ISACA CRISC Exam | Questions with 100%
Correct Answers | Latest Version 2026 | Expert
Verified
Save
Terms in this set (78)
Access control The processes, rules and deployment
mechanisms that control access to information
systems, resources and physical access to
premises.
Access rights The permission or privileges granted to users,
programs or workstations to create, change,
delete or view data and files within a system, as
defined by rules established by data owners and
the information security policy.
Application controls The policies, procedures and activities designed
to provide reasonabl
e assurance that objectives relevant to a given
automated solution (application) are achieved.
Asset Something of either tangible or intangible value
that is worth protecting, including people,
information, infrastructure, finances and
reputation.
,Authentication 1. The act of verifying identity (i.e., user, system)
Scope Note: Risk: Can also refer to the
verification of the correctness of a piece of data.
2. The act of verifying the identity of a user and
the user's eligibility to access computerized
information.
Scope Note: Assurance: Authentication is
designed to protect against fraudulent logon
activity. It can also refer to the verification of the
correctness of a piece of data verification of the
correctness of a piece of data.
Availability Ensuring timely and reliable access to and use of
information.
Balanced scorecard (BSC) Developed by Robert S. Kaplan and David P.
Norton as a coherent set of performance
measures organized into four categories that
includes traditional financial measures, but adds
customer, internal business process, and learning
and growth perspectives.
Business case Documentation of the rationale for making a
business investment, used both to support a
business decision on whether to proceed with
the investment and as an operational tool to
support management of the investment through
its full economic life cycle
Business continuity plan (BCP) A plan used by an enterprise to respond to
disruption of critical business processes.
Depends on the contingency plan for restoration
of critical systems.
, Business goal The translation of the enterprise's mission from a
statement of intention into performance targets
and results.
Business impact The net effect, positive or negative, on the
achievement of business objectives.
Business impact Evaluating the criticality and sensitivity of
analysis/assessment (BIA) information assets.
An exercise that determines the impact of losing
the support of any resource to an enterprise,
establishes the escalation of that loss over time,
identifies the minimum resources needed to
recover, and prioritizes the recovery of
processes and the supporting system.
Scope Note: This process also includes
addressing:
- Income loss
- Unexpected expense
- Legal issues (regulatory compliance or
contractual)
- Interdependent processes
- Loss of public reputation or public confidence
Business objective A further development of the business goals into
tactical targets and desired results and outcomes
Correct Answers | Latest Version 2026 | Expert
Verified
Save
Terms in this set (78)
Access control The processes, rules and deployment
mechanisms that control access to information
systems, resources and physical access to
premises.
Access rights The permission or privileges granted to users,
programs or workstations to create, change,
delete or view data and files within a system, as
defined by rules established by data owners and
the information security policy.
Application controls The policies, procedures and activities designed
to provide reasonabl
e assurance that objectives relevant to a given
automated solution (application) are achieved.
Asset Something of either tangible or intangible value
that is worth protecting, including people,
information, infrastructure, finances and
reputation.
,Authentication 1. The act of verifying identity (i.e., user, system)
Scope Note: Risk: Can also refer to the
verification of the correctness of a piece of data.
2. The act of verifying the identity of a user and
the user's eligibility to access computerized
information.
Scope Note: Assurance: Authentication is
designed to protect against fraudulent logon
activity. It can also refer to the verification of the
correctness of a piece of data verification of the
correctness of a piece of data.
Availability Ensuring timely and reliable access to and use of
information.
Balanced scorecard (BSC) Developed by Robert S. Kaplan and David P.
Norton as a coherent set of performance
measures organized into four categories that
includes traditional financial measures, but adds
customer, internal business process, and learning
and growth perspectives.
Business case Documentation of the rationale for making a
business investment, used both to support a
business decision on whether to proceed with
the investment and as an operational tool to
support management of the investment through
its full economic life cycle
Business continuity plan (BCP) A plan used by an enterprise to respond to
disruption of critical business processes.
Depends on the contingency plan for restoration
of critical systems.
, Business goal The translation of the enterprise's mission from a
statement of intention into performance targets
and results.
Business impact The net effect, positive or negative, on the
achievement of business objectives.
Business impact Evaluating the criticality and sensitivity of
analysis/assessment (BIA) information assets.
An exercise that determines the impact of losing
the support of any resource to an enterprise,
establishes the escalation of that loss over time,
identifies the minimum resources needed to
recover, and prioritizes the recovery of
processes and the supporting system.
Scope Note: This process also includes
addressing:
- Income loss
- Unexpected expense
- Legal issues (regulatory compliance or
contractual)
- Interdependent processes
- Loss of public reputation or public confidence
Business objective A further development of the business goals into
tactical targets and desired results and outcomes
