Governance and Policy Flashcards

Medium

Spaced repetition with the SM-2 algorithm — grade each card and PlayPrepHQ schedules it to resurface right before you'd forget it. Progress saves in this browser.

Loading your deck…

Terms in this set

Policy High-level management directives that set security expectations and requirements.
Procedure Step-by-step instructions for performing a specific task in a repeatable way.
Standard Mandatory rules that implement a policy — e.g., minimum password length, approved cipher suites.
Guideline Recommended, non-mandatory practices that help implement policy.
Framework A structured set of controls and processes used to organize a security program.
NIST The U.S. National Institute of Standards and Technology — publishes widely used security frameworks.
ISO The International Organization for Standardization — publishes ISO/IEC 27001, the global ISMS standard.
PCI PCI DSS — security requirements for organizations that store, process, or transmit cardholder data.
GDPR EU General Data Protection Regulation — privacy rights for EU data subjects with global reach.
HIPAA U.S. law requiring privacy and security safeguards for protected health information.
SOX Sarbanes-Oxley Act — U.S. law requiring internal controls over financial reporting for public companies.
Audit Independent review of controls against a standard or framework to assess effectiveness.