Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Cyber Security > Terms > Flashcards

Terms Flashcards

1
Q

Abend

A

An abnormal end to a computer job; termination of a task prior to its completion because of an error
condition that cannot be resolved by recovery facilities while the task is executing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Acceptable interruption window

A

The maximum period of time that a system can be unavailable before compromising the
achievement of the enterprise’s business objectives.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Acceptable Use policy

A

A policy that establishes an agreement between users and the enterprise and defines for all parties’
the ranges of use that are approved before gaining access to a network or the Internet.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Access control

A

The processes, rules and deployment mechanisms that control access to information systems,
resources and physical access to premises.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Access control list (ACL)

A

An internal computerized table of access rules regarding the levels of computer access permitted to
logon IDs and computer terminals.<br></br><br></br><strong>Scope Notes: </strong>Also referred to as access
control tables.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Access control table

A

An internal computerized table of access rules regarding the levels of computer access permitted to
logon IDs and computer terminals.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Access Method

A

The technique used for selecting records in a file, one at a time, for processing, retrieval or
storage.The access method is related to, but distinct from, the file organization, which determines
how the records are stored.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Access path

A

The logical route that an end user takes to access computerized
information.<br></br><br></br><strong>Scope Notes: </strong>Typically includes a route through the
operating system, telecommunications software, selected application software and the access control
system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Access rights

A

The permission or privileges granted to users, programs or workstations to create, change, delete or
view data and files within a system, as defined by rules established by data owners and the
information security policy.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Access server

A

Provides centralized access control for managing remote access dial-up services

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Accountability

A

The ability to map a given activity or event back to the responsible party.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Accountable party

A

The individual, group or entity that is ultimately responsible for a subject matter, process or
scope.<br></br><br></br><strong>Scope Notes: </strong>Within the IT Assurance Framework (ITAF), the term
“management” is equivalent to “accountable party.”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Acknowledgment (ACK)

A

A flag set in a packet to indicate to the sender that the previous packet sent was accepted correctly
by the receiver without errors, or that the receiver is now ready to accept a transmission.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Active recovery site (Mirrored)

A

A recovery strategy that involves two active sites, each capable of taking over the other’s workload in
the event of a disaster.<br></br><br></br><strong>Scope Notes: </strong>Each site will have enough idle
processing power to restore data from the other site and to accommodate the excess workload in the
event of a disaster.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Active response

A

A response in which the system either automatically, or in concert with the user, blocks or otherwise
affects the progress of a detected attack.<br></br><br></br><strong>Scope Notes: </strong>Takes one of
three forms: amending the environment, collecting more information or striking back against the
user

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Activity

A

The main actions taken to operate the COBIT process.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Address

A

Within computer storage, the code used to designate the location of a specific piece of data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Address space

A

The number of distinct locations that may be referred to with the machine address
<br></br><br></br><strong>Scope Notes:</strong> For most binary machines, it is equal to 2n, where n is the
number of bits in the machine address.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Addressing

A

The method used to identify the location of a participant in a network.<br></br><br></br><strong>Scope
Notes: </strong>Ideally, specifies where the participant is located rather than who they are (name)
or how to get there (routing).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Adjusting period

A

The calendar can contain “real” accounting periods and/or adjusting accounting periods. The “real”
accounting periods must not overlap and cannot have any gaps between them. Adjusting accounting
periods can overlap with other accounting periods.<br></br><br></br><strong>Scope Notes: </strong>For
example, a period called DEC-93 can be defined that includes 01-DEC-1993 through 31-DEC-1993. An
adjusting period called DEC31-93 can also be defined that includes only one day: 31-DEC-1993
through 31-DEC-1993.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Administrative contro

A

The rules, procedures and practices dealing with operational effectiveness, efficiency and adherence
to regulations and management policies.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Adware

A

A software package that automatically plays, displays or downloads advertising material to a
computer after the software is installed on it or while the application is being
used.<br></br><br></br><strong>Scope Notes: </strong>In most cases, this is done without any notification to
the user or without the user’s consent. The term adware may also refer to software that displays
advertisements, whether or not it does so with the user’s consent; such programs display
advertisements as an alternative to shareware registration fees. These are classified as adware in the
sense of advertising supported software, but not as spyware. Adware in this form does not operate
surreptitiously or mislead the user, and it provides the user with a specific service.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Alert situation

A

The point in an emergency procedure when the elapsed time passes a threshold and the interruption
is not resolved. The enterprise entering into an alert situation initiates a series of escalation steps.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Allocation entry

A

A recurring journal entry used to allocate revenues or costs.<br></br><br></br><strong>Scope Notes:
</strong>For example, an allocation entry could be defined to allocate costs to each department
based on head count.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Alpha

A

The use of alphabetic characters or an alphabetic character string

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Alternate facilities

A

Locations and infrastructures from which emergency or backup processes are executed, when the
main premises are unavailable or destroyed.<br></br><br></br><strong>Scope Notes: </strong>Includes
other buildings, offices or data processing centers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Alternate process

A

Automatic or manual process designed and established to continue critical business processes from
point-of-failure to return-to-normal.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Alternative routing

A

A service that allows the option of having an alternate route to complete a call when the marked
destination is not available <br></br><br></br><strong>Scope Notes:</strong> In signaling, alternate routing is
the process of allocating substitute routes for a given signaling traffic stream in case of failure(s)
affecting the normal signaling links or routes of that traffic stream.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

American Standard Code for Information Interchange

A

See ASCII

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Amortization

A

The process of cost allocation that assigns the original cost of an intangible asset to the periods
benefited; calculated in the same way as depreciation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Analog

A

A transmission signal that varies continuously in amplitude and time and is generated in wave
formation.<br></br><br></br><strong>Scope Notes: </strong>Analog signals are used in telecommunications

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

Analytical technique

A

The examination of ratios, trends, and changes in balances and other values between periods to
obtain a broad understanding of the enterprise’s financial or operational position and to identify
areas that may require further or closer investigation.<br></br><br></br><strong>Scope Notes:
</strong>Often used when planning the assurance assignment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

Anomaly

A

Unusual or statistically rare.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

Anomaly detection

A

Detection on the basis of whether the system activity matches that defined as abnormal

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

Anonymity

A

The quality or state of not being named or identified.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

Antivirus software

A

An application software deployed at multiple points in an IT architecture. It is designed to detect and
potentially eliminate virus code before damage is done and repair or quarantine files that have
already been infected.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

Appearance

A

The act of giving the idea or impression of being or doing something

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

Appearance of independence

A

Behavior adequate to meet the situations occurring during audit work (interviews, meetings,
reporting, etc.).<br></br><br></br><strong>Scope Notes: </strong>An IS auditor should be aware that
appearance of independence depends on the perceptions of others and can be influenced by
improper actions or associations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

Applet

A

A program written in a portable, platform-independent computer language, such as Java, JavaScript
or Visual Basic.<br></br><br></br><strong>Scope Notes: </strong>An applet is usually embedded in an
HyperText Markup Language (HTML) page downloaded from web servers and then executed by a
browser on client machines to run any web-based application (e.g., generate web page input forms,
run audio/video programs, etc.). Applets can only perform a restricted set of operations, thus
preventing, or at least minimizing, the possible security compromise of the host computers. However,
applets expose the user’s machine to risk if not properly controlled by the browser, which should not
allow an applet to access a machine’s information without prior authorization of the user.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

Application

A

A computer program or set of programs that performs the processing of records for a specific
function.<br></br><br></br><strong>Scope Notes: </strong>Contrasts with systems programs, such as an
operating system or network control program, and with utility programs, such as copy or sort

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

Application acquisition review

A

An evaluation of an application system being acquired or evaluated, that considers such matters as:
appropriate controls are designed into the system; the application will process information in a
complete, accurate and reliable manner; the application will function as intended; the application will
function in compliance with any applicable statutory provisions; the system is acquired in compliance
with the established system acquisition process

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

Application benchmarking

A

The process of establishing the effective design and operation of automated controls within an
application.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

Application controls

A

The policies, procedures and activities designed to provide reasonable assurance that objectives
relevant to a given automated solution (application) are achieved.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

Application development review

A

An evaluation of an application system under development that considers matters such as:
appropriate controls are designed into the system; the application will process information in a
complete, accurate and reliable manner; the application will function as intended; the application will
function in compliance with any applicable statutory provisions; the system is developed in
compliance with the established system development life cycle process.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

Application implementation review

A

An evaluation of any part of an implementation project.<br></br><br></br><strong>Scope Notes:
</strong>Examples include project management, test plans and user acceptance testing (UAT)
procedures.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

Application layer

A

In the Open Systems Interconnection (OSI) communications model, the application layer provides
services for an application program to ensure that effective communication with another application
program in a network is possible.<br></br><br></br><strong>Scope Notes: </strong>The application layer is
not the application that is doing the communication; a service layer that provides these services.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

Application maintenance review

A

An evaluation of any part of a project to perform maintenance on an application
system.<br></br><br></br><strong>Scope Notes: </strong>Examples include project management, test plans
and user acceptance testing (UAT) procedures.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

Application or managed service provider (ASP/MSP)

A

A third party that delivers and manages applications and computer services, including security
services to multiple users via the Internet or a private network.

49
Q

Application program

A

A program that processes business data through activities such as data entry, update or
query.<br></br><br></br><strong>Scope Notes: </strong>Contrasts with systems programs, such as an
operating system or network control program, and with utility programs such as copy or sort

50
Q

Application programming

A

The act or function of developing and maintaining application programs in production.

51
Q

Application programming interface (API)

A

A set of routines, protocols and tools referred to as “building blocks” used in business application
software development.<br></br><br></br><strong>Scope Notes: </strong>A good API makes it easier to
develop a program by providing all the building blocks related to functional characteristics of an
operating system that applications need to specify, for example, when interfacing with the operating
system (e.g., provided by Microsoft Windows, different versions of UNIX). A programmer utilizes
these APIs in developing applications that can operate effectively and efficiently on the platform
chosen.

52
Q

Application proxy

A

A service that connects programs running on internal networks to services on exterior networks by
creating two connections, one from the requesting client and another to the destination service.

53
Q

Application security

A

Refers to the security aspects supported by the application, primarily with regard to the roles or
responsibilities and audit trails within the applications.

54
Q

Application service provider (ASP)

A

Also known as managed service provider (MSP), it deploys, hosts and manages access to a packaged
application to multiple parties from a centrally managed facility.<br></br><br></br><strong>Scope Notes:
</strong>The applications are delivered over networks on a subscription basis.

55
Q

Application software tracing and mapping

A

Specialized tools that can be used to analyze the flow of data through the processing logic of the
application software and document the logic, paths, control conditions and processing
sequences.<br></br><br></br><strong>Scope Notes: </strong>Both the command language or job control
statements and programming language can be analyzed. This technique includes program/system:
mapping, tracing, snapshots, parallel simulations and code comparisons.

56
Q

Application system

A

An integrated set of computer programs designed to serve a particular function that has specific
input, processing and output activities.<br></br><br></br><strong>Scope Notes: </strong>Examples include
general ledger, manufacturing resource planning and human resource (HR) management

57
Q

Architecture

A

Description of the fundamental underlying design of the components of the business system, or of
one element of the business system (e.g., technology), the relationships among them, and the
manner in which they support enterprise objectives.

58
Q

Arithmetic logic unit (ALU)

A

The area of the central processing unit that performs mathematical and analytical operations

59
Q

Artificial intelligence

A

Advanced computer systems that can simulate human capabilities, such as analysis, based on a
predetermined set of rules

60
Q

ASCII

A

Representing 128 characters, the American Standard Code for Information Interchange (ASCII) code
normally uses 7 bits. However, some variations of the ASCII code set allow 8 bits. This 8-bit ASCII code
allows 256 characters to be represented.

61
Q

Assembler

A

A program that takes as input a program written in assembly language and translates it into machine
code or machine language

62
Q

Assembly Language

A

A low-level computer programming language which uses symbolic code and produces machine
instructions.

63
Q

Assessment

A

A broad review of the different aspects of a company or function that includes elements not covered
by a structured assurance initiative.<br></br><br></br><strong>Scope Notes: </strong>May include
opportunities for reducing the costs of poor quality, employee perceptions on quality aspects,
proposals to senior management on policy, goals, etc.

64
Q

Asset

A

Something of either tangible or intangible value that is worth protecting, including people,
information, infrastructure, finances and reputation.

65
Q

Assurance

A

Pursuant to an accountable relationship between two or more parties, an IT audit and assurance professional is engaged to issue a written communication expressing a
conclusion about the subject matters for which the accountable party is responsible. Assurance refers to a number of related activities designed to provide the reader or user of the report with a level of assurance or comfort over the subject matter. <br></br><br></br><strong>Scope Notes: </strong>Assurance engagements could include support for audited financial statements, reviews of controls, compliance with required standards and practices, and compliance with agreements, licenses, legislation and regulation.

66
Q

Assurance initiative

A

An objective examination of evidence for the purpose of providing an assessment on risk
management, control or governance processes for the enterprise.<br></br><br></br><strong>Scope Notes:
</strong>Examples may include financial, performance, compliance and system security
engagements

67
Q

Asymmetric key (public key)

A

A cipher technique in which different cryptographic keys are used to encrypt and decrypt a message
<br></br><br></br><strong>Scope Notes:</strong> See public key encryption

68
Q

Asynchronous Transfer Mode (ATM)

A

A high-bandwidth low-delay switching and multiplexing technology that allows integration of realtime voice and video as well as data. It is a data link layer protocol.<br></br><br></br><strong>Scope Notes:
</strong>ATM is a protocol-independent transport mechanism. It allows high-speed data transfer
rates at up to 155 Mbit/s. The acronym ATM should not be confused with the alternate usage for
ATM, which refers to an automated teller machine.

69
Q

Asynchronous transmission

A

Asynchronous transmission

70
Q

Attest reporting engagement

A

An engagement in which an IS auditor is engaged to either examine management’s assertion
regarding a particular subject matter or the subject matter directly.<br></br><br></br><strong>Scope Notes:
</strong>The IS auditor’s report consists of an opinion on one of the following: The subject matter.
These reports relate directly to the subject matter itself rather than to an assertion. In certain
situations management will not be able to make an assertion over the subject of the engagement. An
example of this situation is when IT services are outsourced to third party. Management will not
ordinarily be able to make an assertion over the controls that the third party is responsible for.
Hence, an IS auditor would have to report directly on the subject matter rather than on an assertion

71
Q

Attitude

A

Way of thinking, behaving, feeling, etc

72
Q

Attribute sampling

A

Method to select a portion of a population based on the presence or absence of a certain characteristic

73
Q

Audit

A

Formal inspection and verification to check whether a standard or set of guidelines is being followed,
records are accurate, or efficiency and effectiveness targets are being met.<br></br><br></br><strong>Scope
Notes: </strong>May be carried out by internal or external groups

74
Q

Audit accountability

A

Performance measurement of service delivery including cost, timeliness and quality against agreed
service levels.

75
Q

Audit authority

A

A statement of the position within the enterprise, including lines of reporting and the rights of access

76
Q

Audit charter

A

A document approved by those charged with governance that defines the purpose, authority and
responsibility of the internal audit activity.<br></br><br></br><strong>Scope Notes: </strong>The charter
should:<br></br><br></br>- Establish the internal audit funtion’s position within the enterprise<br></br><br></br>-
Authorise access to records, personnel and physical properties relevant to the performance of IS
audit and assurance engagementsDefine the scope of audit function’s activities

77
Q

Audit evidence

A

The information used to support the audit opinion.

78
Q

Audit expert systems

A

Expert or decision support systems that can be used to assist IS auditors in the decision-making
process by automating the knowledge of experts in the field.<br></br><br></br><strong>Scope Notes:
</strong>This technique includes automated risk analysis, systems software and control objectives
software packages.

79
Q

Audit objective

A

The specific goal(s) of an audit.<br></br><br></br><strong>Scope Notes: </strong>These often center on
substantiating the existence of internal controls to minimize business risk.

80
Q

Audit plan

A
  1. A plan containing the nature, timing and extent of audit procedures to be performed by
    engagement team members in order to obtain sufficient appropriate audit evidence to form an
    opinion.<br></br><br></br><strong>Scope Notes: </strong>Includes the areas to be audited, the type of work planned, the high-level objectives and scope of the work, and topics such as budget, resource
    allocation, schedule dates, type of report and its intended audience and other general aspects of the
    work<br></br><br></br>2. A high-level description of the audit work to be performed in a certain period of
    time.
81
Q

Audit program

A

A step-by-step set of audit procedures and instructions that should be performed to complete an
audit

82
Q

Audit responsibility

A

The roles, scope and objectives documented in the service level agreement (SLA) between management and audit

83
Q

Audit risk

A

The risk of reaching an incorrect conclusion based upon audit findings.<br></br><br></br><strong>Scope
Notes: </strong>The three components of audit risk are:<br></br><br></br>- Control risk<br></br><br></br>-
Detection risk<br></br><br></br>- Inherent risk

84
Q

Audit sampling

A

The application of audit procedures to less than 100 percent of the items within a population to obtain audit evidence about a particular characteristic of the population.

85
Q

Audit trail

A

A visible trail of evidence enabling one to trace information contained in statements or reports back
to the original input source

86
Q

Audit universe

A

An inventory of audit areas that is compiled and maintained to identify areas for audit during the
audit planning process.<br></br><br></br><strong>Scope Notes: </strong>Traditionally, the list includes all
financial and key operational systems as well as other units that would be audited as part of the
overall cycle of planned work. The audit universe serves as the source from which the annual audit
schedule is prepared. The universe will be periodically revised to reflect changes in the overall risk
profile

87
Q

Auditability

A

The level to which transactions can be traced and audited through a system.

88
Q

Auditable unit

A

Subjects, units or systems that are capable of being defined and evaluated.<br></br><br></br><strong>Scope
Notes: </strong>Auditable units may include:<li>Policies, procedures and practices</li><li>Cost
centers, profit centers and investment centers</li><li>General ledger account
balances</li><li>Information systems (manual and computerized)</li><li>Major contracts and
programs </li><li>Organizational units, such as product or service lines </li><li>Functions, such as
information technology (IT), purchasing, marketing, production, finance, accounting and human
resources (HR)</li><li>Transaction systems for activities, such as sales, collection, purchasing,
disbursement, inventory and cost accounting, production, treasury, payroll, and capital
assets</li><li>Financial statements</li><li>Laws and regulations</li>

89
Q

Authentication

A
  1. The act of verifying identity, i.e., user, system.<br></br><br></br><strong>Scope Notes:</strong> Risk: Can
    also refer to the verification of the correctness of a piece of data.<br></br><br></br>2. The act of verifying the
    identity of a user, the user’s eligibility to access computerized information.<br></br><br></br><strong>Scope
    Notes: </strong>Assurance: Authentication is designed to protect against fraudulent logon activity. It
    can also refer to the verification of the correctness of a piece of data.
90
Q

Automated application controls

A

Controls that have been programmed and embedded within an application

91
Q

Availability

A

Ensuring timely and reliable access to and use of information

92
Q

Awareness

A

Being acquainted with, mindful of, conscious of and well informed on a specific subject, which implies
knowing and understanding a subject and acting accordingly.

93
Q

Accountability of governance

A

Governance ensures that enterprise objectives are achieved by evaluating stakeholder needs,
conditions and options; setting direction through prioritization and decision making; and monitoring
performance, compliance and progress against plans. In most enterprises, governance is the
responsibility of the board of directors under the leadership of the chairperson.
<br></br><br></br><strong>Scope Notes: </strong>COBIT 5 perspective

94
Q

Alignment

A

A state where the enablers of governance and management of enterprise IT support the goals and
strategies of the enterprise<br></br><br></br><strong>Scope Notes: </strong>COBIT 5 perspective

95
Q

Application architecture

A

Description of the logical grouping of capabilities that manage the objects necessary to process
information and support the enterprise’s objectives.<br></br><br></br><strong>Scope Notes: </strong>COBIT
5 perspective

96
Q

Architecture board

A

A group of stakeholders and experts who are accountable for guidance on enterprise-architecturerelated matters and decisions, and for setting architectural policies and standards
<br></br><br></br><strong>Scope Notes: </strong>COBIT 5 perspective

97
Q

Advanced Encryption Standard (AES)

A

A public algorithm that supports keys from 128 bits to 256 bits in size

98
Q

Advanced persistent threat (APT)

A

An adversary that possesses sophisticated levels of expertise and significant resources which allow it
to create opportunities to achieve its objectives using multiple attack vectors (NIST SP800-
61).<br></br><br></br><strong>Scope Notes: </strong>The APT:<br></br><br></br>1. pursues its objectives
repeatedly over an extended period of time<br></br><br></br>2. Adapts to defenders’ efforts to resist it<br></br><br></br>3. is determined to maintain the level of interaction needed to execute its objectives

99
Q

Adversary

A

A threat agent

100
Q

Assertion

A

Any formal declaration or set of declarations about the subject matter made by
management.<br></br><br></br><strong>Scope Notes: </strong>Assertions should usually be in writing and
commonly contain a list of specific attributes about the subject matter or about a process involving
the subject matter.

101
Q

Assurance engagement

A

An objective examination of evidence for the purpose of providing an assessment on risk
management, control or governance processes for the enterprise.<br></br><br></br><strong>Scope Notes:
</strong>Examples may include financial, performance, compliance and system security
engagements

102
Q

Attack

A

An actual occurrence of an adverse event

103
Q

Attack mechanism

A

A method used to deliver the exploit. Unless the attacker is personally performing the attack, an
attack mechanism may involve a payload, or container, that delivers the exploit to the target.

104
Q

Attack vector

A

A path or route used by the adversary to gain access to the target (asset).<br></br><br></br><strong>Scope
Notes: </strong>There are two types of attack vectors: ingress and egress (also known as data
exfiltration)

105
Q

Attenuation

A

Reduction of signal strength during transmission

106
Q

Audit subject matter risk

A

Risk relevant to the area under review: <br></br><br></br>- Business risk (customer capability to pay, credit
worthiness, market factors, etc.)<br></br><br></br>- Contract risk (liability, price, type, penalties, etc.)<br></br><br></br>- Country risk (political, environment, security, etc.)<br></br><br></br>- Project risk (resources, skill
set, methodology, product stability, etc.)<br></br><br></br>- Technology risk (solution, architecture,
hardware and software infrastructure network, delivery channels, etc.).<br></br><br></br><strong>Scope
Notes: </strong>See inherent risk

107
Q

Auditor’s opinion

A

A formal statement expressed by the IS audit or assurance professional that describes the scope of
the audit, the procedures used to produce the report and whether or not the findings support that
the audit criteria have been met.<br></br><br></br><strong>Scope Notes: </strong>The types of opinions
are:<br></br><br></br>- Unqualified opinion: Notes no exceptions or none of the exceptions noted
aggregate to a significant deficiency<br></br><br></br>- Qualified opinion: Notes exceptions aggregated to a
significant deficiency (but not a material weakness)<br></br><br></br>- Adverse opinion: Notes one or more
significant deficiencies aggregating to a material weakness

108
Q

Authenticity

A

Undisputed authorship

109
Q

Application containerization

A

A mechanism that is used to isolate applications from each other within the context of a running
operating system instance. In much the same way that a logical partition (LPAR) provides
segmentation of system resources in mainframes, a computing environment employing containers
segments and isolates the underlying system services so that they are logically sequestered from
each other.

110
Q

asymmetric cipher

A

Most implementations of asymmetric ciphers combine a widely distributed public key and a closely
held, protected private key. A message that is encrypted by the public key can only be decrypted by
the mathematically related, counterpart

111
Q

Backbone

A

The main communication channel of a digital network. The part of a network that handles the major
traffic <br></br><br></br><strong>Scope Notes: </strong>Employs the highest-speed transmission paths in
the network and may also run the longest distances. Smaller networks are attached to the backbone,
and networks that connect directly to the end user or customer are called “access networks.” A
backbone can span a geographic area of any size from a single building to an office complex to an
entire country. Or, it can be as small as a
backplane in a single cabinet.

112
Q

Backup

A

Files, equipment, data and procedures available for use in the event of a failure or loss, if the originals
are destroyed or out of service.

113
Q

Backup center

A

An alternate facility to continue IT/IS operations when the primary data processing (DP) center is
unavailable.

114
Q

Badge

A

A card or other device that is presented or displayed to obtain access to an otherwise restricted
facility, as a symbol of authority (e.g., the police), or as a simple means of
identification.<br></br><br></br><strong>Scope Notes: </strong>Also used in advertising and publicity.

115
Q

Balanced scorecard (BSC)

A

Developed by Robert S. Kaplan and David P. Norton as a coherent set of performance measures
organized into four categories that includes traditional financial measures, but adds customer,
internal business process, and learning and growth perspectives.

116
Q

Bandwidth

A

The range between the highest and lowest transmittable frequencies. It equates to the transmission
capacity of an electronic line and is expressed in bytes per second or Hertz (cycles per second).

117
Q

Bar code

A

A printed machine-readable code that consists of parallel bars of varied width and spacing.

118
Q

Base case

A

A standardized body of data created for testing purposes.<br></br><br></br><strong>Scope Notes:
</strong>Users normally establish the data. Base cases validate production application systems and
test the ongoing accurate operation of the system.

Cyber Security (4 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions