Risk Management Flashcards
What are standard operating procedures?
Important day-to-day processes that happen regularly through the same steps
What are interoperability agreements?
Legal documented agreements
What are some examples of common agreements?
Service Level Agreement (SLA) Business Partners Agreement (BPA) Interconnection Security Agreement (ISA) Memorandum of Understanding (MOU) Memorandum of Agreement (MOA)
What are examples of business policies?
Mandatory Vacations (for better chance of identifying fraud) Job rotation (no one maintains control for long period of time) Separation of duties (no single person has all the details for a function) Dual control (both people must be present to perform the action) Clean desk policy (limit exposure)
What is an Acceptable Use Policy (AUP)?
Detailed documentation of different topics regarding the organization - Internet, Telephone, Computer, etc.
What are Role-based security awareness training?
User training to pass down the responsibilities for each of them
Who is the data owner?
Executive level manager, responsible for the security of the data and compliance
What is a system administrator
Administrator of the systems that enable the application and data
What is a system owner?
Someone that makes decisions about the overall operation of the application and data
Defines security and backup policies
Manages changes and updates
What are some user roles?
User
Privileged user
Executive user
What are important points when considering the impact?
Life Property Safety Finance Reputation
What is a Privacy Threshold Analysis (PTA)?
The first process into compliance, where privacy-sensitive business processes are identified and determined
What is a Privacy Impact Assessment (PIA)?
Assessment to ensure privacy laws and regulations
Know what PII is collected and why
How the PII is collected, used and secured