GRC Cybersecurity Notes

0.0(0)
studied byStudied by 0 people
linked notesView linked note
GameKnowt Play
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
Card Sorting

1/20

encourage image

There's no tags or description

Looks like no tags are added yet.

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

21 Terms

1
New cards
What is GRC in Cybersecurity?
GRC (Governance, Risk Management, and Compliance) is an integrated framework for aligning IT with business objectives, managing risks, and ensuring adherence to laws and regulations in cybersecurity.
2
New cards
What are the three core components of GRC?
Governance, Risk Management, and Compliance.
3
New cards
What does 'Governance' entail in GRC?
Governance establishes policies, roles, and accountability within an organization to protect digital resources and align with company goals.
4
New cards
What is the purpose of 'Risk Management' in GRC?
Risk management identifies, assesses, and mitigates threats to the confidentiality, integrity, and availability of data and systems.
5
New cards
What does 'Compliance' ensure in GRC?
Compliance ensures adherence to applicable laws, regulations, and standards (e.g., GDPR, HIPAA, ISO 27001).
6
New cards
What is the CIA triad in cybersecurity?
Confidentiality, Integrity, and Availability.
7
New cards
How is risk typically calculated in cybersecurity?
Risk is calculated using the formula: Risk = Likelihood \times Impact.
8
New cards
Name three types of cybersecurity controls.
Preventive (e.g., firewalls), detective (e.g., Intrusion Detection Systems - IDS), and corrective (e.g., incident response).
9
New cards
What are some common cyber risks mentioned?
Malware (viruses, ransomware), phishing variants, and password attacks.
10
New cards

GRC in Cybersecurity

An integrated framework for aligning IT with business objectives, managing risks, and ensuring adherence to laws and regulations in cybersecurity. It also aims to make cybersecurity accessible to non-technical professionals.

11
New cards

Cybersecurity

The protection of systems, networks, and data from digital threats.

12
New cards

Governance

In GRC, it establishes policies, roles, and accountability for protecting digital resources, aligning with company goals, risk tolerance, and regulatory mandates.

13
New cards

Risk Management

In GRC, it identifies, assesses, and mitigates threats to confidentiality, integrity, and availability of data, as well as managing and monitoring cyber risks.

14
New cards

Compliance

In GRC, it ensures adherence to laws, regulations, and standards (e.g., GDPR, HIPAA, PCI DSS, SOX, NIST CSF, ISO 27001).

15
New cards

CIA Triad

Core concepts of cybersecurity: Confidentiality, Integrity, and Availability.

16
New cards

Risk Calculation

Risk = Likelihood \times Impact

17
New cards

Common Cybersecurity Risks

Malware (viruses, ransomware), phishing variants, and password attacks.

18
New cards

Quantitative Risk Math

Risk = Likelihood \times Impact

19
New cards

GRC Tools

Specialized software (e.g., RSA Archer, Hyperproof) for optimizing governance, risk, and compliance workflows and supporting automation.

20
New cards

Core GRC Skills for Non-Tech Professionals

Communication, Analytical/Problem-Solving, Continuous Learning, Regulatory Knowledge, Project Management, Collaboration, Attention to Detail, Decision-Making, Resilience, and Adaptability.

21
New cards

Useful GRC Certifications

CISA, CISM, CRISC, CIPP, CRCM.

Explore top notes

Explore top flashcards