Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
31 Cards in this Set
- Front
- Back
|
risk management process |
- identify - analyze - plan - track - control |
|
|
IT Services Processes |
- IT Service Delivery: services, IT continuity services, financial, capacity, availability
- IT Service Support: configuration, release, incident, problem, change |
|
|
service portfolio |
- define - analyze - approve - charter |
|
|
CIA Triad |
- confidentiality: keep data private
- integrity: prevent physical and logical corruption of data
- availability: timely access to data |
|
|
Information Assurance |
- superset of informaion security
- uses interdisciplinary measures to enable CIA and non-repudiation |
|
|
Risk Appetite |
- willingness to accept risk for potential gain |
|
|
Governance |
- oversight of management
- establishment and monitoring of chains of responsibility
- job of The Board |
|
|
Strategy v Tactics |
- strategy is broad in scope, tactical is specific
- strategy occurs prior to action, tactical occurs during
- strategy deploys resources, tactical employs them |
|
|
Portfolio Management v Project Management |
- portfolio is strategic, project is tactical
- portfolio is aggregate, project is specific |
|
|
SLDC Waterfall Model |
- analyze, design, develop, test, deploy
- high cost of change
- high risk of making too many features or making the wrong thing the right way |
|
|
Cloud Delivery Models |
- software as a service: develop and user interact
- platform as a service: developer uploads application to a controller
- infrastructure as a service: developer uses a virtual machine |
|
|
RACI Charts |
- Responsible Accountable Consult Inform
- establishes roles and responsibilities for IT governance |
|
|
IT Service Statements |
- vision: values of business
- mission: longterm commitments to stakeholders
- objectives: tied to measurable goals |
|
|
Cybersecurity Risk |
- uncertainty of an adverse event relating to cybersecurity |
|
|
OCTAVE |
- Operationally Critical Threat, Asset, Vulnerability Evaluation
- for small organizations
- people in organization take responsibility for cybersecurity |
|
|
Agile Governance |
- Agility: responding to change to obtain profit in a turbulent business environment
- Lean: follow the client's priorities
|
|
|
Agile Manifesto |
- individuals&interactions - working software - customer relations - earning&growth |
|
|
Core Functions of Project Risk Management |
- time - scope - quality - cost |
|
|
SCRUM Frameworks |
- Roles: owner, scrum master, team
- ceremonies: planning, review, retrospect, daily meeting
- artifacts: project backlog, sprint backlog, burndown chart |
|
|
Service Life Cycle |
- service strategy - service design - service transition - service operations - continual service operations |
|
|
BCM Lifecycle |
- analyze (Business Impact Assessments) - develop - implement |
|
|
Business Continuity Process |
- business as usual - disaster recovery - incident handling - alternate business processes - business restoration - business resumption - business as usual |
|
|
IT Business Process Measures |
- money - business - profit - learning |
|
|
DREAD Model |
- Damage potential, Reproducibility, Exploitation, Affected users, Discoverability
- Risk = probability x damage |
|
|
Incident Management Process |
- id - respond - recovery - review |
|
|
pitfalls of Incident Management Process |
- inadequate incident management policy
- inadequate authority given to assigned individuals
- lack of documentation of standards&procedures |
|
|
Types of COSO Risks |
- strategic - tactical - operations - reporting - compliance |
|
|
COSO Internal Controls |
- control environment - control activities - risk assessments - communications & information - monitoring |
|
|
COBIT Questions |
- strategic: are we doing the right things?
- tactical: are we doing those things right?
- customer: are you doing them well?
- shareholder: are we seeing the benefits? |
|
|
IT Governance |
- (enterprise management) + (corporate management) + (corporate compliance)
- 3 domains: risk governance, risk response, risk evaluation |
|
|
4 Perspectives of Balanced Score Card |
- financial (shareholders) - customer - internal (processes) - growth (improvement) |
