INMT 540 - Exam 2 - ITS Risk and
Related Controls Introduction #2
The potential for risks leads to the need for - answer controls/security measures to
manage risks
IT Risk - answer potential for an unplanned, negative business outcome involving the
failure or misuse of IT
business risk associated with use, ownership, operation, involvement, influence and
adoption of IT within an enterprise
Covers all IT-related risks, including the impact of:
- late project delivery
- compliance
- misalignment
- obsolete or inflexible IT architecture
IT Risk spans a range of business-critical areas such as (3) - answer security -
compromised business data due to unauthorized access or use
availability - inability to access your IT systems needed for business operations
performance - reduced productivity
compliance - failure to follow laws and regulations
What is at risk? - answerTarget System - information asset that should be protected
from all types of risk
components
- input
- processing
- output
- data storage
- communication
- operating system
- people
Target System Characteristics:
*Boundary*
, Communication
Location and Spread - answer- links with other systems
- nature, type, and timing of traffic
- availability of connectivity with the target system
Target System Characteristics:
Boundary
*Communication*
Location and Spread - answer- lines
- authentication of communicators
- volume and diversity of traffic
Target System Characteristics:
Boundary
Communication
*Location and Spread* - answer- placement
- centralization and decentralization
Internal Control - answera process designed to provide reasonable assurance regarding
the achievement of objectives relating to operations, reporting, and compliance
different types/categories of controls
- general controls and application controls
- corrective, preventive, and detective
Information Security - answerProtection of information assets from harm
Physical and logical security
Internal control objectives - answereffectiveness and efficiency of operations
reliability, timeliness, and transparency of information
compliance with applicable laws and regulations
Information Security Objectives - answer*Confidentiality/Privacy
*Integrity
*Availability
*CIA TRIAD
Authentication
Nonrepudiation
Information Security Objectives:
Related Controls Introduction #2
The potential for risks leads to the need for - answer controls/security measures to
manage risks
IT Risk - answer potential for an unplanned, negative business outcome involving the
failure or misuse of IT
business risk associated with use, ownership, operation, involvement, influence and
adoption of IT within an enterprise
Covers all IT-related risks, including the impact of:
- late project delivery
- compliance
- misalignment
- obsolete or inflexible IT architecture
IT Risk spans a range of business-critical areas such as (3) - answer security -
compromised business data due to unauthorized access or use
availability - inability to access your IT systems needed for business operations
performance - reduced productivity
compliance - failure to follow laws and regulations
What is at risk? - answerTarget System - information asset that should be protected
from all types of risk
components
- input
- processing
- output
- data storage
- communication
- operating system
- people
Target System Characteristics:
*Boundary*
, Communication
Location and Spread - answer- links with other systems
- nature, type, and timing of traffic
- availability of connectivity with the target system
Target System Characteristics:
Boundary
*Communication*
Location and Spread - answer- lines
- authentication of communicators
- volume and diversity of traffic
Target System Characteristics:
Boundary
Communication
*Location and Spread* - answer- placement
- centralization and decentralization
Internal Control - answera process designed to provide reasonable assurance regarding
the achievement of objectives relating to operations, reporting, and compliance
different types/categories of controls
- general controls and application controls
- corrective, preventive, and detective
Information Security - answerProtection of information assets from harm
Physical and logical security
Internal control objectives - answereffectiveness and efficiency of operations
reliability, timeliness, and transparency of information
compliance with applicable laws and regulations
Information Security Objectives - answer*Confidentiality/Privacy
*Integrity
*Availability
*CIA TRIAD
Authentication
Nonrepudiation
Information Security Objectives:
