Written by students who passed Immediately available after payment Read online or as PDF Wrong document? Swap it for free 4.6 TrustPilot
logo-home
Exam (elaborations)

ISC 1 Regulations, Standards, and Frameworks Exam Questions with Complete Answers

Rating
-
Sold
-
Pages
10
Grade
A+
Uploaded on
15-09-2025
Written in
2025/2026

ISC 1 Regulations, Standards, and Frameworks Exam Questions with Complete Answers

Institution
ICS
Course
ICS

Content preview

ISC 1 Regulations, Standards, and
Frameworks Exam Questions with
Complete Answers
Framework Profiles - ANSWER-mechanisms by which NIST recommends
companies measure cybersecurity risk and can establish roadmap to minimize such
risk

- can be thought as implementation guides with insight specific to a particular
industry

-NIST recommends organizing framework profiles into a current profile, target profile,
and a gap-analysis

Privacy Framework - ANSWER-protect individuals data as used in data processing
applications

similar structure to NIST CSF and it expresses control objectives in the form of a
Framework core and there is a degree of overlap to to NIST CSF

8 functions for the privacy framework (same 5 as CSF) and : - ANSWER-Govern:
best governance structure for privacy risks
Control: best management structure for privacy risks
Communicate: should organization drive dialogue around privacy risks

Framework Profiles and Implementation Tiers - ANSWER-operate identically to NIST
CSF framework profiles and this framework recommends creating a current and
target profile and developing a gap analysis and roadmap for improvement

Tiers also mirror those found in NIST CSF

NIST Security and Privacy Controls (NIST SP 800-53) for Info Systems and
Organizations - ANSWER-controls applicable to all info systems and has become
standard for federal info security systems

- stricter standard than the other two and controls are designed for protecting info
systems against sophisticated threats

Purpose is to help organizations identify the security and privacy controls needed to
manage risk

NIST SP 800-53 Target audience - ANSWER-individuals with: system oversight
responsibilities, system development responsibilities, logistical or disposition related

, responsibilities, security and privacy implementation responsibilities and assessment
and monitoring responsibilities

Three control implementation approaches that NIST SP 800-53 implements on a
per-control basis: - ANSWER-1. Common (Inheritable): implement controls at
organization level

2. System-specific: implement controls at info system level

3. Hybrid: implement at organization level where appropriate and remainder at info
system level

Privacy Laws - ANSWER-exist to protect an individual's private life and keep
personal details out of the public domain

Privacy laws regulate how those entrusted with private info must collect, process,
maintain, and disclose it

Data breaches - ANSWER-exposure of confidential info to unauthorized persons and
there are 2 categories:

1. Unintentional: results from negligence or error
2. Intentional: results from bad actors illegally gaining access to data

Health Insurance Portability and Accountability Act (HIPPA) - ANSWER-adopts
national standards promoting health care privacy and security

applies to specific health care-related entities and businesses and includes the
following:
- health care providers, health plans, etc.

Privacy Ryle permits a covered entity to use and disclose PHI: - ANSWER--to the
individual
- for treatment, payment, and health care operations
- with valid authorization
- for public interest and benefit activities provided by the law

HIPPA requires safeguards for covered entities or business associates, including: -
ANSWER-1. Administrative Safeguards: security management processes, workforce
security, contingency plans

2. Physical Safeguards: facility access controls, workstation use, etc.

3. Technical Safeguards: access controls, audit contrls, data integrity controls

General Data Protection Regulation (GDPR) - ANSWER-provides circumstances
when it is lawful to process personal data, such as with proper consent or when
complying with legal obligation and applies to:

- data processors based in EU

Written for

Institution
ICS
Course
ICS

Document information

Uploaded on
September 15, 2025
Number of pages
10
Written in
2025/2026
Type
Exam (elaborations)
Contains
Questions & answers

Subjects

$18.99
Get access to the full document:

Wrong document? Swap it for free Within 14 days of purchase and before downloading, you can choose a different document. You can simply spend the amount again.
Written by students who passed
Immediately available after payment
Read online or as PDF


Also available in package deal

Get to know the seller

Seller avatar
Reputation scores are based on the amount of documents a seller has sold for a fee and the reviews they have received for those documents. There are three levels: Bronze, Silver and Gold. The better the reputation, the more your can rely on the quality of the sellers work.
lectknancy Boston University
Follow You need to be logged in order to follow users or courses
Sold
326
Member since
2 year
Number of followers
27
Documents
26133
Last sold
6 days ago

3.7

79 reviews

5
38
4
13
3
11
2
4
1
13

Recently viewed by you

Why students choose Stuvia

Created by fellow students, verified by reviews

Quality you can trust: written by students who passed their tests and reviewed by others who've used these notes.

Didn't get what you expected? Choose another document

No worries! You can instantly pick a different document that better fits what you're looking for.

Pay as you like, start learning right away

No subscription, no commitments. Pay the way you're used to via credit card and download your PDF document instantly.

Student with book image

“Bought, downloaded, and aced it. It really can be that simple.”

Alisha Student

Working on your references?

Create accurate citations in APA, MLA and Harvard with our free citation generator.

Working on your references?

Frequently asked questions