COURSE 3 – CYBERSECURITY COMPLIANCE FRAMEWORK & SYSTEM ADMINISTRATION
Module 1: Compliance Frameworks and Industry Standards
IBM CYBERSECURITY ANALYST PROFESSIONAL CERTIFICATE
Complete Coursera Study Guide
INTRODUCTION – Compliance Frameworks and Industry Standards
In this module, you will delve into the significance of comprehending compliance frameworks and industry standards within the realm of cybersecurity. Exploring additional resources provided by entities such as the National Institute of Standards and Technology, the American Institute of CPAs, and the Center for Internet Security will be a focal point.
Furthermore, you’ll gain insights into various industry standards pertinent to healthcare and payment card industries.
Learning Objectives
- Describe the Center for Internet Security (CIS) Critical Security Controls®, including control types and implementation groups
- Describe some of the PCI DSS’s most unique requirements
- Explain the Payment Card Industry Data Security Standard (PCI DSS), including its goals, scope, and audit process
- Describe HIPAA’s Privacy Rule and Security Rule
- Define covered entity, business associate, and protected health information (PHI) in the context of HIPAA
- Explain why organizations in and outside the U.S. comply with the Health Insurance Portability and Accountability Act (HIPAA)
- Summarize the importance of continuous monitoring between cybersecurity compliance audits
- Describe the criteria used in a SOC audit
- Discuss typical Trust Service Principles used to define a SOC 2 report’s scope
- Differentiate between Type 1 and Type 2 SOC reports
- Contrast SOC 1, SOC 2, and SOC 3 reports
- Explain the purpose and benefits of System and Organizational Controls (SOC) reports
- Summarize basic aspects of the International Organization for Standardization (ISO) 27001 standard
- Describe the requirements for privacy and data protection contained in the General Data Protection Regulation (GDPR)
- Summarize what the National Institute of Standards and Technology (NIST) does
- Describe the Computer Fraud and Abuse Act
- Explain each step of the typical process for verifying cybersecurity compliance
- Discuss the two main categories of cybersecurity compliance
- Describe the specific checklist of security controls
- Contrast security, privacy, and compliance in the context of cybersecurity
- Describe the cybersecurity challenges that organizations face that require compliance and regulation
- Define events, attacks, and incidents in the context of cybersecurity
COMPLIANCE AND REGULATIONS FOR CYBERSECURITY
1. Which of the bad guys are described as “They are “in” an organization but are human and make mistakes”?
- Malicious Insiders
- Inadvertant Actor (CORRECT)
- Employees
- Outsiders
Correct, these bad guys typically inadvertently open and email, etc.
2. Which is NOT one of the security controls?
- Testing (CORRECT)
- Technical
- Physical
- Operational
Correct, this is NOT one of the security controls.
3. What year did the European Union start enforcing GDPR?
- 2018 (CORRECT)
- 2017
- 2016
- 2014
Correct, the GDPR came into effect in May of 2018.
4. Which three (3) of these obligations are part of the 5 key GDPR obligations?
- Accountability of Compliance (CORRECT)
- Security of Public Data
- Consent (CORRECT)
- Rights of EU Data Subject (CORRECT)
Partially correct, this is one of 3 key GDPR obligations.
SYSTEM AND ORGANIZATION CONTROLS REPORT (SOC) OVERVIEW
1. Which is the foundational principle that everyone will get during a SOC audit?
- Privacy
- Availability
- Security (CORRECT)
- Confidentiality
Correct, this is the single foundational principle everyone will get.
INDUSTRY STANDARDS
1. The HIPAA security rule requires covered entites to maintain which two (2) reasonable safeguards for protecting e-PHI?
- Informational
- Technical (CORRECT)
- Operational
- Physical (CORRECT)
Partially correct, this is one of two HIPAA security rule safeguards.
2. HIPAA Administrative safeguards include which two (2) of the following?
- Security Personnel (CORRECT)
- Workforce Training and Management (CORRECT)
- Access Controls
- Integrity Controls
Partially correct, this is one of the administrative safeguards.
Partially correct, this is one of the administrative safeguards.
3. PCI includes 264 requirements grouped under how many main requirements?
- 5
- 10
- 12 (CORRECT)
- 20
Correct, PCI includes 12 main requirements.
CIS CRITICAL SECURITY CONTROLS
1. If you are a mature organization, which CIS Controls Implementation Group would you use?
- Implementation Group 3 (CORRECT)
- Implementation Group 1
- Do not need a controls implementation group due to maturity of my organization
- Implementation Group 2
Correct, Implementation Group 3 is for mature organizations.
COMPLIANCE FRAMEWORKS AND INDUSTRY STANDARDS
1. A security attack is defined as which of the following?
- An event on a system or network detected by a device.
- An event that has been reviewed by analysts and deemed worthy of deeper investigation.
- An event that has been identified by correlation and analytics tools as a malicious activity. (CORRECT)
- All cybersecurity events.
2. Which order does a typical compliance process follow?
- Readiness assessment, establish scope, testing/auditing, management reporting, gap remediation
- Establish scope, readiness assessment, testing/auditing, management reporting, gap remediation
- Readiness assessment, establish scope, gap remediation, testing/auditing, management reporting
- Establish scope, readiness assessment, gap remediation, testing/auditing, management reporting (CORRECT)
3. Under GDPR, who determines the purpose and means of processing of personal data?
- Controller (CORRECT)
- Analyst
- Processor
- Data Subject
4. Under the International Organization for Standardization (ISO), which standard focuses on Privacy?
- ISO 27003
- ISO 27018 (CORRECT)
- ISO 27017
- ISO 27001
5. Which SOC report is closest to an ISO report?
- Type 1 (CORRECT)
- Type 2
- Type 1 and Type 2
- Type 3
6. What is an auditor looking for when they test the control for implementation over an entire offering with no gaps?
- Completeness (CORRECT)
- Accuracy
- Timeliness
- Consistency
7. Who is the governing entity for HIPAA?
- Cyber Security and Infrastructure Security Agency (CISA)
- Department of Homeland Security
- US Department of Health and Human Services Office of Civil Rights (CORRECT)
- US Legislature
8. One PCI Requirement is using an approved scanning vendor to scan at what frequency?
- Weekly
- Monthly
- Quarterly (CORRECT)
- Annually
9. In which CIS control category will you find Incident Response and Management?
- Advanced
- Basic
- Organizational (CORRECT)
- Foundational
CONCLUSION – Compliance Frameworks and Industry Standards
In summary, this module underscores the importance of grasping compliance frameworks and industry standards in cybersecurity.
By exploring resources from NIST, the American Institute of CPAs, and the Center for Internet Security, as well as delving into industry standards for healthcare and payment card sectors, you’ve gained crucial insights. This knowledge equips you to navigate cybersecurity compliance effectively and contribute to protecting digital systems and data.
Subscribe to our site
Get new content delivered directly to your inbox.
Quiztudy Top Courses
Popular in Coursera
- Google Advanced Data Analytics
- Google Cybersecurity Professional Certificate
- Meta Marketing Analytics Professional Certificate
- Google Digital Marketing & E-commerce Professional Certificate
- Google UX Design Professional Certificate
- Meta Social Media Marketing Professional Certificate
- Google Project Management Professional Certificate
- Meta Front-End Developer Professional Certificate
Liking our content? Then, don’t forget to ad us to your BOOKMARKS so you can find us easily!
