Chapter 2 Terms

Question 1

Acceptable Internet

Usage Policy

Answer 1

policy that prescribes the code of conduct that governs the behavior of a user while connected to the network/Internet

Question 2

Acceptable Use Policy (AUP)

Answer 2

a comprehensive policy that includes information for all information resources and describes the organizational permissions for the usage of IT and information-related resources

Question 3

Audit Trail

Answer 3

Provide a map to retrace the flow of a transaction

Question 4

Benchmarking

Answer 4

A systematic approach to comparing enterprise performance against peers and competitors in an effort to learn the best ways of conducting business

Question 5

Benefit Analysis (BA)

Answer 5

The user costs (or benefits) and business operational costs (or benefits) derived from the information system(s)

Question 6

Black Swan Events

Answer 6

Those events that are a surprise, have a major effect and after the fact are often inappropriately rationalized with the benefit of hindsight

Question 7

Budget

Answer 7

Allows for forecasting, monitoring and analyzing financial information

Question 8

Business

Alignment

Answer 8

Involves making the services provided by the corporate IT function more closely reflect the requirements and desires of the business users

Question 9

Business Continuity Policy

Answer 9

A document approved by top management that defines the extent and scope of the business continuity effort within the organization

Question 10

Business Impact

Analysis (BIA)

Answer 10

Used to evaluate the critical processes and to determine time frames, priorities, resources and interdependencies

Question 11

Business Process

Reengineering (BPR)

Answer 11

The thorough analysis and significant redesign of business processes and management systems to establish a better performing structure, more responsive to the customer base and market conditions, while yielding material cost savings

Question 12

Business Reference Model

Answer 12

a function-driven framework that describes the functions and sub-functions performed by the government, independent of the agencies that actually perform them

Question 13

Capability Maturity
Model Integration (CMMI)

Answer 13

a process improvement approach that provides enterprises with the essential elements of effective processes

Question 14

Chargeback

Answer 14

Provides all involved parties with a marketplace measure of the effectiveness and efficiency of the service provided by the information processing facility

Question 15

Cloud Computing

Answer 15

A model for enabling convenient, on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort or service provider interaction

Question 16

COBIT Process
Assessment Model (PAM)

Answer 16

developed to address the need to improve the rigor and reliability of IT process reviews

Question 17

Compliance Management

Answer 17

Focuses on implementing processes that address legal and regulatory policy and contractual compliance requirements

Question 18

Corporate Governance

Answer 18

a set of responsibilities and practices used by an organization’s management to provide strategic direction, thereby ensuring that goals are achievable, risk is properly addressed and organizational resources are properly utilized

Question 19

Data Classification Policy

Answer 19

policy that should describe the classifications, levels of control at each classification and responsibilities of all potential users including ownership

Question 20

Data Reference Model

Answer 20

a framework that describes the data and information that support program and business line operations

Question 21

Disasters

Answer 21

Disruptions that cause critical information resources to be inoperative for a period of time, adversely impacting organizational operations

Question 22

Enterprise Architecture (EA)

Answer 22

involves documenting an organization’s IT assets in a structured manner to facilitate understanding, management and planning for IT investments

Question 23

Federal Enterprise

Architecture (FEA)

Answer 23

a business and performance based framework to support cross-agency collaboration, transformation and government-wide improvement

Question 24

Governance of Enterprise IT (GEIT)

Answer 24

a system in which all stakeholders, including the board, senior management, internal customers and departments such as finance, provide input into the decision-making process

Question 25

Governance of

Outsourcing

Answer 25

The set of responsibilities, roles, objectives, interfaces and controls required to anticipate change and manage the introduction, maintenance, performance, costs and control of third-party provided services

Question 26

High-Level Information Security Policy

Answer 26

policy that includes statements on confidentiality, integrity, and availability

Question 27

Impact

Answer 27

The result of a threat agent exploiting a vulnerability

Question 28

Information

Security Governance

Answer 28

a subset of corporate governance that provides strategic direction for security activities and ensures that objectives are achieved, that risk is appropriately managed and enterprise information resources are used responsibly

Question 29

Information Security

Policy

Answer 29

communicates a coherent security standard to users, management and technical staff

Question 30

Information Security Program

Answer 30

a set of activities that provide assurance that information assets are given a level of protection commensurate with their value or the risk their compromise poses to the organization

Question 31

Initiating, Diagnosing, Establishing, Acting, and Learning (IDEAL) Model

Answer 31

forms an infrastructure to guide enterprises in planning and implementing an effective software process improvement program and consists of five phases

Question 32

Insourced

Answer 32

Fully performed by the organization’s staff

Question 33

Internal-Use

Software

Answer 33

Software that an entity has no substantive plans to market externally

Question 34

IT Balanced Scorecard

BSC

Answer 34

a process management evaluation technique that can be applied to the GEIT process in assessing IT functions and processes

Question 35

IT Resource Management

Answer 35

Focuses on maintaining an updated inventory of all IT resources and addresses the risk management process

Question 36

Key Performance Indicator (KPI)

Answer 36

A measure that determines how well the process is performing in enabling the goal to be reached

Question 37

Lean Six Sigma

Answer 37

Examines the measurement-oriented strategy focused on process improvement and defect reduction and the efficiency of these processes

Question 38

Life Cycle Cost-Benefit Analysis

Answer 38

The assessment of following element to determine strategic direction for IT enterprise systems and overall IT portfolio management

Question 39

Life Cycle Cost (LCC)

Answer 39

The estimated costs of maintenance/updates, failure, and maintaining interoperability with mainstream and emerging technologies

Question 40

Life Cycle (LC)

Answer 40

A series of stages that characterize the course of existence of an organizational investment

Question 41

Netiquette

Answer 41

a description of language that is considered appropriate to use while online

Question 42

Organizational Change

Management

Answer 42

Involves use of a defined and documented process to identify and apply technology improvements at the infrastructure and application level that are beneficial to the organization and involve all levels of the organization impacted by the changes

Question 43

Organizational Chart

Answer 43

Provides a clear definition of the department’s hierarchy and authorities

Question 44

Outsourced

Answer 44

Fully performed by the vendor’s staff

Question 45

Outsourcing

Answer 45

The mechanism that allows organizations to transfer the delivery of services to third parties

Question 46

Performance

Answer 46

The service perceived by users and stakeholders

Question 47

Performance

Measurement

Answer 47

the process of measuring, monitoring and reporting on information security processes to ensure that SMART (specific, measurable, attainable, realistic and timely) objectives are achieved

Question 48

Performance Optimization

Answer 48

The process of both improving perceived service performance along with improving information security productivity to the highest level possible without unnecessary, additional investment in the IT infrastructure

Question 49

Performance Reference Model

Answer 49

a framework to measure the performance of major IT investments and their contribution to program performance

Question 50

Plan, Do, Check, Act (PDCA)

Answer 50

An iterative four-step management method used in business for the control and continuous improvement of processes and products

Question 51

Policies

Answer 51

high-level documents that represent the corporate philosophy of an organization

Question 52

Procedures

Answer 52

documented, defined steps for achieving policy objectives

Question 53

Process Integration

Answer 53

the integration of an organization’s management assurance processes for security

Question 54

Qualitative Risk Analysis

Answer 54

Uses words or descriptive rankings to describe the impacts or likelihood

Question 55

Quality Assurance (QA)

Answer 55

A planned and systematic pattern of all actions necessary to provide adequate confidence that an item or product conforms to established technical requirements

Question 56

Quality Control (QC)

Answer 56

The observation techniques and activities used to fulfill requirements for quality

Question 57

Quantitative Risk

Analysis

Answer 57

Use numeric values to describe the likelihood and impacts of risk, using data from several types of sources

Question 58

Residual Risk

Answer 58

The remaining level of risk after controls have been applied

Question 59

Resource Management

Answer 59

the process of utilizing information security knowledge and infrastructure efficiently and effectively

Question 60

Risk Calculation

Answer 60

Probability of Occurrence x Magnitude of Impact

Question 61

Root Cause Analysis

Answer 61

The process of diagnosis to establish the origins of events

Question 62

Semi-Quantitative Risk Analysis

Answer 62

Descriptive rankings are associated with a numeric scale

Question 63

Service Component Reference Model

Answer 63

a functional framework that classifies the service components that support business and performance objectives

Question 64

Six Sigma

Answer 64

The implementation of a measurement-oriented strategy focused on process improvement and defect reduction

Question 65

Six Sigma Defect

Answer 65

Anything outside customer specifications

Question 66

Technical Reference Model

Answer 66

a framework that describes how technology supports the delivery, exchange and construction of service components

Question 67

Vulnerabilities

Answer 67

Characteristics of information resources that can be exploited by a threat to cause harm