ISC

Question 1

Replication

Answer 1

A technique used in data storage and computing to create and maintain copies of data, systems, or applications across multiple devises, servers or data centers

Replication involves creating and maintaining one or more copies of data from a primary storage device, server, or application to one or more secondary devises, servers or applications.

Can be done with synchronously (In real-time) or asynchronously (with a delay)

Question 2

CRM

Answer 2

A software tool that helps businesses manage their interactions with customer and prospects. It is used to manage customer data, sales, marketing and customer service activities

Question 3

Expert Systems

Answer 3

Computerized systems that are designed to mimic the decision-making abilities of a human expert in a specific field.

Question 4

Private Networks

Answer 4

Owned and operated by a single organization

Advantages
- Increased security
- Flexibility
- Better performance

Disadvantages
- Higher costs
- Limited access
- Limited scalability

Question 5

NIST SP 800-53

Answer 5

Provides guidelines for selecting and implementing security and privacy controls for federal information systems and organizations. Mandatory for agency or contractor of agency that processes, stores or transmits data for a U.S. federal information system, unless the system involves national security. May also be used voluntarily by any organization for risk management. SECURITY AND PRIVACY

Question 6

Types of Cloud

Answer 6

Private Cloud - dedicated to a single organization. Most expensive.
Community Cloud - shared by a specific group of organizations with similar requirements and concerns. Scale at a lower pace than Public cloud.
Public Cloud - resources such as servers, storage and applications are made available to the general public via the internet. Owned and operated by third-parties. Lowers costs but higher risk of data leak.
Hybrid Cloud - Combines benefits of public and private clouds.

Question 7

Worm

Answer 7

Malware, similar to a virus, that replicates itself and spreads to other computers. Does not need to attach itself to legitimate program or file to do so.

Question 8

NIST Privacy Framework

Answer 8

National Institute of Standards and Technology developed this voluntary tool to help organizations manage privacy risks and protect individual’s privacy rights.

3 parts - Core, Profiles & Implementation Tiers (see next cards)

Question 9

NIST Privacy Framework - Core

Answer 9

5 Functions

1. Identify - Governance, risk assessment & data processing eco system.
2. Govern - Laws and norms, strategy and priorities.
3. Control - Data processing control, data minimization.
4. Communicate - Transparency and individual participation
5. Protect - Emphasis on data privacy

Question 10

NIST Privacy Framework - Profiles

Answer 10

Current Profile - Privacy outcomes already achieved.

Target Profile - The Org’s desired privacy outcome.

By comparing current vs. target the Org can determine gaps and prioritize areas for improvement.

Question 11

NIST Privacy Framework - Implementation Tiers

Answer 11

4 Tiers

1. Partial - Ad-hoc and not formalized. Org may be unaware of privacy risks.
2. Risk-Informed - Aware of privacy risks, some practices approved my management, lack Org-wide approach.
3. Repeatable - Consistent Org-wide approach, regularly renew and update risk practices.
4. Adaptive - Adapts privacy practices based on lessons learned and predictive indicators. Part of Org culture.

Question 12

Machine Learning

Answer 12

Subfield of AI where computers or machines have the ability to learn from data and improve their performance on a specific task without being explicitly programmed to do so.

Question 13

Executive Support System

Answer 13

A system that assists senior management with making non-routine decisions, helps analyze competitor activity, and identifies activities and acquisitions that might protect the company from cyclical business swings

Question 14

Data Warehouse

Answer 14

A large, centralized repository for storing structured and semi- structured data from different sources within an organization.

Question 15

Tokenization

Answer 15

Replaces sensitive data with non-sensitive tokens, maintaining the data’s structure while protecting its actual value.

Suitable for handling credit card data while preserving its format.

Question 16

Access Levels

Answer 16

Least-Privilege: Limits the access rights and permissions of users, processes or systems to the minimum necessary to perform their intended tasks.

Zero-Trust: Assumes that all users, devices and systems are untrusted until verified otherwise.

Whitelisting: Created a list of trusted or approved applications , processes or systems and denies access to all others.

Need to Know: Sensitive info is only disclosed to those who need it to perform their job duties.

Question 17

Data Lake

Answer 17

Central repository that stores structured and unstructured data at any scale. Data is stored in raw format and it not transformed or cleaned before being loaded into the Data Lake.

Question 18

Systems Development Life Cycle

Answer 18

Steps in SDLC

1. Planning
2. Analysis
3. Design
4. Development
5. Testing
6. Implementation
7. Maintenance

Question 19

Complier

Answer 19

Software that converts source code written in a programming language into machine code that can be executed by a computer

Question 20

Value Added Network (VAN)

Answer 20

Network that provides value-added services such as data storage and secure transmission to business and organizations

Question 21

Router

Answer 21

A connection point between a home or office network and the internet.

Question 22

MIS

Answer 22

Management Information Systems - computerized systems that provide managers with the information needed to make informed decisions.

Question 23

Flowcharting

Answer 23

Used to document an organization’s information system and related control procedures.

Visually depicts the flow of transactions through the process from initiation to storage of data. Specific shapes are used to represent physical media used for files and processes

Question 24

Decision Support Systems

Answer 24

Used for semi-structured problems that require the exercise of judgment. Provides access to relevant data and analysis tools.

Question 25

Database Schemas

Answer 25

Visual representations of tables, attributes, primary keys & relationships in a database

3 types -

1. Conceptual - big picture in initial design phase
2. Logical - Attributes/Primary keys that will be included for each table in Database.
3. Physical - Technical implementation of logical model once software is determined.

Logical must be completed before implementation because it’s the basis for physical scheme.

Question 26

Mirroring

Answer 26

Used in data storage and computing to create an exact real-time replica of data, systems, or applications across multiple storage devices, servers or data centers.

When data is written to the primary device it is simultaneously written to the secondary device.

Question 27

General Data Protection Regulation (GDPR)

Answer 27

is a comprehensive data protection regulation that applies to organizations operating within the EU (European Union) or processing the personal data of EU citizens.

Question 28

COBIT (Control Objectives for Information and related Technology)

Answer 28

Framework developed by the ISACA for the governance and management of enterprise information technology (IT).

The Framework (5 Principles)
1. Meeting Stakeholder’s needs.
2. Covering the Enterprise end to end (Not just the IT component)
3. Applying a single, integrated framework. (Aligns with other relevant standards and framework at a high level and serves as an overarching framework for the governance and management of enterprise IT.
4. Enabling a holistic approach.
5. Separating Governance from Management (make a clear distinction)

Question 29

Trust Service Criteria (TSC)

Answer 29

5 Categories:
1. Security
2. Availability
3. Processing Integrity
4. Confidentiality
5. Privacy

Align with and extend the COSO Framework.

Question 30

System Analysts

Answer 30

-Making developed/purchased systems functional
-Determine networks used, setting up IT policies and architecture
-Working w/ end users to understand their needs and train them on new systems being implemented.
-Analyze systems, design overall systems, prepare system flow charts
- Prepare specifications for programmers
- Serve as a intermediary between users and programmers

Question 31

Network Admins

Answer 31

Develop and maintain a data communication network
Network planning

Question 32

Systems Programmers

Answer 32

-Program Operating Systems
-Installs
-Upgrades
-Compliers

Question 33

COSO Internal Control - Integrated Framework

Answer 33

1. Control environment
2. Risk assessment
3. Control activities
4. Information/communication
5. Monitoring activities

Question 34

COSO Enterprise Risk Management (ERM)

Answer 34

1. Governance/Culture
2. Strategy and objective setting
3. Performance
4. Review/Revision
5. Information/Communication/Reporting

Question 35

Knowledge-based Systems

Answer 35

Derives an answer using a logical problem solving approach that is developed by an expert from input from a user

Question 36

Joiner types

Answer 36

Inner Join - Extracts matching records that appear in both tables
Left Join - Extracts record from one table
Full Join - Retrieves records from both datasets regardless if there is a match