Domain 5.0: Governance, Risk and Compliance Flashcards
Controls tend to do what?
Deters, prevents, detect or correct.
Anti-malware is an example since it includes more than one of those functions.
Computer login notification is example of what control?
Preventative control
What is compensating control?
It’s used when a business or technological constraint exists and an alternative control is effective in the current security threat landscape.
SLA
Service Level Agreement
BPA
Business Partners Agreement
MOU
Memorandum of Understanding
ISA
Interconnection Security Agreement
SLA, BPA, MOU, and ISA is what?
They are types of interoperability agreements that help mitigate risks when dealing with third parties.
What does user types require?
They require training and awareness.
What are user types?
General users Privileged users System Administrators Executive users Data owners System owners
Which user types are responsible for creating and managing security policies?
Executive users
Data owners
System owners
How should users be trained?
Proper use of their various personal applications including email and social media networks. The training should address any limitations or expectations regarding their use.
RPO
Recovery Point Objective designates the amount of data that will be lost or will have to be reentered due to network downtime.
RTO
Recovery Time Objective designates the amount of time that can pass before a disruption begins to seriously impede normal business operations.
MTBF
Means Time Between Failure is average time before a produce requires repair