What does NIST stand for and what is the organization’s Focus and Scope?
NIST (National Institute of Standards and Technology) - Detailed cybersecurity controls and standards.
Focus: Primarily cybersecurity and information security risk management.
Scope: Provides detailed technical standards and guidelines for securing information systems, including controls, privacy, and risk management.
What does COBIT stand for and what is the organization’s Focus and Scope?
COBIT (Control Objectives for Information and Related Technologies) - IT governance and management framework aligning IT with business.
Focus: IT governance and management.
Scope: Provides a comprehensive framework for managing and governing enterprise IT, aligning IT goals with business objectives.
What does COSO stand for and what is the organization’s Focus and Scope?
COSO (Committee of Sponsoring Organizations) - Enterprise-wide internal control and risk management framework, including compliance and operational objectives.
Focus: Enterprise risk management, internal controls, and fraud deterrence.
Scope: Broader than IT; focuses on overall internal control systems and risk management across the entire organization, including operations, reporting, and compliance.
What does PCI DSS stand for and what is the organization’s Focus and Scope?
PCI DSS (Payment Card Industry Data Security Standard) - Standards for protecting payment card data
Focus: Protect payment card data during processing, storage, and transmission.
Scope: Applies to all entities handling cardholder data, including merchants, banks, and processors.
What does HIPAA stand for and what is the organization’s Focus and Scope?
HIPAA (Health Insurance Portability and Accountability Act) - Security and privacy rules for healthcare data
Focus: Protect personal data privacy and ensure lawful, fair processing.
Scope: Applies to any organization processing personal data of EU residents, regardless of location.
What does GDPR stand for and what is the organization’s Focus and Scope?
GDPR (General Data Protection Regulation) - EU data privacy and protection regulations
Focus: Protect privacy and security of protected health information (PHI).
Scope: Applies to covered entities and business associates handling PHI in healthcare.
What does CIS stand for and what is the organization’s Focus and Scope?
Center for Internet Security (CIS) Controls (Version 8) - Critical security controls for cybersecurity best practices
Focus: Provide prioritized best practices and safeguards to strengthen an organization’s cybersecurity defenses.
Scope: Applicable to organizations of all sizes, tailored through Implementation Groups (IG1, IG2, IG3) based on cybersecurity maturity and risk profile.
What are the three overarching categories that structure COBIT 2019?
Governance system principles guide how to govern IT effectively within an organization. They focus on designing and running a governance system that delivers value, is holistic, dynamic, tailored, and clearly separates governance from management.
Governance framework principles guide how the COBIT framework itself is structured and maintained. They ensure the framework is conceptually sound, flexible, and aligned with other standards so it can be widely adopted and adapted.
Domains in COBIT organize the specific governance and management objectives that put these principles into practice. The governance domain (Evaluate, Direct, and Monitor - EDM) focuses on oversight by the board, while the management domains (Align, Plan, and Organize; Build, Acquire, and Implement; Deliver, Service, and Support; Monitor, Evaluate, and Assess) cover the operational activities that support governance.
What are the six main frameworks tested on the ISC exam and what are they for?
COSO INTEGRATED FRAMEWORK: 5 General best practices for designing, implementing, & operating controls that support reporting, operational, and compliance objectives.
COSO ERM (AND CLOUD COMPUTING 8 items): List of 5 topics that provide a roadmap for companies to manage risk.
CIS: 18 Specific controls that support cybersecurity objectives.
COBIT: (7 Guidelines and 1 Governance Domain / 4 Management Domains) Comprehensive set of best practices and guidelines that help organizations govern and manage their IT in a way that aligns with business goals, ensures effective risk management, and maintains strong governance oversight.
NIST CSF: 6 General best-practice activities/functions that organizations should perform to manage cybersecurity and cyber risk effectively
- Govern (set strategy and policies)
- Identify (understand assets and risks)
- Protect (implement safeguards)
- Detect (discover cybersecurity events)
- Respond (contain and mitigate incidents)
- Recover (restore normal operations)
NIST SPF (800-53): 8 functions functions that guide organizations in managing privacy risks related to data processing. (Identify-P, Govern-P, Control-P, Communicate-P, Protect-P, Detect, Respond, Recover)
-
Final Review - Weak Areas42
-
COSO ERM12
-
COSO ERM for Cloud Computing19
-
COSO ERM (+Cloud Computing)13
-
NIST PF Rapid Fire20
-
NIST SPF 800-398
-
COBIT Domains40
-
COBIT Design Factors Rapid Fire25
-
COBIT Framework25
-
Threats and Attacks Rapid Fire78
-
Information Systems Rapid Fire37
-
Network Security Definitions62
-
Trust Services Rapid Fire27
-
Network Infrastructure Definitions29
-
Cloud Services Definitions19
-
Data & Analytics18
-
SOC Controls2
-
SOC Reporting10
-
Safeguards8
-
Change Management31
-
Open Systems Interconnection (OSI)30
-
Frameworks9
-
Business Resiliency9
-
General Controls Definitions14
-
Framework Identification45
-
Disaster Recovery Plan11
-
COSO4
-
COSO IF Rapid Fire20
-
PCI DSS7
-
GDPR Drills12
-
CIS Rapid Fire54
-
Center for Internet Security (CIS) Rapid Fire55
-
CIS Simplified8
-
COBIT Very Simple5
-
COBIT Framework/System Principles20
-
COBIT Design Factors23
-
NIST CSF Rapid Fire20
-
NIST Very Simple5
-
Resiliency, Continuity, and Recovery9
-
Business Impact Analysis (BIA)15
-
Incident Response Plan (IRP)16
-
BIA & IRP Metrics22
-
NIST CSF + PF Table35
