Glossary- R Flashcards Preview

CISA > Glossary- R > Flashcards

Flashcards in Glossary- R Deck (60):

race condition

A type of attack where an attacker is attempting to exploit a small window of time that may exist between the time that a resource is requested and when it is available for use.


radio resource control (RRC)

A part of the UTMS WCDMA wireless telecommunica- tions protocol that is used to facilitate the allocation of connections between mobile devices and base stations.


random access memory (RAM)

A type of semiconductor memory usually used for a computer’s main storage.


rapid application development (RAD)

A software development life cycle process characterized by small development teams, prototypes, design sessions with end users, and development tools that integrate data design, data flow, user interface, and proto- typing.


razor wire

Coiled wire with razor-like barbs that may be placed along the top of a fence or wall to prevent or deter passage by unauthorized personnel.


read-only memory (ROM)

An early form of permanent memory that cannot be modified.


reciprocal site

A data center that is operated by another company. Two or more orga- nizations with similar processing needs will draw up a legal contract that obligates one or more of the organizations to temporarily house another party’s systems in the event of a disaster.



Documents describing business events such as meeting minutes, contracts, financial transactions, decisions, purchase orders, logs, and reports.


recovery control

A control that is used after an unwanted event to restore a system or process to its pre-event state.


recovery point objective (RPO)

The time during which recent data will be irretriev- ably lost in a disaster. RPO is usually measured in hours or days.


recovery procedure

Instructions that key personnel use to bootstrap services that support critical business functions identified in the business impact assessment (BIA).


recovery strategy

A high-level plan for the resumption of business operations after a disaster.


recovery time objective (RTO)

The period from the onset of an outage until the re- sumption of service. RTO is usually measured in hours or days.


reduced sign-on

The use of a centralized directory service (such as LDAP or Microsoft Active Directory) for authentication into systems and applications. Users will need to log in to each system and application, using one set of login credentials.


redundant array of independent disks (RAID)

A family of technologies that is used to improve the reliability, performance, or size of disk-based storage systems.


referential integrity

The characteristic of relational database management systems that requires the database management system maintain the parent-child relationships between records in different tables and prohibits activities such as deleting parent re- cords and transforming child records into orphans.


registration authority (RA)

An entity that works within or alongside a certificate au- thority (CA) to accept requests for new digital certificates.


regulatory requirements

Formal statements, derived from laws and regulations, that describe the required characteristics a system must support.


relational database management system (rDBMS)

A database management system that permits the design of a database consisting of one or more tables that can contain fields that refer to rows in other tables. This is currently the most popular type of data- base management system.


release management

The IT function that controls the release of software programs, applications, and environments. See also IT service management.


remote access

A service that permits a user to establish a network connection from a remote location so that the user can access network resources remotely.


remote copy (RCP)

A TCP/IP application layer protocol that is an early file transfer protocol used to copy files or directories from system to system.


remote desktop protocol (RDP)

A proprietary protocol from Microsoft that is used to establish a graphic interface connection with another computer.


remote destruct

The act of commanding a device, such as a laptop computer or mo- bile device, to destroy stored data. Remote destruct is sometimes used when a device is lost or stolen to prevent anyone from being able to read data stored on the device.


remote login (rlogin)

A TCP/IP application layer protocol used to establish a command-line session on a remote system. Like TELNET, rlogin does not encrypt au- thentication or session contents, and has been largely replaced by secure shell (SSH). See also TELNET, secure shell (SSH).


remote procedure call (RPC)

A network protocol that permits an application to ex- ecute a subroutine or procedure on another computer.



An Ethernet network device that receives and retransmits signals on the network.



An audit technique where an IS auditor repeats actual tasks performed by auditees in order to confirm they were performed properly.



An activity where data that is written to a storage system is also copied over a network to another storage system and written. The result is the presence of up- to-date data that exists on two or more storage systems, each of which could be located in a different geographic region.


request for change (RFC)

See change request.


request for proposal (RFP)

A formal process where an organization solicits solution proposals from one or more vendors. The process usually includes formal requirements and desired terms and conditions. It is used to formally evaluate vendor proposals in order to make a selection.



Formal statements that describe required (and desired) characteristics of a system that is to be built or acquired.


residual risk

The risk that remains after being reduced through other risk treatment options.


response document

Required action of personnel after a disaster strikes. Includes business recovery plan, occupant emergency plan, emergency communication plan, contact lists, disaster recovery plan, continuity of operations plan (COOP), and secu- rity incident response plan (SIRP).



A stated expectation of activities and performance.


return on investment (ROI)

The ratio of money gained or lost as compared to an
original investment.


reverse address resolution protocol (RARP)

A TCP/IP link layer protocol that is used by a station that needs to know the IP address that has been assigned to it. RARP has been largely superseded by DHCP. See also Dynamic Host Configuration Protocol (DHCP).


reverse engineering

The process of analyzing a system to see how it functions, usu- ally as a means for developing a similar system. Reverse engineering is usually not per- mitted when it is applied to commercial software programs.


right to audit

A clause in a contract where one party has the right to conduct an audit of the other party’s operations.


ring topology

A network topology where connections are made from one station to the next, in a complete loop.


RISC (reduced instruction set computer)

A central processing unit design that uses a smaller instruction set, which leads to simpler microprocessor design. See also central processing unit.



Generally, the fact that undesired events can happen that may damage property or disrupt operations; specifically, an event scenario that can result in property damage or disruption.


risk acceptance

The risk treatment option where management chooses to accept the risk as-is.


risk analysis

The process of identifying and studying risks in an organization.


risk assessment

A process where risks, in the form of threats and vulnerabilities, are
identified for each asset.


risk avoidance

The risk treatment option involving a cessation of the activity that introduces identified risk.


Risk IT Framework

A risk management model that approaches risk from the enter- prise perspective.


risk management

The management activities used to identify, analyze, and treat risks.


risk mitigation

The risk treatment option involving implementation of a solution
that will reduce an identified risk.


risk transfer

The risk treatment option involving the act of transferring risk to an- other party, such as an insurance company.


risk treatment

The decision to manage an identified risk. The available choices are mitigate the risk, avoid the risk, transfer the risk, or accept the risk.



A set of privileges in an application. Also a formally defined set of work tasks as- signed to an individual.



A step in the software development life cycle where system changes need to be reversed, returning the system to its previous state.



A type of malware that is designed to evade detection.



A device that is used to interconnect two or more networks.


routing information protocol (RIP)

A TCP/IP routing protocol that is used to transmit network routing information from one network router to another in order to determine the most efficient path through a network. RIP is one of the earliest routing protocols and is not used for Internet routing.



A unit of storage in a relational database management system (rDBMS) that con- sists of a single record in a table. See also relational database management system, table.


RPC gateway

A system that facilitates communication through the RPC suite of pro- tocols between components in an application environment.



A standard protocol for sending serial data between computers.



A standard protocol for sending serial data between network devices.