Govern This
This defines what is acceptable for users to do on a network
What is an Acceptable Use Policy AUP?
This is the cost of a single event that could occur from a risk
What is a Single Loss Expectancy SLE?
This is done to thoroughly verify an outside vendor's financial stability, reputation, security practices, and compliance with regulations before engaging in a business agreement
What is Due Dilligence?
This is when an outside organizations vouches for your compliance status
What is Attestation?
This specifies secure practices for developing, testing, and maintaining software to ensure security is integrated throughout the development lifecycle
What is Software Development Lifecycle SDLC?
You're not far off if you guessed DevSecOps, it's the idea that drives this lifecycle.
This is calculated by taking the SLE and multiplying it by the ARO
What is the Annualize Loss Expectancy ALE?
This agreement defines the services that will be performed as well as penalties for failing to deliver that service as promised
What is a Service Level Agreement SLA?
This allows individuals to request their personal data be removed from a database
What is the Right to be Forgotten? Applies mostly to GDPR and non-US regulations
This defines authorizations based on the job a person does with a company
What is Role-Based Access Control RBAC?
This document identifies and evaluates the impact of potential incidents or disruptions to a business due to a risk
What is a Business Impact Analysis BIA?
This states the specific tasks that a vendor is performing under a broader contract, has to do with individual jobs or small groups of jobs
What is a Work Order or Statement of Work WO/SOW? Think invoicing for the actual job, not just what is supposed to be done
Type of audit done by third parties to ensure compliance with regulations or standards
What is an External Audit?
These individuals or groups are ultimately responsible for the protection and management of data or systems
What is a Data Owner?
This is the maximum time allowable to restore a system or service after a disruption
What is Recovery Time Objective RTO?
This contract outlines the responsibilities of business partners, especially in regulated industries
What is a Business Partners Agreement BPA?
This type of penetration testing focuses on the ability to detect and respond to attacks
What is Defensive Penetration Testing (Blue Team)?
These individuals are responsible for the day to day handling of data management, including storage, backups, and security
What is a Data Custodian or Steward?
What is Mean Time to Repair MTTR?
These may prevent a vendor's ability to perform their duties in an impartial manner due to overlapping relationships
What are Conflicts of Interest?
A type of penetration testing where the tester has full knowledge of the system environment
What is Known Environment testing (white box testing)?