Glossary of Terms Flashcards Preview

CISM > Glossary of Terms > Flashcards

Flashcards in Glossary of Terms Deck (182)
Loading flashcards...


An abnormal end to a computer job; termination of a task prior to its completion because of an
error condition that cannot be resolved by recovery facilities while the task is executing


interruption window

The maximum period of time that a system can be unavailable before compromising the
achievement of the enterprise's business objectives


Acceptable User Policy (AUP)

A policy that establishes an agreement between users and the enterprise and defines for all parties' the ranges of use that are approved before gaining access to a network or the Internet.


Access Control

The processes, rules and deployment mechanisms that control access to information systems,
resources and physical access to premises


Access Control Lists (ACL)

An internal computerized table of access rules regarding the levels of computer access permitted to logon IDs and computer terminals
Scope Note: Also referred to as access control tables


Access control table

An internal computerized table of access rules regarding the levels of computer access permitted to
logon IDs and computer terminals


Access method

The technique used for selecting records in a file, one at a time, for processing, retrieval or storage
The access method is related to, but distinct from, the file organization, which determines how the records are stored.


Access Path

The logical route that an end user takes to access computerized information

Scope Note: Typically includes a route through the operating system, telecommunications software, selected application software and the access control system


Access Rights

The permission or privileges granted to users, programs or workstations to create, change, delete or view data and files within a system, as defined by rules established by data owners and the information security policy


Access Servers

Provides centralized access control for managing remote access dial‐up services



The ability to map a given activity or event back to the responsible party


Accountability of

Governance ensures that enterprise objectives are achieved by evaluating stakeholder needs, conditions and options; setting direction through prioritization and decision making; and monitoring performance, compliance and progress against plans.

In most enterprises, governance is the responsibility of the board of directors under the leadership of the

Scope Note: COBIT 5 Perspective


Accountable party

The individual, group or entity that is ultimately responsible for a subject matter, process or scope
Scope Note: Within the IT Assurance Framework (ITAF), the term "management" is equivalent to "accountable party."


Acknowledgement (ACK)

A flag set in a packet to indicate to the sender that the previous packet sent was accepted correctly by the receiver without errors, or that the receiver is now ready to accept a transmission.


Active recovery site

A recovery strategy that involves two active sites, each capable of taking over the other's workload in the event of a disaster

Scope Note: Each site will have enough idle processing power to restore data from the other site and to accommodate the excess workload in the event of a disaster.


Active Response

A response in which the system either automatically, or in concert with the user, blocks or otherwise affects the
progress of a detected attack.

Scope Note: Takes one of three forms: amending the environment, collecting more information or striking back against the user



The main actions taken to operate the COBIT process



Within computer storage, the code used to designate the location of a specific piece of data


Address Space

The number of distinct locations that may be referred to with the machine address.

Scope Note: For most binary machines, it is equal to 2n, where n is the number of bits in the machine address.



The method used to identify the location of a participant in a network


Adjusting period

The calendar can contain "real" accounting periods and/or adjusting accounting periods. The "real" accounting periods must not overlap and cannot have any gaps between them. Adjusting accounting periods can overlap with other accounting periods.


Administrative control

The rules, procedures and practices dealing with operational effectiveness, efficiency and adherence
to regulations and management policies


Advanced Encryption Standard (AES)

A public algorithm that supports keys from 128 bits to 256 bits in size


Advanced Persistent Threat (APT)

An adversary that possesses sophisticated levels of expertise and significant resources which allow it to createopportunities to achieve its objectives using multiple attack vectors (NIST SP800‐61)

Scope Note: The APT:
1. pursues its objectives repeatedly over an extended period of time
2. adapts to defenders’ efforts to resist it
3. is determined to maintain the level of interaction needed to execute its objectives



A threat actor / agent



A software package that automatically plays, displays or downloads advertising material to a computer after the
software is installed on it or while the application is being used


Alert Situation

The point in an emergency procedure when the elapsed time passes a threshold and the interruption is not resolved. The enterprise entering into an alert situation initiates a series of escalation steps



A state where the enablers of governance and management of enterprise IT support the goals and strategies of the enterprise


Allocation Entry

A recurring journal entry used to allocate revenues or costs

Scope Note: For example, an allocation entry could be defined to allocate costs to each department based on head count.



The use of alphabetic characters or an alphabetic character string