Glossary Flashcards Preview

CISA > Glossary > Flashcards

Flashcards in Glossary Deck (85)
Loading flashcards...
1

atomicity

The characteristic of a complex transaction whereby it is either performed completely as a single unit or not at all.

2

attribute sampling

A sampling technique used to study the characteristics of a population to determine how many samples possess a specific characteristic. See also sampling.

3

audit charter

A written document that defines the mission and goals of the audit program as well as roles and responsibilities

4

802.11

The wireless network standard commonly known as "Wi-Fi" that can transport data up to 108 Mbit/sec up to a distance of 300 m.

5

802.1X

A standard for network authentication and access control for devices designed to attach to a LAN or wireless LAN.

6

acceptable use

Security policy that defines the types of activities that are acceptable and those that are not acceptable.

7

access bypass

Any attempt by an intruder to bypass access controls in order to gain entry into a system.

8

access control

Any means that detects or prevents unauthorized access and that permits authorized access.

9

access control list (ACL)

An access control method where a list of permitted or denied users (or systems, or services, as the case may be) is used to control access.

10

access control log

A record of attempted accesses.

11

access control policy

Statement that defines the policy for the granting, review, and revocation of access to systems and work areas.

12

access management

A formal business process that is used to control access to networks and information systems.

13

access point

A device that provides communication services using the 802.11 (Wi-Fi) protocol standard.

14

access review

A review of the users, systems, or other subjects that are permitted to access protected objects. The purpose of a review is to ensure that all subjects should still be authorized to have access.

15

account lockout

An administrative lock that is placed on a user account when a predetermined event occurs, such as reaching an expiration date, or when there have been several unsuccessful attempts to access the user account.

16

accumulation of privileges

A situation where an employee accumulates computer system access privileges over a long period of time, due to internal transfers or other privilege changes, and old access privileges are not removed.

17

Address Resolution Protocol (ARP)

A standard network protocol used to obtain the address for another station on a local area network (LAN).

18

administrative audit

An audit of operational efficiency.

19

administrative control

Controls in the form of policies, processes, procedures, and standards.

20

agile development

Software development process where a large project team is broken up into smaller teams, and project deliverables are broken up into smaller pieces, each of which can be attained in a few weeks.

21

algorithm

In cryptography, a specific mathematical formula that is used to perform encryption, decryption, message digests, and digital signatures.

22

annualized loss expectancy (ALE)

The expected loss of asset value due to threat realization. ALE is defined as SLE × ARO.

23

annualized rate of occurrence (ARO)

An estimate of the number of times that a threat will occur every year.

24

anti-malware

Software that uses various means to detect and block malware. See also antivirus software.

25

antivirus software

Software that is designed to detect and remove viruses and other forms of malware.

26

AppleTalk

The suite of protocols developed by Apple Computer used to transmit packets from one station to another over a network.

27

appliance

A type of computer with preinstalled software that requires little or no maintenance.

28

application firewall

A device used to control packets being sent to an application server, primarily to block unwanted or malicious content.

29

application layer (OSI model)

Layer 7 of the OSI network model. See also OSI network model.

30

application layer (TCP/IP model)

Layer 4 of the TCP/IP network model. The purpose of the application layer is the delivery of messages from one process to another on the same network or on different networks. See also TCP/IP network model.