1. How many questions are on the Consensus Assessment Initiative document?
2. Why are the number of questions far fewer that what you may ask if you had to cover each compliance standard individually?
3. How many control groups are there and what are they? (Hint: One is Human Resources)
4. What compliance standards and laws are listed?
5. Which standard deals with systems containing credit card data?
6. Which law deals with protected health information?
7. When would you need to be FedRAMP certified?
8. What is Sarbanes-Oxley (SOX) compliance?
9. Who does SOX apply to?
10. Which compliance standard is most often used to address SOX?
11. What is Gramm Leach Bliley Act (GLBA)?
12. Who does GLBA apply to?
13. Which compliance standard is most often used to address GLBA?
14. What is NERC-CIP?
15. Who does NERC-CIP apply to?
16. What is the importance of CID AAC-03.1 to cloud computing?
17. Which portion(s) of CIA does CID DSI-03.1 impact?
18. If you have logical controls (technical controls) why is DCS-08.1 important?
19. Why is IVS-03.1 important for security services? (Hint: Man in the Middle and Injection)
20. What is a good tool and standard to meet IVS-07.1? (Hint: You used then in Lab 2)
21. What laws and compliance standards should Bank of America be most concerned with? Why?
22. What laws and compliance standards should Amazon be most concerned with? Why?
23. What laws and compliance standards should American Airlines be most concerned with? Why?
24. What laws and compliance standards should Progress Energy be most concerned with? Why?
25. What laws and compliance standards should Walmart be most concerned with? Why?
26. What laws and compliance standards should Lockheed Martin be most concerned with? Why?
27. What laws and compliance standards should Twitter be most concerned with? Why?
28. What laws and compliance standards should Darden be most concerned with? Why?