Flashcards in Glossary- P Deck (68):
A WAN technology where communications between endpoints takes place over a stream of packets that are routed through switches until they reach their destination.
An actual test of disaster recovery (DR) and/or business continuity re- sponse plans. The purpose of a parallel test is to evaluate the ability of personnel to follow directives in emergency response plans—to actually set up the DR business pro- cessing or data processing capability. In a parallel test, personnel operate recovery sys- tems in parallel with production systems to compare the results between the two in order to determine the actual capabilities of recovery systems.
An identifier that is created by a system manager or a user; a secret combina- tion of letters, numbers, and other symbols that is known only to the user who uses it.
The characteristics required of user account passwords. For ex- ample, a password may not contain dictionary words and must contain uppercase let- ters, lowercase letters, numbers, and symbols.
The minimum and maximum number of characters permitted for a password that is associated with a computer account.
The process of changing a user account password and unlocking the user account so that the user’s use of the account may resume.
The act of reusing a prior password for a user account. Some infor- mation systems can prevent the use of prior passwords in case any were compromised with or without the user’s knowledge.
The process of storing a password in a secure location for later use.
The process of identifying, analyzing, and applying patches (in-
cluding security patches) to systems.
Payment Card Industry Data Security Standard (PCI-DSS)
A security standard whose objective is the protection of credit card numbers in storage, while processed, and while transmitted. The standard was developed by the Payment Card Industry, a consortium of credit card companies, including VISA, MasterCard, American Express, Discover, and JCB.
A process where an employer evaluates the performance of each employee for the purpose of promotion, salary increase, bonus, or retention.
personal area network (PAN)
A network that is generally used by a single individual and is usually limited to about three meters in size.
personal digital assistant (PDA)
A mobile device that is similar to a smart phone in size and features, but which lacks the mobile phone component.
A social engineering attack on unsuspecting individuals where e-mail mes- sages that resemble official communications entice victims to visit imposter websites that contain malware or request credentials to sensitive or valuable assets.
Layer 1 of the OSI network model. See also OSI network model.
Controls that employ physical means.
physical network architecture
The part of network architecture concerned with the physical locations of network equipment and network media.
plain old telephone service (POTS)
Another name for the public-switched tele-
phone network (PSTN). See also public-switched telephone network (PSTN).
An original message, file, or stream of data that can be read by anyone who
has access to it.
point-to-point protocol (PPP)
A network protocol used to transport TCP/IP packets over point-to-point serial connections (usually RS-232 and dial-up connections).
A statement that specifies what must be done (or not done) in an organiza- tion. A policy usually defines who is responsible for monitoring and enforcing it.
The different ways in which an object may behave, depending upon the data that is passed to it. See also object.
A complete set of entities, transactions, or events that are the subject of an audit.
Post Office Protocol (POP)
A TCP/IP application layer protocol that is used to re- trieve e-mail messages from an e-mail server.
power distribution unit (PDU)
A device that distributes electric power to a com- puter room or data center.
A fire sprinkler system used in areas with high-value contents such as data centers. A pre-action system is essentially a dry pipe system until a “preceding” event such as a smoke detector alarm occurs; at this time, the system is filled with water and essentially converts in real time to a wet pipe system. Then, if the ambient temperature at any of the sprinkler heads is high enough, those fuses break, releasing water to extin- guish the fire. See also fire sprinkler system.
An examination of business processes, controls, and records in anticipation of an upcoming audit.
A measure of how closely a sample represents the entire population.
Layer 6 of the OSI network model. See also OSI network model.
An action that is initiated to prevent an undesired event or condition.
A control that is used to prevent unwanted events from happening.
One of the fields in a table in a relational database management system (rDBMS) whose values are unique for each record (row). See also relational database management system, table, row, and field.
A server that is used to coordinate printing to shared printers.
The protection of personal information from unauthorized disclosure, use, and distribution.
A policy statement that defines how an organization will protect, man- age, and handle private information.
Formal statements that describe required privacy safeguards that a system must support.
An IP address that falls into one of the following ranges: 10.0.0.0– 10.255.255.255, 172.16.0.0–172.31.255.255, or 192.168.0.0–192.168.255.255. Pack- ets with a private address destination cannot be transported over the global Internet.
The analysis of a threat and the probability of its realization.
An incident—often multiple incidents—that exhibits common symptoms
and whose root cause is not known.
The IT function that analyzes chronic incidents and seeks to resolve them, and also enacts proactive measures in an effort to avoid problems. See also IT service management.
A written sequence of instructions used to complete a task.
A collection of one or more procedures used to perform a business function.
See also procedure.
A logical container in an operating system in which a program executes.
A basic feature of an operating system that prevents one process from accessing the resources used by another process.
Controls that ensure the correct processing of information.
An organization of many large, complex activities; it can be thought of as a
set of projects that work to fulfill one or more key business objectives or goals.
A formal definition of the objectives of a program, its main time- lines, sources of funding, the names of its principal leaders and managers, and the busi- ness executive(s) who are sponsoring the program.
The management of a group of projects that exist to fulfill a business goal or objective.
programmable read-only memory (PROM)
A form of permanent memory that can- not be modified.
A vocabulary and set of rules used to construct a human- readable computer program.
A coordinated and managed sequence of tasks that results in the realization of an objective or goal.
project change management
The process of controlling a project plan and budget through formal reviews of changes.
project evaluation and review technique (PERT)
A visual representation of a project plan that shows project tasks, timelines, and dependencies.
The activities that are used to control, measure, and manage the activities in a project.
project management body of knowledge (PMBOK)
A project management guide that defines the essentials of project management.
The chart of tasks in a project, which also includes start and completion dates, resources required, and dependencies and relationships between tasks.
The activities that are related to the development and management of a project.
The chart of tasks in a project with their expected start and comple- tion dates.
PRojects IN Controlled Environments 2 (PRINCE2)
A project management frame- work.
proof of concept
A method for demonstrating the ability to build or implement complex systems through the use of simpler models.
A device that is connected to a network in order to view network communications at a detailed level.
A standard that specifies the protocols used by the IT organization.
An alternative software development process where rapidly developed
application prototypes are developed with user input and continuous involvement.
A device or system used to control end-user access to Internet websites.
public key cryptography
See asymmetric encryption.
public key infrastructure
A centralized function that is used to store and publish public keys and other information.