CISA
hub
An Ethernet network device that is used to connect devices to the network. A ___________ can be thought of as a multiport repeater.
repeater
An Ethernet network device that receives and retransmits signals on the network.
bridge
An Ethernet network device used to interconnect two or more Ethernet networks.
private address
An IP address that fall into one of the following ranges: 10.0.0.0-10.255.255.255, 172.31.255.255, or 192.168.0.0-192.168.255.255. Packets with a private address destination cannot be transported over the global Internet.
Customer Relationship Management (CRM)
An IS application used to track the details of the relationships with each of an organization's customers.
ISO/IEC 9660
An ISO/IEC standard file system used on CD-ROM and DVD-ROM media.
ISO/IEC 27002
An ISO/IEC standard for IT security controls.
ISO/IEC 27001
An ISO/IEC standard for IT security management.
ISO/IEC 20000
An ISO/IEC standard for IT service management (ITSM).
ISO/IEC 9000
An ISO/IEC standard for a quality management system.
ISO/IEC 38500
An ISO/IEC standard for corporate governance of information technology.
ISO/IEC 15504
An ISO/IEC standard for evaluating the maturity of a software development process.
ISO/IEC 9126
An ISO/IEC standard for evaluating the quality of software.
indicator of compromise (IoC)
An observation on a network or in an operating system that indicates evidence of a network or computer intrusion.
Universal Disk Format (UDF)
An optical media file system considered a replacement for ISO/IEC 9660.
program
An organization of many large, complex activities; it can be thought of as a set of projects that work to fulfill one or more key business objectives or goals.
Managed Security Service Provider (MSSP)
An organization that provides security monitoring and/or management services for customers.
plaintext
An original message, file, or stream of data that can be read by anyone who has access to it.
disaster
An unexpected and unplanned event that results in the disruption of business operations.
Plain OId Telephone Service (POTS)
Another name for the public-switched telephone network (PSTN).
countermeasure
Any activity or mechanism designed to reduce risk.
access bypass
Any attempt by an intruder to bypass access controls in order to gain entry into a system.
gate process
Any business process that consists of one or more review/ approval gates, which must be completed before the process may continue.
input/output (I/O) device
Any device that can be connected to a computer that enables the computer to send data to the device as well as receive data from the device.
electromagnetic interface (EMI)
Any electric field or magnetic field energy that can potentially interfere with a signal being sent via radiofrequency or over a metallic medium.
Object-Oriented (OO) System Development
Development of information systems using object-oriented languages and tools.
atomicity
The characteristic of a complex transaction whereby it is either performed completely as a single unit or not performed at all.
objectivity
The characteristic of a person that relates to his or her ability to develop an opinion that is not influenced by external pressures.
independence
The characteristic of an auditor and his or her relationship to a party being audited. An auditor should be independent of the auditee; this permits the auditor to be objective.
referential integrity
The characteristic of relational database management systems that requires the database management system maintain the parent-child relationships between records in different tables and prohibits activities such as deleting parent records and transforming child records into orphans.
class
The characteristics of an object, including its attributes, properties, fields, and the methods it can perform.
off-site media storage
The practice of storing media such as backup tapes at an offsite facility located away from the primary computing facility.
noise
The presence of other electromagnetic signals within incoming power.
threat hunting
The proactive search for intrusions, intruders, and indicators of compromise.
confidence coefficient
The probability that a sample selected actually represents the entire population. This is usually expressed as a percentage.
sampling risk
The probability that a sample selected does not represent the entire population. This is usually expressed as a percentage, as the numeric inverse of the confidence coefficient.
reverse engineering
The process of analyzing a system to see how it functions, usually as a means for developing a similar system. ____________________________ is usually not permitted when it is applied to commercial software programs.
authentication
The process of asserting one's identity and providing proof of that identity. Typically, authentication can also requires a user ID (the assertion) and a password (the proof). However, authentication can also require stronger means of proof, such as a digital certificate, token, smart card, biometric.
identification
The process of asserting one's identity without providing proof of that identity.
data classification/ information classification
The process of assigning a sensitivity classification to a data set or information asset.
E-vaulting
The process of backing up data to a cloud-based storage provider. ______________ is a form of backup, as distinguished from e-journaling.
password reset
The process of changing a user account password and unlocking the user account so that the user's use of the account may resume.
transfer
The process of changing an employee's job title, department, and/or responsibilities.
asset inventory
The process of confirming the existence, location, and condition of assets; also, the results of such a process.
project change management
The process of controlling a project plan and budget through formal reviews of changes.
data restore
The process of copying data from backup media to a target system for the purpose of restoring lost or damaged data.
backup
The process of copying important data to another media device in the event of a hardware failure, error, or software bug, disaster, that causes damage to data.
key disposal
The process of decommissioning encryption keys.
termination
The process of discontinuing employment of an employee or a contractor.
media destruction/ media sanitization
The process of ensuring the destruction of data on digital media.
damage assessment
The process of examining assets after a disaster to determine the extent of damage.
risk analysis
The process of identifying and studying risks in an organization.
patch management
The process of identifying, analyzing, and applying patches (including security patches) to systems.
key rotation
The process of issuing a new encryption key and re-encrypting data protected with the new key.
software licensing
The process of maintaining accurate records regarding the permitted use of software programs.
salvage
The process of recovering components or assets that still have value after a disaster.
password vaulting
The process of storing a password in a secure location for later use.
migration
The process of transferring data from one system to a replacement system.
decryption
The process of transforming ciphertext into plaintext so that a recipient can read it.
background check
The process of verifying an employment candidate's employment history, education recfords, professional licenses and certifications, criminal background, and financial background.
developement
The process where software code is created.
authorization
The process whereby a system determines what rights and privileges a user has.
audit scope
The process, procedures, systems, and applications that are the subject of an audit.
asset management
The processes used to manage the inventory, classification, use, and disposal of assets.
inheritance
The property of a class whereby the class's attributes are passed to its chidlren.
nonrepudiation
The property of digital signatures and encryption that can make it difficult or impossible for a party to deny having sent a digitally signed message- unless they admit to having lost control of their private encryption key.
privacy
The protection of personal information from unauthorized disclosure, use, and distribution.
packet
The protocol data unit (PDU) at the IP layer of TCP/IP and layer 3 of the OSI model.
frame
The protocol data unit (PDU) at the transport layer of TCP/IP (namely, for Ethernet) , and layer 2 of the OSI model.
cell
The protocol data unit (PDU) for the Asynchronous Transfer Mode (ATM) protocol.
datagram
The protocol data unit (PDU) for the User Datagram Protocol in the TCP?IP suite.
audit objective
The purpose or goals of an audit. Generally, the _______________ of an audit is to determine whether controls exist and are effective in some specific aspect of business operations in an organization.
False Accept Rate (FAR)
The rate at which invalid subjects are accepted as valid. This occurs when the biometric system has too large a margin of error.
False Reject Rate (FRR)
The rate at which valid subjects are rejected as invalid. This occurs when the biometric system has too small a margin of error.
Return of Investment (ROI)
The ratio of money gained or lost as compared to an original investment.
software program library
The repository that contains program source code and that usually includes tools to manage the maintenance of source code.
RACI (Responsible, Accountable, Consulted, and Informed)
The responsibility model used to describe and track individual responsibilities in a business process or a project.
message digest
The result of a cryptographic hash functions.
control failure
The result of an audit of a control whereby the control is determined to be ineffective.
digital signature
The result of encrypting the hash of a message with the originator's private encryption key, used to prove the authenticity and integrity of a message.
benefits realization
The result of strategic planning, process development, and system development, which all contribute toward a launch of business operations to reach a set of business objectives.
control risk
The risk that a material error exists that will not be prevented or detected by the organization's control framework.
detection risk
The risk that an IS auditor will overlook errors or exceptions during an audit.
inherent risk
The risk that material weaknesses are present in existing business processes and no compensating controls are able to detect or prevent them.
residual risk
The risk that remains after being reduced through other risk treatment options.
risk acceptance
The risk treatment option in which management chooses to accept the risk as-is.
risk avoidance
The risk treatment option involving a cessation of the activity that introduces identified risk.
risk mitigation
The risk treatment option involving implementation of a solution that will reduce an identified risk.
risk transfer
The risk treatment option involving the act of transferring risk to another party, such as an insurance company.
IT Infrastructure Library (ITIL)/ IT service management (ITSM)
The set of activities that ensures the delivery of IT services is efficient and effective, through active management and the continuous improvement of processes.
attack surface
The set of hardware and software components present on a system or in an environment that can potentially be exploited by an attacker.
OSI network model
The seven-layer network model that incorporates encapsulation of messages. The OSI model has been extensively studied but has never been entirely implemented.
key length
The size (measured in bits) of an encryption key. Longer encryption keys mean that it takes greater effort to attack a cryptosystem successfully.
Maximum Transmission Unit (MTU)
The size of the largest protocol data unit (PDU) that can be transmitted on a network.
cutover
The step in the system development life cycle in which an old replaced system is shut down and a new replacement system is started.
threat management
Activities undertaken by an organization to learn of relevant security threats, so that the organization can take appropriate action to counter the threats.
strategic planning
Activities used to develop and refine long-term plans and objectives.
input controls
Administrative and technical controls that determine what data is permitted to be input into an information system. These controls exist to ensure the integrity of information in a system.
key protection
All means used to protect encryption keys from unauthorized disclosure and harm.
mobile device
A portable computer in the form of a smartphone, tablet computer, or wearable device.
laptop computer/ notebook computer
A portable computer used by an individual user.
mobile site
A portable recovery center that can be delivered to almost any location in the world.
sprint
A portion of a project in which an individual or a team will accomplish a set of objectives within a specified timeframe.
sample
A portiuon of population of records taht is slected for auditing.
encapsulation
A practice in which a method can call on another method to help perform its work.
digital private branch exchange (DPBX)
A private branch exchange (PBX) that supports digital technologies such as Voice over IP (VoIP) and Session Initiation Protocol (SIP).
data control language
A procedural language used to control access to a database.
Data Definition Language (DDL)
A procedural language used to describe the structure of data contained in a database.
Data Manipulation Language (DML)
A procedural language used to insert, delete, and modify data in a database.
back-out plan
A procedure used to reverse the effect of a change that was not successful.
risk assessment
A process in which risks, in the form of threats and vulnerabilities, are identified for each asset.
performance evaluation
A process whereby an employer evaluates the performance of each employee for the purpose of promotion, salary increase, bonus, or retention.
sniffer
A program that can be installed on a network-attached system to capture network traffic being transmitted to or from the system.
component-based development
A system development life cycle process whereby various components of a larger system are developed separately.
message server
A system in a distributed processing environment that stores and forwards transactions between systems.
Occupant Emergency Plan (OEP)
Activities required to care for occupants in a business location safely during a disaster.
preventive control
A control that is used to prevent unwanted events from happening.
manual control
A control that requires a human to operate it.
project
A coordinated and managed sequence of tasks that results in the realization of an objective or goal.
hash function
A cryptographic operation on a block of data that returns fixed-length string of characters, used to verify the integrity of a message.
hybrid cryptography
A cryptosystem that employs two or more iterations or types of cryptography.
reciprocal site
A data center that is operated by another company. Two or more organizations with similar processing needs will draw up a legal contract that obligates one or more of the organizations to house another party's systems temporarily at a reciprocal site in the vent of a disaster.
Relational Database Management System (RDBMS)
A database management system that permits the design of a database consisting of one ore more tables that can contain fields that refer to rows in other tables. This is currently the most popular type of database management system.
Distributed Denial of Service (DDoS)
A denial of service (DoS) attack that originates from many computers.
statement of impact
A description of the impact a disaster will have on a business or business process.
session border controller
A device deployed in a VoIP network to control VoIP security, connectivity, quality of service, and metering.
codec
A device or program that encodes or decodes a data stream.
proxy server
A device or system used to control end-user access to Internet web sites.
gateway
A device that acts as a protocol converter or that performs some other type of transformation of messages.
firewall
A device that controls the flow of network messages between networks. Placed at the boundary between the Internet and an organization's internal network, firewalls enforce security policy by prohibiting all inbound traffic except for the specific few types of traffic that are permitted to a select few systems.
Power Distribution Unit (PDU)
A device that distributes electric power to a computer room or data center.
protocol analyzer
A device that is connected to a network to view network communications at a detailed level.
Network Interface Card (NIC)
A device that is directly connected to a computer's bus and contains one or more connectors to which a network cable may be connected.
router
A device that is used to interconnect two or more networks.
access point
A device that provides communication services using the 802.11 (Wi-Fi) protocol standard.
layer 3 switch
A device that routes packets between different TCP/IP networks.
layer 4-7 switch
A device that routes packets to destinations based on their internal content.
modem (modulator-demodulator)
A device used to connect a local computer or network to a telecommunications network.
Channel Service Unit/Data Service Unit (CSU/DSU)
A device used to connect a telecommunications circuit to a local device such as a router.
switch
A device used to connect computers and other devices to a network. Unlike a hub, which sends all network packets to all stations on the network, a switch sends packets only to intended destination stations on the network.
multiplexor
A device used to connect several separate signals and combine them into a single data stream.
application firewall
A device used to control packets being sent to an application server, primarily to block unwanted or malicious content.
layer 4 switch
A device used to route packets to destinations based on TCP and UDP port numbers.
Hardware Security Module (HSM)
A device used to store and protect encryption keys.
organization chart
A diagram that depicts the manager-subordinate relationships within an organization or within a part of an organizations.
data flow diagram
A diagram that illustrates the flow of data within and between systems.
VoIP handset
A digital telephone designed to communicate using VoIP.
man-made disaster
A disaster that is directly or indirectly caused by human activity, through action or inaction.
natural disaster
A disaster that occurs in the natural world with little or no assistance from mankind.
Protocol Data Unit (PDU)
A discrete term that is used to signify a message that is created at various layers of encapsulated protocols such as TCP/IP.
virtual tape library (VTL)
A disk-based storage system that emulates a tape-based storage system.
blockchain
A distibuted ledger used to record cryptographically linked transactions.
response document
A document that outlines required action of personnel after a disaster strikes. Includes business recovery plan, occupant emergency plan, emergency communication plan, contact lists, disaster recovery plan, continuity of operations plan (COOP), and security incident response plan (SIRP).
deluge
A dry pipe fire sprinkler system with all sprinkler heads open. When the system is operated (for instance, when an alarm is triggered), water flows into the pipes and out of the sprinkler heads.
softphone
A software program with the functionality of a VoIP telephone.
process
1) A collection of one or more procedures used to perform a business function. 2) A logical container in an operating system in which a program executes.
wide area network (WAN)
1) A network that ranges in size from regional to international. 2) A single point-to-point connection between two distant locations (a WAN connection).
object
1) The instantiation of a class. If a class is thought of a s a design, an object can be thought of as a running example of the class. 2) A resource, such as a computer, application, database, file, or record.
training
1) The process of educating personnel. 2) To impart information or provide an environment where personnel can practice a new skill.
Asynchronous Transfer Mode (ATM)
A LAN or WAN protocol standard for sending messages in the form of cells over networks. On an ______________ network, all messages are transmitted in synchronization with a network-based time clock. A station that wants to send a message to another station must wait for the time clock.
Dynamic Host Configuration Protocol (DHCP)
A TCP/ IP application layer protocol used to assign an IP address, subnet mask, default gateway, IP address of DNS servers, and other information to a workstation that has joined the network.
Internet Group Management Protocol (IGMP)
A TCP/IP Internet layer protocol used to manage group membership in multicast networks.
remote copy (rcp)
A TCP/IP application layer protocol that is an early file transfer protocol used to copy files or directories from system to system.
File Transfer Protocol Secure (FTPS)
A TCP/IP application layer protocol that is an extension of FTP, in which authentication and transport are encrypted using SSL or TLS.
Secure File Transfer Protocol (SFTP)
A TCP/IP application layer protocol that is an extension of the FTP protocol, where authentication and file transfer are encrypted using SSH. Sometimes referred to as SSH File Transfer Protocol.
Hypertext Transfer Protocol Secure (HTTPS)
A TCP/IP application layer protocol that is similar to HTTP in its use for transporting data between web servers and browsers. _________________ is not a separate protocol, but instead is the instance where HTTP is encrypted with SSL or TLS.
Telnet
A TCP/IP application layer protocol that is used to establish a commandline session on a remote computer. _____ does not encrypt user credentials as they are transmitted over the network and has been largely replaced by SSH.
Simple Mail Transfer Protocol (SMTP)
A TCP/IP application layer protocol that is used to transport e-mail messages.
Secure Shell (SSH)
A TCP/IP application layer protocol that provides a secure channel between two computers whereby all communications between them are encrypted. ______ can also be used as a tunnel to encapsulate and thereby protect other protocols.
Lightweight Directory Access Protocol (LDAP)
A TCP/IP application layer protocol used as a directory service for people and computing resources.
Secure Copy (SCP)
A TCP/IP application layer protocol used as a file transfer protocol that is similar to remote copy (rcp) but is protected using Secure Shell (SSH).
Internet Message Access Protocol (IMAP)
A TCP/IP application layer protocol used by an end-user program to retrieve e-mail messages from an e-mail server.
Simple Network Management Protocol (SNMP)
A TCP/IP application layer protocol used by network devices and systems to transmit management messages indicating a need for administrative attention.
remote login (rlogin)
A TCP/IP application layer protocol used to establish a command-line session on a remote system. Like Telnet, __________ does not encrypt authentication or session contents and has been largely replaced by Secure Shell (SSH).
Network File System (NFS)
A TCP/IP application layer protocol used to make a disk-based resource on another computer appear as a logical volume on a local computer.
Post Office Protocol (POP)
A TCP/IP application layer protocol used to retrieve e-mail messages from an e-mail server.
Network Time Protocol (NTP)
A TCP/IP application layer protocol used to synchronize the time-of-day clocks on systems with time reference standards.
Domain Name System (DNS)
A TCP/IP application layer protocol used to translate domain names (such as www.isecbooks.com) into IP address (such as 216.128.12).
Hypertext Transfer Protocol (HTTP)
A TCP/IP application layer protocol used to transmit web page contents from web servers to users who are using web browsers.
Network News Transfer Protocol (NNTP)
A TCP/IP application layer protocol used to transport Usenet news throughout the Internet and from news servers to end users using news reading programs. Usenet news has been largely deprecated by web-based applications.
Reverse Address Resolution Protocol (RARP)
A TCP/IP link layer protocol that is used by a station that needs to know the IP address that has been assigned to it. ___________ has been largely superseded by DHCP.
classless network
A TCP/IP network whose addressing does not fit the classful network scheme, but instead uses an arbitrary subnet mask, as determined by the network's physical and logical design.
classful network
A TCP/IP network with addressing that does not fit the classful network scheme, but instead uses an arbitrary subnet mask, as determined by the network's physical and logical design.
Enhanced Interior Gateway Routing Protocol (EIGRP)
A TCP/IP routing protocol that is used to transmit network routing information from one network router to another in order to determine the most efficient path through a large network.
Routing Information Protocol (RIP)
A TCP/IP routing protocol that is used to transmit network routing information from one network router to another to determine the most efficient path through a network. _________ is one of the earliest routing protocols and is not used for Internet routing.
Border Gatewy Protocol (BGP)
A TCP/IP routing protocol used to transmit network routing information from one network router to another in order to determine the most efficient path through a large network.
Interior Gateway Routing Protocol (IGRP)
A TCP/IP routing protocol used to transmit network routing information from one network router to another to determine the most efficient path through a large network.
Intermediate System to Intermediate System (IS-IS)
A TCP/IP routing protocol used to transmit network routing information from one network router to another to determine the most efficient path through a large network.
Open Shortest Path First (OSPF)
A TCP/IP routing protocol used to transmit network routing information from one network router to another to determine the most efficient path through a large network.
Layer 2 Tunneling Protocol (L2TP)
A TCP/IP tunneling protocol.
Multistation Access Unit (MAU)
A Token Ring network device used to connect stations to the network.
Health Insurance Portability and Accountability Act (HIPAA)
A U.S. regulation requiring healthcare delivery organizations, health insurance companies, and other healthcare industry organizations to secure and maintain privacy for electronic protected health information (ePHI).
message switched
A WAN communications technology in which each message is switched to its destination when a communications path is available.
packet switched
A WAN technology in which communications between endpoints take place over a stream of packets that are routed through switches until they reach their destination.
circuit switched
A WAN technology where a dedicated, end-to-end communications channel is established that lasts for the duration of the connection.
first in, first out (FIFO)
A backup media rotation scheme in which the oldest backup volumes are used next.
last in, first out (LIFO)
A backup media rotation scheme whereby the newest backup volumes are used next.
IT Balanced Scorecard (IT-BSC)
A balanced scorecard used to measure IT organization performance and results.
bollard
A barrier that prevents the entry of vehicles into protected areas.
process isolation
A basic feature of an operating system that prevents one process from accessing the resources used by another process.
contract
A binding legal agreement between two parties that may be enforceable in a court of law.
encryption key/ key
A block of characters used in combination with an encryption algorithm to encrypt or decrypt a stream or block of data.
IT steering committee
A body of senior managers or executives that discusses high-level and long-term issues in the organization.
computer-aided software engineering (CASE)
A broad variety of tools that are used to automate various aspects of application software development.
user
A business or customer who uses an information system.
fiber optics
A cabling standard that uses optical fiber instead of metal conductors.
CISC (complex instruction set computer)
A central processing unit design that uses a comprehensive instruction set.
RISC (Reduced Instruction Set Computer)
A central processing unit design that uses a smaller instruction set, which leads to simpler microprocessor design.
spam filter
A central program or device that examines incoming e-mail and removes all messages identified as spam.
web content filter
A central program or device that monitors and, optionally, filters web communications. A web content filter is often used to control the sites (or categories of sites) that users are permitted to access from the workplace. Some web content filters can also protect and organization from malware.
server
A centralized computer used to perform a specific task.
Public Key Infrastructure (PKI)
A centralized function that is used to store and publish public keys and other information.
disk array
A chassis in which several hard disks can be installed and connected to a server. The individual disk drives can be "hot swapped" in the chassis while the array is still operating.
intellectual property
A class of assets owned by an organization, including the organization's designs, architectures, software source code, processes, and procedures.
Software-Defined Networking (SDN)
A class of capabilities in which network infrastructure devices such as routers, switches, and firewalls are created, configured, and managed as virtual devices in virtualization environments.
Synchronous Optical Networking (SONET)
A class of common carrier telecommunications network technologies used to transport voice and data over fiber optic networks at very high speeds.
Mobile Device Management (MDM)
A class of enterprise tools used to manage mobile devices such as smartphones and tablet computers.
T-Carrier
A class of multiplexed carrier network technologies developed to transport voice and data communications over long distances using copper cabling.
control
A policy, process, or procedure that is created to achieve a desired event or to avoid an unwanted event.
network management
A class of software program that is used to monitor and manage devices connected to a network. Also refers to the business processes used for the same purpose.
right to audit
A clause in a contract that grants one party the right to conduct an audit of the other party's operations.
Platform-as-a-Service (PaaS)
A cloud computing delivery model whereby the service provider supplies the platform on which an organization can build and run software.
Infrastructure-as-a-Service (IaaS)
A cloud computing model in which a service provider makes computers and other infrastructure components available to subscribers.
Disaster Recovery-as-a-Service (DRaaS)
A cloud-based set of tools and services that streamline planning and execution of data backup and data replication for disaster recovery purposes.
botnet
A collection of bots that are under the control of an individual.
database
A collection of structured or unstructured information.
Digital Subscriber Line (DSL)
A common carrier standard for transporting data from the Internet to homes and businesses.
Frame Relay
A common carrier standard for transporting packets from one network to another. _________________ is being replaced by Multiprotocol Label Switching (MPLS).
T-1
A common carrier standard protocol for transporting voice and data. ___ can support up to 24 separate voice channels of 64 Kbit/sec each and is used primarily in North America.
E-3
A common carrier standard protocol for transporting voice and data. _____ can support to 512 separate voice channels of 64 Kbit/sec each and is used primarily in Europe.
E-1
A common carrier standard protocol for transporting voice and data. _____ can support up to 32 voice channels of 64 Kbit/sec each and is used primarily in Europe.
T-3
A common carrier standard protocol for transporting voice and data. _____ can support up to 672 separate voice channels of 64 Kbit/sec each and is used primarily in North America.
Integrated Services Digital Network (ISDN)
A common carrier telephone network used to carry voice and data over landlines. __________ can be thought of as a digital version of the PSTN.
Internet Control Message Protocol (ICMP)
A communications diagnostics protocol that is part of the TCP/IP suite of protocols.
blackout
A complete loss of electric power for more than a few seconds.
population
A complete set of subjects, entities, transactions, or events that are the subject of an audit.
Towers of Hanoi
A complex backup media rotation scheme that provides for more lengthy retention of some backup media. Based on the ________________________________ puzzle.
bus
A component in a computer that provides the means for the different components of the computer to communicate with one another.
middleware
A component in an application environment that is used to control or monitor transactions.
sample standard deviation
A computation of the variance of sample values from the sample mean. This is a measurement of the "spread" of values in the sample.
desktop computer
A computer used by an individual end user and located at the user's workspace.
secondary storage
A computer's long-term storage of information, usually implemented with hard disk drives or static random access memory (SRAM).
main storage
A computer's short-term storage of information, usually implemented with electronic components such as random access memory (RAM).
firmware
A computer's special-purpose storage that is usually used to store the instructions required to start the computer system. _____________ is usually implemented in ROM, PROM, EPROM, EEPROM, or flash.
configuration item
A configuration setting in an IT asset.
continuous and intermittent simulation (CIS)
A continuous auditing technique in which flagged transactions are processed in a parallel simulation and the results compared to production processing results.
embedded audit module (EAM)
A continuous auditing technique that consists of a special software module embedded within a system that is designed to detect processing anomalies.
snapshot
A continuous auditing technique that involves the use of special audit modules embedded in online applications that sample specific transactions. The module copies key database records that can be examined later on.
COBIT
A control framework for managing information systems and security. _____________ is published by ISACA.
deterrent control
A control that is designed to deter people from performing unwanted activities.
automatic control
A control that is enacted through some automatic mechanism that requires little or no human intervention.
compensating control/ mitigating control
A control that is implemented because another control cannot be implemented or is ineffective.
technical controls
A control that is implemented in IT systems and applications.
corrective control
A control that is used after an unwanted event has occurred.
recovery control
A control that is used after an unwanted event to restore a system or process to its pre-event state.
detective control
A control that is used to detect events.
Redundant Array of Independent Disks (RAID)
A family of technologies that combines multiple physical disk drive components into one or more logical units to improve the reliability, performance, or capacity of disk-based storage systems.
audit logging
A feature in an application, operating system, or database management system whereby events are recorded in a separate log.
polymorphism
A feature of a programming language that enables an object to behave in different ways, depending upon the data passed to it.
foreign key
A field in a table in a relational database management system that references a unique primary key in another table.
Unix file system (UFS)
A file system used by many Unix operating system.
File Allocation Table (FAT)
A file system used by the MS-DOS operating system as well as by early versions of the Microsoft Windows operating system.
Hierarchical File System (HFS)
A file system used on computers running the MAC OS X operating system.
wet pipe system
A fire sprinkler system in which all sprinkler pipes are filled with water. Each sprinkler head is equipped with a fuse- a heat-sensitive glass bulb- that breaks upon reaching a preset temperature. When this occurs, water is discharged from just that sprinkler head, which is presumably located near a fire.
pre-action system
A fire sprinkler system used in areas with high-value contents, such as data centers. A _______________ system is essentially a dry pip system until a "preceding" event such as a smoke detector alarm occurs; at this time, the system is filled with water and becomes a wet pipe system. Then, if the ambient temperature at any of the sprinkler heads is high enough, fuse (heat-sensitive glass bulbs) break, releasing water to extinguish the fire.
dry pipe system
A fire sprinkler system used in locales where ambient temperatures often drop below freezing. In this type of system, pipes are filled with compressed air. When sufficient heat causes one of the sprinkler head fuses (heat-sensitive glass bulbs_ to break, a control valve releases water into the piping.
fire sprinkler system
A fire suppression system that extinguishes a fire by spraying water on it.
inert gas system
A fire suppression system that floods a room with an inert gas, displacing oxygen from the room and extinguishing the fire.
Erasable Programmable Read Only Memory (EPROM)
A form of permanent memory that can be erased by shining ultraviolet (UV) light through a quartz window on the top of the chip.
flash
A form of permanent memory that can be rewritten by the computer that it is installed on. ______________ memory is used by several types of devices, including SD (Secure Digital) cards, Compact Flash, Memory Stick, and USB drives.
Electrically Erasable Programmable Read-Only Memory (EEPROM)
A form of permanent memory that can be rewritten using a special program on the computer on which it is installed.
Programmable Read-Only Memory (PROM)
A form of permanent memory that cannot be modified.
static random access memory (SRAM)
A form of semiconductor memory that does not require refreshing.
outsourcing
A form of sourcing in which an employer uses contract employees to perform a function. The contract employees may be located on-site or off-site.
off-shoring
A form of sourcing whereby an employer will source a function with employees or contractors located in another country or continent.
insourcing
A form of sourcing whereby an employer will use its own employees to perform a function.
access management
A formal business process used to control access to networks and information systems.
vulnerability management
A formal business process used to identify and mitigate vulnerabilities in an IT environment.
program charter
A formal definition of the objectives of a program, its main timelines, sources of funding, the names of its principal leaders and managers, and the business executive(s) who are sponsoring the program.
Request for Information (RFI)
A formal process whereby an organization solicits detailed product of service information from one or more vendors.
Request for Proposals (RFP)
A formal process whereby an organization solicits solution proposals from one ore more vendors. The process usually includes formal requirements and desired terms and conditions. IT is used to evaluate vendor proposals to make a selection.
security awareness
A formal program used to educate employees, users, customers, or constituents on required, acceptable, and unacceptable security-related behaviors.
change request/ Request for Change (RFC)
A formal request for a change to be made in an environment.
change review
A formal review of a requested change.
employee handbook/ employee policy manual
A formal statement of the terms of employment, facts about the organization, benefits, compensation, conduct, and policies.
control objective
A foundational statement that describes desired states or outcomes from business operations.
NIST CSF (National Institute for Standards and Technology Cybersecurity Framework)
A framework consisting of standards, guidelines, and best practices to manage cybersecurity-related risk, developed by the U.S. National Institute for Standards and Technology.
Media Access Control (MAC)
A framing protocol used by Ethernet, DSL, MPLS, and ISDN.
service set identifier (SSID)
A friendly name that identifies a particular 802.11 wireless network.
WAN switch
A general term encompassing several types of wide area network switching devices, including ATM switches, Frame Relay switches, MPLS switches, and ISDN switches.
fire extinguisher
A hand-operated fire suppression device used for fighting small fires.
key logger
A hardware device or a type of malware that records a user's keystrokes and, optionally, mouse movements and clicks and sends them to the key logger's owner.
Thunderbolt
A hardware interface standard combining PCI Express and DisplayPort (DP) technologies.
Intrusion Prevention System (IPS)
A hardware or software system that detects and block anomalies that may be signs of an intrusion.
Intrusion Detection System (IDS)
A hardware or software system that detects anomalies that may be signs of an intrusion.
Cyclic Redundancy Check (CRC)
A hash function used to create a checksum that detects errors in network transmissions. The Ethernet standard uses a CRC to detect errors.
grandfather-father-son
A hierarchical backup media rotation scheme that provides for longer retention of some backups.
recovery strategy
A high-level plan for the resumption of business operations after a disaster.
mainframe
A large central computer capable of performing complex tasks for several users simultaneously.
midrange computer
A large central computer capable of performing complex tasks for users.
grid computing
A large number of loosely coupled computers that are used to solve a common task.
operating system
A large, general-purpose program used to control computer hardware and facilitate the use of software applications.
Kanban
A lean software development methodology that uses a visual _____________ board to tack and plan the assignment and completion of tasks in a project.
employment agreement
A legal contract between an organization and an employee, which may include a description of duties, roles, and responsibilities, confidentiality requirements, compliance requirements, and termination information.
Provided by Client (PBC)
A list of evidence requested of an auditee at the onset of an audit.
contact list
A list of key personnel and various methods used to contact them.
Fiber Distributed Data Interface (FDDI)
A local area network technology that consists of a "dual ring" with redundant network cabling and counter-rotating logical tokens.
virtual circuit
A logical communications channel between two endpoints on a packet-switched network.
virtual local area network (VLAN)
A logical network that may share a physical medium with one ore more other virtual networks.
work breakdown structure (WBS)
A logical representation of the high-level and detailed tasks that must be performed to complete a project.
file system
A logical structure that facilitates the storage of data on a digital storage medium such as a hard drive, CD/ DVD-ROM, or flash memory device.
standard IT balanced scorecard
A management tool that is used to measure the performance and effectiveness of an IT organization.
balanced scorecard (BSC)
A management tool that is used to measure the performance and effectiveness of an organization.
Software Process Improvement and Capability dEtermination (SPICE)
A maturity model based on the SEI CMM maturity model. _________ has been made an international standard: ISO/IEC 15504.
Capability Maturity Model Integration (CMMI)
A maturity model that represents the aggregation of other maturity models.
web services
A means for system-to-system communications using HTTP.
precision
A measure of how closely a sample represents the entire population.
ciphertext
A message, file, or stream of data that has been transformed by an encryption algorithm and rendered unreadable.
classless internet domain routing (CIDR)
A method for creating IP subnets that is more efficient than classful networks.
proof of concept
A method for demonstrating the ability to build or implement complex systems through the use of simpler models.
symmetric encryption
A method for encryption a decryption that requires both parties to possess a common encryption key.
asymmetric encryption/ public key cryptography
A method for encryption, decryption, and digital signatures that uses pairs of encryption keys: a public key and a private key.
call tree
A method for ensuring the timely notification of key personnel when an event such as a disaster occurs.
Constructive Cost Model (COCOMO)
A method for estimating software development projects based on the number of lines of code and the complexity of the software being developed.
function point analysis (FPA)
A method for estimating software development projects based on the number of user inputs, outputs, queries, files, and external interfaces.
Network Address Translation (NAT)
A method of translating IP addresses at network boundaries, most notably to convert private internal network addresses to publicly routable network addresses.
container
A method of virtualization whereby several isolated operating zones are created in a running server operation, which isolated programs and data to their respective.
digital envelope
A method that uses two layers of encryption. A symmetric key is used to encrypt a message; then a public or private key is used to encrypt the symmetric key.
control self-assessment (CSA)
A methodology used by an organization to review key business objectives, risks, and controls. Control self-assessment is a self-regulation activity.
netbook computer
A miniature laptop computer, usually with more limited storage and peripheral connectivity than a laptop computer.
tablet
A mobile device with a touchscreen interface.
smartphone
A mobile phone equipped with an operating system and software applications.
capability maturity model
A model used to measure the relative maturity of an organization or of its processes.
dropout
A momentary loss of power that lasts from a few milliseconds to a few seconds.
Remote Authentication Dial-In User Service (RADIUS)
A network authentication protocol.
stateful inspection firewall
A network device that filters network traffic based on source and destination IP addresses and ports and keeps track of individual TCP/I{ sessions to make filtering decisions, permitting established connections.
screening router
A network device that filters network traffic based on source and destination IP addresses and ports.
netflow
A network diagnostic tool that collects all network metadata, which can be used for network diagnostic or security purposes.
honeynet
A network of computers acting as a honeypot.
Remote Procedure Call (RPC)
A network protocol that permits an application to execute a subroutine or procedure on another computer.
Network Basic Input/Output System (NetBIOS)
A network protocol that permits applications to communicate with one another using the legacy NetBIOS API.
Point-to-Point Protocol (PPP)
A network protocol used to transport TCP/IP packets over point-to-point serial connections (usually RS-232 and dial-up connections).
Serial Line Internet Protocol (SLIP)
A network protocol used to transport TCP/IP packets over point-to-point serial connections (usually RS-232).
local area network (LAN)
A network that connects computers and devices together in a small building or a residence.
Personal Area Network (PAN)
A network that is generally used by a single individual and is usually limited to about 3 meters in size.
star topology
A network topology in which a separate connection is made from a central device to each station.
ring topology
A network topology in which connections are made from one station to the next, in a complete loop.
bus topology
A network topology in which each station is connected to a central cable.
network authentication
A network-based service that is used to authenticate persons to network-based resources.
time sychronization
A network-based service used to synchronize the time clocks on computers connected to a network.
A network-based service used to transmit messages between individuals and groups.
Category 8
A new cable standard, still under development, designed for high-speed networking in data centers.
subnet mask
A numeric value that determines which portion of an IP address is used to identify the network and which protion is used to identify a station on the network.
Multiprotocol Label Switching (MPLS)
A packet-switched network technology that utilizes a variable-length packet. In an ___________ network, each packet has one or more labels affixed to it that contain information that helps _________ routers make packet-forwarding decisions without examining the contents of the packet itself (for an IP address, for instance).
Radio Resource Control (RRC)
A part of the Universal Mobile Telecommunications System (UMTS) Wideband Code Division Multiple Access (WCDMA) wireless telecommunications protocol that is used to facilitate the allocation of connections between mobile devices and base stations.
default password
A password associated with a user account or system account that retains its factory default setting.
subject
A person or a system.
custodian
A person or group delegated to operate or maintain an asset.
owner
A person or group responsible for the operation of an asset.
terrorist
A person or group who perpetrates violence for political or other reasons.
keycard system
A physical access control system by which personnel are able to enter a workspace by waving a keycard near a reader or inserting it into a reader, activating a door lock to unlock the door briefly.
conspiracy
A plan by two or more persons to commit an illegal act.
budget
A plan for allocating resources over a certain time period.
emergency communications plan
A plan that outlines the communications required during a disaster.
mandatory vacation
A policy established by some organizations that requires each employee to take a vacation every year.
privacy policy
A policy statement that defines how an organization will protect, manage, and handle private information.
Diffe-Hellman
A popular key exchange algorithm
lean
A project management approach that empahsizes focus on value and efficiency. ____________ is derived from lean manufacturing techniques developed at Toyota in Japan in the 1990s.
PRojects IN Controlled Environments (PRINCE2)
A project management framework.
Project Management Body of Knowledge (PMBOK)
A project management guide that defines the essentials of project management.
timebox management
A project management technique in which a large project is broken down into smaller components and time periods.
Remote Desktop Protocol (RDP)
A proprietary protocol from Microsoft that is used to establish a graphic interface connection with another computer.
JSON-RPC
A protocol used in application environments to facilitate a client request made to a server.
Secure Hypertext Transfer Protocol (S-HTTP)
A protocol used to encrypt web pages between web servers and web browsers. Often confused with Hypertext Transfer Protocol Secure (HTTPS).
Internet Key Exchange (IKE)
A protocol used to establish security associations (logical connections) between hosts using the IPsec protocol.
Simple Object Access Protocol (SOAP)
A protocol used to facilitate the exchange of structured information between systems.
Secure Electronic Transaction (SET)
A protocol used to protect credit card transactions that uses a digital envelope. _______ has been deprecated by Secure Sockets Layer (SSL) and Transport Layer Security (TLS).
elliptic curve
A public key cryptography algorithm.
certification practice statement (CPS)
A published statement that describes the practices used by the CA to issues and manage digital certificates.
Six Sigma
A quantitative, statistical technique used to identify and remediate defects in business processes.
Initialization Vector (IV)
A random number that is needed by some encryption algorithms to begin the encryption process.
network analysis
A reconnaissance operation on an organization's netowrk.
access control log
A record of attempted accesses.
Configuration Management Database (CMDB)
A repository force every components in an environment that contains information on every configuration change made on those components.
class library
A repository where classes are stored.
object breakdown structure (OBS)
A representation of the components of a project in graphical or tabular form.
walkthrough
A review of some or all disaster recovery and business continuity plans, procedures, and other documentation. A __________________ is performed by an entire group of individuals in a live discussion.
document review
A review of some or all disaster recovery and business continuity plans, procedures, and other documentation. Individuals typically review these documents on their own and at their own pace, but within whatever time constraints or deadlines that may have been established.
access review
A review of the users, systems, or other subjects that are permitted to access protected objects. The purpose of a review is the ensure that all subjects are authorized to have access.
qualitative risk analysis
A risk analysis methodology whereby risks are estimated in the form of actual cost amounts.
Risk IT Framework
A risk management model that approaches risk from the enterprise perspective.
judgmental sampling
A sampling of technique in which items are chosen based upon the auditor's judgement, usually based on risk or materiality.
discovery sampling
A sampling technique by which at least one exception is sought in a population.
statistical sampling
A sampling technique in which items are chosen at random; each item has a statistically equal probability of being chosen.
stop-or-go sampling
A sampling technique used to permit sampling to stop at the earliest possible time. This technique is used when the auditor believes that there is low risk or a low rate of exceptions in the population.
variable sampling
A sampling technique used to study the characteristics of a population to determine the numeric total of a specific attribute from the entire population.
attribute sampling
A sampling technique used to study the characteristics of population to determine how many samples possess a specific characteristic.
stratified sampling
A sampling technique whereby a population is divided into classes or strata, based upon the value of one of the attributes. Samples are then selected from each class.
back door
A section of code that permits someone to bypass access controls and access data or functions. ____________________ are commonly placed in placed in programs during development but are removed before programming is complete.
Center for Internet Security Controls
A security controls framework developed by the Center for Internet Security (CIS).
acceptable use
A security policy that defines the types of activities that are acceptable and those that are not acceptable to the organization.
Payment Card Industry Data Security Standard (PCI-DSS)
A security standard intended to protect credit card numbers in storage, while being processed, and while being transmitted. The standard was developed by the PCI Standards Council, which is a consortium of credit card companies, including Visa, MasterCard, American Express, Discover, and JCB.
microsegmentation
A segmentation technique in which individual hosts are isolated with network access controls, typically with network or host firewalls.
file
A sequence of zero or more characters that is stored as a whole in a file system. A _______ may be a document, spreadsheet, image, sound file, computer program, or data that is used by a program.
database server
A server that contains and facilitates access to one or more databases.
file server
A server that is used to store files in a central location, usually to make them available to many users.
application server
A server that runs application software.
web server
A server that runs specialized software that makes static and dynamic HTML pages available to users.
print server
A server used to coordinate printing to shared printers.
remote access
A service that permits a user to establish a network connection from a remote location so that the user can access network resources remotely.
cryptosystem
A set of algorithms used to generate an encryption key, to perform encryption, and to perform decryption.
audit methodology
A set of audit procedures that is used to accomplish a set of audit objectives.
Data Dictionary (DD)
A set of data in a database management system that describes the structure of databases stored there.
logic bomb/ time bomb
A set of instructions designed to perform some damaging action when a specific event occurs; a popular example is a time bomb that alters or destroys data on a specified date in the future.
role
A set of privileges in an application. Also a formally defined set of work tasks assigned to an individual.
media control
A set of processes for controlling the security of storage media.
spike/ surge
A sharp increase in voltage that lasts for only a fraction of a second.
key fingerprint
A short sequence of characters used to authenticate a public key.
Bluetooth
A short-range airlink standard for data communications between peripherals and low-poer consumption devices.
Wireless USB (WUSB)
A short-range, high-bandwidth standard wireless communications protocol used to connect computer peripherals.
visual notice
A sign or symbol used to inform personnel of security controls and/ or to warn unauthorized persons
accumulation of privileges/ privilege creep
A situation in which an employee accumulates system access privileges over a long period of time and after internal transfers or other privilege changes, but old access privileges have not been removed.
source lines of code (SLOC)
A sizing technique for software development projects that represents the size of the planned program, expressed as lines of code.
token
A small electronic device used in two-factor authentication. A _________ may display a number that the user types in to a login field, or it may be plugged into a workstation to complete authentication.
smart card
A small, credit card-sized device that contains electronic memory and is accessed with a smart card reader and used in two-factor authentication.
phishing
A social engineering attack on unsuspecting individuals in which e-mail messages that resemble official communications entice victims to visit imposter web sites that contain malware or request credentials to sensitive or valuable assets.
Software-as-a-Service (SaaS)
A software delivery model whereby an organization obtains a software application for use by its employees and the software application is hosted by the software provider, as opposed to the customer organization.
web-based application development
A software development effort in which the application' user interface is based on the HTTP (Hypertext Transport Protocol) and HTML (Hypertext Markup Language) standards.
Rapid Application Development (RAD)
A software development life cycle process characterized by small development teams, prototypes, design sessions with end users, and development tools that integrate data design, data flow, user interface, and prototyping.
spiral model
A software development life cycle process in which the activities of requirements definitions and software design go through several cycles until the project is complete.
data-oriented system development (DOSD)
A software development life cycle process that starts with a design of data and interfaces to databases and then moves on to program design.
denial of service (DOSD)
A software development life cycle process that starts with a design of data and interfaces to databases and then moves on to program design.
waterfall model
A software development life cycle process whereby activities are sequential and are executed one time in a software project.
iterative development process
A software development process that consists of one or more repeating loops of planning, requirements, design, coding, and testing until development and implementation are considered complete.
virtual machine
A software implementation of a computer, usually an operating system or other program running within a hypervisor.
Database Management System (DBMS)
A software program that facilitates the storage and retrieval of potentially large amounts of structured or unstructured information.
terminal emulation
A software program that runs on a workstation that emulates an older style computer terminal.
storage area network (SAN)
A stand-alone storage system that can be configured to contain several virtual volumes and is connected to many servers through fiber optic cables.
Network Attached Storage (NAS)
A stand-alone storage system that contains one or more virtual volumes. Servers access these volumes over the network using the Network File System (NFS) or Server Message Block/Common Internet File System (SMB/CIFS) protocols, common on Unix and Windows operating systems, respectively.
near-field communications (NFC)
A standard for extremely short-distance radiofrequency data communications.
802.1X
A standard for network authentication and access control that can mutually authenticate both people and devices connecting to a LAN or a wireless LAN.
Address Resolution Protocol (ARP)
A standard network protocol used to obtain the address for another station on a local area network (LAN).
Token Ring
A standard protocol for assembling a stream of data into frames for transport over a physical medium from one station to another on a local area network. On a ____________________ network, a three-byte token is passed from station to station over the network. A station may not transmit a packet to another station until it has first received the token.
Ethernet
A standard protocol for assembling a stream of data into frames for transport over a physical medium from one station to another on a local area network. On an ______________________ network, any station is free to transmit a packet at any time, provided that another station is not already doing so.
Fibre Channel
A standard protocol for assembling a stream of data into frames for transport over a physical medium from one station to another on a local area network. ____________________ is most often found in storage area networks.
RS-232
A standard protocol for sending serial data between computers.
V.35
A standard protocol for sending serial data between computers.
RS-449
A standard protocol for sending serial data between network devices.
architecture standard
A standard that defines technology architecture at the database, system, or network level.
configuration standard
A standard that defines the detailed configurations that are used in servers, workstations, operating systems, database management systems, applications, network devices, and other systems.
methodology standard
A standard that specifies the practices used by the IT organization.
protocol standard
A standard that specifies the protocols used by the IT organization.
technology standard
A standard that specifies the software and hardware technologies used by the IT organization.
vendor standard
A standard that specifies which suppliers and vendors are used for various types of products and services.
responsibility
A stated expectation of activities and performance.
code of ethics
A statement that defines acceptable and unacceptable professional conduct.
information security policy/ security policy
A statement that defines how an organization will classify and protect its important assets.
access control policy
A statement that defines the policy for the granting, review, and revocation of access to systems and work areas.
standard
A statement that defines the technologies, protocols, suppliers, and methods used by an IT organization.
policy
A statement that specifies a course, principle. or method of action that has been adopted or prosed in an organization. A ________ usually defines who is responsible for monitoring and enforcing the policy.
default gateway
A station on a network (usually a router) that is used to forward messages to stations on distant networks.
implementation
A step in the software development life cycle where new or updated software is placed into the production environment and started.
rollback
A step in the system development life cycle in which system changes need to be reversed, returning the system to its previous state.
directory
A structure in a file system that is used to store files and, optionally, other directories.
fence
A structure that prevents or deters passage by unauthorized personnel.
wall
A structure that prevents or deters passage by unauthorized personnel.
criticality analysis (CA)
A study of each system and process, a consideration of the impact on the organization if it is incapacitated, the likelihood of incapacitation, and the estimated cost of mitigating the risk or impact of incapacitation.
business impact analysis (BIA)
A study used to identify the impact that different disaster scenarios will have on ongoing business operations.
inrush
A sudden increase in current flowing to a device, usually associated with the startup of a large motor. This can cause a voltage drop that lasts several seconds.
Internet Protocol Security (IPsec)
A suite of protocols used to secure IP-based communications by using authentication and encryption.
brownout
A sustained drop in voltage that can last from several seconds to several hours.
electric generator
A system consisting of an internal combustion engine powered by gasoline, diesel fuel, or natural gas that spins an electric generator. A generator can supply electricity for as long as several days, depending upon the size of its fuel supply and whether it can be refueled.
transfer switch
A system of electrical switches that automatically routes electric power from one or more public utility feeds, one or more generators, through one or more UPSs, to a data center facility.
heating, ventilation, and air conditioning (HVAC)
A system that controls temperature and humidity in a facility.
RPC gateway
A system that facilitates communication through the RPC suite of protocols between components in an application environment.
Object Request Broker (ORB) Gateway
A system that facilitates the processing of transactions across a distributed environment that uses the CORBA (Common Object Request Broker Architecture) or Microsoft COM/DCOM standards.
uninterruptible power supply (UPS)
A system that filters the incoming power of spikes and other noise and supplies power for short periods through a bank of batteries.
transaction processing (TP) monitor
A system that manages transactions between application servers and database servers in a distributed processing environment.
Cloud Access Security Broker (CASB)
A system that monitors and, optionally, controls users' access to cloud-based resources.
cloud computing
A technique of providing a dynamically scalable and usually virtualized computing resource as a service.
key exchange
A technique that is used by two parties to establish a symmetric encryption key when no secure channel is available.
piggybacking/ tailgating
A technique used by an intrude to attempt to enter an access-controlled building, typically executed by following closely behind an employee entering the building and "piggybacking" on the employee's security credentials.
tailgating
A technique used by an intruder to attempt to enter an access-controlled building, typically executed by following closely behind an employee entering the building and "piggybacking" on the employee's security credentials.
critical path methodology (CPM)
A technique used to identify the most critical path in a project to understand which tasks are most likely to affect the project schedule.
sampling
A technique used to select a portion of population when it is not feasible to test an entire population.
virtual desktop infrastructure (VDI)
A technology by which user workstations use operating systems that are stored and run on central servers.
trunk
A telecommunications network technique in which several communications can share a set of lines or frequencies.
simulation
A test of disaster recovery, business continuity, or security incident response procedures in which the participants take part in a "mock disaster" or incident to add some realism to the process of thinking their way through the emergency response process.
Maximum Tolerable Downtime (MTD)
A theoretical time period measured from the onset of a disaster, after which the organization's ongoing viability would be at risk.
cluster
A tightly coupled collection of computers that is used to solve a common task. In a _____________, one or more servers actively perform tasks, while zero or more computers may be in a "standby" state, ready to assume active duty should the need arise.
honeypot
A trap that is designed to detect unauthorized use of information systems.
certificate authority (CA)
A trusted party that stores digital certificates and public encryption keys.
Category 7
A twisted-pair cabling standard that is capable of transporting 10GB Ethernet over 100 meters (328 ft.).
Category 3
A twisted-pair cabling standard that is capable of transporting 10MB Ethernet up to 100 meters (328 ft.).
Category 5/5e
A twisted-pair cabling standard that is capable of transporting 10MB, 100MB, and 1000MB (1 GB) Ethernet up to 100 meters (328 ft).
Category 6
A twisted-pair cabling standard that is capable of transporting 10MB, 100MB, and 1000MB (1 GB) Ethernet up to 100 meters (328 ft.). _________________ has the same transport capability as Category 5, but with better noise resistance.
race condition/ time of check/time of use (TOC/TOU)
A type of attack in which an attacker is attempting to exploit a small window of time that may exist between the time tha a resrouce tis requested and when it is available for use.
Integrated Test Facility (ITF)
A type of automated test in which an auditor creates fictitious transactions to trace their integrity through the system.
twinax
A type of coaxial cable that uses two inner conductors.
blade server
A type of computer architecture in which a main chassis equipped with a power supply, cooling, network, and console connectors contains several slots that are fitted with individual computer modules, or blades. Each blade is an independent computer system.
appliance
A type of computer with preinstalled software that requires little or no maintenance.
object database/ Object Database Management System (ODBMS)
A type of database management system in which information is represented as objects that are used in object-oriented programming languages.
stream cipher
A type of encryption algorithm that operates on a continuous stream of data, such as a video or audio feed.
worm
A type of malware containing stand-alone programs capable of human-assisted and automatic propagation.
bot
A type of malware in which agents are implanted by other forms of malware and are programmed to obey remotely issues instructions.
virus
A type of malware in which fragments of code attach themselves to executable programs and are activated when the program they are attached to is run.
Trojan horse
A type of malware program that purports to perform one function but actually performs other (or additional) undesired functions.
spyware
A type of malware software that performs one or more surveillance-type actions on a computer, reproting back to the spyware owner.
rootkit
A type of malware that is designed to evade detection.
coaxial
A type of network cable that consists of a solid inner conductor surrounded by an insulating jacket, which is surrounded by a metallic shield, which in turn is surrounded by a plastic jacket.
twisted-pair cable
A type of network cabling that consists of a thick cable containing four pairs of insulated copper conductors, all surrounded by a protective jacket.
synchronous replication
A type of replication in which writing data to a local and to a remote storage system is performed as a single operation, guaranteeing that data on the remote storage system is identical to data on the local storage system.
asynchronous replication.
A type of replication whereby writing data to the remote storage system is not kept in sync with updates on the local storage system. Instead, there may be a time lag, and there is no guarantee that data on the remote system is identical to that on the local storage system.
Random Access Memory (RAM)
A type of semiconductor memory usually fused for a computer's main storage.
substantive testing
A type of testing used to determine the accuracy and integrity of transactions that flow through processes and systems.
compliance testing
A type of testing used to determine whether control procedures have been properly designed and implemented and are operating properly.
screened shielded twisted pair (S/STP)
A type of twisted-pair cable in which a thick metal shield protects each pair of conductors and an outer shield protects all of the conductors together.
screened unshielded twisted pair (SU/STP)
A type of twisted-pair cable in which a thick metal shield protects each pair of conductors and an outer shield protects all of the conductors together.
Shielded Twisted Pair (STP)
A type of twisted-pair cable in which a thin metal shield protects each pair of conductors.
unshielded twisted pair (UTP)
A type of twisted-pair cable with no shielding- just four pairs of twisted conductors and the outer protective jacket.
data management utility
A type of utility software used to manipulate, list, transform, query, compare, encrypt, decrypt, import, or export data.
customization
A unique change that is made to a computer program or system.
table
A unit of storage in a relational database management system that can be though of as a list of records.
field
A unit of storage in a relational database management system that consists of a single data item within a row.
row
A unit of storage in a relational database management system that consists of a single record in a table.
fourth-generation language (4GL)
A variety of tools that are used in the development of applications, or that are parts of the applications themselves.
guest
A virtual machine running under a hypervisor.
Project Evaluation and Review Technique (PERT)
A visual representation of a project plan that shows project tasks, timelines, and dependencies.
programming language
A vocabulary and set of rules used to construct a human-readable computer program.
vulnerability
A weakness that may be present in a system that makes the probability of one or more threats more likely.
mash-up
A web-based application that contains components that originate from other web applications.
Tolkien Ring
A wireless network used for communications among beings wearing magic rings created by Sauron. Used in Middle-earth.
LTE (Long Term Evolution)
A wireless telecommunications standard for use by mobile devices, considered an upgrade of older GSM and CDMA2000 standards.
WiMAX
A wireless telecommunications standard with data rates ranging from 30 Mbit/sec to 1 GBit/sec.
thick client
A workstation that contains a fully functional operating system and application programs.
thin client
A workstation that contains a minimal operating system and little or no data storage.
job description
A written description of a job in an organization. A ______________________ usually contains a job title, experience requirements, and knowledge requirements.
audit charter
A written document that defines the mission and goals of the audit program as well as roles and responsibilities.
procedure
A written sequence of instructions used to complete a task.
machine authentication controls
Access controls used to authenticate a device to determine whether it will be permitted to accesds resources.
business process management (BPR)
Activities concerned with the development, maintenance, and monitoring of business processes.
disaster recovery planning (DRP)
Activities related to the assessment, salvage, repair, and restoration of facilities and assets.
Network Operations Center (NOC)
An IT function whereby personnel centrally monitor operations within an organization's network, and often also its systems and applications.
Security Operations Center (SOC)
An IT function wherein personnel centrally monitor and manage security functions and devices and watch for security anomalies and incidents.
Web Services Description Language (WSDL)
An XML-based language used to describe web services.
access control list (ACL)
An access control method whereby a list of permitted or denied users (or systems, or services, as the case may be) is used to control access to resources.
Discretionary Access Control (DAC)
An access model by which the owner of an object is able to determine how and by whom the object may be accessed. The discretion of the owner determines permitted accesses by subjects.
Mandatory Access Control (MAC)
An access model used to control access to objects (files, directories, databases, systems, networks, and so on) by subjects (persons, programs, and so on). When a subject attempts to access an object, the operating systems examines the access properties of the subject and object to determine whether the access should be allowed. The operating system then permits or denies the requested access.
corrective action
An action that is initiated to correct an undesired condition.
preventive action
An action that is initiated to prevent an undesired vent or condition.
virtual server
An active instantiation of a server operating system, running on a system that is designed to house two or more such virtual servers. Each virtual server is logically partitioned from every other server so that each runs as though it were on the own physically separate machine.
software maintenance
An activity in the software development life cycle whereby modifications are made to the software code.
replication
An activity in which data that is written to a storage system is also copied over a network to another storage system and written. The result is the presence of up-to-date data that exits on two or more storage systems, each of which could be located in a different geographic region.
feasibility study
An activity that seeks to determine the expected benefits of a program or project.
parallel test
An actual test of disaster recovery (DR) and/ or business continuity response plans. The purpose of a parallel test is to evaluate the ability of personnel to follow directives in emergency response plans- to set up the DR business processing or data processing capability. In a ___________________, personnel operate recovery systems in parallel with production systems to compare the results between the two to determine the actual capabilities of recovery systems.
cutover test
An actual test of disaster recovery (DR) and/or business continuity response plans. The purpose of a parallel test is to evaluate the ability of personnel to follow directives in emergency response plans—to actually set up the DR business processing or data processing capability. In a cutover test, personnel shut down production systems and operate recovery systems to assume actual business workload.
IP address
An address assigned to a station on a TCP/IP network.
account lockout
An administrative lock that is placed on a user account when a predetermined event occurs, such as when an expiration date is reached or when there have been several unsuccessful attempts to access the user account.
DevSecOps
An agile and secure software development and operations model.
DevOps
An agile software development and operations model.
service-level agreement (SLA)
An agreement that specifies service levels in terms of the quantity and quality of work, timeliness, and remedies for shortfalls in quality of quantity.
code division multiple access 2000 (CDMA2000)
An airlink standard (updated from CDMA) for wireless communications between mobile devices and base stations.
General Packet Radio Service (GPRS)
An airlink standard for wireless communications between mobile devices and base stations.
Time Division Multiple Access (TDMA)
An airlink standard for wireless communications between mobile devices and base stations.
Universal Mobile Telecommunications System (UMTS)
An airlink standard for wireless communications between mobile devices and base stations.
code division multiple access (CDMA)
An airlink standard for wireless communications between mobile devices and base stations.
hot site
An alternate processing center where backup systems are already running and in some state of near-readiness to assume production workload. The systems at a _________________________ most likely have application software and database management software already loaded and running, perhaps even at the same patch levels as the systems in the primary processing center.
warm site
An alternate processing center where recovery systems are present, but at a lower state of readiness than recovery systems at a hot site. For example, although the same version of the operating system may be running on the warm site system, it may be a few patch levels behind primary systems.
cold site
An alternate processing center where the degree of readiness for recovery systems is low. At the very least, a cold site is nothing more than an empty rack or allocated space on a computer room floor.
prototyping
An alternative software development process whereby rapidly developed application prototypes are developed with user input and continuous involvement.
web-based application
An application design in which the database and all business logic are stored on central servers and user workstations use only web browsers to access the application.
client-server application
An application design in which the database and some business logic are stored on a central server and additional business logic plus display logic are stored on each user's workstation.
Network Access Control (NAC)
An approach for network authentication and access control for devices designed to attach to a LAN or wireless LAN.
zero trust
An architecture model in which a portion of an environment is considered to be untrsuted.
war dialing
An attack designed to discover unprotected remote access modems by dialing phone numbers sequentially and recording those with modems.
scanning attack
An attack on a computer or network with the intention of discovering potentially vulnerable computers or programs.
cryptanalysis
An attack on a cryptosystem whereby the attacker is attempting to determine the encryption key used to encrypt messages.
toll fraud
An attack on a private branch exchange (PBX) that results in stolen long- distance telephone service.
session hijacking
An attack on a user's browser session whereby the attacker intercepts the user's session cookie from an unencrypted wired or wireless network and then uses the cookie to take over the victim's browser session.
war driving
An attack on a wireless network in which attackers intercept and record information about Wi-Fi access points.
man-in-the-browser (MITB) attack
An attack on an end user's browser whereby a malicious browser helper object (BHO) interferes with the browser's operation.
man-in-the-middle (MITM) attack
An attack used to take over communications occurring between two parties. Here, an attacker intercepts communications being sent from one party to another and injects new, altered communications in their place. The attacker must be able to impersonate each party in the communication so that each party believes it is talking directly with the other party.
blackmail
An attempt to extort money from an individual or organization through a threat of exposure.
operational audit
An audit of IS controls, security controls, or business controls to determine control existence and effectiveness.
service provider audit
An audit of a third-party organization that provides services to other organizations.
financial audit
An audit of an accounting system, accounting department processes, and procedures to determine if business controls are sufficient to ensure the integrity of financial statements.
IS audit
An audit of an information systems department's operations and systems.
administrative audit
An audit of operational efficiency.
inquiry and observation
An audit technique whereby an IS auditor asks questions of interviewees and makes observations about personnel behavior and the way they perform work tasks.
corroboration
An audit technique whereby an IS auditor interview additional personnel to confirm the validity of evidence obtained from others who were interviewed previously.
reperformance
An audit technique whereby an IS auditor repeats actual tasks performed by auditees to conform they were performed properly.
integrated audit
An audit that combines an operational audit and a financial audit.
forensic audit
An audit that is performed in support of an anticipated or active legal proceeding.
compliance audit
An audit to determine the level and degree of compliance to a law, regulation, standard, contract provision, or internal control.
continuous auditing
An auditing technique in which sampling and testing are automated and occur continuously.
online inquiry
An auditing technique whereby an auditor can log on to an application to retrieve detailed information on specific transactions.
diameter
An authentication standard that is the successor to RADIUS.
Secure Multipurpose Internet Mail Extensions (S/MIME)
An e-mail security protocol that provides sender and recipient authentication and encryption of message content and attachments.
File Transfer Protocol (FTP)
An early and still widely used TCP/IP application layer protocol used for the batch transfer of files or entire directories from one system to another.
Read-Only Memory (ROM)
An early form of permanent memory that cannot be modified.
digital certificate
An electronic document that contains an identity that is signed with the public key of a certificate authority (CA).
certificate revocation list (CRL)
An electronic list of digital certificates that have been revoked prior to their expiration date.
cipher lock
An electronic or mechanical door equipped with combination locks. Only persons who know the combination may unlock the door.
block cipher
An encryption algorithm that operates on blocks of data.
key encrypting key
An encryption key that is used to encrypt another encryption key.
Secure Sockets Layer (SSL)
An encryption protocol used to encrypt web pages requested with the HTTPS URL. Deprecated by Transport Layer Security (TLS).
Transport Layer Security (TLS)
An encryption protocol used to encrypt web pages requested with the HTTPS URL. Replacement for Secure Sockets Layer (SSL).
Wi-Fi Protected Access (WPA)
An encryption standard for 802.11 wireless networks. The final version of WPA is WPA-2.
Wired Equivalent Privacy (WEP)
An encryption standard for 802.11 wireless networks. ____________ has been compromised and shoudl be replaced with WPA-2.
IT Assurance Framework (ITAF)
An end-to-end framework developed to guide organizations in developing and managing IT assurance and IT audit.
Zachman framework
An enterprise architecture framework used to describe an IT architecture in increasing levels of detail.
index
An entity in a relational database management system that facilitates rapid searching for specific rows in a table based on a field other than the primary key.
Registration Authority (RA)
An entity that works within or alongside a certificate authority (CA) to accept requests for new digital certificates.
Annualized Rate of Occurrence (ARO)
An estimate of the number of times that a threat will occur every year.
expected error rate
An estimate that expresses the percent of errors or exceptions that may exist in an entire population.
security incident
An event in which the confidentiality, integrity, or availability of information (or an information system) has been compromised.
irregularity
An event that represents an action that is contraty to accepted practices or policy.
threat
An event that, if realized, would bring harm to an asset.
pre-audit
An examination of business processes, controls, and records in anticipation of an upcoming audit.
tabletop
An exercise, usually of security incident response plans, that consists of a scripted simulation of an actual incident or event.
business case
An explanation of the expected benefits to the business that will be realized as a result of a program or project.
SAS 70 (Statement of Accounting Standards No. 70)
An external audit of a service provider. An ________ audit is performed according to rules established by the American Institute of Certified Public Accountants (AICPA). Deprecated by SSAE 16 and by SSAE 18.
SSAE 18 (Statements on Standards for Attestation Engagements)
An external audit of a service provider. An ____________ audit is performed according to rules established by the American Institute of Certified Public Accountants (AICPA).
ISAE 3402 (International Standard on Assurance Engagement) audit
An external audit of a service provider. An _________________ audit is performed according to the rules established by the International Auditing and Assurance Standards Board (IAASB).
SSAE 16 (Statements on Standards for Attestation Engagements No. 16)
An external audit of a service provider. ________ has been superseded by SSAE 18.
Universal Serial Bus (USB)
An external bus technology used to connect computers to peripherals such as mice, keyboards, storage devices, printers, scanners, cameras, and network adaptors, However, the ___________ specification contains full networking capabilities, facilitated through the use of a ___________ hub.
user ID
An identifier crated by a system manager and issued to a user for the purpose of identification or authentication.
password
An identifier that is created by a system manager or a user; a secret combination of letters, numbers, and other symbols used to log into an account, system, or network.
known error
An incident that has been seen before, and its root cause is known.
problem
An incident- often multiple incidents- that exhibits common symptoms and whose root cause is not known.
NoSQL
An inclusive term referring to several nonrelational database management system designs.
script kiddie
An inexperienced computer hacker who uses tools developed by others to access computers and networks illegally.
disk management system (DMS)
An information system used to manage disk media, usually for the purpose of performing information backup.
tape management systems (TMS)
An information system used to manage tape media, usually for the purpose of performing information backup.
virtual keyboard
An interactive software program that emulates the use of a physical keyboard. _____________________ are used when key logging is a credible threat.
single sign-on (SSO)
An interconnected environment in which applications are logically connected to a centralized authentication server that is aware of the logged-in/ logged-out status of each user. A user can log in once to the environment; each application and system is aware of a user's log-in status and will not require the user to log in to each one separately.
Metropolitan Area Network (MAN)
An interconnection of LANs that spans a city or regional area.
network-based intrusion detection system (NIDS)
An intrusion detection system that attaches to a network and listens for network-based anomalies.
Host-Based Intrusion Detection System (HIDS)
An intrusion detection system that is installed on a system and watches for anomalies that could be signs of intrusion.
Scrum
An iterative and incremental methodology used for rapid and agile software developement.
Scrumban
An iterative and incremental methodology used for software development. _______ is derived from the terms "Scrum" and "Kanban" (Japanese).
extreme programming (XP)
An iterative software development methodology that consists of short development cycles intended to improve quality and respond to changing requirements.
incident
Any event that is not part of the standard operation of a service and that causes, or may cause, interruption to or a reduction in the quality of that service.
access control
Any means that detects or prevents unauthorized access and that permits authorized access.
multifactor authentication/ strong authentication/ two-factor authentication
Any means used to authenticate a user that is stronger than the use of a user ID and password. Examples include digital certificate, toke, smart card, and biometrics.
virtual private network (VPN)
Any network encapsulation protocol that utilizes authentication and encryption; used primarily for protecting remote access traffic and for protecting traffic between two networks.
instant messaging (IM)
Any of several TCP/IP application layer protocols and tools used to send short text messages over a network.
Data Loss Prevention (DLP)
Any of several methods of gaining visibility and control into the presence and movement of sensitive data.
interprocess communications (IPC)
Any of several protocols used for communications between running processes on one system or between systems.
backup media rotation
Any scheme used to determine how backup media is to be reused.
computer-assisted audit technique (CAAT)
Any techniques by which computers used to automate or simplify the audit process.
Digital Rights Management (DRM)
Any technology used to control the distribution and use of electronic content.
test server
Any type of server that is used to test features; a test server does not perform production tasks.
key compromise
Any unauthorized disclosure or damage to an encryption key.
biometrics
Any use of a machine-readable characteristic of a user's body that uniquely identifies the user. _____________ can be used for strong authentication. Types of ______________ include voice recognition, fingerprint, hand scan, palm vein scan, iris scan, retina scan, facial scan, and handwriting.
Generalized Audit Software (GAS)
Audit software that is designed to read data directly from database platforms and flat files.
optical carrier (OC) level
Classifications of data throughput over wide area fiber telecommunications networks.
barbed wire
Coiled or straight wire with sharp barbs that may be placed along the top of a fence or wall to prevent or deter passage by unauthorized personnel.
razor wire
Coiled wire with razorlike barbs that may be placed along the top of a fence or wall to prevent or deter passage by unauthorized personnel.
audit hook
Components in software applications used to provide additional transaction monitoring and to create alerts when certain events occur.
administrative contol
Controls in the form of policies, processes, procedures, and standards.
General Computing Controls (GCC)
Controls that are general in nature and implemented across most or all information systems and applications.
physical control
Controls that employ physical means.
input authorization
Controls that ensure that all data input into an information system is authorized by management.
output controls
Controls that ensure the accuracy and validity of final calculations and transformations.
processing controls
Controls that ensure the correct processing of information.
data file controls
Controls that ensure the security and integrity of data files and their contents.
input validation
Controls that ensure the type and values of information that are input into a system are appropriate and reasonable.
automated workpapers
Data that has been captured by computer-assisted audit techniques.
structured data
Data that resides in database management systems and in other forms, as part of information systems and business applications.
unstructured data
Data that resides on end-user workstations and network files shares, usually as a result of the creation of reports and extracts.
sabotage
Deliberate damage of an organization's asset.
chain of custody
Documentation that shows the acquisition, storage, control, and analysis of evidence. The ________________ may be needed if the evidence is to be used in a legal proceeding.
records
Documents describing business events such as meeting minutes, contracts, financial transactions, decisions, purchase orders, logs, and reports.
guard dogs
Dogs that assist security guards and that can be used to apprehend and control trespassers.
requirements
Formal statements that describe required (and desired) characteristics of a system that is to be changed, developed, or acquired.
business functional requirements
Formal statements that describe required business functions that a system must support.
privacy requirements
Formal statements that describe required privacy safeguards that a system must support.
disaster recovery and business continuity requirements
Formal statements that describe required recoverability and continuity characteristics that a system must support.
security requirements
Formal statements that describe the required security characteristics that a system must support.
technical requirements
Formal statements that describe the required technical characteristics that a system must support.
regulatory requirements
Formal statements, derived from laws and regulations, that describe the required characteristics a system must support.
error handling
Functions that are performed when errors in processing are encountered.
risk
Generally, the fact that undesired events can happen that may damage property or disrupt operations; specifically, an event scenario that can result in property damage or disruption.
crash gate
Hard barriers that lift into position to prevent the entry (or exit) of unauthorized vehicles and that can be lowered to permit authorized vehicles.
algorithm
In cryptography, a specific mathematical formula that is used to perform encryption, decryption, message digests, and digital signatures.
materiality
In financial audits, a dollar-amount threshold that alters the results on an organization's financial statements. In IS audits, materiality is the threshold at which serious errors, omissions, irregularities, or illegal acts could occur.
evidence
Information gathered by the auditor that provides proof that a control exists and is being operated.
recovery procedure
Instructions that key personnel use to bootstrap services that support critical business functions identified in the business impact assessment (BIA).
disaster declaration procedure
Instructions to determine whether to declare a disaster and trigger response and recovery operations.
evacuation procedure
Instructions to evacuate a work facility safely in the event of a fire, earthquake, or other disaster.
physical layer
Layer 1 of the OSI network model.
link layer
Layer 1 of the TCP/IP network model. The purpose of the link layer is the delivery of messages (usually called frames) from one station to another on a local network.
data link layer
Layer 2 of the OSI model network model.
Intenet layer (TCP/IP model)
Layer 2 of the TCP/IP network model. The purpose of the Internet layer is the delivery of messages (called packets) from one station to another on the same network or on different networks.
network layer
Layer 3 of the OSI network model
transport layer (TCP/IP model)
Layer 3 of the TCP/IP network model. The purpose of the transport layer is the controlled and ordered delivery of messages (Called packets) from one application on a station to another on the same network or on different networks.
transport layer (OSI model)
Layer 4 of the OSI network model.
application layer (TCP/IP model)
Layer 4 of the TCP/ IP network model. The purpose of this layer is the delivery of messages from one process to another on the same network or on different networks.
session layer
Layer 5 of the OSI network model.
presentation layer
Layer 6 of the OSI network model.
application layer (OSI model)
Layer 7 of the OSI network model.
destructware
Malware that intentionally destroys information or information systems.
ransomware
Malware that performs some malicious action, requiring payment from the victim to reverse the action. Such actions include data erasure, data encryption, and system damage.
problem management
The IT function that analyzes chronic incidents and seeks to resolve them, and also enacts proactive measures in a n effort to avoid problems.
financial management
Management for IT services that consists of several activities, including budgeting, capital investment, expense management, project accounting, and project ROI.
IT governance
Management's control over IT policy and processes.
security governance
Management's control over an organization's security program.
governance
Management's control over policy and processes.
Key Performance Indicators (KPI)
Measure of business processes' performance and quality, used to reveal trends related to efficiency and effectiveness of key processes in the organization.
east-west traffic
Network traffic moving between and among a tier of servers, between servers within a single virtualization environment, or within a data center.
north-south traffic
Network traffic that crosses virtual server boundaries, server tier boundaries, or data center boundaries.
Media Access Control (MAC) address
Node addressing used on an Ethernet network in which the address is expressed as a six-byte hexadecimal value. A typical address is displayed in a notation separated by colons or dashes, such as F0:E3:67:AB:98:02.
primary key
One of the fields in a table in a relational database management system that contains values that are unique for each record (row).
nearshore outsourcing
Outsourced personnel are located in a nearby country.
onshore outsourcing
Outsourced personnel are located in the same country.
electronic protected health information (ePHI)
Patient-related healthcare information in electronic form, as defined by the U.S. Healthcare Insurance Portability and Accountability Act (HIPAA).
security guards
Personnel who control passage at entry points or roam building premises looking for security issues such as unescorted visitors.
smishing
Phishing in the context of instant messaging.
spear phishing
Phishing that is specially crafter for a specific target organization or group.
data classification policy
Policy that defines sensitivity levels and handling procedures for information.
site classification policy
Policy that defines sensitivity levels, security controls, and security procedures for information processing sites and work centers.
system classification policy
Policy that specifies levels of security for systems storing classified information.
incident prevention
Proactive steps taken to reduce the probability and/or impact of security incidents.
ISACA audit guidelines
Published documents that help the IS auditor apply ISACA audit standards.
ISACA audit procedures
Published documents that provide sample procedures for performing various audit activities and for auditing various types of technologies and systems.
Voice over IP (VoIP)
Several technologies that permit telephony transported over IP networks.
agile developement
Software development process whereby a large project team is broken up into smaller teams, and project deliverables are broken up into smaller pieces, each of which can be attained in a few weeks.
File Activity Monitoring (FAM)
Software that detects accesses to sensitive files, usually operating system files.
File Integrity Monitoring (FIM)
Software that detects tampering with sensitive files, usually operating system files.
antivirus software
Software that is designed to detect and remove viruses and other forms of malware.
anti-malware
Software that uses various mean to detect and block malware.
hacker
Someone who interferes with or accesses another's computer without authorization.
spim
Spam in the context of instant messaging.
whaling
Spear phishing that targets executives and other high-value and high-privilege individuals in an organization.
functional requirements
Statements that describe required characteristics that software must have to support business needs.
audit data analytics
Techniques used to examine audit evidence computationally to assist auditors in determining control effectiveness.
loopback address
The IP address 127.0.0.1 (or any other address in the entire 127 address block). A packet sent to a loopback address is snet to the station at which it originated.
configuration management
The IT function in which the configuration of components in an IT environment is independently recorded. _________________________ is usually supported by the use of automated tools that inventory and control system configurations.
incident management
The IT function that analyzes service outages, service slowdowns, security incidents, and software bugs, and seeks to resolve them to restore normal service.
service-level management
The IT function that confirms whether IT is providing adequate service to its customers. This is accomplished through continuous monitoring and periodic review of IT service delivery.
availability management
The IT function that consists of activities concerned with the availability of IT applications and services.
service continuity management
The IT function that consists of activities concerned with the organization's ability to continue providing services, primarily in the event that a natural or man-made disaster has occurred.
capacity management
The IT function that consists of activities that confirm that there is sufficient capacity in IT systems and IT processes to meet service needs. Primarily, an IT system or process has sufficient capacity if its performance falls within an acceptable range, as specified in service-level agreements (SLAs).
release management
The IT function that controls the release of software programs, applications, nd environments.
service desk
The IT function that handles incidents and service requests on behalf of customers by acting as a single point of contact.
change management
The IT function that is used to control changes made to an IT environment.
release process
The IT process whereby changes to software programs, applications, and environments are requested, reviewed, approved, and implemented.
marking
The act of affixing a classification label to a document.
spoofing
The act of changing the configuration of a device or system in an attempt to masquerade as a different, known, and trusted system or user.
remote destruct
The act of commanding a device, such as a laptop computer or mobile device, to destroy stored data. Remote destruct is sometimes used when a device is lost or stolen to prevent anyone from being able to read data stored on the device.
encryption
The act of hiding sensitive information in plain sight. ____________ works by scrambling the characters in a message, using a method known only to the sender and receiver, to make the message useless to anyone who intercepts the message.
data acquisition
The act of obtaining data for later use in a forensic investigation.
password reuse
The act of reusing a prior password for a user account. Some information systems can prevent the use of prior passwords in case any were compromised with out without the user's knowledge.
eavesdropping
The act of secretly intercepting and recording a voice or data transmission.
espionage
The act of spying on an organization.
social engineering
The act of using deception to trick an individual into revealing secrets.
method
The actions that an object can perform.
project palnning
The activities related to the development and management of a project.
Continuity of Operations Plan (COOP)
The activities required to continue critical and strategic business functions at an alternate site.
business continuity planning (BCP)
The activities required to ensure the continuation of critical business processes.
business recovery plan
The activities required to recover and resume critical business processes and activities.
disaster recovery plan
The activities required to restore critical IT systems and other critical assets, whether in alternate or primary locations.
project management
The activities that are used to control, measure, and manage the activities in a project.
threat modeling
The activity of looking for potential threats in a business process, an information system, or a software application.
identity management
The activity of managing the identity of each employee, contractor, temporary worker, and, optionally, customer, in a single environment or multiple environments.
debugging
The activity of searching for the cause of malfunction in programs or systems.
impact
The actual or expected result from some action such as a threat or disaster.
information security management
The aggregation of policies, processes, procedures, and activities to ensure that an organization's security policy is effective.
risk tolerance
The amount of variation from the risk appetite that an organization is willing to accept in a particular situation.
humidity
The amount of water moisture in the air.
impact analysis
The analysis of a threat and the impact it would have if it were realized.
probability analysis
The analysis of a threat and the probability of its realization.
forensics
The application of procedures and tools during an investigation of a computer or network-related event.
malware
The broad class of programs designed to inflict harm on computers, networks, or information. Types of malware include viruses, worms, Trojan horses, spyware, and rootkits.
utility software
The broad class of programs that support the development or use of networks, systems, applications. ____________________________ is most often used by IT specialists who responsibilities include some aspect of system development, support, or operations.
password complexity
The characteristics required of user account passwords. For example, a password may not contain dictionary words and must contain uppercase letters, lowercase letters, numbers, and symbols.
project schedule
The chart of tasks in a project with their expected start and completion dates.
project plan
The chart of tasks in a project, which also includes start and completion dates, resources required, and dependencies and relationships between tasks.
sourcing
The choices that organizations make when selecting the personnel who will perform functions and where those functions will be performed.
Information Security Management System (ISMS)
The collection of activities for managing information security, as defined by ISO/IEC 27001.
infrastructure
The collection of networks, network services, devices, facilities, and system software that facilitates access to, communications with, and protection of business applications.
assets
The collection of property that is owned by an organization.
Public-Switched Telephone Network (PSTN)
The common carrier-switched telephone network used to carry voice telephone calls over landlines.
Wi-Fi
The common name for a wireless LAN protocol.
least privilege
The concept by which an individual user should have the lowest privilege possible that will still enable him or her to perform necessary tasks.
split custody
The concept of splitting knowledge of a specific object or task between two persons.
segregation of duties/ separation of duties
The concept that ensures single individuals do not possess excess privileges that could result in unauthorized activities such as fraud or the manipulation or exposure of sensitive data.
disaster declaration criteria
The conditions that must be present to declare a disaster, triggering response and recovery operations.
Transmission Control Protocol (TCP)
The connection-oriented protocol used in the TCP/IP suite of protocols to establish a connection and transport messages from one station to another over a network during a communication session.
user datagram protocol (UDP)
The connectionless protocol used in the TCP/IP suite of protocols used to transport messages from one station to another over a network.
monitoring
The continuous or regular evaluation of a system or control to determine its operation or effectiveness.
digital transformation (DX)
The creative use of information technology to support business operations and solve business problems.
IS operations
The day-to-day control of the information systems, applications, and infrastructure that support organizational objectives and processes.
risk treatment
The decision to manage an identified risk. The available choices are mitigate the risk, avoid the risk, transfer the risk, or accept the risk.
network segmentation
The design process that results in the creation of network security zones, which are defined and controlled by firewalls or other stateful ACLs that limit access between zones.
Systems control audit review file and embedded audit modules (SCARF/EAM)
The development and embedding of specialized audit software directly into production applications.
Annualized Loss Expectancy (ALE)
The expected loss of asset value due to threat realization. ________ is defined as single loss expectancy (SLE) x annualized rate of occurrence (ARO).
NT File System (NTFS)
The file system used by Windows operating system to store and retrieve files on a hard disk.
audit report
The final, written product of an audit. An ______________________ will include a description of the purpose, scope, and type of audit performed; persons interviewed; evidence collected; rates and methods of sampling; and findings on the existence and effectiveness of each control.
exposure factor (EF)
The financial loss that results from the realization of a threat, expressed as a percentage of the asset's total value.
Single Loss Expectancy (SLE)
The financial loss when a threat is realized on time. ________ = asset value (AV) x exposure factor (EF)
security incident response
The formal, planned response that is enacted when a security incident has occurred.
TCP/IP network model
The four-layer network model that incorporates encapsulation of messages. The TCP/IP suite of protocols is built on the TCP/IP network model.
change advisory board
The group of stakeholders from IT and business that propose, discuss, and approve changes to IT systems.
tolerable error rate
The highest number of errors that can exist without a result being materially misstated.
broadcast address
The highest numeric IP address in an IP subnet. When a packet is sent to the network's broadcast address, all active stations on the network will receive it.
documentation
The inclusive term that describes charters, processes, procedures, standards, requirements, and other written documents.
key generation
The initial generation of an encryption key.
fraud
The intentional deception made for personal gain or for damage to another party.
campus area network (CAN)
The interconnection of LANs for an organization that has buildings in close proximity.
Internet
The interconnection of the world's TCP/IP networks.
supercomputer
The largest type of computer that is capable of performing large, complex calculations such as weather forecasting and earthquake simulations.
risk appetite
The level of risk that an organization is willing to accept while in pursuit of its mission, strategy, and objectives, and before action is needed to treat or manage the risk.
business process life cycle (BPLC)
The life cycle process concerned with the development and maintenance of business processes.
system development life cycle (SDLC)
The life cycle process used to develop or acquire and maintain information systems. Also known as software development life cycle.
test plan
The list of tests that are to be carried out during a unit test or system test.
central processing unit (CPU)
The main hardware component of a computer that executes program instructions.
risk management
The management activities used to identify, analyze, and treat risks.
program management
The management of a group of projects that exist to fulfill a business goal or objective.
password length
The minimum and maximum number of characters permitted for a user password associated with a computer, network, application, or system account.
ISACA audit standards
The minimum standards of performance related to security, audits, and the actions that result from audits. The standards are published by ISACA and updated periodically. ISACA audit standards are considered mandatory.
enterprise architecture
The model used to map business functions into the IT environment and IT systems in increasing levels of detail, with activities that ensure important business needs are met by IT systems.
Dynamic Random Access Memory (DRAM)
The most common form of semiconductor memory by which data is stored in capacitors that require periodic refreshing.
Internet Protocol (IP)
The network layer protocol used in the TCP/IP suite of protocols. _______ is concerned with the delivery of packets from one station to another, whether the stations are on the same network or on different networks.
Session Initiation Protocol (SIP)
The network protocol used to set up and tear down Voice over IP (VoIP) and other communications connections.
Infrared Data Association (IrDA)
The organization that has developed technical standards for point-to-point data communications using infrared light. _____________ has largely been replaced with Bluetooth and USB.
network architecture
The overall design of an organization's network.
physical network architecture
The part of network architecture concerned with the physical locations of network equipment and network media.
data flow architecture
The part of network architecture that is closely related to application and data architecture.
Arithmetic Logic Unit (ALU)
The part of the central processing unit that performs arithmetic computations.
logical network architecture
The part of the network architecture concerned with the depiction of network communications at a local, campus, regional, and global level.
Recovery Time Objective (RTO)
The period of time from the onset of an outage until the resumption of service. ________ is usually measured in hours or days.
audit program
The plan for conducting audits over a long period.
cross-over error rate
The point at which the false reject rate equals the false accept rate. This is the ideal point for a well-tuned biometric system.
key custody
The policies, processes, and procedures regarding the management of keys.
system testing
The portion of software testing in which an entire system is tested.
user acceptance testing (UAT)
The portion of software testing in which end users test software programs for correct functional operation and usability.
functional testing
The portion of software testing in which functional requirements are verified.
unit testing
The portion of software testing in which individual modules are tested.
segmentation
The practice of dividing a network into two or more security zones, with network access controls restricting and monitoring traffic between those zones.
bug sweeping
The practice of electronically searching for covert listening devices.
N + 1
The practice of employing one more than the minimum required number of systems so that in the event of a planned or unplanned outage of one of the systems, the other systems will continue functioning and provide service. This term usually applies to HVAC, UPS, and electric generators.
tunneling
The practice of encapsulating messages within another protocol.
cryptography
The practice of hiding information from unauthorized persons.
war chalking
The practice of marking building (using chalk) with symbols to indicate the presence of a Wi-Fi access points.
benchmarking
The practice of measuring a process in order to compare its performance and quality with the same process as performed by another firm. The purpose is to discover opportunities for improvement that may result in lower cost, fewer resources, and higher quality.
job rotation
The practice of moving personnel from position to position, sometimes with little or no notice, as a means for deterring personnel from engaging in prohibited or illegal practices.
audit procedures
The step-by-step instructions and checklists required to perform specific audit activities. ___________________ may include a list of people to interview and questions to ask them, evidence to request, audit tools to use, sampling rates, where and how evidence will be archived, and how evidence will be evaluated.
AppleTalk
The suite of protocols developed by Apple Inc. that are used to transmit packets from one station to another over a network.
sample mean
The sum of all samples divided by the number of samples.
hardening/ system hardening
The technique of configuring a system so that only its essential services and features are active and all others are deactivated. This helps to reduce the attack surface of a system to its essential components only.
source code management
The techniques and tools used to manage application source code.
version control
The techniques and tools used to manage different versions of source code files.
information leakage
The tendency for sensitive information to leak out of an organization's databases through various means, most of which are perpetrated by the organization's personnel.
segment
The term used to identify the protocol data unit (PDU) in the TCP of the TCP/IP suite of protocols.
Recovery Point Objective (RPO)
The time during which recent data will be irretrievably lost in a disaster. ___________ is usually measured in hours or days.
emergency response
The urgent activities that immediately follow a disaster, including evacuation of personnel, first aid, triage of injured personnel, and possibly firefighting.
reduced sign-on
The use of centralized directory service (such as LDAP or Microsoft Active Directory) for authentication into systems and applications. Users will need to log in to each system and application, using only one set of login credentials.
dual power feeds
The use of two physically separate electric power feeds into a facility.
video surveillance
The use of video cameras, monitors, and recording systems to record the movement of persons in or near sensitive areas.
Asset Value (AV)
The value of an IT asset, which is usually (but not necessarily) the asset's replacement value.
key managment
The various processes and procedures used by an organization to generate, protect, use, and dispose of encryption keys over their lifetime.
802.11
The wireless network standard, commonly known as Wi-Fi, that can transport data up to 108 Mbit/ sec up to a distance of 300 meters.
hardware monitoring
Tools and processes used continuously to observe the health, performance, and capacity of one or more computers.
computer trespass
Unlawful entry into a computer or application.
spam
Unsolicited and unwanted e-mail.
hypervisor
Virtualization software that facilitates the operation of one ore more virtual machines.
ALE = Single Loss Expectancy (SLE) x Annualized Rate of Occurance (ARO)
What is the formula for Annualized Loss Expectancy (ALE)?