Lesson 6. Governance and Risk

0.0(0)
Studied by 0 people
call kaiCall Kai
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
GameKnowt Play
Card Sorting

1/31

encourage image

There's no tags or description

Looks like no tags are added yet.

Last updated 4:40 AM on 6/2/26
Name
Mastery
Learn
Test
Matching
Spaced
Call with Kai

No analytics yet

Send a link to your students to track their progress

32 Terms

1
New cards

acceptance

The risk response where the risk owner accepts risk without providing or dedicating any resources in the effort to protect an asset

2
New cards

access and control policies

Security policies that detail how an organization’s assets can access and make changes to other assets in the organization

3
New cards

asset

An item of value to an institution such as data, hardware, software or physical property

4
New cards

asset inventory

An inventory of assets owned by an organization that details its value and any identified vulnerabilities

5
New cards

asset owner

An individual (or individuals) who has technical or domain-specific knowledge of an asset to provide support and expert recommendations to the risk owner for the appropriate risk response

6
New cards

avoidance

The risk response where the risk owner reduces or eliminates risks by utilizing resources or changing the probability of threats

7
New cards

change management

The policies and procedures for an organization to manage change to minimize the risk that any change can cause

8
New cards

classification

Identifying and labeling different sets of information and how much protection from threats the labeled sets require

9
New cards

communication policies

Policies an organization implements that deal with interactions between the organization and third parties

10
New cards

data portability

Another risk when utilizing the cloud. Data can be difficult or costly to extract from one CSP and import into another CSP

11
New cards

data privacy

Policies implemented by CSPs that govern responsibilities and requirements of keeping data private while it is on their infrastructure

12
New cards

department-specific policies

Policies implemented by an organization that are specific to a department instead of the entire organization as a whole, including security policies and other policies

13
New cards

findings

A document of a risk event, there are four types of finding documents produced: criminal, civil, regulatory, and operational

14
New cards

General Data Protection Regulation (GDPR)

A regulation in the European Union (EU) law on data protection and privacy for all EU residents

15
New cards

incident response

The defined procedure from a security policy once a risk event occurs to an asset or assets

16
New cards

mitigation

A risk response where the risk owner reduces the probability of a threat against an asset by utilizing resources

17
New cards

ownership

The authority to make responsible decisions to an identified risk or for the underlying asset

18
New cards

Payment Card Industry Data Security Standard (PCI DSS)

A compliance requirement for processing or handling credit card transactions

19
New cards

policies

Thoughts, ideas, or principles that give direction for actions to be performed by individuals or organizations as a whole

20
New cards

procedures

A set of steps or actions that should be taken to enact a policy once events occur

21
New cards

qualitative risk assessment

Ranking risks or asset value based on experience, intuition, or a specific scenario

22
New cards

quantitative risk assessment

Assigning a monetary value to the elements of risk or the assets themselves

23
New cards

reporting

Providing an account of observed activity or usage

24
New cards

resource group

A collection of resources that can be grouped or are similar that allows them to be managed as a whole or with broad policies

25
New cards

resource management

The policies and procedures that an organization implements to manage its resources and the risks associated with its assets

26
New cards

risk

The probability or likelihood of the occurrence or realization of a threat

27
New cards

risk owner

A management-level position that will decide and assume the risk response to identified risks

28
New cards

risk register

Documentation of every risk identified by an organization, used by management in formulating appropriate response to risks

29
New cards

risk response

A decision made by the risk owner as being the appropriate level of protection for an asset in response to risk

30
New cards

security policies

A document that defines the scope of security needed by the organization and discusses the assets that require protection

31
New cards

standard operating procedures (SOP)

Procedures that are documented for initiating a change in an organization

32
New cards

threat

Any agent, condition, or circumstance that could potentially cause harm, loss, damage, or compromise to an IT asset or data asset