Glossary- P Flashcards Preview

CISA > Glossary- P > Flashcards

Flashcards in Glossary- P Deck (68):
1

packet switched

A WAN technology where communications between endpoints takes place over a stream of packets that are routed through switches until they reach their destination.

2

parallel test

An actual test of disaster recovery (DR) and/or business continuity re- sponse plans. The purpose of a parallel test is to evaluate the ability of personnel to follow directives in emergency response plans—to actually set up the DR business pro- cessing or data processing capability. In a parallel test, personnel operate recovery sys- tems in parallel with production systems to compare the results between the two in order to determine the actual capabilities of recovery systems.

3

password

An identifier that is created by a system manager or a user; a secret combina- tion of letters, numbers, and other symbols that is known only to the user who uses it.

4

password complexity

The characteristics required of user account passwords. For ex- ample, a password may not contain dictionary words and must contain uppercase let- ters, lowercase letters, numbers, and symbols.

5

password length

The minimum and maximum number of characters permitted for a password that is associated with a computer account.

6

password reset

The process of changing a user account password and unlocking the user account so that the user’s use of the account may resume.

7

password reuse

The act of reusing a prior password for a user account. Some infor- mation systems can prevent the use of prior passwords in case any were compromised with or without the user’s knowledge.

8

password vaulting

The process of storing a password in a secure location for later use.

9

patch management

The process of identifying, analyzing, and applying patches (in-
cluding security patches) to systems.

10

Payment Card Industry Data Security Standard (PCI-DSS)

A security standard whose objective is the protection of credit card numbers in storage, while processed, and while transmitted. The standard was developed by the Payment Card Industry, a consortium of credit card companies, including VISA, MasterCard, American Express, Discover, and JCB.

11

performance evaluation

A process where an employer evaluates the performance of each employee for the purpose of promotion, salary increase, bonus, or retention.

12

personal area network (PAN)

A network that is generally used by a single individual and is usually limited to about three meters in size.

13

personal digital assistant (PDA)

A mobile device that is similar to a smart phone in size and features, but which lacks the mobile phone component.

14

phishing

A social engineering attack on unsuspecting individuals where e-mail mes- sages that resemble official communications entice victims to visit imposter websites that contain malware or request credentials to sensitive or valuable assets.

15

physical

Layer 1 of the OSI network model. See also OSI network model.

16

physical control

Controls that employ physical means.

17

physical network architecture

The part of network architecture concerned with the physical locations of network equipment and network media.

18

piggybacking

See tailgating.

19

plain old telephone service (POTS)

Another name for the public-switched tele-
phone network (PSTN). See also public-switched telephone network (PSTN).

20

plaintext

An original message, file, or stream of data that can be read by anyone who
has access to it.

21

point-to-point protocol (PPP)

A network protocol used to transport TCP/IP packets over point-to-point serial connections (usually RS-232 and dial-up connections).

22

policy

A statement that specifies what must be done (or not done) in an organiza- tion. A policy usually defines who is responsible for monitoring and enforcing it.

23

polymorphism

The different ways in which an object may behave, depending upon the data that is passed to it. See also object.

24

population

A complete set of entities, transactions, or events that are the subject of an audit.

25

Post Office Protocol (POP)

A TCP/IP application layer protocol that is used to re- trieve e-mail messages from an e-mail server.

26

power distribution unit (PDU)

A device that distributes electric power to a com- puter room or data center.

27

pre-action

A fire sprinkler system used in areas with high-value contents such as data centers. A pre-action system is essentially a dry pipe system until a “preceding” event such as a smoke detector alarm occurs; at this time, the system is filled with water and essentially converts in real time to a wet pipe system. Then, if the ambient temperature at any of the sprinkler heads is high enough, those fuses break, releasing water to extin- guish the fire. See also fire sprinkler system.

28

pre-audit

An examination of business processes, controls, and records in anticipation of an upcoming audit.

29

precision

A measure of how closely a sample represents the entire population.

30

presentation

Layer 6 of the OSI network model. See also OSI network model.

31

preventive action

An action that is initiated to prevent an undesired event or condition.

32

preventive control

A control that is used to prevent unwanted events from happening.

33

primary key

One of the fields in a table in a relational database management system (rDBMS) whose values are unique for each record (row). See also relational database management system, table, row, and field.

34

print server

A server that is used to coordinate printing to shared printers.

35

privacy

The protection of personal information from unauthorized disclosure, use, and distribution.

36

privacy policy

A policy statement that defines how an organization will protect, man- age, and handle private information.

37

privacy requirements

Formal statements that describe required privacy safeguards that a system must support.

38

private address

An IP address that falls into one of the following ranges: 10.0.0.0– 10.255.255.255, 172.16.0.0–172.31.255.255, or 192.168.0.0–192.168.255.255. Pack- ets with a private address destination cannot be transported over the global Internet.

39

probability analysis

The analysis of a threat and the probability of its realization.

40

problem

An incident—often multiple incidents—that exhibits common symptoms
and whose root cause is not known.

41

problem management

The IT function that analyzes chronic incidents and seeks to resolve them, and also enacts proactive measures in an effort to avoid problems. See also IT service management.

42

procedure

A written sequence of instructions used to complete a task.

43

process

A collection of one or more procedures used to perform a business function.
See also procedure.

44

process

A logical container in an operating system in which a program executes.

45

process isolation

A basic feature of an operating system that prevents one process from accessing the resources used by another process.

46

processing controls

Controls that ensure the correct processing of information.

47

program

An organization of many large, complex activities; it can be thought of as a
set of projects that work to fulfill one or more key business objectives or goals.

48

program charter

A formal definition of the objectives of a program, its main time- lines, sources of funding, the names of its principal leaders and managers, and the busi- ness executive(s) who are sponsoring the program.

49

program management

The management of a group of projects that exist to fulfill a business goal or objective.

50

programmable read-only memory (PROM)

A form of permanent memory that can- not be modified.

51

programming language

A vocabulary and set of rules used to construct a human- readable computer program.

52

project

A coordinated and managed sequence of tasks that results in the realization of an objective or goal.

53

project change management

The process of controlling a project plan and budget through formal reviews of changes.

54

project evaluation and review technique (PERT)

A visual representation of a project plan that shows project tasks, timelines, and dependencies.

55

project management

The activities that are used to control, measure, and manage the activities in a project.

56

project management body of knowledge (PMBOK)

A project management guide that defines the essentials of project management.

57

project plan

The chart of tasks in a project, which also includes start and completion dates, resources required, and dependencies and relationships between tasks.

58

project planning

The activities that are related to the development and management of a project.

59

project schedule

The chart of tasks in a project with their expected start and comple- tion dates.

60

PRojects IN Controlled Environments 2 (PRINCE2)

A project management frame- work.

61

proof of concept

A method for demonstrating the ability to build or implement complex systems through the use of simpler models.

62

protocol analyzer

A device that is connected to a network in order to view network communications at a detailed level.

63

protocol standard

A standard that specifies the protocols used by the IT organization.

64

prototyping

An alternative software development process where rapidly developed
application prototypes are developed with user input and continuous involvement.

65

proxy server

A device or system used to control end-user access to Internet websites.

66

public key cryptography

See asymmetric encryption.

67

public key infrastructure

A centralized function that is used to store and publish public keys and other information.

68

public-switched telephone network (PSTN)

The common carrier-switched tele- phone network used to carry voice telephone calls over landlines.