NIST SP 800-53 provides security controls for federal information systems to protect them from cyber threats.
A
To provide a guide for implementing ISO 27001
B
To iimprove cybersecurity risk management for critical infrastructure
C
To specify requirements for IT governance
D
To develop new encryption algorithms
The NIST Cybersecurity Framework is designed to guide organizations in improving their cybersecurity posture by managing risks, especially in critical infrastructure.
A
Preventing unauthorized access
B
Recovering from cybersecurity incidents
C
Identifying and protecting assets
D
Identifying cybersecurity events
The 'Detect' function in the NIST Cybersecurity Framework is focused on identifying cybersecurity incidents and events.
A
NIST SP 800-37
B
NIST SP 800-53
C
NIST SP 800-171
D
NIST SP 800-115
NIST SP 800-37 outlines the Risk Management Framework (RMF) used by federal agencies to manage cybersecurity risks.
A
NIST SP 800-57
B
NIST SP 800-53
C
NIST SP 800-171
D
NIST SP 800-37
NIST SP 800-57 provides guidance on cryptographic standards and key management processes.
A
Environmental sustainability
B
Health and safety management
C
Information security management systems (ISMS)
D
Software development processes
ISO/IEC 27001:2013 focuses on creating and maintaining an Information Security Management System (ISMS) to ensure the security of information.
A
A risk management plan
B
A disaster recovery plan
C
Regular cybersecurity drills
D
An Information Security Management System (ISMS)
ISO 27001 certification requires an organization to have a fully established and functioning ISMS to manage information security risks.
A
To define financial reporting standards
B
To outline organizational governance models
C
To list security controls for mitigating identified risks
D
To specify compliance with external standards
Annex A of ISO 27001 provides a comprehensive list of security controls that an organization can adopt to address identified risks.
A
Clause 5
B
Clause 6
C
Clause 7
D
Clause 8
Clause 6 in ISO 27001 outlines the requirements for planning, establishing, and maintaining the ISMS.
A
Prepare, Design, Check, Act
B
Plan, Do, Check, Act
C
Plan, Develop, Create, Analyze
D
Protect, Detect, Check, Act
PDCA is a continuous improvement cycle used in ISO 27001 to manage and improve the ISMS.
A
General Data Protection Regulation
B
General Directive for Privacy Rights
C
Government Data Protection Rules
D
General Digital Privacy Regulation
GDPR stands for the General Data Protection Regulation, a regulation aimed at protecting the personal data of EU citizens.
A
To protect the privacy of EU citizens
B
To improve cross-border data transfer
C
To allow organizations to collect data freely
D
To create a global standard for cybersecurity
The primary goal of the GDPR is to protect the privacy and personal data of individuals in the EU.
A
Data minimization
B
Transparency
C
Data encryption
D
Lawful processing
Data encryption is an important security measure but not one of the core principles of GDPR. The principles focus on lawful, fair, and transparent data processing.
A
24 hours
B
48 hours
C
72 hours
D
5 days
A
Name
B
Email address
C
Racial or ethnic origin
D
Phone number
Racial or ethnic origin is classified as "special category data" under GDPR, which requires stricter processing and protection.
A
Data retention policies
B
Risk management
C
Employee performance reviews
D
Financial analysis
Risk management is a core component of the GRC framework, focusing on identifying, assessing, and mitigating risks within an organization.
A
The process of managing risks across the organization
B
The collection and reporting of financial data
C
The strategic alignment of processes, controls, and policies
D
The design of IT infrastructure
Governance in the GRC framework refers to ensuring that processes, controls, and policies align with the organization's objectives and regulatory requirements.
A
To eliminate all risks
B
To manage and mitigate organizational risks
C
To focus only on financial risks
D
To ensure compliance with industry standards
The primary objective of risk management in the GRC framework is to assess and mitigate risks to achieve business objectives and reduce negative impacts.
A
The number of risks a company is legally allowed to take
B
The level of risk an organization is willing to accept to achieve its objec
C
The process of identifying potential risks
D
The implementation of risk controls
Risk appetite refers to the amount of risk an organization is willing to tolerate or accept in pursuit of its objectives.
A
COBIT
B
SOX
C
ITIL
D
PCI DSS
COBIT (Control Objectives for Information and Related Technologies) is a widely recognized framework used for IT governance, risk management, and compliance.