Across
- 6. Policies and procedures are fully institutionalized, repeatable, automated where appropriate, consistently implemented, and regularly updated
- 9. Assessor selects the sample items without intentional bias to include or exclude certain items in the population
- 10. the process of the assessor re-preforming the control’s procedures for accuracy
- 12. a period of time, normally two weeks, in which specific work has to be completed and made ready for review
- 13. supports the ability to limit or contain the impact of a potential cybersecurity event
- 15. supports the ability to contain the impact of a potential cybersecurity incident
- 18. Based on assessor's sound and seasoned judgement
Down
- 1. the process of looking at the entity’s management perform a process outlined in the procedures
- 2. relating to or measured by the quality or characteristics
- 3. The ____ provides educational guidance materials; develops and grades the Uniform CPA Examination; and monitors and enforces compliance within the profession.
- 4. (acronym) provides a detailed step-by-step account of the work the assessor completed
- 5. enables timely discovery of cybersecurity events
- 7. assists in developing an organizational understanding to managing cybersecurity risk to systems, people, assets, data, and capabilities.
- 8. relating to, or involving the measurement of quantity or amount
- 11. stands for "Prepared by Client" or "Provided by Client." For assurance engagements, the assessor will issue PBC items to the client. Each item is a request to either hold a meeting or obtain documentation.
- 14. Control is designed to put into place when specific requirements for compliance can't be met with existing controls
- 16. a framework for developing complex software products in an iterative and incremental fashion and is the most widely recognized Agile framework
- 17. identifies appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity incident