UTK INMT 341 Final
GRC (Governance, Risk, and Compliance) - answer How do organizations effectively
manage processes, people, and technology so that they help generate value?
Governance - answer Governing/managing processes, technology, and systems.
IT governance describes a formal framework that provides a structure for organizations
to ensure that RT investments support business objectives
Sometimes referred to as IT governance
Subset of overall organizational governance
Risk management - answerIdentifying and controlling thee risks associated with
processes, technologies and systems.
A measure of potential for loss or damage on a threat exploits vulnerability
Risking come from internal or external sources
Compliance - answerAdhering to the laws and regulations that govern organizations
which can vary based on industry, location, and organizational structure.
Foundational Requirements of GRC - answerUnderstanding of an organization
Understanding of an organization's business processes
Understanding of the information processes that document and support business
processes
Understanding of the technology used to design information processes
Understanding of how technology resources received, interpret and used instructions
Understanding of the key terms in conserves associated with risk management
Awareness of the gardens available to support risk management
Understanding of the key steps/processes involved in risk management
business issue not a technology one - answerIT governance is a
Adherence includes processes that form, direct, manage, and monitor organization
theories, enabling organization to achieve its goals.
1. align IT strategy with the business strategy
2. Incorporate IT into the enterprise risk management program
3. Manage performance of IT
4. Ensure delivery of value
, 5. Ensure adequate internal controls
6. Ensure regulatory compliance
7. Ensure the effective and efficient use of IT - answerI&T/IT governance objectives
Risk management and compliance - answerIT governance is a broad term that
encompasses both
1. Processes
2. Organizational structures
3. Principles, policies, procedures
4. Information
5. Culture, ethics and behavior
6. People, skills and competencies
7. Services, infrastructure and applications - answerGovernment system
Linking business and IT - answerKey objective of IT governance
1. Strategic
2. Tactical, and
3. Operational planning - answerBusinesses and RT should be linked through
continuous alignment of
EU GDPR (General Data Protection Regulation) - answerAny organization of
processing personal data of EU residence must protect personal data
CCPA (California Consumer Privacy Act) - answerMirrors the standards in GDPR -
Organization processing information California residents were doing business in
California must protect personal data
PIPEDA (Personal Information Protection and Electronic Documents Act) -
answerCanadian law that mirrors the standards in gdpr
FERPA (Family Educational Rights and Privacy Act) - answerFederal law that affords
parents the right to have access to their children's education records, the right to seek to
have the records amended, and the right to have some control over the disclosure I
personally identifiable information from the education records. And the student turns 18
years or older or enters a post secondary institution at any age of the rights under fire
by transfer from the parents to the student
FISMA (Federal Information Security Management Act) - answerUS federal agencies
protection of information and IT systems
GLBA (Gramm-Leach-Bliley Act) - answerUS financial institutions must protect privacy
of personal information, safety of Internet-based products and services, and fair and
accurate credit transaction, anti-terrorism.
GRC (Governance, Risk, and Compliance) - answer How do organizations effectively
manage processes, people, and technology so that they help generate value?
Governance - answer Governing/managing processes, technology, and systems.
IT governance describes a formal framework that provides a structure for organizations
to ensure that RT investments support business objectives
Sometimes referred to as IT governance
Subset of overall organizational governance
Risk management - answerIdentifying and controlling thee risks associated with
processes, technologies and systems.
A measure of potential for loss or damage on a threat exploits vulnerability
Risking come from internal or external sources
Compliance - answerAdhering to the laws and regulations that govern organizations
which can vary based on industry, location, and organizational structure.
Foundational Requirements of GRC - answerUnderstanding of an organization
Understanding of an organization's business processes
Understanding of the information processes that document and support business
processes
Understanding of the technology used to design information processes
Understanding of how technology resources received, interpret and used instructions
Understanding of the key terms in conserves associated with risk management
Awareness of the gardens available to support risk management
Understanding of the key steps/processes involved in risk management
business issue not a technology one - answerIT governance is a
Adherence includes processes that form, direct, manage, and monitor organization
theories, enabling organization to achieve its goals.
1. align IT strategy with the business strategy
2. Incorporate IT into the enterprise risk management program
3. Manage performance of IT
4. Ensure delivery of value
, 5. Ensure adequate internal controls
6. Ensure regulatory compliance
7. Ensure the effective and efficient use of IT - answerI&T/IT governance objectives
Risk management and compliance - answerIT governance is a broad term that
encompasses both
1. Processes
2. Organizational structures
3. Principles, policies, procedures
4. Information
5. Culture, ethics and behavior
6. People, skills and competencies
7. Services, infrastructure and applications - answerGovernment system
Linking business and IT - answerKey objective of IT governance
1. Strategic
2. Tactical, and
3. Operational planning - answerBusinesses and RT should be linked through
continuous alignment of
EU GDPR (General Data Protection Regulation) - answerAny organization of
processing personal data of EU residence must protect personal data
CCPA (California Consumer Privacy Act) - answerMirrors the standards in GDPR -
Organization processing information California residents were doing business in
California must protect personal data
PIPEDA (Personal Information Protection and Electronic Documents Act) -
answerCanadian law that mirrors the standards in gdpr
FERPA (Family Educational Rights and Privacy Act) - answerFederal law that affords
parents the right to have access to their children's education records, the right to seek to
have the records amended, and the right to have some control over the disclosure I
personally identifiable information from the education records. And the student turns 18
years or older or enters a post secondary institution at any age of the rights under fire
by transfer from the parents to the student
FISMA (Federal Information Security Management Act) - answerUS federal agencies
protection of information and IT systems
GLBA (Gramm-Leach-Bliley Act) - answerUS financial institutions must protect privacy
of personal information, safety of Internet-based products and services, and fair and
accurate credit transaction, anti-terrorism.
