Deck 5: Corporate and It Governance

A)To create international standards that strengthen global capital and liquidity rules with the goal of promoting a more resilient banking sector
B)To strengthen computer and network security within the U.S.federal government and affiliated parties by mandating yearly audits
C)To detect and prevent money laundering by requiring financial institutions to report certain transactions to government agencies.
D)To protect against identity theft by imposing disclosure requirements for businesses and government agencies that experience security breaches that might put the personal information of California residents at risk

A)Separation of duties
B)Separation of process
C)Separation of hierarchy
D)Separation of analysis

A)California Secrecy Act
B)California Senate Bill 1386
C)California Union Data Protection Directive
D)California Information Security Management Act

A)To govern the collection,use,and disclosure of personally identifiable information in the course of commercial transactions
B)To protect cardholder data and ensure that merchants and service providers maintain strict information security standards
C)To prevent certain classes of persons and entities from making payments to foreign government officials
D)To create international standards that strengthen global capital and liquidity rules with the goal of promoting a more resilient banking sector

A)To identify the U.S.taxpayers who hold financial assets in non-U.S.financial institutions and ensure that they agree to the U.S.tax obligations
B)To protect cardholder data and ensure that merchant and service providers maintain strict information security standards
C)To protect the privacy and security of individually identifiable financial information collected and processed by financial institutions
D)To prevent certain classes of persons and entities from making payments to foreign government officials in an attempt to obtain or retain business

A)Mitigating IT-related risks
B)Identifying appropriate IT opportunities
C)Ensuring smooth induction of IT in an organization
D)Complying with section 504 of the Sarbanes-Oxley Act

A)Foreign corrupt practices Act
B)Gramm-Leach-Bliley Act
C)California Senate Bill 1386
D)Basel II Accord

A)Foreign Account Tax Compliance Act
B)Foreign Corrupt Practices Act
C)U.S.Senate Bill Act
D)Basel II Tax Accord

A)Federal Union Data Protection Act
B)Federal Information Security Management Act
C)Federal Corrupt Practices Act
D)Federal-Bliley Act

A)project management.
B)IT management.
C)human resource management.
D)executive management.

A)It delivers an organization's strategic goals
B)It aligns the business goals and objectives with IT project goals and objectives
C)It achieves results with a high degree of predictability
D)It embeds accountability and internal controls in an organization

A)accounting
B)espionage
C)journalistic
D)plagiarism

A)It governs the collection,use,and disclosure of personally identifiable information in the course of commercial transactions.
B)It protects against identity theft by imposing disclosure requirements for businesses and government agencies that experience security breaches.
C)It protects cardholder data and ensures that merchant and service providers maintains strict information security standards.
D)It strengthens computer and network security by mandating yearly audits.

A)Human resource portfolio management
B)Sourcing portfolio management
C)Finance portfolio management
D)Marketing portfolio management

A)Increased costs
B)Increased market share
C)Increased time to market
D)Decreased revenues

A)It strengthens computer and network security within the European federal government and affiliated parties (such as government contractors)by mandating yearly audits.
B)It protects the privacy of European Union citizens' personal information by placing limitations on sending such data outside of the European Union to areas that are deemed to have less than adequate standards for data security.
C)It identifies European taxpayers who hold financial assets in non-European financial institutions and offshore accounts so that they cannot avoid their tax obligations.
D)It protects against identity theft by imposing disclosure requirements for businesses and government agencies that experience security breaches that might put the personal information of European residents at risk.

A)executives
B)customers
C)retailers
D)clients

A)The projects must deliver expected business results on time and within budget.
B)The projects must embed accountability and internal controls in an organization.
C)The projects must be delayed to achieve the required quality.
D)The projects must go beyond the budget to maintain the quality.

A)wiki
B)acquisition
C)protocol
D)governance

A)Strategic alignment
B)IT value delivery
C)Risk management
D)Operations management

A)continual transition improvement
B)continual process improvement
C)service strategy
D)service operation

A)It renews the health insurance of the taxpayers.
B)It checks bank statements of the citizens for accuracy.
C)It verifies the taxpayers of a country for their income.
D)It protects an organization's resources.

A)It provides best practice recommendations on information security management for use by those responsible for initiating,implementing,or maintaining information security management systems.
B)It provides guidance on enterprise risk management,internal control,and fraud deterrence.
C)It provides a proven and practical framework for planning and delivering information technology-related services.
D)It provides a catalog of security and privacy controls for federal information systems and organizations and a process for selecting controls to protect organizational operations.

A)Service design
B)Service operation
C)Service strategy
D)Service transition

A)service design
B)service transition
C)service strategy
D)service operation

A)A company's internal control system
B)A company's balance sheet
C)Career growth of employees
D)The values of IT stakeholders

A)The Do step
B)The Check step
C)The Plan step
D)The Act step

A)It involves understanding who the IT customers are,the service offerings required to meet their needs,and the IT capabilities and resources required to develop and successfully execute these offerings.
B)It involves following the design to build,test,and move into production the services that will meet customer expectations.
C)It ensures that the new and/or changed services are designed effectively to meet customer expectations.
D)It provides a means for an IT organization to measure and improve the service levels,the technology,and the efficiency and effectiveness of processes used in the overall management of services.

A)IT governance
B)IT collaboration
C)Corporate collaboration
D)Collaborative governance

A)Committee of Sponsoring Organizations (COSO)2013
B)Information Infrastructure Library (ITIL)
C)Control Objectives for Information and Related Technology (COBIT)
D)International Standards Organization (ISO)27002

A)The Do step
B)The Check step
C)The Plan step
D)The Act step

A)Resource management
B)Risk management
C)Operations alignment
D)Strategic alignment

A)Control Objectives for Information and Related Technology (COBIT)
B)Information Technology Infrastructure Library (ITIL)
C)Committee of Sponsoring Organizations (COSO)
D)International Standards Organization (ISO)

A)IT Infrastructure Library (ITIL)
B)Committee of Sponsoring Organizations (COSO)2013
C)Control Objectives for Information and Related Technology (COBIT)
D)International Standards Organization (ISO)27002

A)International Standards Organization (ISO)27002
B)Control Objectives for Information and Related Technology (COBIT)
C)Committee of Sponsoring Organizations (COSO)2013
D)Information Infrastructure Library (ITIL)

A)The Human Resources Act
B)The finance directory
C)The Control Objectives for Information and Related Technology (COBIT)
D)The Information Technology Infrastructure Library (ITIL)

A)Service design
B)Service operation
C)Service transition
D)Service strategy

A)Service design
B)Service operation
C)Service strategy
D)Service transition

A)It provides guidance on enterprise risk management,internal control,and fraud deterrence.
B)It provides best practice recommendations on information security management for use by those responsible for initiating,implementing,or maintaining information security management systems.
C)It provides a proven and practical framework for planning and delivering information technology services.
D)It provides a catalog of security and privacy controls for federal information systems and organizations and a process for selecting controls to protect organizational operations.

A)business initiation plan
B)business valuation plan
C)business continuity plan
D)business improvement plan

A)Allow employees to take copies of vital data home at the end of the work day.
B)Store the data in a building adjacent to the company.
C)Store all the data in an external disk and place it in the server room.
D)Use online databases to update and backup the data.

A)Plan
B)Do
C)Check
D)Act

A)The Do step
B)The Check step
C)The Plan step
D)The Act step

A)It helps save lives and contain the impact of the disaster.
B)It assess the extent of the damage and decide if or when it may be safe to reenter the affected work area.
C)It recommends whether the disaster recovery plan needs to be put into effect or not.
D)It gathers and analyzes the data needed to make decisions and direct the work of the emergency response team and business recovery team.

A)The emergency response group
B)The business continuity group
C)The control group
D)The business recovery group

A)Identify vital records and data
B)Define resources and actions to recover
C)Define emergency procedures
D)Conduct a business impact analysis

A)Disaster recovery as a service (DRaaS)
B)Disaster recovery as an event (DRaaE)
C)Disaster recovery as a platform (DRaaPL)
D)Disaster recovery as a solution (DRaaSL)

A)Business stake
B)Due diligence
C)Outsourcing
D)Internal control

A)This business function is extremely critical to the operation of the firm and cannot be unavailable for more than a few minutes without causing severe problems.
B)This business function is critical to the operation of the firm and cannot be unavailable for more than a few hours without causing severe problems.
C)This business function,while significant,can be unavailable for up to a few days without causing severe problems.
D)This business function can be unavailable for several days in times of a major disaster without causing major problems.

A)The scope of the Plan-Do-Check-Act (PDCA)model
B)Metrics and best practices of information technology (IT)related processes
C)A written and tested business continuity plan
D)Information security management

A)critical time objective.
B)business recovery time.
C)recovery time objective.
D)attrition recovery time.

A)This business function,while significant,can be unavailable for up to a few days without causing severe problems.
B)This business function is critical to the operation of the firm and cannot be unavailable for more than a few hours without causing severe problems.
C)This business function is extremely critical to the operation of the firm and cannot be unavailable for more than a few minutes without causing severe problems.
D)This business function can be unavailable for several days in times of a major disaster without causing major problems.

A)business initiation plan
B)business valuation plan
C)business improvement plan
D)business continuity plan

A)"A" priority business function.
B)"AAA" priority business function.
C)"AA" priority business function.
D)"B" priority business function.

A)"A" priority business function.
B)"AAA" priority business function.
C)"AA" priority business function.
D)"B" priority business function.

A)Business impact analyses
B)Emergency procedures
C)Recovery time objective
D)Due diligences

A)The International Standards Organizational standard ISO 22301:2012
B)The International Standards Organizational standard ISO 22313:2012
C)The International Standards Organizational standard ISO 22320:2011
D)The International Standards Organizational standard ISO 22323:2010

A)Allow employees to take backup copies of vital data home at the end of the work day.
B)Copy online databases to magnetic storage devices and ship them off-site.
C)Store the backup data in a building located near the company.
D)Use online databases to update and backup the data.

A)Do
B)Check
C)Plan
D)Act

A)emergency response group
B)business recovery group
C)control group
D)business continuity group

A)emergency response
B)control
C)business recovery
D)business continuity

A)They help save lives and contain the impact of the disaster.
B)They assess the extent of the damage and decide if or when it may be safe to reenter the affected work area.
C)They recommend whether the disaster recovery plan needs to be put into effect or not.
D)They gather and analyze the data needed to make decisions and direct the work of the emergency response team and business recovery team.

A)Manager
B)Supervisor
C)Administrative officer
D)Floor warden

A)The emergency response group
B)The control group
C)The business recovery group
D)The business continuity group