Flashcards · Cybersecurity
CISM Flashcards
Free flashcards for CISM: flip each card to reveal the definition. Built from the CISM glossary as a study aid, these are concept checks, not real exam questions.
1 / 22
Click the card (or press Space) to flip · use Prev/Next to move
All 22 terms
- Governance
- The strategy, policies and oversight that direct and control security.
- Business alignment
- Ensuring security supports the organisation's objectives.
- Risk appetite
- The amount and type of risk an organisation is willing to pursue.
- Risk tolerance
- The acceptable variation around the risk appetite.
- Residual risk
- The risk left after controls are applied.
- Inherent risk
- Risk before any controls are applied.
- Risk response
- Avoiding, transferring, mitigating or accepting a risk.
- KPI
- Key Performance Indicator - measures how well something performs.
- KRI
- Key Risk Indicator - signals rising risk.
- Policy
- A high-level statement of management intent.
- Standard
- A mandatory rule supporting a policy.
- Procedure
- Step-by-step instructions to meet a standard.
- RACI
- A responsibility model: Responsible, Accountable, Consulted, Informed.
- Due care
- Taking reasonable steps to protect assets.
- Due diligence
- Ongoing effort to identify and manage risk.
- BIA
- Business Impact Analysis - identifies critical functions and impacts.
- RTO
- Recovery Time Objective - target time to restore a function.
- RPO
- Recovery Point Objective - acceptable data loss.
- Incident response
- The organised approach to handling a security incident.
- Maturity model
- A scale used to assess how developed a process is.
- Third-party risk
- Risk introduced by vendors and partners.
- Gap analysis
- Comparing the current state to a desired state.