1/29
Internal vocabulary flashcards covering COBIT 5 domains, principles, GEIT optimization concepts, and IT control categories.
Name | Mastery | Learn | Test | Matching | Spaced | Call with Kai | Chat |
|---|
No analytics yet
Send a link to your students to track their progress
Align, Plan and Organize (APO)
The COBIT 5 domain that focuses on achieving strategic alignment between IT and business objectives, ensuring that IT solutions and services support the organization's goals.
Deliver, Service and Support (DSS)
The COBIT 5 domain addressing the operational management of IT, including the service desk, incident management, and operational security controls.
Build, Acquire and Implement (BAI)
The COBIT 5 domain that deals with identifying, developing, acquiring, configuring, and implementing IT solutions, as well as managing changes and projects.
Monitor, Evaluate and Assess (MEA)
The COBIT 5 domain centered on continuously monitoring, evaluating, and assessing IT processes to ensure compliance with policies and metrics.
Meeting Stakeholder Needs
The first principle of COBIT 5, which focuses on creating value for stakeholders by aligning IT goals with business objectives.
Covering the Enterprise End-to-End
The COBIT 5 principle recognizing that IT is integrated throughout the enterprise and governance must encompass both IT and non-IT functions.
Board of Directors
The body in Governance of Enterprise IT (GEIT) typically held accountable and responsible for setting the tone for IT governance.
Senior Management
The group in GEIT held responsible for the actual implementation and enforcement of IT governance policies.
Value Optimization
A GEIT concept that ensures IT investments deliver the expected benefits and optimum return on investment.
Risk Optimization
A GEIT concept focusing on identifying, assessing, and mitigating IT risks to safeguard organizational assets.
Resource Optimization
A GEIT concept dealing with the efficient and effective utilization of human, financial, and technical IT resources.
COSO Risk Management Framework
A high-level framework commonly used to manage organizational risk broadly and serving as a fundamental base for IT risk management.
Automated Controls
Controls built directly into software and hardware systems that function automatically without any human intervention.
Manual Controls
Controls that require direct human action, such as performing physical inventory checks or conducting manual approval signatures.
IT-dependent Controls
Hybrid controls involving technology features, like system-generated logs, combined with human input, like reviewing those logs.
Application Controls
Controls specific to individual software applications to ensure the authorization, completeness, and accuracy of processed transactions.
IT General Controls (ITGCs)
Controls applying across the entire IT environment to ensure secure, reliable, and continuous operation, such as change management and user access administration.
Defense in Depth / Multi-layered Approach
Implementing a balanced mix of preventive, detective, and corrective controls to ensure that if one control fails, others mitigate the risk.
GEIT (Governance of Enterprise IT)
The integration of IT governance within broader corporate governance, focusing on aligning IT strategy with business goals.
Separating Governance from Management
A COBIT 5 principle highlighting the critical distinction between the governing body's setting of direction and management's execution of operations.
Automatic Data Encryption
A specific automated control method that converts data into code during storage or transmission to prevent unauthorized access.
Principle of Least Privilege
A fundamental practice where access rights and authorities are granted strictly on a need-to-have basis.
Preventive Controls
Active controls designed to stop errors, omissions, or security incidents from occurring in the first place.
Detective Controls
Controls designed to uncover, flag, and report errors, omissions, or unauthorized activities after they have occurred.
Corrective Controls
Controls designed to remedy or fix the negative impact of an error or security incident once it has been uncovered.
Enterprise Risk Management (ERM)
A comprehensive, enterprise-wide strategy for identifying, assessing, prioritizing, and preparing for potential risks across the organization.
Accountability
A control environment element ensuring that for all decisions, transactions, and actions taken, it is possible to determine exactly who did what.
IT Governance Framework
The structured rules, practices, and processes by which an organization's IT resources and strategies are directed and controlled.
Input Controls
Specific application checks, such as field checks and validity checks, that ensure the integrity of data entered.
Error Prompts
An interactive alert that immediately notifies a user if data is entered in an incorrect format or type.