Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CCSK Certification > Domain 2 - Governance & Risk Management > Flashcards

Domain 2 - Governance & Risk Management Flashcards

1
Q

How does cloud computing impact governance & risk management?

A

In four areas:

a) Governance - because it introduces a third party.
b) Enterprise Risk Management
c) Information Risk Management
d) Information Security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is Governance?

A
  • Policies, processes, and internal controls that comprise how an organization is run.
  • Mechanisms for management including structures and leadership.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is Enterprise risk management?

A
  • Managing overall risk to the organization.
  • It is more than those concerned with technology
  • Other risks - e.g. regulatory, supply chain, financial, etc.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is Information Risk Management?

A
  • Manages risk to information including information technology
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is information security?

A
  • Tools and practices to manage risk to information.
  • Information risk can be managed by other means besides information security - e.g. contracts, insurance, and physical security etc.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is the relationship between governance, ERM, IRM and IS?

A

IS is a tool of IRM
IRM is a tool of ERM
ERM is a tool of Governance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are the tools of cloud governance?

A

1) Contracts - between a CSP and CSC.
2) Supplier assessment - may include financial viability, history, features, 3PAttestations, peer feedback
3) Compliance reporting - audit of controls by 3Ps.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

How does service models affect governance?

A
  • SaaS - most critical example of the need for a negotiated contract
  • PaaS - likelihood of fully negotiated contract is lower
  • IaaS - existing governance structures may be transferrable.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

How does deployment models (public, private, hybrid) affect governance?

A
  • Public clouds - contracts may be inflexible; CSP has incentive to keep everything current; governance has to accommodate this fact.
  • Private cloud - more flexible contract; but CSP may offer just what’s in the contract; governance focus on internal SLAs and charge backs for accounting.
  • Hybrid - governance issues multiple domains
  • Community - governance must consider relationships with other members of the community in addition to provider.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What’s a process to manage cloud risk?

A
  • Review CSP’s documentation
  • Review CSP’s security program
  • Review legal, regulatory, industry, contract
  • Evaluate service based on context of information assets
  • Evaluate provider (finances, reputation, insurers etc.)
  • Periodically review audits and assessments
How well did you know this?
1
Not at all
2
3
4
5
Perfectly

CCSK Certification (13 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions