Governance and Policy Word Search
MediumFind each governance or policy concept hidden in the grid.
V
J
X
A
U
D
I
T
Q
I
H
D
N
G
G
M
V
N
N
P
C
I
J
L
C
O
A
O
U
U
S
K
I
S
I
D
B
G
Z
B
K
T
K
R
I
Z
D
S
R
Q
L
P
O
L
I
C
Y
A
E
D
J
J
T
H
N
U
M
K
M
P
X
O
V
Z
E
A
W
B
C
S
O
C
X
V
F
R
J
L
Q
L
S
T
U
K
E
R
U
D
E
C
O
R
P
K
I
S
I
V
G
P
B
Z
A
F
L
R
I
X
Y
N
H
W
T
D
Q
S
O
X
N
Y
I
I
Q
Q
E
D
S
G
P
U
T
A
X
L
M
F
S
T
U
H
B
F
B
R
O
G
Z
Z
J
J
F
M
O
N
E
F
S
O
C
T
D
K
R
O
W
E
M
A
R
F
X
H
S
A
A
P
I
H
I
M
Z
G
C
C
C
Q
K
D
R
A
D
N
A
T
S
S
V
B
K
S
Z
K
N
Y
T
X
S
J
A
F
P
R
I
K
J
Drag across letters, or tap the first and last letter. On a keyboard, use arrows + Enter.
Advertisement
Terms in this set
- Policy High-level management directives that set security expectations and requirements.
- Procedure Step-by-step instructions for performing a specific task in a repeatable way.
- Standard Mandatory rules that implement a policy — e.g., minimum password length, approved cipher suites.
- Guideline Recommended, non-mandatory practices that help implement policy.
- Framework A structured set of controls and processes used to organize a security program.
- NIST The U.S. National Institute of Standards and Technology — publishes widely used security frameworks.
- ISO The International Organization for Standardization — publishes ISO/IEC 27001, the global ISMS standard.
- PCI PCI DSS — security requirements for organizations that store, process, or transmit cardholder data.
- GDPR EU General Data Protection Regulation — privacy rights for EU data subjects with global reach.
- HIPAA U.S. law requiring privacy and security safeguards for protected health information.
- SOX Sarbanes-Oxley Act — U.S. law requiring internal controls over financial reporting for public companies.
- Audit Independent review of controls against a standard or framework to assess effectiveness.