CISA Glossary Flashcards

Question 1

Q

Abend

Answer

A

An abnormal end to a computer job; termination of a task prior to its completion because of an error condition that cannot be resolved by recovery facilities while the task is executing

Question 2

Q

Access control

Answer

A

The processes, rules and deployment mechanisms that control access to information systems, resources and physical access to premises

Question 3

Q

Access control list (ACL)

Answer

A

An internal computerized table of access rules regarding the levels of computer access permitted to logon IDs and computer terminals. Also referred to as access control tables.

Question 4

Q

Access control table

Answer

A

An internal computerized table of access rules regarding the levels of computer access permitted to logon IDs and computer terminals

Question 5

Q

Access method

Answer

A

The technique used for selecting records in a file, one at a time, for processing, retrieval or storage. The access method is related to, but distinct from, the file organization, which determines how the records are stored.

Question 6

Q

Access path

Answer

A

The logical route an end user takes to access computerized information. Typically, it includes a route through the operating system, telecommunications software, selected application software and the access control system.

Question 7

Q

Access rights

Answer

A

The permission or privileges granted to users, programs or workstations to create, change, delete or view data and files within a system, as defined by rules established by data owners and the information security policy

Question 8

Q

Access servers

Answer

A

Provides centralized access control for managing remote access dial-up services

Question 9

Q

Address

Answer

A

Within computer storage, the code used to designate the location of a specific piece of data

Question 10

Q

Address space

Answer

A

The number of distinct locations that may be referred to with the machine address. For most binary machines, it is equal to 2n, where n is the number of bits in the machine address.

Question 11

Q

Addressing

Answer

A

The method used to identify the location of a participant in a network. Ideally, addressing specifies where the participant is located rather than who they are (name) or how to get there (routing).

Question 12

Q

Administrative controls

Answer

A

The rules, procedures and practices dealing with operational effectiveness, efficiency and adherence to regulations and management policies

Question 13

Q

Adware

Answer

A

A software package that automatically plays, displays or downloads advertising material to a computer after the software is installed on it or while the application is being used. In most cases, this is done without any notification to the user or without the user’s consent. The term adware may also refer to software that displays advertisements, whether or not it does so with the user’s consent; such programs display advertisements as an alternative to shareware registration fees. These are classified as adware in the sense of advertising supported software, but not as spyware. Adware in this form does not operate surreptitiously or mislead the user, and provides the user with a specific service

Question 14

Q

Alpha

Answer

A

The use of alphabetic characters or an alphabetic character string

Question 15

Q

Alternative routing

Answer

A

A service that allows the option of having an alternate route to complete a call when the marked destination is not available. In signaling, alternate routing is the process of allocating substitute routes for a given signaling traffic stream in case of failure(s) affecting the normal signaling links or routes of that traffic stream

Question 16

Q

Analog

Answer

A

A transmission signal that varies continuously in amplitude and time, and is generated in wave formation. Analog signals are used in telecommunications

Question 17

Q

Anonymous File Transfer Protocol (FTP)

Answer

A

A method for downloading public files using the File Transfer Protocol. Anonymous FTP is called anonymous because users do not need to identify themselves before accessing files from a particular server. In general, users enter the word “anonymous” when the host prompts for a username; anything can be entered for the password such as the user’s email address or simply the word “guest.” In many cases, an anonymous FTP site will not even prompt users for a name and password

Question 18

Q

Antivirus software

Answer

A

An application software deployed at multiple points in an IT architecture. It is designed to detect and potentially eliminate virus code before damage is done and repair or quarantine files that have already been infected.

Question 19

Q

Applet

Answer

A

A program written in a portable, platform independent computer language such as Java, JavaScript or Visual Basic. An applet is usually embedded in a Hypertext Markup Language (HTML) page downloaded from web servers and then executed by a browser on client machines to run any web-based application (e.g., generate web page input forms, run audio/video programs, etc.). Applets can only perform a restricted set of operations, thus preventing, or at least minimizing, the possible security compromise of the host computers. However, applets expose the user’s machine to risk if not properly controlled by the browser, which should not allow an applet to access a machine’s information without prior authorization of the user

Question 20

Q

Application

Answer

A

A computer program or set of programs that perform the processing of records for a specific function. Contrasts with systems programs, such as an operating system or network control program, and with utility programs, such as copy or sort

Question 21

Q

Application layer

Answer

A

In the Open Systems Interconnection (OSI) communications model, the application layer provides services for an application program to ensure that effective communication with another application program in a network is possible. The application layer is not the application that is doing the communication; a service layer that provides these services

Question 22

Q

Application program

Answer

A

A program that processes business data through activities such as data entry, update or query. Contrasts with systems programs, such as an operating system or network control program, and with utility programs such as copy or sort

Question 23

Q

Application programming interface (API)

Answer

A

A set of routines, protocols and tools referred to as “building blocks” used in business application software development. A good API makes it easier to develop a program by providing all the building blocks related to functional characteristics of an operating system that applications need to specify, for example, when interfacing with the operating system (e.g., provided by Microsoft Windows, different versions of UNIX). A programmer utilizes these APIs in developing applications that can operate effectively and efficiently on the platform chosen

Question 24

Q

Application software tracing and mapping

Answer

A

Specialized tools that can be used to analyze the flow of data through the processing logic of the application software and document the logic, paths, control conditions and processing sequences. Both the command language or job control statements and programming language can be analyzed. This technique includes program/system: mapping, tracing, snapshots, parallel simulations and code comparisons

Question 25

Q

Arithmetic logic unit (ALU)

Answer

A

The area of the central processing unit that performs mathematical and analytical operations

Question 26

Q

Artificial intelligence

Answer

A

Advanced computer systems that can simulate human capabilities, such as analysis, based on a predetermined set of rules

Question 27

Q

Assembler

Answer

A

A program that takes as input a program written in assembly language and translates it into machine code or machine language

Question 28

Q

Asymmetric key (public key)

Answer

A

A cipher technique in which different cryptographic keys are used to encrypt and decrypt a message

Question 29

Q

Asynchronous Transfer Mode (ATM)

Answer

A

A high-bandwidth low-delay switching and multiplexing technology that allows integration of real-time voice and video as well as data. It is a data link layer protocol. ATM is a protocol-independent transport mechanism. It allows high-speed data transfer rates at up to 155 Mbit/s. The acronym ATM should not be confused with the alternate usage for ATM, which refers to an automated teller machine

Question 30

Q

Asynchronous transmission

Answer

A

Character-at-a-time transmission

Question 31

Q

Attribute sampling

Answer

A

An audit technique used to select items from a population for audit testing purposes based on selecting all those items that have certain attributes or characteristics (such as all items over a certain size)

Question 32

Q

Audit objective

Answer

A

The specific goal(s) of an audit. These often center on substantiating the existence of internal controls to minimize business risk.

Question 33

Q

Audit risk

Answer

A

The probability that information or financial reports may contain material errors and that the auditor may not detect an error that has occurred

Question 34

Q

Audit trail

Answer

A

A visible trail of evidence enabling one to trace information contained in statements or reports back to the original input source

Question 35

Q

Authentication

Answer

A

The act of verifying the identity of a user and the user’s eligibility to access computerized information. Authentication is designed to protect against fraudulent logon activity. It can also refer to the verification of the correctness of a piece of data

Question 36

Q

Backbone

Answer

A

The main communications channel of a digital network. The part of the network that handles the major traffic. Employs the highest-speed transmission paths in the network and may also run the longest distances. Smaller networks are attached to the backbone, and networks that connect directly to the end user or customer are called “access networks.” A backbone can span a geographic area of any size from a single building to an office complex to an entire country. Or, it can be as small as a backplane in a single cabinet.

Question 37

Q

Backup

Answer

A

Files, equipment, data and procedures available for use in the event of a failure or loss, if the originals are destroyed or out of service

Question 38

Q

Bandwidth

Answer

A

The range between the highest and lowest transmittable frequencies. It equates to the transmission capacity of an electronic line and is expressed in bytes per second or Hertz (cycles per second).

Question 39

Q

Bar code

Answer

A

A printed machine-readable code that consists of parallel bars of varied width and spacing

Question 40

Q

Base case

Answer

A

A standardized body of data created for testing purposes. Users normally establish the data. Base cases validate production application systems and test the ongoing accurate operation of the system.

Question 41

Q

Batch control

Answer

A

Correctness checks built into data processing systems and applied to batches of input data, particularly in the data preparation stage. There are two main forms of batch controls: sequence control, which involves consecutively numbering the records in a batch so that the presence of each record can be confirmed, and control total, which is a total of the values in selected fields within the transactions.

Question 42

Q

Batch processing

Answer

A

The processing of a group of transactions at the same time. Transactions are collected and processed against the master files at a specified time

Question 43

Q

Bayesian filter

Answer

A

A method often employed by antispam software to filter spam based on probabilities. The message header and every word or number are each considered a token and given a probability score. Then the entire message is given a spam probability score. A message with a high score will be flagged as spam and discarded, returned to its sender or put in a spam directory for further review by the intended recipient

Question 44

Q

Benchmarking

Answer

A

A systematic approach to comparing organization performance against peers and competitors in an effort to learn the best ways of conducting business. Examples include benchmarking of quality, logistic efficiency and various other metrics

Question 45

Q

Binary code

Answer

A

A code whose representation is limited to 0 and 1

Question 46

Q

Biometrics

Answer

A

A security technique that verifies an individual’s identity by analyzing a unique physical attribute such as a handprint

Question 47

Q

Black box testing

Answer

A

A testing approach that focuses on the functionality of the application or product and does not require knowledge of the code intervals

Question 48

Q

Broadband

Answer

A

Multiple channels are formed by dividing the transmission medium into discrete frequency segments. Broadband generally requires the use of a modem

Question 49

Q

Bridge

Answer

A

A device that connects two similar networks together

Question 50

Q

Brouters

Answer

A

Devices that perform the functions of both a bridge and a router. A brouter operates at both the data link and the network layers. It connects same data link type local area network (LAN) segments as well as different data link ones, which is a significant advantage. Like a bridge, it forwards packets based on the data link layer address to a different network of the same type. Also, whenever required, it processes and forwards messages to a different data link type network based on the network protocol address. When connecting same data link type networks, it is as fast as a bridge and is able to connect different data link type networks.

Question 51

Q

Buffer

Answer

A

Memory reserved to temporarily hold data to offset differences between the operating speeds of different devices, such as a printer and a computer. In a program, buffers are reserved areas of random access memory (RAM) that hold data while they are being processed

Question 52

Q

Bus

Answer

A

Common path or channel between hardware devices. Can be located between components internal to a computer or between external computers in a communications network

Question 53

Q

Bus configuration

Answer

A

All devices (nodes) are linked along one communication line where transmissions are received by all attached nodes. This architecture is reliable in very small networks, as well as easy to use and understand. This configuration requires the least amount of cable to connect the computers together and, therefore, is less expensive than other cabling arrangements. It is also easy to extend, and two cables can be easily joined with a connector to make a longer cable for more computers to join the network. A repeater can also be used to extend a bus configuration

Question 54

Q

Business case

Answer

A

Documentation of the rationale for making a business investment, used both to support a business decision on whether to proceed with the investment and as an operational tool to support management of the investment through its full economic life cycle

Question 55

Q

Business continuity plan (BCP)

Answer

A

A plan used by an organization to respond to disruption of critical business processes. Depends on the contingency plan for restoration of critical systems

Question 56

Q

Business impact analysis (BIA)

Answer

A

A process to determine the impact of losing the support of any resource. The BIA assessment study will establish the escalation of that loss over time. It is predicated on the fact that senior management, when provided reliable data to document the potential impact of a lost resource, can make the appropriate decision

Question 57

Q

Business process reengineering (BPR)

Answer

A

The thorough analysis and significant redesign of business processes and management systems to establish a better performing structure, more responsive to the customer base and market conditions, while yielding material cost savings

Question 58

Q

Business risk

Answer

A

A probable situation with uncertain frequency and magnitude of loss (or gain)

Question 59

Q

Bypass label processing (BLP)

Answer

A

A technique of reading a computer file while bypassing the internal file/data set label. This process could result in bypassing of the security access control system

Question 60

Q

Capability Maturity Model (CMM)

Answer

A

CMM for software, from the Software Engineering Institute (SEI), is a model used by many organizations to identify best practices useful in helping them assess and increase the maturity of their software development processes

Question 61

Q

Central processing unit (CPU)

Answer

A

Computer hardware that houses the electronic circuits that control/direct all operations of the computer system

Question 62

Q

Certificate (certification) authority (CA)

Answer

A

A trusted third party that serves authentication infrastructures or organizations and registers entities and issues them certificates

Question 63

Q

Certificate revocation list (CRL)

Answer

A

An instrument for checking the continued validity of the certificates for which the certification authority (CA) has responsibility. The CRL details digital certificates that are no longer valid. The time gap between two updates is very critical and is also a risk in digital certificates verification

Question 64

Q

Certification practice statement (CPS)

Answer

A

A detailed set of rules governing the certificate authority’s operations. It provides an understanding of the value and trustworthiness of certificates issued by a given CA. In terms of the controls that an organization observes, the method it uses to validate the authenticity of certificate applicants and the CA’s expectations of how its certificates may be used

Answer 65

A

Interfaces at the physical layer of the open systems interconnection (OSI) reference model, data terminal equipment (DTE) to data circuit terminating equipment (DCE), for switched carrier networks

Answer 66

A

A numeric value, which has been calculated mathematically, that is added to data to ensure that original data have not been altered or that an incorrect, but valid match has occurred. Check digit control is effective in detecting transposition and transcription errors

Answer 67

A

A mathematical value that is assigned to a file and used to “test” the file at a later date to verify that the data contained in the file have not been maliciously changed. A cryptographic checksum is created by performing a complicated series of mathematical operations (known as a cryptographic algorithm) that translates the data in the file into a fixed string of digits called a hash value, which is then used as the checksum. Without knowing which cryptographic algorithm was used to create the hash value, it is highly unlikely that an unauthorized person would be able to change data without inadvertently changing the corresponding checksum. Cryptographic checksums are used in data transmission and data storage. Cryptographic checksums are also known as message authentication codes, integrity check-values, modification detection codes or message integrity codes

Answer 68

A

Information generated by an encryption algorithm to protect the plaintext and that is unintelligible to the unauthorized reader

Answer 69

A

A group of computers connected by a communications network, in which the client is the requesting machine and the server is the supplying machine. Software is specialized at both ends. Processing may take place on either the client or the server, but it is transparent to the user

Answer 70

A

A model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction

Answer 71

A

Composed of an insulated wire that runs through the middle of each cable, a second wire that surrounds the insulation of the inner wire like a sheath, and the outer insulation which wraps the second wire. Has a greater transmission capacity than standard twisted-pair cables, but has a limited range of effective distance

Answer 72

A

An IS backup facility that has the necessary electrical and physical components of a computer facility, but does not have the computer equipment in place. The site is ready to receive the necessary replacement computer equipment in the event the users have to move from their main computing location to the alternative computer facility

Answer 73

A

A network topology in which devices are connected with many redundant interconnections between network nodes (primarily used for backbone networks)

Answer 74

A

Cooperating packages of executable software that make their services available through defined interfaces. Components used in developing systems may be commercial off-the-shelf software (COTS) or may be purposely built. However, the goal of component-based development is to ultimately use as many predeveloped, pretested components as possible

Answer 75

A

The use of software packages that aid in the development of all phases of an information system. System analysis, design programming and documentation are provided. Changes introduced in one CASE chart will update all other related charts automatically. CASE can be installed on a microcomputer for easy access

Answer 76

A

Any automated audit technique, such as generalized audit software (GAS), test data generators, computerized audit programs and specialized audit utilities

Answer 77

A

A group of people integrated at the organization with clear lines of reporting and responsibilities for standby support in case of an information systems emergency. This group will act as an efficient corrective control, and should also act as a single point of contact for all incidents and issues related to information systems

Answer 78

A

The application of the scientific method to digital media to establish factual information for judicial review. This process often involves investigating computer systems to determine whether they are or have been used for illegal or unauthorized activities. As a discipline, it combines elements of law and computer science to collect and analyze data from information systems (e.g., personal computers, networks, wireless communications and digital storage devices) in a way that is admissible as evidence in a court of law

Answer 79

A

Refers to a class of controls used in database management systems (DBMS) to ensure that transactions are processed in an atomic, consistent, isolated and durable manner (ACID). This implies that only serial and recoverable schedules are permitted, and that committed transactions are not discarded when undoing aborted transactions

Answer 80

A

An automated detail report of computer system activity

Answer 81

A

Preventing, mitigating and recovering from disruption. The terms “business resumption planning,” “disaster recovery planning” and “contingency planning” also may be used in this context; they all concentrate on the recovery aspects of continuity

Answer 82

A

The goals of continuous improvement (Kaizen) include the elimination of waste, defined as “activities that add cost, but do not add value”; just-in-time (JIT) delivery; production load leveling of amounts and types; standardized work; paced moving lines; and right-sized equipment. A closer definition of the Japanese usage of Kaizen is “to take it apart and put back together in a better way.” What is taken apart is usually a process, system, product or service. Kaizen is a daily activity whose purpose goes beyond improvement. It is also a process that, when done correctly, humanizes the workplace, eliminates hard work (both mental and physical), and teaches people how to do rapid experiments using the scientific method and how to learn to see and eliminate waste in business processes

Answer 83

A

The area of the central processing unit (CPU) that executes software, allocates internal memory and transfers operations between the arithmetic-logic, internal storage and output sections of the computer

Answer 84

A

A message kept in the web browser for the purpose of identifying users and possibly preparing customized web pages for them. The first time a cookie is set, a user may be required to go through a registration process. Subsequent to this, whenever the cookie’s message is sent to the server, a customized view based on that user’s preferences can be produced. The browser’s implementation of cookies has, however, brought several security concerns, allowing breaches of security and the theft of personal information (e.g., user passwords that validate the user’s identity and enable restricted web services)

Answer 85

A

The system by which organizations are directed and controlled. The board of directors are responsible for the governance of their organizations. It consists of the leadership and organizational structures and processes that ensure the organization sustains and extends strategies and objectives

Answer 86

A

Measure of interconnectivity among structure of software programs. Coupling depends on the interface complexity between modules. This can be defined as the point at which entry or reference is made to a module, and what data pass across the interface. In application software design, it is preferable to strive for the lowest possible coupling between modules. Simple connectivity among modules results in software that is easier to understand and maintain, and less prone to a ripple or domino effect caused when errors occur at one location and propagate through a system.

Answer 87

A

Individual(s) and department(s) responsible for the storage and safeguarding of computerized information. This typically is within the IS organization

Answer 88

A

A database that contains the name, type, range of values, source, and authorization for access for each data element in a database. It also indicates which application programs use those data so that when a data structure is contemplated, a list of the affected programs can be generated. May be a stand-alone information system used for management or documentation purposes, or it may control the operation of a database

Answer 89

A

An algorithm for encoding binary data. It is a secret key cryptosystem published by the National Bureau of Standards (NBS), the predecessor of the US National Institute of Standards and Technology (NIST). DES was defined as a Federal Information Processing Standard (FIPS) in 1976 and has been used commonly for data encryption in the forms of software and hardware implementation

Answer 90

A

The relationships among files in a database and among data items within each file

Answer 91

A

A stored collection of related data needed by organizations and individuals to meet their information processing and retrieval requirements

Answer 92

A

A software system that controls the organization, storage and retrieval of data in a database

Answer 93

A

An interactive system that provides the user with easy access to decision models and data, to support semistructured decision-making tasks

Answer 94

A

A technique used to recover the original plaintext from the ciphertext such that it is intelligible to the reader. The decryption is a reverse process of the encryption

Answer 95

A

A piece of information used to recover the plaintext from the corresponding ciphertext by decryption

Answer 96

A

The risk that material errors or misstatements that have occurred will not be detected by the IS auditor

Answer 97

A

Used as a control over dial-up telecommunications lines. The telecommunications link established through dial-up into the computer from a remote location is interrupted so the computer can dial back to the caller. The link is permitted only if the caller is from a valid phone number or telecommunications channel

Answer 98

A

A piece of information, a digitized form of a signature, that provides sender authenticity, message integrity and nonrepudiation. A digital signature is generated using the sender’s private key or applying a one-way hash function

Answer 99

A

A set of human, physical, technical and procedural resources to recover, within a defined time and cost, an activity interrupted by an emergency or disaster

Answer 100

A

The time gap during which the business can accept the non-availability of IT facilities

Answer 101

A

A form of attribute sampling that is used to determine a specified probability of finding at least one example of an occurrence (attribute) in a population

Answer 102

A

A means of restricting access to objects based on the identity of subjects and/or groups to which they belong. The controls are discretionary in the sense that a subject with a certain access permission is capable of passing that permission (perhaps indirectly) on to any other subject

Answer 103

A

A system of computers connected together by a communications network. Each computer processes its data and the network supports the system as a whole. Such a network enhances communication among the linked computers and allows access to shared files

Answer 104

A

The method of routing traffic through split cable facilities or duplicate cable facilities. This can be accomplished with different and/or duplicate cable sheaths. If different cable sheaths are used, the cable may be in the same conduit and, therefore, subject to the same interruptions as the cable it is backing up. The communication service subscriber can duplicate the facilities by having alternate routes, although the entrance to and from the customer premises may be in the same conduit. The subscriber can obtain diverse routing and alternate routing from the local carrier, including dual entrance facilities. However, acquiring this type of access is time-consuming and costly. Most carriers provide facilities for alternate and diverse routing, although the majority of services are transmitted over terrestrial media. These cable facilities are usually located in the ground or basement. Ground-based facilities are at great risk due to the aging infrastructures of cities. In addition, cable-based facilities usually share room with mechanical and electrical systems that can impose great risks due to human error and disastrous events

Answer 105

A

Corrupts the table of an Internet server’s DNS, replacing an Internet address with the address of another vagrant or scoundrel address. If a web user looks for the page with that address, the request is redirected by the scoundrel entry in the table to a different address. Cache poisoning differs from another form of DNS poisoning in which the attacker spoofs valid email accounts and floods the “n” boxes of administrative and technical contacts. Cache poisoning is related to URL poisoning or location poisoning, in which an Internet user behavior is tracked by adding an identification number to the location line of the browser that can be recorded as the user visits successive pages on the site. It is also called DNS cache poisoning or cache poisoning

Answer 106

A

A display terminal without processing capability. Dumb terminals are dependent on the main computer for processing. All entered data are accepted without further editing or validation

Answer 107

A

A protocol used by networked computers (clients) to obtain IP addresses and other parameters such as the default gateway, subnet mask and IP addresses of domain name system (DNS) servers from a DHCP server. The DHCP server ensures that all IP addresses are unique (e.g., no IP address is assigned to a second client while the first client’s assignment is valid [its lease has not expired]). Thus, IP address pool management is done by the server and not by a human network administrator

Answer 108

A

The electronic transmission of transactions (information) between two organizations. EDI promotes a more efficient paperless environment. EDI transmissions can replace the use of standard documents, including invoices or purchase orders

Answer 109

A

The exchange of money via telecommunications. EFT refers to any financial transaction that originates at a terminal and transfers a sum of money from one account to another

Answer 110

A

Integral part of an application system that is designed to identify and report specific transactions or other information based on predetermined criteria. Identification of reportable items occurs as part of real-time processing. Reporting may be real-time online or may use store and forward methods. Also known as integrated test facility or continuous auditing module

Answer 111

A

The technique used by layered protocols in which a lower-layer protocol accepts a message from a higher-layer protocol and places it in the data portion of a frame in the lower layer

Answer 112

A

The process of taking an unencrypted message (plaintext), applying a mathematical function to it (encryption algorithm with a key) and producing an encrypted message (ciphertext)

Answer 113

A

A piece of information, in a digitized form, used by an encryption algorithm to convert the plaintext to the ciphertext

Answer 114

A

A packaged business software system that allows an organization to automate and integrate the majority of its business processes, share common data and practices across the entire organization, and produce and access information in a real-time environment. Examples of ERP include SAP, Oracle Financials and J.D. Edwards

Answer 115

A

A person, agency or organization that is authorized to act on behalf of another to create a legal relationship with a third party in regards to an escrow agreement; the custodian of an asset according to an escrow agreement. As it relates to a cryptographic key, an escrow agent is the agency or organization charged with the responsibility for safeguarding the key components of the unique key

Answer 116

A

A legal arrangement whereby an asset (often money, but sometimes other property such as art, a deed of title, web site, software source code or a cryptographic key) is delivered to a third party (called an escrow agent) to be held in trust or otherwise pending a contingency or the fulfillment of a condition or conditions in a contract. Upon the occurrence of the escrow agreement, the escrow agent will deliver the asset to the proper recipient; otherwise the escrow agent is bound by his/her fiduciary duty to maintain the escrow account. Source code escrow means deposit of the source code for the software into an account held by an escrow agent. Escrow is typically requested by a party licensing software (e.g., licensee or buyer) to ensure maintenance of the software. The software source code is released by the escrow agent to the licensee if the licensor (e.g., seller or contractor) files for bankruptcy or otherwise fails to maintain and update the software as promised in the software license agreement

Answer 117

A

A popular network protocol and cabling scheme that uses a bus topology and carrier sense multiple access/collision detection (CSMA/CD) to prevent network failures or collisions when two devices try to access the network at the same time

Answer 118

A

The exclusive-OR operator returns a value of TRUE only if just one of its operands is TRUE. The XOR operation is a Boolean operation that produces a 0 if its two Boolean inputs are the same (0 and 0 or 1 and 1) and it produces a 1 if its two inputs are different (1 and 0). In contrast, an inclusive-OR operator returns a value of TRUE if either or both of its operands are TRUE

Answer 119

A

The machine language code that is generally referred to as the object or load module

Answer 120

A

The most prevalent type of computer system that arises from the research of artificial intelligence. An expert system has a built-in hierarchy of rules, which are acquired from human experts in the appropriate field. Once input is provided, the system should be able to define the nature of the problem and provide recommendations to solve the problem.

Answer 121

A

The potential loss to an area due to the occurrence of an adverse event

Answer 122

A

An 8-bit code representing 256 characters; used in most large computer systems

Answer 123

A

Promulgated through the World Wide Web Consortium, XML is a web-based application development technique that allows designers to create their own customized tags, thus enabling the definition, transmission, validation and interpretation of data between applications and organizations

Answer 124

A

A private network that resides on the Internet and allows a company to securely share business information with customers, suppliers, or other businesses as well as to execute electronic transactions. Different from an intranet in that it is located beyond the company’s firewall. Therefore, an extranet relies on the use of securely issued digital certificates (or alternative methods of user authentication) and encryption of messages. A virtual private network (VPN) and tunneling are often used to implement extranets, to ensure security and privacy.

Answer 125

A

A plan of action or set of procedures to be performed if a system implementation, upgrade or modification does not work as intended. May involve restoring the system to its state prior to the implementation or change. Fallback procedures are needed to ensure that normal business processes continue in the event of failure and should always be considered in system migration or implementation

Answer 126

A

Also called false acceptance; occurs when an unauthorized person is identified as an authorized person by the biometric system

Answer 127

A

Occurs when an unauthorized person manages to enroll into the biometric system. Enrollment is the initial process of acquiring a biometric feature and saving it as a personal reference on a smart card, a PC or in a central database

Answer 128

A

A phase of a system development life cycle (SDLC) methodology that researches the feasibility and adequacy of resources for the development or acquisition of a system solution to a user need

Answer 129

A

Glass fibers that transmit binary signals over a telecommunications network. Fiber-optic systems have low transmission losses as compared to twisted-pair cables. They do not radiate energy or conduct electricity. They are free from corruption and lightning-induced interference, and they reduce the risk of wiretaps

Answer 130

A

A table used by the operating system to keep track of where every file is located on the disk. Since a file is often fragmented, and thus subdivided into many sectors within the disk, the information stored in the FAT is used when loading or updating the contents of the file

Answer 131

A

A high-capacity disk storage device or a computer that stores data centrally for network users and manages access to that data. File servers can be dedicated so that no process other than network management can be executed while the network is available; file servers can be nondedicated so that standard user applications can run while the network is available

Answer 132

A

A protocol used to transfer files over a Transmission Control Protocol/Internet Protocol (TCP/IP) network (Internet, UNIX, etc.)

Answer 133

A

A system or combination of systems that enforces a boundary between two or more networks, typically forming a barrier between a secure and an open environment such as the Internet

Answer 134

A

Memory chips with embedded program code that hold their content when power is turned off

Answer 135

A

A value that represents a reference to a tuple (a row in a table) containing the matching candidate key value. The problem of ensuring that the database does not include any invalid foreign key values is known as the referential integrity problem. The constraint that values of a given foreign key must match values of the corresponding candidate key is known as a referential constraint. The relation (table) that contains the foreign key is referred to as the referencing relation and the relation that contains the corresponding candidate key as the referenced relation or target relation. (In the relational theory it would be a candidate key, but in real database management systems (DBMSs) implementations it is always the primary key.)

Answer 136

A

High-level, user-friendly, nonprocedural computer languages used to program and/or read and process computer files

Answer 137

A

A packet-switched wide-area network (WAN) technology that provides faster performance than older packet-switched WAN technologies. Best suited for data and image transfers. Because of its variable-length packet architecture, it is not the most efficient technology for real-time voice and video. In a frame-relay network, end nodes establish a connection via a permanent virtual circuit (PVC).

Answer 138

A

A device (router, firewall) on a network that serves as an entrance to another network

Answer 139

A

Multipurpose audit software that can be used for general processes such as record selection, matching, recalculation and reporting

Answer 140

A

A tool used to integrate, convert, handle, analyze and produce information regarding the surface of the earth. GIS data exist as maps, tridimensional virtual models, lists and tables

Answer 141

A

Ensures that stakeholder needs, conditions and options are evaluated to determine balanced, agreed-on enterprise objectives to be achieved; setting direction through prioritization and decision making; and monitoring performance and compliance against agreed-on direction and objectives. Conditions can include the cost of capital, foreign exchange rates, etc. Options can include shifting manufacturing to other locations, sub-contracting portions of the enterprise to third parties, selecting a product mix from many available choices, etc.

Answer 142

A

A service offered via phone/Internet by an organization to its clients or employees that provides information, assistance, and troubleshooting advice regarding software, hardware, or networks. A help desk is staffed by people that can either resolve the problem on their own or escalate the problem to specialized personnel. A help desk is often equipped with dedicated customer relationship management (CRM) software that logs the problems and tracks them until they are solved

Answer 143

A

A method often employed by antispam software to filter spam using criteria established in a centralized rule database. Every email message is given a rank, based upon its header and contents, which is then matched against preset thresholds. A message that surpasses the threshold will be flagged as spam and discarded, returned to its sender or put in a spam directory for further review by the intended recipient

Answer 144

A

A database structured in a tree/root or parent/child relationship. Each parent can have many children, but each child may have only one parent

Answer 145

A

A specially configured server, also known as a decoy server, designed to attract and monitor intruders in a manner such that their actions do not affect production systems

Answer 146

A

A fully operational offsite data processing facility equipped with both hardware and system software to be used in the event of a disaster

Answer 147

A

A language designed for the creation of web pages with hypertext and other information to be displayed in a web browser. HTML is used to structure information—denoting certain text as headings, paragraphs, lists and so on—and can be used to describe, to some degree, the appearance and semantics of a document

Answer 148

A

The process of electronically inputting source documents by taking an image of the document, thereby eliminating the need for key entry

Answer 149

A

A security concept related to Windows NT that allows a server application to temporarily “be” the client in terms of access to secure objects. Impersonation has three possible levels: identification, letting the server inspect the client’s identity; impersonation, letting the server act on behalf of the client; and delegation, the same as impersonation but extended to remote systems to which the server connects (through the preservation of credentials). Impersonation by imitating or copying the identification, behavior or actions of another may also be used in social engineering to obtain otherwise unauthorized physical access

Answer 150

A

A disk access method that stores data sequentially while also maintaining an index of key fields to all the records in the file for direct access capability

Answer 151

A

The set of responsibilities and practices exercised by the board and executive management with the goal of providing strategic direction, ensuring that objectives are achieved, ascertaining that risk is managed appropriately and verifying that the enterprise’s resources are used responsibly

Answer 152

A

The risk level or exposure without taking into account the actions that management has taken or might take (e.g., implementing controls)

Answer 153

A

Techniques and procedures used to verify, validate and edit data, to ensure that only correct data are entered into the computer

Answer 154

A

A public end-to-end, digital telecommunications network with signaling, switching, and transport capabilities supporting a wide range of service accessed by standardized interfaces with integrated customer control. The standard allows transmission of digital voice, video and data over 64 Kpbs lines

Answer 155

A

A testing methodology where test data are processed in production systems. The data usually represent a set of fictitious entities such as departments, customers and products. Output reports are verified to confirm the correctness of the processing

Answer 156

A

1) Two or more networks connected by a router; 2) the world’s largest network using Transmission Control Protocol/Internet Protocol (TCP/IP) to link government, university and commercial institutions

Answer 157

A

An organization with international affiliates as network industry representatives that sets Internet standards. This includes all network industry developers and researchers concerned with the evolution and planned growth of the Internet

Answer 158

A

An attack using packets with the spoofed source Internet packet (IP) addresses. This technique exploits applications that use authentication based on IP addresses. This technique also may enable an unauthorized user to gain root access on the target system

Answer 159

A

A set of protocols developed by the Internet Engineering Task Force (IETF) to support the secure exchange of packets

Answer 160

A

A protocol for sharing a public key

Answer 161

A

Intentional violations of established management policy or regulatory requirement. It may consist of deliberate misstatements or omissions of information concerning the area under audit or the organization as a whole; gross negligence or unintentional illegal acts

Answer 162

A

A model that integrates a set of guidelines, policies and methods that represent the organizational approach to the IT governance. Per COBIT, IT governance is the responsibility of the board of directors and executive management. It is an integral part of institutional governance, and consists of the leadership and organizational structures and processes that ensure that the organization’s IT sustains and extends the organization’s strategy and objectives

Answer 163

A

Any event that is not part of the ordinary operation of a service that causes, or may cause, an interruption to, or a reduction in, the quality of that service

Answer 164

A

The set of hardware, software and facilities that integrates an organization’s IT assets. Specifically, the equipment (including servers, routers, switches, and cabling), software, services and products used in storing, processing, transmitting and displaying all forms of information for the organization’s users

Answer 165

A

A measure that determines how well the process is performing in enabling the goal to be reached. A lead indicator of whether a goal will likely be reached or not, and a good indicator of capabilities, practices and skills. It measures the activity goal, which is an action that the process owner must take to achieve effective process performance

Answer 166

A

The individual responsible for the safeguard and maintenance of all program and data files

Answer 167

A

A contract that establishes the terms and conditions under which a piece of software is being licensed (i.e., made legally available for use) from the software developer (owner) to the user

Answer 168

A

Tests specified amount fields against stipulated high or low limits of acceptability. When both high and low values are used, the test may be called a range check

Answer 169

A

Any notation for representing a value within programming language source code (e.g., a string literal); a chunk of input data that is represented “as is” in compressed data

Answer 170

A

Communication network that serves several users within a specified geographical area. A personal computer LAN functions as a distributed processing system in which each computer in the network does its own processing and manages some of its data. Shared data are stored in a file server that acts as a remote disk drive for all users in the network

Answer 171

A

To record details of the information or events in an organized record-keeping system, usually sequenced in the order in which they occurred

Answer 172

A

The act of connecting to the computer, which typically requires entry of a user ID and password into a computer terminal

Answer 173

A

Short for malicious software. Designed to infiltrate, damage or obtain information from a computer system without the owner’s consent. Malware is commonly taken to include computer viruses, worms, Trojan horses, spyware and adware. Spyware is generally used for marketing purposes and, as such, is not really malicious although it is generally unwanted. Spyware can, however, be used to gather information for identity theft or other clearly illicit purposes

Answer 174

A

An organized assembly of resources and procedures required to collect, process and distribute data for use in decision making

Answer 175

A

A means of restricting access to data based on varying degrees of security requirements for information contained in the objects and the corresponding security clearance of users or programs acting on their behalf

Answer 176

A

Diagramming data that is to be exchanged electronically, including how they are to be used and what business management systems need them. Mapping is a preliminary step for developing an applications link

Answer 177

A

An auditing concept regarding the importance of an item of information with regard to its impact or effect on the functioning of the entity being audited. An expression of the relative significance or importance of a particular matter in the context of the organization as a whole

Answer 178

A

Applied to the hardware at the factory and cannot be modified, MAC is a unique, 48-bit, hard-coded address of a physical layer device, such as an Ethernet local area network (LAN) or a wireless network card

Answer 179

A

The deterioration of the media on which data are digitally stored due to exposure to oxygen and moisture. Tapes deteriorating in a warm, humid environment are an example of media oxidation. Proper environmental controls should prevent, or significantly slow, this process.

Answer 180

A

A telecommunications methodology that controls traffic in which a complete message is sent to a concentration point and stored until the communications path is established

Answer 181

A

Another term for an application programmer interface (API). It refers to the interfaces that allow programmers to access lower- or higher-level services by providing an intermediary layer that includes function calls to the services

Answer 182

A

A terminal element that marks the completion of a work package or phase. Typically marked by a high-level event such as project completion, receipt, endorsement or signing of a previously defined deliverable or a high-level review meeting at which the appropriate level of project completion is determined and agreed to. A milestone is associated with some sort of decision that outlines the future of a project and, for an outsourced project, may have a payment to the contractor associated with it

Answer 183

A

An application that is vital to the operation of the organization. The term is very popular for describing the applications required to run the day-to-day business

Answer 184

A

The use of a mobile/temporary facility to serve as a business resumption location. The facility can usually be delivered to any site and can house information technology and staff

Answer 185

A

The process of converting a digital computer signal into an analog telecommunications signal

Answer 186

A

A sampling technique that estimates the amount of overstatement in an account balance

Answer 187

A

A system of interconnected computers and the communications equipment used to connect them

Answer 188

A

Responsible for planning, implementing and maintaining the telecommunications infrastructure; also may be responsible for voice networks. For smaller organizations, the network administrator may also maintain a local area network (LAN) and assist end users

Answer 189

A

Utilize dedicated storage devices that centralize storage of data. NAS devices generally do not provide traditional file/print or application services

Answer 190

A

A communication card that when inserted into a computer, allows it to communicate with other computers on a network. Most NICs are designed for a particular type of network or protocol

Answer 191

A

Disturbances in data transmissions, such as static, that cause messages to be misinterpreted by the receiver

Answer 192

A

A legal contract between at least two parties that outlines confidential materials the parties wish to share with one another for certain purposes, but wish to restrict from generalized use; a contract through which the parties agree not to disclose information covered by the agreement

Answer 193

A

The elimination of redundant data

Answer 194

A

The ability of the IS auditor to exercise judgment, express opinions and present recommendations with impartiality

Answer 195

A

A facility located away from the building housing the primary information processing facility (IPF), used for storage of computer media such as offline backup data and storage files

Answer 196

A

A master control program that runs the computer and acts as a scheduler and traffic controller. The operating system is the first program copied into the computer’s memory after the computer is turned on; it must reside in memory at all times. It is the software that interfaces between the computer hardware (disk, keyboard, mouse, network, modem, printer) and the application software (word processor, spreadsheet, email), which also controls access to the devices and is partially responsible for security components and sets the standards for the application programs that run in it.

Answer 197

A

Deals with the everyday operation of a company or organization to ensure that all objectives are achieved

Answer 198

A

A special terminal used by computer operations personnel to control computer and systems operations functions. Operator console terminals typically provide a high level of computer access and should be properly secured

Brainscape's Knowledge GenomeTM

CISA Glossary Flashcards

Brainscape's Knowledge Genome^TM