INMT 341 FINAL EXAM
GRC - answer How organizations effectively manage processes, people, and
technology so that they help generate value
IT governance - answer includes process that inform, direct, manage, and monitor
organization activities, enabling an organization to achieve its goal; improve IT
management, increase value from IT tech investments
standard - answera specific set of rules organizations must comply; format that has
been approved by a recognized standards organization or is accepted as a standard by
the industry
official standards - answeroverseen by governing bodies that promote their
development and confirm their standards
framework - answergeneral guidance, not mandated, useful in the absence of well
defined or standard practices
It governance framework - answerframework that defines the ways and methods
through which and organization can implement, manage, and monitor IT governance
within an organization
risk - answermeasure of the potential for loss or damage when a threat exploits a
vulnerability (threat x vulnerability)
threat actors - answerentities that pose a threat
threat - answerevent or condition that has the potential for causing asset loss
risk management - answerthe systematic approach to managing risk
internal control objectives - answereffectiveness and efficiency of operations, reliability,
timeliness, transparency of information, compliance with applicable laws and regulations
compliance - answerthe state of being in accordance with established guidelines or
specifications or the process of becoming so.
general controls - answerapply to all areas of an organization (internal accounting
controls, operational controls, administrative controls, etc.)
, IT General Controls - answercombination of hardware, software, and manual
procedures that create an overall control environment. they are essential to ensure that
information systems are reliable and that behavior can be predicted, system‐wide
IT application code - answerspecific controls unique to each computerized application,
such as payroll or order processing (automated and mandated procedures)
control/security objective - answerdefines for an identified risk
control activities or procedures - answerdesigned to achieve the objective
Identity and Access Management (IAM) - answera framework for business processes,
policies, and technologies that facilitates the management of electronic of digital
identities (two factor authentication)
discretionary access control (DAC) - answerThe least restrictive access control model in
which the owner of the object has total control over it
Mandatory Access Control (MAC) - answerA type of access control that historically was
associated with multilevel security and military systems and may use a security
clearance to restrict access to resources. The security manager controls the security
policy, and users aren't able to override the policy
Role-Based Access Control (RBAC) - answerAn access control model that bases the
access control authorizations on the roles (or functions) that the user is assigned within
an organization
Attribute-based access control (ABAC) - answerThis is an access control paradigm
whereby access rights are granted to users with policies that combine attributes
together.
identification - answerthe ability to identify uniquely a user of a system or an application
that is running in the system
authentication - answerthe ability to prove that a user or application is genuinely who
that person or application claims to be
two factor authentication - answerauthentication based on what users know, such as a
password and what they have in their possession, such as a secure ID card or key
multifactor authentication - answerrequires more than two means of authentication such
as what the user knows (password), what the user has (security token), and what the
user is (biometric verification)
authorization - answerdetermines what a person can access once he/she is authorized
to use the system
GRC - answer How organizations effectively manage processes, people, and
technology so that they help generate value
IT governance - answer includes process that inform, direct, manage, and monitor
organization activities, enabling an organization to achieve its goal; improve IT
management, increase value from IT tech investments
standard - answera specific set of rules organizations must comply; format that has
been approved by a recognized standards organization or is accepted as a standard by
the industry
official standards - answeroverseen by governing bodies that promote their
development and confirm their standards
framework - answergeneral guidance, not mandated, useful in the absence of well
defined or standard practices
It governance framework - answerframework that defines the ways and methods
through which and organization can implement, manage, and monitor IT governance
within an organization
risk - answermeasure of the potential for loss or damage when a threat exploits a
vulnerability (threat x vulnerability)
threat actors - answerentities that pose a threat
threat - answerevent or condition that has the potential for causing asset loss
risk management - answerthe systematic approach to managing risk
internal control objectives - answereffectiveness and efficiency of operations, reliability,
timeliness, transparency of information, compliance with applicable laws and regulations
compliance - answerthe state of being in accordance with established guidelines or
specifications or the process of becoming so.
general controls - answerapply to all areas of an organization (internal accounting
controls, operational controls, administrative controls, etc.)
, IT General Controls - answercombination of hardware, software, and manual
procedures that create an overall control environment. they are essential to ensure that
information systems are reliable and that behavior can be predicted, system‐wide
IT application code - answerspecific controls unique to each computerized application,
such as payroll or order processing (automated and mandated procedures)
control/security objective - answerdefines for an identified risk
control activities or procedures - answerdesigned to achieve the objective
Identity and Access Management (IAM) - answera framework for business processes,
policies, and technologies that facilitates the management of electronic of digital
identities (two factor authentication)
discretionary access control (DAC) - answerThe least restrictive access control model in
which the owner of the object has total control over it
Mandatory Access Control (MAC) - answerA type of access control that historically was
associated with multilevel security and military systems and may use a security
clearance to restrict access to resources. The security manager controls the security
policy, and users aren't able to override the policy
Role-Based Access Control (RBAC) - answerAn access control model that bases the
access control authorizations on the roles (or functions) that the user is assigned within
an organization
Attribute-based access control (ABAC) - answerThis is an access control paradigm
whereby access rights are granted to users with policies that combine attributes
together.
identification - answerthe ability to identify uniquely a user of a system or an application
that is running in the system
authentication - answerthe ability to prove that a user or application is genuinely who
that person or application claims to be
two factor authentication - answerauthentication based on what users know, such as a
password and what they have in their possession, such as a secure ID card or key
multifactor authentication - answerrequires more than two means of authentication such
as what the user knows (password), what the user has (security token), and what the
user is (biometric verification)
authorization - answerdetermines what a person can access once he/she is authorized
to use the system
