Glossary of Terms Flashcards

1
Q

Abend

A

An abnormal end to a computer job; termination of a task prior to its completion because of an
error condition that cannot be resolved by recovery facilities while the task is executing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Acceptable

interruption window

A

The maximum period of time that a system can be unavailable before compromising the
achievement of the enterprise’s business objectives

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Acceptable User Policy (AUP)

A

A policy that establishes an agreement between users and the enterprise and defines for all parties’ the ranges of use that are approved before gaining access to a network or the Internet.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Access Control

A

The processes, rules and deployment mechanisms that control access to information systems,
resources and physical access to premises

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Access Control Lists (ACL)

A

An internal computerized table of access rules regarding the levels of computer access permitted to logon IDs and computer terminals
Scope Note: Also referred to as access control tables

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Access control table

A

An internal computerized table of access rules regarding the levels of computer access permitted to
logon IDs and computer terminals

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Access method

A

The technique used for selecting records in a file, one at a time, for processing, retrieval or storage
The access method is related to, but distinct from, the file organization, which determines how the records are stored.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Access Path

A

The logical route that an end user takes to access computerized information

Scope Note: Typically includes a route through the operating system, telecommunications software, selected application software and the access control system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Access Rights

A

The permission or privileges granted to users, programs or workstations to create, change, delete or view data and files within a system, as defined by rules established by data owners and the information security policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Access Servers

A

Provides centralized access control for managing remote access dial‐up services

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Accountability

A

The ability to map a given activity or event back to the responsible party

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Accountability of

governance

A

Governance ensures that enterprise objectives are achieved by evaluating stakeholder needs, conditions and options; setting direction through prioritization and decision making; and monitoring performance, compliance and progress against plans.

In most enterprises, governance is the responsibility of the board of directors under the leadership of the
chairperson.

Scope Note: COBIT 5 Perspective

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Accountable party

A

The individual, group or entity that is ultimately responsible for a subject matter, process or scope
Scope Note: Within the IT Assurance Framework (ITAF), the term “management” is equivalent to “accountable party.”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Acknowledgement (ACK)

A

A flag set in a packet to indicate to the sender that the previous packet sent was accepted correctly by the receiver without errors, or that the receiver is now ready to accept a transmission.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Active recovery site

Mirrored

A

A recovery strategy that involves two active sites, each capable of taking over the other’s workload in the event of a disaster

Scope Note: Each site will have enough idle processing power to restore data from the other site and to accommodate the excess workload in the event of a disaster.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Active Response

A

A response in which the system either automatically, or in concert with the user, blocks or otherwise affects the
progress of a detected attack.

Scope Note: Takes one of three forms: amending the environment, collecting more information or striking back against the user

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Activity

A

The main actions taken to operate the COBIT process

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Address

A

Within computer storage, the code used to designate the location of a specific piece of data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Address Space

A

The number of distinct locations that may be referred to with the machine address.

Scope Note: For most binary machines, it is equal to 2n, where n is the number of bits in the machine address.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Addressing

A

The method used to identify the location of a participant in a network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Adjusting period

A

The calendar can contain “real” accounting periods and/or adjusting accounting periods. The “real” accounting periods must not overlap and cannot have any gaps between them. Adjusting accounting periods can overlap with other accounting periods.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Administrative control

A

The rules, procedures and practices dealing with operational effectiveness, efficiency and adherence
to regulations and management policies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Advanced Encryption Standard (AES)

A

A public algorithm that supports keys from 128 bits to 256 bits in size

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Advanced Persistent Threat (APT)

A

An adversary that possesses sophisticated levels of expertise and significant resources which allow it to createopportunities to achieve its objectives using multiple attack vectors (NIST SP800‐61)

Scope Note: The APT:

  1. pursues its objectives repeatedly over an extended period of time
  2. adapts to defenders’ efforts to resist it
  3. is determined to maintain the level of interaction needed to execute its objectives
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Adversary

A

A threat actor / agent

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Adware

A

A software package that automatically plays, displays or downloads advertising material to a computer after the
software is installed on it or while the application is being used

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Alert Situation

A

The point in an emergency procedure when the elapsed time passes a threshold and the interruption is not resolved. The enterprise entering into an alert situation initiates a series of escalation steps

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Alignment

A

A state where the enablers of governance and management of enterprise IT support the goals and strategies of the enterprise

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Allocation Entry

A

A recurring journal entry used to allocate revenues or costs

Scope Note: For example, an allocation entry could be defined to allocate costs to each department based on head count.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Alpha

A

The use of alphabetic characters or an alphabetic character string

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Alternate Facilities

A

Locations and infrastructures from which emergency or backup processes are executed, when the main premises are unavailable or destroyed.

Scope Note: Includes other buildings, offices or data processing centers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

Alternate Process

A

Automatic or manual process designed and established to continue critical business processes from
point‐of‐failure to return‐to‐normal

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

Alternate Routing

A

A service that allows the option of having an alternate route to complete a call when the marked destination is not available.

Scope Note: In signaling, alternative routing is the process of allocating substitute routes for a given signaling traffic stream in case of failure(s) affecting the normal signaling links or routes of that traffic stream.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

ASCII

A

American Standard Code
for Information
Interchange

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

Amortization

A

The process of cost allocation that assigns the original cost of an intangible asset to the periods
benefited; calculated in the same way as depreciation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

Analog

A

A transmission signal that varies continuously in amplitude and time and is generated in wave formation
Scope Note: Analog signals are used in telecommunications

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

Analytical technique

A

The examination of ratios, trends, and changes in balances and other values between periods to obtain a broad understanding of the enterprise’s financial or operational position and to identify areas that may require further or closer investigation.

Scope Note: Often used when planning the assurance assignment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

Anomaly

A

Unusual or statistically rare

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

Anomaly Detection

A

Detection on the basis of whether the system activity matches that defined as abnormal

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

Anonymity

A

The quality or state of not being named or identified

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

Anti-malware

A

A technology widely used to prevent, detect and remove many categories of malware, including computer viruses, worms, Trojans, keyloggers, malicious browser plug‐ins, adware and spyware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

Antivirus software

A

An application software deployed at multiple points in an IT architecture It is designed to detect and potentially eliminate virus code before damage is done and repair or quarantine files that have already been infected

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

Appearance

A

The act of giving the idea or impression of being or doing something

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

Appearance of Independence

A

Behavior adequate to meet the situations occurring during audit work (interviews, meetings, reporting, etc.)

Scope Note: An IS auditor should be aware that appearance of independence depends on the perceptions of others and can be influenced by improper actions or associations.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

Applet

A

A program written in a portable, platform‐independent computer language, such as Java, JavaScript or Visual Basic.

Scope Note: An applet is usually embedded in an HyperText Markup Language (HTML) page downloaded from webservers and then executed by a browser on client machines to run any web‐ based application (e.g., generate web page input forms, run audio/video programs, etc.). Applets can only perform a restricted set of operations, thus preventing, or at least minimizing, the possible security compromise of the host computers. However, applets expose the user’s
machine to risk if not properly controlled by the browser, which should not allow an applet to access a machine’s information without prior authorization of the user.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

Application

A

A computer program or set of programs that performs the processing of records for a specific function

Scope Note: Contrasts with systems programs, such as an operating system or network control program, and with utility programs, such as copy or sort

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

Application acquisition

review

A

An evaluation of an application system being acquired or evaluated, that considers such matters as: appropriate
controls are designed into the system; the application will process information in a complete, accurate and reliable manner; the application will function as intended; the application will function in compliance with any applicable statutory provisions; the system is acquired in compliance with the established system acquisition process

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

Application architecture

A

Description of the logical grouping of capabilities that manage the objects necessary to process information and support the enterprise’s objectives.

Scope Note: COBIT 5 perspective

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

Application benchmarking

A

The process of establishing the effective design and operation of automated controls within an
application.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

Application controls

A

The policies, procedures and activities designed to provide reasonable assurance that objectives
relevant to a given automated solution (application) are achieved

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q

Application development

review

A

An evaluation of an application system under development that considers matters such as: appropriate controls are designed into the system; the application will process information in a complete, accurate and reliable manner; the application will function as intended; the application will function in compliance with any applicable statutory
provisions; the system is developed in
compliance with the established system development life cycle process

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

Application

implementation review

A

An evaluation of any part of an implementation project

Scope Note: Examples include project management, test plans and user acceptance testing (UAT) procedures.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q

Application layer

A

In the Open Systems Interconnection (OSI) communications model, the application layer provides services for an application program to ensure that effective communication with another application program in a network is possible.

Scope Note: The application layer is not the application that is doing the communication; a service layer that provides these services.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
54
Q

Application maintenance

review

A

An evaluation of any part of a project to perform maintenance on an application system.

Scope Note: Examples include project management, test plans and user acceptance testing (UAT) procedures.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
55
Q

Application or managed service provider (ASP/MSP)

A

A third party that delivers and manages applications and computer services, including security services to multiple users via the Internet or a private network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
56
Q

Application Programme

A

A program that processes business data through activities such as data entry, update or query
Scope Note: Contrasts with systems programs, such as an operating system or network control program, and with utility programs such as copy or sort.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
57
Q

Application Programming Interface (API)

A

A set of routines, protocols and tools referred to as “building blocks” used in business application software
development.

Scope Note: A good API makes it easier to develop a program by providing all the building blocks related to functional characteristics of an operating system that applications need to specify, for example, when interfacing with the operating system (e.g., provided by Microsoft Windows, different versions of UNIX). A programmer utilizes these APIs in developing applications that can operate effectively and efficiently on the platform chosen.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
58
Q

Application proxy

A

A service that connects programs running on internal networks to services on exterior networks by creating two connections, one from the requesting client and another to the destination service.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
59
Q

Application security

A

Refers to the security aspects supported by the application, primarily with regard to the roles or
responsibilities and audit trails within the applications

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
60
Q

Application Service Provider (ASP)

A

Also known as managed service provider (MSP), it deploys, hosts and manages access to a packaged application to multiple parties from a centrally managed facility.

Scope Note: The applications are delivered over networks on a subscription basis.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
61
Q

Application software

tracing and mapping

A

Specialized tools that can be used to analyze the flow of data through the processing logic of the application software and document the logic, paths, control conditions and processing sequences

Scope Note: Both the command language or job control statements and programming language can be analyzed. This technique includes program/system: mapping, tracing, snapshots, parallel simulations and code comparisons.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
62
Q

Application System

A

An integrated set of computer programs designed to serve a particular function that has specific input, processing and output activities

Scope Note: Examples include general ledger, manufacturing resource planning and human resource (HR) management.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
63
Q

Architecture

A

Description of the fundamental underlying design of the components of the business system, or of
one element of the business system (e.g., technology), the relationships among them, and the manner in which they support enterprise objectives

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
64
Q

Architecture Board

A

A group of stakeholders and experts who are accountable for guidance on enterprise‐architecture‐ related matters and decisions, and for setting architectural policies and standards.

Scope Note: COBIT 5 perspective

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
65
Q

Arithmetic Logic Unit (ALU)

A

The area of the central processing unit (CPU) that performs mathematical and analytical operations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
66
Q

Artifical Intelligence (AI)

A

Advanced computer systems that can simulate human capabilities, such as analysis, based on a
predetermined set of rules.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
67
Q

ASCII

A

Representing 128 characters, the American Standard Code for Information Interchange (ASCII) code
normally uses 7 bits. However, some variations of the ASCII code set allow 8 bits. This 8‐bit ASCII code allows 256 characters to be represented.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
68
Q

Assembler

A

A program that takes as input a program written in assembly language and translates it into machine
code or machine language

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
69
Q

Assembly Language

A

A low‐level computer programming language which uses symbolic code and produces machine
instructions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
70
Q

Assertion

A

Any formal declaration or set of declarations about the subject matter made by management.

Scope Note: Assertions should usually be in writing and commonly contain a list of specific attributes about the subject matter or about a process involving the subject matter.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
71
Q

Assessment

A

A broad review of the different aspects of a company or function that includes elements not covered by a structured assurance initiative.

Scope Note: May include opportunities for reducing the costs of poor quality, employee perceptions on quality
aspects, proposals to senior management on policy, goals, etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
72
Q

Asset

A

Something of either tangible or intangible value that is worth protecting, including people,
information, infrastructure, finances and reputation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
73
Q

Assurance

A

Pursuant to an accountable relationship between two or more parties, an IT audit and assurance professional is
engaged to issue a written communication expressing a conclusion about the subject matters for which the
accountable party is responsible. Assurance refers to a number of related activities designed to provide the reader or user of the report with a level of assurance or comfort over the subject matter.

Scope Note: Assurance engagements could include support for audited financial statements, reviews of controls, compliance with required standards and practices, and compliance with agreements, licenses, legislation and regulation.

74
Q

Assurance engagement

A

An objective examination of evidence for the purpose of providing an assessment on risk management, control or
governance processes for the enterprise.
Scope Note: Examples may include financial, performance, ccoommpplliiaannccee and system security engagements

75
Q

Assurance initiative

A

An objective examination of evidence for the purpose of providing an assessment on risk management, control or governance processes for the enterprise.

Scope Note: Examples may include financial, performance, compliance and system security engagements.

76
Q
Asymmetric key (public
key)
A

A cipher technique in which different cryptographic keys are used to encrypt and decrypt a message
Scope Note: See Public key encryption.

77
Q

Asynchronous Transfer

Mode (ATM)

A

A high‐bandwidth low‐delay switching and multiplexing technology that allows integration of real‐ time voice and video as well as data. It is a data link layer protocol.

Scope Note: ATM is a protocol‐independent transport mechanism. It allows high‐speed data transfer rates at up to 155 Mbit/s.
The acronym ATM should not be confused with the alternate usage for ATM, which refers to an automated teller machine.

78
Q

Asynchronous

transmission

A

Character‐at‐a‐time transmission

79
Q

Attack

A

An actual occurrence of an adverse event

80
Q

Attack Mechanism

A

A method used to deliver the exploit. Unless the attacker is personally performing the attack, an attack mechanism may involve a payload, or container, that delivers the exploit to the target.

81
Q

Attack vector

A

A path or route used by the adversary to gain access to the target (asset)
Scope Note: There are two types of attack vectors: ingress and egress (also known as data exfiltration)

82
Q

Attenuation

A

Reduction of signal strength during transmission

83
Q

Attest reporting

engagement

A

An engagement in which an IS auditor is engaged to either examine management’s assertion regarding a particular subject matter or the subject matter directly

Scope Note: The IS auditor’s report consists of an opinion on one of the following: The subject matter. These reportsrelate directly to the subject matter itself rather than to an assertion.

In certain situations management will not be able
to make an assertion over the subject of the engagement. An example of this situation is when IT services are outsourced to third party.

Management will not ordinarily be able to make an assertion over the controls that the third party is responsible for. Hence, an IS auditor would have to report directly on the subject matter rather than
on an assertion.

84
Q

Attitude

A

Way of thinking, behaving, feeling, etc

85
Q

Attribute Sampling

A

Method to select a portion of a population based on the presence or absence of a certain
characteristic

86
Q

Audit

A

Formal inspection and verification to check whether a standard or set of guidelines is being followed, records are accurate, or efficiency and effectiveness targets are being met.

Scope Note: May be carried out by internal or external groups

87
Q

Audit accountability

A

Performance measurement of service delivery including cost, timeliness and quality against agreed
service levels

88
Q

Audit Authourity

A

A statement of the position within the enterprise, including lines of reporting and the rights of
access

89
Q

Audit Charter

A

A document approved by those charged with governance that defines the purpose, authority and responsibility of the
internal audit activity
Scope Note: The charter should:
‐ Establish the internal audit funtion’s position within the enterprise
‐ Authorise access to records, personnel and physical properties relevant to the performance of IS audit and assurance engagements.
Define the scope of audit function’s activities

90
Q

Audit Engagement

A

A specific audit assignment or review activity, such as an audit, control self‐assessment review, fraud examination or consultancy.

Scope Note: An audit engagement may include multiple tasks or activities designed to accomplish a specific set of related objectives.

91
Q

Audit Evidence

A

The information used to support the audit opinion

92
Q

Audit Expert Systems

A

Expert or decision support systems that can be used to assist IS auditors in the decision‐making process by automating the knowledge of experts in the field

Scope Note: This technique includes automated risk analysis, systems software and control objectives software packages.

93
Q

Audit Objective

A

The specific goal(s) of an audit

Scope Note: These often center on substantiating the existence of internal controls to minimize business risk.

94
Q

Audit Plan

A
  1. A plan containing the nature, timing and extent of audit procedures to be performed by engagement team members in order to obtain sufficient appropriate audit evidence to form an opinion.

Scope Note: Includes the areas to be audited, the type of work planned, the high‐level objectives and scope of the work, and topics such as budget, resource allocation, schedule dates, type of report and its intended audience and other general aspects of the work.

  1. A high‐level description of the audit work to be performed in a certain period of time
95
Q

Audit Programme

A

A step‐by‐step set of audit procedures and instructions that should be performed to complete an
audit

96
Q

Audit Responsibility

A

The roles, scope and objectives documented in the service level agreement (SLA) between
management and audit

97
Q

Audit Risk

A

The risk of reaching an incorrect conclusion based upon audit findings.

Scope Note: The three components of audit risk are:
‐ Control risk
‐ Detection risk
‐ Inherent risk

98
Q

Audit Sampling

A

The application of audit procedures to less than 100 percent of the items within a population to
obtain audit evidence about a particular characteristic of the population

99
Q

Audit Subject Matter Risk

A

Risk relevant to the area under review:
‐ Business risk (customer capability to pay, credit worthiness, market factors, etc.)
‐ Contract risk (liability, price, type, penalties, etc.)
‐ Country risk (political, environment, security, etc.)
‐ Project risk (resources, skill set, methodology, product stability, etc.)
‐ Technology risk (solution, architecture, hardware and software infrastructure network, delivery channels, etc.)

Scope Note: See inherent risk

100
Q

Audit Trail

A

A visible trail of evidence enabling one to trace information contained in statements or reports back
to the original input source

101
Q

Audit Universe

A

An inventory of audit areas that is compiled and maintained to identify areas for audit during the audit planning process.

Scope Note: Traditionally, the list includes all financial and key operational systems as well as other units that would be audited as part of the overall cycle of planned work. The audit universe serves as the source from which the annual audit schedule is prepared. The universe will be periodically revised to reflect changes in the overall risk profile.

102
Q

Auditability

A

The level to which transactions can be traced and audited through a system

103
Q

Auditable Unit

A

Subjects, units or systems that are capable of being defined and evaluated.

Scope Note: Auditable units may include:
‐Policies, procedures and practices
‐Cost centers, profit centers and investment centers
‐General ledger account balances
‐Information systems (manual and computerized)
‐Major contracts and programs
‐Organizational units, such as product or service lines
‐Functions, such as information technology (IT), purchasing, marketing, production, finance, accounting and human
resources (HR)
‐Transaction systems for activities, such as sales, collection, purchasing, disbursement, inventory and cost accounting,
production, treasury, payroll, and capital assets
‐Financial statements
‐Laws and regulations

104
Q

Auditor’s Opinion

A

A formal statement expressed by the IS audit or assurance professional that describes the scope of the audit, the procedures used to produce the report and whether or not the findings support that the audit criteria have been met.

Scope Note: The types of opinions are:
‐ Unqualified opinion: Notes no exceptions or none of the exceptions noted aggregate to a significant deficiency
‐ Qualified opinion: Notes exceptions aggregated to a significant deficiency (but not a material weakness)
‐ Adverse opinion: Notes one or more significant deficiencies aggregating to a material weakness

105
Q

Authentication

A
  1. The act of verifying identity (i.e., user, system)

Scope Note: Risk: Can also refer to the verification of the correctness of a piece of data

  1. The act of verifying the identity of a user and the user’s eligibility to access computerized information

Scope Note: Assurance: Authentication is designed to protect against fraudulent logon activity. It can also refer to the verification of the correctness of a piece of data.

106
Q

Authenticity

A

Undisputed Authourship

107
Q

Automated application

controls

A

Controls that have been programmed and embedded within an application

108
Q

Availability

A

Ensuring timely and reliable access to and use of information

109
Q

Awareness

A

Being acquainted with, mindful of, conscious of and well informed on a specific subject, which
implies knowing and understanding a subject and acting accordingly

110
Q

Back Door

A

A means of regaining access to a compromised system by installing software or configuring existing
software to enable remote access under attacker‐defined conditions

111
Q

Back Bone

A

The main communication channel of a digital network. The part of the network that handles the majority of the traffic.

112
Q

Back Up

A

Files, equipment, data and procedures available for use in the event of a failure or loss, if the originals are destroyed or out of service.

113
Q

Backup centre

A

An Alternative facility to continue IS/IT operations when the primary data processing centre is unavailable.

114
Q

Badge

A

A card (or other devices) that is presented or displayed to obtain access to an otherwise restricted facility as a symbol of authority.

115
Q

Balanced Score Card (BSC)

A

A coherent set of performance measures organised into four categories.

116
Q

Balanced Score Card (BSC) Categories

A
4x Categories: 
financial measures
customer business processes
internal business processes
learning perspectives
growth perspectives
117
Q

Bandwidth

A

The range between the highest and lowest transmittable frequencies. measured in bytes per second or Hertz (cycles) per second.

118
Q

Bar Code

A

A printed machine-readable code that consists of parallel bars of varied width and spacing.

119
Q

Base 58 encoding

A

Base58 Encoding is a binary‐to ‐text encoding process that converts long bit sequences into alphanumeric text

120
Q

Base 64 encoding

A

Base64 Encoding is a binary

‐to ‐text encoding process that converts long bit sequences into alphanumeric text

121
Q

Base Case

A

A standardised body of data created for testing purposes.

122
Q

BaseBand

A

A form of modulation in which data signals are pulsed directly on the transmission medium without frequency division and usually utilises a transceiver.

123
Q

Baseline Architecture

A

The existing description of the fundamental underlying design of the components of the business system before entering a cycle of architecture review and design (Cobit 5 perspective)

124
Q

Bastion

A

A System that is heavily fortified against attack.

125
Q

Batch Control

A

Correctness checks built into data processing systems and applied to batches of input data, particularly in the data preparation stage.

126
Q

The 2 forms of Batch Control ?

A

Sequence control, which involves numbering the records in a batch consecutively so that the presence of each record can be confirmed; and control total, which is a total of the values in selected fields within the transactions.

127
Q

Batch Processing

A

The processing of a group of transactions at the same time.

128
Q

Baud Rate

A

The rate of transmission for telecommunications data, expressed in bits per second (bps)

129
Q

Benchmark

A

A systematic approach to comparing enterprise performance against peers and competitors in an effort to learn the best ways of conducting business.

130
Q

Benefit

A

In business an outcomes whose nature and value (expressed in various ways) are considered advantageous by an enterprise.

131
Q

Benefits Realisation

A

One of the objectives of governance. The bring about of new benefits for the enterprise, the maintenance and extension of existing forms of benefits, and the elimination of those initiatives and assets that are not creating sufficient value.

132
Q

Binary Code

A

A code whose representation is a 1 or 0

133
Q

Biometric locks

A

Doors and entry locks that are activated by such biometric features as voice, eye, retina or fingerprint.

134
Q

Biometrics

A

A security technique that verifies an individuals identity by analyzing a unique physical attribute.

135
Q

Bit-stream image

A

Bit‐stream backups, also referred to as mirror image backups, involve the backup of all areas of a computer hard disk drive or other types of storage media. This is an exact replicate of all sectors.

136
Q

Blackbox testing

A

A testing approach that focuses on the functionality of the application or product. It does not require knowledge of the code.

137
Q

Blockchain

A

A distributed, protected journaling and ledger system. Use of blockchain technologies can enable anything from digital Blockchain currency (e.g. Bitcoin) to any other value‐bearning transaction.

138
Q

Block Cipher

A

A public algorithm that operates on plain text in blocks (strings or groups) of bits.

139
Q

Botnet

A

A term derived from “robot network;” is a large automated and distributed network of previously compromised computers that can be simultaneously controlled to launch large‐scale attacks such as
a denial‐of‐service attack on selected victims

140
Q

Boundary

A

Logical and Physical controls used to define the perimeter between the organisation and the outside world.

141
Q

Bridge

A

Datalink Layer device designed to connect two local area networks or create two separate network segments (either LAN or WAN) to reduce collision domains.

142
Q

Bring Your Own Device (BYOD)

A

An enterprise policy used to permit partial or full integration of user‐owned mobile devices for business purposes.

143
Q

Broadband

A

Multiple channels are formed by dividing the transmission medium into discrete frequency segments.
Scope Note: Broadband generally requires the use of a modem.

144
Q

Broadcast

A

A method to distribute information to multiple recipients simultaneously.

145
Q

Brouter

A

A device that performs the function of a both a bridge and a router. (Datalink and network)

146
Q

Browser

A

A computer program that enables the user to retrieve information that has been made publicly available on the Internet; also, that permits multimedia (graphics) applications on the World Wide Web

147
Q

Brute force

A

A class of algorithms that repeatedly try all possible combinations until a solution is found.

148
Q

Brute force attack

A

Repeatedly trying all possible combinations of passwords or encryption keys until the correct one is found.

149
Q

Budget

A

Estimated cost and revenue amounts for a given range of periods and set of books.
cope Note: There can be multiple budget versions for the same set of books.

150
Q

Budget Formula

A

A mathematical expression used to calculate budget amounts based on actual results, other budget amounts and statistics.

151
Q

Budget Hierarchy

A

A group of budgets linked together at different levels such that the budgeting authority of a lower‐ level budget is controlled by an upper‐level budget

152
Q

Budget Organisation

A

An entity (department, cost center, division or other group) responsible for entering and maintaining budget data

153
Q

Buffer

A

Memory reserved to temporarily hold data to offset differences between the operating speeds of different devices, such as a printer and a computer

154
Q

Buffer Overflow

A

Occurs when a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold.

155
Q

Bulk Data Transfer

A

A data recovery strategy that includes a recovery from complete backups that are physically shipped offsite once a week.

156
Q

Bus

A

Common Path or channel between hardware devices. Either between components on a computer, or between external computers on a communcations network.

157
Q

Bus Configuration

A

All devices (nodes) are linked along one communication line where transmissions are received by all attached nodes.

158
Q

Business Balanced score card.

A

A tool for managing organizational strategy that uses weighted measures for the areas of financial performance (lag) indicators, internal operations, customer measurements, learning and growth
(lead) indicators, combined to rate the enterprise

159
Q

Business case

A

Documentation of the rationale for making a business investment, used both to support a business decision on whether to proceed with the investment and as an operational tool to support
management of the investment through its full economic life cycle

160
Q

Business Continuity

A

Preventing, mitigating and recovering from disruption

161
Q

Business Continuity Plan (BCP)

A

A plan used by an enterprise to respond to disruption of critical business processes. Depends on the contingency plan for restoration of critical systems.

162
Q

Business Control

A

The policies, procedures, practices and organizational structures designed to provide reasonable assurance that the business objectives will be achieved and undesired events will be prevented or detected

163
Q

Business dependency assessment

A

A process of identifying resources critical to the operation of a business process

164
Q

Business Function

A

An activity that an enterprise does, or needs to do, to achieve its objectives

165
Q

Business Goal

A

The translation of the enterprise’s mission from a statement of intention into performance targets and results

166
Q

Business Impact Analysis

A

The translation of the enterprise’s mission from a statement of intention into performance targets and results.

167
Q

Business impact analysis/assessment (BIA)

A

Evaluating the criticality and sensitivity of information assets.
An exercise that determines the impact of losing the support of any resource to an enterprise, establishes the escalation of that loss over time, identifies the minimum resources needed to recover, and prioritizes the recovery of processes and the supporting system

168
Q

Business Interruption

A

Any event, whether anticipated (i.e., public service strike) or unanticipated (i.e., blackout) that disrupts the normal course of business operations at an enterprise

169
Q

Business Model for Information Security (BMIS)

A

A holistic and business‐oriented model that supports enterprise governance and management information security, and provides a common language for information security professionals and
business management

170
Q

Business Objective

A

A further development of the business goals into tactical targets and desired results and outcomes

171
Q

Business Process

A

An inter‐related set of cross‐functional activities or events that result in the delivery of a specific product or service to a customer.

172
Q

Business Process Control

A

The policies, procedures, practices and organizational structures designed to provide reasonable assurance that a business process will achieve its objectives.

173
Q

Business Process Integrity

A

Controls over the business processes that are supported by the enterprise resource planning system (ERP)

174
Q

Business Process owner

A

The individual responsible for identifying process requirements, approving process design and managing process performance

175
Q

Business Process re-engineering

A

The thorough analysis and significant redesign of business processes and management systems to establish a better performing structure, more responsive to the customer base and market
conditions, while yielding material cost savings

176
Q

Business Risk

A

A probable situation with uncertain frequency and magnitude of loss (or gain)

177
Q

Business Service Provider

A

An application service provider (ASP) that also provides outsourcing of business processes such as payment processing, sales order processing and application development

178
Q

Business Sponsor

A

The individual accountable for delivering the benefits and value of an IT‐enabled business investment program to the enterprise

179
Q

Business-to-Business

A

Transactions in which the acquirer is an enterprise or an individual operating in the ambits of his/her professional activity. In this case, laws and regulations related to consumer protection are not applicable.

180
Q

Business-to-consumer

A

Selling processes in which the involved parties are the enterprise, which offers goods or services, and a consumer. In this case there is comprehensive legislation that protects the consume

181
Q

Business‐to‐consumer e‐commerce (B2C)

A

Refers to the processes by which enterprises conduct business electronically with their customers and/or public at large using the Internet as the enabling technology

182
Q

Cadbury

A

The Committee on the Financial Aspects of Corporate Governance, set up in May 1991 by the UK Financial Reporting Council, the London Stock Exchange and the UK accountancy profession, was chaired by Sir Adrian Cadbury and produced a report on the subject commonly known in the UK as
the Cadbury Report.