Key cybersecurity regulations and standards — Quiz

Key cybersecurity regulations and standards

1. What is the primary distinction between a cybersecurity regulation and an industry standard? (Choose one answer) a) Regulations are more expensive to implement than standards b) Regulations are created by international bodies, while standards are created by governments c) Regulations derive authority from law, while standards derive authority from contract or voluntary adoption d) Standards always require third-party audits, while regulations rely on self-assessment

2. Under the GDPR, what is the required time frame for an organization to notify the relevant supervisory authority after becoming aware of a personal data breach? (Choose one answer) a) 24 hours b) 72 hours c) 30 days d) 60 days

3. The Cybersecurity Maturity Model Certification (CMMC) is a unique framework because it: (Choose one answer) a) Is the only standard that applies to healthcare data b) Is voluntarily adopted by companies worldwide c) Is a government-mandated certification program that enforces a specific set of security controls for contractors d) Replaces the need for NIST SP 800-53 compliance for all businesses

4. The Computer Fraud and Abuse Act (CFAA) differs from regulations like HIPAA and FISMA because it primarily: (Choose one answer) a) Mandates specific technical controls for data protection b) Requires annual audits and reporting to a federal agency c) Establishes criminal penalties for prohibited acts like unauthorized computer access d) Applies only to organizations within a specific industry sector

5. Which requirement is a core component of the Payment Card Industry Data Security Standard (PCI DSS)? (Choose one answer) a) Conducting a government-led assessment every three years b) Performing quarterly external vulnerability scans by an Approved Scanning Vendor (ASV) c) Implementing a privacy-by-design framework for all products d) Submitting a System Security Plan (SSP) to the PCI Security Standards Council