ITEC 3500 - L2: IT Risk Universe from a Business Perspective

0.0(0)
studied byStudied by 0 people
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
Card Sorting

1/26

encourage image

There's no tags or description

Looks like no tags are added yet.

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

27 Terms

1
New cards

Risk IT Principles

  1. Connect to Business Objectives

  2. Align IT Risk Management With ERM

  3. Balance Cost/Benefit of IT Risk

  4. Promote Fair and open Communication

  5. Establish Tone at the Top and Accountability

  6. Function as Part of Daily Activities

2
New cards

IT Risk Management (ITRM)

  1. Risk & Compliance: Responding & Managing Regulatory Requirements

  2. Infromation Security: Managing & Mitigating External & Internal Security Threats

  3. IT Governance: Aligning IT Delivery with Business Requirements

  4. Service Assurance: Enabling Operational Effectiveness & Efficiency

3
New cards

Options to respond to an identified risk

1. Remediate or mitigate the risk
2. Avoid the risk
3. Transfer the risk
4. Accept the risk

4
New cards

Key considerations when selecting an option

A) Cost vs. benefits
B) Only business owners can accept risk
C) Rare to eliminate risk entirely

5
New cards

Risk appetite

Enterprise-level statement defining risk tolerance based on expertise and alignment with business objectives

6
New cards

Risk tolerance

Tolerable deviation from risk appetite level, requiring case-by-case approval

7
New cards

Inherent risk

Risk level without considering management actions

8
New cards

Controls

Technical, administrative, or physical measures to mitigate risks

9
New cards

Control effectiveness

Assessed as highly effective, somewhat effective, or not effective

10
New cards

Residual risk

Remaining risk after risk response implementation, aiming to reduce to an acceptable level

11
New cards

Business Continuity Planning (BCP)

Ensuring business functionality in adverse situations like disasters

12
New cards

Disaster Recovery (DR)

Focused on recovering IT systems to maintain business operations

13
New cards

Business Impact Analysis (BIA)

Examination of business processes to understand recovery objectives

14
New cards

Recovery Time Objective (RTO)

Earliest time to restore a business process after a disaster to avoid consequences

15
New cards

Recovery Point Objective (RPO)

Acceptable data loss measured in time, determining backup frequency

16
New cards

Maximum Tolerable Downtime (MTD)

Total time a business process can be disrupted without causing unacceptable consequences

17
New cards

Full backup

Complete copy of entire data set, time-consuming but simplifies recovery

18
New cards

Incremental backup

Backup method that only backs up data that has changed since the last full or incremental backup.

19
New cards

Differential backup

Backup method that includes all data changed since the last full backup.

20
New cards

Hot site

Recovery site with all necessary equipment and IT systems ready for quick deployment.

21
New cards

Warm site

Recovery site partially equipped with basic resources, requiring longer setup time than a hot site.

22
New cards

Cold site

Basic recovery site with minimal equipment, suitable for low-cost recovery solutions.

23
New cards

Hash function

Function that converts input passwords into fixed-size hashes for security purposes.

24
New cards

Salting

Process of adding random values to hashed output to enhance security, particularly against rainbow table attacks.

25
New cards

Symmetric encryption

Encryption method using a single secret key for both encryption and decryption processes.

26
New cards

Asymmetric encryption

Encryption method using a pair of public and private keys for secure communication.

27
New cards

Digital signature

Electronic validation method ensuring the integrity and authenticity of a message.