Dominio 1 Flashcards
¿Qué es GRC?
Governance Risk Compliance
What is business driver?
A business driver is a condition, process, requirement, or other concern that influences the way in which an organization directs or manages activities.
3 form of business organization? definition?
Proprietorship: a single individual owns the organization.
Partnership: two or more individuals owns the organization.
Corporations: legal entities that are separate from their owners
What is CMMI?
capability maturity model integration
5 levels of CMMI? Definiton of each?
INITIAL:Processes are unpredictable, poorly controlled, & reactive.
MANAGED: Processes are characterized for projects, but is often reactive.
DEFINED: Processes are characterized throughout the organization & proactive.
QUANTITATIVELY MANAGED: Processes are measured & controlled - proactive.
OPTIMIZING: Focuses on process improvement & enhancing existing processes
To whom should the CISO report?
CIO
What is a CIO?
Chief Information Officer
NIST SP 800-30 Rev. 1?
Guide for Conducting Risk Assessments
NIST SP 800-37 Rev. 2
Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy
NIST SP 800-39
Managing Information Security Risk: Organization
ISO/IEC 27005:2018
Information technology – Security techniques – Information security risk management
Necessity of a Security Policy?
Can provide legal protection, it demonstrates an organization’s commitment to adhere to legal and regulatory requirements
A single company can have different security policies for different “branches”?
Yes
Role of the CISO: maintain processes across enterprise with 4 objectives:
- Reduce risks
- Establish and implement security policies and procedures
- Establish standards and controls
- Respond to incidents
A Seven-Question Framework for Ethical Decision Making
1 What decision alternatives are available?
2 What individuals/organizations are impacted in the outcome of my decision?
3 Will an individual/organization be harmed by any of the alternatives?
4 Which alternative will do the most good with the least harm?
5 Would someone I respect find any of the alternatives objectionable?
6 At a gut level, am I comfortable with the decision I’ve made?
7 Will I be comfortable telling my friends and family about this decision?