Flashcards in Glossary- C Deck (78):
A method for ensuring the timely notification of key personnel, such as after a disaster.
campus area network (CAN)
The interconnection of LANs for an organization that has buildings in close proximity.
capability maturity model
A model that is used to measure the relative maturity of an organization or of its processes.
capability maturity model integration (CMMI)
A maturity model that represents the aggregation of other maturity models.
The IT function that consists of activities that confirm there is sufficient capacity in IT systems and IT processes to meet service needs. Primarily, an IT system or process has sufficient capacity if its performance falls within an acceptable range, as specified in service-level agreements (SLAs). See also IT service management, service-level agreement.
A twisted-pair cabling standard that is capable of transporting 10MB Eth- ernet up to 100 m (328 ft). See also twisted-pair cable.
A twisted-pair cabling standard that is capable of transporting 10MB, 100MB, and 1000MB (1GB) Ethernet up to 100 m (328 ft). See also twisted-pair cable.
A twisted-pair cabling standard that is capable of transporting 10MB, 100MB, and 1000MB (1GB) Ethernet up to 100 m (328 ft). Category 6 has the same trans- port capability as Category 5, but has better noise resistance. See also twisted-pair cable.
A twisted-pair cabling standard that is capable of transporting 10GB Eth- ernet over 100 m (328 ft). See also twisted-pair cable.
A new cable standard, still under development, designed for high-speed networking. See also twisted-pair cable.
central processing unit (CPU)
The main hardware component of a computer that executes program instructions.
certificate authority (CA)
A trusted party that stores digital certificates and public encryption keys.
certificate revocation list (CRL)
An electronic list of digital certificates that have been revoked prior to their expiration date.
certification practice statement (CPS)
A published statement that describes the practices used by the CA to issue and manage digital certificates.
chain of custody
Documentation that shows the acquisition, storage, control, and analysis of evidence. The chain of custody may be needed if the evidence is to be used in a legal proceeding.
See change management.
The IT function that is used to control changes made to an IT environment. See also IT service management.
A formal request for a change to be made in an environment. See also change management.
A formal review of a requested change. See also change request, change management.
channel service unit/data service unit (CSU/DSU)
A device used to connect a tele- communications circuit to a local device such as a router.
An electronic or mechanical door equipped with combination locks. Only persons who know the combination may unlock the door.
A message, file, or stream of data that has been transformed by an encryp- tion algorithm and rendered unreadable.
A WAN technology where a dedicated, end-to-end communications channel is established that lasts for the duration of the connection.
CISC (complex instruction set computer)
A central processing unit design that uses a comprehensive instruction set. See also central processing unit.
The characteristics of an object, including its attributes, properties, fields, and the methods it can perform. See also object, method.
A repository where classes are stored. See also class.
A TCP/IP network whose addressing fits into one of the classes of networks: Class A, Class B, or Class C. A classful network will have a predetermined address range and subnet mask.
A TCP/IP network whose addressing does not fit the classful net- work scheme, but instead uses an arbitrary subnet mask, as determined by the net- work’s physical and logical design.
An application design where the database and some busi- ness logic are stored on a central server and where some business logic plus display logic are stored on each user’s workstation.
A technique of providing a dynamically scalable and usually virtu- alized computing resource as a service.
A tightly coupled collection of computers that are used to solve a common task. In a cluster, one or more servers actively perform tasks, while zero or more com- puters may be in a “standby” state, ready to assume active duty should the need arise.
A type of network cable that consists of a solid inner conductor surrounded by an insulating jacket, which is surrounded by a metallic shield, which in turn is sur- rounded by a plastic jacket.
code division multiple access (CDMA)
An airlink standard for wireless communica- tions between mobile devices and base stations.
code division multiple access 2000 (CDMA2000)
An airlink standard for wireless communications between mobile devices and base stations.
code of ethics
A statement that defines acceptable and unacceptable professional conduct.
A device or program that encodes or decodes a data stream.
An alternate processing center where the degree of readiness for recovery systems is low. At the very least, a cold site is nothing more than an empty rack, or just allocated space on a computer room floor.
A control that is implemented because another control can- not be implemented or is ineffective.
An audit to determine the level and degree of compliance to a law, regulation, standard, contract provision, or internal control.
A type of testing that is used to determine if control procedures have been properly designed and implemented, and are operating properly.
A software development life cycle process where various components of a larger system are developed separately.
computer-aided software engineering (CASE)
A broad variety of tools that are used to automate various aspects of application software development.
computer-assisted audit technique (CAAT)
Any technique where computers are used to automate or simplify the audit process.
Unlawful entry into a computer or application.
The probability that a sample selected actually represents the
entire population. This is usually expressed as a percentage.
The IT function where the configuration of components in an IT environment is independently recorded. Configuration management is usually supported by the use of automated tools used to inventory and control system configu- rations. See also IT service management.
configuration management database (CMDB)
A repository for every component in an environment that contains information on every configuration change made on those components.
A standard that defines the detailed configurations that are used in servers, workstations, operating systems, database management systems, appli- cations, network devices, and other systems.
A plan by two or more persons to commit an illegal act.
constructive cost model (COCOMO)
A method for estimating software develop- ment projects based on the number of lines of code and the complexity of the software being developed.
A list of key personnel and various methods used to contact them. See also response document.
continuity of operations plan (COOP)
The activities required to continue critical and strategic business functions at an alternate site. See also response document.
continuous and intermittent simulation (CIS)
A continuous auditing technique where flagged transactions are processed in a parallel simulation and the results com- pared to production processing results.
An auditing technique where sampling and testing are auto- mated and occur continuously.
A binding legal agreement between two parties that may be enforceable in a court of law.
Policies, processes, and procedures that are created to achieve desired events or to avoid unwanted events.
The result of an audit of a control where the control is determined to be ineffective.
A foundational statement that describes desired states or outcomes from business operations.
Control Objectives for Information and related Technology (COBIT)
A control framework for managing information systems and security. COBIT is published by ISACA.
The risk that a material error exists that will not be prevented or detected by the organization’s control framework.
control self-assessment (CSA)
A methodology used by an organization to review key business objectives, risks, and controls. Control self-assessment is a self-regulation activity.
An action that is initiated to correct an undesired condition.
A control that is used after an unwanted event has occurred.
An audit technique where an IS auditor interviews additional person- nel to confirm the validity of evidence obtained from others who were interviewed previously.
Any activity or mechanism that is designed to reduce risk.
Hard barriers that lift into position, preventing the entry (or exit) of unau-
thorized vehicles, and that can be lowered to permit authorized vehicles.
critical path methodology (CPM)
A technique that is used to identify the most criti- cal path in a project to understand which tasks are most likely to affect the project schedule.
criticality analysis (CA)
A study of each system and process, a consideration of the impact on the organization if it is incapacitated, the likelihood of incapacitation, and the estimated cost of mitigating the risk or impact of incapacitation.
cross-over error rate
The point at which the false reject rate (FRR) equals the false accept rate (FAR). This is the ideal point for a well-tuned biometric system. See also biometrics, false reject rate, and false accept rate.
An attack on a cryptosystem where the attacker is attempting to deter- mine the encryption key that is used to encrypt messages.
The practice of hiding information from unwanted persons.
A set of algorithms used to generate an encryption key, to perform en-
cryption, and to perform decryption.
A person or group delegated to operate or maintain an asset.
customer relationship management (CRM)
An IS application that is used to track the details of the relationships with each of an organization’s customers.
A unique change that is made to a computer program or system.
The step in the software development life cycle where an old replaced system
is shut down and a new replacement system is started.
An actual test of disaster recovery (DR) and/or business continuity re- sponse plans. The purpose of a parallel test is to evaluate the ability of personnel to follow directives in emergency response plans—to actually set up the DR business pro- cessing or data processing capability. In a cutover test, personnel shut down production systems and operate recovery systems to assume actual business workload. See also di- saster recovery plan.