A - GLOSSARY Flashcards
Acceptable interruption window
The maximum period of time that a system can be unavailable before compromising the achievement of the organization’s business objectives
Acceptable use policy
A policy that establishes an agreement between users and the organization and defines for all parties the ranges of use that are approved before gaining access to a network or the Internet
Access Controls
The processes, rules and deployment mechanisms that control access to information systems, resources and physical access to premises
Access path
The logical route that an end user takes to access computerized information. Typically it includes a route through the operating system, telecommunications software, selected application software and the access
control system.
Access Rights
The permission or privileges granted to users, programs or workstations to create, change, delete or view data and files within a system, as defined by rules established by data owners and the information security policy
Accountability
The ability to map a given activity or event back to the responsible party
Address Resolution Protocol (ARP)
Defines the exchanges between network interfaces connected to an Ethernet media segment in order to map an IP address to a link layer address on demand
Administrative control
The rules, procedures and practices dealing with operational effectiveness, efficiency and adherence to regulations and management policies
Advance encryption standard (AES)
The international encryption standard that replaced 3DES
Alert situation
The point in an emergency procedure when the elapsed time passes a threshold and the interruption is not resolved. The organization entering into an alert situation initiates a series of escalation steps.
Algorithm
A finite set of step-by-step instructions for a problem-solving or computation procedure, especially one that can be implemented by a computer
Alternate facilities
Locations and infrastructures from which emergency or backup processes are executed, when the main premises are unavailable or destroyed. This includes other buildings, offices or data processing centers.
Alternate process
Automatic or manual process designed and established to continue critical business processes from point-of-failure to return-to-normal
Annual loss expectancy (ALE)
The total expected loss divided by the number of years in the forecast period yielding the average annual loss
Anomaly detection
Detection on the basis of whether the system activity matches that defined as abnormal
Anonymous File Transfer Protocol (AFTP)
A method of downloading public files using the File Transfer Protocol (FTP). AFTP does not require users to identify themselves before accessing files from a particular server. In general, users enter the word
“anonymous” when the host prompts for a username. Anything can be entered for the password, such as the user’s email address or simply the word “guest.” In many cases, an AFTP site will not prompt a user for a
name and password.
Antivirus software
An application software deployed at multiple points in an IT architecture.
It is designed to detect and potentially eliminate virus code before damage is done, and repair or quarantine files that have already been infected.
Application controls
The policies, procedures and activities designed to provide reasonable assurance that objectives relevant to a given automated solution (application) are achieved
Application layer
In the Open Systems Interconnection (OSI) communications model, the application layer provides services for an application program to ensure
that effective communication with another application program in a network is possible. The application layer is not the application that is doing the communication; it is a service layer that provides these services.
Application programming interface (API)
A set of routines, protocols and tools referred to as “building blocks” used in business application software development. A good API makes it easier to develop a program by providing all the building blocks related to
functional characteristics of an operating system that applications need to specify, for example, when interfacing with the operating system (e.g., provided by Microsoft Windows, different versions of UNIX). A
programmer utilizes these APIs in developing applications that can operate effectively and efficiently on the platform chosen.
Application service provider (ASP)
Also known as managed service provider (MSP), it deploys, hosts and manages access to a packaged application to multiple parties from a centrally managed facility. The applications are delivered over networks
on a subscription basis.
Architecture
Description of the fundamental underlying design of the components of the business system, or of one element of the business system (e.g., technology), the relationships among them, and the manner in which they support the organization’s objectives
Asymmetric key
A cipher technique in which different cryptographic keys are used to encrypt and decrypt a message
Attack signature
A specific sequence of events indicative of an unauthorized access attempt. Typically a characteristic byte pattern used in malicious code or an indicator, or set of indicators, that allows the identification of
malicious network activities.
Audit trail
A visible trail of evidence enabling one to trace information contained in statements or reports back to the original input source
Authentication
The act of verifying the identity (i.e., user, system)
Authorization
Access privileges granted to a user, program or process, or the act of granting those privileges
Availability
Information that is accessible when required by the business process now and in the future
