Governance
Risk
Compliance
FSO
Potpurri
100
This Certification allows US Federal Agencies to leverage ServiceNow as Cloud Service Provider
What is FedRAMP?
100
These are identified through various sources, including but not limited to: customer audits, internal audits, external audits, certifications, vulnerability management, continuous control monitoring, and ad-hoc reporting from employees, partners, and customers.
What is an Observation?
100
Not having a compliance program leads to what risk for organizations?
What is fines, penalties, and loss of reputation
100
The purpose of a security clearance
What is allows a person to have access to and read classified material? 
100
The abbreviation HI stands for this
What is Hosted ITIL?
200
This ServiceNow site allows customers to access documentation and evidence to address their internal audit and vendor assessment requirements
What is the CORE?
200
In some cases, the cost and effort to remediate an issue may exceed the risk presented by that issue.  If no mitigation plan is feasible, this can be requested.
What is a Risk Acceptance Request (RAR)?
200
Historical and current Compliance data is available to all Cloud GRC Team members in this location
What is HI (Legacy/HI GRC)?
200
A person who gives away company secrets
Who is an insider threat?
200
This animal is Cloud GRC's mascot
What is the elephant?
300
This control family details the Awareness and Training Requirements in the NIST 800-53 framework.
What is the AT (Awareness and Training) control family?
300
The exposure to the business assuming no mitigations are in place.  Calculated as Impact and Likelihood
What is Inherent Risk?
300
Customers must meet this requirement before they may request an audit of ServiceNow
What is Right to Audit clause in their signed contract
300
The title of the ServiceNow staff person who maintains security clearances, personnel issues, and security training
What is the Facility Security Officer, or “FSO?”
300
Cloud GRC did this team building activity for Q3 2016 CTK
What is a murder mystery scavenger hunt in the Gaslamp Quarter?
400
This ISO standard emphasizes protection of Personal Data in the Cloud.
What is ISO 27018?
400
To calculate the residual risk score, one must consider the inherent risk value and this value (displayed along the x axis below)
What is control effectiveness?
400
MTCS stands for this
What is Multi-Tier Cloud Security
400
A company holds this in order to have DOD contracts
What is a Facility Clearance Level, or “FCL?”
400
The year GRC started the FedRAMP process
What is 2013?
500
In 2017, the US harmonized its accessibility requirements with this international standard
What is WCAG?
500
The common name for Risk management -- Principles and guidelines, 2009, published by the International Organization for Standardization.
What is ISO 31000?
500
An initial IRAP assessment has 2 Phases, what is the intent of each phase?
Stage 1 Audit identifies security deficiencies which the system owner rectifies or mitigates Stage 2 Audit assesses the residual compliance
500
This government agency governs the FSO
The Defense Security Service, or “DSS?”
500
Cloud GRC supports these certifications (total number and names)
7: SOC 1, SOC 2, MTCS, DOD Level 2, FedRAMP, ISO 27001, and ISO 27018
M
e
n
u