Panfish Armadillo

Front 1

Acceptable Use Policy

Back 1

A policy that establishes an agreement between

users and the enterprise and defines for all

parties' the ranges of use that are approved

before gaining access to a network or the

Internet

Front 2

Access Control

Back 2

The processes, rules and deployment

mechanisms that control access to information

systems, resources and physical access to

premises

Front 3

Access Control List (ACL)

Back 3

An internal computerized table of access rules

regarding the levels of computer access

permitted to logon IDs and computer terminals

Front 4

Access Path

Back 4

The logical route that an end user takes to

access computerized information

Front 5

Access Rights

Back 5

The permission or privileges granted to users,

programs or workstations to create, change,

delete or view data and files within a system, as

defined by rules established by data owners

and the information security policy

Front 6

Adware

Back 6

A software package that automatically plays,

displays or downloads advertising material to a

computer after the software is installed on it or

while the application is being used

Front 7

Alternative Routing

Back 7

A service that allows the option of having an

alternate route to complete a call when the

marked destination is not available

Front 8

Antivirus

Software

Back 8

An application software deployed at multiple

points in an IT architecture

Front 9

Application

Back 9

A computer program or set of programs that performs the processing of records for a specific function

Front 10

Application Controls

Back 10

The policies, procedures and activities designed

to provide reasonable assurance that objectives

relevant to a given automated solution

(application) are achieved

Front 11

Application

Programming

Interface (API)

Back 11

A set of routines, protocols and tools referred

to as "building blocks" used in business

application software development

Front 12

Application Software

Tracing and Mapping

Back 12

Specialized tools that can be used to analyze

the flow of data through the processing logic

of the application software and document the

logic, paths, control conditions and processing

sequences

Front 13

Asymmetric Key (Public Key)

Back 13

A cipher technique in which different

cryptographic keys are used to encrypt and

decrypt a message

Front 14

Attribute Sampling

Back 14

Method to select a portion of a population

based on the presence or absence of a certain

characteristic

Front 15

Audit

Evidence

Back 15

The information used to support the audit opinion

Front 16

Audit

Objective

Back 16

The specific goal(s) of an audit

Front 17

Audit Plan

Back 17

1. A plan containing the nature, timing and

extent of audit procedures to be performed

by engagement team members in order to

obtain sufficient appropriate audit evidence

to form an opinion

2. A high-level description of the audit work

to be performed in a certain period of time

Front 18

Audit

Program

Back 18

A step-by-step set of audit procedures and

instructions that should be performed to

complete an audit

Front 19

Audit Risk

Back 19

The risk of reaching an incorrect conclusion

based upon audit findings

Scope Note: The three components of audit

risk are: Control risk, Detection risk, and

Inherent risk

Front 20

Audit Trail

Back 20

A visible trail of evidence enabling one to trace

information contained in statements or reports

back to the original input source

Front 21

Authentication

Back 21

1. The act of verifying identity (i.e.,user, system)

2. The act of verifying the identity of a user and

the user’s eligibility to access computerized

information

Front 22

Backbone

Back 22

The main communication channel of a digital network. The part of a network that handles the major traffic

Front 23

Backup

Back 23

Files, equipment, data and procedures

available for use in the event of a failure or

loss, if the originals are destroyed or out of

service

Front 24

Balanced

Scorecard (BSC)

Back 24

Developed by Robert S. Kaplan and David P.

Norton as a coherent set of performance

measures organized into four categories that

includes traditional financial measures, but

adds customer, internal business process, and

learning and growth perspectives

Front 25

Bandwidth

Back 25

The range between the highest and lowest

transmittable frequencies. It equates to the

transmission capacity of an electronic line

and is expressed in bytes per second or Hertz

(cycles per second).

Front 26

Batch Control

Back 26

Correctness checks built into data processing

systems and applied to batches of input data,

particularly in the data preparation stage

Front 27

Batch

Processing

Back 27

The processing of a group of transactions at the same time

Front 28

Baud Rate

Back 28

The rate of transmission for

telecommunications data, expressed in bits per

second (bps)

Front 29

Benchmarking

Back 29

A systematic approach to comparing enterprise

performance against peers and competitors

in an effort to learn the best ways of

conducting business

Front 30

Biometrics

Back 30

A security technique that verifies an individual’s

identity by analyzing a unique physical

attribute, such as a handprint

Front 31

Black Box Testing

Back 31

A testing approach that focuses on the

functionality of the application or product and

does not require knowledge of the code intervals

Front 32

Broadband

Back 32

Multiple channels are formed by dividing the

transmission medium into discrete frequency

segments.

Front 33

Brouter

Back 33

Device that performs the functions of both a bridge and a router

Front 34

Buffer

Back 34

Memory reserved to temporarily hold data to

offset differences between the operating

speeds of different devices, such as a printer

and a computer

Front 35

Bus

Configuration

Back 35

All devices (nodes) are linked along one communication line where transmissions are received by all attached nodes.

Front 36

Business Case

Back 36

Documentation of the rationale for making a

business investment, used both to support a

business decision on whether to proceed with

the investment and as an operational tool to

support management of the investment

through its full economic life cycle

Front 37

Business

Continuity Plan (BCP)

Back 37

A plan used by an enterprise to respond to

disruption of critical business processes.

Depends on the contingency plan for

restoration of critical systems

Front 38

Business Impact Analysis (BIA)

Back 38

A process to determine the impact of losing

the support of any resource

Front 39

Business

Process

Reengineering (BPR)

Back 39

The thorough analysis and significant redesign

of business processes and management

systems to establish a better performing

structure, more responsive to the customer

base and market conditions, while yielding

material cost savings

Front 40

Capability

Maturity Model(CMM)

Back 40

1. Contains the essential elements of effective

processes for one or more disciplines

2. CMM for software, from the Software

Engineering Institute (SEI), is a model used by

many enterprises to identify best practices

useful in helping them assess and increase

the maturity of their software development

processes

Front 41

Capacity Stress Testing

Back 41

Testing an application with large quantities of

data to evaluate its performance during peak

periods. Also called volume testing

Front 42

Card Swipe

Back 42

A physical control technique that uses a

secured card or ID to gain access to a highly

sensitive location.

Front 43

Certificate

(Certification)

Authority

(CA)

Back 43

A trusted third party that serves authentication

infrastructures or enterprises and registers

entities and issues them certificates

Front 44

Certificate

Revocation List (CRL)

Back 44

An instrument for checking the continued

validity of the certificates for which the

certification authority (CA) has responsibility

Front 45

Certification Practice

Statement (CPS)

Back 45

A detailed set of rules governing the certificate

authority's operations. It provides an

understanding of the value and trustworthiness

of certificates issued by a given certificate

authority (CA).

Front 46

Chain of Custody

Back 46

A legal principle regarding the validity and

integrity of evidence. It requires accountability

for anything that will be used as evidence in a

legal proceeding to ensure that it can be

accounted for from the time it was collected

until the time it is presented in a court of law.

Front 47

Challenge/Response Token

Back 47

A method of user authentication that is carried

out through use of the Challenge Handshake

Authentication Protocol (CHAP)

Front 48

Change

Management

Back 48

A holistic and proactive approach to managing

the transition from a current to a desired

organizational state, focusing specifically on

the critical human or "soft" elements of

change

Front 49

Check Digit

Back 49

A numeric value, which has been calculated

mathematically, is added to data to ensure that

original data have not been altered or that an

incorrect, but valid match has occurred.

Front 50

Checkpoint Restart

Procedures

Back 50

A point in a routine at which sufficient

information can be stored to permit restarting

the computation from that point

Front 51

Checksum

Back 51

A mathematical value that is assigned to a file

and used to "test" the file at a later date to

verify that the data contained in the file has

not been maliciously changed

Front 52

Circuit-Switched Network

Back 52

A data transmission service requiring the

establishment of a circuit-switched connection

before data can be transferred from source

data terminal equipment (DTE) to a sink DTE

Front 53

Circular Routing

Back 53

In open systems architecture, circular routing

is the logical path of a message in a

communication network based on a series of

gates at the physical network layer in the

open systems interconnection (OSI) model.

Front 54

Client-Server

Back 54

A group of computers connected by a

communication network, in which the client

is the requesting machine and the server is

the supplying machine

Front 55

Cloud

Computing

Back 55

Convenient, on-demand network access to a

shared pool of resources that can be rapidly

provisioned and released with minimal

management effort or service provider

interaction

Front 56

Cluster

Controller

Back 56

A communication terminal control hardware unit that controls a number of computer terminals

Front 57

Coaxial Cable

Back 57

Composed of an insulated wire that runs

through the middle of each cable, a second

wire that surrounds the insulation of the inner

wire like a sheath, and the outer insulation

which wraps the second wire

Front 58

Cohesion

Back 58

The extent to which a system unit--subroutine,

program, module, component, subsystem--

performs a single dedicated function.

Front 59

Cold Site

Back 59

An IS backup facility that has the necessary

electrical and physical components of a

computer facility, but does not have the

computer equipment in place

Front 60

Compensating Control

Back 60

An internal control that reduces the risk of an

existing or potential control weakness resulting

in errors and omissions

Front 61

Completely

Connected (Mesh)

Configuration

Back 61

A network topology in which devices are

connected with many redundant

interconnections between network nodes

(primarily used for backbone networks)

Front 62

Completeness Check

Back 62

A procedure designed to ensure that no fields

are missing from a record

Front 63

Compliance Testing

Back 63

Tests of control designed to obtain audit

evidence on both the effectiveness of the

controls and their operation during the audit

period

Front 64

Comprehensive Audit

Back 64

An audit designed to determine the accuracy

of financial records as well as to evaluate the

internal controls of a function or department

Front 65

Computer

Emergency

Response Team (CERT)

Back 65

A group of people integrated at the enterprise

with clear lines of reporting and responsibilities

for standby support in case of an information

systems emergency

Front 66

Computer

Forensics

Back 66

The application of the scientific method to digital

media to establish factual information for

judicial review

Front 67

Computer

Sequence

Checking

Back 67

Verifies that the control number follows

sequentially and that any control numbers out

of sequence are rejected or noted on an

exception report for further research

Front 68

Computer-aided Software

Engineering

(CASE)

Back 68

The use of software packages that aid in the

development of all phases of an information

system

Front 69

Computer-

assisted

Audit

Technique (CAAT)

Back 69

Any automated audit technique, such as

generalized audit software (GAS), test data

generators, computerized audit programs

and specialized audit utilities

Front 70

Concurrency Control

Back 70

Refers to a class of controls used in a database

management system (DBMS) to ensure that

transactions are processed in an atomic,

consistent, isolated and durable manner (ACID).

This implies that only serial and recoverable

schedules are permitted, and that committed

transactions are not discarded when undoing

aborted transactions.

Front 71

Configuration Management

Back 71

The control of changes to a set of configuration

items over a system life cycle

Front 72

Console Log

Back 72

An automated detail report of computer system activity

Front 73

Contingency Planning

Back 73

Process of developing advance arrangements

and procedures that enable an enterprise to

respond to an event that could occur by

chance or unforeseen circumstances.

Front 74

Continuity

Back 74

Preventing, mitigating and recovering from disruption

Front 75

Continuous

Auditing

Approach

Back 75

This approach allows IS auditors to monitor

system reliability on a continuous basis and to

gather selective audit evidence through the

computer.

Front 76

Continuous

Improvement

Back 76

The goals of continuous improvement (Kaizen)

include the elimination of waste, defined as

"activities that add cost, but do not add value;"

just-in-time (JIT) delivery; production load

leveling of amounts and types; standardized

work; paced moving lines; and right-sized

equipment

Front 77

Control

Objective

Back 77

A statement of the desired result or purpose to

be achieved by implementing control

procedures in a particular process

Front 78

Control Practice

Back 78

Key control mechanism that supports the

achievement of control objectives through

responsible use of resources, appropriate

management of risk and alignment of IT with

business

Front 79

Control Risk

Back 79

The risk that a material error exists that would

not be prevented or detected on a timely basis

by the system of internal controls

(See Inherent risk)

Front 80

Cookie

Back 80

A message kept in the web browser for the

purpose of identifying users and possibly

preparing customized web pages for them

Front 81

Corporate

Governance

Back 81

The system by which enterprises are directed

and controlled. The board of directors is

responsible for the governance of their

enterprise. It consists of the leadership and

organizational structures and processes that

ensure the enterprise sustains and extends

strategies and objectives.

Front 82

Corrective Control

Back 82

Designed to correct errors, omissions and

unauthorized uses and intrusions, once they

are detected

Front 83

Coupling

Back 83

Measure of interconnectivity among structure

of software programs.

Coupling depends on the interface complexity

between modules. This can be defined as the

point at which entry or reference is made to a

module, and what data pass across the

interface.

Front 84

Critical

Infrastructure

Back 84

Systems whose incapacity or destruction would

have a debilitating effect on the economic

security of an enterprise, community or nation.

Front 85

Critical Success

Factor (CSF)

Back 85

The most important issue or action for

management to achieve control over and within

its IT processes

Front 86

Customer

Relationship Management (CRM)

Back 86

A way to identify, acquire and retain customers.

CRM is also an industry term for software

solutions that help an enterprise manage

customer relationships in an organized manner.

Front 87

Data

Custodian

Back 87

The individual(s) and department(s) responsible

for the storage and safeguarding of

computerized data

Front 88

Data

Dictionary

Back 88

A database that contains the name, type, range

of values, source and authorization for access

for each data element in a database.

It also indicates which application programs use

those data so that when a data structure is

contemplated, a list of the affected programs

can be generated

Front 89

Data

Diddling

Back 89

Changing data with malicious intent before or

during input into the system

Front 90

Data Encryption Standard (DES)

Back 90

An algorithm for encoding

binary data

Front 91

Data Leakage

Back 91

Siphoning out or leaking information by

dumping computer files or stealing computer

reports and tapes

Front 92

Data Owner

Back 92

The individual(s), normally a manager or director,

who has responsibility for the integrity, accurate

reporting and use of computerized data

Front 93

Data

Structure

Back 93

The relationships among files in a database and

among data items within each file

Front 94

Database

Back 94

A stored collection of related data needed by

enterprises and individuals to meet their

information processing and retrieval

requirements

Front 95

Database

Administrator (DBA)

Back 95

An individual or department responsible for

the security and information classification of

the shared data stored on a database system

This responsibility includes the design, definition

and maintenance of the database.

Front 96

Database

Management

System (DBMS)

Back 96

A software system that controls the organization,

storage and retrieval of data in a database

Front 97

Database

Replication

Back 97

The process of creating and managing duplicate

versions of a database

Front 98

Data-oriented Systems

Development

Back 98

Focuses on providing ad hoc reporting for users

by developing a suitable accessible database of

information and to provide useable data rather

than a function

Front 99

Decentralization

Back 99

The process of distributing computer processing

to different locations within an enterprise

Front 100

Decision Support Systems (DSS)

Back 100

An interactive system that provides the user

with easy access to decision models and data,

to support semi structured decision-making

tasks

Front 101

Decryption

Back 101

A technique used to recover the original plaintext from the ciphertext so that it is intelligible to the reader

The decryption is a reverse process of the encryption.

Front 102

Degauss

Back 102

The application of variable levels of alternating

current for the purpose of demagnetizing

magnetic recording media

Front 103

Demodulation

Back 103

The process of converting an analog

telecommunications signal into a digital

computer signal

Front 104

Detection Risk

Back 104

The risk that the IS audit or assurance

professional’s substantive procedures will not

detect an error that could be material,

individually or in combination with other errors

Front 105

Dial-back

Back 105

Used as a control over dial-up

telecommunications lines. The

telecommunications link established through

dial-up into the computer from a remote

location is interrupted so the computer can dial back to the caller. The link is permitted only if the caller is calling from a valid phone number or telecommunications channel.

Front 106

Dial-in Access Control

Back 106

Prevents unauthorized access from remote

users who attempt to access a secured

environment.

Ranges from a dial-back control to remote user

authentication

Front 107

Digital

Certificate

Back 107

A piece of information, a digitized form of

signature, that provides sender authenticity,

message integrity and nonrepudiation. A digital

signature is generated using the sender’s

private key or applying a one-way hash

function.

Front 108

Digital

Signature

Back 108

A piece of information, a digitized form of

signature, that provides sender authenticity,

message integrity and nonrepudiation.

A digital signature is generated using the

sender’s private key or applying a one-way hash

function.

Front 109

Disaster

Recovery Plan (DRP)

Back 109

A set of human, physical, technical and

procedural resources to recover, within a

defined time and cost, an activity interrupted

by an emergency or disaster

Front 110

Discovery Sampling

Back 110

A form of attribute sampling that is used to

determine a specified probability of finding at

least one example of an occurrence (attribute)

in a population

Front 111

Distributed Data

Processing Network

Back 111

A system of computers connected together by

a communication network.

Scope Note: Each computer processes its data

and the network supports the system as a

whole. Such a network enhances communication

among the linked computers and allows access

to shared files.

Front 112

Diverse Routing

Back 112

The method of routing traffic through split

cable facilities or duplicate cable facilities.

Front 113

Domain Name System (DNS) Poisoning

Back 113

Corrupts the table of an Internet server's DNS,

replacing an Internet address with the address

of another vagrant or scoundrel address

Front 114

Downtime Report

Back 114

A report that identifies the elapsed time when a

computer is not operating correctly because of

machine failure

Front 115

Dry-pipe Fire

Extinguisher

System

Back 115

Refers to a sprinkler system that does not have

water in the pipes during idle usage, unlike a

fully charged fire extinguisher system that has

water in the pipes at all times

Front 116

Duplex Routing

Back 116

The method or communication mode of routing

data over the communication network

Front 117

Dynamic Host Configuration Protocol (DHCP)

Back 117

A protocol used by networked computers

(clients) to obtain IP addresses and other

parameters such as the default gateway,

subnet mask and IP addresses of domain name

system (DNS) servers from a DHCP server

Front 118

Echo Checks

Back 118

Detects line errors by retransmitting data back

to the sending device for comparison with the

original transmission

Front 119

E-commerce

Back 119

The processes by which enterprises conduct

business electronically with their customers,

suppliers and other external business partners,

using the Internet as an enabling technology

Front 120

Edit

Control

Back 120

Detects errors in the input portion of

information that is sent to the computer for

processing.

May be manual or automated and allow the user

to edit data errors before processing

Front 121

Editing

Back 121

Ensures that data conform to predetermined

criteria and enable early identification of

potential errors

Front 122

Electronic Data

Interchange (EDI)

Back 122

The electronic transmission of transactions

(information) between two enterprises.

EDI promotes a more efficient paperless

environment. EDI transmissions can replace

the use of standard documents, including

invoices or purchase orders.

Front 123

Electronic Funds Transfer (EFT)

Back 123

The exchange of money via

telecommunications.

EFT refers to any financial transaction that

originates at a terminal and transfers a sum of

money from one account to another

Front 124

Embedded Audit Module (EAM)

Back 124

Integral part of an application system that is

designed to identify and report specific

transactions or other information based on

pre-determined criteria.

Identification of reportable items occurs as part

of real-time processing. Reporting may be

real-time online or may use store and forward

methods. Also known as integrated test

facility or continuous auditing module.

Front 125

Encapsulation (Objects)

Back 125

The technique used by layered protocols in

which a lower-layer protocol accepts a message

from a higher-layer protocol and places it in the

data portion of a frame in the lower layer

Front 126

Encryption

Back 126

The process of taking an unencrypted message

(plaintext), applying a mathematical function to

it (encryption algorithm with a key) and

producing an encrypted message (ciphertext)

Front 127

Encryption Key

Back 127

A piece of information, in a digitized form, used

by an encryption algorithm to convert the

plaintext to the ciphertext

Front 128

End-user

Computing

Back 128

The ability of end users to design and implement

their own information system utilizing

computer software products

Front 129

ERP (Enterprise

Resource Planning) System

Back 129

A packaged business software system that

allows an enterprise to automate and integrate

the majority of its business processes, share

common data and practices across the entire

enterprise, and produce and access information

in a real-time environment

Front 130

Escrow Agent

Back 130

A person, agency or enterprise that is authorized

to act on behalf of another to create a legal

relationship with a third party in regard to an

escrow agreement; the custodian of an asset

according to an escrow agreement

Front 131

Escrow

Agreement

Back 131

A legal arrangement whereby an asset (often

money, but sometimes other property such as

art, a deed of title, web site, software source

code or a cryptographic key) is delivered to a

third party (called an escrow agent) to be held

in trust or otherwise pending a contingency or

the fulfillment of a condition or conditions in a

contract

Front 132

Ethernet

Back 132

A popular network protocol and cabling scheme

that uses a bus topology and carrier sense

multiple access/collision detection (CSMA/CD)

to prevent network failures or collisions when

two devices try to access the network at the

same time

Front 133

Evidence

Back 133

1. Information that proves or disproves a stated

issue

2. Information that an auditor gathers in

the course of performing an IS audit; relevant if

it pertains to the audit objectives and has a

logical relationship to the findings and

conclusions it is used to support

Front 134

Exception

Reports

Back 134

An exception report is generated by a program

that identifies transactions or data that appear

to be incorrect.

Front 135

Executable Code

Back 135

The machine language code that is generally

referred to as the object or load module

Front 136

Expert System

Back 136

The most prevalent type of computer system

that arises from the research of artificial

intelligence

Front 137

Exposure

Back 137

The potential loss to an area due to the

occurrence of an adverse event

Front 138

eXtensible Markup Language (XML)

Back 138

Promulgated through the World Wide Web

Consortium, XML is a web-based application

development technique that allows designers to

create their own customized tags, thus, enabling

the definition, transmission, validation and

interpretation of data between applications and

enterprises.

Front 139

Extranet

Back 139

A private network that resides on the Internet

and allows a company to securely share

business information with customers, suppliers

or other businesses as well as to execute

electronic transactions

Front 140

Fallback

Procedures

Back 140

A plan of action or set of procedures to be

performed if a system implementation, upgrade

or modification does not work as intended

Front 141

False

Authorization

Back 141

Also called false acceptance, occurs when an

unauthorized person is identified as an

authorized person by the biometric system

Front 142

False

Enrollment

Back 142

Occurs when an unauthorized person manages

to enroll into the biometric system

Front 143

Fault

Tolerance

Back 143

A system’s level of resilience to seamlessly react

to hardware and/or software failure

Front 144

Feasibility Study

Back 144

A phase of a system development life cycle

(SDLC) methodology that researches the

feasibility and adequacy of resources for the

development or acquisition of a system solution

to a user need

Front 145

Fiber-optic Cable

Back 145

Glass fibers that transmit binary signals over a

telecommunications network

Front 146

File Allocation

Table (FAT)

Back 146

A table used by the operating system to keep

track of where every file is located on the disk

Front 147

File Layout

Back 147

Specifies the length of the file record and the

sequence and size of its fields

Front 148

File Server

Back 148

A high-capacity disk storage device or a

computer that stores data centrally for network

users and manages access to those data

Front 149

Financial Audit

Back 149

An audit designed to determine the accuracy of

financial records and information

Front 150

Firewall

Back 150

A system or combination of systems that

enforces a boundary between two or more

networks, typically forming a barrier between

a secure and an open environment such as the

Internet

Front 151

Firmware

Back 151

Memory chips with embedded program code

that hold their content when power is turned off

Front 152

Foreign Key

Back 152

A value that represents a reference to a tuple

(a row in a table) containing the matching

candidate key value

Front 153

Format Checking

Back 153

The application of an edit, using a predefined

field definition to a submitted information

stream; a test to ensure that data conform to a

predefined format

Front 154

Frame Relay

Back 154

A packet-switched wide-area-network (WAN)

technology that provides faster performance

than older packet-switched WAN technologies

Front 155

Function Point Analysis

Back 155

A technique used to determine the size of a

development task, based on the number of

function points

Front 156

General Computer Control

Back 156

A Control, other than an application control,

that relates to the environment within which

computer-based application systems are

developed, maintained and operated, and that

is therefore applicable to all applications...

Front 157

Generalized Audit

Software (GAS)

Back 157

Multipurpose audit software that can be used

for general processes, such as record selection,

matching, recalculation and reporting

Front 158

Hacker

Back 158

An individual who attempts to gain unauthorized

access to a computer system

Front 159

Handprint Scanner

Back 159

A biometric device that is used to authenticate

a user through palm scans

Front 160

Hardware

Back 160

The physical components of a computer system

Front 161

Hash Total

Back 161

The total of any numeric data field in a

document or computer file.

This total is checked against a control total of

the same field to facilitate accuracy of

processing.

Front 162

Help Desk

Back 162

A service offered via telephone/Internet by an

enterprise to its clients or employees that

provides information, assistance and

troubleshooting advice regarding software,

hardware or networks.

Front 163

Heuristic Filter

Back 163

A method often employed by antispam software

to filter spam using criteria established in a

centralized rule database

Front 164

Hexadecimal

Back 164

A numbering system that uses a base of 16 and

uses 16 digits: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, A, B, C, D, E

and F.

Programmers use hexadecimal numbers as a

convenient way of representing binary numbers.

Front 165

Hierarchical

Database

Back 165

A database structured in a tree/root or

parent/child relationship

Front 166

Hot Site

Back 166

A fully operational offsite data processing facility

equipped with both hardware and system

software to be used in the event of a disaster

Front 167

Hypertext Markup

Language (HTML)

Back 167

A language designed for the creation of web

pages with hypertext and other information to

be displayed in a web browser; used to structure

information--denoting certain text sure as

headings, paragraphs, lists--and can be used

to describe, to some degree, the appearance

and semantics of a document

Front 168

Image

Processing

Back 168

The process of electronically inputting source

documents by taking an image of the document,

thereby eliminating the need for key entry

Front 169

Impact

Assessment

Back 169

A review of the possible consequences of a risk

Front 170

Impersonation

Back 170

A security concept related to Windows NT

that allows a server application to temporarily

"be" the client in terms of access to secure

objects

Front 171

Incident

Back 171

Any event that is not part of the standard

operation of a service and that causes, or may

cause, an interruption to, or a reduction in, the

quality of that service

Front 172

Incident

Response

Back 172

The response of an enterprise to a disaster or

other significant event that may significantly

affect the enterprise, its people, or its ability to

function productively.

An incident response may include evacuation

of a facility, initiating a disaster recovery plan

(DRP), performing damage assessment, and

any other measures necessary to bring an

enterprise to a more stable status.

Front 173

Incremental Testing

Back 173

Deliberately testing only the value-added

functionality of a software component

Front 174

Independence

Back 174

1. Self-governance

2. The freedom from conditions that threaten

objectivity or the appearance of objectivity.

Such threats to objectivity must be managed

at the individual auditor, engagement,

functional and organizational levels.

Independence includes Independence of mind

and Independence in appearance.

Front 175

Indexed Sequential Access Method (ISAM)

Back 175

A disk access method that stores data

sequentially while also maintaining an index of

key fields to all the records in the file for direct

access capability

Front 176

Indexed

Sequential File

Back 176

A file format in which records are organized and

can be accessed, according to a pre-established

key that is part of the record

Front 177

Information

Processing

Facility (IPF)

Back 177

The computer room and support areas

Front 178

Information

Security

Back 178

Ensures that within the enterprise, information

is protected against disclosure to unauthorized

users (confidentiality), improper modification

(integrity), and non-access when required

(availability)

Front 179

Information

Security

Governance

Back 179

The set of responsibilities and practices

exercised by the board and executive

management with the goal of providing

strategic direction, ensuring that objectives are

achieved, ascertaining that risk is managed

appropriately and verifying that the enterprise’s

resources are used responsibly

Front 180

Information

Systems (IS)

Back 180

The combination of strategic, managerial and

operational activities involved in gathering,

processing, storing, distributing and using

information and its related technologies

Front 181

Inherent Risk

Back 181

The risk level or exposure without taking into

account the actions that management has

taken or might take (e.g., implementing controls)

Front 182

Inheritance

(objects)

Back 182

Database structures that have a strict hierarchy

(no multiple inheritance).

Inheritance can initiate other objects irrespective

of the class hierarchy, thus there is no strict

hierarchy of objects

Front 183

Initial Program Load (IPL)

Back 183

The initialization procedure that causes an

operating system to be loaded into storage at

the beginning of a workday or after a system

malfunction.

Front 184

Input Control

Back 184

Techniques and procedures used to verify,

validate and edit data to ensure that only

correct data are entered into the computer

Front 185

Instant

Messaging (IM)

Back 185

An online mechanism or a form of real-time

communication between two or more people

based on typed text and multimedia data

Front 186

Integrated Services Digital Network (ISDN)

Back 186

A public end-to-end digital telecommunications

network with signaling, switching and transport

capabilities supporting a wide range of service

accessed by standardized interfaces with

integrated customer control

Front 187

Integrated Test Facilities (ITF)

Back 187

A testing methodology in which test data are

processed in production systems

Front 188

Integrity

Back 188

The guarding against improper information

modification or destruction, and includes

ensuring information nonrepudiation and

authenticity

Front 189

Interface Testing

Back 189

A testing technique that is used to evaluate

output from one application while the

information is sent as input to another

application

Front 190

Internal Controls

Back 190

The policies, procedures, practices and

organizational structures designed to provide

reasonable assurance that business objectives

will be achieved and undesired events will be

prevented or detected and corrected

Front 191

Internet

Protocol (IP) Packet Spoofing

Back 191

An attack using packets with the spoofed source

Internet packet (IP) addresses.

Front 192

Irregularity

Back 192

Violation of an established management policy

or regulatory requirement. It may consist of

deliberate misstatements or omission of

information concerning the area under audit or

the enterprise as a whole, gross negligence or

unintentional illegal acts.

Front 193

IT Governance Framework

Back 193

A model that integrates a set of guidelines,

policies and methods that represent the

organizational approach to IT governance

Front 194

IT

Incident

Back 194

Any event that is not part of the ordinary

operation of a service that causes, or may

cause, an interruption to, or a reduction in,

the quality of that service

Front 195

IT

Infrastructure

Back 195

The set of hardware, software and facilities that

integrates an enterprise's IT assets

Front 196

IT Steering

Committee

Back 196

An executive-management-level committee that

assists in the delivery of the IT strategy,

oversees day-to-day management of IT service

delivery and IT projects, and focuses on

implementation aspects

Front 197

IT Strategic Plan

Back 197

A long-term plan (i.e., three- to five-year horizon)

in which business and IT management

cooperatively describe how IT resources will

contribute to the enterprise’s strategic

objectives (goals)

Front 198

IT Strategy

Committee

Back 198

A committee at the level of the board of

directors to ensure that the board is involved in

major IT matters and decisions

Front 199

Judgment Sampling

Back 199

Any sample that is selected subjectively or in

such a manner that the sample selection

process is not random or the sampling results

are not evaluated mathematically

Front 200

Key Goal

Indicator (KGI)

Back 200

A measure that tells management, after the fact,

whether an IT process has achieved its business

requirements; usually expressed in terms of

information criteria

Front 201

Key Management Practice

Back 201

Management practices that are required to

successfully execute business processes

Front 202

Key Performance

Indicator (KPI)

Back 202

A measure that determines how well the process

is performing in enabling the goal to be reached

Front 203

Leased Line

Back 203

A communication line permanently assigned to

connect two points, as opposed to a dial-up line

that is only available and open when a

connection is made by dialing the target

machine or network

Front 204

Librarian

Back 204

The individual responsible for the safeguard and

maintenance of all program and data files

Front 205

Licensing

Agreement

Back 205

A contract that establishes the terms and

conditions under which a piece of software is

being licensed (i.e., made legally available for

use) from the software developer (owner) to the

user

Front 206

Life

Cycle

Back 206

A series of stages that characterize the course

of existence of an organizational investment

(e.g., product, project, program)

Front 207

Limit Check

Back 207

Tests specified amount fields against stipulated

high or low limits of acceptability

Front 208

Local Area

Network (LAN)

Back 208

Communication network that serves several

users within a specified geographic area

Front 209

Log

Back 209

To record details of information or events in an

organized record-keeping system, usually

sequenced in the order in which they occurred

Front 210

Logical Access Controls

Back 210

The policies, procedures, organizational

structure and electronic access controls

designed to restrict access to computer

software and data files

Front 211

Magnetic Card Reader

Back 211

Reads cards with a magnetic surface on which

data can be stored and retrieved

Front 212

Malware

Back 212

Short for malicious software.

Designed to infiltrate, damage or obtain

information from a computer system without

the owner’s consent

Front 213

Management

Information System (MIS)

Back 213

An organized assembly of resources and

procedures required to collect, process and

distribute data for use in decision making

Front 214

Mapping

Back 214

Diagramming data that are to be exchanged

electronically, including how they are to be used

and what business management systems need

them.

See also Application Tracing and Mapping.

Front 215

Masking

Back 215

A computerized technique of blocking out the

display of sensitive information, such as

passwords, on a computer terminal or report

Front 216

Master File

Back 216

A file of semi permanent information that is

used frequently for processing data or for more

than one purpose

Front 217

Materiality

Back 217

An auditing concept regarding the importance of

an item of information with regard to its impact

or effect on the functioning of the entity being

audited.

An expression of the relative significance or

importance of a particular matter in the context

of the enterprise as a whole

Front 218

Maturity

Back 218

In business, indicates the degree of reliability or

dependency that the business can place on a

process achieving the desired goals or objectives

Front 219

Maturity Model

Back 219

Scope Note: See Capability Maturity Model (CMM).

Front 220

Media Access Control (MAC)

Back 220

Applied to the hardware at the factory and

cannot be modified, MAC is a unique, 48-bit,

hard-coded address of a physical layer device,

such as an Ethernet local area network (LAN) or

a wireless network card

Front 221

Media

Oxidation

Back 221

The deterioration of the media on which data

are digitally stored due to exposure to oxygen

and moisture

Front 222

Memory Dump

Back 222

The act of copying raw data from one place to

another with little or no formatting for

readability

Front 223

Message Switching

Back 223

A telecommunications methodology that

controls traffic in which a complete message is

sent to a concentration point and stored until

the communications path is established

Front 224

Microwave

Transmission

Back 224

A high-capacity line-of-sight transmission of

data signals through the atmosphere which

often requires relay stations

Front 225

Middleware

Back 225

Another term for an application programmer

interface (API).

It refers to the interfaces that allow

programmers to access lower- or higher-level

services by providing an intermediary layer that

includes function calls to the services.

Front 226

Milestone

Back 226

A terminal element that marks the completion

of a work package or phase

Front 227

Mission-critical

Application

Back 227

An application that is vital to the operation of

the enterprise. The term is very popular for

describing the applications required to run the

day-to-day business.

Front 228

Monetary Unit Sampling

Back 228

A sampling technique that estimates the amount

of overstatement in an account balance

Front 229

Network

Back 229

A system of interconnected computers and the

communication equipment used to connect

them

Front 230

Network

Administrator

Back 230

Responsible for planning, implementing and

maintaining the telecommunications

infrastructure; also may be responsible for

voice networks

Front 231

Network Attached Storage (NAS)

Back 231

Utilizes dedicated storage devices that centralize storage of data

Front 232

Nondisclosure Agreement (NDA)

Back 232

A legal contract between at least two parties

that outlines confidential materials that the

parties wish to share with one another for

certain purposes, but wish to restrict from

generalized use; a contract through which the

parties agree not to disclose information

covered by the agreement

Front 233

Normalization

Back 233

The elimination of redundant data

Front 234

Numeric Check

Back 234

An edit check designed to ensure that the data

element in a particular field is numeric.

Front 235

Object Code

Back 235

Machine-readable instructions produced from a

compiler or assembler program that has

accepted and translated the source code

Front 236

Object

Orientation

Back 236

An approach to system development in which

the basic unit of attention is an object, which

represents an encapsulation of both data

(an object’s attributes) and functionality

(an object’s methods)

Front 237

Objectivity

Back 237

The ability to exercise judgment, express

opinions and present recommendations with

impartiality

Front 238

Offsite Storage

Back 238

A facility located away from the building housing

the primary information processing facility (IPF),

used for storage of computer media such as

offline backup data and storage files

Front 239

Online Data

Processing

Back 239

Achieved by entering information into the

computer via a video display terminal

Front 240

Open

System

Back 240

System for which detailed specifications of the

composition of its component are published in

a nonproprietary environment, thereby enabling

competing enterprises to use these standard

components to build competitive systems

Front 241

Operating

System (OS)

Back 241

A master control program that runs the

computer and acts as a scheduler and traffic

controller

Front 242

Operational Audit

Back 242

An audit designed to evaluate the various

internal controls, economy and efficiency of a

function or department

Front 243

Operational Control

Back 243

Deals with the everyday operation of a company

or enterprise to ensure that all objectives are

achieved

Front 244

Optical Scanner

Back 244

An input device that reads characters and

images that are printed or painted on a paper

form into the computer

Front 245

Outsourcing

Back 245

A formal agreement with a third party to

perform IS or other business functions for an

enterprise

Front 246

Packet Switching

Back 246

The process of transmitting messages in

convenient pieces that can be reassembled at

the destination

Front 247

Paper Test

Back 247

A walk-through of the steps of a regular test,

but without actually performing the steps

Front 248

Parallel Testing

Back 248

The process of feeding test data into two

systems, the modified system and an

alternative system (possibly the original system),

and comparing results to demonstrate the

consistency and inconsistency between two

versions of the application

Front 249

Parity Check

Back 249

A general hardware control that helps to detect

data errors when data are read from memory

or communicated from one computer to

another

Front 250

Partitioned File

Back 250

A file format in which the file is divided into

multiple sub files and a directory is established

to locate each sub file

Front 251

Passive

Assault

Back 251

Intruders attempt to learn some characteristic

of the data being transmitted

Front 252

Password

Back 252

A protected, generally computer-encrypted

string of characters that authenticate a

computer user to the computer system

Front 253

Patch

Management

Back 253

An area of systems management that involves

acquiring, testing and installing multiple patches

(code changes) to an administered computer

system in order to maintain up-to-date software

and often to address security risk

Front 254

Penetration Testing

Back 254

A live test of the effectiveness of security

defenses through mimicking the actions of

real-life attackers

Front 255

Performance Driver

Back 255

A measure that is considered the "driver" of a

lag indicator.

It can be measured before the outcome is clear

and, therefore, is called a "lead indicator."

Front 256

Performance Testing

Back 256

Comparing the system’s performance to other

equivalent systems, using well-defined

benchmarks

Front 257

Peripherals

Back 257

Auxiliary computer hardware equipment used

for input, output and data storage

Front 258

Personal

Identification Number (PIN)

Back 258

A type of password (i.e., a secret number

assigned to an individual) that, in conjunction

with some means of identifying the individual,

serves to verify the authenticity of the individual

Front 259

Phishing

Back 259

This is a type of electronic mail (e-mail) attack

that attempts to convince a user that the

originator is genuine, but with the intention of

obtaining information for use in social

engineering

Front 260

Plaintext

Back 260

Digital information, such as cleartext, that is

intelligible to the reader

Front 261

Point-of-sale (POS)

Systems

Back 261

Enables the capture of data at the time and

place of transaction

Front 262

Policy

Back 262

1. Generally, a document that records a

high-level principle or course of action that has

been decided on.

The intended purpose is to

influence and guide both present and future

decision making to be in line with the

philosophy, objectives and strategic plans

established by the enterprise’s management

teams.

2. Overall intention and direction as formally expressed by management

Front 263

Portfolio

Back 263

A grouping of "objects of interest" (investment

programs, IT services, IT projects, other IT assets

or resources) managed and monitored to

optimize business value

Front 264

Preventive Control

Back 264

An internal control that is used to avoid

undesirable events, errors and other

occurrences that an enterprise has determined

could have a negative material effect on a

process or end product

Front 265

Privacy

Back 265

The rights of an individual to trust that others

will appropriately and respectfully use, store,

share and dispose of his/her associated

personal and sensitive information within the

context, and according to the purposes, for

which it was collected or derived

Front 266

Private Branch

Exchange (PBX)

Back 266

A telephone exchange that is owned by a private

business, as opposed to one owned by a

common carrier or by a telephone company

Front 267

Private Key

Cryptosystems

Back 267

Used in data encryption, it utilizes a secret key

to encrypt the plaintext to the ciphertext. Private

key cryptosystems also use the same key to

decrypt the ciphertext to the corresponding

plaintext.

Front 268

Problem

Escalation Procedure

Back 268

The process of escalating a problem up from

junior to senior support staff, and ultimately to

higher levels of management

Front 269

Procedure

Back 269

A document containing a detailed description of

the steps necessary to perform specific

operations in conformance with applicable

standards. Procedures are defined as part of

processes.

Front 270

Process

Back 270

Generally, a collection of activities influenced by

the enterprise’s policies and procedures that

takes inputs from a number of sources,

(including other processes), manipulates the

inputs and produces outputs

Front 271

Production Program

Back 271

Program used to process live or actual data that

were received as input into the production

environment

Front 272

Production Software

Back 272

Software that is being used and executed to

support normal and authorized organizational

operations

Front 273

Professional

Competence

Back 273

Proven level of ability, often linked to

qualifications issued by relevant professional

bodies and compliance with their codes of

practice and standards

Front 274

Program

Evaluation and

Review Technique (PERT)

Back 274

A project management technique used in the

planning and control of system projects

Front 275

Program Flowchart

Back 275

Shows the sequence of instructions in a single

program or subroutine

Front 276

Program

Narrative

Back 276

Provides a detailed explanation of program

flowcharts, including control points and any

external input

Front 277

Project

Back 277

A structured set of activities concerned with

delivering a defined capability (that is necessary

but not sufficient, to achieve a required

business outcome) to the enterprise based on

an agreed-on schedule and budget

Front 278

Project

Portfolio

Back 278

The set of projects owned by a company

Front 279

Protocol

Back 279

The rules by which a network operates and

controls the flow and priority of transmissions

Front 280

Protocol

Converter

Back 280

Hardware devices, such as asynchronous and

synchronous transmissions, that convert

between two different types of transmission

Front 281

Prototyping

Back 281

The process of quickly putting together a

working model (a prototype) in order to test

various aspects of a design, illustrate ideas or

features and gather early user feedback

Front 282

Proxy Server

Back 282

A server that acts on behalf of a user

Front 283

Public Key

Cryptosystem

Back 283

Used in data encryption, it uses an encryption

key, as a public key, to encrypt the plaintext to

the ciphertext. It uses the different decryption

key, as a secret key, to decrypt the ciphertext

to the corresponding plaintext.

Front 284

Public Key

Encryption

Back 284

A cryptographic system that uses two keys:

one is a public key, which is known to everyone,

and the second is a private or secret key, which

is only known to the recipient of the message.

See also Asymmetric Key.

Front 285

Public Key

Infrastructure

(PKI)

Back 285

A series of processes and technologies for the

association of cryptographic keys with the entity

to whom those keys were issued

Front 286

Quality

Assurance (QA)

Back 286

A planned and systematic pattern of all actions

necessary to provide adequate confidence that

an item or product conforms to established

technical requirements. (ISO/IEC 24765)

Front 287

Radio Wave

Interference

Back 287

The superposition of two or more radio waves

resulting in a different radio wave pattern that

is more difficult to intercept and decode

properly

Front 288

Random Access Memory (RAM)

Back 288

The computer's primary working memory

Front 289

Range Check

Back 289

Range checks ensure that data fall within a

predetermined range

Front 290

Rapid

Application Development

Back 290

A methodology that enables enterprises to

develop strategically important systems faster,

while reducing development costs and

maintaining quality by using a series of proven

application development techniques, within a

well-defined methodology

Front 291

Real-time

Processing

Back 291

An interactive online system capability that

immediately updates computer files when

transactions are initiated through a terminal

Front 292

Reasonable

Assurance

Back 292

A level of comfort short of a guarantee, but

considered adequate given the costs of the

control and the likely benefits achieved

Front 293

Reasonableness Check

Back 293

Compares data to predefined reasonability limits

or occurrence rates established for the data

Front 294

Reciprocal Agreement

Back 294

Emergency processing agreement between two

or more enterprises with similar equipment or

applications

Front 295

Recovery Point

Objective (RPO)

Back 295

Determined based on the acceptable data loss

in case of a disruption of operations.

It indicates the earliest point in time that is

acceptable to recover the data. The RPO

effectively quantifies the permissible amount of

data loss in case of interruption.

Front 296

Recovery Strategy

Back 296

An approach by an enterprise that will ensure

its recovery and continuity in the face of a

disaster or other major outage

Front 297

Recovery Time Objective (RTO)

Back 297

The amount of time allowed for the recovery of

a business function or resource after a disaster

occurs

Front 298

Redundancy Check

Back 298

Detects transmission errors by appending

calculated bits onto the end of each segment of

data

Front 299

Redundant Array of Inexpensive Disks (RAID)

Back 299

Provides performance improvements and

fault-tolerant capabilities via hardware or

software solutions, by writing to a series of

multiple disks to improve performance and/or

save large files simultaneously

Front 300

Reengineering

Back 300

A process involving the extraction of

components from existing systems and

restructuring these components to develop

new systems or to enhance the efficiency of

existing systems

Front 301

Registration

Authority (RA)

Back 301

The individual institution that validates an

entity's proof of identity and ownership of a key

pair

Front 302

Regression Testing

Back 302

A testing technique used to retest earlier

program abends or logical errors that occurred

during the initial testing phase

Front 303

Remote

Procedure Call (RPC)

Back 303

The traditional Internet service protocol widely

used for many years on UNIX-based operating

systems and supported by the Internet

Engineering Task Force (IETF) that allows a

program on one computer to execute a

program on another (e.g., server)

Front 304

Repository

Back 304

An enterprise database that stores and organizes data

Front 305

Request for

Proposal (RFP)

Back 305

A document distributed to software vendors

requesting them to submit a proposal to

develop or provide a software product

Front 306

Requirements

Definition

Back 306

A technique used in which the affected user

groups define the requirements of the system

for meeting the defined needs

Front 307

Resilience

Back 307

The ability of a system or network to resist

failure or to recover quickly from any disruption,

usually with minimal recognizable effect

Front 308

Return on

Investment

(ROI)

Back 308

A measure of operating performance and

efficiency, computed in its simplest form by

dividing net income by the total investment

over the period being considered

Front 309

Reverse

Engineering

Back 309

A software engineering technique whereby an

existing application system code can be

redesigned and coded using computer-aided

software engineering (CASE) technology

Front 310

Ring

Configuration

Back 310

Used in either token ring or fiber distributed

data interface (FDDI) networks, all stations

(nodes) are connected to a multi-station access

unit (MSAU), that physically resembles a

star-type topology.

Front 311

Ring

Topology

Back 311

A type of local area network (LAN) architecture

in which the cable forms a loop, with stations

attached at intervals around the loop

Front 312

Risk

Back 312

The combination of the probability of an event

and its consequence. (ISO/IEC 73)

Front 313

Risk Analysis

Back 313

1. A process by which frequency and magnitude

of IT risk scenarios are estimated.

2. The initial steps of risk management:

analyzing the value of assets to the business,

identifying threats to those assets and

evaluating how vulnerable each asset is to

those threats

Front 314

Risk

Assessment

Back 314

A process used to identify and evaluate risk and

its potential effects

Risk assessments are also used to manage the

project delivery and project benefit risk.

Front 315

Risk

Management

Back 315

1. The coordinated activities to direct and control

an enterprise with regard to risk.

2. One of the governance objectives. Entails

recognizing risk; assessing the impact and

likelihood of that risk; and developing

strategies, such as avoiding the risk, reducing

the negative effect of the risk and/or

transferring the risk, to manage it within the

context of the enterprise’s risk appetite.

Front 316

Risk

Mitigation

Back 316

The management of risk through the use of

countermeasures and controls

Front 317

Risk

Transfer

Back 317

The process of assigning risk to another

enterprise, usually through the purchase of an

insurance policy or by outsourcing the service

Front 318

Risk

Treatment

Back 318

The process of selection and implementation of

measures to modify risk (ISO/IEC Guide 73:2002)

Front 319

Router

Back 319

A networking device that can send (route) data

packets from one local area network (LAN) or

wide area network (WAN) to another, based on

addressing at the network layer (Layer 3) in the

open systems interconnection (OSI) model

Front 320

Run-to-run Totals

Back 320

Provide evidence that a program processes all

input data and that it processed the data

correctly

Front 321

Salami

Technique

Back 321

A method of computer fraud involving a

computer code that instructs the computer to

slice off small amounts of money from an

authorized computer transaction and reroute

this amount to the perpetrator’s account

Front 322

Scheduling

Back 322

A method used in the information processing

facility (IPF) to determine and establish the

sequence of computer job processing

Front 323

Scope Creep

Back 323

Also called requirement creep, this refers to

uncontrolled changes in a project’s scope

Front 324

Screening Routers

Back 324

A router configured to permit or deny traffic

based on a set of permission rules installed by

the administrator

Front 325

Secure Sockets

Layer (SSL)

Back 325

A protocol that is used to transmit private

documents through the Internet

Front 326

Security

Administrator

Back 326

The person responsible for implementing,

monitoring and enforcing security rules

established and authorized by management

Front 327

Security Awareness

Back 327

The extent to which every member of an

enterprise and every other individual who

potentially has access to the enterprise's

information understands:

-Security and the levels of security appropriate

to the enterprise

-The importance of security and consequences

of a lack of security

-Their individual responsibilities regarding

security (and act accordingly)

Front 328

Security

Incident

Back 328

A series of unexpected events that involves an

attack or series of attacks (compromise

and/or breach of security) at one or more sites.

A security incident normally includes an

estimation of its level of impact. A limited

number of impact levels are defined and, for

each, the specific actions required and the

people who need to be notified are identified.

Front 329

Security Policy

Back 329

A high-level document representing an

enterprise’s information security philosophy

and commitment

Front 330

Security

Procedures

Back 330

The formal documentation of operational steps

and processes that specify how security goals

and objectives set forward in the security policy

and standards are to be achieved

Front 331

Segregation/Separation of Duties (SoD)

Back 331

A basic internal control that prevents or detects

errors and irregularities by assigning to

separate individuals the responsibility for

initiating and recording transactions and for the

custody of assets

Front 332

Sequence Check

Back 332

Verification that the control number follows

sequentially and any control numbers out of

sequence are rejected or noted on an exception

report for further research

Front 333

Sequential File

Back 333

A computer file storage format in which one

record follows another

Front 334

Service

Bureau

Back 334

A computer facility that provides data processing

services to clients on a continual basis

Front 335

Service Level Agreement (SLA)

Back 335

An agreement, preferably documented, between

a service provider and the customer(s)/user(s)

that defines minimum performance targets for

a service and how they will be measured

Front 336

Servlet

Back 336

A Java applet or a small program that runs within

a web server environment

Front 337

Smart Card

Back 337

A small electronic device that contains

electronic memory, and possibly an embedded

integrated circuit

Front 338

Software

Back 338

Programs and supporting documentation that

enable and facilitate use of the computer

Front 339

Source Code

Back 339

The language in which a program is written

Front 340

SPOOL

(Simultaneous Peripheral

Operations Online)

Back 340

An automated function that can be based on an

operating system or application in which

electronic data being transmitted between

storage areas are spooled or stored until the

receiving device or storage area is prepared

and able to receive the information

Front 341

Spyware

Back 341

Software whose purpose is to monitor a

computer user’s actions (e.g., web sites visited)

and report these actions to a third party, without

the informed consent of that machine’s owner

or legitimate user

Front 342

Standard

Back 342

A mandatory requirement, code of practice or

specification approved by a recognized external

standards organization, such as International

Organization for Standardization (ISO)

Front 343

Star

Topology

Back 343

A type of local area network (LAN) architecture

that utilizes a central controller to which all

nodes are directly connected

Front 344

Statistical Sampling

Back 344

A method of selecting a portion of a population,

by means of mathematical calculations and

probabilities, for the purpose of making

scientifically and mathematically sound

inferences regarding the characteristics of the

entire population

Front 345

Storage Area Networks (SANs)

Back 345

A variation of a local area network (LAN) that is

dedicated for the express purpose of connecting

storage devices to servers and other computing

devices

Front 346

Structured

Programming

Back 346

A top-down technique of designing programs

and systems that makes programs more

readable, more reliable and more easily

maintained

Front 347

Structured Query

Language (SQL)

Back 347

The primary language used by both application

programmers and end users in accessing

relational databases

Front 348

Substantive Testing

Back 348

Obtaining audit evidence on the completeness,

accuracy or existence of activities or

transactions during the audit period

Front 349

Supply Chain

Management (SCM)

Back 349

A concept that allows an enterprise to more

effectively and efficiently manage the activities

of design, manufacturing, distribution, service

and recycling of products and service its

customers

Front 350

Surge

Suppressor

Back 350

Filters out electrical surges and spikes

Front 351

Suspense File

Back 351

A computer file used to maintain information

(transactions, payments or other events) until

the proper disposition of that information can

be determined

Front 352

Switches

Back 352

Typically associated as a data link layer device,

switches enable local area network (LAN)

segments to be created and interconnected,

which has the added benefit of reducing

collision domains in Ethernet-based networks.

Front 353

Synchronous

Transmission

Back 353

Block-at-a-time data transmission

Front 354

System

Development Life Cycle (SDLC)

Back 354

The phases deployed in the development or

acquisition of a software system

Front 355

System Exit

Back 355

Special system software features and utilities

that allow the user to perform complex system

maintenance

Front 356

System

Flowchart

Back 356

Graphic representations of the sequence of

operations in an information system or program

Front 357

Table Look-up

Back 357

Used to ensure that input data agree with

predetermined criteria stored in a table

Front 358

Tape Management System (TMS)

Back 358

A system software tool that logs, monitors and

directs computer tape usage

Front 359

Test Data

Back 359

Simulated transactions that can be used to test

processing logic, computations and controls

actually programmed in computer

applications.

Individual programs or an entire system can be

tested.

Front 360

Test

Generators

Back 360

Software used to create data to be used in the

testing of computer programs

Front 361

Test

Programs

Back 361

Programs that are tested and evaluated before

approval into the production environment

Front 362

Third-party Review

Back 362

An independent audit of the control structure of

a service organization, such as a service bureau,

with the objective of providing assurance to the

users of the service organization that the

internal control structure is adequate, effective

and sound

Front 363

Threat

Back 363

Anything (e.g., object, substance, human) that is

capable of acting against an asset in a manner

that can result in harm

Front 364

Throughput

Back 364

The quantity of useful work made by the system

per unit of time. Throughput can be measured

in instructions per second or some other unit of

performance. When referring to a data transfer

operation, throughput measures the useful

data transfer rate and is expressed in kbps,

Mbps and Gbps.

Front 365

Token

Back 365

A device that is used to authenticate a user,

typically in addition to a username and password

Front 366

Token Ring

Topology

Back 366

A type of local area network (LAN) ring topology

in which a frame containing a specific format,

called the token, is passed from one station to

the next around the ring

Front 367

Topology

Back 367

The physical layout of how computers are linked together

Front 368

Transaction Log

Back 368

A manual or automated log of all updates to data files and databases

Front 369

Transmission

Control

Protocol/Internet Protocol (TCP/IP)

Back 369

Provides the basis for the Internet; a set of

communication protocols that encompass

media access, packet transport, session

communication, file transfer, electronic mail

(e-mail), terminal emulation, remote file access

and network management

Front 370

Trap Door

Back 370

Unauthorized electronic exit, or doorway, out of

an authorized computer program into a set of

malicious instructions or programs

Front 371

Trojan Horse

Back 371

Purposefully hidden malicious or damaging code

within an authorized computer program

Front 372

Tunneling

Back 372

Commonly used to bridge between incompatible

hosts/routers or to provide encryption, a method

by which one network protocol encapsulates

another protocol within itself

Front 373

Twisted Pair

Back 373

A low-capacity transmission medium; a pair of

small, insulated wires that are twisted around

each other to minimize interference from other

wires in the cable

Front 374

Unit

Testing

Back 374

A testing technique that is used to test program

logic within a particular program or module

Front 375

Universal Serial BUS (USB)

Back 375

An external bus standard that provides

capabilities to transfer data at a rate of 12 Mbps

Front 376

User Awareness

Back 376

A training process in security-specific issues to

reduce security problems; users are often the

weakest link in the security chain.

Front 377

Utility

Programs

Back 377

Specialized system software used to perform

particular computerized functions and routines

that are frequently required during normal

processing

Front 378

Utility Script

Back 378

A sequence of commands input into a single file

to automate a repetitive and specific task

Front 379

Vaccine

Back 379

A program designed to detect

computer viruses

Front 380

Validity Check

Back 380

Programmed checking of data validity in

accordance with predetermined criteria

Front 381

Value-Added Network (VAN)

Back 381

A data communication network that adds

processing services such as error correction,

data translation and/or storage to the basic

function of transporting data

Front 382

Variable

Sampling

Back 382

A sampling technique used to estimate the

average or total value of a population based on

a sample; a statistical model used to project a

quantitative characteristic, such as a monetary

amount

Front 383

Verification

Back 383

Checks that data are entered correctly

Front 384

Virus

Back 384

A program with the ability to reproduce by

modifying other programs to include a copy of

itself

Front 385

Voice-over

Internet

Protocol (VoIP)

Back 385

Also called IP Telephony, Internet Telephony and

Broadband Phone, a technology that makes it

possible to have a voice conversation over the

Internet or over any dedicated Internet Protocol

(IP) network instead of over dedicated voice

transmission lines

Front 386

Vulnerability

Back 386

A weakness in the design, implementation,

operation or internal control of a process that

could expose the system to adverse threats

from threat events

Front 387

Vulnerability Analysis

Back 387

A process of identifying and classifying vulnerabilities

Front 388

Warm Site

Back 388

Similar to a hot site but not fully equipped with

all of the necessary hardware needed for

recovery

Front 389

Waterfall

Development

Back 389

Also known as traditional development, a

procedure-focused development cycle with

formal sign-off at the completion of each level

Front 390

Web Services

Description

Language (WSDL)

Back 390

A language formatted with extensible markup language (XML)

Front 391

White Box Testing

Back 391

A testing approach that uses knowledge of a

program/module’s underlying implementation

and code intervals to verify its expected behavior

Front 392

Wide Area Network (WAN)

Back 392

A computer network connecting different

remote locations that may range from short

distances, such as a floor or building, to

extremely long transmissions that encompass

a large region or several countries

Front 393

Wide Area Network (WAN) Switch

Back 393

A data link layer device used for implementing

various WAN technologies such as asynchronous

transfer mode, point-to-point frame relay

solutions, and integrated services digital network

(ISDN).

Front 394

Wi-Fi Protected Access (WPA)

Back 394

A class of systems used to secure wireless (Wi-Fi) computer networks

Front 395

Wired Equivalent Privacy (WEP)

Back 395

A scheme that is part of the IEEE 802.11 wireless

networking standard to secure IEEE 802.11

wireless networks (also known as Wi-Fi

networks)

Front 396

Wiretapping

Back 396

The practice of eavesdropping on information

being transmitted over telecommunications

links

Front 397

X.25

Interface

Back 397

An interface between data terminal equipment

(DTE) and data circuit-terminating equipment

(DCE) for terminals operating in the packet

mode on some public data networks

Front 398

Room Rocking Air Biscuit

Back 398

An extremely raucous expulsion of gas from ones anus causing intense vibration of the sphincter muscles similar to that of the reed of a wood wind instrument during play.

Scope Note: See Sphincter Shout

Front 399

Sphincter Shout

Back 399

An extremely raucous expulsion of gas from ones anus causing intense vibration of the sphincter muscles similar to that of the reed of a wood wind instrument during play.

Scope Note: See Room Rocking Air Biscuit