5_2_2 Section 5 – Governance, Risk, and Compliance - 5.2 – Regulations, Standards, and Frameworks - Security Frameworks

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to Lesson

Podcast

Play an AI-generated podcast conversation about this lesson
Download our mobile app to listen on the go
Get App

Questions and Answers

What is the name of the auditing standard that focuses on reports related to trust services criteria or security controls?

  • Type I Audit
  • SSAE 18 (correct)
  • SOC 2
  • Cloud Controls Matrix

What is the name of the report suite that focuses on security controls and trust services criteria?

  • SOC 1
  • SOC 2 (correct)
  • SOC 4
  • SOC 3

What type of audit examines the controls in place at a particular date and time?

  • Cloud Controls Matrix Audit
  • SOC 2 Audit
  • Type II Audit
  • Type I Audit (correct)

What is the minimum period required for a type II audit?

<p>6 consecutive months (B)</p> Signup and view all the answers

What is the name of the not-for-profit organization that focuses on security in the cloud?

<p>Cloud Security Alliance (A)</p> Signup and view all the answers

What is the name of the framework created by the Cloud Security Alliance?

<p>Cloud Controls Matrix Framework (C)</p> Signup and view all the answers

What is one major challenge when trying to secure an organization's data?

<p>Adapting to unique organizational requirements (D)</p> Signup and view all the answers

What can security frameworks help you with?

<p>Understanding security processes and building them from scratch (C)</p> Signup and view all the answers

Why might you need to refer to security frameworks?

<p>To prioritize security projects and tasks (C)</p> Signup and view all the answers

What is one benefit of using security frameworks?

<p>They help you build security processes from scratch (B)</p> Signup and view all the answers

What is unique about each organization's security needs?

<p>The industry or line of work they are in (A)</p> Signup and view all the answers

What can security frameworks help you understand?

<p>Different security processes available (C)</p> Signup and view all the answers

What is the main focus of the CIS Critical Security Controls (CSC)?

<p>To improve the security posture of an organization. (B)</p> Signup and view all the answers

Which framework is required for United States Federal Government Agencies?

<p>NIST Risk Management Framework (RMF) (C)</p> Signup and view all the answers

What is the main difference between the NIST RMF and NIST CSF?

<p>RMF is for federal government agencies, while CSF is for commercial implementations. (C)</p> Signup and view all the answers

What are the three major areas of the NIST Cybersecurity Framework (CSF)?

<p>Framework Core, Framework Implementation Tiers, Framework Profile (D)</p> Signup and view all the answers

What is the purpose of the ISO/IEC 27001 standard?

<p>To establish a standard for Information Security Management Systems (ISMS). (A)</p> Signup and view all the answers

What is the focus of the ISO/IEC 27701 standard?

<p>Privacy Information Management Systems (PIMS) (D)</p> Signup and view all the answers

What is the main purpose of the CIS Critical Security Controls (CSC)?

<p>To improve the security posture of an organization. (B)</p> Signup and view all the answers

What is unique about the CIS Critical Security Controls (CSC)?

<p>It provides different recommendations depending on the size of the organization. (B)</p> Signup and view all the answers

What is the SSAE SOC 2 typically associated with?

<p>Auditing and compliance (D)</p> Signup and view all the answers

How many steps are in the NIST Risk Management Framework (RMF)?

<p>6 steps (D)</p> Signup and view all the answers

Flashcards are hidden until you start studying

More Like This

Use Quizgecko on...
Browser
Open
Browser
Browser