Glossary- I Flashcards
dentification
The process of asserting one’s identity without providing proof of that identity. See also authentication.
identity management
The activity of managing the identity of each employee, con- tractor, temporary worker, and, optionally, customer, for use in a single environment or multiple environments.
impact
The actual or expected result from some action such as a disaster.
impact analysis
The analysis of a threat and the impact it would have if it were realized.
implementation
A step in the software development life cycle where new or updated software is placed into the production environment and started.
incident
Any event that is not part of the standard operation of a service and that causes, or may cause, interruption to, or a reduction in, the quality of that service.
incident management
The IT function that analyzes service outages, service slow- downs, security incidents, and software bugs, and seeks to resolve them to restore nor- mal service. See also IT service management.
incident prevention
Proactive steps taken to reduce the probability and/or impact of security incidents.
independence
The characteristic of an auditor and his or her relationship to a party being audited. An auditor should be independent of the auditee; this permits the audi- tor to be objective.
index
An entity in a relational database management system (rDBMS) that facilitates rapid searching for specific rows in a table based on one of the fields other than the pri- mary key. See also relational database management system, table, row, field, and primary key.
inert gas
A fire suppression system that floods a room with an inert gas, displacing oxygen from the room and extinguishing the fire.
information classification
The process of assigning a sensitivity classification to an information asset.
information leakage
The tendency for sensitive information to leak out of an organi- zation’s databases through various means, most of which are perpetrated by the orga- nization’s personnel.
information security management
The aggregation of policies, processes, proce- dures, and activities to ensure that an organization’s security policy is effective.
information security policy
A statement that defines how an organization will clas- sify and protect its important assets.
Infrared Data Association (IrDA)
The organization that has developed technical standards for point-to-point data communications using infrared light. IrDA has large- ly been replaced with Bluetooth and USB.
infrastructure
The collection of networks, network services, devices, facilities, and system software that facilitate access to, communications with, and protection of busi- ness applications.
infrastructure as a service
A cloud computing model where a service provider makes computers and other infrastructure components available to subscribers. See also cloud computing.
inherent risk
The risk that there are material weaknesses in existing business pro- cesses and no compensating controls to detect or prevent them.
inheritance
The property of a class where class attributes are passed to its children. See also class.
initialization vector (IV)
A random number that is needed by some encryption algo- rithms to begin the encryption process.
input authorization
Controls that ensure all data that is input into an information system is authorized by management.
input controls
Administrative and technical controls that determine what data is per- mitted to be input into an information system. These controls exist to ensure the integ- rity of information in a system.
input validation
Controls that ensure the type and values of information that are input into a system are appropriate and reasonable.
input/output (I/O) device
Any device that can be connected to a computer that per- mits the computer to send data to the device as well as receive data from the device.
inquiry and observation
An audit technique where an IS auditor asks questions of interviewees and makes observations about personnel behavior and the way they per- form their tasks.
inrush
A sudden increase in current flowing to a device, usually associated with the startup of a large motor. This can cause a voltage drop that lasts several seconds.
insourcing
A form of sourcing where an employer will use its own employees to per- form a function.
instant messaging (IM)
Any of several TCP/IP application layer protocols and tools used to send short text messages over a network.
integrated audit
An audit that combines an operational audit and a financial audit. See also operational audit, financial audit.
integrated services digital network (ISDN)
A common carrier telephone network used to carry voice and data over landlines. ISDN can be thought of as a digital version of the PSTN. See also public-switched telephone network (PSTN).
integrated test facility (ITF)
A type of automated test where an auditor creates ficti- tious transactions to trace their integrity through the system.
intellectual property
A class of assets owned by an organization; includes an organi- zation’s designs, architectures, software source code, processes, and procedures.
interior gateway routing protocol (IGRP)
A TCP/IP routing protocol that is used to transmit network routing information from one network router to another in order to determine the most efficient path through a large network.
intermediate system to intermediate system (IS-IS)
A TCP/IP routing protocol that is used to transmit network routing information from one network router to another in order to determine the most efficient path through a large network.
Internet
The interconnection of the world’s TCP/IP networks.
OR
Layer 2 of the TCP/IP network model. The purpose of the Internet layer is the delivery of messages (called packets) from one station to another on the same network or on different networks. See also TCP/IP network model.
Internet Control Message Protocol (ICMP)
A communications diagnostics protocol
that is a part of the TCP/IP suite of protocols.
Internet Message Access Protocol (IMAP)
A TCP/IP application layer protocol used by an end-user program to retrieve e-mail messages from an e-mail server.
Internet Protocol (IP)
The network layer protocol used in the TCP/IP suite of proto- cols. IP is concerned with the delivery of packets from one station to another, whether the stations are on the same network or on different networks.
Internet Protocol Security (IPsec)
A suite of protocols that is used to secure IP-based communications by using authentication and encryption.
interprocess communications (IPC)
Any of several protocols used for communica- tions between running processes on one system or between systems.
intrusion detection system (IDS)
A hardware or software system that detects anoma- lies that may be signs of an intrusion.
intrusion prevention system (IPS)
A hardware or software system that detects and blocks anomalies that may be signs of an intrusion.
IP address
An address assigned to a station on a TCP/IP network.
IS audit
An audit of an IS department’s operations and systems.
IS operations
The day-to-day control of the information systems, applications, and infrastructure that support organizational objectives and processes.
ISACA audit guidelines
Published documents that help the IS auditor apply ISACA audit standards.
ISACA audit procedures
Published documents that provide sample procedures for performing various audit activities and for auditing various types of technologies and systems.
ISACA audit standards
The minimum standards of performance related to security, audits, and the actions that result from audits. The standards are published by ISACA and updated periodically. ISACA audit standards are considered mandatory.
ISAE 3402 (International Standard on Assurance Engagement)
An external audit of a service provider. An ISAE3402 audit is performed according to rules established by the International Auditing and Assurance Standards Board (IAASB).
ISO 15504
A world standard for evaluating the maturity of a software development process.
ISO 20000
A world standard for IT service management.
ISO 27001
A world standard for IT security management.
ISO 38500
A world standard for corporate governance of information technology.
ISO 9000
A world standard for a quality management system.
ISO 9126
A world standard for evaluating the quality of software.
SO 9660
A file system used on CD-ROM and DVD-ROM media.
IT Assurance Framework (ITAF)
An end-to-end framework developed to guide orga-
nizations in developing and managing IT assurance and IT audit.
IT balanced scorecard
A balanced scorecard used to measure IT organization perfor-
mance and results. See also balanced scorecard.
IT governance
Management’s control over IT policy and processes.
IT Infrastructure Library (ITIL)
See IT service management.
IT service management
The set of activities that ensure the delivery of IT services is efficient and effective, through active management and the continuous improvement of processes.
IT steering committee
A body of senior managers or executives that discusses high- level and long-term issues in the organization.
