A - GLOSSARY

Question 1

Acceptable interruption window

Answer 1

The maximum period of time that a system can be unavailable before compromising the achievement of the organization’s business objectives

Question 2

Acceptable use policy

Answer 2

A policy that establishes an agreement between users and the organization and defines for all parties the ranges of use that are approved before gaining access to a network or the Internet

Question 3

Access Controls

Answer 3

The processes, rules and deployment mechanisms that control access to information systems, resources and physical access to premises

Question 4

Access path

Answer 4

The logical route that an end user takes to access computerized information. Typically it includes a route through the operating system, telecommunications software, selected application software and the access
control system.

Question 5

Access Rights

Answer 5

The permission or privileges granted to users, programs or workstations to create, change, delete or view data and files within a system, as defined by rules established by data owners and the information security policy

Question 6

Accountability

Answer 6

The ability to map a given activity or event back to the responsible party

Question 7

Address Resolution Protocol (ARP)

Answer 7

Defines the exchanges between network interfaces connected to an Ethernet media segment in order to map an IP address to a link layer address on demand

Question 8

Administrative control

Answer 8

The rules, procedures and practices dealing with operational effectiveness, efficiency and adherence to regulations and management policies

Question 9

Advance encryption standard (AES)

Answer 9

The international encryption standard that replaced 3DES

Question 10

Alert situation

Answer 10

The point in an emergency procedure when the elapsed time passes a threshold and the interruption is not resolved. The organization entering into an alert situation initiates a series of escalation steps.

Question 11

Algorithm

Answer 11

A finite set of step-by-step instructions for a problem-solving or computation procedure, especially one that can be implemented by a computer

Question 12

Alternate facilities

Answer 12

Locations and infrastructures from which emergency or backup processes are executed, when the main premises are unavailable or destroyed. This includes other buildings, offices or data processing centers.

Question 13

Alternate process

Answer 13

Automatic or manual process designed and established to continue critical business processes from point-of-failure to return-to-normal

Question 14

Annual loss expectancy (ALE)

Answer 14

The total expected loss divided by the number of years in the forecast period yielding the average annual loss

Question 15

Anomaly detection

Answer 15

Detection on the basis of whether the system activity matches that defined as abnormal

Question 16

Anonymous File Transfer Protocol (AFTP)

Answer 16

A method of downloading public files using the File Transfer Protocol (FTP). AFTP does not require users to identify themselves before accessing files from a particular server. In general, users enter the word
“anonymous” when the host prompts for a username. Anything can be entered for the password, such as the user’s email address or simply the word “guest.” In many cases, an AFTP site will not prompt a user for a
name and password.

Question 17

Antivirus software

Answer 17

An application software deployed at multiple points in an IT architecture.
It is designed to detect and potentially eliminate virus code before damage is done, and repair or quarantine files that have already been infected.

Question 18

Application controls

Answer 18

The policies, procedures and activities designed to provide reasonable assurance that objectives relevant to a given automated solution (application) are achieved

Question 19

Application layer

Answer 19

In the Open Systems Interconnection (OSI) communications model, the application layer provides services for an application program to ensure
that effective communication with another application program in a network is possible. The application layer is not the application that is doing the communication; it is a service layer that provides these services.

Question 20

Application programming interface (API)

Answer 20

A set of routines, protocols and tools referred to as “building blocks” used in business application software development. A good API makes it easier to develop a program by providing all the building blocks related to
functional characteristics of an operating system that applications need to specify, for example, when interfacing with the operating system (e.g., provided by Microsoft Windows, different versions of UNIX). A
programmer utilizes these APIs in developing applications that can operate effectively and efficiently on the platform chosen.

Question 21

Application service provider (ASP)

Answer 21

Also known as managed service provider (MSP), it deploys, hosts and manages access to a packaged application to multiple parties from a centrally managed facility. The applications are delivered over networks
on a subscription basis.

Question 22

Architecture

Answer 22

Description of the fundamental underlying design of the components of the business system, or of one element of the business system (e.g., technology), the relationships among them, and the manner in which they support the organization’s objectives

Question 23

Asymmetric key

Answer 23

A cipher technique in which different cryptographic keys are used to encrypt and decrypt a message

Question 24

Attack signature

Answer 24

A specific sequence of events indicative of an unauthorized access attempt. Typically a characteristic byte pattern used in malicious code or an indicator, or set of indicators, that allows the identification of
malicious network activities.

Question 25

Audit trail

Answer 25

A visible trail of evidence enabling one to trace information contained in statements or reports back to the original input source

Question 26

Authentication

Answer 26

The act of verifying the identity (i.e., user, system)

Question 27

Authorization

Answer 27

Access privileges granted to a user, program or process, or the act of granting those privileges

Question 28

Availability

Answer 28

Information that is accessible when required by the business process now and in the future