Glossary- R

Question 1

race condition

Answer 1

A type of attack where an attacker is attempting to exploit a small window of time that may exist between the time that a resource is requested and when it is available for use.

Question 2

radio resource control (RRC)

Answer 2

A part of the UTMS WCDMA wireless telecommunica- tions protocol that is used to facilitate the allocation of connections between mobile devices and base stations.

Question 3

random access memory (RAM)

Answer 3

A type of semiconductor memory usually used for a computer’s main storage.

Question 4

rapid application development (RAD)

Answer 4

A software development life cycle process characterized by small development teams, prototypes, design sessions with end users, and development tools that integrate data design, data flow, user interface, and proto- typing.

Question 5

razor wire

Answer 5

Coiled wire with razor-like barbs that may be placed along the top of a fence or wall to prevent or deter passage by unauthorized personnel.

Question 6

read-only memory (ROM)

Answer 6

An early form of permanent memory that cannot be modified.

Question 7

reciprocal site

Answer 7

A data center that is operated by another company. Two or more orga- nizations with similar processing needs will draw up a legal contract that obligates one or more of the organizations to temporarily house another party’s systems in the event of a disaster.

Question 8

records

Answer 8

Documents describing business events such as meeting minutes, contracts, financial transactions, decisions, purchase orders, logs, and reports.

Question 9

recovery control

Answer 9

A control that is used after an unwanted event to restore a system or process to its pre-event state.

Question 10

recovery point objective (RPO)

Answer 10

The time during which recent data will be irretriev- ably lost in a disaster. RPO is usually measured in hours or days.

Question 11

recovery procedure

Answer 11

Instructions that key personnel use to bootstrap services that support critical business functions identified in the business impact assessment (BIA).

Question 12

recovery strategy

Answer 12

A high-level plan for the resumption of business operations after a disaster.

Question 13

recovery time objective (RTO)

Answer 13

The period from the onset of an outage until the re- sumption of service. RTO is usually measured in hours or days.

Question 14

reduced sign-on

Answer 14

The use of a centralized directory service (such as LDAP or Microsoft Active Directory) for authentication into systems and applications. Users will need to log in to each system and application, using one set of login credentials.

Question 15

redundant array of independent disks (RAID)

Answer 15

A family of technologies that is used to improve the reliability, performance, or size of disk-based storage systems.

Question 16

referential integrity

Answer 16

The characteristic of relational database management systems that requires the database management system maintain the parent-child relationships between records in different tables and prohibits activities such as deleting parent re- cords and transforming child records into orphans.

Question 17

registration authority (RA)

Answer 17

An entity that works within or alongside a certificate au- thority (CA) to accept requests for new digital certificates.

Question 18

regulatory requirements

Answer 18

Formal statements, derived from laws and regulations, that describe the required characteristics a system must support.

Question 19

relational database management system (rDBMS)

Answer 19

A database management system that permits the design of a database consisting of one or more tables that can contain fields that refer to rows in other tables. This is currently the most popular type of data- base management system.

Question 20

release management

Answer 20

The IT function that controls the release of software programs, applications, and environments. See also IT service management.

Question 21

remote access

Answer 21

A service that permits a user to establish a network connection from a remote location so that the user can access network resources remotely.

Question 22

remote copy (RCP)

Answer 22

A TCP/IP application layer protocol that is an early file transfer protocol used to copy files or directories from system to system.

Question 23

remote desktop protocol (RDP)

Answer 23

A proprietary protocol from Microsoft that is used to establish a graphic interface connection with another computer.

Question 24

remote destruct

Answer 24

The act of commanding a device, such as a laptop computer or mo- bile device, to destroy stored data. Remote destruct is sometimes used when a device is lost or stolen to prevent anyone from being able to read data stored on the device.

Question 25

remote login (rlogin)

Answer 25

A TCP/IP application layer protocol used to establish a command-line session on a remote system. Like TELNET, rlogin does not encrypt au- thentication or session contents, and has been largely replaced by secure shell (SSH). See also TELNET, secure shell (SSH).

Question 26

remote procedure call (RPC)

Answer 26

A network protocol that permits an application to ex- ecute a subroutine or procedure on another computer.

Question 27

repeater

Answer 27

An Ethernet network device that receives and retransmits signals on the network.

Question 28

reperformance

Answer 28

An audit technique where an IS auditor repeats actual tasks performed by auditees in order to confirm they were performed properly.

Question 29

replication

Answer 29

An activity where data that is written to a storage system is also copied over a network to another storage system and written. The result is the presence of up- to-date data that exists on two or more storage systems, each of which could be located in a different geographic region.

Question 30

request for change (RFC)

Answer 30

See change request.

Question 31

request for proposal (RFP)

Answer 31

A formal process where an organization solicits solution proposals from one or more vendors. The process usually includes formal requirements and desired terms and conditions. It is used to formally evaluate vendor proposals in order to make a selection.

Question 32

requirements

Answer 32

Formal statements that describe required (and desired) characteristics of a system that is to be built or acquired.

Question 33

residual risk

Answer 33

The risk that remains after being reduced through other risk treatment options.

Question 34

response document

Answer 34

Required action of personnel after a disaster strikes. Includes business recovery plan, occupant emergency plan, emergency communication plan, contact lists, disaster recovery plan, continuity of operations plan (COOP), and secu- rity incident response plan (SIRP).

Question 35

responsibility

Answer 35

A stated expectation of activities and performance.

Question 36

return on investment (ROI)

Answer 36

The ratio of money gained or lost as compared to an

original investment.

Question 37

reverse address resolution protocol (RARP)

Answer 37

A TCP/IP link layer protocol that is used by a station that needs to know the IP address that has been assigned to it. RARP has been largely superseded by DHCP. See also Dynamic Host Configuration Protocol (DHCP).

Question 38

reverse engineering

Answer 38

The process of analyzing a system to see how it functions, usu- ally as a means for developing a similar system. Reverse engineering is usually not per- mitted when it is applied to commercial software programs.

Question 39

right to audit

Answer 39

A clause in a contract where one party has the right to conduct an audit of the other party’s operations.

Question 40

ring topology

Answer 40

A network topology where connections are made from one station to the next, in a complete loop.

Question 41

RISC (reduced instruction set computer)

Answer 41

A central processing unit design that uses a smaller instruction set, which leads to simpler microprocessor design. See also central processing unit.

Question 42

risk

Answer 42

Generally, the fact that undesired events can happen that may damage property or disrupt operations; specifically, an event scenario that can result in property damage or disruption.

Question 43

risk acceptance

Answer 43

The risk treatment option where management chooses to accept the risk as-is.

Question 44

risk analysis

Answer 44

The process of identifying and studying risks in an organization.

Question 45

risk assessment

Answer 45

A process where risks, in the form of threats and vulnerabilities, are
identified for each asset.

Question 46

risk avoidance

Answer 46

The risk treatment option involving a cessation of the activity that introduces identified risk.

Question 47

Risk IT Framework

Answer 47

A risk management model that approaches risk from the enter- prise perspective.

Question 48

risk management

Answer 48

The management activities used to identify, analyze, and treat risks.

Question 49

risk mitigation

Answer 49

The risk treatment option involving implementation of a solution
that will reduce an identified risk.

Question 50

risk transfer

Answer 50

The risk treatment option involving the act of transferring risk to an- other party, such as an insurance company.

Question 51

risk treatment

Answer 51

The decision to manage an identified risk. The available choices are mitigate the risk, avoid the risk, transfer the risk, or accept the risk.

Question 52

role

Answer 52

A set of privileges in an application. Also a formally defined set of work tasks as- signed to an individual.

Question 53

rollback

Answer 53

A step in the software development life cycle where system changes need to be reversed, returning the system to its previous state.

Question 54

rootkit

Answer 54

A type of malware that is designed to evade detection.

Question 55

router

Answer 55

A device that is used to interconnect two or more networks.

Question 56

routing information protocol (RIP)

Answer 56

A TCP/IP routing protocol that is used to transmit network routing information from one network router to another in order to determine the most efficient path through a network. RIP is one of the earliest routing protocols and is not used for Internet routing.

Question 57

row

Answer 57

A unit of storage in a relational database management system (rDBMS) that con- sists of a single record in a table. See also relational database management system, table.

Question 58

RPC gateway

Answer 58

A system that facilitates communication through the RPC suite of pro- tocols between components in an application environment.

Question 59

RS-232

Answer 59

A standard protocol for sending serial data between computers.

Question 60

RS-449

Answer 60

A standard protocol for sending serial data between network devices.