Glossary of Terms Flashcards
Abend
An abnormal end to a computer job; termination of a task prior to its completion because of an
error condition that cannot be resolved by recovery facilities while the task is executing
Acceptable
interruption window
The maximum period of time that a system can be unavailable before compromising the
achievement of the enterprise’s business objectives
Acceptable User Policy (AUP)
A policy that establishes an agreement between users and the enterprise and defines for all parties’ the ranges of use that are approved before gaining access to a network or the Internet.
Access Control
The processes, rules and deployment mechanisms that control access to information systems,
resources and physical access to premises
Access Control Lists (ACL)
An internal computerized table of access rules regarding the levels of computer access permitted to logon IDs and computer terminals
Scope Note: Also referred to as access control tables
Access control table
An internal computerized table of access rules regarding the levels of computer access permitted to
logon IDs and computer terminals
Access method
The technique used for selecting records in a file, one at a time, for processing, retrieval or storage
The access method is related to, but distinct from, the file organization, which determines how the records are stored.
Access Path
The logical route that an end user takes to access computerized information
Scope Note: Typically includes a route through the operating system, telecommunications software, selected application software and the access control system
Access Rights
The permission or privileges granted to users, programs or workstations to create, change, delete or view data and files within a system, as defined by rules established by data owners and the information security policy
Access Servers
Provides centralized access control for managing remote access dial‐up services
Accountability
The ability to map a given activity or event back to the responsible party
Accountability of
governance
Governance ensures that enterprise objectives are achieved by evaluating stakeholder needs, conditions and options; setting direction through prioritization and decision making; and monitoring performance, compliance and progress against plans.
In most enterprises, governance is the responsibility of the board of directors under the leadership of the
chairperson.
Scope Note: COBIT 5 Perspective
Accountable party
The individual, group or entity that is ultimately responsible for a subject matter, process or scope
Scope Note: Within the IT Assurance Framework (ITAF), the term “management” is equivalent to “accountable party.”
Acknowledgement (ACK)
A flag set in a packet to indicate to the sender that the previous packet sent was accepted correctly by the receiver without errors, or that the receiver is now ready to accept a transmission.
Active recovery site
Mirrored
A recovery strategy that involves two active sites, each capable of taking over the other’s workload in the event of a disaster
Scope Note: Each site will have enough idle processing power to restore data from the other site and to accommodate the excess workload in the event of a disaster.
Active Response
A response in which the system either automatically, or in concert with the user, blocks or otherwise affects the
progress of a detected attack.
Scope Note: Takes one of three forms: amending the environment, collecting more information or striking back against the user
Activity
The main actions taken to operate the COBIT process
Address
Within computer storage, the code used to designate the location of a specific piece of data
Address Space
The number of distinct locations that may be referred to with the machine address.
Scope Note: For most binary machines, it is equal to 2n, where n is the number of bits in the machine address.
Addressing
The method used to identify the location of a participant in a network
Adjusting period
The calendar can contain “real” accounting periods and/or adjusting accounting periods. The “real” accounting periods must not overlap and cannot have any gaps between them. Adjusting accounting periods can overlap with other accounting periods.
Administrative control
The rules, procedures and practices dealing with operational effectiveness, efficiency and adherence
to regulations and management policies
Advanced Encryption Standard (AES)
A public algorithm that supports keys from 128 bits to 256 bits in size
Advanced Persistent Threat (APT)
An adversary that possesses sophisticated levels of expertise and significant resources which allow it to createopportunities to achieve its objectives using multiple attack vectors (NIST SP800‐61)
Scope Note: The APT:
- pursues its objectives repeatedly over an extended period of time
- adapts to defenders’ efforts to resist it
- is determined to maintain the level of interaction needed to execute its objectives
Adversary
A threat actor / agent
Adware
A software package that automatically plays, displays or downloads advertising material to a computer after the
software is installed on it or while the application is being used
Alert Situation
The point in an emergency procedure when the elapsed time passes a threshold and the interruption is not resolved. The enterprise entering into an alert situation initiates a series of escalation steps
Alignment
A state where the enablers of governance and management of enterprise IT support the goals and strategies of the enterprise
Allocation Entry
A recurring journal entry used to allocate revenues or costs
Scope Note: For example, an allocation entry could be defined to allocate costs to each department based on head count.
Alpha
The use of alphabetic characters or an alphabetic character string
Alternate Facilities
Locations and infrastructures from which emergency or backup processes are executed, when the main premises are unavailable or destroyed.
Scope Note: Includes other buildings, offices or data processing centers
Alternate Process
Automatic or manual process designed and established to continue critical business processes from
point‐of‐failure to return‐to‐normal
Alternate Routing
A service that allows the option of having an alternate route to complete a call when the marked destination is not available.
Scope Note: In signaling, alternative routing is the process of allocating substitute routes for a given signaling traffic stream in case of failure(s) affecting the normal signaling links or routes of that traffic stream.
ASCII
American Standard Code
for Information
Interchange
Amortization
The process of cost allocation that assigns the original cost of an intangible asset to the periods
benefited; calculated in the same way as depreciation
Analog
A transmission signal that varies continuously in amplitude and time and is generated in wave formation
Scope Note: Analog signals are used in telecommunications
Analytical technique
The examination of ratios, trends, and changes in balances and other values between periods to obtain a broad understanding of the enterprise’s financial or operational position and to identify areas that may require further or closer investigation.
Scope Note: Often used when planning the assurance assignment
Anomaly
Unusual or statistically rare
Anomaly Detection
Detection on the basis of whether the system activity matches that defined as abnormal
Anonymity
The quality or state of not being named or identified
Anti-malware
A technology widely used to prevent, detect and remove many categories of malware, including computer viruses, worms, Trojans, keyloggers, malicious browser plug‐ins, adware and spyware
Antivirus software
An application software deployed at multiple points in an IT architecture It is designed to detect and potentially eliminate virus code before damage is done and repair or quarantine files that have already been infected
Appearance
The act of giving the idea or impression of being or doing something
Appearance of Independence
Behavior adequate to meet the situations occurring during audit work (interviews, meetings, reporting, etc.)
Scope Note: An IS auditor should be aware that appearance of independence depends on the perceptions of others and can be influenced by improper actions or associations.
Applet
A program written in a portable, platform‐independent computer language, such as Java, JavaScript or Visual Basic.
Scope Note: An applet is usually embedded in an HyperText Markup Language (HTML) page downloaded from webservers and then executed by a browser on client machines to run any web‐ based application (e.g., generate web page input forms, run audio/video programs, etc.). Applets can only perform a restricted set of operations, thus preventing, or at least minimizing, the possible security compromise of the host computers. However, applets expose the user’s
machine to risk if not properly controlled by the browser, which should not allow an applet to access a machine’s information without prior authorization of the user.
Application
A computer program or set of programs that performs the processing of records for a specific function
Scope Note: Contrasts with systems programs, such as an operating system or network control program, and with utility programs, such as copy or sort
Application acquisition
review
An evaluation of an application system being acquired or evaluated, that considers such matters as: appropriate
controls are designed into the system; the application will process information in a complete, accurate and reliable manner; the application will function as intended; the application will function in compliance with any applicable statutory provisions; the system is acquired in compliance with the established system acquisition process
Application architecture
Description of the logical grouping of capabilities that manage the objects necessary to process information and support the enterprise’s objectives.
Scope Note: COBIT 5 perspective
Application benchmarking
The process of establishing the effective design and operation of automated controls within an
application.
Application controls
The policies, procedures and activities designed to provide reasonable assurance that objectives
relevant to a given automated solution (application) are achieved
Application development
review
An evaluation of an application system under development that considers matters such as: appropriate controls are designed into the system; the application will process information in a complete, accurate and reliable manner; the application will function as intended; the application will function in compliance with any applicable statutory
provisions; the system is developed in
compliance with the established system development life cycle process
Application
implementation review
An evaluation of any part of an implementation project
Scope Note: Examples include project management, test plans and user acceptance testing (UAT) procedures.
Application layer
In the Open Systems Interconnection (OSI) communications model, the application layer provides services for an application program to ensure that effective communication with another application program in a network is possible.
Scope Note: The application layer is not the application that is doing the communication; a service layer that provides these services.
Application maintenance
review
An evaluation of any part of a project to perform maintenance on an application system.
Scope Note: Examples include project management, test plans and user acceptance testing (UAT) procedures.
Application or managed service provider (ASP/MSP)
A third party that delivers and manages applications and computer services, including security services to multiple users via the Internet or a private network.
Application Programme
A program that processes business data through activities such as data entry, update or query
Scope Note: Contrasts with systems programs, such as an operating system or network control program, and with utility programs such as copy or sort.
Application Programming Interface (API)
A set of routines, protocols and tools referred to as “building blocks” used in business application software
development.
Scope Note: A good API makes it easier to develop a program by providing all the building blocks related to functional characteristics of an operating system that applications need to specify, for example, when interfacing with the operating system (e.g., provided by Microsoft Windows, different versions of UNIX). A programmer utilizes these APIs in developing applications that can operate effectively and efficiently on the platform chosen.
Application proxy
A service that connects programs running on internal networks to services on exterior networks by creating two connections, one from the requesting client and another to the destination service.
Application security
Refers to the security aspects supported by the application, primarily with regard to the roles or
responsibilities and audit trails within the applications
Application Service Provider (ASP)
Also known as managed service provider (MSP), it deploys, hosts and manages access to a packaged application to multiple parties from a centrally managed facility.
Scope Note: The applications are delivered over networks on a subscription basis.
Application software
tracing and mapping
Specialized tools that can be used to analyze the flow of data through the processing logic of the application software and document the logic, paths, control conditions and processing sequences
Scope Note: Both the command language or job control statements and programming language can be analyzed. This technique includes program/system: mapping, tracing, snapshots, parallel simulations and code comparisons.
Application System
An integrated set of computer programs designed to serve a particular function that has specific input, processing and output activities
Scope Note: Examples include general ledger, manufacturing resource planning and human resource (HR) management.
Architecture
Description of the fundamental underlying design of the components of the business system, or of
one element of the business system (e.g., technology), the relationships among them, and the manner in which they support enterprise objectives
Architecture Board
A group of stakeholders and experts who are accountable for guidance on enterprise‐architecture‐ related matters and decisions, and for setting architectural policies and standards.
Scope Note: COBIT 5 perspective
Arithmetic Logic Unit (ALU)
The area of the central processing unit (CPU) that performs mathematical and analytical operations
Artifical Intelligence (AI)
Advanced computer systems that can simulate human capabilities, such as analysis, based on a
predetermined set of rules.
ASCII
Representing 128 characters, the American Standard Code for Information Interchange (ASCII) code
normally uses 7 bits. However, some variations of the ASCII code set allow 8 bits. This 8‐bit ASCII code allows 256 characters to be represented.
Assembler
A program that takes as input a program written in assembly language and translates it into machine
code or machine language
Assembly Language
A low‐level computer programming language which uses symbolic code and produces machine
instructions
Assertion
Any formal declaration or set of declarations about the subject matter made by management.
Scope Note: Assertions should usually be in writing and commonly contain a list of specific attributes about the subject matter or about a process involving the subject matter.
Assessment
A broad review of the different aspects of a company or function that includes elements not covered by a structured assurance initiative.
Scope Note: May include opportunities for reducing the costs of poor quality, employee perceptions on quality
aspects, proposals to senior management on policy, goals, etc.
Asset
Something of either tangible or intangible value that is worth protecting, including people,
information, infrastructure, finances and reputation