CISA Glossary Flashcards Preview

CISA Stuff > CISA Glossary > Flashcards

Flashcards in CISA Glossary Deck (500)
Loading flashcards...

Abend *

An abnormal end to a computer job; termination of a task prior to its completion because of an error condition that cannot be resolved by recovery facilities while the task is executing.


Acceptable use policy

A policy that establishes an agreement between users and the enterprise and defines for all parties' the ranges of use that are approved before gaining access to a network or the Internet


Access control *

The processes, rules and deployment mechanisms that control access to information systems, resources and physical access to premises.


Access control list (ACL) *

An internal computerized table of access rules regarding the levels of computer access permitted to logon IDs and computer terminals. Also referred to as access control tables.


Access control table *

An internalized computerized table of access rules regarding the levels of computer access permitted to logon IDs and computer terminals.


Access path *

The logical route an end user takes to access computerized information. Typically, it includes a route through the operating system, telecommunications software, selected application software and the access control system.


Access rights *

The permission or privileges granted to users, programs or workstations to create, change, delete or view data and files within a system, as defined by rules established by data owners and the information security policy.


Access servers *

Provides centralized access control for managing remote access dial-up servers.


Access method *

The technique used for selecting records in a file; one at a time, for processing, retrieval or storage. The access method is related to, but distinct from, the file organization, which determines how the records are stored.


Address *

Within computer storage, the code used to designate the location of a specified piece of data.


Address space *

The number of distinct locations that may be referred to with the machine address. For most binary machines it is equal to 2n, where n is the number of bits in the machine address.


Addressing *

The method used to identify the location of a participant in a network. Ideally, adressing specifies where the participant is located rather than who they are (name) or how to get there (routing).


Administrative audit

Verifies that appropriate policies and procedures exist, and that they have been implemented as management intended. This audit focuses on operational effectiveness and efficiency.


Administrative controls *

The rules, procedures and practices dealing with operational effectiveness, efficiency and adherence to regulations and management policies.


Advanced Encryption Standard (AES)

Symmetric-key encryption system designed by Belgian mathematicians. Also known as the Rijndael, Advanced Encryption Standard (AES) replaces the outdated Data Encryption Standard (DES) previously used by the U.S. government. This is the de facto standard for many applications because AES is approved by the U.S. National Institute of Standards and Technology (NIST) for unclassified and certain classified information.


Adware *

A software package that automatically plays, displays or downloads advertising material to a computer after the software is installed on it or while the application is being used. In most cases, this is done without any notification to the user or without the user's consent. The term adware may also refer to software that displays advertisements, whther or not it does so with the user's consent; such programs display advertisements as an alternative to shareware registration fees. These are classified as adware in the sense of advertising supported software, but not as spyware. Adware in this form does not operate surreptitiously or mislead the user, an dprovides the user with a specific service.



Changes to data in the database are held in a temporary file called the after-image journal. The transaction can be reversed (discarded) until the program writes the change into the master file. Also see before-image and ACID principle.


Agile development

A micromanagement methodology to force development within a series of short time boxes. Agile is used for the development of prototypes. The focus is on tactile knowledge in a person's mind, rather than the use of formal SDLC design and development documentation.


Alpha *

The use of alphabetic characters or an alphabetic character string.


Alternative routing *

A service that allows the option of having an alternate route to complete a call when the marked destination is not available. In signalling, alternate routing is the process of allocating substitute routes for a given signaling traffic stream in case of failure(s) affecting the normal signalling links or routes of that traffic stream.


American Standard Code for Information Interchange *



Analog *

A transmission signal that varies continuously in amplitude and time, and is generated in wave formation. Analog signals are used in telecommunications.


Antivirus software *

An application software deployed at multiple points in an IT architecture It is designed to detect and potentially eliminate virus code before damage is done and repair or quarantine files that have already been infected.


Applet *

A program written in a portable, platform independent computer language such as Java, JavaScript or Visual Basic. An applet is usually embedded in a Hypertext Markup Langiage (HTML) page downloaded from web servers and then executed by a browser on client mahcines to run any web-based application (e.g. generate web page input forms, run audio/video programs, etc.). Applets can only perform a restricted set of operations, thus preventing, or at least minimizing, the possible security compromise of the host computers. However, applets expose the user's machine to risk if not properly controlled by the browser, which should not allow an applet to access a machine's information without prior authorization of the user.


Application *

A computer program or set of programs that perform the processing of records for a specific function. Contrasts with systems programs, such as an operating system or network control program, and with utility programs, such as copy or sort.


Application controls *

The policies, procedures and activities designed to provide reasonable assurance that objectives relevant to a given automated solution (application) are achieved (application). Note: The lowest level of control, usually governing system use or internal program controls. Application controls are easily subverted if higher-level controls governing the operating environment are missing or ineffective. Higher controls include general controls, pervasive controls, and detailed controls.


Application layer *

In the Open Systems Interconnection (OSI) communications model, the application layer provides services for an application program to ensure that effective communication woth another application program in a network is possible. The application layer is not the application that is doing the communication; there is a service layer that provides these services. Anew: the highest layer of the OSI model is layer 7. The Application layer runs problem-solving software for the user. This layer provides the interface between the user and the computer program.


Application program *

A program that processes business data through activities such as data entry, update or query. Contrasts with system programs, such as an operating system or network contorl program, and with utility programs such as copy or sort.


Application programming *

The act or function of developing and maintaining applications programs in production.


Application programming interface (API) *

"A set of routines, protocols and tools referred to as ""building blocks"" used in business application software development. A good API makes it easier to develop a program by providing all of the building blocks related to functional characteristics of an operating system that applications need to specify, for example, when interfacing with the operating system (e.g., provided by Microsoft Windows, different versions of UNIX). A programer utilizes these APIs in developing applications that can operate effectively and efficiently on the platform chosen."