Comprehensive Questions and Answers |
2025 LATEST UPDATED.
IS Control Objective
Defined as the statement of the desired result or purpose to be achieved by implementing control
procedures in a particular IS activity.
Governance
Is the set of responsibilities and practices exercised by the board of directors and executive
management with the goal of providing strategic direction, ensuring that objectives are achieved,
ascertaining that risk is managed appropriately and verifying that the enterprise's resources are used
responsibly.
Goals and Metrics
Ensure that IT goals are set based on business goals, and they are the best enablers of strategic
alignment.
Enterprise Architecture
Involves documenting an organization's IT assets in a structured manner to facilitate understanding,
management and planning for IT investments. The primary focus is to ensure that technology
investments are consistent with the platform, data and development standards of the IT
organization; therefore, the goal of the EA is to help the organization to implement the technology
that is most effective.
Business Impact Analysis
Identification of critical business processes should be addressed first so that the priorities and time
lines for recovery can be documented. Also documents the estimated recovery time frame for each
business unit.
Security Policies
Must be first of all aligned with an organization's business and security objectives.
Cost-Benefit Analysis
The total expected purchase and operational/support costs and a qualitative value for all actions are
weighted against the total expected benefits to choose the best technical, most profitable, least
expensive or acceptable risk option.
Functional(Preparedness) Test
After a tabletop exercise has been performed, the next step would be this. Localized version of a full
test., wherein actual resources are expended in the simulation of a system crash. Test is performed
regularly on different aspects of the plan and can be a cost-effective way to gradually obtain
, evidence about how good the plan is. It would be more efficient to verify and optimize the BCP
before actually involving IT in a full-scale test.
Full scale Test
The last step of the verification process before entering into a regular annual testing schedule.
Occurs after a tabletop/paper/desk exercise and a functional/preparedness test of the BCP. One step
away from an actual service disruption. Organization should have tested the plan well on paper and
locally before completely shutting down operations. For BCP testing, this is the disaster.
Tabletop Exercise (Desk Based Evaluation/Paper test)
First step in testing a BCP. Paper walk-through of the plan, involving major players in the plan's
execution who reason out what might happen in a particular type of service disruption. They may
walk through the entire plan or just a portion. Precludes a preparedness/functional test. involves
participation of relevant members of the crisis management/response team to practice proper
coordination
Fidelity Insurance
Covers the loss arising from dishonest or fraudulent acts by employees.
Top-Down Approach for development of Operational Policies
Deriving lower level policies from corporate policies aids in ensuring consistency across the
organization and consistency with other policies.
IT Governance
It encourages optimal use of IT. Intended to specify the combination of decision rights and
accountability that is best for the enterprise. It is different for every enterprise.
Business Continuity Plan
Once the business impact analysis (BIA) is completed, the next phase in the BCP development is to
identify the various recovery strategies and select the most appropriate strategy for recovering from
a disaster that will meet the time lines and priorities defined through the BIA.
Pilot Test
Used for implementing a new process or technology
Unit Test
Is used to test new software components
System Test
Is an integrated test used to test a new IT system
Governance of Enterprise IT (GEIT)
A system in which all stakeholders, including the board, senior management, internal customers and
departments such as finance, provide the input into the decision-making process. Is the
management system used by the board of directors. It is executive management and board of
director responsibility. Purpose is to direct IT endeavors to ensure that IT performance meets the
objectives of aligning IT with the enterprise's objectives and the realization of promised benefits.