IS4550 CHAPTER 8 Flashcards
(40 cards)
A committee that deals with audit issues and non-finacial risks is called ___.
AUDIT COMMITTEE
An organization that developed a framework for validation internal controls and managing enterprise risks; focuses on finical operations and risk management is called ___.
COMMITTEE OF SPONSORING ORGANIZATIONS (COSO)
Relates to the impact on the business for failing to comply with legal obligations is called ___.
COMPLIANCE RISK
A widely accepted framework that brings together business and control requirements with technical issues is called ___.
CONTROL OBJECTIVES FOR INFORMATION AND RELATED TECHNOLOGY (COBIT)
A person that implements policies and procedures such as backup, versioning, uploading, downloading and database administration is called ___.
DATA ADMINISTRATOR
A person that grants access rights and assesses information security threats to organization is called ___.
DATA SECURITY ADMINISTRATOR
The owner of data and approver of access rights and is responsible for data quality is called ___.
DATA STEWARD
A framework that aligns strategic goals, operations effectiveness, reporting, and compliance objectives; not technology specific is called ___.
ENTERPRISE RISK MANAGEMENT (ERM)
A committee that helps align the security committee to organization goals and objectives is called ___.
EXECUTIVE COMMITTEE
Events that could potentially impact the business when it fails to provide adequate liquidity to meet its obligations is called ___.
FINANCIAL RISK
A set of tools that bring together the capabilities to systematically manage risk and policy compliance is called ___.
GOVERNANCE, RISK MANAGEMENT AND COMPLIANCE (GRC)
A role that deals with all aspects of information such as security, quality, definition, and availability; responsible for data quality is called ___.
HEAD OF INFORMATION MANAGEMENT
An individual accountable for identifying, developing, and implementing security policies and corresponding security controls is called ___.
INTERNATIONAL ORGANIZATION FOR STANDARDIZATION (ISO)
Having two or more layers of independent controls to reduce risk is called ___.
LAYERED SECURITY APPROACH
An organization that creates security guidelines on security controls for federal information systems is called ___.
NATIONAL INSTITUE OF STANDARDS AND TECHNOLOGY (NIST)
___ is a framework for information security assessment and planning consisting of tools, techniques, and methods.
OCTAVE
An event that disrupts the daily activities of an organization is called ___.
OPERATIONAL RISK
A committee that provides important information on the risk appetite of the organization and various businesses is called ___.
OPERATIONAL RISK COMMITTEE
Understanding risks and determining how much potential risk and related problems the business is willing to accept is called ___.
RISK APPETITE
A domain in the ISACA Risk IT framework that calls for analyzing risk and determining impact on the business is called ___
RISK EVALUATION
A domain in the ISACA Risk IT framework that ensures that risk management activity aligns with the business goals, objectives, and tolerances is called ___.
RISK GOVERNANCE
A domain in the ISACA Risk IT framework that specifies the ability to react so that risks are reduced and remedied in a cost-effective manner is called ___.
RISK RESPONSE
A committee that acts as a steering committee for the information security program is called ___.
SECURITY COMMITTEE
Underlying principle states that no individual should be able to execute a high-risk transaction or conceal errors or fraud in the normal course of their duties is called ___.
SEPARATION OF DUTIES (SOD)
