5_2_2 Section 5 – Governance, Risk, and Compliance - 5.2 – Regulations, Standards, and Frameworks - Security Frameworks
22 Questions
0 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

What is the name of the auditing standard that focuses on reports related to trust services criteria or security controls?

  • Type I Audit
  • SSAE 18 (correct)
  • SOC 2
  • Cloud Controls Matrix

    • What is the name of the report suite that focuses on security controls and trust services criteria?

  • SOC 1
  • SOC 2 (correct)
  • SOC 4
  • SOC 3

    • What type of audit examines the controls in place at a particular date and time?

  • Cloud Controls Matrix Audit
  • SOC 2 Audit
  • Type II Audit
  • Type I Audit (correct)

    • What is the minimum period required for a type II audit?

    <p>6 consecutive months</p> Signup and view all the answers

    What is the name of the not-for-profit organization that focuses on security in the cloud?

    <p>Cloud Security Alliance</p> Signup and view all the answers

    What is the name of the framework created by the Cloud Security Alliance?

    <p>Cloud Controls Matrix Framework</p> Signup and view all the answers

    What is one major challenge when trying to secure an organization's data?

    <p>Adapting to unique organizational requirements</p> Signup and view all the answers

    What can security frameworks help you with?

    <p>Understanding security processes and building them from scratch</p> Signup and view all the answers

    Why might you need to refer to security frameworks?

    <p>To prioritize security projects and tasks</p> Signup and view all the answers

    What is one benefit of using security frameworks?

    <p>They help you build security processes from scratch</p> Signup and view all the answers

    What is unique about each organization's security needs?

    <p>The industry or line of work they are in</p> Signup and view all the answers

    What can security frameworks help you understand?

    <p>Different security processes available</p> Signup and view all the answers

    What is the main focus of the CIS Critical Security Controls (CSC)?

    <p>To improve the security posture of an organization.</p> Signup and view all the answers

    Which framework is required for United States Federal Government Agencies?

    <p>NIST Risk Management Framework (RMF)</p> Signup and view all the answers

    What is the main difference between the NIST RMF and NIST CSF?

    <p>RMF is for federal government agencies, while CSF is for commercial implementations.</p> Signup and view all the answers

    What are the three major areas of the NIST Cybersecurity Framework (CSF)?

    <p>Framework Core, Framework Implementation Tiers, Framework Profile</p> Signup and view all the answers

    What is the purpose of the ISO/IEC 27001 standard?

    <p>To establish a standard for Information Security Management Systems (ISMS).</p> Signup and view all the answers

    What is the focus of the ISO/IEC 27701 standard?

    <p>Privacy Information Management Systems (PIMS)</p> Signup and view all the answers

    What is the main purpose of the CIS Critical Security Controls (CSC)?

    <p>To improve the security posture of an organization.</p> Signup and view all the answers

    What is unique about the CIS Critical Security Controls (CSC)?

    <p>It provides different recommendations depending on the size of the organization.</p> Signup and view all the answers

    What is the SSAE SOC 2 typically associated with?

    <p>Auditing and compliance</p> Signup and view all the answers

    How many steps are in the NIST Risk Management Framework (RMF)?

    <p>6 steps</p> Signup and view all the answers

    More Like This

    Use Quizgecko on...
    Browser
    Open
    Browser
    Browser