CompTIA Security+ Exam Notes

CompTIA Security+ Exam Notes
Let Us Help You Pass

Tuesday, March 15, 2022

Regulations and Standards

 

Regulations and Standards to know for the exam

     NIST RMF: Supply chain risks
ISO 27001: Organization meets the security standards
ISO 27002: Classifies security controls
ISO 27017 & 27018: Cloud security
ISO 27701: Personal data & privacy
ISO 31000 / 31K: Risk assessments
GDPR: European Union / International Standards
·         Data owners, data controllers, data processors, & data protection officer
·         Data owner: responsible for determining how the data may be used
·         Data controller: responsible for the protection of privacy & website user rights
·         Data Protection Officer: Independent advocate for care & use of customer information, & responsible for ensuring the organization is complying with relevant laws
PCI DSS:
·         Credit cards
·         Assign a unique ID to each person with computer access
·         Regularly test security systems and processes
SSAE SOC reports:
·         SOC 2 Type I: Assess system design on a specific date
·         SOC 2 Type 2: Identifies the effectiveness of security controls over a date range