Compliance, Risk Management, and
Incident Response Overview
Privacy compliance - ANS Refers to the set of regulations, standards, and best practices that
organizations must adhere to in order to protect and manage the personal information and data
of individuals lawfully and ethically.
Data ownership - ANS Ownership of data refers to the possession of and control over data.
GDPR regulation framework - ANS Refers to the General Data Protection Regulation
framework, a regulation in EU law on data protection and privacy.
Monitoring - ANS The act of overseeing and checking compliance with regulations, standards,
or best practices.
Due diligence - ANS The care that a reasonable person exercises to avoid harm to other
persons or their property.
Due care - ANS The responsibility that a person has to act with a certain level of caution and
prudence to avoid harm to others or their property.
Non-compliance - ANS Failure to adhere to regulations, standards, or best practices.
Risk tolerance - ANS The degree of variability in outcomes that an organization is willing to
withstand.
Risk appetite - ANS The level of risk that an organization is prepared to accept in pursuit of its
objectives.
Risk analysis - ANS The process of identifying and assessing potential events that may
negatively impact an organization.
Risk register - ANS A document used to record information about identified risks.
Business impact analysis - ANS The process of evaluating the potential effects of disruptions to
critical business operations.
RPO - ANS Recovery Point Objective - the maximum tolerable period in which data might be
lost.
, MTBF - ANS Mean Time Between Failures - the average time between one failure and the next
in a system.
MTTR - ANS Mean Time To Repair - the average time taken to repair a failed component or
system.
Audits - ANS Systematic and independent examination of books, accounts, documents, and
vouchers of an organization.
Penetration testing - ANS A simulated cyberattack against a computer system to check for
exploitable vulnerabilities.
Incident response - ANS The process of managing and addressing security incidents when
they occur.
Digital forensics - ANS The process of uncovering and interpreting electronic data for use in a
court of law.
Order of volatility - ANS The sequence in which volatile data should be preserved and
examined.
Metadata - ANS Data that provides information about other data.
California Consumer Privacy Act (CCPA) - ANS Empowers California residents with control
over their personal information, including the right to know what data is collected, access,
deletion, and opt-out rights. Applicable to businesses meeting specific criteria.
Virginia Consumer Data Protection Act (CDPA) - ANS Enacted in 2021, grants Virginia
residents rights over their personal data, applicable to entities processing data of a minimum of
100,000 Virginia residents or deriving over 50% of their revenue from selling personal data.
Health Insurance Portability and Accountability Act (HIPAA) - ANS Focuses on healthcare data
privacy and security, mandating safeguards for electronic health records and patients' sensitive
information. Applies to healthcare providers, insurers, and business associates.
ASEAN Data Protection Framework - ANS A regional initiative harmonizing data protection
laws across Southeast Asia, emphasizing consent, purpose limitation, data minimization, and
security.
General Data Protection Regulation (GDPR) - ANS EU regulation granting individuals control
over their data, requiring clear consent for data collection, transparency, and data breach
notifications. Non-compliance can lead to substantial fines.
Incident Response Overview
Privacy compliance - ANS Refers to the set of regulations, standards, and best practices that
organizations must adhere to in order to protect and manage the personal information and data
of individuals lawfully and ethically.
Data ownership - ANS Ownership of data refers to the possession of and control over data.
GDPR regulation framework - ANS Refers to the General Data Protection Regulation
framework, a regulation in EU law on data protection and privacy.
Monitoring - ANS The act of overseeing and checking compliance with regulations, standards,
or best practices.
Due diligence - ANS The care that a reasonable person exercises to avoid harm to other
persons or their property.
Due care - ANS The responsibility that a person has to act with a certain level of caution and
prudence to avoid harm to others or their property.
Non-compliance - ANS Failure to adhere to regulations, standards, or best practices.
Risk tolerance - ANS The degree of variability in outcomes that an organization is willing to
withstand.
Risk appetite - ANS The level of risk that an organization is prepared to accept in pursuit of its
objectives.
Risk analysis - ANS The process of identifying and assessing potential events that may
negatively impact an organization.
Risk register - ANS A document used to record information about identified risks.
Business impact analysis - ANS The process of evaluating the potential effects of disruptions to
critical business operations.
RPO - ANS Recovery Point Objective - the maximum tolerable period in which data might be
lost.
, MTBF - ANS Mean Time Between Failures - the average time between one failure and the next
in a system.
MTTR - ANS Mean Time To Repair - the average time taken to repair a failed component or
system.
Audits - ANS Systematic and independent examination of books, accounts, documents, and
vouchers of an organization.
Penetration testing - ANS A simulated cyberattack against a computer system to check for
exploitable vulnerabilities.
Incident response - ANS The process of managing and addressing security incidents when
they occur.
Digital forensics - ANS The process of uncovering and interpreting electronic data for use in a
court of law.
Order of volatility - ANS The sequence in which volatile data should be preserved and
examined.
Metadata - ANS Data that provides information about other data.
California Consumer Privacy Act (CCPA) - ANS Empowers California residents with control
over their personal information, including the right to know what data is collected, access,
deletion, and opt-out rights. Applicable to businesses meeting specific criteria.
Virginia Consumer Data Protection Act (CDPA) - ANS Enacted in 2021, grants Virginia
residents rights over their personal data, applicable to entities processing data of a minimum of
100,000 Virginia residents or deriving over 50% of their revenue from selling personal data.
Health Insurance Portability and Accountability Act (HIPAA) - ANS Focuses on healthcare data
privacy and security, mandating safeguards for electronic health records and patients' sensitive
information. Applies to healthcare providers, insurers, and business associates.
ASEAN Data Protection Framework - ANS A regional initiative harmonizing data protection
laws across Southeast Asia, emphasizing consent, purpose limitation, data minimization, and
security.
General Data Protection Regulation (GDPR) - ANS EU regulation granting individuals control
over their data, requiring clear consent for data collection, transparency, and data breach
notifications. Non-compliance can lead to substantial fines.
