Governance Basics in Information Security

0.0(0)
Studied by 0 people
call kaiCall Kai
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
GameKnowt Play
Card Sorting

1/25

flashcard set

Earn XP

Description and Tags

These flashcards cover key concepts in information security governance, including definitions, roles, policies, compliance, and frameworks.

Last updated 6:59 AM on 4/14/26
Name
Mastery
Learn
Test
Matching
Spaced
Call with Kai

No analytics yet

Send a link to your students to track their progress

26 Terms

1
New cards

Information Security Governance

The system by which an organization directs and controls information security to support business objectives.

2
New cards

Primary Goal of Security Governance

Align security with business goals and ensure risk is managed at the enterprise level.

3
New cards

Responsibility for Information Security Governance

Senior management and the board of directors.

4
New cards

Role of Security Manager in Governance

Implement and manage the security program to support business strategy.

5
New cards

Difference between Governance and Management

Governance involves direction, oversight, and strategy; Management involves execution, implementation, and operations.

6
New cards

Risk Appetite

The amount of risk the organization is willing to accept.

7
New cards

Policy

High-level management statement of intent and direction.

8
New cards

Standard

Mandatory rules that support policies.

9
New cards

Procedure

Step-by-step instructions on how to perform tasks.

10
New cards

Guideline

Recommended practices; optional and flexible.

11
New cards

Board's Role in Security

Provide oversight, approve strategy, set risk appetite.

12
New cards

Senior Management's Role

Allocate resources, support the program, enforce policies.

13
New cards

Information Security Manager's Role

Implement and operate the security program.

14
New cards

Due Care

Acting responsibly to protect assets.

15
New cards

Due Diligence

Ongoing monitoring to ensure controls remain effective.

16
New cards

COBIT

IT governance and management framework.

17
New cards

ISO 27001

International standard for establishing and maintaining an ISMS (Information Security Management System).

18
New cards

ISMS

A structured approach to managing information security risks.

19
New cards

Primary Driver of the Security Program

Business objectives.

20
New cards

Most Important Factor in Security Initiatives

Business impact.

21
New cards

Risk Tolerance

Acceptable deviation from risk appetite.

22
New cards

Purpose of a Steering Committee

Provide oversight, resolve conflicts, ensure alignment with business.

23
New cards

Purpose of Metrics in Governance

Measure program effectiveness and support decision-making.

24
New cards

Purpose of a Charter

Define authority, scope, and responsibilities of the security function.

25
New cards

Purpose of Compliance Requirements

Ensure the organization meets legal, regulatory, and contractual obligations.

26
New cards

Responsibility for Ensuring Compliance

Senior management (security manager supports).