Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
10 Cards in this Set
- Front
- Back
|
Framework and policies, concepts, principles, structures, and standards describes what
|
Domain 1, Information Security & Risk Management
|
|
|
three categories of internal control standards
|
1. general standards
2. specific standards, and 3. audit resolution standards |
|
|
Ensures that the appropriate policies, procedures, standards, and guidelines are implemented to provide the proper balance of security controls with business
operations |
Security Management
|
|
|
Who ultimately makes the final decision on the level of security expenditures and the risk they are willing to take?
|
Senior Management
|
|
|
Core Information Security Principles:
|
Confidentiality, Integrity and Availability
|
|
|
principle that only authorized individuals, processes, or systems should have access to information on a need-to-know basis
|
Confidentiality
|
|
|
principle that information should be protected from intentional, unauthorized,
or accidental changes |
Integrity
|
|
|
principle that information is accessible by users when needed
|
Availability
|
|
|
Ensures that the department can function without the computer system within a defined period using alternate processes
|
Business Continuity Planning
|
|
|
Ensures the recovery of the information technology processing capability at a permanent site to an acceptable operational state
|
Disaster Recovery Planning
|
