Domain 2 - Governance & Mngmt Of IT Flashcards

1
Q

What does IT governance do

A

Ensures optimal use of IT resources and thereby supporting the business strategy.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Who must be involved in IT governance

A

Senior management/stakeholders

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Who approves IT security policy

A

BOD

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

2 steps in developing a risk management program

A

1) establish the purpose of the RM program
2) assign responsibility for the RM program

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Information security standards committee (ISSC) determines if:

A

controls & practices are suitable around the operating systems and databases
(Senior management and C-Level executive management)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

IT steering committee

A

Responsible for:
-implementation
-approving project plans & budget
-projects meet requirements
-efficient use of IT resources
-monitors

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Enterprise architecture

A

Defines the structure and operations of an org; ensures technology initiatives are compatible with IT framework
- must include both current and future state outcomes to be complete

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Enterprise risk management (ERM) steps

A
  1. Asset identification
  2. Determine the threat/vulnerability
  3. Evaluation of the impact
  4. Calculation of risk
  5. Evaluation of/response to risk
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Capability maturity model

A

Helps determine maturity level of the risk management process; constant improvement; performance based

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Maturity models identify -

A

Gaps between current and desired state

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

IT Balance Scorecard (BSC)

A
  • objective is to optimize performance
    -KPIs are required
    -measures success of IT investment & strategy
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

First 2 steps in reviewing the software quality management process

A
  1. Review standards/policies adopted by org
  2. Review controls in place
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Recovery point objective (RPO)

A

Determined based in acceptable data loss in the case of disruption of operations; defined point in time

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Who is essential in identifying critical business functions, recovery times, and resources needed in a BCP

A

Process owners

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

(BIA) business impact analysis

A

-presented to BOD
-Determines acceptable downtime
-BCP first step is identifying critical business processes and determining priority for recovery

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

BCP predetermined criteria

A

Duration of an outage
-BCP should be based on the max time a business can function with disruption before it threatened achievement of organizations objectives

17
Q

BCP tests - Table top

A

Involves all or some of crisis team members and is focused more on coordination and communication issues than on technical process details

18
Q

BCP tests - Functional

A

Involves mobilization or personnel and resources at various geographic sites. In-deprh

19
Q

BCP Tests - Full-scale

A

Involves enterprise wide participation and full involvement of external organizations- plan is actually exercised

20
Q

Most important consideration when reviewing the risk management process

A

IT risk is presented in business terms

21
Q

Disaster recovery plan (DRP) addresses the:

A

Technological aspect of business continuity planning (BCP)
-focuses on IT systems and operations

22
Q

The first step in preparing a DRP

A

Perform a business impact analysis (BIA)

-BIA identifies critical business processes and supporting systems

23
Q

Once the BIA is completed, the next phase in BCP development is

A

Identify various recovery strategies and select most appropriate one

24
Q

Pilot test

A

Used for implementing a new process or technology (not appropriate for a BCP)

25
Q

Paper test (desk check)

A

Walk through part of or entire BCP

26
Q

Unit test

A

Used to test new software components (not app for BCP)

27
Q

System test

A

Used to test a new IT system (not app for BCP)

28
Q

An effective BCP involves:

A

All user departments

29
Q

What will ensure compliance to security policies from an outsourced service provider?

A

An indemnity clause (included in service provider contract)

30
Q

CMM ensures -

A

A stable software development process