P1.F.2 Data Governance Flashcards

1
Q

Data Governance Definition & Objectives

P1.F.2 Data Governance

A

The control of enterprise data through formal policies and procedures to help ensure data can be trusted and is accessible.
Functions are part of Enterprise Risk Management (ERM).

Objectives

  1. Availability: to anyone who needs them
  2. Usability: in a useful format
  3. Integrity: veracity of data in terms of accuracy and validity over its useful life
  4. Security: preservation of integrity
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Data Governance Framework

P1.F.2 Data Governance

A

Purpose: to eliminate gaps.

COSO: implements and manages internal controls, enterprise risk, and fraud deterrence.

Integrates internal control, SOX requirements and strategic planning in order to manage risk.

COBIT: based on information technology. Consists of principles, objectives, components, focus areas and design factors.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

COSO Objectives

P1.F.2 Data Governance

A
  1. Strategic: development of high-level goals.
  2. Operations: proper management of the day-to-day activities.
  3. Reporting: reliability of financial/operational reporting an reduce risk.
  4. Compliance: compliance with laws and regulations can reduce company’s risk.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

COSO Components

P1.F.2 Data Governance

A
  1. Internal environment: corporate culture, overall setting, general tone
  2. Objective setting: statement of goals
  3. Event identification: identify company’s objectives as opportunity or risk.
  4. Risk assessment: impact and probability of occurrence.
  5. Risk response: possible responses include avoidance, acceptance, mitigation, transfer or retention of risk.
  6. Control activities: policies and procedures to execute response
  7. Information and communication: pertinent information transmitted to relevant parties.
  8. Monitoring: ongoing assessment and modifications, if applicable.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

COBIT Principles

P1.F.2 Data Governance

A
  1. Each enterprise needs a governance system.
  2. Built from a number of components that can work together in a holistic way.
  3. Should be dynamic.
  4. Should clearly distinguish between governance and management activities and structures.
  5. Tailored to enterprises needs
  6. Should cover end to end (on all processing).
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

COBIT Objectives
Governance Domain

(P1.F.2 Data Governance)

A

Evaluate, Direct and Monitor (EDM): the governing body evaluates strategic options, directs senior management on the chosen strategic options, and monitors the achievement of strategy.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

COBIT Objectives
Management Domain

(P1.F.2 Data Governance)

A
  1. Align, Plan and Organize (APO): addresses overall organization, strategy, and supporting activities for IT.
  2. Build, Acquire, and Implement (BAI): treats the definition, acquisition and implementation of IT solutions and their integration in business processes.
  3. Deliver, Service and Support (DSS): addresses the operational delivery and support of IT services, including security.
  4. Monitor, Evaluate and Assess (MEA): addresses performance monitoring and conformance of IT with internal performance targets, internal control objectives and external requirements.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

COBIT Components

P1.F.2 Data Governance

A
  1. Processes
  2. Organizational structures: are the key decision making entities
  3. Principles, policies and frameworks: translates desired behavior into practical guidance for day-to-day management
  4. Information
  5. Culture, ethics and behavior: underestimated factors
  6. People, skills and competencies
  7. Services, infrastructure and applications
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Data Life Cycle Phases

P1.F.2 Data Governance

A
  1. Data capture: captured from a variety of sources
  2. Data maintenance: processing via create, read, update and delete (CRUD)
  3. Data synthesis: creating new data from existing data
  4. Data usage: extracting useful information from data
  5. Data analytics: usage that involves evaluating information to make decisions
  6. Data publication: reporting outside of the organization
  7. Data archival: storage of inactive data
  8. Data purging: deleting unwanted data
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Defenses from Cyberattacks
Detection Defenses

(P1.F.2 Data Governance)

A
  1. Antivirus software: scans storage systems and downloading activity for known threats (detection)
  2. Packet filtering: routers and firewalls can block packets based on source/ destination
  3. Intrusion detection system (IDS): monitors network for suspicious patterns in incoming traffic.
    4 Intrusion prevention system (IPS): blocks traffic flagged by IDS.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Defenses from Cyberattacks
Physical Defenses

(P1.F.2 Data Governance)

A
  1. Access control: physical barrier to on-site premises
  2. Biometrics: identification of authorized users via unique physical features of their bodies
  3. Do-not-carry rules: policy preventing employees and reps from carrying internet-connected devices under certain circumstances.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Defenses from Cyberattacks
Technological Defenses

(P1.F.2 Data Governance)

A
  1. Penetration test: sanctioned attempt to break into system to find vulnerabilities
  2. Vulnerability assessment: scans, prioritizes possible ways to penetrate
  3. Encryption: makes data unreadable by destinations without correct decryption key
  4. Authentication: act of ensuring the person trying to access system is who they claim to be
  5. Remote wipe capabilities (or mobile kill switch): tool to delete data stores on lost/stolen mobile devices
  6. Business continuity planning: critical for recovery from cyber incidents.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly