Controls & Risk
This type of control stops an issue before it happens.
What is a preventative control?
This is selecting a subset of data to test instead of everything.
What is sampling?
Reviewing work to ensure it meet standards is called this.
What is quality assurance?
This principle means users should only have access needed for their job.
What is least privilege?
You test only what you expect to pass instead of trying to break it.
What is confirmation bias?
This control identifies issues after they occur.
What is a detective control?
This type of testing checks if a control is working effectively over time.
What is operating effectiveness (OE)?
This common issue happens when reviewers approve without fully checking.
What is the rubber stamp effect?
Reviewing user access regularly is known as this.
What is access review?
A control exist but no one follows it consistently.
What is a control failure?
Risk is commonly defined as this x impact.
What is likelihood?
This type of testing checks if a control is designed properly.
What is design effectiveness (DE)?
Too many alerts causing people to ignore them is called this.
What is alert fatigue?
This happens when users have more access than necessary.
What is excessive access?
An issue happens because one small step was missed in a process.
What is a process gap?