Glossary of Terms Flashcards
1
Q
Abend
A
An abnormal end to a computer job; termination of a task prior to its completion because of an
error condition that cannot be resolved by recovery facilities while the task is executing
2
Q
Acceptable
interruption window
A
The maximum period of time that a system can be unavailable before compromising the
achievement of the enterprise’s business objectives
3
Q
Acceptable User Policy (AUP)
A
A policy that establishes an agreement between users and the enterprise and defines for all parties’ the ranges of use that are approved before gaining access to a network or the Internet.
4
Q
Access Control
A
The processes, rules and deployment mechanisms that control access to information systems,
resources and physical access to premises
5
Q
Access Control Lists (ACL)
A
An internal computerized table of access rules regarding the levels of computer access permitted to logon IDs and computer terminals
Scope Note: Also referred to as access control tables
6
Q
Access control table
A
An internal computerized table of access rules regarding the levels of computer access permitted to
logon IDs and computer terminals
7
Q
Access method
A
The technique used for selecting records in a file, one at a time, for processing, retrieval or storage
The access method is related to, but distinct from, the file organization, which determines how the records are stored.
8
Q
Access Path
A
The logical route that an end user takes to access computerized information
Scope Note: Typically includes a route through the operating system, telecommunications software, selected application software and the access control system
9
Q
Access Rights
A
The permission or privileges granted to users, programs or workstations to create, change, delete or view data and files within a system, as defined by rules established by data owners and the information security policy
10
Q
Access Servers
A
Provides centralized access control for managing remote access dial‐up services
11
Q
Accountability
A
The ability to map a given activity or event back to the responsible party
12
Q
Accountability of
governance
A
Governance ensures that enterprise objectives are achieved by evaluating stakeholder needs, conditions and options; setting direction through prioritization and decision making; and monitoring performance, compliance and progress against plans.
In most enterprises, governance is the responsibility of the board of directors under the leadership of the
chairperson.
Scope Note: COBIT 5 Perspective
13
Q
Accountable party
A
The individual, group or entity that is ultimately responsible for a subject matter, process or scope
Scope Note: Within the IT Assurance Framework (ITAF), the term “management” is equivalent to “accountable party.”
14
Q
Acknowledgement (ACK)
A
A flag set in a packet to indicate to the sender that the previous packet sent was accepted correctly by the receiver without errors, or that the receiver is now ready to accept a transmission.
15
Q
Active recovery site
Mirrored
A
A recovery strategy that involves two active sites, each capable of taking over the other’s workload in the event of a disaster
Scope Note: Each site will have enough idle processing power to restore data from the other site and to accommodate the excess workload in the event of a disaster.
16
Q
Active Response
A
A response in which the system either automatically, or in concert with the user, blocks or otherwise affects the
progress of a detected attack.
Scope Note: Takes one of three forms: amending the environment, collecting more information or striking back against the user
17
Q
Activity
A
The main actions taken to operate the COBIT process
18
Q
Address
A
Within computer storage, the code used to designate the location of a specific piece of data
19
Q
Address Space
A
The number of distinct locations that may be referred to with the machine address.
Scope Note: For most binary machines, it is equal to 2n, where n is the number of bits in the machine address.
20
Q
Addressing
A
The method used to identify the location of a participant in a network
21
Q
Adjusting period
A
The calendar can contain “real” accounting periods and/or adjusting accounting periods. The “real” accounting periods must not overlap and cannot have any gaps between them. Adjusting accounting periods can overlap with other accounting periods.
22
Q
Administrative control
A
The rules, procedures and practices dealing with operational effectiveness, efficiency and adherence
to regulations and management policies
23
Q
Advanced Encryption Standard (AES)
A
A public algorithm that supports keys from 128 bits to 256 bits in size
24
Q
Advanced Persistent Threat (APT)
A
An adversary that possesses sophisticated levels of expertise and significant resources which allow it to createopportunities to achieve its objectives using multiple attack vectors (NIST SP800‐61)
Scope Note: The APT:
- pursues its objectives repeatedly over an extended period of time
- adapts to defenders’ efforts to resist it
- is determined to maintain the level of interaction needed to execute its objectives
25
Adversary
A threat actor / agent
26
Adware
A software package that automatically plays, displays or downloads advertising material to a computer after the
software is installed on it or while the application is being used
27
Alert Situation
The point in an emergency procedure when the elapsed time passes a threshold and the interruption is not resolved. The enterprise entering into an alert situation initiates a series of escalation steps
28
Alignment
A state where the enablers of governance and management of enterprise IT support the goals and strategies of the enterprise
29
Allocation Entry
A recurring journal entry used to allocate revenues or costs
Scope Note: For example, an allocation entry could be defined to allocate costs to each department based on head count.
30
Alpha
The use of alphabetic characters or an alphabetic character string
31
Alternate Facilities
Locations and infrastructures from which emergency or backup processes are executed, when the main premises are unavailable or destroyed.
Scope Note: Includes other buildings, offices or data processing centers
32
Alternate Process
Automatic or manual process designed and established to continue critical business processes from
point‐of‐failure to return‐to‐normal
33
Alternate Routing
A service that allows the option of having an alternate route to complete a call when the marked destination is not available.
Scope Note: In signaling, alternative routing is the process of allocating substitute routes for a given signaling traffic stream in case of failure(s) affecting the normal signaling links or routes of that traffic stream.
34
ASCII
American Standard Code
for Information
Interchange
35
Amortization
The process of cost allocation that assigns the original cost of an intangible asset to the periods
benefited; calculated in the same way as depreciation
36
Analog
A transmission signal that varies continuously in amplitude and time and is generated in wave formation
Scope Note: Analog signals are used in telecommunications
37
Analytical technique
The examination of ratios, trends, and changes in balances and other values between periods to obtain a broad understanding of the enterprise's financial or operational position and to identify areas that may require further or closer investigation.
Scope Note: Often used when planning the assurance assignment
38
Anomaly
Unusual or statistically rare
39
Anomaly Detection
Detection on the basis of whether the system activity matches that defined as abnormal
40
Anonymity
The quality or state of not being named or identified
41
Anti-malware
A technology widely used to prevent, detect and remove many categories of malware, including computer viruses, worms, Trojans, keyloggers, malicious browser plug‐ins, adware and spyware
42
Antivirus software
An application software deployed at multiple points in an IT architecture It is designed to detect and potentially eliminate virus code before damage is done and repair or quarantine files that have already been infected
43
Appearance
The act of giving the idea or impression of being or doing something
44
Appearance of Independence
Behavior adequate to meet the situations occurring during audit work (interviews, meetings, reporting, etc.)
Scope Note: An IS auditor should be aware that appearance of independence depends on the perceptions of others and can be influenced by improper actions or associations.
45
Applet
A program written in a portable, platform‐independent computer language, such as Java, JavaScript or Visual Basic.
Scope Note: An applet is usually embedded in an HyperText Markup Language (HTML) page downloaded from webservers and then executed by a browser on client machines to run any web‐ based application (e.g., generate web page input forms, run audio/video programs, etc.). Applets can only perform a restricted set of operations, thus preventing, or at least minimizing, the possible security compromise of the host computers. However, applets expose the user's
machine to risk if not properly controlled by the browser, which should not allow an applet to access a machine's information without prior authorization of the user.
46
Application
A computer program or set of programs that performs the processing of records for a specific function
Scope Note: Contrasts with systems programs, such as an operating system or network control program, and with utility programs, such as copy or sort
47
Application acquisition
| review
An evaluation of an application system being acquired or evaluated, that considers such matters as: appropriate
controls are designed into the system; the application will process information in a complete, accurate and reliable manner; the application will function as intended; the application will function in compliance with any applicable statutory provisions; the system is acquired in compliance with the established system acquisition process
48
Application architecture
Description of the logical grouping of capabilities that manage the objects necessary to process information and support the enterprise’s objectives.
Scope Note: COBIT 5 perspective
49
Application benchmarking
The process of establishing the effective design and operation of automated controls within an
application.
50
Application controls
The policies, procedures and activities designed to provide reasonable assurance that objectives
relevant to a given automated solution (application) are achieved
51
Application development
| review
An evaluation of an application system under development that considers matters such as: appropriate controls are designed into the system; the application will process information in a complete, accurate and reliable manner; the application will function as intended; the application will function in compliance with any applicable statutory
provisions; the system is developed in
compliance with the established system development life cycle process
52
Application
| implementation review
An evaluation of any part of an implementation project
| Scope Note: Examples include project management, test plans and user acceptance testing (UAT) procedures.
53
Application layer
In the Open Systems Interconnection (OSI) communications model, the application layer provides services for an application program to ensure that effective communication with another application program in a network is possible.
Scope Note: The application layer is not the application that is doing the communication; a service layer that provides these services.
54
Application maintenance
| review
An evaluation of any part of a project to perform maintenance on an application system.
Scope Note: Examples include project management, test plans and user acceptance testing (UAT) procedures.
55
Application or managed service provider (ASP/MSP)
A third party that delivers and manages applications and computer services, including security services to multiple users via the Internet or a private network.
56
Application Programme
A program that processes business data through activities such as data entry, update or query
Scope Note: Contrasts with systems programs, such as an operating system or network control program, and with utility programs such as copy or sort.
57
Application Programming Interface (API)
A set of routines, protocols and tools referred to as "building blocks" used in business application software
development.
Scope Note: A good API makes it easier to develop a program by providing all the building blocks related to functional characteristics of an operating system that applications need to specify, for example, when interfacing with the operating system (e.g., provided by Microsoft Windows, different versions of UNIX). A programmer utilizes these APIs in developing applications that can operate effectively and efficiently on the platform chosen.
58
Application proxy
A service that connects programs running on internal networks to services on exterior networks by creating two connections, one from the requesting client and another to the destination service.
59
Application security
Refers to the security aspects supported by the application, primarily with regard to the roles or
responsibilities and audit trails within the applications
60
Application Service Provider (ASP)
Also known as managed service provider (MSP), it deploys, hosts and manages access to a packaged application to multiple parties from a centrally managed facility.
Scope Note: The applications are delivered over networks on a subscription basis.
61
Application software
| tracing and mapping
Specialized tools that can be used to analyze the flow of data through the processing logic of the application software and document the logic, paths, control conditions and processing sequences
Scope Note: Both the command language or job control statements and programming language can be analyzed. This technique includes program/system: mapping, tracing, snapshots, parallel simulations and code comparisons.
62
Application System
An integrated set of computer programs designed to serve a particular function that has specific input, processing and output activities
Scope Note: Examples include general ledger, manufacturing resource planning and human resource (HR) management.
63
Architecture
Description of the fundamental underlying design of the components of the business system, or of
one element of the business system (e.g., technology), the relationships among them, and the manner in which they support enterprise objectives
64
Architecture Board
A group of stakeholders and experts who are accountable for guidance on enterprise‐architecture‐ related matters and decisions, and for setting architectural policies and standards.
Scope Note: COBIT 5 perspective
65
Arithmetic Logic Unit (ALU)
The area of the central processing unit (CPU) that performs mathematical and analytical operations
66
Artifical Intelligence (AI)
Advanced computer systems that can simulate human capabilities, such as analysis, based on a
predetermined set of rules.
67
ASCII
Representing 128 characters, the American Standard Code for Information Interchange (ASCII) code
normally uses 7 bits. However, some variations of the ASCII code set allow 8 bits. This 8‐bit ASCII code allows 256 characters to be represented.
68
Assembler
A program that takes as input a program written in assembly language and translates it into machine
code or machine language
69
Assembly Language
A low‐level computer programming language which uses symbolic code and produces machine
instructions
70
Assertion
Any formal declaration or set of declarations about the subject matter made by management.
Scope Note: Assertions should usually be in writing and commonly contain a list of specific attributes about the subject matter or about a process involving the subject matter.
71
Assessment
A broad review of the different aspects of a company or function that includes elements not covered by a structured assurance initiative.
Scope Note: May include opportunities for reducing the costs of poor quality, employee perceptions on quality
aspects, proposals to senior management on policy, goals, etc.
72
Asset
Something of either tangible or intangible value that is worth protecting, including people,
information, infrastructure, finances and reputation
73
Assurance
Pursuant to an accountable relationship between two or more parties, an IT audit and assurance professional is
engaged to issue a written communication expressing a conclusion about the subject matters for which the
accountable party is responsible. Assurance refers to a number of related activities designed to provide the reader or user of the report with a level of assurance or comfort over the subject matter.
Scope Note: Assurance engagements could include support for audited financial statements, reviews of controls, compliance with required standards and practices, and compliance with agreements, licenses, legislation and regulation.
74
Assurance engagement
An objective examination of evidence for the purpose of providing an assessment on risk management, control or
governance processes for the enterprise.
Scope Note: Examples may include financial, performance, ccoommpplliiaannccee and system security engagements
75
Assurance initiative
An objective examination of evidence for the purpose of providing an assessment on risk management, control or governance processes for the enterprise.
Scope Note: Examples may include financial, performance, compliance and system security engagements.
76
```
Asymmetric key (public
key)
```
A cipher technique in which different cryptographic keys are used to encrypt and decrypt a message
Scope Note: See Public key encryption.
77
Asynchronous Transfer
| Mode (ATM)
A high‐bandwidth low‐delay switching and multiplexing technology that allows integration of real‐ time voice and video as well as data. It is a data link layer protocol.
Scope Note: ATM is a protocol‐independent transport mechanism. It allows high‐speed data transfer rates at up to 155 Mbit/s.
The acronym ATM should not be confused with the alternate usage for ATM, which refers to an automated teller machine.
78
Asynchronous
| transmission
Character‐at‐a‐time transmission
79
Attack
An actual occurrence of an adverse event
80
Attack Mechanism
A method used to deliver the exploit. Unless the attacker is personally performing the attack, an attack mechanism may involve a payload, or container, that delivers the exploit to the target.
81
Attack vector
A path or route used by the adversary to gain access to the target (asset)
Scope Note: There are two types of attack vectors: ingress and egress (also known as data exfiltration)
82
Attenuation
Reduction of signal strength during transmission
83
Attest reporting
| engagement
An engagement in which an IS auditor is engaged to either examine management’s assertion regarding a particular subject matter or the subject matter directly
Scope Note: The IS auditor’s report consists of an opinion on one of the following: The subject matter. These reportsrelate directly to the subject matter itself rather than to an assertion.
In certain situations management will not be able
to make an assertion over the subject of the engagement. An example of this situation is when IT services are outsourced to third party.
Management will not ordinarily be able to make an assertion over the controls that the third party is responsible for. Hence, an IS auditor would have to report directly on the subject matter rather than
on an assertion.
84
Attitude
Way of thinking, behaving, feeling, etc
85
Attribute Sampling
Method to select a portion of a population based on the presence or absence of a certain
characteristic
86
Audit
Formal inspection and verification to check whether a standard or set of guidelines is being followed, records are accurate, or efficiency and effectiveness targets are being met.
Scope Note: May be carried out by internal or external groups
87
Audit accountability
Performance measurement of service delivery including cost, timeliness and quality against agreed
service levels
88
Audit Authourity
A statement of the position within the enterprise, including lines of reporting and the rights of
access
89
Audit Charter
A document approved by those charged with governance that defines the purpose, authority and responsibility of the
internal audit activity
Scope Note: The charter should:
‐ Establish the internal audit funtion’s position within the enterprise
‐ Authorise access to records, personnel and physical properties relevant to the performance of IS audit and assurance engagements.
Define the scope of audit function’s activities
90
Audit Engagement
A specific audit assignment or review activity, such as an audit, control self‐assessment review, fraud examination or consultancy.
Scope Note: An audit engagement may include multiple tasks or activities designed to accomplish a specific set of related objectives.
91
Audit Evidence
The information used to support the audit opinion
92
Audit Expert Systems
Expert or decision support systems that can be used to assist IS auditors in the decision‐making process by automating the knowledge of experts in the field
Scope Note: This technique includes automated risk analysis, systems software and control objectives software packages.
93
Audit Objective
The specific goal(s) of an audit
| Scope Note: These often center on substantiating the existence of internal controls to minimize business risk.
94
Audit Plan
1. A plan containing the nature, timing and extent of audit procedures to be performed by engagement team members in order to obtain sufficient appropriate audit evidence to form an opinion.
Scope Note: Includes the areas to be audited, the type of work planned, the high‐level objectives and scope of the work, and topics such as budget, resource allocation, schedule dates, type of report and its intended audience and other general aspects of the work.
2. A high‐level description of the audit work to be performed in a certain period of time
95
Audit Programme
A step‐by‐step set of audit procedures and instructions that should be performed to complete an
audit
96
Audit Responsibility
The roles, scope and objectives documented in the service level agreement (SLA) between
management and audit
97
Audit Risk
The risk of reaching an incorrect conclusion based upon audit findings.
Scope Note: The three components of audit risk are:
‐ Control risk
‐ Detection risk
‐ Inherent risk
98
Audit Sampling
The application of audit procedures to less than 100 percent of the items within a population to
obtain audit evidence about a particular characteristic of the population
99
Audit Subject Matter Risk
Risk relevant to the area under review:
‐ Business risk (customer capability to pay, credit worthiness, market factors, etc.)
‐ Contract risk (liability, price, type, penalties, etc.)
‐ Country risk (political, environment, security, etc.)
‐ Project risk (resources, skill set, methodology, product stability, etc.)
‐ Technology risk (solution, architecture, hardware and software infrastructure network, delivery channels, etc.)
Scope Note: See inherent risk
100
Audit Trail
A visible trail of evidence enabling one to trace information contained in statements or reports back
to the original input source
101
Audit Universe
An inventory of audit areas that is compiled and maintained to identify areas for audit during the audit planning process.
Scope Note: Traditionally, the list includes all financial and key operational systems as well as other units that would be audited as part of the overall cycle of planned work. The audit universe serves as the source from which the annual audit schedule is prepared. The universe will be periodically revised to reflect changes in the overall risk profile.
102
Auditability
The level to which transactions can be traced and audited through a system
103
Auditable Unit
Subjects, units or systems that are capable of being defined and evaluated.
Scope Note: Auditable units may include:
‐Policies, procedures and practices
‐Cost centers, profit centers and investment centers
‐General ledger account balances
‐Information systems (manual and computerized)
‐Major contracts and programs
‐Organizational units, such as product or service lines
‐Functions, such as information technology (IT), purchasing, marketing, production, finance, accounting and human
resources (HR)
‐Transaction systems for activities, such as sales, collection, purchasing, disbursement, inventory and cost accounting,
production, treasury, payroll, and capital assets
‐Financial statements
‐Laws and regulations
104
Auditor's Opinion
A formal statement expressed by the IS audit or assurance professional that describes the scope of the audit, the procedures used to produce the report and whether or not the findings support that the audit criteria have been met.
Scope Note: The types of opinions are:
‐ Unqualified opinion: Notes no exceptions or none of the exceptions noted aggregate to a significant deficiency
‐ Qualified opinion: Notes exceptions aggregated to a significant deficiency (but not a material weakness)
‐ Adverse opinion: Notes one or more significant deficiencies aggregating to a material weakness
105
Authentication
1. The act of verifying identity (i.e., user, system)
Scope Note: Risk: Can also refer to the verification of the correctness of a piece of data
2. The act of verifying the identity of a user and the user’s eligibility to access computerized information
Scope Note: Assurance: Authentication is designed to protect against fraudulent logon activity. It can also refer to the verification of the correctness of a piece of data.
106
Authenticity
Undisputed Authourship
107
Automated application
| controls
Controls that have been programmed and embedded within an application
108
Availability
Ensuring timely and reliable access to and use of information
109
Awareness
Being acquainted with, mindful of, conscious of and well informed on a specific subject, which
implies knowing and understanding a subject and acting accordingly
110
Back Door
A means of regaining access to a compromised system by installing software or configuring existing
software to enable remote access under attacker‐defined conditions
111
Back Bone
The main communication channel of a digital network. The part of the network that handles the majority of the traffic.
112
Back Up
Files, equipment, data and procedures available for use in the event of a failure or loss, if the originals are destroyed or out of service.
113
Backup centre
An Alternative facility to continue IS/IT operations when the primary data processing centre is unavailable.
114
Badge
A card (or other devices) that is presented or displayed to obtain access to an otherwise restricted facility as a symbol of authority.
115
Balanced Score Card (BSC)
A coherent set of performance measures organised into four categories.
116
Balanced Score Card (BSC) Categories
```
4x Categories:
financial measures
customer business processes
internal business processes
learning perspectives
growth perspectives
```
117
Bandwidth
The range between the highest and lowest transmittable frequencies. measured in bytes per second or Hertz (cycles) per second.
118
Bar Code
A printed machine-readable code that consists of parallel bars of varied width and spacing.
119
Base 58 encoding
Base58 Encoding is a binary‐to ‐text encoding process that converts long bit sequences into alphanumeric text
120
Base 64 encoding
Base64 Encoding is a binary
| ‐to ‐text encoding process that converts long bit sequences into alphanumeric text
121
Base Case
A standardised body of data created for testing purposes.
122
BaseBand
A form of modulation in which data signals are pulsed directly on the transmission medium without frequency division and usually utilises a transceiver.
123
Baseline Architecture
The existing description of the fundamental underlying design of the components of the business system before entering a cycle of architecture review and design (Cobit 5 perspective)
124
Bastion
A System that is heavily fortified against attack.
125
Batch Control
Correctness checks built into data processing systems and applied to batches of input data, particularly in the data preparation stage.
126
The 2 forms of Batch Control ?
Sequence control, which involves numbering the records in a batch consecutively so that the presence of each record can be confirmed; and control total, which is a total of the values in selected fields within the transactions.
127
Batch Processing
The processing of a group of transactions at the same time.
128
Baud Rate
The rate of transmission for telecommunications data, expressed in bits per second (bps)
129
Benchmark
A systematic approach to comparing enterprise performance against peers and competitors in an effort to learn the best ways of conducting business.
130
Benefit
In business an outcomes whose nature and value (expressed in various ways) are considered advantageous by an enterprise.
131
Benefits Realisation
One of the objectives of governance. The bring about of new benefits for the enterprise, the maintenance and extension of existing forms of benefits, and the elimination of those initiatives and assets that are not creating sufficient value.
132
Binary Code
A code whose representation is a 1 or 0
133
Biometric locks
Doors and entry locks that are activated by such biometric features as voice, eye, retina or fingerprint.
134
Biometrics
A security technique that verifies an individuals identity by analyzing a unique physical attribute.
135
Bit-stream image
Bit‐stream backups, also referred to as mirror image backups, involve the backup of all areas of a computer hard disk drive or other types of storage media. This is an exact replicate of all sectors.
136
Blackbox testing
A testing approach that focuses on the functionality of the application or product. It does not require knowledge of the code.
137
Blockchain
A distributed, protected journaling and ledger system. Use of blockchain technologies can enable anything from digital Blockchain currency (e.g. Bitcoin) to any other value‐bearning transaction.
138
Block Cipher
A public algorithm that operates on plain text in blocks (strings or groups) of bits.
139
Botnet
A term derived from “robot network;” is a large automated and distributed network of previously compromised computers that can be simultaneously controlled to launch large‐scale attacks such as
a denial‐of‐service attack on selected victims
140
Boundary
Logical and Physical controls used to define the perimeter between the organisation and the outside world.
141
Bridge
Datalink Layer device designed to connect two local area networks or create two separate network segments (either LAN or WAN) to reduce collision domains.
142
Bring Your Own Device (BYOD)
An enterprise policy used to permit partial or full integration of user‐owned mobile devices for business purposes.
143
Broadband
Multiple channels are formed by dividing the transmission medium into discrete frequency segments.
Scope Note: Broadband generally requires the use of a modem.
144
Broadcast
A method to distribute information to multiple recipients simultaneously.
145
Brouter
A device that performs the function of a both a bridge and a router. (Datalink and network)
146
Browser
A computer program that enables the user to retrieve information that has been made publicly available on the Internet; also, that permits multimedia (graphics) applications on the World Wide Web
147
Brute force
A class of algorithms that repeatedly try all possible combinations until a solution is found.
148
Brute force attack
Repeatedly trying all possible combinations of passwords or encryption keys until the correct one is found.
149
Budget
Estimated cost and revenue amounts for a given range of periods and set of books.
cope Note: There can be multiple budget versions for the same set of books.
150
Budget Formula
A mathematical expression used to calculate budget amounts based on actual results, other budget amounts and statistics.
151
Budget Hierarchy
A group of budgets linked together at different levels such that the budgeting authority of a lower‐ level budget is controlled by an upper‐level budget
152
Budget Organisation
An entity (department, cost center, division or other group) responsible for entering and maintaining budget data
153
Buffer
Memory reserved to temporarily hold data to offset differences between the operating speeds of different devices, such as a printer and a computer
154
Buffer Overflow
Occurs when a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold.
155
Bulk Data Transfer
A data recovery strategy that includes a recovery from complete backups that are physically shipped offsite once a week.
156
Bus
Common Path or channel between hardware devices. Either between components on a computer, or between external computers on a communcations network.
157
Bus Configuration
All devices (nodes) are linked along one communication line where transmissions are received by all attached nodes.
158
Business Balanced score card.
A tool for managing organizational strategy that uses weighted measures for the areas of financial performance (lag) indicators, internal operations, customer measurements, learning and growth
(lead) indicators, combined to rate the enterprise
159
Business case
Documentation of the rationale for making a business investment, used both to support a business decision on whether to proceed with the investment and as an operational tool to support
management of the investment through its full economic life cycle
160
Business Continuity
Preventing, mitigating and recovering from disruption
161
Business Continuity Plan (BCP)
A plan used by an enterprise to respond to disruption of critical business processes. Depends on the contingency plan for restoration of critical systems.
162
Business Control
The policies, procedures, practices and organizational structures designed to provide reasonable assurance that the business objectives will be achieved and undesired events will be prevented or detected
163
Business dependency assessment
A process of identifying resources critical to the operation of a business process
164
Business Function
An activity that an enterprise does, or needs to do, to achieve its objectives
165
Business Goal
The translation of the enterprise's mission from a statement of intention into performance targets and results
166
Business Impact Analysis
The translation of the enterprise's mission from a statement of intention into performance targets and results.
167
Business impact analysis/assessment (BIA)
Evaluating the criticality and sensitivity of information assets.
An exercise that determines the impact of losing the support of any resource to an enterprise, establishes the escalation of that loss over time, identifies the minimum resources needed to recover, and prioritizes the recovery of processes and the supporting system
168
Business Interruption
Any event, whether anticipated (i.e., public service strike) or unanticipated (i.e., blackout) that disrupts the normal course of business operations at an enterprise
169
Business Model for Information Security (BMIS)
A holistic and business‐oriented model that supports enterprise governance and management information security, and provides a common language for information security professionals and
business management
170
Business Objective
A further development of the business goals into tactical targets and desired results and outcomes
171
Business Process
An inter‐related set of cross‐functional activities or events that result in the delivery of a specific product or service to a customer.
172
Business Process Control
The policies, procedures, practices and organizational structures designed to provide reasonable assurance that a business process will achieve its objectives.
173
Business Process Integrity
Controls over the business processes that are supported by the enterprise resource planning system (ERP)
174
Business Process owner
The individual responsible for identifying process requirements, approving process design and managing process performance
175
Business Process re-engineering
The thorough analysis and significant redesign of business processes and management systems to establish a better performing structure, more responsive to the customer base and market
conditions, while yielding material cost savings
176
Business Risk
A probable situation with uncertain frequency and magnitude of loss (or gain)
177
Business Service Provider
An application service provider (ASP) that also provides outsourcing of business processes such as payment processing, sales order processing and application development
178
Business Sponsor
The individual accountable for delivering the benefits and value of an IT‐enabled business investment program to the enterprise
179
Business-to-Business
Transactions in which the acquirer is an enterprise or an individual operating in the ambits of his/her professional activity. In this case, laws and regulations related to consumer protection are not applicable.
180
Business-to-consumer
Selling processes in which the involved parties are the enterprise, which offers goods or services, and a consumer. In this case there is comprehensive legislation that protects the consume
181
Business‐to‐consumer e‐commerce (B2C)
Refers to the processes by which enterprises conduct business electronically with their customers and/or public at large using the Internet as the enabling technology
182
Cadbury
The Committee on the Financial Aspects of Corporate Governance, set up in May 1991 by the UK Financial Reporting Council, the London Stock Exchange and the UK accountancy profession, was chaired by Sir Adrian Cadbury and produced a report on the subject commonly known in the UK as
the Cadbury Report.
