Terms Flashcards
Abend
An abnormal end to a computer job; termination of a task prior to its completion because of an error
condition that cannot be resolved by recovery facilities while the task is executing.
Acceptable interruption window
The maximum period of time that a system can be unavailable before compromising the
achievement of the enterprise’s business objectives.
Acceptable Use policy
A policy that establishes an agreement between users and the enterprise and defines for all parties’
the ranges of use that are approved before gaining access to a network or the Internet.
Access control
The processes, rules and deployment mechanisms that control access to information systems,
resources and physical access to premises.
Access control list (ACL)
An internal computerized table of access rules regarding the levels of computer access permitted to
logon IDs and computer terminals.<br></br><br></br><strong>Scope Notes: </strong>Also referred to as access
control tables.
Access control table
An internal computerized table of access rules regarding the levels of computer access permitted to
logon IDs and computer terminals.
Access Method
The technique used for selecting records in a file, one at a time, for processing, retrieval or
storage.The access method is related to, but distinct from, the file organization, which determines
how the records are stored.
Access path
The logical route that an end user takes to access computerized
information.<br></br><br></br><strong>Scope Notes: </strong>Typically includes a route through the
operating system, telecommunications software, selected application software and the access control
system.
Access rights
The permission or privileges granted to users, programs or workstations to create, change, delete or
view data and files within a system, as defined by rules established by data owners and the
information security policy.
Access server
Provides centralized access control for managing remote access dial-up services
Accountability
The ability to map a given activity or event back to the responsible party.
Accountable party
The individual, group or entity that is ultimately responsible for a subject matter, process or
scope.<br></br><br></br><strong>Scope Notes: </strong>Within the IT Assurance Framework (ITAF), the term
“management” is equivalent to “accountable party.”
Acknowledgment (ACK)
A flag set in a packet to indicate to the sender that the previous packet sent was accepted correctly
by the receiver without errors, or that the receiver is now ready to accept a transmission.
Active recovery site (Mirrored)
A recovery strategy that involves two active sites, each capable of taking over the other’s workload in
the event of a disaster.<br></br><br></br><strong>Scope Notes: </strong>Each site will have enough idle
processing power to restore data from the other site and to accommodate the excess workload in the
event of a disaster.
Active response
A response in which the system either automatically, or in concert with the user, blocks or otherwise
affects the progress of a detected attack.<br></br><br></br><strong>Scope Notes: </strong>Takes one of
three forms: amending the environment, collecting more information or striking back against the
user
Activity
The main actions taken to operate the COBIT process.
Address
Within computer storage, the code used to designate the location of a specific piece of data
Address space
The number of distinct locations that may be referred to with the machine address
<br></br><br></br><strong>Scope Notes:</strong> For most binary machines, it is equal to 2n, where n is the
number of bits in the machine address.
Addressing
The method used to identify the location of a participant in a network.<br></br><br></br><strong>Scope
Notes: </strong>Ideally, specifies where the participant is located rather than who they are (name)
or how to get there (routing).
Adjusting period
The calendar can contain “real” accounting periods and/or adjusting accounting periods. The “real”
accounting periods must not overlap and cannot have any gaps between them. Adjusting accounting
periods can overlap with other accounting periods.<br></br><br></br><strong>Scope Notes: </strong>For
example, a period called DEC-93 can be defined that includes 01-DEC-1993 through 31-DEC-1993. An
adjusting period called DEC31-93 can also be defined that includes only one day: 31-DEC-1993
through 31-DEC-1993.
Administrative contro
The rules, procedures and practices dealing with operational effectiveness, efficiency and adherence
to regulations and management policies.
Adware
A software package that automatically plays, displays or downloads advertising material to a
computer after the software is installed on it or while the application is being
used.<br></br><br></br><strong>Scope Notes: </strong>In most cases, this is done without any notification to
the user or without the user’s consent. The term adware may also refer to software that displays
advertisements, whether or not it does so with the user’s consent; such programs display
advertisements as an alternative to shareware registration fees. These are classified as adware in the
sense of advertising supported software, but not as spyware. Adware in this form does not operate
surreptitiously or mislead the user, and it provides the user with a specific service.
Alert situation
The point in an emergency procedure when the elapsed time passes a threshold and the interruption
is not resolved. The enterprise entering into an alert situation initiates a series of escalation steps.
Allocation entry
A recurring journal entry used to allocate revenues or costs.<br></br><br></br><strong>Scope Notes:
</strong>For example, an allocation entry could be defined to allocate costs to each department
based on head count.
Alpha
The use of alphabetic characters or an alphabetic character string
Alternate facilities
Locations and infrastructures from which emergency or backup processes are executed, when the
main premises are unavailable or destroyed.<br></br><br></br><strong>Scope Notes: </strong>Includes
other buildings, offices or data processing centers
Alternate process
Automatic or manual process designed and established to continue critical business processes from
point-of-failure to return-to-normal.
Alternative routing
A service that allows the option of having an alternate route to complete a call when the marked
destination is not available <br></br><br></br><strong>Scope Notes:</strong> In signaling, alternate routing is
the process of allocating substitute routes for a given signaling traffic stream in case of failure(s)
affecting the normal signaling links or routes of that traffic stream.
American Standard Code for Information Interchange
See ASCII
Amortization
The process of cost allocation that assigns the original cost of an intangible asset to the periods
benefited; calculated in the same way as depreciation
Analog
A transmission signal that varies continuously in amplitude and time and is generated in wave
formation.<br></br><br></br><strong>Scope Notes: </strong>Analog signals are used in telecommunications
Analytical technique
The examination of ratios, trends, and changes in balances and other values between periods to
obtain a broad understanding of the enterprise’s financial or operational position and to identify
areas that may require further or closer investigation.<br></br><br></br><strong>Scope Notes:
</strong>Often used when planning the assurance assignment
Anomaly
Unusual or statistically rare.
Anomaly detection
Detection on the basis of whether the system activity matches that defined as abnormal
Anonymity
The quality or state of not being named or identified.
Antivirus software
An application software deployed at multiple points in an IT architecture. It is designed to detect and
potentially eliminate virus code before damage is done and repair or quarantine files that have
already been infected.
Appearance
The act of giving the idea or impression of being or doing something
Appearance of independence
Behavior adequate to meet the situations occurring during audit work (interviews, meetings,
reporting, etc.).<br></br><br></br><strong>Scope Notes: </strong>An IS auditor should be aware that
appearance of independence depends on the perceptions of others and can be influenced by
improper actions or associations
Applet
A program written in a portable, platform-independent computer language, such as Java, JavaScript
or Visual Basic.<br></br><br></br><strong>Scope Notes: </strong>An applet is usually embedded in an
HyperText Markup Language (HTML) page downloaded from web servers and then executed by a
browser on client machines to run any web-based application (e.g., generate web page input forms,
run audio/video programs, etc.). Applets can only perform a restricted set of operations, thus
preventing, or at least minimizing, the possible security compromise of the host computers. However,
applets expose the user’s machine to risk if not properly controlled by the browser, which should not
allow an applet to access a machine’s information without prior authorization of the user.
Application
A computer program or set of programs that performs the processing of records for a specific
function.<br></br><br></br><strong>Scope Notes: </strong>Contrasts with systems programs, such as an
operating system or network control program, and with utility programs, such as copy or sort
Application acquisition review
An evaluation of an application system being acquired or evaluated, that considers such matters as:
appropriate controls are designed into the system; the application will process information in a
complete, accurate and reliable manner; the application will function as intended; the application will
function in compliance with any applicable statutory provisions; the system is acquired in compliance
with the established system acquisition process
Application benchmarking
The process of establishing the effective design and operation of automated controls within an
application.
Application controls
The policies, procedures and activities designed to provide reasonable assurance that objectives
relevant to a given automated solution (application) are achieved.
Application development review
An evaluation of an application system under development that considers matters such as:
appropriate controls are designed into the system; the application will process information in a
complete, accurate and reliable manner; the application will function as intended; the application will
function in compliance with any applicable statutory provisions; the system is developed in
compliance with the established system development life cycle process.
Application implementation review
An evaluation of any part of an implementation project.<br></br><br></br><strong>Scope Notes:
</strong>Examples include project management, test plans and user acceptance testing (UAT)
procedures.
Application layer
In the Open Systems Interconnection (OSI) communications model, the application layer provides
services for an application program to ensure that effective communication with another application
program in a network is possible.<br></br><br></br><strong>Scope Notes: </strong>The application layer is
not the application that is doing the communication; a service layer that provides these services.
Application maintenance review
An evaluation of any part of a project to perform maintenance on an application
system.<br></br><br></br><strong>Scope Notes: </strong>Examples include project management, test plans
and user acceptance testing (UAT) procedures.