Glossary- C

Question 1

call tree

Answer 1

A method for ensuring the timely notification of key personnel, such as after a disaster.

Question 2

campus area network (CAN)

Answer 2

The interconnection of LANs for an organization that has buildings in close proximity.

Question 3

capability maturity model

Answer 3

A model that is used to measure the relative maturity of an organization or of its processes.

Question 4

capability maturity model integration (CMMI)

Answer 4

A maturity model that represents the aggregation of other maturity models.

Question 5

capacity management

Answer 5

The IT function that consists of activities that confirm there is sufficient capacity in IT systems and IT processes to meet service needs. Primarily, an IT system or process has sufficient capacity if its performance falls within an acceptable range, as specified in service-level agreements (SLAs). See also IT service management, service-level agreement.

Question 6

Category 3

Answer 6

A twisted-pair cabling standard that is capable of transporting 10MB Eth- ernet up to 100 m (328 ft). See also twisted-pair cable.

Question 7

Category 5

Answer 7

A twisted-pair cabling standard that is capable of transporting 10MB, 100MB, and 1000MB (1GB) Ethernet up to 100 m (328 ft). See also twisted-pair cable.

Question 8

Category 6

Answer 8

A twisted-pair cabling standard that is capable of transporting 10MB, 100MB, and 1000MB (1GB) Ethernet up to 100 m (328 ft). Category 6 has the same trans- port capability as Category 5, but has better noise resistance. See also twisted-pair cable.

Question 9

Category 7

Answer 9

A twisted-pair cabling standard that is capable of transporting 10GB Eth- ernet over 100 m (328 ft). See also twisted-pair cable.

Question 10

Category 8

Answer 10

A new cable standard, still under development, designed for high-speed networking. See also twisted-pair cable.

Question 11

central processing unit (CPU)

Answer 11

The main hardware component of a computer that executes program instructions.

Question 12

certificate authority (CA)

Answer 12

A trusted party that stores digital certificates and public encryption keys.

Question 13

certificate revocation list (CRL)

Answer 13

An electronic list of digital certificates that have been revoked prior to their expiration date.

Question 14

certification practice statement (CPS)

Answer 14

A published statement that describes the practices used by the CA to issue and manage digital certificates.

Question 15

chain of custody

Answer 15

Documentation that shows the acquisition, storage, control, and analysis of evidence. The chain of custody may be needed if the evidence is to be used in a legal proceeding.

Question 16

change control

Answer 16

See change management.

Question 17

change management

Answer 17

The IT function that is used to control changes made to an IT environment. See also IT service management.

Question 18

change request

Answer 18

A formal request for a change to be made in an environment. See also change management.

Question 19

change review

Answer 19

A formal review of a requested change. See also change request, change management.

Question 20

channel service unit/data service unit (CSU/DSU)

Answer 20

A device used to connect a tele- communications circuit to a local device such as a router.

Question 21

cipher lock

Answer 21

An electronic or mechanical door equipped with combination locks. Only persons who know the combination may unlock the door.

Question 22

ciphertext

Answer 22

A message, file, or stream of data that has been transformed by an encryp- tion algorithm and rendered unreadable.

Question 23

circuit switched

Answer 23

A WAN technology where a dedicated, end-to-end communications channel is established that lasts for the duration of the connection.

Question 24

CISC (complex instruction set computer)

Answer 24

A central processing unit design that uses a comprehensive instruction set. See also central processing unit.

Question 25

class

Answer 25

The characteristics of an object, including its attributes, properties, fields, and the methods it can perform. See also object, method.

Question 26

class library

Answer 26

A repository where classes are stored. See also class.

Question 27

classful network

Answer 27

A TCP/IP network whose addressing fits into one of the classes of networks: Class A, Class B, or Class C. A classful network will have a predetermined address range and subnet mask.

Question 28

classless network

Answer 28

A TCP/IP network whose addressing does not fit the classful net- work scheme, but instead uses an arbitrary subnet mask, as determined by the net- work’s physical and logical design.

Question 29

client-server application

Answer 29

An application design where the database and some busi- ness logic are stored on a central server and where some business logic plus display logic are stored on each user’s workstation.

Question 30

cloud computing

Answer 30

A technique of providing a dynamically scalable and usually virtu- alized computing resource as a service.

Question 31

cluster

Answer 31

A tightly coupled collection of computers that are used to solve a common task. In a cluster, one or more servers actively perform tasks, while zero or more com- puters may be in a “standby” state, ready to assume active duty should the need arise.

Question 32

coaxial

Answer 32

A type of network cable that consists of a solid inner conductor surrounded by an insulating jacket, which is surrounded by a metallic shield, which in turn is sur- rounded by a plastic jacket.

Question 33

code division multiple access (CDMA)

Answer 33

An airlink standard for wireless communica- tions between mobile devices and base stations.

Question 34

code division multiple access 2000 (CDMA2000)

Answer 34

An airlink standard for wireless communications between mobile devices and base stations.

Question 35

code of ethics

Answer 35

A statement that defines acceptable and unacceptable professional conduct.

Question 36

codec

Answer 36

A device or program that encodes or decodes a data stream.

Question 37

cold site

Answer 37

An alternate processing center where the degree of readiness for recovery systems is low. At the very least, a cold site is nothing more than an empty rack, or just allocated space on a computer room floor.

Question 38

compensating control

Answer 38

A control that is implemented because another control can- not be implemented or is ineffective.

Question 39

compliance audit

Answer 39

An audit to determine the level and degree of compliance to a law, regulation, standard, contract provision, or internal control.

Question 40

compliance testing

Answer 40

A type of testing that is used to determine if control procedures have been properly designed and implemented, and are operating properly.

Question 41

component-based development

Answer 41

A software development life cycle process where various components of a larger system are developed separately.

Question 42

computer-aided software engineering (CASE)

Answer 42

A broad variety of tools that are used to automate various aspects of application software development.

Question 43

computer-assisted audit technique (CAAT)

Answer 43

Any technique where computers are used to automate or simplify the audit process.

Question 44

computer trespass

Answer 44

Unlawful entry into a computer or application.

Question 45

confidence coefficient

Answer 45

The probability that a sample selected actually represents the
entire population. This is usually expressed as a percentage.

Question 46

configuration management

Answer 46

The IT function where the configuration of components in an IT environment is independently recorded. Configuration management is usually supported by the use of automated tools used to inventory and control system configu- rations. See also IT service management.

Question 47

configuration management database (CMDB)

Answer 47

A repository for every component in an environment that contains information on every configuration change made on those components.

Question 48

configuration standard

Answer 48

A standard that defines the detailed configurations that are used in servers, workstations, operating systems, database management systems, appli- cations, network devices, and other systems.

Question 49

conspiracy

Answer 49

A plan by two or more persons to commit an illegal act.

Question 50

constructive cost model (COCOMO)

Answer 50

A method for estimating software develop- ment projects based on the number of lines of code and the complexity of the software being developed.

Question 51

contact list

Answer 51

A list of key personnel and various methods used to contact them. See also response document.

Question 52

continuity of operations plan (COOP)

Answer 52

The activities required to continue critical and strategic business functions at an alternate site. See also response document.

Question 53

continuous and intermittent simulation (CIS)

Answer 53

A continuous auditing technique where flagged transactions are processed in a parallel simulation and the results com- pared to production processing results.

Question 54

continuous auditing

Answer 54

An auditing technique where sampling and testing are auto- mated and occur continuously.

Question 55

contract

Answer 55

A binding legal agreement between two parties that may be enforceable in a court of law.

Question 56

control

Answer 56

Policies, processes, and procedures that are created to achieve desired events or to avoid unwanted events.

Question 57

control failure

Answer 57

The result of an audit of a control where the control is determined to be ineffective.

Question 58

control objective

Answer 58

A foundational statement that describes desired states or outcomes from business operations.

Question 59

Control Objectives for Information and related Technology (COBIT)

Answer 59

A control framework for managing information systems and security. COBIT is published by ISACA.

Question 60

control risk

Answer 60

The risk that a material error exists that will not be prevented or detected by the organization’s control framework.

Question 61

control self-assessment (CSA)

Answer 61

A methodology used by an organization to review key business objectives, risks, and controls. Control self-assessment is a self-regulation activity.

Question 62

corrective action

Answer 62

An action that is initiated to correct an undesired condition.

Question 63

corrective control

Answer 63

A control that is used after an unwanted event has occurred.

Question 64

corroboration

Answer 64

An audit technique where an IS auditor interviews additional person- nel to confirm the validity of evidence obtained from others who were interviewed previously.

Question 65

countermeasure

Answer 65

Any activity or mechanism that is designed to reduce risk.

Question 66

crash gate

Answer 66

Hard barriers that lift into position, preventing the entry (or exit) of unau-
thorized vehicles, and that can be lowered to permit authorized vehicles.

Question 67

critical path methodology (CPM)

Answer 67

A technique that is used to identify the most criti- cal path in a project to understand which tasks are most likely to affect the project schedule.

Question 68

criticality analysis (CA)

Answer 68

A study of each system and process, a consideration of the impact on the organization if it is incapacitated, the likelihood of incapacitation, and the estimated cost of mitigating the risk or impact of incapacitation.

Question 69

cross-over error rate

Answer 69

The point at which the false reject rate (FRR) equals the false accept rate (FAR). This is the ideal point for a well-tuned biometric system. See also biometrics, false reject rate, and false accept rate.

Question 70

cryptanalysis

Answer 70

An attack on a cryptosystem where the attacker is attempting to deter- mine the encryption key that is used to encrypt messages.

Question 71

cryptography

Answer 71

The practice of hiding information from unwanted persons.

Question 72

cryptosystem

Answer 72

A set of algorithms used to generate an encryption key, to perform en-
cryption, and to perform decryption.

Question 73

custodian

Answer 73

A person or group delegated to operate or maintain an asset.

Question 74

customer relationship management (CRM)

Answer 74

An IS application that is used to track the details of the relationships with each of an organization’s customers.

Question 75

customization

Answer 75

A unique change that is made to a computer program or system.

Question 76

cutover

Answer 76

The step in the software development life cycle where an old replaced system
is shut down and a new replacement system is started.

Question 77

cutover test

Answer 77

An actual test of disaster recovery (DR) and/or business continuity re- sponse plans. The purpose of a parallel test is to evaluate the ability of personnel to follow directives in emergency response plans—to actually set up the DR business pro- cessing or data processing capability. In a cutover test, personnel shut down production systems and operate recovery systems to assume actual business workload. See also di- saster recovery plan.

Question 78

cyclical redundancy check (CRC)

Answer 78

A hash function used to create a checksum that is used to detect errors in network transmissions. The Ethernet standard uses a CRC to detect errors.