Security Compliances Study Cards
Click any card to reveal the answer
Click any card to reveal the answer
An international standard for information security management systems (ISMS) providing a framework for managing sensitive information
Information Security Management System (ISMS) risk assessment risk treatment and continuous improvement
Payment Card Industry Data Security Standard - requirements for organizations that handle credit card information
12 main requirements organized into 6 control objectives for protecting cardholder data
Sarbanes-Oxley Act requirements for financial reporting controls and data protection in public companies
Health Insurance Portability and Accountability Act - US regulation protecting health information privacy and security
General Data Protection Regulation - European law governing data protection and privacy for individuals
UK government-backed scheme that helps organizations protect against common cyber attacks
Boundary firewalls secure configuration access control malware protection and patch management
Service Organization Control 2 - auditing standard for service companies storing customer data
Security availability processing integrity confidentiality and privacy
A voluntary framework of standards and best practices for managing cybersecurity risk
Identify Protect Detect Respond and Recover
Code of practice providing guidelines for information security controls referenced by ISO 27001
Control Objectives for Information and Related Technologies - framework for IT governance and management
SOC 1 focuses on financial reporting controls while SOC 2 focuses on security availability and processing integrity
Federal Risk and Authorization Management Program for cloud products used by US government agencies
Federal Information Security Management Act requiring US federal agencies to secure information systems
Cybersecurity Maturity Model Certification for organizations working with US Department of Defense
Cybersecurity Framework - typically referring to NIST's framework for managing cybersecurity risk
Information Security Management System - systematic approach to managing sensitive information
Process of identifying analyzing and evaluating information security risks
Continuous improvement methodology used in ISO 27001 and other management systems
SSAE standards that govern SOC audit reports and attestation procedures
Process of categorizing data based on sensitivity level and protection requirements
Managing who can access what information systems and resources
Organized approach to addressing and managing security breaches or cyber attacks
Process of creating systems to prevent and recover from potential threats to operations
Ongoing process of identifying assessing and mitigating security vulnerabilities
Compliance meets regulatory requirements while security protects against actual threats
Remember: Use all available resources to study. Flearn alone cannot guarantee success in any exams—make sure to supplement your learning!