Governance and Compliance Flashcards
GRC Triad
Governance, Risk, and Compliance
Governance
Strategic leadership, structures, and processes ensuring IT aligns with business
objectives
Involves risk management, resource allocation, and performance measurement
Board
Elected by shareholders to oversee organization management
Responsible for setting strategic direction, policies, and major decisions
Committee
Subgroups of boards with specific focuses
Government Entities
Play roles in governance, especially for public and regulated organizations
Establish laws and regulations for compliance
AUP
Acceptable Use Policy
Document that outlines the do’s and don’ts for users when interacting with an
organization’s IT systems and resources
Information Security Policies
Outline how an organization protects its information assets from threats, both
internal and external
Business Continuity Policy
Ensures operations continue during and after disruptions
Disaster Recovery Policy
Focuses on IT systems and data recovery after disasters
Incident Response Policy
Addresses detection, reporting, assessment, response, and learning from
security incidents
Software Development Lifecycle (SDLC) Policy
Guides software development stages from requirements to maintenance
Change Management Policy
Governs handling of IT system/process changes
DAC
Discretionary Access Control
MAC
Mandatory Access Control
RBAC
Role-Based Access Control