Entity Scoping Flashcards

1
Q

How many Entity Types can an Entity belong to?

A

Zero, One, or Many

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Entity + Risk Statement =

A

= Risk –> Assessment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Entity + Control Objective =

A

= Control –> Attestation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

How do “dynamic capabilities” impact Entity Types

A

As new records meet filter criteria, new entities are created

As current records don’t meet filter criteria, they are deactivated (retired)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Scoping for Security

A
ISO 27001
NIST
PCI DSS
IFSMA
NERC CIP
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Scoping for IT Finacial

A

SOX
GDPR
BCBS (Basel)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Scoping for Healthcare

A

HIPPA

PCI DSS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Scoping for Insurance

A

NAIC
FINRA
SEC
PCI DSS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Operational Approach

A

Scoping at individual level

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Strategic Approach

A

Figure out how to group

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What precedes common tables?

A

cmn_

[cmn_department]
[cmn_location]

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What precedes system tables?

A

sys_

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What precedes core tables?

A

core_

[core_company]

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Name of entity cleanup job

A

GRC Cleanup Invalid Entities

runs each night

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Services Table
Server Table
Business Process Table

A

[cmdb_ci_service]
[cmdb_ci_server]
[cmdb_ci_business_process]

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Entity Filter elements

A

table
filter condition
conditions

17
Q

How is Entity Owner determined

A

“Entity owner” specified on filter

  • references field with username NOT group name
  • “empty owner” determines what happens if owner is blank (create, do not create, or use default)
18
Q

What are the two reasons for using Entity Classes

A
  • Risk roll-up (hierarchy)

- Reporting

19
Q

Name of the Module for setting up Entity Classes

A

GRC Workbench - Dependency Model

entities are on the left, eligible upstream and downstream on the right

20
Q

Document - Table Name and Scope

A

[sn_grc_document]

GRC: Profiles

21
Q

Document- Extended Tables

A
Risk Framework (GRC: Risk Management)
Authority Document (GRC: Policy & Compliance)
Policy (GRC: Policy & Compliance)
22
Q

Content - Table Name and Scope

A

[sn_grc_content]

GRC: Profiles

23
Q

Content - Extended Tables

A
Risk Statement (GRC: Risk Management)
Citations (GRC: Policy & Compliance)
Control Objective (GRC: Policy & Compliance)
24
Q

Item - Table Name and Scope

A

[sn_grc_item]

GRC: Profiles

25
Q

Item - Extended Tables

A

Risk (GRC: Risk Management)

Control (GRC: Policy & Compliance)

26
Q

Entity Type vs Entity Class

A

Entities can have multiple types but only one class

27
Q

GRC: Profiles Common Tables

A
Task (global) --> Indicator Task
Base Indicator [sn_grc_base_indicator] --> Indicator
Planned Task (global) --> Issue
Entity Type
Entity Class
Entity
Entity Tier
28
Q

Name for entity creation job

A

GRC Profile Generation

runs hourly) (updates entities too