IS4550 CHAPTER 8 Flashcards
A committee that deals with audit issues and non-finacial risks is called ___.
AUDIT COMMITTEE
An organization that developed a framework for validation internal controls and managing enterprise risks; focuses on finical operations and risk management is called ___.
COMMITTEE OF SPONSORING ORGANIZATIONS (COSO)
Relates to the impact on the business for failing to comply with legal obligations is called ___.
COMPLIANCE RISK
A widely accepted framework that brings together business and control requirements with technical issues is called ___.
CONTROL OBJECTIVES FOR INFORMATION AND RELATED TECHNOLOGY (COBIT)
A person that implements policies and procedures such as backup, versioning, uploading, downloading and database administration is called ___.
DATA ADMINISTRATOR
A person that grants access rights and assesses information security threats to organization is called ___.
DATA SECURITY ADMINISTRATOR
The owner of data and approver of access rights and is responsible for data quality is called ___.
DATA STEWARD
A framework that aligns strategic goals, operations effectiveness, reporting, and compliance objectives; not technology specific is called ___.
ENTERPRISE RISK MANAGEMENT (ERM)
A committee that helps align the security committee to organization goals and objectives is called ___.
EXECUTIVE COMMITTEE
Events that could potentially impact the business when it fails to provide adequate liquidity to meet its obligations is called ___.
FINANCIAL RISK
A set of tools that bring together the capabilities to systematically manage risk and policy compliance is called ___.
GOVERNANCE, RISK MANAGEMENT AND COMPLIANCE (GRC)
A role that deals with all aspects of information such as security, quality, definition, and availability; responsible for data quality is called ___.
HEAD OF INFORMATION MANAGEMENT
An individual accountable for identifying, developing, and implementing security policies and corresponding security controls is called ___.
INTERNATIONAL ORGANIZATION FOR STANDARDIZATION (ISO)
Having two or more layers of independent controls to reduce risk is called ___.
LAYERED SECURITY APPROACH
An organization that creates security guidelines on security controls for federal information systems is called ___.
NATIONAL INSTITUE OF STANDARDS AND TECHNOLOGY (NIST)
___ is a framework for information security assessment and planning consisting of tools, techniques, and methods.
OCTAVE