CISM Vocabulary Flashcards Preview

CISM (Certified Information Security Manager) > CISM Vocabulary > Flashcards

Flashcards in CISM Vocabulary Deck (95)
Loading flashcards...
1

Administrative controls

policies, processes, procedures, standards

2

Annualized Loss Expectancy

ALE = SLExARO

3

architecture standard

defines technology architecture at the database, system, or network level

4

assessment

an examination that determines the effectiveness of a system or process

5

asset value

the value of an IT asset - usually but not always the Replacement Value

6

Asynchronous Replication

writing to data in a remote system is not synchronized with the local system.

No guarantee that remote system is identical to local system

Might be a time lag

7

Attestation of compliance

assertion of compliance to a law, standard or requirement

Typically signed by high ranking official

8

authentication

asserting an identity and providing proof of it

typically requires an ID (assertion) and a password (proof)

9

business email compromise

ceo fraud

perpetrator impersonates a CEO and gets company personnel to transfer large amounts of money, typically for a "secret merger" or "acquisition"

10

Business Impact Analysis

Study to identify the impact that different disaster scenarios will have on business operations

11

Business Recovery Plan

activities required to recover and resume critical business processes and activities

12

capability maturity model

measures relative maturity of an organization and its processes

13

capability maturity model for Development
CMMi-DEV

maturity model used to measure software development process maturity

14

certification practicer statement (CPS)

describes practices used by the CA to issue and manage digital certificates

15

Change Control Board
aka
Change Advisory Board

stakeholders from IT and Business who propose, discuss, approve changes to the IT systems

16

CIS Controls

framework maintained by the Center for Internet Security (CIS)

17

COBIT

published by ISACA

control framework for managing information systems and security

18

COSO

Committee of Sponsoring Organizations of the Treadway Commission

Organization providing control frameworks and guidance on enterprise risk management

19

COOP

Continuity of Operations Plan

activities required to continue critical and strategic business functions at alternate site

20

Control

Policy, Process or Procedure created to ensure desired outcomes or to avoid unwanted outcomes

21

Control Framework

Collection of controls organized in logical categories

22

Covered Entity

any organization that stores or processes information covered by HIPAA

23

Critical Path Methodology (CPM)

Technique used to identify the most critical path in a project to understand which tasks are most likely to affect the project schedule

24

Criticality Analysis (CA)

Study of each system and process, a consideration of the impact on the organization if it's incapacitated, the likelihood of incapacitation and the estimated cost of mitigating the impact (risk)

25

Digital envelope

method of using two layers of encryption

symmetric key is used to encrypt a message and a public or private key is used to encrypt the symmetric key

26

Disaster

unexpected and unplanned event that results in the disruption of business operations

27

Dwell Time

amount of time from the start of an incident to the organization's awareness of the incident

28

e-vaulting

backing up information to an off-site location, usually a 3rd-party service provider

29

Exposure Factor

financial loss resulting from realization of a threat.

expressed as a percentage of the asset's total value

30

Facilities Classification

methods for assigning risk levels to facilities based based on their operational criticality or other risk factors