Domain 2 - Governance & Mngmt Of IT Flashcards
What does IT governance do
Ensures optimal use of IT resources and thereby supporting the business strategy.
Who must be involved in IT governance
Senior management/stakeholders
Who approves IT security policy
BOD
2 steps in developing a risk management program
1) establish the purpose of the RM program
2) assign responsibility for the RM program
Information security standards committee (ISSC) determines if:
controls & practices are suitable around the operating systems and databases
(Senior management and C-Level executive management)
IT steering committee
Responsible for:
-implementation
-approving project plans & budget
-projects meet requirements
-efficient use of IT resources
-monitors
Enterprise architecture
Defines the structure and operations of an org; ensures technology initiatives are compatible with IT framework
- must include both current and future state outcomes to be complete
Enterprise risk management (ERM) steps
- Asset identification
- Determine the threat/vulnerability
- Evaluation of the impact
- Calculation of risk
- Evaluation of/response to risk
Capability maturity model
Helps determine maturity level of the risk management process; constant improvement; performance based
Maturity models identify -
Gaps between current and desired state
IT Balance Scorecard (BSC)
- objective is to optimize performance
-KPIs are required
-measures success of IT investment & strategy
First 2 steps in reviewing the software quality management process
- Review standards/policies adopted by org
- Review controls in place
Recovery point objective (RPO)
Determined based in acceptable data loss in the case of disruption of operations; defined point in time
Who is essential in identifying critical business functions, recovery times, and resources needed in a BCP
Process owners
(BIA) business impact analysis
-presented to BOD
-Determines acceptable downtime
-BCP first step is identifying critical business processes and determining priority for recovery