Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
73 Cards in this Set
- Front
- Back
|
Backbone |
The main communications channel of a digital network. The part of the network that handles the major traffic. Employs the highest-speed transmission paths in the network and may also run the longest distances. Smaller networks are attached to the backbone, and networks that connect directly to the end user or customer are called "access networks". A backbone can span a geographic area of any size from a single building to an office complex to an entire country. Or, it can be as small as a backplane in a single cabinet |
|
|
Backup |
Files, equipment, data and procedures available for user in the event of a failure or loss, if the originals are destroyed or out of service. |
|
|
Badge |
A card or other device that is presented or displayed to obtain access to an otherwise restricted facility, as a symbol of authority (e.g. police) or as a simple means of identification. Also used in advertising and publicity. |
|
|
Bandwidth |
The range between the highest and lowest transmittable frequencies. It equates to the transmission capacity of an electronic line and is expressed in bytes per second or Hertz (cycles per second) |
|
|
Bar Code |
A printed machine-readable code that consists of parallel bars of varied width and spacing. |
|
|
Base case |
A standardized body of data created for testing purposes. Users normally establish the data. Base case validate production application systems and test the ongoing accurate operation of the system. |
|
|
Baseband |
A form of modulation in which data signals are pulsed directly on the transmission medium without frequency division and usually utilize a transceiver. The entire bandwidth of the transmission medium (e.g. coaxial cable) is utilized for a single channel. |
|
|
Batch control |
Correctness checks built into data processing systems and applied to batches of input data, particularly in the data preparation stage. There are two main forms of batch controls: sequence control, which involved consecutively numbering the records in a batch so that the presence of each record can be confirmed, and control total, which is a total of the values in selected fields within the transactions. |
|
|
Batch processing |
The processing of a group of transactions at the same time. Transactions are collected and processed against the master files at a specified time. |
|
|
Bayesian filter |
A method often employed by antispam software to filter span based on probabilities. The message header and every word or number are each considered a token and given a probability score. Then the entire message is given a span probability score. A message with a high score will be flagged as spam and discarded, returned to its sender or put in a spam directory for further review by the intended recipient. |
|
|
Benchmarking |
A systematic approach to comparing organization performance against peers and competitors in an effort to learn the best ways of conducting business. Examples include benchmarking of quality, logistic efficiency and various other metrics. |
|
|
Binary code |
A code whose representation is limited to 0 and 1 |
|
|
Biometrics |
A security technique that verifies an individual's identity by analyzing a unique physical attribute such as a handprint |
|
|
Black box testing |
A testing approach that focuses on the functionality of the application or product and does not require knowledge of the code intervals. |
|
|
Bridge |
A device that connects two similar networks together. |
|
|
Broadband |
Multiple channels are formed by dividing the transmission medium into discrete frequency segments. Broadband generally requires the use of a modem. |
|
|
Brouters |
Devices that perform the functions of both a bridge and a router. A brouter operates at both the data link and the network layers. It connects same data link type local area network (LAN) segments as well as different data link ones, which is a significant advantage. Like a bridge, it forwards packets based on the data link layer address to a different network of the same type. Also, whenever required, it processes and forwards messages to a different data link type network based on the network protocol address. When connecting same data link type networks, it is as fast as a bridge and is able to connect different data link type networks. |
|
|
Buffer |
Memory reserved to temporarily hold data to offset differences between the operating speeds of different devices, such as a printer and a computer. In a program, buffers are reserved areas of random access memory (RAM) that hold data while they are being processed. |
|
|
Bus |
Common path or channel between hardware devices. Can be located between components internal to a computer or between external computers in a communications network. |
|
|
Bus configuration |
All devices (nodes) are linked along one communication line where transmissions are received by all attached nodes. This architecture is reliable in very small networks, as well as easy to use and understand. This configuration requires the least amount of cable to connect the computers together and, therefore, is less expensive than other cabling arrangements. It is also easy to extend, and two cables can be easily joined with a connector to make a longer cable for more computers to join the network. A repeater can also be used to extend a bus configuration. |
|
|
Business case |
Documentation of the rationale for making a business investment, used both to support a business decision on whether to proceed with the investment and as an operational tool to support management of the investment through its full economic life cycle. |
|
|
Business Continuity Plan (BCP) |
A plan used by an organization to respond to disruption of critical business processes. Depends on the contingency plan for restoration of critical systems. |
|
|
Business impact analysis (BIA) |
A process to determine the impact of losing the support of any resource. The BIA assessment study will establish the escalation of that loss over time. It is predicted on the fact that senior management, when provided reliable data to document the potential impact of a lost resource, can make the appropriate decision. |
|
|
Business process reengineering (BPR) |
The thorough analysis and significant redesign of business processes and management systems to establish a better performing structure, more responsive to the customer base and market conditions, while yielding material cost savings |
|
|
Business risk |
A probable situation with uncertain frequency and magnitude of loss (or gain) |
|
|
Bypass label processing (BLP) |
A technique of reading a computer file while bypassing the internal file/data set label. This process could result in bypassing of the security access control system. |
|
|
Business risk |
A probable situation with uncertain frequency and magnitude of loss (or gain) |
|
|
Bypass label processing (BLP) |
A technique of reading a computer file while bypassing the internal file/data set label. This process could result in bypassing of the security access control system. |
|
|
Capability Maturity Model (CMM) |
CMM for software, from the Software Engineering Institute (SEI), is a model used by many organizations to identify best practices useful in helping them assess and increase the maturity of their software development processes. |
|
|
Central processing unit (CPU) |
Computer hardware that houses the electronic circuits that control/direct all operations of the computer system. |
|
|
Certificate authority (CA) |
A trusted third party that serves authentication infrastructures or organizations and registers entities and issues them certificates. |
|
|
Certificate revocation list (CRL) |
An instrument for checking the continued validity of the certificates for which the certification authority (CA) has responsibility. The CRL details digital certificates that are no longer valid. The time gap between two updates is very critical and is also a risk in digital certificates verification. |
|
|
Certification practice statement (CPS) |
A detailed set of rules governing the certificate authority's operations. It provides an understanding of the value and trustworthiness of certificates issued by a given CA. In terms of the controls that an organization observes, the method it uses to validate the authenticity of certificate applicants and the CA's expectations of how its certificates may be used. |
|
|
Channel Service Unit/Digital Service Unit (CSU/DSU) |
Interfaces at the physical layer of the open systems interconnection (OSI) reference model, data terminal equipment (DTE) to data circuit terminating equipment (DCE), for switched carrier networks. |
|
|
Check digit |
A numeric value, which has been calculated mathematically, that is added to data to ensure that original data have not been altered or that an incorrect, but valid match has occurred. Check digit control is effective in detecting transposition and transcription errors. |
|
|
Checklist |
A list of items that is used to verify the completeness of a task or goal. Used in quality assurance (and, in general, in information systems audit) to check process compliance, code standardization and error prevention, and other items for which consistency processes or standards have been defined. |
|
|
Checksum |
A mathematical value that is assigned to a file and used to "test" the file at a later date to verify that the data contained in the file have not been maliciously changed. A cryptographic checksum is created by performing a complicated series of mathematical operations (known as a cryptographic algorithm) that translates the data in the file into a fixed string of digits called a hash value, which is then used as the checksum. Without knowing which cryptographic algorithm was used to create the hash value, it is highly unlikely that an unauthorized person would be able to change data without inadvertently changing the corresponding checksum. Cryptorgaphic checksums are used in data transmission and data storage. Cryptographic checksums are also known as message authentication codes, integrity check-values, modification detection codes or message integrity codes. |
|
|
Ciphertext |
Information generated by an encryption algorithm to protect the plaintext and that is unintelligible to the unauthorized reader.
|
|
|
Client-server |
A group of computers connected by a communications network, in which the client is the requesting machine and the server is the supplying machine. Software is specialized at both ends. Processing may take place on either the client or the server, but it is transparent to the user. |
|
|
Cloud computing |
A model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. |
|
|
Coaxial cable |
Composed of an insulated wire that runs through the middle of each cable, a second wire that surrounds the insulation of the inner wire like a sheath, and the outer insulation which wraps the second wire. Has a greater transmission capacity than standard twisted-pair cables, but has a limited range of effective distance. |
|
|
Cohesion |
The extent to which a system unit-- subroutine, program, module, component, subsystem--performs a single dedicated function. Generally, the more cohesive are units, the easier it is to maintain and enhance a system because it is easier to determine where and how to apply a change. |
|
|
Cold site |
An IS backup facility that has the necessary electrical and physical components of a computer facility, but does not have the computer equipment in place. The site is ready to receive the necessary replacement computer equipment in the event the users have to move from their main computing location to the alternative computer facility. |
|
|
Communication processor |
A computer embedded in a communications system that generally performs basic tasks of classifying network traffic and enforcing network policy functions. An example is the message data processor of a digital divide network (DDN) switching center. More advanced communications processors may perform additional functions. |
|
|
Comparison program |
A program for the examination of data, using logical or conditional tests to determine or to identify similarities or differences. |
|
|
Compensating control |
An internal control that reduces the risk of an existing or potential control weakness resulting in errors and omissions. |
|
|
Compiler |
A program that translates programming language (source code) into machine executable instructions (object code) |
|
|
Completely connected (mesh) configuration |
A network topology in which devices are connected with many redundant interconnections between network nodes (primarily used for backbone networks) |
|
|
Completeness Check |
A procedure designed to ensure that no fields are missing from a record. |
|
|
Compliance testing |
Tests of control designed to obtain audit evidence on both the effectiveness of the controls are their operation during the audit period. |
|
|
Components (as in component-based development) |
Cooperating packages of executable software that make their services available through defined interfaces. Components used in developing systems may be commercial off-the-shelf software (COTS) or may be purposely built. However, the goal of component-based development is to ultimately use as many predeveloped, pretested components as possible. |
|
|
Comprehensive audit |
An audit designed to determine the accuracy of financial records as well as evaluate the internal controls of a function or department. |
|
|
Computer emergency response team (CERT) |
A group of people integrated at the organization with clear lines of reporting and responsibilities for standby support in case of an information systems emergency. This group will act as an efficient corrective control, and should also act as a single point of contact for all incidents and issues related to information systems. |
|
|
Computer forensics |
The application of the scientific method to digital media to establish factual information for judicial review. This process often involves investigating computer systems to determine whether they are or have been used for illegal or unauthorized activities. As a discipline, it combines elements of law and computer science to collect and analyze data from information systems (e.g., personal computers, networks, wireless communications and digital storage devices) in a way that is admissible as evidence in a court of law. |
|
|
Computer-aided software engineering (CASE) |
The use of software packages that aid in the development of all phases of an information system. System analysis, design programming and documentation are provided. Changes introduced in one CASE chart will update all other related charts automatically. CASE can be installed on a microcomputer for easy access. |
|
|
Computer-assisted audit technique (CAAT) |
Any automated audit technique, such as generalized audit software (GAS), test data generators, computerized audit programs and specialized audit utilities. |
|
|
Concurrency control |
Refers to a class of controls used in database management systems (DBMS) to ensure that transactions are processed in an atomic, consistent, isolated and durable manner (ACID). This implies that only serial and recoverable schedules are permitted, and that committed transactions are not discarded when undoing aborted transactions. |
|
|
Console Log |
An automated detail report of computer system activity. |
|
|
Continuity |
Preventing, mitigating and recovering from disruption. The terms "business resumption planning," "disaster recovery planning" and "contingency planning" also may be used in this context, they all concentrate on the recover aspects of continuity. |
|
|
Continuous improvement |
The goals of continuous improvement (Kaizen) include the elimination of waste, defined as "activities that add cost, but do not add value;" just-in-time (JIT) delivery; production load leveling of amounts and types; standardized work; paced moving lines; right-sized equipment. A closer definition of the Japanese usage of Kaizen is "to take it apart and put back together in a better way." What is taken apart is usually a process, system, product or service. Kaizen is a daily activity whose purpose goes beyond improvement. It is also a process that, when done correctly, humanizes the workplace, eliminates hard work (both mental and physical), and teaches people how to do rapid experiments using the scientific method and how to learn to see and eliminate waste in business processes. |
|
|
Control group |
Members of the operations area that are responsible for the collection, logging and submission of input for the various user groups. |
|
|
Control risk |
The risk that a material error exists that would not be prevented or detected on a timely basis by the system of internal controls. |
|
|
Control section |
The area of the central processing unit (CPU) that executes software, allocates internal memory and transfers operations between the arithmetic-logic, internal storage and output sections of the computer. |
|
|
Cookie |
A message kept in the web browser for the purpose of identifying users and possibly preparing customized web pages for them. The first time a cookie is set, a user may be required to go through a registration process. Subsequent to this, whenever the cookie's message is sent to the server, a customized view based on that user's preferences can be produced. The browser's implementation of cookies has, however, brought several security concerns, allowing breaches of security and the theft of personal information (e.g., user passwords that validate the user's identity and enable restricted web services) |
|
|
Corporate governance |
The system by which organizations are directed and controlled. The board of directors are responsible for the governance of their organizations. It consists of the leadership and organizational structures and processes that ensure the organization sustains and extends strategies and objectives. |
|
|
Corrective control |
Designed to correct errors, omissions and unauthorized uses and intrusions once they are detected. |
|
|
Countermeasure control |
Designed to correct errors, omissions and unauthorized uses and intrusions once they are detected. |
|
|
Countermeasure |
Any process that directly reduces a threat or vulnerability |
|
|
Coupling |
Measure of interconnectivity among structure of software programs. Coupling depends on the interface complexity between modules. This can be defined as the point at which entry or reference is made to a module, and what data pass across the interface. In application software design, it is preferable to strive for the lowest possible coupling between modules. Simple connectivity among modules results in software that is easier to understand and maintain, and less prone to a ripple or domino effect caused when errors occur at one location and propagate through a system. |
|
|
Customer relationship management (CRM) |
A way to identify, acquire and retain customers. CRM is also an industry term for software solutions that help an organization manage customer relationships in an organized manner. |
|
|
Data communications |
The transfer of data between separate computer processing sites/devices using telephone lines, microwave and/or satellite links.
|
|
|
Data custodian |
Individual(s) and department(s) responsible for the storage and safeguarding or computerized information. This typically is within the IS organization. |
|
|
Data dictionary |
A database that contains the name, type, range of values, source, and authorization for access for each data element in a database. It also indicates which application programs use those data so that when a data structure is contemplated, a list of the affected program can be generated. May be a stand-alone information system used for management or documentation purposes, or it may control the operation of a database. |
