5_2_2 Section 5 – Governance, Risk, and Compliance - 5.2 – Regulations, Standards, and Frameworks - Security Frameworks

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to Lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

What is the name of the auditing standard that focuses on reports related to trust services criteria or security controls?

  • Type I Audit
  • SSAE 18 (correct)
  • SOC 2
  • Cloud Controls Matrix

What is the name of the report suite that focuses on security controls and trust services criteria?

  • SOC 1
  • SOC 2 (correct)
  • SOC 4
  • SOC 3

What type of audit examines the controls in place at a particular date and time?

  • Cloud Controls Matrix Audit
  • SOC 2 Audit
  • Type II Audit
  • Type I Audit (correct)

What is the minimum period required for a type II audit?

<p>6 consecutive months (B)</p> Signup and view all the answers

What is the name of the not-for-profit organization that focuses on security in the cloud?

<p>Cloud Security Alliance (A)</p> Signup and view all the answers

What is the name of the framework created by the Cloud Security Alliance?

<p>Cloud Controls Matrix Framework (C)</p> Signup and view all the answers

What is one major challenge when trying to secure an organization's data?

<p>Adapting to unique organizational requirements (D)</p> Signup and view all the answers

What can security frameworks help you with?

<p>Understanding security processes and building them from scratch (C)</p> Signup and view all the answers

Why might you need to refer to security frameworks?

<p>To prioritize security projects and tasks (C)</p> Signup and view all the answers

What is one benefit of using security frameworks?

<p>They help you build security processes from scratch (B)</p> Signup and view all the answers

What is unique about each organization's security needs?

<p>The industry or line of work they are in (A)</p> Signup and view all the answers

What can security frameworks help you understand?

<p>Different security processes available (C)</p> Signup and view all the answers

What is the main focus of the CIS Critical Security Controls (CSC)?

<p>To improve the security posture of an organization. (B)</p> Signup and view all the answers

Which framework is required for United States Federal Government Agencies?

<p>NIST Risk Management Framework (RMF) (C)</p> Signup and view all the answers

What is the main difference between the NIST RMF and NIST CSF?

<p>RMF is for federal government agencies, while CSF is for commercial implementations. (C)</p> Signup and view all the answers

What are the three major areas of the NIST Cybersecurity Framework (CSF)?

<p>Framework Core, Framework Implementation Tiers, Framework Profile (D)</p> Signup and view all the answers

What is the purpose of the ISO/IEC 27001 standard?

<p>To establish a standard for Information Security Management Systems (ISMS). (A)</p> Signup and view all the answers

What is the focus of the ISO/IEC 27701 standard?

<p>Privacy Information Management Systems (PIMS) (D)</p> Signup and view all the answers

What is the main purpose of the CIS Critical Security Controls (CSC)?

<p>To improve the security posture of an organization. (B)</p> Signup and view all the answers

What is unique about the CIS Critical Security Controls (CSC)?

<p>It provides different recommendations depending on the size of the organization. (B)</p> Signup and view all the answers

What is the SSAE SOC 2 typically associated with?

<p>Auditing and compliance (D)</p> Signup and view all the answers

How many steps are in the NIST Risk Management Framework (RMF)?

<p>6 steps (D)</p> Signup and view all the answers

Flashcards are hidden until you start studying

More Like This

Use Quizgecko on...
Browser
Open
Browser
Browser