Glossary- I

Question 1

dentification

Answer 1

The process of asserting one’s identity without providing proof of that identity. See also authentication.

Question 2

identity management

Answer 2

The activity of managing the identity of each employee, con- tractor, temporary worker, and, optionally, customer, for use in a single environment or multiple environments.

Question 3

impact

Answer 3

The actual or expected result from some action such as a disaster.

Question 4

impact analysis

Answer 4

The analysis of a threat and the impact it would have if it were realized.

Question 5

implementation

Answer 5

A step in the software development life cycle where new or updated software is placed into the production environment and started.

Question 6

incident

Answer 6

Any event that is not part of the standard operation of a service and that causes, or may cause, interruption to, or a reduction in, the quality of that service.

Question 7

incident management

Answer 7

The IT function that analyzes service outages, service slow- downs, security incidents, and software bugs, and seeks to resolve them to restore nor- mal service. See also IT service management.

Question 8

incident prevention

Answer 8

Proactive steps taken to reduce the probability and/or impact of security incidents.

Question 9

independence

Answer 9

The characteristic of an auditor and his or her relationship to a party being audited. An auditor should be independent of the auditee; this permits the audi- tor to be objective.

Question 10

index

Answer 10

An entity in a relational database management system (rDBMS) that facilitates rapid searching for specific rows in a table based on one of the fields other than the pri- mary key. See also relational database management system, table, row, field, and primary key.

Question 11

inert gas

Answer 11

A fire suppression system that floods a room with an inert gas, displacing oxygen from the room and extinguishing the fire.

Question 12

information classification

Answer 12

The process of assigning a sensitivity classification to an information asset.

Question 13

information leakage

Answer 13

The tendency for sensitive information to leak out of an organi- zation’s databases through various means, most of which are perpetrated by the orga- nization’s personnel.

Question 14

information security management

Answer 14

The aggregation of policies, processes, proce- dures, and activities to ensure that an organization’s security policy is effective.

Question 15

information security policy

Answer 15

A statement that defines how an organization will clas- sify and protect its important assets.

Question 16

Infrared Data Association (IrDA)

Answer 16

The organization that has developed technical standards for point-to-point data communications using infrared light. IrDA has large- ly been replaced with Bluetooth and USB.

Question 17

infrastructure

Answer 17

The collection of networks, network services, devices, facilities, and system software that facilitate access to, communications with, and protection of busi- ness applications.

Question 18

infrastructure as a service

Answer 18

A cloud computing model where a service provider makes computers and other infrastructure components available to subscribers. See also cloud computing.

Question 19

inherent risk

Answer 19

The risk that there are material weaknesses in existing business pro- cesses and no compensating controls to detect or prevent them.

Question 20

inheritance

Answer 20

The property of a class where class attributes are passed to its children. See also class.

Question 21

initialization vector (IV)

Answer 21

A random number that is needed by some encryption algo- rithms to begin the encryption process.

Question 22

input authorization

Answer 22

Controls that ensure all data that is input into an information system is authorized by management.

Question 23

input controls

Answer 23

Administrative and technical controls that determine what data is per- mitted to be input into an information system. These controls exist to ensure the integ- rity of information in a system.

Question 24

input validation

Answer 24

Controls that ensure the type and values of information that are input into a system are appropriate and reasonable.

Question 25

input/output (I/O) device

Answer 25

Any device that can be connected to a computer that per- mits the computer to send data to the device as well as receive data from the device.

Question 26

inquiry and observation

Answer 26

An audit technique where an IS auditor asks questions of interviewees and makes observations about personnel behavior and the way they per- form their tasks.

Question 27

inrush

Answer 27

A sudden increase in current flowing to a device, usually associated with the startup of a large motor. This can cause a voltage drop that lasts several seconds.

Question 28

insourcing

Answer 28

A form of sourcing where an employer will use its own employees to per- form a function.

Question 29

instant messaging (IM)

Answer 29

Any of several TCP/IP application layer protocols and tools used to send short text messages over a network.

Question 30

integrated audit

Answer 30

An audit that combines an operational audit and a financial audit. See also operational audit, financial audit.

Question 31

integrated services digital network (ISDN)

Answer 31

A common carrier telephone network used to carry voice and data over landlines. ISDN can be thought of as a digital version of the PSTN. See also public-switched telephone network (PSTN).

Question 32

integrated test facility (ITF)

Answer 32

A type of automated test where an auditor creates ficti- tious transactions to trace their integrity through the system.

Question 33

intellectual property

Answer 33

A class of assets owned by an organization; includes an organi- zation’s designs, architectures, software source code, processes, and procedures.

Question 34

interior gateway routing protocol (IGRP)

Answer 34

A TCP/IP routing protocol that is used to transmit network routing information from one network router to another in order to determine the most efficient path through a large network.

Question 35

intermediate system to intermediate system (IS-IS)

Answer 35

A TCP/IP routing protocol that is used to transmit network routing information from one network router to another in order to determine the most efficient path through a large network.

Question 36

Internet

Answer 36

The interconnection of the world’s TCP/IP networks.

OR

Layer 2 of the TCP/IP network model. The purpose of the Internet layer is the delivery of messages (called packets) from one station to another on the same network or on different networks. See also TCP/IP network model.

Question 37

Internet Control Message Protocol (ICMP)

Answer 37

A communications diagnostics protocol

that is a part of the TCP/IP suite of protocols.

Question 38

Internet Message Access Protocol (IMAP)

Answer 38

A TCP/IP application layer protocol used by an end-user program to retrieve e-mail messages from an e-mail server.

Question 39

Internet Protocol (IP)

Answer 39

The network layer protocol used in the TCP/IP suite of proto- cols. IP is concerned with the delivery of packets from one station to another, whether the stations are on the same network or on different networks.

Question 40

Internet Protocol Security (IPsec)

Answer 40

A suite of protocols that is used to secure IP-based communications by using authentication and encryption.

Question 41

interprocess communications (IPC)

Answer 41

Any of several protocols used for communica- tions between running processes on one system or between systems.

Question 42

intrusion detection system (IDS)

Answer 42

A hardware or software system that detects anoma- lies that may be signs of an intrusion.

Question 43

intrusion prevention system (IPS)

Answer 43

A hardware or software system that detects and blocks anomalies that may be signs of an intrusion.

Question 44

IP address

Answer 44

An address assigned to a station on a TCP/IP network.

Question 45

IS audit

Answer 45

An audit of an IS department’s operations and systems.

Question 46

IS operations

Answer 46

The day-to-day control of the information systems, applications, and infrastructure that support organizational objectives and processes.

Question 47

ISACA audit guidelines

Answer 47

Published documents that help the IS auditor apply ISACA audit standards.

Question 48

ISACA audit procedures

Answer 48

Published documents that provide sample procedures for performing various audit activities and for auditing various types of technologies and systems.

Question 49

ISACA audit standards

Answer 49

The minimum standards of performance related to security, audits, and the actions that result from audits. The standards are published by ISACA and updated periodically. ISACA audit standards are considered mandatory.

Question 50

ISAE 3402 (International Standard on Assurance Engagement)

Answer 50

An external audit of a service provider. An ISAE3402 audit is performed according to rules established by the International Auditing and Assurance Standards Board (IAASB).

Question 51

ISO 15504

Answer 51

A world standard for evaluating the maturity of a software development process.

Question 52

ISO 20000

Answer 52

A world standard for IT service management.

Question 53

ISO 27001

Answer 53

A world standard for IT security management.

Question 54

ISO 38500

Answer 54

A world standard for corporate governance of information technology.

Question 55

ISO 9000

Answer 55

A world standard for a quality management system.

Question 56

ISO 9126

Answer 56

A world standard for evaluating the quality of software.

Question 57

SO 9660

Answer 57

A file system used on CD-ROM and DVD-ROM media.

Question 58

IT Assurance Framework (ITAF)

Answer 58

An end-to-end framework developed to guide orga-

nizations in developing and managing IT assurance and IT audit.

Question 59

IT balanced scorecard

Answer 59

A balanced scorecard used to measure IT organization perfor-

mance and results. See also balanced scorecard.

Question 60

IT governance

Answer 60

Management’s control over IT policy and processes.

Question 61

IT Infrastructure Library (ITIL)

Answer 61

See IT service management.

Question 62

IT service management

Answer 62

The set of activities that ensure the delivery of IT services is efficient and effective, through active management and the continuous improvement of processes.

Question 63

IT steering committee

Answer 63

A body of senior managers or executives that discusses high- level and long-term issues in the organization.