Chapter 2: IT governance

0.0(0)
studied byStudied by 0 people
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
Get a hint
Hint

Corporate Governance

Get a hint
Hint

Set of relationships among company management, board, shareholders and stakeholders

-Provides structure and framework

Get a hint
Hint

Enterprise Governance and IT

Get a hint
Hint

Implies a system in which all stakeholders, board, senior management internal customers provide input into the IT decision making process

-helps to ensure IT aligns with the business objectives

-Responsibility of BOD and upper management

Card Sorting

1/29

Anonymous user
Anonymous user
encourage image

There's no tags or description

Looks like no tags are added yet.

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

30 Terms

1
New cards

Corporate Governance

Set of relationships among company management, board, shareholders and stakeholders

-Provides structure and framework

2
New cards

Enterprise Governance and IT

Implies a system in which all stakeholders, board, senior management internal customers provide input into the IT decision making process

-helps to ensure IT aligns with the business objectives

-Responsibility of BOD and upper management

3
New cards

COBIT framework

Overarching framework for governance over management of enterprise and IT

Governance: ensures stakeholder needs, conditions, and options are considered for objectives and decision making

Developed by ISACA

4
New cards

Effective Information Security Governance

Senior management ensures there is fair representation of the enterprise

BOD and CEOs are accountable for information security governance

5
New cards

Strategic Planning

Long term planning an organization wants to take in leveraging IT

6
New cards

Business Intelligence

Broad field of IT that encompasses the collection and analysis of information to assist in decision making

7
New cards

Data Architecture

To deliver effective BI, need to design and implement data architecture

8
New cards

Presentation/desktop layer

where end users directly deal with information

9
New cards

Core data warehouse

Where all of the data of interest to an organization are captured and organized to assist in reporting analysis

10
New cards

Data mart layer

subsets of data warehouse organized to meet the needs of a particular business unit

11
New cards

Data staging and quality layer

responsible for data copying and quality control

12
New cards

Data access layer

operates to connect the data storage and quality layer

13
New cards

Data preparation layer

assembles data in the data marts

14
New cards

Metadata repository layer

for data that extends beyond data structure and formats. Provides detail on business purpose and context

15
New cards

Warehouse management layer

schedules tasks needed to build and populate data marts

16
New cards

Application messaging layer

transports information between various layers

17
New cards

Internet/intranet layer

data communication through internet protocol networking

18
New cards

Data Governance

Critical role is determining which BI initiatives to fund and establishing a business/IT advisory team

19
New cards

International Organization or Standardization (ISO/IEC 27000)

best practices that provides guidance on implementing and maintaining information security programs

20
New cards

Information Technology Infrastructure Library

developed by UK and includes information on how to achieve successful operational service

21
New cards

IT Standards, Policies, and Procedures

Standards: Mandatory requirements

Policies: High level statements for intent, expectations and direction

Information Security Policy: policies set by an org to protect information and related technology

Procedures: documented and defined for achieving objectives

22
New cards

IT Governing Committee (IT Strategy Committee)

Provides insight and advice including:

-alignment of IT and business direction

-achievement of strategic IT objectives

-availability of suitable IT resources

Advises the board and management on IT strategy and prepare strategy approval

-consists of board members

23
New cards

IT Governing Committee (IT Steering Committee)

-Decides on the overall level of spending and cost allocation

-approves project plans and budgets

-Monitors project plans for delivery

-oversees delivery of IT projects

-consists of key business executives, key advisors, and CISO

24
New cards

Senior Management

-implements effective security governance

-defines strategic security

25
New cards

CISO

sits on the steering committee

doesn't have to be the exact title (CEO, CIO, CRO)

26
New cards

Segregation of Duties within IT

Duties that should be segregated are:

-custody of assets

-authorization

-recording transactions

27
New cards

Risk Management Process

-Asset Identification, Evaluation of Threats and Vulnerabilities to Assets, evaluation of impact, calculation of risk, evaluation of and response to risk

28
New cards

Maturity Models

Ongoing performance measurement to assess the efficiency and effectiveness of implemented processes

29
New cards

IDEAL Model (initiating diagnosing establishing acting and learning model)

Software improvement model to plan and implement process improvements in software

30
New cards

Third Party Audit Reports

SOC1: report on service org's system of controls relevant to internal controls over financial reporting

SOC2: report on service org's system of controls relevant to security, availability and confidentiality

SOC3: more general than a SOC2 and used for widespread use. Does not focus on controls