Glossary- A Flashcards Preview

CISA > Glossary- A > Flashcards

Flashcards in Glossary- A Deck (49):
1

acceptable use

Security policy that defines the types of activities that are acceptable and those that are not acceptable.

2

access bypass

Any attempt by an intruder to bypass access controls in order to gain entry into a system.

3

access control

Any means that detects or prevents unauthorized access and that per- mits authorized access.

4

access control list (ACL)

An access control method where a list of permitted or de- nied users (or systems, or services, as the case may be) is used to control access.

5

access control log

A record of attempted accesses.

6

access control policy

Statement that defines the policy for the granting, review, and
revocation of access to systems and work areas.

7

access management

A formal business process that is used to control access to net- works and information systems.

8

access point

A device that provides communication services using the 802.11 (Wi-Fi) protocol standard.

9

access review

A review of the users, systems, or other subjects that are permitted to access protected objects. The purpose of a review is to ensure that all subjects should still be authorized to have access.

10

account lockout

An administrative lock that is placed on a user account when a pre- determined event occurs, such as reaching an expiration date, or when there have been several unsuccessful attempts to access the user account.

11

address resolution protocol (ARP)

A standard network protocol used to obtain the address for another station on a local area network (LAN).

12

administrative audit

An audit of operational efficiency.

13

administrative control

Controls in the form of policies, processes, procedures, and
standards.

14

agile development

Software development process where a large project team is bro- ken up into smaller teams, and project deliverables are broken up into smaller pieces, each of which can be attained in a few weeks.

15

algorithm

In cryptography, a specific mathematical formula that is used to perform encryption, decryption, message digests, and digital signatures.

16

annualized loss expectancy (ALE)

The expected loss of asset value due to threat real- ization. ALE is defined as SLE × ARO.

17

annualized rate of occurrence (ARO)

An estimate of the number of times that a threat will occur every year.

18

anti-malware

See antivirus software.

19

antivirus software

Software that is designed to detect and remove viruses and other
forms of malware.

20

AppleTalk

The suite of protocols used to transmit packets from one station to an- other over a network.

21

appliance

A type of computer with preinstalled software that requires little or no maintenance.

22

application

Layer 7 of the OSI network model. See also OSI network model.

OR

Layer 4 of the TCP/IP network model. The purpose of the application layer is the delivery of messages from one process to another on the same network or on different networks. See also TCP/IP network model.

23

application firewall

A device used to control packets being sent to an application server, primarily to block unwanted or malicious content.

24

application programming language

See programming language.

25

application server

A server that runs application software.

26

architecture standard

A standard that defines technology architecture at the data- base, system, or network level.

27

arithmetic logic unit (ALU)

The part of a central processing unit that performs arith- metic computations. See central processing unit.

28

asset inventory

The process of confirming the existence, location, and condition of assets; also, the results of such a process.

29

asset management

The processes used to manage the inventory, classification, use, and disposal of assets.

30

assets

The collection of property that is owned by an organization.

31

asset value (AV)

The value of an IT asset, which is usually (but not necessarily) the
asset’s replacement value.

32

asymmetric encryption

A method for encryption, decryption, and digital signatures that uses pairs of encryption keys, consisting of a public key and a private key.

33

asynchronous replication

A type of replication where writing data to the remote storage system is not kept in sync with updates on the local storage system. Instead,there may be a time lag, and there is no guarantee that data on the remote system is identical to that on the local storage system. See also replication.

34

asynchronous transfer mode (ATM)

A LAN and WAN protocol standard for sending messages in the form of cells over networks. On an ATM network, all messages are transmitted in synchronization with a network-based time clock. A station that wishes to send a message to another station must wait for the time clock.

35

atomicity

The characteristic of a complex transaction whereby it is either performed completely as a single unit or not at all.

36

attribute sampling

A sampling technique used to study the characteristics of a pop- ulation to determine how many samples possess a specific characteristic. See also sampling.

37

audit charter

A written document that defines the mission and goals of the audit program as well as roles and responsibilities.

38

audit logging

A feature in an application, operating system, or database management system where events are recorded in a separate log.

39

audit methodology

A set of audit procedures that is used to accomplish a set of audit objectives.

40

audit objective

The purpose or goals of an audit. Generally, the objective of an audit is to determine if controls exist and are effective in some specific aspect of business operations in an organization.

41

audit procedures

The step-by-step instructions and checklists required to perform specific audit activities. Procedures may include a list of people to interview and ques- tions to ask them, evidence to request, audit tools to use, sampling rates, where and how evidence will be archived, and how evidence will be evaluated.

42

audit program

The plan for conducting audits over a long period.

43

audit report

The final, written product of an audit. An audit report will include a description of the purpose, scope, and type of audit performed; persons interviewed; evidence collected; rates and methods of sampling; and findings on the existence and effectiveness of each control.

44

audit scope

The process, procedures, systems, and applications that are the subject of an audit.

45

authentication

The process of asserting one’s identity and providing proof of that identity. Typically, authentication requires a user ID (the assertion) and a password (the proof). However, authentication can also require stronger means of proof, such as a digital certificate, token, smart card, or biometric.

46

authorization

The process whereby a system determines what rights and privileges a user has.

47

automated workpapers

Data that has been captured by computer-assisted audit tech- niques. See also computer-assisted audit technique (CAAT).

48

automatic control

A control that is enacted through some automatic mechanism that requires little or no human intervention.

49

availability management

The IT function that consists of activities concerned with the availability of IT applications and services. See also IT service management.