ISACA CRISC Glossary Terms Exam 156:
Questions and Answers,
Access Control - CORRECT ANSWER>>The processes, rules and
deployment mechanisms that control access to information systems,
resources and physical access to premises
Access Rights - CORRECT ANSWER>>The permission or privileges
granted to users, programs or workstations to create, change, delete or
view data and files within a system, as defined by rules established by data
owners and the information security policy.
Accountability - CORRECT ANSWER>>The ability to map a given activity
or event back to the responsible party.
Advanced persistent threat (APT) - CORRECT ANSWER>>An adversary
that possesses sophisticated levels of expertise and significant resources
which allow it
to create opportunities to achieve its objectives using multiple attack
vectors (NIST SP800-61).
The APT: 1. pursues its objectives repeatedly over an extended period of
time
2. Adapts to defenders' efforts to resist it
3. is determined to maintain the level of interaction needed to execute its
objectives
Application Controls - CORRECT ANSWER>>The policies, procedures and
activities designed to provide reasonable assurance that objectives
relevant to a given automated solution (application) are achieved.
Architecture - CORRECT ANSWER>>Description of the fundamental
underlying design of the components of the business system, or of one
,element of the business system (e.g., technology), the relationships among
them, and the manner in which they support enterprise objectives.
Asset - CORRECT ANSWER>>Something of either tangible or intangible
value that is worth protecting, including people, information, infrastructure,
finances and reputation.
Asset Value - CORRECT ANSWER>>The value of an asset is subject to
many factors including the value of both the business and to competitors.
Asset value is usually done using a quantitative (monetary) value
Authentication - CORRECT ANSWER>>1. The act of verifying identity, i.e.,
user, system.
Risk: Can also refer to the verification of the correctness of a piece of data.
2. The act of verifying the identity of a user, the user's eligibility to access
computerized information.
Assurance: Authentication is designed to protect against fraudulent logon
activity.
It can also refer to the verification of the correctness of a piece of data.
Authenticity - CORRECT ANSWER>>Undisputed authorship
Availability - CORRECT ANSWER>>Ensuring timely and reliable access to
and use of information
Awareness - CORRECT ANSWER>>Being acquainted with, mindful of,
conscious of and well informed on a specific subject, which implies knowing
and understanding a subject and acting accordingly.
Balanced Scorecard (BSC) - CORRECT ANSWER>>Developed by Robert
S. Kaplan and David P. Norton as a coherent set of performance measures
organized into four categories that includes traditional financial measures,
but adds customer, internal business process, and learning and growth
perspectives.
, Business Case - CORRECT ANSWER>>Documentation of the rationale for
making a business investment, used both to support a business decision
on whether to proceed with the investment and as an operational tool to
support management of the investment through its full economic life cycle
Business Continuity - CORRECT ANSWER>>Preventing, mitigating and
recovering from disruption
Scope Notes: The terms 'business resumption planning', 'disaster recovery
planning' and 'contingency planning' also may be used in this context;
they focus on recovery aspects of continuity, and for that reason the
'resilience' aspect should also be taken into account.
COBIT 5 perspective
Business Continuity Plan (BCP) - CORRECT ANSWER>>A plan used by
an enterprise to respond to disruption of critical business processes.
Depends on the contingency plan for restoration of critical systems.
Business Goal - CORRECT ANSWER>>The translation of the enterprise's
mission from a statement of intention into performance targets and results.
Business Impact - CORRECT ANSWER>>The net effect, positive or
negative, on the achievement of business objectives
Business Impact Analysis/Assessment (BIA) - CORRECT
ANSWER>>Evaluating the criticality and sensitivity of information assets.
An exercise that determines the impact of losing the support of any
resource to an enterprise, establishes the escalation of that loss over time,
identifies the minimum resources needed to recover, and prioritizes the
recovery of processes and the supporting system.
Scope Notes: This process also includes addressing: Income loss,
Unexpected expense, Legal issues (regulatory compliance or contractual),
Interdependent processes, Loss of public reputation or public confidence.
Business Objective - CORRECT ANSWER>>A further development of the
business goals into tactical targets and desired results and outcomes.
Questions and Answers,
Access Control - CORRECT ANSWER>>The processes, rules and
deployment mechanisms that control access to information systems,
resources and physical access to premises
Access Rights - CORRECT ANSWER>>The permission or privileges
granted to users, programs or workstations to create, change, delete or
view data and files within a system, as defined by rules established by data
owners and the information security policy.
Accountability - CORRECT ANSWER>>The ability to map a given activity
or event back to the responsible party.
Advanced persistent threat (APT) - CORRECT ANSWER>>An adversary
that possesses sophisticated levels of expertise and significant resources
which allow it
to create opportunities to achieve its objectives using multiple attack
vectors (NIST SP800-61).
The APT: 1. pursues its objectives repeatedly over an extended period of
time
2. Adapts to defenders' efforts to resist it
3. is determined to maintain the level of interaction needed to execute its
objectives
Application Controls - CORRECT ANSWER>>The policies, procedures and
activities designed to provide reasonable assurance that objectives
relevant to a given automated solution (application) are achieved.
Architecture - CORRECT ANSWER>>Description of the fundamental
underlying design of the components of the business system, or of one
,element of the business system (e.g., technology), the relationships among
them, and the manner in which they support enterprise objectives.
Asset - CORRECT ANSWER>>Something of either tangible or intangible
value that is worth protecting, including people, information, infrastructure,
finances and reputation.
Asset Value - CORRECT ANSWER>>The value of an asset is subject to
many factors including the value of both the business and to competitors.
Asset value is usually done using a quantitative (monetary) value
Authentication - CORRECT ANSWER>>1. The act of verifying identity, i.e.,
user, system.
Risk: Can also refer to the verification of the correctness of a piece of data.
2. The act of verifying the identity of a user, the user's eligibility to access
computerized information.
Assurance: Authentication is designed to protect against fraudulent logon
activity.
It can also refer to the verification of the correctness of a piece of data.
Authenticity - CORRECT ANSWER>>Undisputed authorship
Availability - CORRECT ANSWER>>Ensuring timely and reliable access to
and use of information
Awareness - CORRECT ANSWER>>Being acquainted with, mindful of,
conscious of and well informed on a specific subject, which implies knowing
and understanding a subject and acting accordingly.
Balanced Scorecard (BSC) - CORRECT ANSWER>>Developed by Robert
S. Kaplan and David P. Norton as a coherent set of performance measures
organized into four categories that includes traditional financial measures,
but adds customer, internal business process, and learning and growth
perspectives.
, Business Case - CORRECT ANSWER>>Documentation of the rationale for
making a business investment, used both to support a business decision
on whether to proceed with the investment and as an operational tool to
support management of the investment through its full economic life cycle
Business Continuity - CORRECT ANSWER>>Preventing, mitigating and
recovering from disruption
Scope Notes: The terms 'business resumption planning', 'disaster recovery
planning' and 'contingency planning' also may be used in this context;
they focus on recovery aspects of continuity, and for that reason the
'resilience' aspect should also be taken into account.
COBIT 5 perspective
Business Continuity Plan (BCP) - CORRECT ANSWER>>A plan used by
an enterprise to respond to disruption of critical business processes.
Depends on the contingency plan for restoration of critical systems.
Business Goal - CORRECT ANSWER>>The translation of the enterprise's
mission from a statement of intention into performance targets and results.
Business Impact - CORRECT ANSWER>>The net effect, positive or
negative, on the achievement of business objectives
Business Impact Analysis/Assessment (BIA) - CORRECT
ANSWER>>Evaluating the criticality and sensitivity of information assets.
An exercise that determines the impact of losing the support of any
resource to an enterprise, establishes the escalation of that loss over time,
identifies the minimum resources needed to recover, and prioritizes the
recovery of processes and the supporting system.
Scope Notes: This process also includes addressing: Income loss,
Unexpected expense, Legal issues (regulatory compliance or contractual),
Interdependent processes, Loss of public reputation or public confidence.
Business Objective - CORRECT ANSWER>>A further development of the
business goals into tactical targets and desired results and outcomes.
