What are the three types of compliance that the Open Source Security Testing Methodology Manual (OSSTMM) recognizes?
A. Legal, performance, audit
B. Audit, standards based, regulatory
C. Contractual, regulatory, industry
D. Legislative, contractual, standards based
EC-Council Certified Ethical Hacker v11Free dumps for 312-50v11 in Printable PDF format.High quality PDF and software. VALID exam to help you pass. |
The OSSTMM recognizes three types of compliance:
1. Legislative. Compliance with legislation is in accordance to the region where the legislation can be
enforced. The strength and commitment to the legislation comes from previously successful legal
arguments and appropriately set and just enforcement measures. Failure to comply with legislation may
lead to criminal charges. Examples are Sarbanes-Oxley, HIPAA, and the various Data Protection and
Privacy legislation.
2. Contractual. Compliance to contractual requirements are in accordance to the industry or within the
group that requires the contract and may take action to enforce compliance. Failure to comply with
contractual requirements often leads to dismissal from the group, a loss of privileges, loss of reputation,
civil charges, and in some cases where legislation exists to support the regulatory body, criminal charges.
An example is the payment card industry data security standard (PCI DSS) promoted and required by
VISA and MasterCard.
3. Standards based. Compliance to standards is in accordance with the business or organization where
the compliance to standards is enforced as policy. Failure to comply with standards often leads to
dismissal from the organization, a loss of privileges, a loss of reputation or brand trust, civil charges, and in
some cases where legislation exists to support the policy makers, criminal charges. Examples are the
OSSTMM, ISO 27001/5, and ITIL.
So, the answer is D
Legislative – deals with governmental regulations.
Contractual – deals with requirements that are enforced by an industry or group. PCI-DDs is an example.
Standards-based – deals with practices that are recommended and must be certified by and organization or group.