Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

ISC > s2-m4 > Flashcards

s2-m4 Flashcards

(57 cards)

Start Studying
1
Q

Steps in the Change Management Process

A
  1. Indentify and define the need for system changes
  2. Design a high level plan including goals to be achieved because of the system change
  3. Obtain approval from management
  4. Develop an appropriate budget and timeline
  5. Assign personnel responsible for managing the system
  6. Identify and address potential risks that could occur during the change or post implementation
  7. Provide an implementation road map
  8. Procure necessary resources and train the appropriate perssonel
  9. Test the system change
  10. Execute the implementation plan
  11. Review and monitor change implementation and test as needed
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
1
Q

What is change managment?

A

The term used to describe the policies , procedures, and resources employed to govern change in an organization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Development Environment

A

software programmers write code to create application prototyped. Typically a source code editing tool which is used to create and modify code syntax

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Testing Environment

A

developers test and debug code to identify errors that need to be corrected. May be same has dev environment but some orgs keep separate to focus on debugging

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Staging Environment

A

Orgs can test programs that are in their final phases of development

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Disaster Recovery Environment

A

Orgs set up a disaster recovery environment to ensure that applications can be restored quickly, save critical data and systems, notify management, and recover in the event of an outage

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Lack of Expertise

Selection and Acquistion Risks

A

Risk that the purchasing agent does not have expertise or organizational perspective to purchase software that meets the needs of the org

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Lack of a formal Selection and Acquisition Process

Selection and Acquistion Risks

A

risk that org does not have or does not follow formal selection and acquisition processes it pertains to software. can result in overspending or software does not align with IT gov strat

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Software/Hardware Vulnerability and Incompatibility

Selection and Acquistion Risks

A

risk that proper safeguards and security features that are need to adequately protect organization from unauthorized use do not exist

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Service Organizations Perspective

SOC 2 Guidance

A

perform annual risk assessments to determine whether identified risks and controls linked to those risks are adequate

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Service Auditors Perspective

SOC 2 Guidance

A

Obtain and inspect the annual risk assessment performed by the service organization to determine that new controls were implemented to address risks not sufficiently addressed by existing controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

User Resistance

Integration Risks

A

resistance to adopt change by employees results in ignoring training and ultimately do not follow through with change

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Lack of Management Support

Integration Risks

A

if management does not provide both resources and adequate support this could magnify existing employee resistance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Lack of Stakeholder Support

Integration Risks

A

stakeholders involved in change may range from employees to suppliers to customers any of which may have adverse reaction or disposition toward change

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Rsource Concerns

Integration Risks

A

change can be resource intensive. Appropriate resources may not be made available for chang

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Business Disruption

Integration Risks

A

changes to IT infrastructure, there is the potential for brief or prolonged information system failures

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Lack of System Integration

Integration Risks

A

organizations may operate many different systems, some of which may be legacy systems that do not effectively adapt or integrate with more modern systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Lack of Org Knowledge

Outsourcing Risk

A

must rely on third party to fully comprehend the organizationsbusiness model and needs so the third party can integrate taht change into the organizaton without causing dirsruption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Uncertainty of the Third Partys Knowledge and Managment

Outsourcing Risk

A

a risk taht the external party has ineffective or weak managment, inexperienced or underqualifed staff, and a lack of technology expertise

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Lack of Security

Outsourcing Risk

A

can lead to transmission of sensitive and confidential data. There is a risk that an external orgainzation does not have sufficient or effective safeguardst to make sure that clinet, customer, emnployee info is kept secure

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Policies and Procedures

Change Mangment Control

A

Clear change management guidelines are needed to outline how the change management process should be executed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Emergency Change Policies

Change Mangment Control

A

Separate contingency policies and procedures provide direction for emergency change situations that allow for an expedited process that still l maintain an audit trail and appropriate controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Standardized Change Requests

Change Mangment Control

Study These Flashcards
A

Standardized Change Requests by using consistent forms and request protocols helps complete all required changes in a timely fashion

23
Q

Impact Assessment

Change Mangment Control

Study These Flashcards
A

analysis documenting the effect change will have on the organizations business activities as well as any potential disruptions will help prepare an organization for successful implementation

24
Authorization | Change Mangment Control
requiring designated levels of authorization for changes, including material modifications to the initial change plan, is necessary to protect against unauthorized modification to a projects scope
25
Segregation of Duties | Change Mangment Control
segregating job roles will help protect assets or information from being utilized improperly
26
Conversion Controls | Change Mangment Control
when migrating form an existing system or process to the new ones, conversion controls help minimize data conversion errors related to the impacted IT assets
27
Reversion Access | Change Mangment Control
Some changes may cause unexpected complications; therefore it is important to have the ability to revert to the prior system
28
Pre-Implementation Testing | Change Mangment Control
before moving the change into production, testing will help determine if the change is functioning properly and there are no irregularities
29
Post-Implementation testing | Change Mangment Control
after the change is made into production, reconciling transactions processed in the new environment against the same transactions that were processed in the previous environment
30
Ongoing Monitoring | Change Mangment Control
Continuous periodic reviews after implementation will promote long term success
31
What are the annual risk assessment process that should be evaluated? | Trust service criteria for SOC 2
* the economic, regulatory, and physical environment in which the company operates * business environment, industry, competition, and consumer dynamics * the effect of how new lines of business, modified lines, expanding through acquisition, or downsizing through divesting can affect internal control * managements attitude toward internal controls * changes in tech environment * partnerships with vendors
32
Baseline Configuration
The start of documenting changes to a system. Establishing a starting point for reconfigurations so that changes are deployed in a consistent and secure environment
32
System Component Inventory
a list of items that comprise a system including hardware, software, peripherals, and other IT assets
33
Acceptance Criteria
Help enhance the likelihood that changes to systems or processes are clear and concise, properly tested prior to implementation, documented, approved, evaluated, and reviewed. Measurable and specific so that change can be objectively evaluated
34
Performance | Acceptance Criteria
Quantitatively, this may be measured using metrics such as newly configured systems uptime, downtime, or speed in terms of seconds or minutes. If assessed qualitatively, this could simply be a rating by a testing panel of perceived performance
35
Functionality | Acceptance Criteria
qualitative and assess whether an application or infrastructure component performs a target function and how efficient or practical it is to use the system in its intended environment.
36
Scalability | Acceptance Criteria
The ease of the systems ability to scale up or down would be quantitatively measured by using such metrics as the max numbered of transactions that can be processed
37
Compliance | Acceptance Criteria
May be measured by an objective qualitative assessment that renders a yes or no verdict of compliance
38
Logging
The process of recording events into logs or databases so that organization can track activities that occur on a system
39
The Waterfall Model
Characterized by different teams of employees performing separate tasks in sequence, with each team beginning work from the pre written authoritative agreement of the preceding team and then ending work when the business requirements for the team have been met
40
Waterfall Challenges
- a lot of time to complete - benefits are not realized until completion - no customer input and change can be difficult to manage - employees may be idle before beginning or after completing
41
The Agile method
Characterized by cross functional teams, each dedicated to particular functions or improvements of a system drawn from a prioritized list of customers remaining needs for the system
42
The Agile Principles
1. Satisfy the customer with early and continuous delivery of highest priority features 2. Welcome change 3. Deliver working software frequently 4. complete only the work requested 5. Conduct short, frequent, and regular meetings to maintain focus
43
Patch Managment
systematic process of identifying specific vulnerabilities or software bugs in operating systems or applications and addressing them with patches or fizes between release
44
An effective patch management includes
* Evaluating new patch releases * using a vulnerability tool * testing patches in a test environment * approving and deploying patches * verifying patches deployed
45
Direct | System Conversion Method
Involves ceasing the use of the old system and starting the new one immediately
46
Parallel | System Conversion Method
The new system is implemented while the old system is still in use for an extended period of time with this conversion method
47
Pilot | System Conversion Method
organization performs conversion on a small scale within a test environment wile continuing to use the older system
48
Phased | System Conversion Method
this transition plan gradually adds volume to the new system while operating the old system
49
Hybrid | System Conversion Method
Custom combinations of the other approaches tailored to the needs
50
A Change Advisory Board
recommended to be in place so that organizations can adequality plan for change and respond to unwanted change outcomes
51
Rollback
Require a complete inventory of system configurations for application and operating systems so that systems can be restored to a state that existed prior to change
52
Unit Testing
The process of examining the smallest increment, or unit, of an application. Unit testing can be broken down by function so that developers evaluate units of code that perform specific tasks as the application is being developed
53
Integration testing
thread testing or string testing, performed after unit testing to enhance the likelihood that different components or modules within an application will work cohesively once all units are integrated
54
System testing
verifies that all combined modules of a completed application work as designed in totality. Focuses on overall functionality
55
Acceptance Testing
developers asses an application to determine whether it meets end user requirements. may involve beta testing

ISC (18 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions