Glossary- P

Question 1

packet switched

Answer 1

A WAN technology where communications between endpoints takes place over a stream of packets that are routed through switches until they reach their destination.

Question 2

parallel test

Answer 2

An actual test of disaster recovery (DR) and/or business continuity re- sponse plans. The purpose of a parallel test is to evaluate the ability of personnel to follow directives in emergency response plans—to actually set up the DR business pro- cessing or data processing capability. In a parallel test, personnel operate recovery sys- tems in parallel with production systems to compare the results between the two in order to determine the actual capabilities of recovery systems.

Question 3

password

Answer 3

An identifier that is created by a system manager or a user; a secret combina- tion of letters, numbers, and other symbols that is known only to the user who uses it.

Question 4

password complexity

Answer 4

The characteristics required of user account passwords. For ex- ample, a password may not contain dictionary words and must contain uppercase let- ters, lowercase letters, numbers, and symbols.

Question 5

password length

Answer 5

The minimum and maximum number of characters permitted for a password that is associated with a computer account.

Question 6

password reset

Answer 6

The process of changing a user account password and unlocking the user account so that the user’s use of the account may resume.

Question 7

password reuse

Answer 7

The act of reusing a prior password for a user account. Some infor- mation systems can prevent the use of prior passwords in case any were compromised with or without the user’s knowledge.

Question 8

password vaulting

Answer 8

The process of storing a password in a secure location for later use.

Question 9

patch management

Answer 9

The process of identifying, analyzing, and applying patches (in-
cluding security patches) to systems.

Question 10

Payment Card Industry Data Security Standard (PCI-DSS)

Answer 10

A security standard whose objective is the protection of credit card numbers in storage, while processed, and while transmitted. The standard was developed by the Payment Card Industry, a consortium of credit card companies, including VISA, MasterCard, American Express, Discover, and JCB.

Question 11

performance evaluation

Answer 11

A process where an employer evaluates the performance of each employee for the purpose of promotion, salary increase, bonus, or retention.

Question 12

personal area network (PAN)

Answer 12

A network that is generally used by a single individual and is usually limited to about three meters in size.

Question 13

personal digital assistant (PDA)

Answer 13

A mobile device that is similar to a smart phone in size and features, but which lacks the mobile phone component.

Question 14

phishing

Answer 14

A social engineering attack on unsuspecting individuals where e-mail mes- sages that resemble official communications entice victims to visit imposter websites that contain malware or request credentials to sensitive or valuable assets.

Question 15

physical

Answer 15

Layer 1 of the OSI network model. See also OSI network model.

Question 16

physical control

Answer 16

Controls that employ physical means.

Question 17

physical network architecture

Answer 17

The part of network architecture concerned with the physical locations of network equipment and network media.

Question 18

piggybacking

Answer 18

See tailgating.

Question 19

plain old telephone service (POTS)

Answer 19

Another name for the public-switched tele-
phone network (PSTN). See also public-switched telephone network (PSTN).

Question 20

plaintext

Answer 20

An original message, file, or stream of data that can be read by anyone who
has access to it.

Question 21

point-to-point protocol (PPP)

Answer 21

A network protocol used to transport TCP/IP packets over point-to-point serial connections (usually RS-232 and dial-up connections).

Question 22

policy

Answer 22

A statement that specifies what must be done (or not done) in an organiza- tion. A policy usually defines who is responsible for monitoring and enforcing it.

Question 23

polymorphism

Answer 23

The different ways in which an object may behave, depending upon the data that is passed to it. See also object.

Question 24

population

Answer 24

A complete set of entities, transactions, or events that are the subject of an audit.

Question 25

Post Office Protocol (POP)

Answer 25

A TCP/IP application layer protocol that is used to re- trieve e-mail messages from an e-mail server.

Question 26

power distribution unit (PDU)

Answer 26

A device that distributes electric power to a com- puter room or data center.

Question 27

pre-action

Answer 27

A fire sprinkler system used in areas with high-value contents such as data centers. A pre-action system is essentially a dry pipe system until a “preceding” event such as a smoke detector alarm occurs; at this time, the system is filled with water and essentially converts in real time to a wet pipe system. Then, if the ambient temperature at any of the sprinkler heads is high enough, those fuses break, releasing water to extin- guish the fire. See also fire sprinkler system.

Question 28

pre-audit

Answer 28

An examination of business processes, controls, and records in anticipation of an upcoming audit.

Question 29

precision

Answer 29

A measure of how closely a sample represents the entire population.

Question 30

presentation

Answer 30

Layer 6 of the OSI network model. See also OSI network model.

Question 31

preventive action

Answer 31

An action that is initiated to prevent an undesired event or condition.

Question 32

preventive control

Answer 32

A control that is used to prevent unwanted events from happening.

Question 33

primary key

Answer 33

One of the fields in a table in a relational database management system (rDBMS) whose values are unique for each record (row). See also relational database management system, table, row, and field.

Question 34

print server

Answer 34

A server that is used to coordinate printing to shared printers.

Question 35

privacy

Answer 35

The protection of personal information from unauthorized disclosure, use, and distribution.

Question 36

privacy policy

Answer 36

A policy statement that defines how an organization will protect, man- age, and handle private information.

Question 37

privacy requirements

Answer 37

Formal statements that describe required privacy safeguards that a system must support.

Question 38

private address

Answer 38

An IP address that falls into one of the following ranges: 10.0.0.0– 10.255.255.255, 172.16.0.0–172.31.255.255, or 192.168.0.0–192.168.255.255. Pack- ets with a private address destination cannot be transported over the global Internet.

Question 39

probability analysis

Answer 39

The analysis of a threat and the probability of its realization.

Question 40

problem

Answer 40

An incident—often multiple incidents—that exhibits common symptoms and whose root cause is not known.

Question 41

problem management

Answer 41

The IT function that analyzes chronic incidents and seeks to resolve them, and also enacts proactive measures in an effort to avoid problems. See also IT service management.

Question 42

procedure

Answer 42

A written sequence of instructions used to complete a task.

Question 43

process

Answer 43

A collection of one or more procedures used to perform a business function. See also procedure.

Question 44

process

Answer 44

A logical container in an operating system in which a program executes.

Question 45

process isolation

Answer 45

A basic feature of an operating system that prevents one process from accessing the resources used by another process.

Question 46

processing controls

Answer 46

Controls that ensure the correct processing of information.

Question 47

program

Answer 47

An organization of many large, complex activities; it can be thought of as a set of projects that work to fulfill one or more key business objectives or goals.

Question 48

program charter

Answer 48

A formal definition of the objectives of a program, its main time- lines, sources of funding, the names of its principal leaders and managers, and the busi- ness executive(s) who are sponsoring the program.

Question 49

program management

Answer 49

The management of a group of projects that exist to fulfill a business goal or objective.

Question 50

programmable read-only memory (PROM)

Answer 50

A form of permanent memory that can- not be modified.

Question 51

programming language

Answer 51

A vocabulary and set of rules used to construct a human- readable computer program.

Question 52

project

Answer 52

A coordinated and managed sequence of tasks that results in the realization of an objective or goal.

Question 53

project change management

Answer 53

The process of controlling a project plan and budget through formal reviews of changes.

Question 54

project evaluation and review technique (PERT)

Answer 54

A visual representation of a project plan that shows project tasks, timelines, and dependencies.

Question 55

project management

Answer 55

The activities that are used to control, measure, and manage the activities in a project.

Question 56

project management body of knowledge (PMBOK)

Answer 56

A project management guide that defines the essentials of project management.

Question 57

project plan

Answer 57

The chart of tasks in a project, which also includes start and completion dates, resources required, and dependencies and relationships between tasks.

Question 58

project planning

Answer 58

The activities that are related to the development and management of a project.

Question 59

project schedule

Answer 59

The chart of tasks in a project with their expected start and comple- tion dates.

Question 60

PRojects IN Controlled Environments 2 (PRINCE2)

Answer 60

A project management frame- work.

Question 61

proof of concept

Answer 61

A method for demonstrating the ability to build or implement complex systems through the use of simpler models.

Question 62

protocol analyzer

Answer 62

A device that is connected to a network in order to view network communications at a detailed level.

Question 63

protocol standard

Answer 63

A standard that specifies the protocols used by the IT organization.

Question 64

prototyping

Answer 64

An alternative software development process where rapidly developed application prototypes are developed with user input and continuous involvement.

Question 65

proxy server

Answer 65

A device or system used to control end-user access to Internet websites.

Question 66

public key cryptography

Answer 66

See asymmetric encryption.

Question 67

public key infrastructure

Answer 67

A centralized function that is used to store and publish public keys and other information.

Question 68

public-switched telephone network (PSTN)

Answer 68

The common carrier-switched tele- phone network used to carry voice telephone calls over landlines.