Scribd Logo
Upload

Welcome to Scribd!

  • Module 2: Security Governance and Compliance

    Uploaded by

    Antonio Brandão
    39 views3 pages

    Original Title

    CompleteCISSPModule2CheatSheet-1537195300191

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    39 views3 pages

    Module 2: Security Governance and Compliance

    Uploaded by

    Antonio Brandão

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 3

    Module 2: Security Governance and Compliance

    Lesson 1: Security Governance Artifacts


     Governance is the framework to ensure security is aligned to business objectives or regulations
     Compliance is the verification that security complies with governance
     Artifacts are the documents or other evidence that proves compliance
     Security policy states how an organization plans on protecting system assets
     Regulatory policy is focused on compliance, Advisory policies are focused on actions/behavior, Information policies are
    focused on training and awareness
     Security standards are a consistent sets of actions required to implement security
     Security procedure are specific step-by-step instructions on how to implement security
     Security guidelines are recommended guidance if nothing else
     Security baseline is a state or version of system components
     All security artifacts must comply with laws and regulations

    Lesson 2: Complying With Security Regulations


     Computer Fraud and Abuse Act of 1986: federal crime for unauthorized access to federal systems
     Federal Privacy Act of 1974: fair information law for handling of government managed data
     Computer Security Act of 1987: security standard for the protection of U.S. government systems
     FISMA: security standard for the protection of U.S. government non-national security systems
     Economic Espionage Act of 1996: protects organizations trade secret information
     PATRIOT Act: allows investigators the tools to investigate terrorism
     SOX: protecting against accounting fraud to protect investors
     PCI DSS: aimed at protecting credit card theft and fraud

    © Copyright 2018 Cyberactive Security, LLC. All Rights Reserved. CISSP is a registered trademark of (ISC)2, Inc.
    Module 2: Security Governance and Compliance

     GLBA: safeguarding private and sensitive data from sharing to third party organizations
     HIPAA: requires data integrity and privacy for health related information
     PIPEDA: Canadian regulation that defines how handle private data
     BASEL II: requires banks to have a money on-hand to cover operational risks

    Lesson 3: Data Privacy Requirements


     Data privacy is a main focus of many regulations
     Depends on the industry, country of operations, and user acceptance
     PII is any information that can uniquely identify an individual
     Users must have the right to access, deny, and integrity for PII
     FIP common standard is followed for collection and management of PII information
     Privacy Shield protects PII shared between U.S., EU, and Swiss
     Privacy Act of 1974 enforces protection for PII managed by the U.S. government
     HIPAA enforces patients health PII protection
     PIPEDA enforces PII protection in Canada
     EU DPD enforces the right of PII in the EU

    Lesson 4: Intellectual Property Rights


     Intellectual property are products or creations that are created from the human mind or intellect
     Organizations that create anything have inheritable rights and ownership of what they create
     Patent is protection to create and sell an unique invention, theory, or technique
     Copyright is exclusive ownership to control literary works
     Trade secret is protecting something unique or proprietary to an organization

    © Copyright 2018 Cyberactive Security, LLC. All Rights Reserved. CISSP is a registered trademark of (ISC)2, Inc.
    Module 2: Security Governance and Compliance

     Trademarks are designed to protect a unique name, logo, acronym and creates an organizations identity
     License is permission from the license issuer to use their product in a directed manner

    Lesson 5: Complying With Export and Import Laws


     Many organizations export and import goods and must be aware of EX/IM
     EX/IM from other countries are typically subject regulations
     The goal is EX/IM is to prevent terrorism and military build up
     Thoroughly track any/all products that are imported and exported
     Have proper security controls in place to address EX/IM according to applicable regulations
     Computing technology and encryption are the main things under EX/IM control
     One the major EX/IM regulations is the Wassenaar Arrangement
     Wassenaar Arrangement is the export control for conventional arms and dual-use goods and technologies used by 40
    countries
     When in doubt, consulting with government agencies for guidance

    © Copyright 2018 Cyberactive Security, LLC. All Rights Reserved. CISSP is a registered trademark of (ISC)2, Inc.

    You might also like