Information Security and Governance Flashcards Preview

CISSP Exam Prep > Information Security and Governance > Flashcards

Flashcards in Information Security and Governance Deck (12)
Loading flashcards...
1
Q

What is CobiT?

A

The Control Objectives for Information and related Technology (CobiT)

It is a framework and set of best practices developed by the Information Systems Audig and Control Association (ISACA) and the IT Governance Institute (ITGI).

It defines goals fo rthe controls that should be used to properly manage IT nad to ensure that IT maps to business needs.

CobiT is broken down into 4 domains.

2
Q

Access Controls

A

Access controls are use to permit/deny users from accessing data, which helps to protect its integrity.

3
Q

Masquerading

A

Masquerading is a term that describes a person who pretends to be an authorized user to circumvent established controls.

4
Q

Asset

A

Any resource of value to the organization

5
Q

Threat

A

Potential danger to an asset should a threat-agent take advantage of an asset’s vulnerability.

6
Q

Threat-source / Threat-agent

A

Anyone or anything that has the potential to cause a threat.

7
Q

Vulnerability

A

A flaw or weakness of an asset. Assessment of whether you’re susceptible to a threat. Something that can be controlled.

8
Q

Asset Exposure Factor

A

An asset’s exposure factor (EF) is its degree or percent of damage that would be realized in the event of a disaster. EF is used to calculate a single loss expectancy.

9
Q

4 Domains of CobiT

Control Objectives for Information and related Technology

A

Plan and organize
Acquire and implement
Deliver and support
Monitor and Evaluate

10
Q

Data Owner

A

Data owners decide:

  • decide how data sets are classified
  • how data is protected
  • ensures the agreed upon mechanisms are in place and working
  • typically department heads
11
Q

6 CobiT Elements

A

CobiT provides

  • Control objectives
  • Control practices
  • goal indicators
  • performance indicators
  • success factors
  • maturity models
12
Q

Exposure Factor (EF)

A

An asset’s EXPOSURE FACTOR is its degree or percent of damage that would be realized in the event of a disaster.