COBIT 5 and IT Governance Practice Flashcards

0.0(0)
Studied by 0 people
call kaiCall Kai
Locked
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
Card Sorting

1/29

flashcard set

Earn XP

Description and Tags

Internal vocabulary flashcards covering COBIT 5 domains, principles, GEIT optimization concepts, and IT control categories.

Last updated 8:04 AM on 7/9/26
Name
Mastery
Learn
Test
Matching
Spaced
Call with Kai
Chat

No analytics yet

Send a link to your students to track their progress

30 Terms

1
New cards

Align, Plan and Organize (APO)

The COBIT 5 domain that focuses on achieving strategic alignment between IT and business objectives, ensuring that IT solutions and services support the organization's goals.

2
New cards

Deliver, Service and Support (DSS)

The COBIT 5 domain addressing the operational management of IT, including the service desk, incident management, and operational security controls.

3
New cards

Build, Acquire and Implement (BAI)

The COBIT 5 domain that deals with identifying, developing, acquiring, configuring, and implementing IT solutions, as well as managing changes and projects.

4
New cards

Monitor, Evaluate and Assess (MEA)

The COBIT 5 domain centered on continuously monitoring, evaluating, and assessing IT processes to ensure compliance with policies and metrics.

5
New cards

Meeting Stakeholder Needs

The first principle of COBIT 5, which focuses on creating value for stakeholders by aligning IT goals with business objectives.

6
New cards

Covering the Enterprise End-to-End

The COBIT 5 principle recognizing that IT is integrated throughout the enterprise and governance must encompass both IT and non-IT functions.

7
New cards

Board of Directors

The body in Governance of Enterprise IT (GEIT) typically held accountable and responsible for setting the tone for IT governance.

8
New cards

Senior Management

The group in GEIT held responsible for the actual implementation and enforcement of IT governance policies.

9
New cards

Value Optimization

A GEIT concept that ensures IT investments deliver the expected benefits and optimum return on investment.

10
New cards

Risk Optimization

A GEIT concept focusing on identifying, assessing, and mitigating IT risks to safeguard organizational assets.

11
New cards

Resource Optimization

A GEIT concept dealing with the efficient and effective utilization of human, financial, and technical IT resources.

12
New cards

COSO Risk Management Framework

A high-level framework commonly used to manage organizational risk broadly and serving as a fundamental base for IT risk management.

13
New cards

Automated Controls

Controls built directly into software and hardware systems that function automatically without any human intervention.

14
New cards

Manual Controls

Controls that require direct human action, such as performing physical inventory checks or conducting manual approval signatures.

15
New cards

IT-dependent Controls

Hybrid controls involving technology features, like system-generated logs, combined with human input, like reviewing those logs.

16
New cards

Application Controls

Controls specific to individual software applications to ensure the authorization, completeness, and accuracy of processed transactions.

17
New cards

IT General Controls (ITGCs)

Controls applying across the entire IT environment to ensure secure, reliable, and continuous operation, such as change management and user access administration.

18
New cards

Defense in Depth / Multi-layered Approach

Implementing a balanced mix of preventive, detective, and corrective controls to ensure that if one control fails, others mitigate the risk.

19
New cards

GEIT (Governance of Enterprise IT)

The integration of IT governance within broader corporate governance, focusing on aligning IT strategy with business goals.

20
New cards

Separating Governance from Management

A COBIT 5 principle highlighting the critical distinction between the governing body's setting of direction and management's execution of operations.

21
New cards

Automatic Data Encryption

A specific automated control method that converts data into code during storage or transmission to prevent unauthorized access.

22
New cards

Principle of Least Privilege

A fundamental practice where access rights and authorities are granted strictly on a need-to-have basis.

23
New cards

Preventive Controls

Active controls designed to stop errors, omissions, or security incidents from occurring in the first place.

24
New cards

Detective Controls

Controls designed to uncover, flag, and report errors, omissions, or unauthorized activities after they have occurred.

25
New cards

Corrective Controls

Controls designed to remedy or fix the negative impact of an error or security incident once it has been uncovered.

26
New cards

Enterprise Risk Management (ERM)

A comprehensive, enterprise-wide strategy for identifying, assessing, prioritizing, and preparing for potential risks across the organization.

27
New cards

Accountability

A control environment element ensuring that for all decisions, transactions, and actions taken, it is possible to determine exactly who did what.

28
New cards

IT Governance Framework

The structured rules, practices, and processes by which an organization's IT resources and strategies are directed and controlled.

29
New cards

Input Controls

Specific application checks, such as field checks and validity checks, that ensure the integrity of data entered.

30
New cards

Error Prompts

An interactive alert that immediately notifies a user if data is entered in an incorrect format or type.