Governance and Compliance

Question 1

Governance

Answer 1

leadership, structures, and processes that IT has for buisness objectives

Question 2

Boards

Answer 2

a group of individuals elected by shareholders to oversee the management of an organization

Question 3

Committees

Answer 3

a subgroup of a board of directors w/ a specific focus

Question 4

Government Entities role in your buisness

Answer 4

ensure laws and regulations are complied with

Question 5

Centralized Structures

Answer 5

decision-making authority is concentrated at the top levels

Question 6

Decentralized Structures

Answer 6

distributes decision-making authority throughout the org

Question 7

Acceptable Use Policy

Answer 7

document that outlines the do’s and donts for user’s within that org

Question 8

Information Security Policies

Answer 8

outlines how an organization protects its infromation assets from threats

Question 9

Buisness Continuity

Answer 9

focuses how an organization will continue its operations before/after disruption

Question 10

Disaster Recovery

Answer 10

focuses specifically on how the org will reocver its IT systems and data

Question 11

Incident Response

Answer 11

plan for handling security incidents

Question 12

Software Development Lifecyle

Answer 12

how software is developed

Question 13

Purpose of Change Management

Answer 13

ensure changes are implemented in a controlled and cordinated manner

Question 14

Pupose of Standards

Answer 14

to give a framework of security measures that covers all aspects

Question 15

Policy Standards Types (P Ac Ps E)

Answer 15

Password, Access Controls, Physical Security, and Encryption

Question 16

Procedures

Answer 16

sequence of actions take to get an outcome;Uses Change Management

Question 17

Onboarding

Answer 17

process of integrating new employees into the org

Question 18

Playbooks

Answer 18

checklist of actions to perfrom, detect, and respond to a specific incident

Question 19

Regulatory Considerations

Answer 19

can cover a wde range of areas from data protection and privacy to environmental standards and labor laws

Question 20

Legal Considerations

Answer 20

similar to Regualatory Considerations but incldes areas like contract law, intellectual property

Question 21

Industry Considerations

Answer 21

the specific standards and pratices pervelant in an industry

Question 22

Global Consideration Level Order (National global local regional)

Answer 22

are under the local → regional → national → global regulations

Question 23

Compliance Reporting

Answer 23

systematic process of collecting and presenting data to demostrate adherance

Question 24

Internal Complicance Reporting

Answer 24

collection/analysis of data to ensure the org is fufilling internal policies and procedures

Question 25

External Compliance Reporting

Answer 25

demostrating compliance to external entities such as regulatory bides, auditions often mandated by law

Question 26

Compliance Monitorying

Answer 26

reguarly reviewing and analyzing an org’s operations

Question 27

Due Diligence

Answer 27

the act of monitoring

Question 28

Due Care

Answer 28

the steps take while monitoring

Question 29

Attestation

Answer 29

formal decleartion from a responsible party that they are compliant

Question 30

Acknowledgement

Answer 30

recognition and acceptance of compliance requirements by all parties

Question 31

Concequences of Non-Compliance (S F LoL CI)

Answer 31

Fines, Sanctions, Loss of Licence, and Contractual Impacts

Question 32

Sanctions

Answer 32

strict measures taken by regulatory bodies to enforce compliance

Question 33

Contractual Impacts

Answer 33

the consequences/effects that arrise as a result of a contract of two parties