Bash, the Crucial Exams Chat Bot
AI Bot
ISC2 CGRC Core Concepts Flashcards
ISC2 Governance, Risk and Compliance (CGRC) Flashcards
Study our ISC2 CGRC Core Concepts flashcards for the ISC2 Governance, Risk and Compliance (CGRC) exam with 23+ flashcards. View as flashcards, a searchable table, or as a fun matching game.
| Front | Back |
| What are the six steps of the RMF process? | Categorize, Select, Implement, Assess, Authorize, Monitor |
| What does CGRC stand for? | Certified Governance, Risk and Compliance |
| What does NIST SP 800-53 provide guidance on? | Security and privacy controls for federal information systems and organizations |
| What does risk management aim to achieve? | Identifying, assessing, and addressing risks to meet organizational goals |
| What does segregation of duties (SoD) help prevent? | Fraud and errors by dividing responsibilities among multiple individuals |
| What is a control in risk management? | A measure or mechanism implemented to mitigate or reduce risk |
| What is a Key Risk Indicator (KRI)? | A metric that signals a potential risk event or threshold breach |
| What is a vulnerability assessment? | An evaluation to identify weaknesses in systems and processes that could be exploited |
| What is compliance in the context of GRC? | Adhering to laws, regulations, and organizational policies |
| What is the difference between inherent risk and residual risk? | Inherent risk is the natural risk before controls, while residual risk is the remaining risk after controls |
| What is the difference between qualitative and quantitative risk assessment? | Qualitative uses subjective judgment, while quantitative uses numerical data and analysis |
| What is the function of an authorization official (AO) in the RMF? | To approve the system to operate based on risk assessment and management activities |
| What is the goal of continuous monitoring in the RMF? | To maintain an ongoing awareness of security and risk posture |
| What is the primary focus of governance in GRC? | Establishing policies and ensuring accountability for organizational objectives |
| What is the purpose of a control assessment? | To evaluate the effectiveness of implemented security or privacy controls |
| What is the purpose of a policy in governance? | To provide high-level guidance and principles for decision-making and behavior |
| What is the purpose of a risk assessment? | To identify and prioritize risks for mitigation and decision-making |
| What is the purpose of a risk tolerance statement? | To define the acceptable level of risk an organization is willing to take |
| What is the role of a compliance audit? | To ensure that processes, policies, and controls align with regulations and standards |
| What is the role of the Risk Management Framework (RMF)? | To provide a structured process for managing information system risks |
| What is the significance of a standard in GRC? | Standards define specific requirements and benchmarks to ensure consistency and compliance |
| What is threat modeling? | A process of identifying potential threats to an information system and assessing their impact |
| Who is responsible for overseeing governance in an organization? | The board of directors or senior leadership |
About the Flashcards
Flashcards for the ISC2 Governance, Risk and Compliance (CGRC) exam present concise definitions and explanations of governance, risk management, and compliance fundamentals. The deck covers key roles such as the board and senior leadership, the purpose of policies and standards, distinctions between inherent and residual risk, and essential metrics like Key Risk Indicators.
Students can review risk assessment methods (qualitative and quantitative), the Risk Management Framework steps, control implementation and assessment, continuous monitoring and authorization roles, vulnerability assessment and threat modeling, segregation of duties, and compliance audits to reinforce core terminology and concepts.
Topics covered in this flashcard deck:
- Governance and roles
- Risk management basics
- RMF process and steps
- Controls and assessments
- Compliance, policies, standards
- Vulnerability assessment and threat modeling