information (D)

What is a potential consequence of not following compliance regulations?

Incarceration or jail time (C)

What type of data may be regulated by compliance guidelines?

Credit card information (B)

Why is it important for the security team to understand the scope of compliance regulations?

To ensure the organization follows all relevant regulations (B)

What is a possible basis for compliance regulations?

Local geography (D)

What can be a significant consequence of not following compliance regulations for the organization?

A fine (A)

What can be a personal consequence for an individual responsible for compliance in an organization?

Job loss (B)