Governance and Compliance Flashcards

1
Q

GRC Triad

A

Governance, Risk, and Compliance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Governance

A

Strategic leadership, structures, and processes ensuring IT aligns with business
objectives

Involves risk management, resource allocation, and performance measurement

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Board

A

Elected by shareholders to oversee organization management

Responsible for setting strategic direction, policies, and major decisions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Committee

A

Subgroups of boards with specific focuses

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Government Entities

A

Play roles in governance, especially for public and regulated organizations

Establish laws and regulations for compliance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

AUP

A

Acceptable Use Policy

Document that outlines the do’s and don’ts for users when interacting with an
organization’s IT systems and resources

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Information Security Policies

A

Outline how an organization protects its information assets from threats, both
internal and external

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Business Continuity Policy

A

Ensures operations continue during and after disruptions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Disaster Recovery Policy

A

Focuses on IT systems and data recovery after disasters

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Incident Response Policy

A

Addresses detection, reporting, assessment, response, and learning from
security incidents

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Software Development Lifecycle (SDLC) Policy

A

Guides software development stages from requirements to maintenance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Change Management Policy

A

Governs handling of IT system/process changes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

DAC

A

Discretionary Access Control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

MAC

A

Mandatory Access Control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

RBAC

A

Role-Based Access Control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Playbook

A

Detailed guide for specific tasks or processes that provides step-by-step instructions for consistent and efficient execution

17
Q

Regulatory Considerations

A

Regulations cover areas such as
● Data Protection
● Privacy
● Environmental Standards
● Labor Laws

18
Q

Legal Considerations

A

Complement regulatory considerations, encompassing contract, intellectual property, and corporate law

19
Q

Industry Considerations

A

Refer to industry-specific standards, practices, and ethical guidelines

20
Q

Geographical Considerations

A

Geographical regulations impact organizations at local, regional, national, and
global levels (e.g. CCPA in California, GDPR in Europe)

21
Q

Compliance

A

Ensures adherence to laws, regulations, guidelines, and specifications

22
Q

Due Care

A

Mitigating identified risks

23
Q

Attestation

A

Formal declaration by a responsible party that the organization’s processes and controls are compliant

24
Q

Acknowledgement

A

Recognition and acceptance of compliance requirements by all relevant
parties