Governance and Compliance

Question 1

GRC Triad

Answer 1

Governance, Risk, and Compliance

Question 2

Governance

Answer 2

Strategic leadership, structures, and processes ensuring IT aligns with business
objectives

Involves risk management, resource allocation, and performance measurement

Question 3

Board

Answer 3

Elected by shareholders to oversee organization management

Responsible for setting strategic direction, policies, and major decisions

Question 4

Committee

Answer 4

Subgroups of boards with specific focuses

Question 5

Government Entities

Answer 5

Play roles in governance, especially for public and regulated organizations

Establish laws and regulations for compliance

Question 6

AUP

Answer 6

Acceptable Use Policy

Document that outlines the do’s and don’ts for users when interacting with an
organization’s IT systems and resources

Question 7

Information Security Policies

Answer 7

Outline how an organization protects its information assets from threats, both
internal and external

Question 8

Business Continuity Policy

Answer 8

Ensures operations continue during and after disruptions

Question 9

Disaster Recovery Policy

Answer 9

Focuses on IT systems and data recovery after disasters

Question 10

Incident Response Policy

Answer 10

Addresses detection, reporting, assessment, response, and learning from
security incidents

Question 11

Software Development Lifecycle (SDLC) Policy

Answer 11

Guides software development stages from requirements to maintenance

Question 12

Change Management Policy

Answer 12

Governs handling of IT system/process changes

Question 13

DAC

Answer 13

Discretionary Access Control

Question 14

MAC

Answer 14

Mandatory Access Control

Question 15

RBAC

Answer 15

Role-Based Access Control

Question 16

Playbook

Answer 16

Detailed guide for specific tasks or processes that provides step-by-step instructions for consistent and efficient execution

Question 17

Regulatory Considerations

Answer 17

Regulations cover areas such as
● Data Protection
● Privacy
● Environmental Standards
● Labor Laws

Question 18

Legal Considerations

Answer 18

Complement regulatory considerations, encompassing contract, intellectual property, and corporate law

Question 19

Industry Considerations

Answer 19

Refer to industry-specific standards, practices, and ethical guidelines

Question 20

Geographical Considerations

Answer 20

Geographical regulations impact organizations at local, regional, national, and
global levels (e.g. CCPA in California, GDPR in Europe)

Question 21

Compliance

Answer 21

Ensures adherence to laws, regulations, guidelines, and specifications

Question 22

Due Care

Answer 22

Mitigating identified risks

Question 23

Attestation

Answer 23

Formal declaration by a responsible party that the organization’s processes and controls are compliant

Question 24

Acknowledgement

Answer 24

Recognition and acceptance of compliance requirements by all relevant
parties