Security Mgt: Legislation, Organizations, Standards

Flashcards by , created over 6 years ago

IYM001 Flashcards on Security Mgt: Legislation, Organizations, Standards, created by jjanesko on 04/21/2013.

Created by jjanesko over 6 years ago
Security Mgt U8, Incident Recovery Image
Security Mgt U5, risk analysis and mgt (part 1)
Security Mgt U3, BS7799 (Part 2)
GCSE Chemistry C2 topic notes
Characters in "An Inspector Calls"
Esme Gillen
Security Mgt, ISO 27001, PDCA
Security Mgt U3, BS7799 (Part 1)
Security Mgt, Flashcards for ISO 27000 series
Exemplary Assignment Answers
Security Mgt U5, quantitative risk assessment forumula (image)
Question Answer
ISO 22301 Business continuity management standard designed to protect business from potential disruption such as natural disasters, terrorism & ensures that business comes to a stand still.
financial services and markets act (UK) Act of the Parliament of the United Kingdom that created the Financial Services Authority (FSA) as a regulator for insurance, investment business and banking.
RIPA, Regulation of Investigatory Powers Act (UK) Regulates the manner in which certain public bodies may conduct surveillance and access a person's electronic communications.
Federal Information Security Management Act (FISMA) (USA) Law intended to protect government information, operations and assets against natural or man-made threats.
Sarbanes Oxley (SOX) (USA) Defines which records are to be stored and for how long. SOX is a regulation to protect the customers from accounting errors and fraudulent practices in the enterprise.
Basel II Intended to create an international standard for banking regulators to control how much capital banks need to put aside to guard against the types of financial and operational risks banks (& whole economy) face.
Gamm Leach Billey Act (USA) also Financial Services Modernization Act of 1999. Allows banking companies, securities companies and insurance companies to merge and act as one company.
HIPAA privacy rule (USA) Establishes a set of national standards for the protection of certain health information.
BS7799 Standard which helps build an Information Sercurity Management architecture and gives a set of control objectives.
computer misuse act (UK) The following are criminal offences: unauthorized access to a system, unauthorized modification of data, unauthorized copying of data.
computer design and patent act (UK) Establishes that copyright in most works lasts until 70 years after the death of the creator if known, otherwise 70 years after the work was created or published (fifty years for computer-generated works).
human rights act (UK) An Act to give further effect to rights and freedoms guaranteed under the European Convention on Human Rights
FSA (Financial Services Authority) (UK)Responsible for the regulation of the financial services industry in the United Kingdom. Its board was appointed by the Treasury, although it operated independently of government.
ISO 17799 Establishes guidelines and general principles for initiating, implementing, maintaining, and improving information security management in an organization.
Turnbull report (UK) Informs directors of obligations to keep good "internal controls" in their companies, & to have good audits/checks to ensure quality of financial reporting & fraud avoidance.
data protection act (UK) Organizations implement measures against unauthorized access, accidental loss or damage to personal data.
ISO 27001 Is the framework that defines how a ISMF should be structured, operate controls and documentation required for a effective ISM system.
FAST (federation against software theft) (UK) Lobbies on behalf of software developers and producers to protect intellectual property.
COBIT This is an end-to-end IT governance framework that reflects the central role of information and technology in creating value for enterprise.
Payment Card Industry Data Security Standard (PCI DSS) International org that set standards on how orgs manage and secure systems and processes that store, process or transmit customer credit/debit card information.
ITIL (Information Technology Infrastructure Library) Set of practices for IT service management (ITSM) that focuses on aligning IT services with the needs of business. Underpins ISO 20000 (previously BS15000).
SANS Institute Established in 1989 as a cooperative research and education organization. Its programs now reach more than 165,000 security professionals around the world.
COSO (Committee of Sponsoring Organizations) Consortium of financial organiztations that provides frameworks and guidance on enterprise risk management, internal control and fraud deterrence.
ISO 31000 Standard to provide principles and generic guidelines on risk management.
ISACA International organization that engages in the development, adoption and use of globally accepted, industry-leading knowledge and practices for information systems.
CRAMM A software system designed to facilitate and expedite the ISO 27001 risk assessment process.