Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CISM-I-GLOSSARY > I-GLOSSARY > Flashcards

I-GLOSSARY Flashcards

1
Q

Identification

A

The process of verifying the identity of a user, process or device, usually as a prerequisite for granting access to resources in an information system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Impact analysis

A

A study to prioritize the criticality of information resources for the organization based on costs (or consequences) of adverse events. In an impact analysis, threats to assets are identified and potential business losses determined for different time periods.
This assessment is used to justify the extent of safeguards that are required and recovery time frames. This analysis is the basis for establishing the recovery strategy.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Incident

A

Any event that is not part of the standard operation of a service and that causes, or may cause, an interruption to, or a reduction in, the quality of that service

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Incident handling

A 
An action plan for dealing with intrusions, cyber theft, denial-of-service attack, fire, floods, and other security-related events. It is comprised of a six-step process: 
Preparation,
Identification
Containment, 
Eradication,
Recovery, 
and Lessons Learned.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Incident response

A

The response of an enterprise to a disaster or other significant event that may significantly affect the enterprise, its people or its ability to function
productively. An incident response may include evacuation of a facility, initiating a disaster recovery plan (DRP), performing damage assessment and any other measures necessary to bring an enterprise to a more stable
status.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Information security

A

Ensures that only authorized users (confidentiality) have access to accurate and complete information (integrity) when required (availability)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Information security governance

A

The set of responsibilities and practices exercised by the board and executive management with the goal of providing strategic direction, ensuring that objectives are achieved, ascertaining that risks are managed
appropriately and verifying that the enterprise’s resources are used responsibly.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Information security program

A

The overall combination of technical, operational and procedural measures, and management structures implemented to provide for the confidentiality, integrity and availability of information based on business
requirements and risk analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Integrity

A

The accuracy, completeness and validity of information
Internal controls .The policies, procedures, practices and organizational structures designed to provide reasonable assurance that business objectives will be achieved and undesired events will be prevented or detected and corrected.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Internet protocol

A

Specifies the format of packets and the addressing scheme

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Interruption window

A

The time the company can wait from the point of failure to the restoration of the minimum and critical services or applications. After this time, the
progressive losses caused by the interruption are excessive for the organization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Intrusion detection

A

The process of monitoring the events occurring in a computer system or network to detect signs of unauthorized access or attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Intrusion detection system (IDS)

A

Inspects network and host security activity to identify suspicious patterns that may indicate a network or system attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Intrusion prevention system (IPS)

A

Inspects network and host security activity to identify suspicious patterns that may indicate a network or system attack and then blocks it at the firewall to prevent damage to information resources

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

IP Security (IPSec)

A

A set of protocols developed by the Internet Engineering Task Force (IETF) to support the secure exchange of packets

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

ISO/IEC 17799

A

Originally released as part of the British Standard for Information Security in 1999 and then as the Code of Practice for Information Security Management in October 2000, it was elevated by the International
Organization for Standardization (ISO) to an international code of practice for information security management. This standard defines information’s
confidentiality, integrity and availability controls in a comprehensive information security management system. The latest version is ISO/IEC 17799:2005.

17
Q

ISO/IEC 27001

A

An international standard, released in 2005 and revised in 2013, that defines a set of requirements for an information security management system.
Prior its adoption by the ISO, this standard was known as BS 17799 Part 2, which was originally published in 1999.

18
Q

ISO/IEC 31000

A

ISO 31000:2009 Risk management—Principles and guidelines. Provides principles and generic guidelines on risk management. It is industry- and sector-agnostic and can be used by any public, private or community
enterprise, association, group or individual.

19
Q

IT governance

A

The responsibility of executives and the board of directors; consists of the leadership, organizational structures and processes that ensure that the
enterprise’s IT sustains and extends the organization’s strategies and objectives

20
Q

IT steering committee

A

An executive management-level committee that assists the executive in the delivery of the IT strategy, oversees day-to-day management of IT
service delivery and IT projects and focuses on implementation aspects

21
Q

IT strategic plan

A

A long-term plan (i.e., three- to five-year horizon) in which business and IT management cooperatively describe how IT resources will contribute to
the enterprise’s strategic objectives (goals)

22
Q

IT strategy committee

A

A committee at the level of the board of directors to ensure that the board is involved in major IT matters and decisions. The committee is primarily
accountable for managing the portfolios of IT-enabled investments, IT services and other IT resources. The committee is the owner of the portfolio.

23
Q

ISO/IEC 27002

A

A code of practice that contains a structured list of suggested information security controls for organizations implementing an information security
management system. Prior to its adoption by ISO/IEC, this standard existed as BS 77799.

24
Q

ISO/IEC 15504

A

ISO/IEC 15504 Information technology—Process assessment. ISO/IEC 15504 provides a framework for the assessment of processes. The framework can be used by organizations involved in planning, managing,
monitoring, controlling and improving the acquisition, supply, development, operation, evolution and support of products and services.

CISM-I-GLOSSARY (1 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions