Key Terms 3

Question 1

Relying upon the secrecy or complexity of an item as its security, instead of practicing solid security practices.

Answer 1

Security through obscurity

Question 2

Industry-recognized best practices for the development and management of an information security management system.

Answer 2

ISO/IEC 27000 series

Question 3

Enterprise architecture framework used to define and understand a business environment developed by John Zachman.

Answer 3

Zachman framework

Question 4

Enterprise architecture framework used to define and understand a business environment developed by The Open Group.

Answer 4

TOGAF

Question 5

Risk-driven enterprise security architecture that maps to business initiatives, similar to the Zachman framework.

Answer 5

SABSA framework

Question 6

U.S. Department of Defense architecture framework that ensures interoperability of systems to meet military mission goals.

Answer 6

DoDAF

Question 7

Architecture framework used mainly in military support missions developed by the British Ministry of Defence.

Answer 7

MODAF

Question 8

Set of control objectives used as a framework for IT governance developed by Information Systems Audit and Control Association (ISACA) and the IT Governance Institute (ITGI).

Answer 8

CobiT

Question 9

Set of controls that are used to secure U.S. federal systems developed by NIST.

Answer 9

SP 800-53

Question 10

Internal control model used for corporate governance to help prevent fraud developed by the Committee of Sponsoring Organizations (COSO) of the Treadway Commission.

Answer 10

COSO

Question 11

Best practices for information technology services management processes developed by the United Kingdom’s Office of Government Commerce.

Answer 11

ITIL

Question 12

Business management strategy developed by Motorola with the goal of improving business processes.

Answer 12

Six Sigma

Question 13

Process improvement model developed by Carnegie Mellon.

Answer 13

Capability Maturity Model Integration (CMMI)