Standards & Control Frameworks Flashcards

1
Q

Explain FMEA

A

Failure Mode and Effect Analysis
Functions>Function Failures>Assess Failures>Failure Effects
Simple Systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Explain COSO

A

Developed by Committee of Sponsoring Organizations of the Treadway Commission
Reduce the risk of Financial Fraud
Corporate Governance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Explain CMMI

A

Capability Maturity Model Integration

Process Improvement Model

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Explain Octave

A

Operationally Critical Threat, Asset, and Vulnerability Evaluation
Developed by Carnegie Mellon University
People inside the organization, assisted by a workshop facilitator, conduct the assessment
Wide Scope
Three Phases:
Identifies Staff Knowledge, Assets, & Threats
Identifies Vulnerabilities & Evaluates Safeguards
Conducts Risk Analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Explain Cobit

A
Control OBjectives for Information and related Technology
Developed by ISACA (Information Systems Audit and Control Association
Four Domains:
Plan and Organize
Acquire and Implement
Deliver and Support
Monitor and Evaluate
34 Processes
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Explain Six Sigma

A

Developed by Motorola

Improve process quality, reducing defects and waste

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Explain ITIL

A

Information Technology Infrastructure Library
Developed by UK
Framework for providing best services in IT Service Management
Five Service Management Practices

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Explain CRAMM

A
Central Computing and Telecommunications Agency Risk Analysis and Management Method
Developed by United Kingdom
Sold by Sieman
Three stages:
Define Objectives
Assess Risks
Identify Countermeasures
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

SABSA

A

Model and methodology for development of information security enterprise architectures.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Explain ISO 17799

A

IT-Security Techniques-Code of Practice for ISM
Was BS 7799 Part 1 (BS7799 Part 2 was renumbered 27001)
Had 11 areas
Renumbered to 27002

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Explain Fault Tree Analysis

A

Complex Systems

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Explain FRAP

A

Facilitated Risk Analysis Process

Qualitative, narrow scope

How well did you know this?
1
Not at all
2
3
4
5
Perfectly