CRISC Glossary (G - N) Flashcards
Governance
Ensures that stakeholder needs, conditions and options are evaluated to determine balanced, agreed-on enterprise objectives to be achieved; setting direction through prioritization and decision making; and monitoring performance and compliance against agreed-on direction and objectives
Scope note: Conditions can include the cost of capital, foreign exchange rates, etc. Options can include shifting manufacturing to other locations, subcontracting portions of the enterprise to third parties, selecting a product mix from many available choices, etc.
Governance enabler
Something (tangible or intangible) that assists in the realization of effective governance
Scope notes: COBIT 5 and 2019 perspective
Governance of enterprise IT
A governance view that ensures that information and related technology support and enable the enterprise strategy and the achievement of enterprise objectives; this also includes the functional governance of IT, i.e., ensuring that IT capabilities are provided efficiently and effectively.
Impact
Magnitude of loss resulting from a threat exploiting a vulnerability
Impact analysis
A study to prioritize the criticality of information resources for the enterprise based on costs (or consequences) of adverse events.
In an impact analysis, threats to assets are identified and potential business losses determined for different time periods. This assessment is used to justify the extent of safeguards that are required and recovery time frames. This analysis is the basis for establishing the recovery strategy.
Impact assessment
A review of the possible consequences of a risk
Scope notes: See also Impact analysis
Incident
Any event that is not part of the standard operation of a service and that causes, or may cause, an interruption to, or a reduction in, the quality of that service
Information security
Ensures that within the enterprise, information is protected against disclosure to unauthorized users (confidentiality), improper modification (integrity), and non-access when required (availability)
Information systems (IS)
The combination of strategic, managerial and operational activities involved in the gathering, processing, storing, distributing and use of information, and its related technologies
Scope notes: Information systems are distinct from information technology (IT) in that an information system has an IT component that interacts with the process components
Information technology (IT)
The hardware, software, communication and other facilities used to input, store, process, transmit and output data in whatever form
Infrastructure as a Service (IaaS)
Offers the capability to provision processing, storage, networks and other fundamental computing resources, enabling the customer to deploy and run arbitrary software, which can include operating systems (OSs) and applications
Inherent risk
The risk level or exposure without taking into account the actions that management has taken or might take (e.g. implementing controls)
Integrity
The guarding against improper information modification or destruction, and includes ensuring information nonrepudiation and authenticity
Intellectual property
Intangible assets that belong to an enterprise for its exclusive use
Internal controls
The policies, procedures, practices and organizational structures designed to provide reasonable assurance that the business objectives will be achieved and undesired events will be prevented or detected and corrected