Section 11: Governance and Compliance

0.0(0)
studied byStudied by 0 people
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
Card Sorting

1/23

encourage image

There's no tags or description

Looks like no tags are added yet.

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

24 Terms

1
New cards

governance

overall management of the organization’s IT infrastructure, pollicies, procedures, and operations

2
New cards

compliance

adherence to laws, regulations, standards, and policies that apply to the operations of the organization

3
New cards

governance structures

  1. boards

  2. committees

  3. governement entities

  4. centralized and decentralized

4
New cards

boards

elected by shareholders to set strategic direction, policies, and major decision

5
New cards

committees

subgroup of boards that focus on detailed attention to complex areas

6
New cards

government entities

establish laws and regulations for compliance

7
New cards

centralized structures

decision making authority at top management levels that ensure consistent decions and clear authority

8
New cards

decentralized structures

decison making authority distributed throughout the organization making it a quicker than centralized structures but potentially inconsisent

9
New cards

acceptable use policy (AUP)

the do’s and don’ts for users when interacting with an organizationa IT systems and resources

10
New cards

information security policies

outlines how an organization protects its information assets from internal and external threats

  • enforces CIA

11
New cards

business continuity policy

ensures operations continue during and after disruptions

12
New cards

disaster recovery policy

focuses on IT systems and data recovery/backup after disasters

13
New cards

incident response policy

addresses detection, reporting, assessment, response, and learning from security incidents

14
New cards

software development lifecycle (SDLC) policy

guides software development stages for requirements to maintenance

15
New cards

change management policy

handling of IT system/process changes

  • controlled, coordinated change implementation to minimize disruptions

16
New cards

access control models

  • discretionary (DAC)

  • mandatory (MAC)

  • role based (RBAC)

17
New cards

regulatory considerations

comply with regulations depending on industry and locatin

18
New cards

legal considerations

complement regulatory considerations, encompassing contract, intellectual property, and corporate law

19
New cards

industry considerations

indsutry-specific standards, practices, and guidelines

20
New cards

geographical considerations

regulations that impact organizations at local, regional, national, and global levels

21
New cards

types of compliance reporting

  • internal

  • external

22
New cards

due care

mitigating identified risks

23
New cards

attestation

formal declaration by a responsible pary that the organization’s processes and controls are compliant

24
New cards

sanctions

strict measures by regulatory bodies to enforce compliance

  • range from restrictions to bans