Bash, the Crucial Exams Chat Bot
AI Bot
ISC2 CGRC Core Concepts Flashcards
ISC2 Governance, Risk and Compliance (CGRC) Flashcards
| Front | Back |
| What are the six steps of the RMF process? | Categorize, Select, Implement, Assess, Authorize, Monitor |
| What does CGRC stand for? | Certified Governance, Risk and Compliance |
| What does NIST SP 800-53 provide guidance on? | Security and privacy controls for federal information systems and organizations |
| What does risk management aim to achieve? | Identifying, assessing, and addressing risks to meet organizational goals |
| What does segregation of duties (SoD) help prevent? | Fraud and errors by dividing responsibilities among multiple individuals |
| What is a control in risk management? | A measure or mechanism implemented to mitigate or reduce risk |
| What is a Key Risk Indicator (KRI)? | A metric that signals a potential risk event or threshold breach |
| What is a vulnerability assessment? | An evaluation to identify weaknesses in systems and processes that could be exploited |
| What is compliance in the context of GRC? | Adhering to laws, regulations, and organizational policies |
| What is the difference between inherent risk and residual risk? | Inherent risk is the natural risk before controls, while residual risk is the remaining risk after controls |
| What is the difference between qualitative and quantitative risk assessment? | Qualitative uses subjective judgment, while quantitative uses numerical data and analysis |
| What is the function of an authorization official (AO) in the RMF? | To approve the system to operate based on risk assessment and management activities |
| What is the goal of continuous monitoring in the RMF? | To maintain an ongoing awareness of security and risk posture |
| What is the primary focus of governance in GRC? | Establishing policies and ensuring accountability for organizational objectives |
| What is the purpose of a control assessment? | To evaluate the effectiveness of implemented security or privacy controls |
| What is the purpose of a policy in governance? | To provide high-level guidance and principles for decision-making and behavior |
| What is the purpose of a risk assessment? | To identify and prioritize risks for mitigation and decision-making |
| What is the purpose of a risk tolerance statement? | To define the acceptable level of risk an organization is willing to take |
| What is the role of a compliance audit? | To ensure that processes, policies, and controls align with regulations and standards |
| What is the role of the Risk Management Framework (RMF)? | To provide a structured process for managing information system risks |
| What is the significance of a standard in GRC? | Standards define specific requirements and benchmarks to ensure consistency and compliance |
| What is threat modeling? | A process of identifying potential threats to an information system and assessing their impact |
| Who is responsible for overseeing governance in an organization? | The board of directors or senior leadership |
This deck provides an overview of fundamental concepts, terms, and roles related to governance, risk, and compliance within the context of the CGRC exam.