Domain 2 Flashcards

1
Q

BCP testing

A

After a tabletop exercise has been performed, the next step would be a functional test, which includes the mobilization of staff to exercise the administrative and organizational functions of a recovery.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

tabletop testing

A

the primary purpose of tabletop testing is to practice proper coordination because it involves all or some of the crisis team members and is focused more on coordination and communication issues than on technical process details.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Functional testing

A

Functional testing involves mobilization of personnel and resources at various geographic sites. This is a more in-depth functional test and not primarily focused on coordination and communication.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

A paper test

A

A paper test (sometimes called a deskcheck) is appropriate for testing a BCP. It is a walk-through of the entire BCP, or part of the BCP, involving major players in the BCP’s execution who reason out what may happen in a particular disaster.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

IT balanced scorecard (BSC)

A

Because a BSC is a way to measure performance, a definition of key performance indicators is required before implementing an IT BSC. An IT balanced scorecard (BSC) provides the bridge between IT objectives and business objectives by supplementing the traditional financial evaluation with measures to evaluate customer satisfaction, internal processes and the ability to innovate.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

IS auditor interviews key stakeholders in an organization to determine whether they understand their roles and responsibilities

A

The IS auditor should interview key stakeholders to evaluate how well they understand their roles and responsibilities. When all stakeholders have a detailed understanding of their roles and responsibilities in the event of a disaster, an IS auditor can deem the business continuity plan to be clear and simple

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

capability maturity model (CMM)

A

predictable software processes are followed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

quality management system (QMS)

A

Continuous and measurable improvement of quality is the primary requirement to achieve the business objective for the quality management system (QMS).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

effectiveness of the business continuity plan.

A

Previous test results will provide evidence of the effectiveness of the business continuity plan.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

After completing the business impact analysis (BIA), what is the NEXT step in the business continuity planning (BCP) process

A

Once the business impact analysis (BIA) is completed, the next phase in the BCP development is to identify the various recovery strategies and select the most appropriate strategy for recovering from a disaster that will meet the time lines and priorities defined through the BIA.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

transparency

A

Performance measurement includes setting and monitoring measurable objectives of what the IT processes need to deliver (process outcome) and how they deliver it (process capability and performance).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

preparedness test

A

A preparedness test is performed by each local office/area to test the adequacy of the preparedness of local operations for disaster recovery.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

IT performance measurement process

A

An IT performance measurement process can be used to optimize performance, measure and manage products/services, assure accountability and make budget decision

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

highest level of the software capability maturity model (CMM

A

A. An organization would have reached the highest level of the software capability maturity model (CMM) at level 5, optimizing- Continuous Improvement

B. Quantitative quality goals can be reached at level 4 and below.

C. A documented process is executed at level 3 and below.

D. A process tailored to specific projects can be achieved at level 2 or below.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

software quality management process

A

Because an audit measures compliance with the standards of the organization, the first step of the review of the software quality management process should be to determine the evaluation criteria in the form of standards adopted by the organization. The evaluation of how well the organization follows their own standards cannot be performed until the IS auditor has determined what standards exist.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

BCP should be based on?

A

duration of outage

17
Q

What drives Information Security Policy?

A

Business objectives drive the information security policy, and the information security policy drives the selection of IT department objectives. A policy driven by IT objectives is at risk of not being aligned with business goals.

18
Q

Define Policy

A

First Step- Defining a security policy for information and related technology is the first step toward building a security architecture. A security policy communicates a coherent security standard to users, management and technical staff. Security policies will often set the stage in terms of what tools and procedures are needed for an organization.

19
Q

effectiveness of an IT governance implementation

A

stakeholder requirements and involvement

20
Q

IT governance framework

A

senior management must be involved and aware of roles and responsibilities

21
Q

IT STEERING Committee

A

Reports to board of directors

22
Q

IT Governance

A

Organizational Strategies

23
Q

governance of IT

A

board of directors.

24
Q

primary risk of business process reengineering (BPR)

A

A primary risk of business process reengineering (BPR) is that controls are eliminated as part of the reengineering effort. This would be the primary concern.

25
Q

Strategic vs. IT Short Range

A

The integration of IT and business personnel in projects is an operational issue and should be considered while reviewing the short-range plan. A strategic plan would provide a framework for the IT short-range plan.

26
Q

Strategic Plan

A

B. A clear definition of the IT mission and vision would be covered by a strategic plan.

C. A strategic information technology planning scorecard would be covered by a strategic plan.

D. Business objectives correlating to IT goals and objectives would be covered by a strategic plan.

27
Q

adequacy of an organization’s security awareness program

A

Job descriptions contain clear statements of accountability for information security.

28
Q

Strategic plans

A

Involvement of senior management

29
Q

investment portfolio analysis

A

It is most desirable to conduct an investment portfolio analysis, which will present not only a clear focus on investment strategy, but will provide the rationale for terminating nonperforming IT projects.