CISA Refresher 6 Flashcards Preview

CISA Stuff > CISA Refresher 6 > Flashcards

Flashcards in CISA Refresher 6 Deck (500):
1

Audit Charter

document that states management's objectives for and delegation of authority to IS audit. Should be approved at the highest levels of management, and should outline the overall authority scope, and responsibilities of the audit function. Should not significantly change over time.

2

Engagement Letter

a letter that formalizes the contract between the auditor and the client and outlines the responsibilities of both parties; focused on a particular audit exercise that is sought to be initiated in an organization with a specific objective in mind

3

Audit Plan

A list of the audit procedures the auditors need to perform to gather sufficient appropriate evidence on which to base their opinion on the financial statements; consists of both short-term and long-term planning

4

Sarbanes-Oxley Act of 2002

Law that requires companies to maintain adequate systems of internal control

5

Professional Independence

In all matters related to the audit, the IS auditor should be independent of the auditee in both attitude and appearance

6

Organizational Independence

The IS audit function should be independent of the area or activity being reviewed to permit objective completion of the audit assignment

7

Audit Risk

the risk that information may contain a material error that may go undetected during the course of the audit

8

Error Risk

the risk of errors occurring in the area being audited

9

Information Technology Assurance Framework (ITAF)

provides an integrated process (involving technical and non-technical aspects) for developing and deploying IT systems with intrinsic and appropriate security measures in order to meet the organizations mission

10

General standards

standards that establish the guiding principles under which the IT assurance profession operates; they apply to the conduct of all assignments, and deal with the IT audit and assurance professional's ethics, independence, objectivity and due care, as well as knowledge, competency and skill

11

Performance standards

standards that establish baseline expectations in the conduct of IT assurance engagements; focused on the design of the assurance work, the conduct of the assurance, the evidence required, and the development of assurance and audit findings and conclusions

12

Reporting standards

standards that address the types of audit reports, means of communication, and information to be communicated at the conclusion of an audit

13

Risk analysis

part of audit planning, and helps identify risks and vulnerabilities so the IS auditor can determine the controls needed to mitigate those risks

14

Risk

the potential that a given threat will exploit vulnerabilities of an asset or group of assets and thereby cause harm to the organization; the combination of the probability of an event and its consequence

15

Business Risk

a risk that may negatively impact the assets, processes or objectives of a specific business or organization

16

IT Risk

the risk associated with the use, ownership, operation, involvement, influence, and adoption of IT within an enterprise

17

Risk Assessment Process

1. Identify Business Objectives

18

Internal controls

normally composed of policies, procedures, practices and organizational structures which are implemented to reduce risk to the organization; developed to provide reasonable assurance to management that the organization's business objectives will be achieved and risk events will be prevented, or detected and corrected

19

Preventive controls

Controls that deter control problems before they occur

20

Detective controls

Controls that discover problems as soon as they arise

21

Corrective controls

Controls that remedy control problems that have been discovered

22

Control objectives

statements of the desired result or purpose to be achieved by implementing control activities (procedures)

23

IS Control objectives

provide a complete set of high-level requirements to be considered by management for effective control of each IT process

24

COBIT 5

a comprehensive framework that assists enterprises in achieving their objectives for the governance and management of enterprise IT; helps enterprises create optimal value from IT by maintaining a balance between realizing benefits and optimizing risk levels and resource use

25

COBIT 5 Principles

1. Meeting stakeholder needs

26

Controls

include policies, procedures and practices established by management to provide reasonable assurance that specific objectives will be achieved

27

Compliance Audit

an audit that includes specific tests of controls to demonstrate adherence to specific regulator or industry standards

28

Financial Audit

an audit that assesses the accuracy of financial reporting

29

Operational Audit

an audit designed to evaluate the internal control structure in a given process or area

30

Integrated Audit

an audit that combines financial and operational audit steps

31

Administrative Audit

an audit oriented to assess issues related to the efficiency of operational productivity within an organization

32

IS Audit

an audit that collects and evaluates evidence to determine whether the information systems and related resources adequately safeguard assets, maintain data and system integrity and availability, provide relevant and reliable information, achieve organizational goals, consume resources efficiently, and have, in effect, internal controls that provide reasonable assurance that business, operational and control objectives will be met

33

Statement on Standards for Attestation Engagements (SSAE 16)

a widely known auditing standard developed by the AICPA that defines the professional standards used by a service auditor to assess the internal controls of a service organization

34

Forensic Audit

an audit specialized in discovering, disclosing and following up on frauds and crimes

35

Audit Program

identifies the scope, audit objectives and audit procedures to obtain sufficient, relevant and reliable evidence to draw and support audit conclusions and opinions; includes the audit strategy and audit plan

36

Audit Strategy

overall approach to the audit that considers the nature of the client, risk of significant misstatements, and other factors such as the number of client locations and past effectiveness of client controls

37

Audit Methodology

a set of documented audit procedures designed to achieve planned audit objectives; components include a statement of scope, statement of objectives, and a statement of audit programs

38

Risk-Based Auditing

an audit approach that is adapted to develop and improve the continuous audit process; used to assess risk and assist the IS auditor in making the decision to perform either compliance testing or substantive testing

39

Inherent Risk

the risk level or exposure of the process/entity to be audited without taking into account the controls that management has implemented

40

Control Risk

the risk that a material error exists that would not be prevented or detected on a timely basis by the system of internal controls

41

Detection Risk

the risk that material errors or misstatements that have occurred will not be detected by the IS auditor

42

Overall Audit Risk

the probability that information or financial reports may contain material errors and that the auditor may not detect an error that has occurred

43

Statistical Sampling Risk

the risk that incorrect assumptions are made about the characteristics of a population from which a sample is selected

44

Risk Mitigation

a risk response that includes applying appropriate controls to reduce the risks

45

Risk Acceptance

a risk response that includes knowingly and objectively not taking action, providing the risk clearly satisfies the organization's policy and criteria

46

Risk Avoidance

a risk response that includes avoiding risks by not allowing actions that would cause the risks to occur

47

Risk transfer/sharing

a risk response that includes transferring the associated risks to other parties, e.g. insurers or suppliers

48

Audit objectives

refer to the specific goals that must be accomplished by the audit

49

Compliance Testing

evidence gathering for the purposes of testing an organization's compliance with control procedures; determines if controls are being applied in a manner that complies with management policies and procedures

50

Substantive Testing

evidence gathering for the purposes of evaluating the integrity of individual transactions, data or other information; substantiates the integrity of actual processing

51

Evidence

any information used by the IS auditor to determine whether the entity or data being audited follows the established criteria or objectives, and supports audit conclusions

52

Sample

the subset of population members used to perform testing

53

Statistical Sampling

sampling that uses the laws of probability to select and evaluate the results of an audit sample, thereby permitting the auditor to quantify the sampling risk for the purpose of reaching a conclusion about the population

54

Nonstatistical Sampling

audit sampling that relies on the auditor's judgment to determine sample size, select the sample, and/or evaluate the results for the purpose of reaching a conclusion about the population

55

Attribute Sampling

sampling used to estimate the proportion of a population that possesses a specified characteristic; the primary sampling method used for compliance testing

56

Stop-or-go Sampling

sampling that allows the audit test to be stopped at the earliest possible moment

57

Discovery Sampling

a sampling plan that is appropriate when the expected occurrence rate is extremely low, used when the auditor desires a specific chance of observing at least one example of occurrence

58

Variable Sampling

sampling that deals with population characteristics that vary, such as monetary values and weights, and provides conclusions related to deviations from the norm

59

Confidence Coefficient

a percentage expression of the probability that the characteristics of the sample are a true representation of the population

60

Level of Risk

equal to one minus the confidence coefficient

61

Precision

represents the acceptable range difference between the sample and the actual population

62

Expected Error Rate

an estimate stated as a percent of the errors that may exist

63

Sample mean

the sum of all sample values, divided by the size of the sample

64

Sample standard deviation

computes the variance of the sample values from the mean of the sample

65

Tolerable error rate

maximum misstatement or number of errors that can exist without an account being materially misstated

66

Population standard deviation

measures the relationship to the normal distribution

67

Computer-Assisted Audit Techniques (CAAT)

refer to audit software that uses auditor-supplied specifications to generate a program that performs audit functions, thereby automating or simplifying the audit process

68

Generalized Audit Software (GAS)

standard software designed to read, process, and write data with the help of functions performing specific audit routines and with self-made macros

69

Utility Software

subset of software that provides evidence to auditors about system control effectiveness

70

Test Data

using a sample set of data to assess whether logic errors exist in a program and whether the program meets its objectives

71

Compensating Control

A control that reduces the risk that an existing or potential control weakness will result in a failure to meet a control objective (e.g., avoiding misstatements).

72

Audit Report

used by the auditor to report findings and recommendations to management

73

Control Self-Assessment (CSA)

A method/process by which management and staff of all levels collectively identify and evaluate risk and controls with their business areas. This may be under the guidance of a facilitator such as an auditor or risk manager; includes testing the design of automated application controls

74

Traditional Auditing Approach

any approach in which the primary responsibility for analyzing and reporting on internal control and risk is assigned to auditors, and to a lesser extent, controller departments and outside consultants

75

Integrated Auditing

the process whereby appropriate audit disciplines are combined to assess key internal controls over an operation, process or entity

76

Continuous Monitoring

provided by IS management and tools and typically based on automated procedures to meet fiduciary responsibilities

77

Continuous Auditing

"A methodology that enables independent auditors to provide written assurance on a subject matter using a series of auditors reports issued simultaneously with or a short period of time after the occurrence of the events underlying the subject matter"

78

Corporate Governance

the system by which business corporations are directed and controlled; a set of responsibilities and practices used by an organization's management to provide strategic direction, thereby ensuring that goals are achievable, risks are properly addressed and organizational resources are properly utilized

79

Governance of Enterprise IT (GEIT)

the body of issues addressed in considering how IT is applied within the enterprise

80

IT Governance

a structure of relationships and processes used to direct and control the enterprise toward achievement of its goals by adding value while balancing risk vs. return over IT and its processes

81

IT Governance Focus Areas

1. Strategic Alignment

82

Strategic Alignment

focuses on ensuring the linkage of business and IT plans; defining, maintaining and validating the IT value proposition; and aligning IT operations with enterprise operations

83

Value Delivery

executing the value proposition throughout the delivery cycle, ensuring that IT delivers the promised benefits against the strategy, concentrating on optimizing costs and proving the intrinsic value of IT

84

Resource Management

the optimal investment it, and the proper management of, critical IT resources: applications, information, infrastructure and people

85

Performance Management

tracks and monitors strategy implementation, project completion, resource usage, process performance and service delivery

86

IT Balanced Scorecard (BSC)

a process management evaluation technique that can be applied to the IT governance process in assessing the IT functions and processes; supplements traditional financial evaluation with measures concerning user satisfaction, internal processes and the ability to innovate

87

IT Strategy Committee

As a committee of the board, it assists the board in overseeing the enterprise's IT-related matters by ensuring that the board has the internal and external information it requires for effective IT governance decision making.

88

IT Steering Committee

a committee, comprised of a group of managers and staff representing various organizational units, set up to establish IT priorities and to ensure that the MIS function is meeting the needs of the enterprise

89

Information Security Governance

governance focused on specific value drivers: confidentiality, integrity, and availability of information, continuity of services and protection of information assets

90

Process Integration

integration of an organization's management assurance processes for security

91

Enterprise Architecture (EA)

involves documenting an organization's IT assets in a structured manner to facilitate understanding, management and planning for IT investments; involves both a current state and an optimized state

92

Zachman Framework for Enterprise Architecture

a model framework that is a starting point for many contemporary EA projects the helps move IT projects from abstract to physical using models and representations with progressively greater levels of detail

93

Federal Enterprise Architecture (FEA)

a business and performance based framework to support cross-agency collaboration, transformation and government-wide improvement

94

Strategic Planning

long-term direction an enterprise wants to take in leveraging information technology for improving its business processes

95

IT Portfolio Management

has an explicitly directive, strategic goal in determining what the enterprise will continue to invest in vs. what the enterprise will divest

96

Policy

high-level document that represents the corporate philosophy of an organization

97

Security Policy

policy that communicates a coherent security standard to users, management and technical staff

98

High-level Information Security Policy

policy that includes statements on confidentiality, integrity, and availability

99

Data Classification Policy

policy that should describe the classifications, levels of control at each classification and responsibilities of all potential users including ownership

100

Acceptable Use Policy

policy that includes information for all information resources and describes the organizational permissions for the usage of IT and information-related resources

101

End-user Computing Policy

policy that describes the parameters and usage of desktop, mobile computing and other tools by users

102

Access Control Policy

policy that describes the method for defining and granting access to users to various IT resources

103

Procedures

detailed steps defined and documented for implementing policies

104

Risk Management

the process of identifying vulnerabilities and threats to the information resources used by an organization in achieving business objectives and deciding what countermeasures, if any, to take in reducing risk to an acceptable level, based on the value of the information resource to the organization

105

Key performance indicators

The quantifiable metrics a company uses to evaluate progress toward critical success factors

106

Threat

any circumstance or event with the potential to cause harm (such as destruction, disclosure, modification of data and/or denial of service) to an information resource

107

Vulterabilities

characteristics of information resources that can be exploited by a threat to cause harm

108

Impact

the result of a threat agent exploiting a vulnerability

109

Residual Risk

the remaining level of risk once controls have been applied; can be used by management to further reduce risk by identifying those areas in which more control is needed

110

Qualitative Analysis

method that uses words or descriptive rankings to describe in the impact or likelihood of risk (high, medium, low)

111

Semi-quantitative Analysis

method that uses descriptive rankings that are associated with a numeric scale to describe the impact or likelihood of risk

112

Quantitative Analysis

method that uses numeric values to describe the likelihood and impact of risk, using data from several types of sources such as historic records, past experiences, industry practices and records, statistical theories, testing, and experiments (usually monetary terms)

113

IS Management

practices that reflect the implementation of policies and procedures developed for various IS-related management activities

114

Human Resource Management

organizational policies and procedures for recruiting, selecting, training and promoting staff, measuring staff performance, disciplining staff, succession planning, and staff retention

115

Sourcing

the way in which the organization will obtain the IS functions required to support the business (in-house, outsource)

116

Outsourcing

contractual agreements under which an organization hands over control of part or all of the functions of the IS department to an external party

117

Service Level Agreement (SLA)

a document that provides a company with a performance guarantee for services outsourced to a vendor

118

Benchmarking

A process of continuously measuring system results, comparing those results to optimal system performance (industry standards or best practices), and identifying steps and procedures to improve system performance

119

Cloud Computing

model for enabling convenient, on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort or service provider interaction

120

Statement on Standards for Attestation Engagements (SSAE 16)

provides a framework for three Service Organization Control (SOC) reporting options

121

SOC 1 Report

focus solely on controls at a service organization that are likely to be relevant to an audit of a user entity's financial statements

122

Governance of Outsourcing

the set of responsibilities, roles, objectives, interfaces and controls required to anticipate change and manage the introduction, maintenance, performance, costs and control of third-party provided services

123

Change Management

involves the use of a defined and documented process to identify and apply technology improvements at the infrastructure and application level that are beneficial to the organization and involve all levels of the organization impacted by the changes

124

Quality Management

one of the means by which IT department-based processes are controlled, measured and improved; may include: software development/maintenance/implementation, acquisition of hardware or software, day-to-day operations, service management, security, HR management, general administration

125

Ways to use performance measures

1. Measure products/services

126

Systems development manager

responsible for programmers and analysts who implement new systems and maintain existing systems

127

Project manager

responsible for planning and executing IT projects and may report to a project management officer or to the development organization

128

Service desk (help desk)

unit within an organization that responds to technical questions and problems faced by users

129

End user

responsible for operations related to business application services; used to distinguish the person for whom the product was designed from the person who programs, services, or installs applications

130

End-user support manager

responsible as a liaison between the IS department and the end users

131

Data manager

responsible for the data architecture in larger IT environments and tasked with managing data as a corporate asset

132

Quality Assurance (QA) manager

responsible for negotiating and facilitating quality activities in all areas of information technology

133

Operations manager

responsible for computer operations personnel, including all staff required to run the data center efficiently and effectively

134

Control group

responsible for the collection, conversion and control of input, and the balancing and distribution of output to the user communicty

135

Media manager

responsible for recording, issuing, receiving, and safeguarding all program and data files that are maintained on removable media

136

Data Entry

The process of getting information into a database, usually done by people typing it in by way of data-entry forms designed to simplify the proces

137

Systems administrator

responsible for maintaining major multi-user computer systems, including LANs, WLANs, WANs, PANs, SANs, intranets and extranets, and mid-range and mainframe systems

138

Security Administrator

responsible for ensuring that the various users are complying with the corporate security policy and controls are adequate to prevent unauthorized access to the company assets

139

Quality Assurance (QA)

helps the IS department to ensure that personnel are following prescribed quality processes

140

Quality Control (QC)

responsible for conducting tests or reviews to verify and ensure that software is free from defects and meets user expectations

141

Database Administrator (DBA)

custodian of an organization's data; defines and maintains the data structures in the corporate database system

142

Systems analyst

specialist who designs systems based on the needs of the user and are usually involved during the initial phase of the system development life cycle

143

Security architect

responsible for evaluating security technologies; design security aspects of the network topology, access control identity management and other security systems; and establish security policies and security requirements

144

Applications staff

responsible for developing and maintaining applications; should work in a test-only environment

145

Infrastructure staff

responsible for maintaining the systems software, including the operating system

146

Network administrator

responsible for key components of the infrastructure (routers, switches, firewalls, network segmentation, performance management, remote access, etc.); report to the director of the IPF or an end-user manager

147

Segregation of Diteis

avoids the possibility that a single person could be responsible for diverse and critical functions in such a way that errors or misappropriations could occur and not be detected in a timely manner an in the normal course of business processes

148

Duties that should be segregated

custody of the assets, authorization, recording transactions

149

Compensating controls

internal controls that are intended to reduce the risk of an existing or potential control weakness when duties cannot be appropriately segregated

150

Audit trails

help the IS and user departments as well as the IS auditor by providing a map to retrace the flow of a transaction; recreates the actual transaction flow from the point of origination to its existence on an updated file

151

Reconciliation

independent verification typically performed by the user that increases the level of confidence that the application processed successfully and the data are in proper balance

152

Exception reporting

Identifying data that is not within "normal limits" so that managers can follow up and take corrective action; should require evidence, such as initials on a report, noting that the exception has been handled properly

153

Transaction logs

a record of transactions (can be logged manually or automatically)

154

Request for proposal

A document specifying all the system requirements and soliciting a proposal from each vendor contacted

155

Business continuity

the ability of an organization to maintain its operations and services in the face of a disruptive event

156

Business continuity plan

Provides procedures for emergency responses, extended backup operations, and post-disaster recovery

157

Disaster recovery plan

a detailed process for recovering information or an IT system in the event of a catastrophic disaster such as a fire or flood

158

Restoration plan

a process to return operations to normality whether in a restored or new facility

159

IS business continuity planning

specifies how to resume business processes specifically related to IS in the face of a disruptive event; should be aligned with the strategy of the organization

160

Risk analysis calculation

how risk is calculated; uses either qualitative or quantitative means

161

Business Impact Analysis (BIA)

the activity in Business Continuity Management that identifies vital business functions and their dependencies; allows the organization to determine the maximum downtime possible and to quantify losses as they grow after a disruption, thus allowing the organization to make a decision on the technology used for protection and recovery of its key information assets

162

IT disaster recovery plan

typically details the process IT personnel will use to restore the computer systems

163

Disasters

disruptions that cause critical information resources to be inoperative for a period of time, adversely impacting organizational operations

164

Pandemic

an epidemic or outbreak of infectious diseases in humans that have the ability to spread rapidly over large areas

165

Business continuity policy

a document approved by top management that defines the extent and scope of the business continuity effort within the organization

166

Incident

any unexpected event, even if it causes no significant damage

167

Negligible incident

incident that causes no perceptible or significant damage

168

Minor incidents

incidents that, while not negligible, produce no negative material (of relative importance) or financial impact

169

Major incidents

incidents that cause a negative material impact on business processes and may affect other systems, departments or even outside clients

170

Crisis

a major incident that can have serious material impact on the continued functioning of the business and may also adversely impact other systems or third parties

171

Downtime cost

costs incurred during the period after a disaster in which the business is not functioning; cost grows quickly with time, where the impact of a disruption increases the longer it lasts

172

Recovery cost

cost of activating the business continuity plan (alternative corrective measures), which decreases with the target chosen for recovery time

173

Risk ranking

determination of risk based upon the impact derived from the critical recovery time period, as well as the likelihood that an adverse disruption will occur (critical, vital, sensitive, nonsensitive)

174

Desk-based evaluation/paper test

a paper walk-through of the BCP, involving major players in the plan's execution who reason out what might happen in a particular type of service disruption

175

Preparedness test

localized version of a full BCP test, wherein actual resources are expanded in the simulation of a system crash

176

Full operational test

one step away from an actual service disruption; a full test of the BCP

177

Benefits realization

the process by which an organization evaluates technology solutions to business problems

178

Project portfolio

all of the projects (related or unrelated) being carried out in an organization at a given point in time

179

Program

a group of projects and time-bound tasks that are closely linked together through common objectives, a common budget, and intertwined schedules and strategies

180

Business case

document that provides the information required for an organization to decide whether a project should proceed

181

Project management

the application of knowledge, skills, tools, and techniques to a broad range of project activities to achieve a stated objective such as meeting the defined user requirements, budget and deadlines for an IS project

182

Influence project organization

a type of project organization in which the project manager has only a staff function without formal management authority; the PM can only advise peers and team members as to which activities should be completed

183

Pure project organization

a type of project organization in which the project manager has formal authority over those taking part in the project

184

Matrix project organization

a type of project organization in which management authority is shared between the project manager and the department heads

185

Specific, Measurable, Attainable, Realistic and Timely

SMART

186

Main objectives

objectives that will always be directly coupled with business success

187

Additional objectives

objectives that are not directly related to the main results of the project but may contribute to project success

188

Nonobjectives

objectives that add clarity to the scope, and project boundaries become clearer; these objectives shape the contours of the deliverables and help all parties to gain a clear understanding of what has to be done to avoid any ambiguities

189

Object breakdown structure (OBS)

a structure that represents the individual components of the solution and their relationships to each other in a hierarchical manner, either graphically or in a table

190

Work breakdown structure (WBS)

designed after the OBS has been compiled, this structures all the tasks that are necessary to build up the elements of the OBS during the project

191

Task list

a list of actions to be carried out in relation to work packages and includes assigned responsibilities and deadlines

192

Senior Management

management that demonstrates commitment to the project and approves the necessary resources to complete the project

193

User Management

management that assumes ownership of the project and resulting system, allocates qualified representatives to the team, and actively participates in business process redesign, system requirements definition, test case development, acceptance testing and user training

194

Project Steering Committee

group that provides overall direction and ensures appropriate representation of the major stakeholders in the project's outcome; should be comprised of a senior representative from each relevant business area

195

Project Sponsor

person or group that provides funding for the project and works closely with the project manager to define the critical success factors and metrics for measuring the success of the project

196

Systems Development Management

management that provides technical support for hardware and software environments by developing, installing and operating the requested system

197

Project Manager

person that provides day-to-day management and leadership of the project, ensures that project activities remain in line with the overall direction, ensures appropriate representation of the affected departments, ensures that the project adheres to local standards, ensures that deliverables meet the quality expectations of key stakeholders, resolves interdepartmental conflicts, and monitors and controls costs and the project timetable

198

Systems Development Project Team

group that completes assigned tasks, communicates effectively with users by actively involving them in the development process, works according to local standards and advises the project manager of necessary project plan deviations

199

User Project Team

group that completes assigned tasks, communicates effectively with the systems developers by actively involving themselves in the development process as subject matter experts (SMEs), works according to local standards and advises the project manager of expected and actual project plan deviations

200

Security Officer

person that ensures that system controls and supporting processes provide an effective level of protection, based on the data classification set in accordance with corporate security policies and procedures

201

Quality Assurance (QA)

personnel who review results and deliverables within each phase of a project and at the end of each phase, and confirm compliance with requirements

202

Software size estimation

relates to methods of determining the relative physical size of the application software to be developed

203

Function Point Analysis (FPA)

a multiple-point technique widely used for estimating complexity in developing large business applications

204

Critical path method (CPM)

the sequence of activities whose sum of activity time is longer than that for any other path through the network; if everything goes according to schedule, the duration gives the shortest possible completion time for the overall project

205

Time slack

the difference between the latest possible completion time of each activity that will not delay the completion of the overall project and the earliest possible completion time based on all predecessor activities

206

Gantt chart

chart that aids in the scheduling of activities needed to complete a project; shows when an activity should begin and when it should end along a timeline

207

PERT (Program Evaluation Review Technique)

technique that uses three different estimates of each activity duration in lieu of using a single number for each activity duration (as used by CPM); the three estimates are then reduced to a single number and then the classic CPM algorithm is applied

208

Timebox management

a project management technique for defining and deploying software deliverables within a relatively short and fixed period of time, and with predetermined specific resources

209

Earned value analysis (EVA)

consists of comparing the following metrics at regular intervals during the project: budget to date, actual spending to date, estimate to complete and estimate at completion

210

Postproject review

formal process in which lessons learned and an assessment of project management processes used are documented to allow reference, in the future, by other project managers or users working on projects of similar size and scope

211

Postimplementation review

process typically completed once the project has been in use for some time - long enough to realize its business benefits and costs, and measure the project's overall success and impact on the business units

212

Key business dirvers

the attributes of a business function that drive the behavior and implementation of that business function to achieve the strategic business goals of the company

213

V-Model

modified Waterfall model that provides for back references for VERIFICATION and VALIDATION

214

Waterfall model

an SDLC approach that assumes the various phases of a project can be completed sequentially - one phase leads (falls) into the next phase

215

Iterative Approach

method in which business requirements are developed and tested in iterations until the entire application is designed, built and tested

216

Feasibility study

a study concerned with analyzing the benefits and solutions for the identified problem area

217

Requirements definition

concerned with identifying and specifying the business requirements of the system chosen for development during the feasibility study

218

Request for Proposal (RFP)

written request asking contractors to propose solutions and prices that fit customer's requirements; this method is more applicable in system integration projects when the requirement is more toward a solution and related support and maintenance

219

Invitation to Tender

written request asking contractors to propose solutions and prices that fit customer's requirements; this method is more applicable where procurement of hardware, network, database, etc. is involved and when the product and related services are known in advance

220

Entity Relationship Diagram (ERD)

these diagrams show how the entities that make up a relational database are linked together. Using cardinality the relationships are displayed using a straight line to link the entities, which are represented by a rectangle

221

Entities

groupings of like data elements or instances that may represent actual physical objects or logical constructs

222

Attributes

properties or characteristics common to all or some of the instances of the entity

223

Primary Key

uniquely identifies each instance of the entity

224

Relationships

depict how two entities are associated (and, in some cases, how instances of the same entity are associated)

225

Foreign Key

one or more attributes held in one entity that map to the primary key of a related entity

226

Software baseline

the cutoff point in the design; also referred to as design freeze

227

Test Plan

developed early in the life cycle and refined until the actual testing phase, this identifies the specific portions of the system to be tested

228

Bottom-up

a testing strategy that begins testing of atomic units, such as programs or modules, and work upward until a complete system testing has taken place

229

Top-down testing

a testing strategy where the component at the top of the component hierarchy is tested first, with lower level components being simulated by stubs; tested components are then used to test lower level components; the process is repeated until the lowest level components have been tested

230

Unit testing

testing of an individual program or module

231

Interface or integration testing

a hardware or software test that evaluates the connection of two or more components that pass information from one area to another

232

System testing

a series of tests designed to ensure that modified programs, objects, database schema, etc., which collectively constitute a new or modified system, function properly

233

Recovery testing

checking the system's ability to recover after a software or hardware failure

234

Security testing

making sure that the modified/new system includes provisions for appropriate access controls and does not introduce any security holes that might compromise other systems

235

Load testing

testing an application with large quantities of data to evaluate its performance during peak hours

236

Volume testing

studying the impact on the application by testing with an incremental volume of records to determine the maximum volume of records (data) that the application can process

237

Stress testing

studying the impact on the application by testing with an incremental number of concurrent users/services on the application to determine the maximum number of concurrent users/services the application can process; should be carred out ina test environment using live workloads

238

Performance testing

comparing the system's performance to other equivalent systems using well-defined benchmarks

239

Quality assurance testing (QAT)

testing that focuses on the documented specifications and the technology employed; verifies that the application works as documented by testing the logical design and the technology itself

240

User acceptance testing (UAT)

testing that supports the process of ensuring that the system is production-ready and satisfies all documented requirements; focuses on functional aspect of the application

241

Alpha testing

testing that is performed only by users within the organization developing the software

242

Beta testing

a form of user acceptance testing that generally involves a limited number of external users

243

Pilot testing

preliminary test that focuses on specific and predetermined aspects of a system; provides a limited evaluation of the system

244

White box testing

testing that assesses the effectiveness of software program logic

245

Black box testing

an integrity-based form of testing associated with testing components of an information system's "functional" operating effectiveness without regard to any specific internal program structure

246

Function/validation testing

used to test the functionality of the system against the detailed requirements to ensure that the software that has been built is traceable to customer requirements

247

Regression testing

the process of rerunning a portion of a test scenario or test plan to ensure that changes or corrections have not introduced new errors

248

Parallel testing

the process of feeding test data into two systems - modified system and and alternative system - and comparing the results

249

Sociability testing

tests to confirm that the new or modified system can operate in its target environment without adversely impacting existing systems

250

System configuration

consists of defining, tracking and controlling changes in a purchased system to meet the needs of the business

251

Implementation

the actual operation of the new information system is established and tested

252

Site acceptance testing

a full-system test conducted on the actual operations environment

253

Data migration

the moving of data from the original application system into the newly implemented system

254

Data conversion

the conversion of existing data into the new required format, coding and structure while preserving the meaning and integrity of the data

255

Changeover

refers to an approach to shift users from using the application from the existing (old) system to the replacing (new) system

256

Parallel changeover

a changeover approach that includes running the old system, then running both the old and new systems in parallel, and finally fully changing over to the new system after gaining confidence in the working of the new system

257

Phased changeover

a changeover approach where the older system is broken into deliverable modules; the first module of the older system is phased out using the first module of the new system, then the second module is replaced, and so on until the last module is replaced

258

Abrupt changeover

a changeover approach where the newer system is changed over from the older system on a cutoff date and time, and the older system is discontinued once the changeover to the new system takes place

259

Certification

the process by which an assessor organization performs a comprehensive assessment against a standard of management and operational and technical controls in an information system

260

Accreditation

the official management decision (given by a senior official) to authorize operation of an information system and to explicitly accept the risk to the organization's operations, assets, or individuals based on the implementation of an agreed-upon set of requirements and security controls

261

Postproject review

internal review to assess and critique the project process

262

Postimplementation review

review to assess and measure the value the project has on the business (benefits realization)

263

Business risk

risk related to the likelihood that the new system may not meet the users' business needs, requirements and expectations

264

Project risk

risk that the project activities to design and develop the system exceed the limits of the financial resources set aside for the project and, as a result, it may be completed late, if ever

265

Electronic commerce (e-commerce)

the buying and selling of goods online, usually via the Internet

266

Business-to-consumer

applies to any business that sells its products or services to consumers over the internet

267

Business-to-business

applies to businesses buying from and selling to each other over the Internet

268

Business-to-employee

when administrative transactions are conducted over the Internet between a business and its employees, such as payroll and benefits

269

Business-to-government

online transactions between businesses and governmental agencies

270

Electronic Data Interchange (EDI)

replaces the traditional paper document exchange (purchase orders, invoices, material release schedules), the proper controls and edits need to be built within each company's application system to allow this communication to take place

271

Value-added network (VAN)

use computerized message switching and storage capabilities to provide electronic mailbox services similar to a post office

272

Mail servers

hosts that deliver, forward and store mail

273

Clients

interface with users and allow users to read, compose, send and store email messages

274

Point-of-sale (POS) system

system that enables the capture of data at the time and place that sales transactions occur

275

Electronic funds transfer (EFT)

a computerized cash payments system that transfers funds without the use of checks, currency, or other paper documents

276

e-finance

a new means of delivering financial services electronically

277

Automated teller machine (ATM)

a specialized form of the POS terminal that is designed for the unattended use by a customer of a financial institution

278

Interactive voice response (IVR)

a phone technology that allows a computer to detect voice and touch tones using a normal phone call

279

Imaging system

system that stores, retrieves and processes graphic data, such as pictures, charts and graphs, instead of or in addition to text data

280

Artificial intelligence

the science of designing and programming computer systems to do intelligent things and to simulate human thought processes suchs as reasoning and understanding language

281

Expert systems

systems that allow the user to specify certain basic assumptions or formulas and then uses these assumptions or formulas to analyze arbitrary events

282

Business intelligence (BI)

a broad field of IT that encompasses the collection and analysis of information to assist decision making and assess organizational performance

283

Data architecture

a system that consists of individual databases contributing to a central repository from which data may be either drawn directly to supply an EHR workstation or sent to a warehouse that performs sophisticated analysis on data to supply decision support

284

Context diagrams

diagrams that outline the major processes of an organization and the external parties with which the business interacts

285

Swim-lane diagrams

diagrams that deconstruct business processes

286

Decision support system

an interactive system that provides the user with easy access to decision models and data from a wide range of sources in order to support semi-structured decision-making tasks typically for business purposes

287

Customer relationship management (CRM)

an emphasis on the importance of focusing on information relating to transaction data, preferences, purchase patterns, status, contact history, demographic information, and service trends of customers rather than on products

288

Operational CRM

concerned with maximizing the utility of the customer's service experience while also capturing useful data about the customer interaction

289

Analytical CRM

seeks to analyze information captured by the organization about its customers and their interactions with the organization into information that allows greater value to be obtained from the customer base

290

Agile development

a system development strategy that refers to a family of similar development processes that espouse a nontraditional way of developing complex systems

291

Scrum

an agile process that aims to move planning and directing tasks from the project manager to the team, leaving the project manager to work on removing the obstacles to the team, achieving their objectives

292

Prototyping

aka heuristic or evolutionary development, the process of creating a system through controlled trial and error procedures to reduce the level of risk in developing the system

293

Rapid application development (RAD)

a methodology that enables organizations to develop strategically important systems quickly while reducing development costs and maintaining quality

294

Object-oriented system development (OOSD)

the process of solution specification and modeling where data and procedures can be grouped into an entity known as an object

295

Component-based development

the process of assembling applications from cooperating packages of executable software that make their services available through defined interfaces

296

Web-based application development

a software development approach designed to achieve easier and more effective integration of code modules within and between enterprises

297

Reengineering

a process of updating an existing system by extracting and reusing design and program components

298

Reverse engineering

the process of studying and analyzing an application, a software application or a product to see how it functions and to use that information to develop a similar system

299

Project Phases of Physical Architecture Analysis

1. Review of existing architecture

300

Project Phases of Planning the Implementation of Infrastructure

1. Procurement phase

301

System maintenance practices

the processes of managing change to application systems while maintaining the integrity of both the production source and executable code

302

Change management

a systematic way of approving and executing changing in order to assure maximum security, stability and availability of information technology services

303

Configuration management

procedures throughout the software life cycle to identify, define and baseline software items in the system and thus provide a basis for problem management, change management and release management

304

Code generators

tools, often incorporated with CASE products, that generate program code based on parameters defined by a systems analyst or on data/entity flow diagrams developed by the design module of a CASE product

305

Computer-aided software engineering (CASE)

the use of automated tools to aid in the software development process

306

Upper CASE

CASE products used to describe and document business and application requirements

307

Middle CASE

CASE products used for developing the detailed designed

308

Lower CASE

CASE products involved with the generation of program code and database definitions

309

4GL

fourth-generation language; nonprocedural language that enables users and programmers to access data in a database

310

Business process reengineering (BPR)

the process of responding to competitive and economic pressures, and customer demands to survive in the current business environment; usually done by automating system processes so that there are fewer manual interventions and manual controls

311

Benchmarking

a continuous, systematic process for evaluating the products, services, or work processes of organizations recognized as a world-class "reference" in a globalized world

312

ISO 9126

an international standard to assess the quality of software products that provides the definition of the characteristics and associated quality evaluation process to be used when specifying the requirements for, and evaluating the quality of, software products throughout their life cycle

313

Capability maturity model (CMM)

a five-level model laying out a generic path to process improvement (maturity) for software development in organizations

314

ISO/IEC 15504

a series of documents that provide guidance on process improvement, benchmarking and assessment including detailed guidance that can be leveraged to create enterprise best practices

315

Levels of the CMM

0. Incomplete process

316

Application controls

controls over input, processing, and output functions

317

Input authorization

verifies that all transactions have been authorized and approved by management

318

Batch balancing

comparison of the items or documents actually processed against a predetermined control total

319

Data validation

a process to identify data errors, incomplete or missing data and inconsistencies among related data items

320

Processing controls

controls that ensure that data in a file/database remain complete and accurate until changed as a result of authorized processing or modification routines

321

File controls

controls that ensure that only authorized processing occurs to stored data files

322

Output controls

controls that provide assurance that the data delivered to users will be presented, formatted and delivered in a consistent and secure manner

323

Business process control assurance

involves evaluating controls at the process and activity level

324

Segregation of duties

implementing control procedures to clearly divide authority and responsibility within the information system function to prevent employees from perpetrating and concealing fraud

325

Data integrity testing

set of substantive tests that examines accuracy, completeness, consistency and authorization of data presently held in a system

326

Generalized audit software (GAS)

uses auditor-supplied specifications to generate a program that performs audit functions, thereby automating or simplifying the audit process

327

Computer assisted audit techniques

refer to audit software, often called generalized audit software (GAS), that uses auditor- supplied specifications to generate a program that performs audit functions, thereby automating or simplifying the audit process

328

Snapshots

technique that involves taking "pictures" of the processing path that a transaction follows, from the input to the output stage

329

Audit hooks

technique that involves embedding hooks in application systems to function as red flags and to induce IS auditors to act before an error or irregularity gets out of hand

330

Wired equivalent privacy

a key encryption technique for wireless networks that uses keys both to authenticate network clients ant to encrypt data in the transit; has been demonstrated to have numerous flaws and has been deprecated in favor of newer standards

331

Functional acknowledgments

standard EDI transactions that tell trading partners that their electronic documents were received; used as an audit trail for electronic data interchange (EDI) transactions

332

IS Operations

responsible for the ongoing support of an organization's computer and information systems environment

333

IS Management

has the overall responsibility for all operations within the IS department

334

IT Service Management

a concept that comprises processes and procedures for efficient and effective delivery of IT services to business

335

Delta release

a release that contains only those items that have undergone changes since the last release

336

Service Level Agreement

an agreement between the IT organization and the customer that details the service(s) to be provided; the IT organization could be an internal IT department or an external IT service provider, and the customer is the business

337

Service level management

the process of defining, agreeing upon, documenting and managing levels of service that are required and cost justified

338

Exception reports

automated reports that identify all applications that did not successfully complete or otherwise malfunctioned

339

System and application logs

logs generated from various systems and applications that should be considered to identify all application problems and provide additional, useful information regarding activities performed on the computer since most abnormal system and application events will generate a record in the logs

340

Operator problem reports

manual reports that are used by operators to log computer operations problems and their resolutions

341

Operator work schedules

schedules that are generally maintained manually by IS management to assist in human resource planning

342

Job scheduling

a major function within the IS department that includes scheduling jobs that must be run, the sequence of job execution and the conditions that cause program execution

343

Job scheduling software

system software used by installations that process a large number of batch routines

344

Incident management

focuses on providing increased continuity of service by reducing or removing the adverse effect of disturbances to IT services, and covers almost all nonstandard operations of IT services

345

Problem management

aims to resolve issues through the investigation and in-depth analysis of a major incident, or several incidents that are similar in nature, in order to identify the root cause

346

Change control procedures

part of change management that are established to control the movement of applications from the test environment, where development and maintenance occurs, to the quality assurance (QA) environment, to the production environment

347

Release management

the process responsible for planning, scheduling and controlling the movement of releases to test and live environments; primary objective is to ensure that the integrity of the live environment is protected and that the correct components are released

348

Information security management

ensures continuous IT operation and security of business process and data

349

Media sanitization

establishes the controls, techniques and processes necessary to preserve the confidentiality of sensitive information stored on media to be reused, transported, or discarded; involves the eradication of information recorded on storage media to the extent of providing reasonable assurance that residual content cannot be salvaged or restored

350

Central processing unit (CPU)

executes commands from a computer's hardware and software; the principal computer chip that contains several processing components, which determines the computer's operating speed; the "brain" of a computer

351

Random access memory (RAM)

temporary memory a computer uses to store information while it is processing; memory is volatile

352

Read-only memory

form of primary memory that holds items that can be read but not erased or changed by normal computer input; memory is nonvolatile

353

Print servers

servers that allow businesses to consolidate printing resources for cost-savings

354

File servers

servers that provide for organization-wide access to files and programs

355

Application (program) servers

servers that host the software programs that provide application access to client computers, including the processing of the application business logic and communication with the application's database

356

Web servers

servers that provide information and services to external customers and internal employees through web pages

357

Proxy servers

servers that provide an intermediate link between users and resources; servers that access services on a user's behalf

358

Database servers

servers that store raw data and act as a repository for storing information rather than presenting it to be usable

359

Appliances

provide a specific service and normally would not be capable of running other services; these devices are significantly smaller, faster, and very efficient

360

Universal serial bus

a serial bus standard that interfaces devices with a host; was designed to allow connection of many peripherals to a single standardized interface socket; allows devices to be connected and disconnected without rebooting

361

Memory card / flash drive

a solid-state electronic data storage device used with digital cameras, handheld and mobile computers, telephones, music players, video game consoles and other electronics

362

Radio frequency identification (RFID)

uses radio waves to identify tagged objects within a limited radius

363

Capacity management

the planning and monitoring of computing and network resources to ensure that the available resources are used efficiently and effectively

364

Capacity planning

the process of ensuring that the resource provision can always meet business requirements

365

Architecture

a number of layers of circuitry and logic, arranged in a hierarchical structure that interacts with the computer's operating system

366

Operating system (OS)

contains programs that interface between the user, processor and applications software; provides the primary means of managing the sharing and use of computer resources such as processors, real memory, auxiliary memory and I/O devices

367

Access control software

software designed to prevent unauthorized access to data, unauthorized use of system functions and programs, and unauthorized updates/changes to data, and to detect or prevent unauthorized attempts to access computer resources

368

Data communications software

software that is used to transmit messages or data from one point to another, which may be local or remote

369

Data management

capabilities that are enabled by the system software components that enact and support the definition, storage, sharing and processing of user data, and deal with file management

370

Database management system (DBMS)

system software that aids in organizing, controlling and using the data needed by application programs

371

Data dictionary / directory system (DD/DS)

helps define and store source and object forms of all data definitions for external schemas, conceptual schemas, the internal schema and all associated mappings

372

Hierarchical database model

model where there is a hierarchy of parent and child data segments (parent-child relationships) that are 1:N relationships between record types

373

Network database model

a flexible way of representing objects and their relationships (each entity can have multiple relationships); rarely used in current environments

374

Relational database model

a relational model based on the set theory and relational calculations that allows the definition of data structures, storage/retrieval operations and integrity constraints

375

Data normalization

a technique to make complex databases more efficient by eliminating as much redundant data as possible

376

Utility programs

system software used to perform maintenance and routines that frequently are required during noromal processing operations

377

concurrent licensing

where a number of users can access the software on the network at one time

378

Digital rights management

refers to access control technologies that can be used by hardware manufacturers, publishers, copyright holders and individuals to impose limitations on the usage of digital content and devices

379

Packet switching

a technology in which users share common carrier resources

380

Baseband

the signals are directly injected on the communication link so that one single channel is available on that link for transmitting signals; the entire capacity of the communication channel is used to transmit one data signal and communication can move in only one direction at a time

381

Broadband network

different carrier frequencies defined within the available band, can carry analog signals as if they were placed on separate baseband channels

382

Telecommunications

the electronic transmission of data, sound and images between connected end systems

383

Personal area networks (PANs)

microcomputer network used for communications among computer devices being used by an individual person (typical range of 33 ft)

384

Local area networks (LANs)

computer networks that cover a limited area such as a home, office or campus with higher data transfer rates

385

Wide area networks (WANs)

computer networks that cover a broad area such as a city, region, nation or an international link

386

Metropolitan area networks (MANs)

WANs that are limited to a city or region; higher data transfer rates than WANs

387

Storage area networks (SANs)

a variation of LANs and are dedicated to connecting storage devices to servers and other computing devices

388

Network services

functional features made possible by appropriate OS applications that allow orderly utilization of the resources on the network

389

Copper (twisted-pair) circuits

two insulated wires are twisted around each other, with current flowing through them in opposite directions

390

Fiber-optic systems

glass fibers are used to carry binary signals as flashes of light

391

Radio systems (wireless)

data are communicated between devices using low-powered systems that broadcast and receive electromagnetic signals representing data

392

Microwave radio systems

provide line-of-site transmission of voice and data through the air

393

Satellite radio link systems

contain several receiver/amplifier/transmitter sections called transponders; sends narrow beams of microwave signals between Earth and a satellite

394

LAN topologies

define how networks are organized from a physical standpoint

395

Protocols

define how information transmitted over the network is interpreted by systems

396

Switch

a data link level device that can divide and interconnect network segments and help to reduce collision domains in Ethernet-based networks

397

Star topology

a network topology in which all computers and other devices are connected to a central host computer; all communications between network devices must pass through the host computer

398

Bus topology

a networking configuration in which all devices are connected to a central high-speed cable called the bus or backbone

399

Ring topology

a network configuration in which the computers and peripherals are laid out in a configuration resembling a circle; data flows around the circle from device to device in one direction only

400

Repeaters

physical layer devices that extend the range of a network or connect two separate network segments together

401

Hubs

physical layer devices that serve as the center of a star topology network or network concentrator

402

Bridges

data link layer devices developed to connect LANs or create two separate LAN or WAN network segments from a single segment to reduce collision domains

403

Routers

data link layer devices that link two or more physically separate network segments; operate by examining network addresses and making intelligent decisions to direct packets to their destination

404

Gateways

devices that are protocol converters; typically connect and convert between LANs and the mainframe or the Internet

405

Message switching

sends a complete message to the concentration point for storage and routing to the destination point as soon as a communications path becomes available

406

Packet switching

a sophisticated means of maximizing transmission capacity of networks; breaks a message into transmission units (called packets) and routing them individually through the network, depending on the availability of a channel for each packet

407

Circuit switching

a physical communications channel is established between communicating equipment, through a circuit-switched network

408

Virtual circuits

a logical circuit between two network devices that provides for reliable data communications

409

Modem

convert computer digital signals into analog data signals and analog data back to digital; make it possible to use analog lines as transmission media for digital networks

410

Multiplexor

a physical layer device used when a physical circuit has more bandwidth capacity than required by individual signals; can allocate portions of its total bandwidth and use each portion as a separate signal link

411

Point-to-point protocol (PPP)

provides a single, preestablished WAN communication path from the customer premises to a remote network, usually reached through a carrier network such as a telephone company

412

Virtual private network (VPN)

extends the corporate network securely via encrypted packets sent out via virtual connections over the public Internet to distant offices, home workers, salespeople, and business partners

413

Wireless wide area networking

the process of linking different networks over a large geographical area to allow wider IT resource sharing and connectivity

414

Wireless LANs (WLANs)

connects computers and other components to the network using an access point device (wireless)

415

Wireless PANs (WPANs)

short-range wireless networks that connect wireless devices to one another (ex: Bluetooth)

416

Bluetooth

a wireless protocol that connects devices within a range of up to 49 ft and has become a feature on some PDAs, mobile phones, mice, printers, etc.

417

Ad hoc networks

networks designed to dynamically connect remote devices such as cell phones, laptops, and PDAs; have shifting network topologies and maintain random network configurations, relying on a system of mobile routers connected by wireless links to enable devices to communicate

418

Wireless application protocol (WAP)

a general term used to describe the multilayered protocol and related technologies that bring Internet content to wireless mobile devices such as PDAs and cell phones

419

Transmission Control Protocol/Internet Protocol (TCP/IP)

protocol that connects computers to the Internet; tells computers how to exchange information over the Internet

420

Uniform resource locator (URL)

identifies the address on the www where a specific resource is located

421

Cookie

a message kept in the web browser for the purpose of identifying users and possibly preparing customized web pages for them

422

Applets

programs downloaded from web servers that execute in web browsers on client machines to run any web based application

423

Bookmark

a marker or address that identifies a document or a specific place in a document

424

Network access point (NAP)

a traffic concentration spot, usually the point of convergence for Internet access by many Internet service providers

425

Internet Service Provider (ISP)

a company that provides the communication lines and services for connecting users

426

Domain name system (DNS)

a distributed database system that translates hostnames to IP addresses and IP addresses to hostnames

427

File transfer protocol (FTP)

a protocol that supports one of the most popular uses of the Internet, downloading files (i.e. transferring files from a computer on the Internet to the user's computers)

428

Transborder data flow

refers to data transmission between two countries

429

Latency

the delay that a message or packet will experience on its way from source to destination

430

Throughput

the quantity of useful work made by the system per unit of time

431

Client-server

a network architecture in which each computer or process on the network is either a server (a source of services and data) or a client (a user of these services and data that relies on servers to obtain them)

432

Thin client

a client that relies on another host for the majority of processing and hard disk resources necessary to run applications and share files over the network

433

Thick client

application processes most or all of its business logic on local computing resources (e.g., the desktop PC)

434

Middleware

a class of software employed by client-server applications that serves as the glue between two otherwise distinct application and provides services such as identification, authentication, authorization, directories and security; resides between the application and the network and manages the interaction between the GUI on the front end and data servers on the back end

435

Recovery point objective (RPO)

determined based on the acceptable data loss in case of disruption of operations and indicates the earliest point in time in which it is acceptable to recover the data; effectively quantifies the permissible amount of data loss in case of interruption (measured in time)

436

Recovery time objective (RTO)

determined based on the acceptable downtime in case of a disruption of operations and indicates the earliest point in time at which the business operations must resume after a disaster

437

Recovery strategy

identifies the best way to recover a system in case of interruption, including disaster, and provides guidance based on which detailed recovery procedures can be developed

438

Cold site

facility with the space and basic infrastructure adequate to support resumption of operations, but lacking any IT or communications equipment, programs, data or office support

439

Mobile site

packaged, modular processing facility mounted on transportable vehicles and kept ready to be delivered and set up at a location that may be specified upon activation

440

Warm site

facility with the space and basic infrastructure, and some or all of the required IT and communications equipment installed

441

Reciprocal agreement

agreement between separate, but similar, companies to temporarily share their IT facilities in the even that one company loses processing capability

442

Hot site

facility with space and basic infrastructure and all of the IT and communications equipment required to support the critical applications, along with office furniture and equipment for use by the staff

443

Mirrored site

fully redundant site with real-time data replication from the production site

444

Cluster

a type of software (agent) that is installed on every server (node) in which the application runs and includes management software that permits control of an tuning the cluster behavior

445

Active-passive cluster

the application runs on only one (active) node, while the other (passive) nodes are used only if the application fails on the active node

446

Active-active cluster

the application runs on every node of the cluster; cluster agents coordinate the information processing between all of the nodes, providing load balancing and coordinating concurrent data access

447

Redundant array of independent disks (RAID)

way to protect data against disk failure by breaking up data and writing data to a series of multiple disks to simultaneously improve performance and/or save large files

448

IT Disaster recovery plan

a well-structured collection of processes and procedures intended to make the disaster response and recover effort swift, efficient and effective to achieve the synergy between recovery teams (IT specifically)

449

Virtual tape libraries (VTLs)

systems that consist of disk storage and software that control backup and recovery data sets and behave like a conventional tape library, however data is stored on a disk array

450

Host-based replication

replication is executed at the host (server) level by a special software running on this server and on the target server

451

Disk-array based replication

the replication is performed at the disk array level, completely hidden from servers and application

452

Snapshots

technology that is very flexible, allowing making different types of momentary copies of volumes or file systems

453

Full backup

type of backup that scheme copies all files and folders to the backup media, creating one backup set

454

Incremental backup

type of backup that copies the files and folders that changes or are new since the last incremental or full backup

455

Differential backup

type of backup that copies all files and folders that have been added or changed since a full backup was performed; faster and requires less media capacity than a full backup

456

Grandfather-Father-Son backup method

a backup method in which daily backups (sons) are made over the course of a week, the final backup during the week becomes the backup for that week (father), the earlier daily backup media are then rotated for reuse as backup media for the second week, at the end of the month, the final weekly backup is retained as the backup for that month (grandfather)

457

IS Operations

responsible for the ongoing support of an organization's computer and information systems environment

458

IS Management

has the overall responsibility for all operations within the IS department

459

IT Service Management

a concept that comprises processes and procedures for efficient and effective delivery of IT services to business

460

Delta release

a release that contains only those items that have undergone changes since the last release

461

Service Level Agreement

an agreement between the IT organization and the customer that details the service(s) to be provided; the IT organization could be an internal IT department or an external IT service provider, and the customer is the business

462

Service level management

the process of defining, agreeing upon, documenting and managing levels of service that are required and cost justified

463

Exception reports

automated reports that identify all applications that did not successfully complete or otherwise malfunctioned

464

System and application logs

logs generated from various systems and applications that should be considered to identify all application problems and provide additional, useful information regarding activities performed on the computer since most abnormal system and application events will generate a record in the logs

465

Operator problem reports

manual reports that are used by operators to log computer operations problems and their resolutions

466

Operator work schedules

schedules that are generally maintained manually by IS management to assist in human resource planning

467

Job scheduling

a major function within the IS department that includes scheduling jobs that must be run, the sequence of job execution and the conditions that cause program execution

468

Job scheduling software

system software used by installations that process a large number of batch routines

469

Incident management

focuses on providing increased continuity of service by reducing or removing the adverse effect of disturbances to IT services, and covers almost all nonstandard operations of IT services

470

Problem management

aims to resolve issues through the investigation and in-depth analysis of a major incident, or several incidents that are similar in nature, in order to identify the root cause

471

Change control procedures

part of change management that are established to control the movement of applications from the test environment, where development and maintenance occurs, to the quality assurance (QA) environment, to the production environment

472

Release management

the process responsible for planning, scheduling and controlling the movement of releases to test and live environments; primary objective is to ensure that the integrity of the live environment is protected and that the correct components are released

473

Information security management

ensures continuous IT operation and security of business process and data

474

Media sanitization

establishes the controls, techniques & processes necessary to preserve the confidentiality of sensitive info stored on media to be reused, transported, or discarded; involves the eradication of information recorded on storage media to the extent of providing reasonable assurance dat residual content cannot be salvaged or restored

475

Central processing unit (CPU)

executes commands from a computer's hardware and software; the principal computer chip that contains several processing components, which determines the computer's operating speed; the "brain" of a computer

476

Random access memory (RAM)

temporary memory a computer uses to store information while it is processing; memory is volatile

477

Read-only memory

form of primary memory that holds items that can be read but not erased or changed by normal computer input; memory is nonvolatile

478

Print servers

servers that allow businesses to consolidate printing resources for cost-savings

479

File servers

servers that provide for organization-wide access to files and programs

480

Application (program) servers

servers that host the software programs that provide application access to client computers, including the processing of the application business logic and communication with the application's database

481

Web servers

servers that provide information and services to external customers and internal employees through web pages

482

Proxy servers

servers that provide an intermediate link between users and resources; servers that access services on a user's behalf

483

Database servers

servers that store raw data and act as a repository for storing information rather than presenting it to be usable

484

Appliances

provide a specific service and normally would not be capable of running other services; these devices are significantly smaller, faster, and very efficient

485

Universal serial bus

a serial bus standard that interfaces devices with a host; was designed to allow connection of many peripherals to a single standardized interface socket; allows devices to be connected and disconnected without rebooting

486

Memory card / flash drive

a solid-state electronic data storage device used with digital cameras, handheld and mobile computers, telephones, music players, video game consoles and other electronics

487

Radio frequency identification (RFID)

uses radio waves to identify tagged objects within a limited radius

488

Capacity management

the planning and monitoring of computing and network resources to ensure that the available resources are used efficiently and effectively

489

Capacity planning

the process of ensuring that the resource provision can always meet business requirements

490

Architecture

a number of layers of circuitry and logic, arranged in a hierarchical structure that interacts with the computer's operating system

491

Operating system (OS)

contains programs that interface between the user, processor and applications software; provides the primary means of managing the sharing and use of computer resources such as processors, real memory, auxiliary memory and I/O devices

492

Access control software

software designed to prevent unauthorized access to data, unauthorized use of system functions and programs, and unauthorized updates/changes to data, and to detect or prevent unauthorized attempts to access computer resources

493

Data communications software

software that is used to transmit messages or data from one point to another, which may be local or remote

494

Data management

capabilities that are enabled by the system software components that enact and support the definition, storage, sharing and processing of user data, and deal with file management

495

Database management system (DBMS)

system software that aids in organizing, controlling and using the data needed by application programs

496

Data dictionary / directory system (DD/DS)

helps define and store source and object forms of all data definitions for external schemas, conceptual schemas, the internal schema and all associated mappings

497

Hierarchical database model

model where there is a hierarchy of parent and child data segments (parent-child relationships) that are 1:N relationships between record types

498

Network database model

a flexible way of representing objects and their relationships (each entity can have multiple relationships); rarely used in current environments

499

Relational database model

a relational model based on the set theory and relational calculations that allows the definition of data structures, storage/retrieval operations and integrity constraints

500

Data normalization

a technique to make complex databases more efficient by eliminating as much redundant data as possible