Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
399 Cards in this Set
- Front
- Back
Acceptable Use Policy |
A policy that establishes an agreement between users and the enterprise and defines for all parties' the ranges of use that are approved before gaining access to a network or the Internet |
|
Access Control |
The processes, rules and deployment mechanisms that control access to information systems, resources and physical access to premises |
|
Access Control List (ACL) |
An internal computerized table of access rules regarding the levels of computer access permitted to logon IDs and computer terminals |
|
Access Path |
The logical route that an end user takes to access computerized information |
|
Access Rights |
The permission or privileges granted to users, programs or workstations to create, change, delete or view data and files within a system, as defined by rules established by data owners and the information security policy |
|
Adware |
A software package that automatically plays, displays or downloads advertising material to a computer after the software is installed on it or while the application is being used |
|
Alternative Routing |
A service that allows the option of having an alternate route to complete a call when the marked destination is not available |
|
Antivirus Software |
An application software deployed at multiple points in an IT architecture |
|
Application |
A computer program or set of programs that performs the processing of records for a specific function |
|
Application Controls |
The policies, procedures and activities designed to provide reasonable assurance that objectives relevant to a given automated solution (application) are achieved |
|
Application Programming Interface (API) |
A set of routines, protocols and tools referred to as "building blocks" used in business application software development |
|
Application Software Tracing and Mapping |
Specialized tools that can be used to analyze the flow of data through the processing logic of the application software and document the logic, paths, control conditions and processing sequences |
|
Asymmetric Key (Public Key) |
A cipher technique in which different cryptographic keys are used to encrypt and decrypt a message
|
|
Attribute Sampling |
Method to select a portion of a population based on the presence or absence of a certain characteristic |
|
Audit Evidence |
The information used to support the audit opinion |
|
Audit Objective |
The specific goal(s) of an audit |
|
Audit Plan |
1. A plan containing the nature, timing and extent of audit procedures to be performed by engagement team members in order to obtain sufficient appropriate audit evidence to form an opinion 2. A high-level description of the audit work to be performed in a certain period of time |
|
Audit Program |
A step-by-step set of audit procedures and instructions that should be performed to complete an audit |
|
Audit Risk |
The risk of reaching an incorrect conclusion based upon audit findings
Scope Note: The three components of audit risk are: Control risk, Detection risk, and Inherent risk |
|
Audit Trail |
A visible trail of evidence enabling one to trace information contained in statements or reports back to the original input source |
|
Authentication |
1. The act of verifying identity (i.e.,user, system)
2. The act of verifying the identity of a user and the user’s eligibility to access computerized information |
|
Backbone |
The main communication channel of a digital network. The part of a network that handles the major traffic |
|
Backup |
Files, equipment, data and procedures available for use in the event of a failure or loss, if the originals are destroyed or out of service |
|
Balanced Scorecard (BSC) |
Developed by Robert S. Kaplan and David P. Norton as a coherent set of performance measures organized into four categories that includes traditional financial measures, but adds customer, internal business process, and learning and growth perspectives |
|
Bandwidth |
The range between the highest and lowest transmittable frequencies. It equates to the transmission capacity of an electronic line and is expressed in bytes per second or Hertz (cycles per second). |
|
Batch Control |
Correctness checks built into data processing systems and applied to batches of input data, particularly in the data preparation stage |
|
Batch Processing |
The processing of a group of transactions at the same time |
|
Baud Rate |
The rate of transmission for telecommunications data, expressed in bits per second (bps) |
|
Benchmarking |
A systematic approach to comparing enterprise performance against peers and competitors in an effort to learn the best ways of conducting business |
|
Biometrics |
A security technique that verifies an individual’s identity by analyzing a unique physical attribute, such as a handprint |
|
Black Box Testing |
A testing approach that focuses on the functionality of the application or product and does not require knowledge of the code intervals |
|
Broadband |
Multiple channels are formed by dividing the transmission medium into discrete frequency segments. |
|
Brouter |
Device that performs the functions of both a bridge and a router |
|
Buffer |
Memory reserved to temporarily hold data to offset differences between the operating speeds of different devices, such as a printer and a computer |
|
Bus Configuration |
All devices (nodes) are linked along one communication line where transmissions are received by all attached nodes. |
|
Business Case |
Documentation of the rationale for making a business investment, used both to support a business decision on whether to proceed with the investment and as an operational tool to support management of the investment through its full economic life cycle |
|
Business Continuity Plan (BCP) |
A plan used by an enterprise to respond to disruption of critical business processes. Depends on the contingency plan for restoration of critical systems |
|
Business Impact Analysis (BIA) |
A process to determine the impact of losing the support of any resource |
|
Business Process Reengineering (BPR) |
The thorough analysis and significant redesign of business processes and management systems to establish a better performing structure, more responsive to the customer base and market conditions, while yielding material cost savings |
|
Capability Maturity Model(CMM) |
1. Contains the essential elements of effective processes for one or more disciplines 2. CMM for software, from the Software Engineering Institute (SEI), is a model used by many enterprises to identify best practices useful in helping them assess and increase the maturity of their software development processes |
|
Capacity Stress Testing |
Testing an application with large quantities of data to evaluate its performance during peak periods. Also called volume testing |
|
Card Swipe |
A physical control technique that uses a secured card or ID to gain access to a highly sensitive location. |
|
Certificate (Certification) Authority (CA) |
A trusted third party that serves authentication infrastructures or enterprises and registers entities and issues them certificates |
|
Certificate Revocation List (CRL) |
An instrument for checking the continued validity of the certificates for which the certification authority (CA) has responsibility |
|
Certification Practice Statement (CPS) |
A detailed set of rules governing the certificate authority's operations. It provides an understanding of the value and trustworthiness of certificates issued by a given certificate authority (CA). |
|
Chain of Custody |
A legal principle regarding the validity and integrity of evidence. It requires accountability for anything that will be used as evidence in a legal proceeding to ensure that it can be accounted for from the time it was collected until the time it is presented in a court of law. |
|
Challenge/Response Token |
A method of user authentication that is carried out through use of the Challenge Handshake Authentication Protocol (CHAP) |
|
Change Management |
A holistic and proactive approach to managing the transition from a current to a desired organizational state, focusing specifically on the critical human or "soft" elements of change |
|
Check Digit |
A numeric value, which has been calculated mathematically, is added to data to ensure that original data have not been altered or that an incorrect, but valid match has occurred. |
|
Checkpoint Restart Procedures |
A point in a routine at which sufficient information can be stored to permit restarting the computation from that point |
|
Checksum |
A mathematical value that is assigned to a file and used to "test" the file at a later date to verify that the data contained in the file has not been maliciously changed |
|
Circuit-Switched Network |
A data transmission service requiring the establishment of a circuit-switched connection before data can be transferred from source data terminal equipment (DTE) to a sink DTE |
|
Circular Routing |
In open systems architecture, circular routing is the logical path of a message in a communication network based on a series of gates at the physical network layer in the open systems interconnection (OSI) model. |
|
Client-Server |
A group of computers connected by a communication network, in which the client is the requesting machine and the server is the supplying machine |
|
Cloud Computing |
Convenient, on-demand network access to a shared pool of resources that can be rapidly provisioned and released with minimal management effort or service provider interaction |
|
Cluster Controller |
A communication terminal control hardware unit that controls a number of computer terminals |
|
Coaxial Cable |
Composed of an insulated wire that runs through the middle of each cable, a second wire that surrounds the insulation of the inner wire like a sheath, and the outer insulation which wraps the second wire |
|
Cohesion |
The extent to which a system unit--subroutine, program, module, component, subsystem-- performs a single dedicated function. |
|
Cold Site |
An IS backup facility that has the necessary electrical and physical components of a computer facility, but does not have the computer equipment in place |
|
Compensating Control |
An internal control that reduces the risk of an existing or potential control weakness resulting in errors and omissions |
|
Completely Connected (Mesh) Configuration |
A network topology in which devices are connected with many redundant interconnections between network nodes (primarily used for backbone networks) |
|
Completeness Check |
A procedure designed to ensure that no fields are missing from a record |
|
Compliance Testing |
Tests of control designed to obtain audit evidence on both the effectiveness of the controls and their operation during the audit period |
|
Comprehensive Audit |
An audit designed to determine the accuracy of financial records as well as to evaluate the internal controls of a function or department |
|
Computer Emergency Response Team (CERT) |
A group of people integrated at the enterprise with clear lines of reporting and responsibilities for standby support in case of an information systems emergency |
|
Computer Forensics |
The application of the scientific method to digital media to establish factual information for judicial review |
|
Computer Sequence Checking |
Verifies that the control number follows sequentially and that any control numbers out of sequence are rejected or noted on an exception report for further research |
|
Computer-aided Software Engineering (CASE) |
The use of software packages that aid in the development of all phases of an information system |
|
Computer- assisted Audit Technique (CAAT) |
Any automated audit technique, such as generalized audit software (GAS), test data generators, computerized audit programs and specialized audit utilities |
|
Concurrency Control |
Refers to a class of controls used in a database management system (DBMS) to ensure that transactions are processed in an atomic, consistent, isolated and durable manner (ACID). This implies that only serial and recoverable schedules are permitted, and that committed transactions are not discarded when undoing aborted transactions. |
|
Configuration Management |
The control of changes to a set of configuration items over a system life cycle |
|
Console Log |
An automated detail report of computer system activity |
|
Contingency Planning |
Process of developing advance arrangements and procedures that enable an enterprise to respond to an event that could occur by chance or unforeseen circumstances. |
|
Continuity |
Preventing, mitigating and recovering from disruption |
|
Continuous Auditing Approach |
This approach allows IS auditors to monitor system reliability on a continuous basis and to gather selective audit evidence through the computer. |
|
Continuous Improvement |
The goals of continuous improvement (Kaizen) include the elimination of waste, defined as "activities that add cost, but do not add value;" just-in-time (JIT) delivery; production load leveling of amounts and types; standardized work; paced moving lines; and right-sized equipment |
|
Control Objective |
A statement of the desired result or purpose to be achieved by implementing control procedures in a particular process |
|
Control Practice |
Key control mechanism that supports the achievement of control objectives through responsible use of resources, appropriate management of risk and alignment of IT with business |
|
Control Risk |
The risk that a material error exists that would not be prevented or detected on a timely basis by the system of internal controls (See Inherent risk) |
|
Cookie |
A message kept in the web browser for the purpose of identifying users and possibly preparing customized web pages for them |
|
Corporate Governance |
The system by which enterprises are directed and controlled. The board of directors is responsible for the governance of their enterprise. It consists of the leadership and organizational structures and processes that ensure the enterprise sustains and extends strategies and objectives. |
|
Corrective Control |
Designed to correct errors, omissions and unauthorized uses and intrusions, once they are detected |
|
Coupling |
Measure of interconnectivity among structure of software programs. Coupling depends on the interface complexity between modules. This can be defined as the point at which entry or reference is made to a module, and what data pass across the interface. |
|
Critical Infrastructure |
Systems whose incapacity or destruction would have a debilitating effect on the economic security of an enterprise, community or nation. |
|
Critical Success Factor (CSF) |
The most important issue or action for management to achieve control over and within its IT processes |
|
Customer Relationship Management (CRM) |
A way to identify, acquire and retain customers. CRM is also an industry term for software solutions that help an enterprise manage customer relationships in an organized manner. |
|
Data Custodian |
The individual(s) and department(s) responsible for the storage and safeguarding of computerized data |
|
Data Dictionary |
A database that contains the name, type, range of values, source and authorization for access for each data element in a database. It also indicates which application programs use those data so that when a data structure is contemplated, a list of the affected programs can be generated |
|
Data Diddling |
Changing data with malicious intent before or during input into the system |
|
Data Encryption Standard (DES) |
An algorithm for encoding binary data |
|
Data Leakage |
Siphoning out or leaking information by dumping computer files or stealing computer reports and tapes |
|
Data Owner |
The individual(s), normally a manager or director, who has responsibility for the integrity, accurate reporting and use of computerized data |
|
Data Structure |
The relationships among files in a database and among data items within each file |
|
Database |
A stored collection of related data needed by enterprises and individuals to meet their information processing and retrieval requirements |
|
Database Administrator (DBA) |
An individual or department responsible for the security and information classification of the shared data stored on a database system
This responsibility includes the design, definition and maintenance of the database. |
|
Database Management System (DBMS) |
A software system that controls the organization, storage and retrieval of data in a database |
|
Database Replication |
The process of creating and managing duplicate versions of a database |
|
Data-oriented Systems Development |
Focuses on providing ad hoc reporting for users by developing a suitable accessible database of information and to provide useable data rather than a function |
|
Decentralization |
The process of distributing computer processing to different locations within an enterprise |
|
Decision Support Systems (DSS) |
An interactive system that provides the user with easy access to decision models and data, to support semi structured decision-making tasks |
|
Decryption |
A technique used to recover the original plaintext from the ciphertext so that it is intelligible to the reader
The decryption is a reverse process of the encryption. |
|
Degauss |
The application of variable levels of alternating current for the purpose of demagnetizing magnetic recording media |
|
Demodulation |
The process of converting an analog telecommunications signal into a digital computer signal |
|
Detection Risk |
The risk that the IS audit or assurance professional’s substantive procedures will not detect an error that could be material, individually or in combination with other errors |
|
Dial-back |
Used as a control over dial-up telecommunications lines. The telecommunications link established through dial-up into the computer from a remote location is interrupted so the computer can dial back to the caller. The link is permitted only if the caller is calling from a valid phone number or telecommunications channel. |
|
Dial-in Access Control |
Prevents unauthorized access from remote users who attempt to access a secured environment. Ranges from a dial-back control to remote user authentication |
|
Digital Certificate |
A piece of information, a digitized form of signature, that provides sender authenticity, message integrity and nonrepudiation. A digital signature is generated using the sender’s private key or applying a one-way hash function. |
|
Digital Signature |
A piece of information, a digitized form of signature, that provides sender authenticity, message integrity and nonrepudiation. A digital signature is generated using the sender’s private key or applying a one-way hash function. |
|
Disaster Recovery Plan (DRP) |
A set of human, physical, technical and procedural resources to recover, within a defined time and cost, an activity interrupted by an emergency or disaster |
|
Discovery Sampling |
A form of attribute sampling that is used to determine a specified probability of finding at least one example of an occurrence (attribute) in a population |
|
Distributed Data Processing Network |
A system of computers connected together by a communication network. Scope Note: Each computer processes its data and the network supports the system as a whole. Such a network enhances communication among the linked computers and allows access to shared files. |
|
Diverse Routing |
The method of routing traffic through split cable facilities or duplicate cable facilities. |
|
Domain Name System (DNS) Poisoning |
Corrupts the table of an Internet server's DNS, replacing an Internet address with the address of another vagrant or scoundrel address |
|
Downtime Report |
A report that identifies the elapsed time when a computer is not operating correctly because of machine failure |
|
Dry-pipe Fire Extinguisher System |
Refers to a sprinkler system that does not have water in the pipes during idle usage, unlike a fully charged fire extinguisher system that has water in the pipes at all times |
|
Duplex Routing |
The method or communication mode of routing data over the communication network |
|
Dynamic Host Configuration Protocol (DHCP) |
A protocol used by networked computers (clients) to obtain IP addresses and other parameters such as the default gateway, subnet mask and IP addresses of domain name system (DNS) servers from a DHCP server |
|
Echo Checks |
Detects line errors by retransmitting data back to the sending device for comparison with the original transmission |
|
E-commerce |
The processes by which enterprises conduct business electronically with their customers, suppliers and other external business partners, using the Internet as an enabling technology |
|
Edit Control |
Detects errors in the input portion of information that is sent to the computer for processing. May be manual or automated and allow the user to edit data errors before processing |
|
Editing |
Ensures that data conform to predetermined criteria and enable early identification of potential errors |
|
Electronic Data Interchange (EDI) |
The electronic transmission of transactions (information) between two enterprises. EDI promotes a more efficient paperless environment. EDI transmissions can replace the use of standard documents, including invoices or purchase orders. |
|
Electronic Funds Transfer (EFT) |
The exchange of money via telecommunications. EFT refers to any financial transaction that originates at a terminal and transfers a sum of money from one account to another |
|
Embedded Audit Module (EAM) |
Integral part of an application system that is designed to identify and report specific transactions or other information based on pre-determined criteria. Identification of reportable items occurs as part of real-time processing. Reporting may be real-time online or may use store and forward methods. Also known as integrated test facility or continuous auditing module. |
|
Encapsulation (Objects) |
The technique used by layered protocols in which a lower-layer protocol accepts a message from a higher-layer protocol and places it in the data portion of a frame in the lower layer |
|
Encryption |
The process of taking an unencrypted message (plaintext), applying a mathematical function to it (encryption algorithm with a key) and producing an encrypted message (ciphertext) |
|
Encryption Key |
A piece of information, in a digitized form, used by an encryption algorithm to convert the plaintext to the ciphertext |
|
End-user Computing |
The ability of end users to design and implement their own information system utilizing computer software products |
|
ERP (Enterprise Resource Planning) System |
A packaged business software system that allows an enterprise to automate and integrate the majority of its business processes, share common data and practices across the entire enterprise, and produce and access information in a real-time environment |
|
Escrow Agent |
A person, agency or enterprise that is authorized to act on behalf of another to create a legal relationship with a third party in regard to an escrow agreement; the custodian of an asset according to an escrow agreement |
|
Escrow Agreement |
A legal arrangement whereby an asset (often money, but sometimes other property such as art, a deed of title, web site, software source code or a cryptographic key) is delivered to a third party (called an escrow agent) to be held in trust or otherwise pending a contingency or the fulfillment of a condition or conditions in a contract |
|
Ethernet |
A popular network protocol and cabling scheme that uses a bus topology and carrier sense multiple access/collision detection (CSMA/CD) to prevent network failures or collisions when two devices try to access the network at the same time |
|
Evidence |
1. Information that proves or disproves a stated issue 2. Information that an auditor gathers in the course of performing an IS audit; relevant if it pertains to the audit objectives and has a logical relationship to the findings and conclusions it is used to support |
|
Exception Reports |
An exception report is generated by a program that identifies transactions or data that appear to be incorrect. |
|
Executable Code |
The machine language code that is generally referred to as the object or load module |
|
Expert System |
The most prevalent type of computer system that arises from the research of artificial intelligence |
|
Exposure |
The potential loss to an area due to the occurrence of an adverse event |
|
eXtensible Markup Language (XML) |
Promulgated through the World Wide Web Consortium, XML is a web-based application development technique that allows designers to create their own customized tags, thus, enabling the definition, transmission, validation and interpretation of data between applications and enterprises. |
|
Extranet |
A private network that resides on the Internet and allows a company to securely share business information with customers, suppliers or other businesses as well as to execute electronic transactions |
|
Fallback Procedures |
A plan of action or set of procedures to be performed if a system implementation, upgrade or modification does not work as intended |
|
False Authorization |
Also called false acceptance, occurs when an unauthorized person is identified as an authorized person by the biometric system |
|
False Enrollment |
Occurs when an unauthorized person manages to enroll into the biometric system |
|
Fault Tolerance |
A system’s level of resilience to seamlessly react to hardware and/or software failure |
|
Feasibility Study |
A phase of a system development life cycle (SDLC) methodology that researches the feasibility and adequacy of resources for the development or acquisition of a system solution to a user need |
|
Fiber-optic Cable |
Glass fibers that transmit binary signals over a telecommunications network |
|
File Allocation Table (FAT) |
A table used by the operating system to keep track of where every file is located on the disk |
|
File Layout |
Specifies the length of the file record and the sequence and size of its fields |
|
File Server |
A high-capacity disk storage device or a computer that stores data centrally for network users and manages access to those data |
|
Financial Audit |
An audit designed to determine the accuracy of financial records and information |
|
Firewall |
A system or combination of systems that enforces a boundary between two or more networks, typically forming a barrier between a secure and an open environment such as the Internet |
|
Firmware |
Memory chips with embedded program code that hold their content when power is turned off |
|
Foreign Key |
A value that represents a reference to a tuple (a row in a table) containing the matching candidate key value |
|
Format Checking |
The application of an edit, using a predefined field definition to a submitted information stream; a test to ensure that data conform to a predefined format |
|
Frame Relay |
A packet-switched wide-area-network (WAN) technology that provides faster performance than older packet-switched WAN technologies |
|
Function Point Analysis |
A technique used to determine the size of a development task, based on the number of function points |
|
General Computer Control |
A Control, other than an application control, that relates to the environment within which computer-based application systems are developed, maintained and operated, and that is therefore applicable to all applications... |
|
Generalized Audit Software (GAS) |
Multipurpose audit software that can be used for general processes, such as record selection, matching, recalculation and reporting |
|
Hacker |
An individual who attempts to gain unauthorized access to a computer system |
|
Handprint Scanner |
A biometric device that is used to authenticate a user through palm scans |
|
Hardware |
The physical components of a computer system
|
|
Hash Total |
The total of any numeric data field in a document or computer file. This total is checked against a control total of the same field to facilitate accuracy of processing. |
|
Help Desk |
A service offered via telephone/Internet by an enterprise to its clients or employees that provides information, assistance and troubleshooting advice regarding software, hardware or networks. |
|
Heuristic Filter |
A method often employed by antispam software to filter spam using criteria established in a centralized rule database |
|
Hexadecimal |
A numbering system that uses a base of 16 and uses 16 digits: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, A, B, C, D, E and F. Programmers use hexadecimal numbers as a convenient way of representing binary numbers. |
|
Hierarchical Database |
A database structured in a tree/root or parent/child relationship |
|
Hot Site |
A fully operational offsite data processing facility equipped with both hardware and system software to be used in the event of a disaster |
|
Hypertext Markup Language (HTML) |
A language designed for the creation of web pages with hypertext and other information to be displayed in a web browser; used to structure information--denoting certain text sure as headings, paragraphs, lists--and can be used to describe, to some degree, the appearance and semantics of a document |
|
Image Processing |
The process of electronically inputting source documents by taking an image of the document, thereby eliminating the need for key entry |
|
Impact Assessment |
A review of the possible consequences of a risk
|
|
Impersonation |
A security concept related to Windows NT that allows a server application to temporarily "be" the client in terms of access to secure objects |
|
Incident |
Any event that is not part of the standard operation of a service and that causes, or may cause, an interruption to, or a reduction in, the quality of that service |
|
Incident Response |
The response of an enterprise to a disaster or other significant event that may significantly affect the enterprise, its people, or its ability to function productively. An incident response may include evacuation of a facility, initiating a disaster recovery plan (DRP), performing damage assessment, and any other measures necessary to bring an enterprise to a more stable status. |
|
Incremental Testing |
Deliberately testing only the value-added functionality of a software component |
|
Independence |
1. Self-governance 2. The freedom from conditions that threaten objectivity or the appearance of objectivity. Such threats to objectivity must be managed at the individual auditor, engagement, functional and organizational levels. Independence includes Independence of mind and Independence in appearance. |
|
Indexed Sequential Access Method (ISAM) |
A disk access method that stores data sequentially while also maintaining an index of key fields to all the records in the file for direct access capability |
|
Indexed Sequential File |
A file format in which records are organized and can be accessed, according to a pre-established key that is part of the record |
|
Information Processing Facility (IPF) |
The computer room and support areas
|
|
Information Security |
Ensures that within the enterprise, information is protected against disclosure to unauthorized users (confidentiality), improper modification (integrity), and non-access when required (availability) |
|
Information Security Governance |
The set of responsibilities and practices exercised by the board and executive management with the goal of providing strategic direction, ensuring that objectives are achieved, ascertaining that risk is managed appropriately and verifying that the enterprise’s resources are used responsibly |
|
Information Systems (IS) |
The combination of strategic, managerial and operational activities involved in gathering, processing, storing, distributing and using information and its related technologies |
|
Inherent Risk |
The risk level or exposure without taking into account the actions that management has taken or might take (e.g., implementing controls) |
|
Inheritance (objects) |
Database structures that have a strict hierarchy (no multiple inheritance). Inheritance can initiate other objects irrespective of the class hierarchy, thus there is no strict hierarchy of objects |
|
Initial Program Load (IPL) |
The initialization procedure that causes an operating system to be loaded into storage at the beginning of a workday or after a system malfunction. |
|
Input Control |
Techniques and procedures used to verify, validate and edit data to ensure that only correct data are entered into the computer |
|
Instant Messaging (IM) |
An online mechanism or a form of real-time communication between two or more people based on typed text and multimedia data |
|
Integrated Services Digital Network (ISDN) |
A public end-to-end digital telecommunications network with signaling, switching and transport capabilities supporting a wide range of service accessed by standardized interfaces with integrated customer control |
|
Integrated Test Facilities (ITF) |
A testing methodology in which test data are processed in production systems |
|
Integrity |
The guarding against improper information modification or destruction, and includes ensuring information nonrepudiation and authenticity |
|
Interface Testing |
A testing technique that is used to evaluate output from one application while the information is sent as input to another application |
|
Internal Controls |
The policies, procedures, practices and organizational structures designed to provide reasonable assurance that business objectives will be achieved and undesired events will be prevented or detected and corrected |
|
Internet Protocol (IP) Packet Spoofing |
An attack using packets with the spoofed source Internet packet (IP) addresses. |
|
Irregularity |
Violation of an established management policy or regulatory requirement. It may consist of deliberate misstatements or omission of information concerning the area under audit or the enterprise as a whole, gross negligence or unintentional illegal acts. |
|
IT Governance Framework |
A model that integrates a set of guidelines, policies and methods that represent the organizational approach to IT governance |
|
IT Incident |
Any event that is not part of the ordinary operation of a service that causes, or may cause, an interruption to, or a reduction in, the quality of that service |
|
IT Infrastructure |
The set of hardware, software and facilities that integrates an enterprise's IT assets |
|
IT Steering Committee |
An executive-management-level committee that assists in the delivery of the IT strategy, oversees day-to-day management of IT service delivery and IT projects, and focuses on implementation aspects |
|
IT Strategic Plan |
A long-term plan (i.e., three- to five-year horizon) in which business and IT management cooperatively describe how IT resources will contribute to the enterprise’s strategic objectives (goals) |
|
IT Strategy Committee |
A committee at the level of the board of directors to ensure that the board is involved in major IT matters and decisions |
|
Judgment Sampling |
Any sample that is selected subjectively or in such a manner that the sample selection process is not random or the sampling results are not evaluated mathematically |
|
Key Goal Indicator (KGI) |
A measure that tells management, after the fact, whether an IT process has achieved its business requirements; usually expressed in terms of information criteria |
|
Key Management Practice |
Management practices that are required to successfully execute business processes |
|
Key Performance Indicator (KPI) |
A measure that determines how well the process is performing in enabling the goal to be reached |
|
Leased Line |
A communication line permanently assigned to connect two points, as opposed to a dial-up line that is only available and open when a connection is made by dialing the target machine or network |
|
Librarian |
The individual responsible for the safeguard and maintenance of all program and data files |
|
Licensing Agreement |
A contract that establishes the terms and conditions under which a piece of software is being licensed (i.e., made legally available for use) from the software developer (owner) to the user |
|
Life Cycle |
A series of stages that characterize the course of existence of an organizational investment (e.g., product, project, program) |
|
Limit Check |
Tests specified amount fields against stipulated high or low limits of acceptability |
|
Local Area Network (LAN) |
Communication network that serves several users within a specified geographic area |
|
Log |
To record details of information or events in an organized record-keeping system, usually sequenced in the order in which they occurred |
|
Logical Access Controls |
The policies, procedures, organizational structure and electronic access controls designed to restrict access to computer software and data files |
|
Magnetic Card Reader |
Reads cards with a magnetic surface on which data can be stored and retrieved |
|
Malware |
Short for malicious software. Designed to infiltrate, damage or obtain information from a computer system without the owner’s consent |
|
Management Information System (MIS) |
An organized assembly of resources and procedures required to collect, process and distribute data for use in decision making |
|
Mapping |
Diagramming data that are to be exchanged electronically, including how they are to be used and what business management systems need them. See also Application Tracing and Mapping. |
|
Masking |
A computerized technique of blocking out the display of sensitive information, such as passwords, on a computer terminal or report |
|
Master File |
A file of semi permanent information that is used frequently for processing data or for more than one purpose |
|
Materiality |
An auditing concept regarding the importance of an item of information with regard to its impact or effect on the functioning of the entity being audited. An expression of the relative significance or importance of a particular matter in the context of the enterprise as a whole |
|
Maturity |
In business, indicates the degree of reliability or dependency that the business can place on a process achieving the desired goals or objectives |
|
Maturity Model |
Scope Note: See Capability Maturity Model (CMM). |
|
Media Access Control (MAC) |
Applied to the hardware at the factory and cannot be modified, MAC is a unique, 48-bit, hard-coded address of a physical layer device, such as an Ethernet local area network (LAN) or a wireless network card |
|
Media Oxidation |
The deterioration of the media on which data are digitally stored due to exposure to oxygen and moisture |
|
Memory Dump |
The act of copying raw data from one place to another with little or no formatting for readability |
|
Message Switching |
A telecommunications methodology that controls traffic in which a complete message is sent to a concentration point and stored until the communications path is established |
|
Microwave Transmission |
A high-capacity line-of-sight transmission of data signals through the atmosphere which often requires relay stations |
|
Middleware |
Another term for an application programmer interface (API). It refers to the interfaces that allow programmers to access lower- or higher-level services by providing an intermediary layer that includes function calls to the services. |
|
Milestone |
A terminal element that marks the completion of a work package or phase |
|
Mission-critical Application |
An application that is vital to the operation of the enterprise. The term is very popular for describing the applications required to run the day-to-day business. |
|
Monetary Unit Sampling |
A sampling technique that estimates the amount of overstatement in an account balance |
|
Network |
A system of interconnected computers and the communication equipment used to connect them |
|
Network Administrator |
Responsible for planning, implementing and maintaining the telecommunications infrastructure; also may be responsible for voice networks |
|
Network Attached Storage (NAS) |
Utilizes dedicated storage devices that centralize storage of data |
|
Nondisclosure Agreement (NDA) |
A legal contract between at least two parties that outlines confidential materials that the parties wish to share with one another for certain purposes, but wish to restrict from generalized use; a contract through which the parties agree not to disclose information covered by the agreement |
|
Normalization |
The elimination of redundant data
|
|
Numeric Check |
An edit check designed to ensure that the data element in a particular field is numeric. |
|
Object Code |
Machine-readable instructions produced from a compiler or assembler program that has accepted and translated the source code |
|
Object Orientation |
An approach to system development in which the basic unit of attention is an object, which represents an encapsulation of both data (an object’s attributes) and functionality (an object’s methods) |
|
Objectivity |
The ability to exercise judgment, express opinions and present recommendations with impartiality |
|
Offsite Storage |
A facility located away from the building housing the primary information processing facility (IPF), used for storage of computer media such as offline backup data and storage files |
|
Online Data Processing |
Achieved by entering information into the computer via a video display terminal |
|
Open System |
System for which detailed specifications of the composition of its component are published in a nonproprietary environment, thereby enabling competing enterprises to use these standard components to build competitive systems |
|
Operating System (OS) |
A master control program that runs the computer and acts as a scheduler and traffic controller |
|
Operational Audit |
An audit designed to evaluate the various internal controls, economy and efficiency of a function or department |
|
Operational Control |
Deals with the everyday operation of a company or enterprise to ensure that all objectives are achieved |
|
Optical Scanner |
An input device that reads characters and images that are printed or painted on a paper form into the computer |
|
Outsourcing |
A formal agreement with a third party to perform IS or other business functions for an enterprise |
|
Packet Switching |
The process of transmitting messages in convenient pieces that can be reassembled at the destination |
|
Paper Test |
A walk-through of the steps of a regular test, but without actually performing the steps |
|
Parallel Testing |
The process of feeding test data into two systems, the modified system and an alternative system (possibly the original system), and comparing results to demonstrate the consistency and inconsistency between two versions of the application |
|
Parity Check |
A general hardware control that helps to detect data errors when data are read from memory or communicated from one computer to another |
|
Partitioned File |
A file format in which the file is divided into multiple sub files and a directory is established to locate each sub file |
|
Passive Assault |
Intruders attempt to learn some characteristic of the data being transmitted |
|
Password |
A protected, generally computer-encrypted string of characters that authenticate a computer user to the computer system |
|
Patch Management |
An area of systems management that involves acquiring, testing and installing multiple patches (code changes) to an administered computer system in order to maintain up-to-date software and often to address security risk |
|
Penetration Testing |
A live test of the effectiveness of security defenses through mimicking the actions of real-life attackers |
|
Performance Driver |
A measure that is considered the "driver" of a lag indicator. It can be measured before the outcome is clear and, therefore, is called a "lead indicator." |
|
Performance Testing |
Comparing the system’s performance to other equivalent systems, using well-defined benchmarks |
|
Peripherals |
Auxiliary computer hardware equipment used for input, output and data storage |
|
Personal Identification Number (PIN) |
A type of password (i.e., a secret number assigned to an individual) that, in conjunction with some means of identifying the individual, serves to verify the authenticity of the individual |
|
Phishing |
This is a type of electronic mail (e-mail) attack that attempts to convince a user that the originator is genuine, but with the intention of obtaining information for use in social engineering |
|
Plaintext |
Digital information, such as cleartext, that is intelligible to the reader |
|
Point-of-sale (POS) Systems |
Enables the capture of data at the time and place of transaction |
|
Policy |
1. Generally, a document that records a high-level principle or course of action that has been decided on. The intended purpose is to influence and guide both present and future decision making to be in line with the philosophy, objectives and strategic plans established by the enterprise’s management teams. 2. Overall intention and direction as formally expressed by management |
|
Portfolio |
A grouping of "objects of interest" (investment programs, IT services, IT projects, other IT assets or resources) managed and monitored to optimize business value |
|
Preventive Control |
An internal control that is used to avoid undesirable events, errors and other occurrences that an enterprise has determined could have a negative material effect on a process or end product |
|
Privacy |
The rights of an individual to trust that others will appropriately and respectfully use, store, share and dispose of his/her associated personal and sensitive information within the context, and according to the purposes, for which it was collected or derived |
|
Private Branch Exchange (PBX) |
A telephone exchange that is owned by a private business, as opposed to one owned by a common carrier or by a telephone company |
|
Private Key Cryptosystems |
Used in data encryption, it utilizes a secret key to encrypt the plaintext to the ciphertext. Private key cryptosystems also use the same key to decrypt the ciphertext to the corresponding plaintext. |
|
Problem Escalation Procedure |
The process of escalating a problem up from junior to senior support staff, and ultimately to higher levels of management |
|
Procedure |
A document containing a detailed description of the steps necessary to perform specific operations in conformance with applicable standards. Procedures are defined as part of processes. |
|
Process |
Generally, a collection of activities influenced by the enterprise’s policies and procedures that takes inputs from a number of sources, (including other processes), manipulates the inputs and produces outputs |
|
Production Program |
Program used to process live or actual data that were received as input into the production environment |
|
Production Software |
Software that is being used and executed to support normal and authorized organizational operations |
|
Professional Competence |
Proven level of ability, often linked to qualifications issued by relevant professional bodies and compliance with their codes of practice and standards |
|
Program Evaluation and Review Technique (PERT) |
A project management technique used in the planning and control of system projects |
|
Program Flowchart |
Shows the sequence of instructions in a single program or subroutine |
|
Program Narrative |
Provides a detailed explanation of program flowcharts, including control points and any external input |
|
Project |
A structured set of activities concerned with delivering a defined capability (that is necessary but not sufficient, to achieve a required business outcome) to the enterprise based on an agreed-on schedule and budget |
|
Project Portfolio |
The set of projects owned by a company |
|
Protocol |
The rules by which a network operates and controls the flow and priority of transmissions |
|
Protocol Converter |
Hardware devices, such as asynchronous and synchronous transmissions, that convert between two different types of transmission |
|
Prototyping |
The process of quickly putting together a working model (a prototype) in order to test various aspects of a design, illustrate ideas or features and gather early user feedback |
|
Proxy Server |
A server that acts on behalf of a user |
|
Public Key Cryptosystem |
Used in data encryption, it uses an encryption key, as a public key, to encrypt the plaintext to the ciphertext. It uses the different decryption key, as a secret key, to decrypt the ciphertext to the corresponding plaintext. |
|
Public Key Encryption |
A cryptographic system that uses two keys: one is a public key, which is known to everyone, and the second is a private or secret key, which is only known to the recipient of the message. See also Asymmetric Key. |
|
Public Key Infrastructure (PKI) |
A series of processes and technologies for the association of cryptographic keys with the entity to whom those keys were issued |
|
Quality Assurance (QA) |
A planned and systematic pattern of all actions necessary to provide adequate confidence that an item or product conforms to established technical requirements. (ISO/IEC 24765) |
|
Radio Wave Interference |
The superposition of two or more radio waves resulting in a different radio wave pattern that is more difficult to intercept and decode properly |
|
Random Access Memory (RAM) |
The computer's primary working memory
|
|
Range Check |
Range checks ensure that data fall within a predetermined range |
|
Rapid Application Development |
A methodology that enables enterprises to develop strategically important systems faster, while reducing development costs and maintaining quality by using a series of proven application development techniques, within a well-defined methodology |
|
Real-time Processing |
An interactive online system capability that immediately updates computer files when transactions are initiated through a terminal |
|
Reasonable Assurance |
A level of comfort short of a guarantee, but considered adequate given the costs of the control and the likely benefits achieved |
|
Reasonableness Check |
Compares data to predefined reasonability limits or occurrence rates established for the data |
|
Reciprocal Agreement |
Emergency processing agreement between two or more enterprises with similar equipment or applications |
|
Recovery Point Objective (RPO) |
Determined based on the acceptable data loss in case of a disruption of operations. It indicates the earliest point in time that is acceptable to recover the data. The RPO effectively quantifies the permissible amount of data loss in case of interruption. |
|
Recovery Strategy |
An approach by an enterprise that will ensure its recovery and continuity in the face of a disaster or other major outage |
|
Recovery Time Objective (RTO) |
The amount of time allowed for the recovery of a business function or resource after a disaster occurs |
|
Redundancy Check |
Detects transmission errors by appending calculated bits onto the end of each segment of data |
|
Redundant Array of Inexpensive Disks (RAID) |
Provides performance improvements and fault-tolerant capabilities via hardware or software solutions, by writing to a series of multiple disks to improve performance and/or save large files simultaneously |
|
Reengineering |
A process involving the extraction of components from existing systems and restructuring these components to develop new systems or to enhance the efficiency of existing systems |
|
Registration Authority (RA) |
The individual institution that validates an entity's proof of identity and ownership of a key pair |
|
Regression Testing |
A testing technique used to retest earlier program abends or logical errors that occurred during the initial testing phase |
|
Remote Procedure Call (RPC) |
The traditional Internet service protocol widely used for many years on UNIX-based operating systems and supported by the Internet Engineering Task Force (IETF) that allows a program on one computer to execute a program on another (e.g., server) |
|
Repository |
An enterprise database that stores and organizes data |
|
Request for Proposal (RFP) |
A document distributed to software vendors requesting them to submit a proposal to develop or provide a software product |
|
Requirements Definition |
A technique used in which the affected user groups define the requirements of the system for meeting the defined needs |
|
Resilience |
The ability of a system or network to resist failure or to recover quickly from any disruption, usually with minimal recognizable effect |
|
Return on Investment (ROI) |
A measure of operating performance and efficiency, computed in its simplest form by dividing net income by the total investment over the period being considered |
|
Reverse Engineering |
A software engineering technique whereby an existing application system code can be redesigned and coded using computer-aided software engineering (CASE) technology |
|
Ring Configuration |
Used in either token ring or fiber distributed data interface (FDDI) networks, all stations (nodes) are connected to a multi-station access unit (MSAU), that physically resembles a star-type topology. |
|
Ring Topology |
A type of local area network (LAN) architecture in which the cable forms a loop, with stations attached at intervals around the loop |
|
Risk |
The combination of the probability of an event and its consequence. (ISO/IEC 73) |
|
Risk Analysis |
1. A process by which frequency and magnitude of IT risk scenarios are estimated. 2. The initial steps of risk management: analyzing the value of assets to the business, identifying threats to those assets and evaluating how vulnerable each asset is to those threats |
|
Risk Assessment |
A process used to identify and evaluate risk and its potential effects Risk assessments are also used to manage the project delivery and project benefit risk. |
|
Risk Management |
1. The coordinated activities to direct and control an enterprise with regard to risk. 2. One of the governance objectives. Entails recognizing risk; assessing the impact and likelihood of that risk; and developing strategies, such as avoiding the risk, reducing the negative effect of the risk and/or transferring the risk, to manage it within the context of the enterprise’s risk appetite. |
|
Risk Mitigation |
The management of risk through the use of countermeasures and controls |
|
Risk Transfer |
The process of assigning risk to another enterprise, usually through the purchase of an insurance policy or by outsourcing the service |
|
Risk Treatment |
The process of selection and implementation of measures to modify risk (ISO/IEC Guide 73:2002) |
|
Router |
A networking device that can send (route) data packets from one local area network (LAN) or wide area network (WAN) to another, based on addressing at the network layer (Layer 3) in the open systems interconnection (OSI) model |
|
Run-to-run Totals |
Provide evidence that a program processes all input data and that it processed the data correctly |
|
Salami Technique |
A method of computer fraud involving a computer code that instructs the computer to slice off small amounts of money from an authorized computer transaction and reroute this amount to the perpetrator’s account |
|
Scheduling |
A method used in the information processing facility (IPF) to determine and establish the sequence of computer job processing |
|
Scope Creep |
Also called requirement creep, this refers to uncontrolled changes in a project’s scope |
|
Screening Routers |
A router configured to permit or deny traffic based on a set of permission rules installed by the administrator |
|
Secure Sockets Layer (SSL) |
A protocol that is used to transmit private documents through the Internet |
|
Security Administrator |
The person responsible for implementing, monitoring and enforcing security rules established and authorized by management |
|
Security Awareness |
The extent to which every member of an enterprise and every other individual who potentially has access to the enterprise's information understands: -Security and the levels of security appropriate to the enterprise -The importance of security and consequences of a lack of security -Their individual responsibilities regarding security (and act accordingly) |
|
Security Incident |
A series of unexpected events that involves an attack or series of attacks (compromise and/or breach of security) at one or more sites. A security incident normally includes an estimation of its level of impact. A limited number of impact levels are defined and, for each, the specific actions required and the people who need to be notified are identified. |
|
Security Policy |
A high-level document representing an enterprise’s information security philosophy and commitment |
|
Security Procedures |
The formal documentation of operational steps and processes that specify how security goals and objectives set forward in the security policy and standards are to be achieved |
|
Segregation/Separation of Duties (SoD) |
A basic internal control that prevents or detects errors and irregularities by assigning to separate individuals the responsibility for initiating and recording transactions and for the custody of assets |
|
Sequence Check |
Verification that the control number follows sequentially and any control numbers out of sequence are rejected or noted on an exception report for further research |
|
Sequential File |
A computer file storage format in which one record follows another |
|
Service Bureau |
A computer facility that provides data processing services to clients on a continual basis |
|
Service Level Agreement (SLA) |
An agreement, preferably documented, between a service provider and the customer(s)/user(s) that defines minimum performance targets for a service and how they will be measured |
|
Servlet |
A Java applet or a small program that runs within a web server environment |
|
Smart Card |
A small electronic device that contains electronic memory, and possibly an embedded integrated circuit |
|
Software |
Programs and supporting documentation that enable and facilitate use of the computer |
|
Source Code |
The language in which a program is written |
|
SPOOL (Simultaneous Peripheral Operations Online) |
An automated function that can be based on an operating system or application in which electronic data being transmitted between storage areas are spooled or stored until the receiving device or storage area is prepared and able to receive the information |
|
Spyware |
Software whose purpose is to monitor a computer user’s actions (e.g., web sites visited) and report these actions to a third party, without the informed consent of that machine’s owner or legitimate user |
|
Standard |
A mandatory requirement, code of practice or specification approved by a recognized external standards organization, such as International Organization for Standardization (ISO) |
|
Star Topology |
A type of local area network (LAN) architecture that utilizes a central controller to which all nodes are directly connected |
|
Statistical Sampling |
A method of selecting a portion of a population, by means of mathematical calculations and probabilities, for the purpose of making scientifically and mathematically sound inferences regarding the characteristics of the entire population |
|
Storage Area Networks (SANs) |
A variation of a local area network (LAN) that is dedicated for the express purpose of connecting storage devices to servers and other computing devices |
|
Structured Programming |
A top-down technique of designing programs and systems that makes programs more readable, more reliable and more easily maintained |
|
Structured Query Language (SQL) |
The primary language used by both application programmers and end users in accessing relational databases |
|
Substantive Testing |
Obtaining audit evidence on the completeness, accuracy or existence of activities or transactions during the audit period |
|
Supply Chain Management (SCM) |
A concept that allows an enterprise to more effectively and efficiently manage the activities of design, manufacturing, distribution, service and recycling of products and service its customers |
|
Surge Suppressor |
Filters out electrical surges and spikes |
|
Suspense File |
A computer file used to maintain information (transactions, payments or other events) until the proper disposition of that information can be determined |
|
Switches |
Typically associated as a data link layer device, switches enable local area network (LAN) segments to be created and interconnected, which has the added benefit of reducing collision domains in Ethernet-based networks. |
|
Synchronous Transmission |
Block-at-a-time data transmission |
|
System Development Life Cycle (SDLC) |
The phases deployed in the development or acquisition of a software system |
|
System Exit |
Special system software features and utilities that allow the user to perform complex system maintenance |
|
System Flowchart |
Graphic representations of the sequence of operations in an information system or program |
|
Table Look-up |
Used to ensure that input data agree with predetermined criteria stored in a table |
|
Tape Management System (TMS) |
A system software tool that logs, monitors and directs computer tape usage |
|
Test Data |
Simulated transactions that can be used to test processing logic, computations and controls actually programmed in computer applications. Individual programs or an entire system can be tested. |
|
Test Generators |
Software used to create data to be used in the testing of computer programs |
|
Test Programs |
Programs that are tested and evaluated before approval into the production environment |
|
Third-party Review |
An independent audit of the control structure of a service organization, such as a service bureau, with the objective of providing assurance to the users of the service organization that the internal control structure is adequate, effective and sound |
|
Threat |
Anything (e.g., object, substance, human) that is capable of acting against an asset in a manner that can result in harm |
|
Throughput |
The quantity of useful work made by the system per unit of time. Throughput can be measured in instructions per second or some other unit of performance. When referring to a data transfer operation, throughput measures the useful data transfer rate and is expressed in kbps, Mbps and Gbps. |
|
Token |
A device that is used to authenticate a user, typically in addition to a username and password |
|
Token Ring Topology |
A type of local area network (LAN) ring topology in which a frame containing a specific format, called the token, is passed from one station to the next around the ring |
|
Topology |
The physical layout of how computers are linked together |
|
Transaction Log |
A manual or automated log of all updates to data files and databases |
|
Transmission Control Protocol/Internet Protocol (TCP/IP) |
Provides the basis for the Internet; a set of communication protocols that encompass media access, packet transport, session communication, file transfer, electronic mail (e-mail), terminal emulation, remote file access and network management |
|
Trap Door |
Unauthorized electronic exit, or doorway, out of an authorized computer program into a set of malicious instructions or programs |
|
Trojan Horse |
Purposefully hidden malicious or damaging code within an authorized computer program |
|
Tunneling |
Commonly used to bridge between incompatible hosts/routers or to provide encryption, a method by which one network protocol encapsulates another protocol within itself |
|
Twisted Pair |
A low-capacity transmission medium; a pair of small, insulated wires that are twisted around each other to minimize interference from other wires in the cable |
|
Unit Testing |
A testing technique that is used to test program logic within a particular program or module |
|
Universal Serial BUS (USB) |
An external bus standard that provides capabilities to transfer data at a rate of 12 Mbps |
|
User Awareness |
A training process in security-specific issues to reduce security problems; users are often the weakest link in the security chain. |
|
Utility Programs |
Specialized system software used to perform particular computerized functions and routines that are frequently required during normal processing |
|
Utility Script |
A sequence of commands input into a single file to automate a repetitive and specific task |
|
Vaccine |
A program designed to detect computer viruses |
|
Validity Check |
Programmed checking of data validity in accordance with predetermined criteria |
|
Value-Added Network (VAN) |
A data communication network that adds processing services such as error correction, data translation and/or storage to the basic function of transporting data |
|
Variable Sampling |
A sampling technique used to estimate the average or total value of a population based on a sample; a statistical model used to project a quantitative characteristic, such as a monetary amount |
|
Verification |
Checks that data are entered correctly |
|
Virus |
A program with the ability to reproduce by modifying other programs to include a copy of itself |
|
Voice-over Internet Protocol (VoIP) |
Also called IP Telephony, Internet Telephony and Broadband Phone, a technology that makes it possible to have a voice conversation over the Internet or over any dedicated Internet Protocol (IP) network instead of over dedicated voice transmission lines |
|
Vulnerability |
A weakness in the design, implementation, operation or internal control of a process that could expose the system to adverse threats from threat events |
|
Vulnerability Analysis |
A process of identifying and classifying vulnerabilities |
|
Warm Site |
Similar to a hot site but not fully equipped with all of the necessary hardware needed for recovery |
|
Waterfall Development |
Also known as traditional development, a procedure-focused development cycle with formal sign-off at the completion of each level |
|
Web Services Description Language (WSDL) |
A language formatted with extensible markup language (XML) |
|
White Box Testing |
A testing approach that uses knowledge of a program/module’s underlying implementation and code intervals to verify its expected behavior |
|
Wide Area Network (WAN) |
A computer network connecting different remote locations that may range from short distances, such as a floor or building, to extremely long transmissions that encompass a large region or several countries |
|
Wide Area Network (WAN) Switch |
A data link layer device used for implementing various WAN technologies such as asynchronous transfer mode, point-to-point frame relay solutions, and integrated services digital network (ISDN). |
|
Wi-Fi Protected Access (WPA) |
A class of systems used to secure wireless (Wi-Fi) computer networks |
|
Wired Equivalent Privacy (WEP) |
A scheme that is part of the IEEE 802.11 wireless networking standard to secure IEEE 802.11 wireless networks (also known as Wi-Fi networks) |
|
Wiretapping |
The practice of eavesdropping on information being transmitted over telecommunications links |
|
X.25 Interface |
An interface between data terminal equipment (DTE) and data circuit-terminating equipment (DCE) for terminals operating in the packet mode on some public data networks |
|
Room Rocking Air Biscuit
|
An extremely raucous expulsion of gas from ones anus causing intense vibration of the sphincter muscles similar to that of the reed of a wood wind instrument during play. Scope Note: See Sphincter Shout |
|
Sphincter Shout |
An extremely raucous expulsion of gas from ones anus causing intense vibration of the sphincter muscles similar to that of the reed of a wood wind instrument during play.
Scope Note: See Room Rocking Air Biscuit |