Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
74 Cards in this Set
- Front
- Back
|
Acceptable Use Policy (AUP)
|
A policy that establishes an agreement between users and the organization and defines for all parties' ranges of use that are approved before gaining access to a network or the Internet.
|
|
|
Access control list (ACL)
|
An internal computerized table of access rules regarding the levels of computer access permitted to logon IDs and computer terminals.
Scope Note: Access Control Lists are also referred to as access control tables. |
|
|
Accountability
|
Responsibility, liability. To be accountable is to be liable for the final result or to be held responsible for one's actions.
|
|
|
Access Control
|
Refers to the processes, rules and deployment mechanisms which control access to information systems, resources and physical access to premises.
|
|
|
Access Path
|
The logical route an end user takes to access computerized information.
Scope Note: Typically, an access path includes a route through the operating system, telecommunications software, selected application software and the access control system. |
|
|
Access Rights
|
Permission or privileges granted to users, programs or workstations to create, change, delete or view data and files within a system, as defined by rules established by data owners and the information security policy.
|
|
|
Alternative Routing
|
A service that allows the option of having an alternate route to complete a call when the marked destination is not available.
Scope Note: In signaling, alternate routing is the process of allocating substitute routes for a given signaling traffic stream in case of failure(s) affecting the normal signaling links or routes of that traffic stream. |
|
|
Antivirus Software
|
An application software deployed at multiple points in an IT architecture and is designed to detect and potentially eliminate virus code before damage is done and repair or quarantine files that have already been infected.
|
|
|
Application
|
A computer program or set of programs that perform the processing of records for a specific function.
Scope Note: An application program contrasts with systems programs, such as an operating system or network control program, and with utility programs, such as copy or sort. |
|
|
Application Control
|
'Manual or programmed activities intended to ensure the completeness and accuracy of records and the validity of entries made. The objectives of application controls are to ensure the completeness and accuracy of the records and the validity of the entries made therein resulting from manual and programmed processing.
|
|
|
Application
Programming Interface (API) |
A set of routines, protocols and tools referred to as "building blocks" used in business application software development.
Scope Note: A good API makes it easier to develop a program by providing all the building blocks related to functional characteristics of an operating system, which applications need to specify when, for example, interfacing with an operating system (e.g., provided by MSWindows, different versions of UNIX). A programmer would utilize these APIs in developing applications that can operate effectively and efficiently on the platform chosen. |
|
|
Arithmetic-Logic Unit
(ALU) |
The area of the central processing unit that performs mathematical and analytical operations.
|
|
|
Asymmetric Key
(Public Key) |
A technology for scrambling data content using one key for encryption and another for decryption.
|
|
|
Attribute Sampling
|
An audit technique used to select items from a population for audit testing purposes based on selecting all those items that have certain attributes or characteristics (such as all items over a certain size).
|
|
|
Audit Evidence
|
Information used to support the audit opinion.
|
|
|
Audit Objective
|
The specific goal(s) of an audit.
Scope Note: 'These often center on substantiating the existence of internal controls to minimize business risk. |
|
|
Audit Plan
|
1. A plan containing the nature, timing and extent of audit procedures to be performed by engagement team members in order to obtain sufficient appropriate audit evidence to form an opinion.
Scope Note: The plan includes the areas to be audited, the type of work planned, the high level objectives and scope of the work, and topics such as budget, resource allocation, schedule dates, type of report and its intended audience and other general aspects of the work. 2. A high level description of the audit work to be performed in a certain period of time. |
|
|
Audit Program
|
A step-by-step set of audit procedures and instructions that should be performed to complete an audit.
|
|
|
Audit Risk
|
The probability that information or financial reports may contain material errors and that the auditor may not detect an error that has occurred.
|
|
|
Audit Trail
|
A visible trail of evidence enabling one to trace information contained in statements or reports back to the original input source.
|
|
|
Auditability
|
The level to which transactions can be traced and audited through a system.
|
|
|
Authentication
|
1. The act of verifying the identity of a user.
Scope Note: Authentication is designed to protect against fraudulent logon activity. It can also refer to the verification of the correctness of a piece of data. 2. The user’s eligibility to access computerized information. |
|
|
Backup
|
Files, equipment, data and procedures available for use in the event of a failure or loss, if the originals are destroyed or out of service.
|
|
|
Balanced Scorecard
|
The balanced scorecard, developed by Robert S. Kaplan and David P. Norton, is a coherent set of performance measures organized into four categories. It includes traditional financial measures, but adds customer, internal business process, and learning and growth perspectives.
|
|
|
Bandwidth
|
The range between the highest and lowest transmittable frequencies. It equates to the transmission capacity of an electronic line and is expressed in bytes per second or Hertz (cycles per second).
|
|
|
Batch Control
|
Correctness checks built into data processing systems and applied to batches of input data, particularly in the data preparation stage.
Scope Note: There are two main forms of batch controls: sequence control, which involves numbering the records in a batch consecutively so that the presence of each record can be confirmed, and control total, which is a total of the values in selected fields within the transactions. |
|
|
Batch Processing
|
The processing of a group of transactions at the same time.
Scope Note: Transactions are collected and processed against the master files at a specified time. |
|
|
Benchmark
|
A test that has been designed to evaluate the performance of a system. In a benchmark test, a system is subjected to a known workload and the performance of the system against this workload is measured.
Scope Note: Typically, the purpose is to compare the measured performance with that of other systems that have been subject to the same benchmark test. |
|
|
Benchmarking
|
A systematic approach to comparing an organization’s performance against peers and competitors in an effort to learn the best ways of conducting business.
Scope Note: Examples include: benchmarking of quality, logistical efficiency and various other metrics. |
|
|
Biometrics
|
A security technique that verifies an individual’s identity by analyzing a unique physical attribute, such as a handprint.
|
|
|
Black Box Testing
|
A testing approach which focuses on the functionality of the application or product and does not require knowledge of the code intervals.
|
|
|
Bus
|
Common path or channel between hardware devices.
Scope Note: A bus can be between components internal to a computer or between external computers in a communications network. |
|
|
Bus Configuration
|
All devices (nodes) are linked along one communication line where transmissions are received by all attached nodes.
Scope Note: 'This architecture is reliable in very small networks, as well as easy to use and understand. This configuration requires the least amount of cable to connect the computers together and, therefore, is less expensive than other cabling arrangements. It is also easy to extend, and two cables can be easily joined with a connector to make a longer cable for more computers to join the network. A repeater can also be used to extend a bus configuration. |
|
|
Business Case
|
Documentation of the rationale for making a business investment, used both to support a business decision on whether to proceed or not with the investment and as an operational tool to support management of the investment through its full economic life cycle.
|
|
|
Business Continuity
Plan (BCP) |
Plan used by organization to respond to disruption of critical business processes. Depends on contingency plan for restoration of critical systems.
|
|
|
Business Impact Analysis (BIA)
|
A process to determine the impact of losing the support of any resource.
Scope Note: The business impact analysis assessment study will establish the escalation of that loss overtime. It is predicated on the fact that senior management, when provided reliable data to document the potential impact of a lost resource, can make the appropriate decision. |
|
|
Business Process
Reengineering (BPR) |
The thorough analysis and significant redesign of business processes and management systems to establish a better performing
structure, more responsive to the customer base and market conditions, while yielding material cost savings. |
|
|
Bypass Label
Processing (BLP) |
A technique of reading a computer file while bypassing the internal file/data set label. This process could result in bypassing of the security
access control system. |
|
|
Capability Maturity Model (CMM)
|
Contains the essential elements of effective processes for one or more disciplines. It also describes an evolutionary improvement path
from ad hoc, immature processes to disciplined, mature processes with improved quality and effectiveness. |
|
|
Certificate Authority (CA)
|
A trusted third party that serves authentication infrastructures or organizations and registers entities and issues them certificates.
|
|
|
Certificate Revocation List (CRL)
|
An instrument for checking the continued validity of the certificates for which the certification authority (CA) has responsibility.
Scope Note: CRL details digital certificates that are no longer valid. The time gap between two updates is very critical and is also a risk in digital certificates verification. |
|
|
Change Management
|
A holistic and proactive approach to managing the transition from a current to a desired organizational state, focusing specifically on the
critical human or "soft" elements of change. Scope Note: Change management includes activities such as culture change (values, beliefs and attitudes), development of reward systems (measures and appropriate incentives), organizational design, stakeholder management, human resource policies and procedures, executive coaching, change leadership training, team building and communications planning and execution. |
|
|
Check Digit
|
A numeric value, which has been calculated mathematically, is added to data to ensure that original data have not been altered or that an
incorrect, but valid match has occurred. Scope Note: Check digit control is effective in detecting transposition and transcription errors. |
|
|
Ciphertext
|
Information generated by an encryption algorithm to protect the plaintext and is unintelligible to the unauthorized reader.
|
|
|
Client-server
|
A group of computers connected by a communications network, where the client is the requesting machine and the server is the supplying
machine. Scope Note: Software is specialized at both ends. Processing may take place on either the client or the server but it is transparent to the user. |
|
|
Cold Site
|
An IS backup facility that has the necessary electrical and physical components of a computer facility, but does not have the computer
equipment in place. Scope Note: The site is ready to receive the necessary replacement computer equipment in the event the users have to move from their main computing location to the alternative computer facility. |
|
|
Compensating Control
|
An internal control that reduces the risk of an existing or potential control weakness resulting in errors and omissions.
|
|
|
Completely Connected (Mesh)
Configuration |
A network topology in which devices are connected with many redundant interconnections between network nodes (primarily used for backbone networks).
|
|
|
Compliance Testing
|
Tests of control designed to obtain audit evidence on both the effectiveness of the controls and their operation during the audit period.
|
|
|
Computer Emergency Response Team (CERT)
|
A group of people integrated at the organization with clear lines of reporting and responsibilities for standby support in case of an
information systems emergency. This group will act as an efficient corrective control, and should also act as a single point of contact for all incidents and issues related to information systems. |
|
|
Computer-Aided Software Engineering (CASE)
|
The use of software packages that aid in the development of all phases of an information system.
Scope Note: System analysis, design programming and documentation are provided. Changes introduced in one CASE chart will update all other related charts automatically. CASE can be installed on a microcomputer for easy access. |
|
|
Computer-Assisted Audit Technique (CAATs)
|
Any automated audit technique, such as generalized audit software, test data generators, computerized audit programs and specialized audit utilities.
|
|
|
Concurrency Control
|
Refers to a class of controls used in database management systems (DBMS) to ensure that transactions are processed in an atomic,
consistent, isolated and durable manner (ACID). This implies that only serial and recoverable schedules are permitted, and that committed transactions are not discarded when undoing aborted transactions. |
|
|
Configuration Management
|
The control of changes to a set of configuration items over a system life cycle.
|
|
|
Contingency Planning
|
Process of developing advance arrangements and procedures that enable an organization to respond to an event that could occur by
chance or unforeseen circumstances. |
|
|
Continuous Improvement
|
The goals of continuous improvement (Kaizen) include the elimination of waste, defined as "activities that add cost but do not add value;"
just-in-time delivery; production load leveling of amounts and types; standardized work; paced moving lines; right-sized equipment. Scope Note: A closer definition of the Japanese usage of Kaizen is "to take it apart and put back together in a better way." What is taken apart is usually a process, system, product or service. Kaizen is a daily activity whose purpose goes beyond improvement. It is also a process that, when done correctly, humanizes the workplace, eliminates hard work (both mental and physical), and teaches people how to do rapid experiments using the scientific method and how to learn to see and eliminate waste in business processes. |
|
|
Control Objective
|
A statement of the desired result or purpose to be achieved by implementing control procedures in a particular process.
|
|
|
Control Practice
|
Key control mechanism that supports the achievement of control objectives through responsible use of resources, appropriate management of risk and alignment of IT with business.
|
|
|
Control Risk
|
The risk that a material error exists that would not be prevented or detected on a timely basis by the system of internal controls. (See also
Inherent Risk) |
|
|
Cookie
|
A message kept in the web browser for the purpose of identifying users and possibly preparing customized web pages for them.
Scope Note: For the first time a cookie is set, a user may be required to go through a registration process. Subsequent to this, whenever the cookie's message is sent to the server, a customized view, based on that user's preferences, can be produced. The browser's implementation of cookies has however brought several security concerns, allowing breaches of security and the theft of personal information (e.g., user passwords that validate the user's identity and enable restricted web services). |
|
|
Corrective Controls
|
Designed to correct errors, omissions and unauthorized uses and intrusions, once they are detected.
|
|
|
COSO
|
Committee of Sponsoring Organizations of the Treadway Commission.
Scope Note: Its 1992 report "Internal Control--Integrated Framework" is an internationally accepted standard for corporate governance. See www.coso.org. |
|
|
Critical Infrastructure
|
Systems whose incapacity or destruction would have a debilitating effect on the economic security of an organization, community or nation.
|
|
|
Critical Success Factors (CSFs)
|
Critical success factor; the most important issues or actions for management to achieve control over and within its IT processes.
|
|
|
Customer Relationship Management (CRM)
|
A way to identify, acquire and retain customers. CRM is also an industry term for software solutions that help an organization manage
customer relationships in an organized manner. |
|
|
Data Communications
|
The transfer of data between separate computer processing sites/devices using telephone lines, microwave and/or satellite links.
|
|
|
Data Custodian
|
Individuals and departments responsible for the storage and safeguarding of computerized data.
|
|
|
Data Leakage
|
Siphoning out or leaking information by dumping computer files or stealing computer reports and tapes.
|
|
|
Data Owner
|
Individuals, normally managers or directors, who have responsibility .for the integrity, accurate reporting and use of computerized data.
|
|
|
Data Structure
|
The relationships among files in a database and among data items within each file.
|
|
|
Database
|
A stored collection of related data needed by organizations and individuals to meet their information processing and retrieval requirements.
|
|
|
Database Administrator (DBA)
|
An individual or department responsible for the security and information classification of the shared data stored on a database system.
This responsibility includes the design, definition and maintenance of the database. |
|
|
Database Management System (DBMS)
|
A software system that controls the organization, storage and retrieval of data in a database.
|
|
|
Decryption
|
A technique used to recover the original plaintext from the ciphertext such that it is intelligible to the reader. The decryption is a reverse
process of the encryption. |
