CISA Exam Help Ch. 2 (Book
Notes)CORRECT 100%
Who is responsible for the governance of the enterprise? - ANSWERBoard of
Directors
What is corporate governance's purpose? - ANSWERto help build an environment of
trust, transparency, and accountability to foster long-term investment, financial
stability, and business integrity
All stakeholders provide ______ into IT-decision making processes - ANSWERinput
IT resource management - ANSWERmaintain updated inventory of IT assets and
address risk management
Performance management - ANSWERensure all IT resources perform as expected
Compliance management - ANSWERimplements processes to address policy and
contract compliance
Why was COBIT developed? - ANSWERto help enterprises optimize value of
information assets
What is effective IS governance? - ANSWERframework to guide development and
management of an IS program that supports the business
Who is accountable to the Board for IS governance? - ANSWERThe CEO
Who is responsible for IS dissemination? - ANSWERThe CEO
What does a typical Board of Directors do? - ANSWERlevel committee approving
policies; may include C-suite folks and HR
Lack of IT involvement for creation of the business strategy means... - ANSWERthe
strategy may not be aligned
For effective business intelligence, you need a data ... - ANSWER(data) architecture
(EDFA and logical data architecture)
What's an EDFA? - ANSWEREnterprise data flow architecture (data flow diagram
with the architecture layers on it
What is process integration? - ANSWERintegrating an organization's management
assurance process for security (improve operational efficiency)
What is strategic planning? - ANSWERlong-term direction an enterprise wants to
take in leveraging IT for business processes
, Who is responsible for Strategic planning? - ANSWERTop management
How long do strategic plans take and who is included in the development? -
ANSWER3-5 years and include IT management, IT steering committee, and the
strategy committee
Strategic planning involves consideration of requirements for new and revised IS
systems and the IT organization's... - ANSWERcapacity to deliver new functionality
To assess IT capability, the existing system's portfolio should be... -
ANSWERreviewed
To assess IT capacity involves a review of ... - ANSWERtechnical IT infrastructure
and key support processes
Strategic planning is based on... - ANSWERROI
What's logical data architecture? - ANSWERdone in stages because different inputs
of a large business often deals with different types of transactions
Data architecture needs to be structured for the organization's needs... -
ANSWERefficiently
What is data governance? - ANSWERto maximize value from BI, you need this
To have good data governance, you need to consider establishing... -
ANSWERstandard definitions for data, business rules and metrics; identifying
approved data sources; and establishing standards for data reconciliation
What are some IT related frameworks? - ANSWERCOBIT, ITIL, ISO/IEC, ISM3
What is a standard? - ANSWERa mandatory requirement recognized externally by
an approved organization
Professional standards, like ISACA, have guidelines and techniques that ... -
ANSWERassist in implementing and complying with other standards
What are policies? - ANSWERhigh-level statements of management intent (the
constitution of governance)
Policies must be aligned with strategic objectives of ... - ANSWERthe organization
Most policies support achievement of business objectives and... -
ANSWERimplementation of IS controls
What's an Information Security policy? - ANSWERset of rules developed by an
organization to protect information and technology (should state management's
commitment to the framework)
Notes)CORRECT 100%
Who is responsible for the governance of the enterprise? - ANSWERBoard of
Directors
What is corporate governance's purpose? - ANSWERto help build an environment of
trust, transparency, and accountability to foster long-term investment, financial
stability, and business integrity
All stakeholders provide ______ into IT-decision making processes - ANSWERinput
IT resource management - ANSWERmaintain updated inventory of IT assets and
address risk management
Performance management - ANSWERensure all IT resources perform as expected
Compliance management - ANSWERimplements processes to address policy and
contract compliance
Why was COBIT developed? - ANSWERto help enterprises optimize value of
information assets
What is effective IS governance? - ANSWERframework to guide development and
management of an IS program that supports the business
Who is accountable to the Board for IS governance? - ANSWERThe CEO
Who is responsible for IS dissemination? - ANSWERThe CEO
What does a typical Board of Directors do? - ANSWERlevel committee approving
policies; may include C-suite folks and HR
Lack of IT involvement for creation of the business strategy means... - ANSWERthe
strategy may not be aligned
For effective business intelligence, you need a data ... - ANSWER(data) architecture
(EDFA and logical data architecture)
What's an EDFA? - ANSWEREnterprise data flow architecture (data flow diagram
with the architecture layers on it
What is process integration? - ANSWERintegrating an organization's management
assurance process for security (improve operational efficiency)
What is strategic planning? - ANSWERlong-term direction an enterprise wants to
take in leveraging IT for business processes
, Who is responsible for Strategic planning? - ANSWERTop management
How long do strategic plans take and who is included in the development? -
ANSWER3-5 years and include IT management, IT steering committee, and the
strategy committee
Strategic planning involves consideration of requirements for new and revised IS
systems and the IT organization's... - ANSWERcapacity to deliver new functionality
To assess IT capability, the existing system's portfolio should be... -
ANSWERreviewed
To assess IT capacity involves a review of ... - ANSWERtechnical IT infrastructure
and key support processes
Strategic planning is based on... - ANSWERROI
What's logical data architecture? - ANSWERdone in stages because different inputs
of a large business often deals with different types of transactions
Data architecture needs to be structured for the organization's needs... -
ANSWERefficiently
What is data governance? - ANSWERto maximize value from BI, you need this
To have good data governance, you need to consider establishing... -
ANSWERstandard definitions for data, business rules and metrics; identifying
approved data sources; and establishing standards for data reconciliation
What are some IT related frameworks? - ANSWERCOBIT, ITIL, ISO/IEC, ISM3
What is a standard? - ANSWERa mandatory requirement recognized externally by
an approved organization
Professional standards, like ISACA, have guidelines and techniques that ... -
ANSWERassist in implementing and complying with other standards
What are policies? - ANSWERhigh-level statements of management intent (the
constitution of governance)
Policies must be aligned with strategic objectives of ... - ANSWERthe organization
Most policies support achievement of business objectives and... -
ANSWERimplementation of IS controls
What's an Information Security policy? - ANSWERset of rules developed by an
organization to protect information and technology (should state management's
commitment to the framework)
