Cisa Glossary Combined

8/11/2019 Cisa Glossary Combined

http://slidepdf.com/reader/full/cisa-glossary-combined 1/69

CISA DECEMBER, 2007 BATCH

Glossary of Terms

Note : It is mandatory that you understand each and every term given below before you attempt your

CISA Eamination on !th "ecember# $%%&' (e epect concepts clarity on your part' (e advise you to

understand the concepts better rather epecting )uestions from the *anual or +uestion ,an-'

Definition

Abend An abnormal end to a computer ob termination of a ta!" prior to it! completion

becau!e of an error condition t#at cannot be re!ol$ed b% reco$er% facilitie! &#ile

t#e ta!" i! e'ecutin()

Accept *a di(ital

!i(nature certificate+

To demon!trate appro$al of a Di(ital Si(nature Certificate b% a Di(ital Si(nature

Certificate applicant &#ile "no&in( or #a$in( notice of it! informational content!)

Acce!! ainin( entr% into, in!tructin( or communicatin( &it# t#e lo(ical, arit#metical, or

memor% function re!ource! of a computer, computer !%!tem or computer net&or"-

Acce!! control T#e proce!! t#at limit! and control acce!! to re!ource of a compan% !%!tem a

lo(ical or p#%!ical control de!i(ned to protect a(ain!t unaut#ori.ed entr% or u!e)Acce!! control can be defined b% t#e !%!tem *mandator% acce!! control, or MAC+

or defined b% t#e u!er &#o o&n/! t#e obect *di!cretionar% acce!! control, or DAC+)

T#e proce!! of limitin( acce!! to t#e re!ource! of a computer !%!tem onl% to

aut#ori.ed u!er!, pro(ram! or ot#er computer !%!tem!)

Acce!! control

li!t*AC+

Al!o referred to a! acce!! control table!, t#i! i! an internal computeri.ed table of

acce!! rule! re(ardin( t#e le$el! of computer acce!!)

Acce!! control Table An internal computeri.ed table of acce!! rule! re(ardin( t#e le$el! of computer

acce!! permitted to lo(on ID/! and computer terminal!)

Acce!! met#od T#e tec#ni1ue u!ed for !electin( record! in file, one at time, for proce!!in(,

retrie$al or !tora(e) T#e acce!! met#od i! related to, but di!tinct from, t#e fileor(ani.ation, &#ic# determine! #o& t#e record! or !tored)

Acce!! pat# T#e lo(ical route an end u!er ta"e! to acce!! computeri.ed information) T%picall%,

it include! a route t#rou(# t#e operatin( !%!tem, telecommunication !oft&are,!elected application !oft&are and t#e acce!! control !%!tem)

Acce!! ri(#t! Al!o called permi!!ion or pri$ile(e!, t#e!e are t#e ri(#t! (ranted to u!er! b% t#eadmini!trator or !uper$i!or) Acce!! ri(#t! determine t#e action u!er! can perform

*E), read, &rite, e'ecute, create and delete on file! in !#ared $olume! or file!

!#are! on t#e !er$er)

Acce!! !er$er ro$ide! centrali.ed acce!! control for mana(in( remote acce!! dial3up !er$ice!

Accountabilit% T#e abilit% to map a (i$en acti$it% or e$ent bac" to t#e re!pon!ible part%

Accreditation A formal declaration b% t#e Competent Aut#oritie! t#at a particular information

!%!tem, profe!!ional or ot#er emplo%ee or contractor, or or(ani.ation i! appro$ed to perform certain dutie! and to operate in a !pecific !ecurit% mode, u!in( a pre!cribed

!et of !afe(uard!

AC4*Ac"no&led(ement

+

A! fla( !et in a pac"et to indicate to t#e !ender t#at t#e pre$iou! pac"et !ent &a!

accepted correctl% b% t#e recei$er &it#out error!, or t#at t#e recei$er i! no& read%

to accept tran!mi!!ion

Acti$e reco$er%

!ite*mirrored+

Reco$er% !trate(% t#at in$ol$e! t&o acti$e !ite!) Eac# capable of ta"in( o$er t#e

ot#er/! &or"load in t#e e$ent of a di!a!ter) Eac# !ite &ill #a$e enou(# idle

proce!!in( po&er to re!tore data from t#e ot#er !ite and to accommodate t#e e'ce!!&or"load in t#e e$ent of a di!a!ter

5




Acti$e re!pon!e A re!pon!e, in &#ic# t#e !%!tem *automaticall% or in correct &it# t#e u!er bloc"! or

ot#er&i!e affect! t#e pro(re!! of a detected attac") T#e re!pon!e ta"e! one of t#ree

form!3amendin( t#e en$ironment) Collectin( more information or !tri"in( bac" a(ain!t t#e u!er

Addre!! T#e code u!ed to de!i(n t#e location of a !pecific piece of data &it#in computer !tora(e

Addre!! !pace T#e number of di!tinct location t#at ma% be referred to &it# t#e mac#ine addre!!)

6or mo!t binar% mac#ine, it i! e1ual to 2n) &#ere n i! t#e number of bit! in t#emac#ine addre!!

Addre!!ee A per!on &#o i! intended b% t#e ori(inator to recei$e t#e electronic record but doe!not include an% intermediar%

Addre!!in( T#e met#od u!ed to identif% t#e location of t#e participant in a net&or") Ideall%,addre!!in( !pecifie! &#ere t#e participant i! located rat#er t#an &#o t#ere

are*name+ or #o& to (et t#ere*routin(+

Adu!tin( period T#e calendar can contain real8 accountin( period! and9or adu!tin( account

period!) T#e real8 accountin( period! mu!t not o$erlap, and cannot #a$e an% (ap!

bet&een real8 accountin( period) Adu!tin( accountin( period! can o$erlap &it#

ot#er accountin( period!) 6or e'ample, a period called DEC3:; can be defined t#at

include! 053DEC35::; t#rou(# ;53DEC35::;) An adu!tin( period called DEC;53:; can al!o be defined t#at include! onl% one da%< ;53DEC35::;

Admini!trati$e control T#e action9control dealin( &it# operational effecti$ene!!, efficienc% and ad#erence

to re(ulation and mana(ement policie!

Ad&are An% !oft&are pac"a(e t#at automaticall% pla%! di!pla%! or do&nload! ad$erti!in(

material to a computer after t#e !oft&are i! in!talled on it or &#ile t#e application i!

bein( u!ed) In mo!t ca!e!, t#i! i! done &it#out an% notification to t#e u!er or u!er/!con!ent) T#e term ad&are ma% al!o refer to !oft&are t#at di!pla%! ad$erti!ement!,

&#et#er or not it doe! !o &it# t#e u!er/! con!ent< !uc# pro(ram di!pla%!

ad$erti!ement a! an alternati$e to !#are re(i!tration fee!) T#e!e are cla!!ified a!

ad&are8 in t#e !en!e of ad$erti!in( =!upported, but not a! !p% &are, Ad&are in

t#i! form doe! not operate !urreptitiou!l% or mi!lead t#e u!er, and pro$ide! t#e u!er &it# a !pecific !er$ice)

Affiliated Certificate A certificate i!!ued to an affiliated indi$idual *See also affiliated indi$idual+

Affirm 9 Affirmation To !tate or indicate b% conduct t#at data i! correct or information i! true

Affi'in( Di(italSi(nature

>it# it! (rammatical $ariation! and co(nate e'pre!!ion! mean! adoption of an%met#odolo(% or procedure b% a per!on for t#e purpo!e of aut#enticatin( an

electronic record b% mean! of di(ital !i(nature

Alia! A p!eudon%m

Alp#a T#e u!e of alp#abetic c#aracter or an alp#abetic c#aracter !trin(

Alternati$e routin( A !er$ice t#at allo&! t#e option of #a$in( an alternate route to complete a call &#en

t#e mar"ed de!tination i! not a$ailable) In !i(nalin(, alternate routin( i! t#e proce!!!ub!titute route! for a (i$en !i(nalin( traffic !tream in ca!e of failure*!+ affectin(

t#e normal !i(nalin( lin"! or route! of t#at traffic !tream)

Analo( A tran!mi!!ion !i(nal t#at $arie! continuou!l% in amplitude and time and i!

(enerated in &a$e formation) Analo( !i(nal! are u!ed in telecommunication)

American Standard

Code 6or Information

Interc#an(e

See ASCII)

2




Anomal% ?nu!ual or !tati!ticall% rare)

Anomal% detection Detection on t#e ba!i! of &#et#er t#e !%!tem acti$it% matc#ed t#at defined a!abnormal)

Anon%mit% T#e 1ualit% or !tate of not bein( named or identified)

Anon%mou! 6ile

Tran!fer rotocol*6T+

A met#od for do&nloadin( public file! u!in( file tran!fer protocol *6T+)

Anon%mou! 6T i! called anon%mou! becau!e u!er! do not need to identif%t#em!el$e! before acce!!in( file! from a particular !e$er) I n (eneral, u!er enter! t#e

&ord anon%mou! &#en t#e #o!t prompt! for a u!ername< an%t#in( can be for t#e pa!!&ord, !uc# a! t#e u!er/! e3mail addre!! or !impl% t#e &ord (ue!t) In man%

ca!e!, an anon%mou! 6T !ite &ill not e$en prompt u!er! for a name and pa!!&ord)

Anti$iru! !oft&are Application! t#at detect!, pre$ent and po!!ibl% remo$e all "no&n $iru!e! from file!

located in a micro computer)

Applet A pro(ram &ritten in a portable, platform independent computer lan(ua(e, !uc# a!

a$a, @a$aScript or $i!ual ba!ic) It #i! u!uall% embedded in an HTM pa(edo&nloaded from &eb !er$er and t#en e'ecuted b% a bro&!er on client mac#ine! to

run an% &eb3ba!ed application*e)(), (enerate &eb pa(e input form!, run

audio9$ideo pro(ram!, etc)+) Applet! can onl% perform a re!tricted !et of operation!,

t#u! pre$entin(, or at lea!t minimi.in(, t#e po!!ible !ecurit% compromi!e of t#e

#o!t computer!) Ho&e$er, applet! e'po!e t#e u!er/! mac#ine to ri!"!, if not properl% controlled b% t#e bro&!er, &#ic# !#ould not allo& an applet to acce!! a

mac#ine/! information, &it#out prior aut#ori.ation of t#e u!er)

Application A computer pro(ram or !et of pro(ram! t#at perform! t#e proce!!in( of record! for

a !pecific function)

Application ac1ui!ition An e$aluation of an application !%!tem bein( ac1uired or e$aluated) >#ic#

con!ider! !uc# matter! a!< appropriate control! are de!i(ned into t#e !%!tem< t#eapplication &ill proce!! information in a complete, accurate and reliable manner<

t#e application &ill function a! intended< t#e application &ill function in

compliance &it# an% applicable !tatutor% pro$i!ion!< t#e !%!tem i! re1uired in

compliance &it# t#e e!tabli!# !%!tem ac1ui!ition proce!!)

Refer to t#e tran!action and data relatin( to eac# computer3ba!ed application !%!temand are, t#erefore, !pecific to eac# !uc# application) T#e obecti$e! of applicationcontrol!, &#ic# ma% be manual or pro(rammed) Are to en!ure t#e completene!! and

accurac% of t#e record! and t#e $alidit% of t#e entrie! made t#erein, re!ultin( from

bot# manual and pro(rammed proce!!in() E'ample! of application control includedata input $alidation, a(reement of batc# total! and encr%ption of data tran!mitted)

Application

De$elopment Re$ie&

An e$aluation of an application !%!tem under de$elopment &#ic# con!ider! matter!

!uc# a!< appropriate control! are

Application la%er A la%er &it#in t#e International r(ani.ation for !tandardi.ation *IS+ pen!%!tem! Interconnection *SI+ model it i! u!ed in information tran!fer! bet&een

u!er! t#rou(# application pro(ram! and ot#er de$ice!) In t#i! la%er, $ariou! protocol! are needed) Some of t#em are !pecific to certain application!, and ot#er!

are more (eneral for net&or" !er$ice!)

Application

maintenance re$ie&

An e$aluation of an% part of a proect to perform maintenance on an application

!%!tem*e)()) proect mana(ement, te!t plan!) u!er acceptance te!tin( procedure!+

;




Application pro(ram A pro(ram t#at proce!!e! bu!ine!! data t#rou(# acti$itie! !uc# a! data entr%, update

or 1uer%) It contra!t! &it# !%!tem! pro(ram!) Suc# a! an operatin( !%!tem or

net&or" control pro(ram!, and &it# utilit% pro(ram!, !uc# a! cop% or !ort)

Application pro(rammin(

T#e act or function of de$elopin( and maintainin( application! pro(ram! in production

Application pro(rammin(

interface*AI+

A !et of routine!, protocol! and tool! referred to a! buildin( bloc"!8 u!ed in bu!ine!! application !oft&are de$elopment) A (ood AI ma"e! it ea!ier to de$elop a

pro(ram b% pro$idin( all t#e buildin( bloc"! related to functional c#aracteri!tic! of

an operatin( !%!tem t#at application! need to !pecif%, for e'ample, &#en interfacin(&it# t#e operatin( !%!tem *e)(), pro$ided b% MS &indo&!, different $er!ion! of

?I+) A pro(rammer &ould utili.e t#e!e AI! in de$elopin( application! t#at can

operate effecti$el% and efficientl% on t#e platform c#o!en)

Application pro'% A pro'% !er$ice t#at connect! pro(ram! runnin( on internal net&or"! to !er$ice! on

e'terior net&or"! b% creatin( t&o connection!, one from t#e re1ue!tin( client and

anot#er to t#e de!tination !er$ice

Application !ecurit% Refer! to t#e !ecurit% a!pect! !upported b% t#e ER, primaril% &it# re(ard to t#e

role! or re!pon!ibilitie! and audit trail! &it#in t#e application!

Application Soft&are A !oft&are t#at i! !pecific to t#e !olution of an application problem It i! t#e !oft&are

coded b% or for an end u!er t#at perform! a !er$ice or relate! to t#e u!er/! &or"

Application !oft&are

tracin( and mappin(

Speciali.ed tool! t#at can be u!ed to anal%.e t#e flo& of data, t#rou(# t#e

proce!!in( lo(ic of t#e application !oft&are, and document t#e lo(ic, pat#!, controlcondition! and proce!!in( !e1uence!) Bot# t#e command lan(ua(e or ob control

!tatement! and pro(rammin( lan(ua(e can be anal%.ed) T#i! tec#ni1ue include!

pro(ram9!%!tem mappin(, tracin(, !nap!#ot!, parallel !imulation! and codecompari!on!)

Application S%!tem An inte(rated !et of computer pro(ram! de!i(ned to !er$e a particular function t#at

#a! !pecific input, proce!!in( and output acti$itie! *e)(), (eneral led(er,manufacturin( re!ource plannin(, #uman re!ource mana(ement+)

A famil% of product! de!i(ned to offer !olution! for commercial data proce!!in(,office, and communication! en$ironment!, a! &ell a! to pro$ide !imple, con!i!tent

pro(rammer and end u!er interface! for bu!ine!!e! of all !i.e!)

Arc#i$e To !tore record! and a!!ociated ournal! for a (i$en period of time for !ecurit%,

bac"up, or auditin( purpo!e!)

Arit#metic lo(ic unit

*A?+

T#e area of t#e central proce!!in( unit t#at perform! mat#ematical and anal%tical

operation!

Artificial intelli(ence Ad$anced computer !%!tem! t#at can !imulate #uman capabilitie!, !uc# a! anal%!i!,

ba!ed on a predetermined !et of rule!




ASCII*American

Standard Code for

Information Interc#an(e

Repre!entin( 52c#aracter!m t#e ASCII code normall% u!e! 7 bit!) Ho&e$er, !ome

$ariation! of t#e ASCII code !et allo& 3 bit ASCII code allo&! 2FG c#aracter! to be

repre!ented)

AS9MS *applicationor mana(ed !er$ice pro$ider+

A t#ird part% t#at deli$er! and mana(e! application! and computer !er$ice!,includin( !ecurit% !er$ice! to multiple u!er! $ia t#e internet or a pri$ate net&or"

A!!embler A pro(ram t#at ta"e! a! input a pro(ram &ritten in a!!embl% lan(ua(e and tran!late!

it into mac#ine code or mac#ine lan(ua(e

A!!embl% lan(ua(e A lo&3le$el computer pro(rammin( lan(ua(e &#ic# u!e! !%mbolic code and produce! mac#ine in!truction!

A!!urance! Statement! or conduct intended to con$e% a (eneral intention, !upported b% a (ood3fait# effort, to pro$ide and maintain a !pecified !er$ice A!!urance!8 doe! not

nece!!aril% impl% a (uarantee t#at t#e !er$ice! &ill be performed full% and!ati!factoril% A!!urance! are di!tinct from in!urance, promi!e!, (uarantee!, and

&arrantie!, unle!! ot#er&i!e e'pre!!l% indicated

A!%mmetric Cr%pto

S%!tem

A !%!tem of a !ecure "e% pair con!i!tin( of a pri$ate "e% for creatin( a di(ital

!i(nature and a public "e% to $erif% t#e di(ital !i(nature

A!%mmetric "e%

*public "e%+

A cip#er tec#ni1ue in &#ic# different cr%pto(rap#ic "e%! are u!ed to encr%pt and

decr%pt a me!!a(e *!ee public "e% encr%ption+

A!%nc#ronou! Tran!fer

Mode *ATM+

ATM i! a #i(#3band&idt# lo&3dela% !&itc#in( and multiple'in( tec#nolo(%) It i! a

data lin" la%er protocol) T#i! man! t#at it i! a protocol3independent tran!port

mec#ani!m) ATM allo&! inte(ration of real3time $oice and $ideo a! &ell a! data)ATM allo&! $er% #i(# !peed data tran!fer rate! at up to 5FF Mbit9!)

A!%nc#ronou!tran!mi!!ion

C#aracter3at3a3time tran!mi!!ion

Atte!t reportin(

en(a(ement

An en(a(ement &#ere an IS auditor i! en(a(ed to eit#er e'amine mana(ement/!

a!!ertion re(ardin( particular a !ubect matter or t#e !ubect matter directl%) T#e IS

auditor/! report con!i!t! of an opinion on one of t#e follo&in(<T#e !ubect matter) T#e!e report! relate directl% to t#e !ubect matter it!elf rat#er

t#an an a!!ertion) In certain !ituation! mana(ement &ill not be able to ma"e ana!!ertion o$er t#e !ubect of t#e en(a(ement) An e'ample of t#i! !ituation i! &#en

IT !er$ice! are out3!ourced to t#ird part%) Mana(ement &ill not ordinaril% be able to

ma"e an a!!ertion o$er t#e control! t#at t#e t#ird =part% i! re!pon!ible for) Hence, anI! auditor &ould #a$e to report directl% on t#e !ubect matter rat#er t#an an a!!ertion

Mana(ement/! a!!ertion about t#e effecti$ene!! of t#e

F




Audit ri!" T#e ri!" t#at information or financial report! ma% contain material error! or t#at t#e

IS auditor ma% not detect an error t#at #a! occurred- al!o u!ed to de!cribe t#e le$el

of ri!" t#at an auditor i! prepared to accept durin( an audit en(a(ement

Audit !amplin( T#e application of audit procedure! to le!! t#an 500 percent of t#e item! &it#in a

population to obtain audit e$idence about a particular c#aracteri!tic of t#e

population

Audit trail A $i!ible trail of e$idence enablin( one to trace information contained in !tatement!

or report! bac" to t#e ori(inal input !ource)

A c#ronolo(ical record of !%!tem acti$itie! pro$idin( documentar% e$idence of

proce!!in( t#at enable! mana(ement !taff to recon!truct, re$ie&, and e'amine t#e

!e1uence of !tate! and acti$itie! !urroundin( or leadin( to eac# e$ent in t#e pat# of a

tran!action from it! inception to output of final re!ult!)

Auditabilit% T#e le$el to &#ic# tran!action! can be traced and audited t#rou(# a !%!tem

Aut#enticated Record A !i(ned document &it# appropriate a!!urance! of aut#entication or a me!!a(e &it#a di(ital !i(nature $erified b% a rel%in( part% Ho&e$er, for !u!pen!ion and

re$ocation notification purpo!e!, t#e di(ital !i(nature contained in !uc# notification

me!!a(e mu!t #a$e been created b% t#e pri$ate "e% corre!pondin( to t#e public "e%contained in t#e Di(ital Si(nature Certificate)

Aut#entication T#e act of $erif%in( t#e identit% of a u!er and t#e u!er/! eli(ibilit% to acce!!computeri.ed information) Aut#entication i! de!i(ned to protect a(ain!t fraudulent

lo(on acti$it%) It can al!o refer to t#e $erification of t#e correctne!! of a piece of

data)

A proce!! u!ed to confirm t#e identit% of a per!on or to pro$e t#e inte(rit% of

!pecific information Me!!a(e aut#entication in$ol$e! determinin( it! !ource and$erif%in( t#at it #a! not been modified or replaced in tran!it) See al!o $erif% *adi(ital !i(nature+)

Aut#ori.ation T#e proce!! of determinin( &#at t%pe! of acti$itie! are permitted) rdinaril%,

aut#ori.ation i! in t#e conte't of aut#entication< once %ou #a$e aut#enticated a u!er,

#e9!#e ma% be aut#ori.ed to perform different t%pe! of acce!! or acti$it%)

T#e (rantin( of ri(#t!, includin( t#e abilit% to acce!! !pecific information or

re!ource!

Automated teller

mac#ine*ATM+

A 23#our, !tand3 alone miniban", located out!ide branc# ban" office! or in public

place! li"e !#oppin( mall!) T#rou(# ATM!, client! can ma"e depo!it!, &it#dra&al!,account in1uirie! and tran!fer!) T%picall%,

t#e ATM net&or" i! compri!ed of t&o !p#ere!< a proprietar% !p#ere, in &#ic# t#e

ban" mana(e! t#e tran!action! of it! client!, and t#e public or !#ared domain, in

&#ic# a client of one financial in!titution can u!e anot#er/! ATM!)

7




A$ailabilit% A$ailabilit% relate! to information bein( a$ailable &#en re1uired b% t#e bu!ine!!

proce!! no& and in t#e future) It al!o concern! t#e !afe(uardin( of nece!!ar%re!ource! and a!!ociated capabilitie!)

T#e e'tent to &#ic# information or proce!!e! are rea!onabl% acce!!ible and u!able,upon demand, b% an aut#ori.ed entit%, allo&in( aut#ori.ed acce!! to re!ource! and

timel% performance of time3critical operation!)

Bac"bone T#e main communication! c#annel of a di(ital net&or") T#e part of a net&or" t#at

#andle! t#e maor traffic) It emplo%! t#e #i(#e!t3!peed tran!mi!!ion pat#! in t#e

net&or" and ma% al!o run t#e lon(e!t di!tance!) Smaller net&or"! are attac#ed tot#e bac"bone, and net&or"! t#at directl% connect to t#e end u!er or cu!tomer are

caller acce!! net&or"!)8 A bac"bone can !pan a (eo(rap#ic area of an% !i.e from

a !in(le buildin( to an office comple' to an entire countr%) r, it can be a! !mall a!a bac"plane in a !in(le cabinet)

Bac"up 6ile!, e1uipment, data and procedure! a$ailable for u!e in t#e e$ent of a failure or lo!!, if t#e ori(inal! are de!tro%ed or out of !er$ice)

T#e proce!! of cop%in( critical information, data and !oft&are for t#e purpo!e of

reco$erin( e!!ential proce!!in( bac" to t#e time t#e bac"up &a! ta"en)

Bad(e A card or ot#er de$ice t#at i! pre!ented or di!pla%ed to obtain acce!! to an

ot#er&i!e re!tricted facilit%, a! a !%mbol of aut#orit% *e) () police+, or a! a !implemean! of identification) T#e% are al!o u!ed in ad$erti!in( and publicit%)

Band&idt# T#e ran(e bet&een t#e #i(#e!t and lo&e!t tran!mittable fre1uencie!) It e1uate! to

t#e tran!mi!!ion capacit% of an electronic line and i! e'pre!!ed in b%te! per !econdor Hert. *c%cle! per !econd+)

Bar ca!e A !tandardi.ed bod% of data created for te!tin( purpo!e!) ?!er! normall% e!tabli!#

t#e data) Ba!e ca!e $alidate! production application !%!tem! and te!t! t#e on(oin(accurate operation of t#e !%!tem)

Barcode A printed mac#ine3 readable code t#at con!i!t! of parallel bar! of $aried &idt# and

!pacin(

Ba!e ca!e A !tandardi.ed bod% of data created for te!tin( purpo!e!) ?!er! normall% e!tabli!#t#e data) Ba!e ca!e! $alidate production application !%!tem! and te!t t#e on(oin(

accurate operation of t#e !%!tem)

Ba!e band A form of modulation in &#ic# data !i(nal! are pul!ed directl% on t#e tran!mi!!ionmedium &it#out fre1uenc% di$i!ion and u!uall% utili.e a tran!cei$er) In ba!e band,

t#e entire band&idt# of t#e tran!mi!!ion medium *e)(), coa'ial cable+

Batc# control Correctne!! c#ec"! built into data proce!!in( !%!tem! and applied to batc#e! of

input data, particularl% in t#e data preparation !ta(e) T#ere are t&o main form! of batc# control!< !e1uence control, &#ic# in$ol$e! numberin( t#e record! in a batc#




con!ecuti$el% !o t#at t#e pre!ence of eac# record can be confirmed, and control

total, &#ic# i! a total of t#e $alue! in !elected field! &it#in t#e tran!action!)

Batc# proce!!in( T#e proce!!in( of a (roup of tran!action! at t#e !ame time) Tran!action! are

collected and proce!!ed a(ain!t t#e ma!ter file! at a !pecified time)

Ba%e!ian filter A met#od often emplo%ed b% anti!pam !oft&are to filter !pam ba!ed on

probabilitie!) T#e me!!a(e #eader and e$er% &ord or number are eac# con!idered a

to"en and (i$en a probabilit% !core) T#en t#e entire me!!a(e i! (i$en a !pam probabilit% !core) A me!!a(e &it# a #i(# !core &ill be fla((ed a! !pam and

di!carded, returned to it! !ender or put in a !pam director% for furt#er re$ie& b%

t#e in tended recipient)

Baud rate T#e rate of tran!mi!!ion for telecommunication data) It i! e'pre!!ed in bit! per

!econd *bp!+

Benc#mar" A te!t t#at #a! been de!i(ned to e$aluate t#e performance of a !%!tem) In a

benc#mar" te!t, a !%!tem i! !ubected to a "no&n &or"load and t#e performance of t#e !%!tem a(ain!t t#i! &or"load i! mea!ured) T%picall%, t#e purpo!e i! to compare

t#e mea!ured performance &it# t#at of ot#er !%!tem! t#at #a$e been !ubect to t#e

!ame benc#mar" te!t)Binar% code A code &#o!e repre!entation i! limited to 0 and 5

Bindin( An affirmation b% a Certif%in( Aut#orit% of t#e relation!#ip bet&een a named

entit% and it! public "e%

Biometric loc"! Door and entr% loc"! t#at are acti$ated b% !uc# biometric feature! a! $oice, e%e

retina, fin(erprint or !i(nature

Biometric! A !ecurit% tec#ni1ue t#at $erifie! an indi$idual/! identit% b% anal%.in( a uni1ue p#%!ical attribute, !uc# a! a #andprint

Blac" bo' te!tin( A te!tin( approac# &#ic# focu!e! on t#e functionalit% of t#e application or product

and doe! not re1uire "no&led(e of t#e code inter$al!)

Border router See e'ternal router)

Brid(e A de$ice t#at connect! t&o !imilar net&or"! to(et#er

Broadband In broadband, multiple c#annel! are formed b% di$idin( t#e tran!mi!!ion mediuminto di!crete fre1uenc% !e(ment!) It (enerall% re1uire! t#e u!e of a modem)

Brouter! De$ice! t#at perform t#e function! of bot# brid(e! and router! are called brouter!)

aturall%, t#e% operate at bot# t#e data lin" and t#e net&or" la%er!) A brouter connect! !ame data lin" t%pe A !e(ment! a! &ell a! different data lin" one!,

&#ic# i! a !i(nificant ad$anta(e) i"e a brid(e it for&ard! pac"et! ba!ed on t#edata lin" la%er addre!! to a different net&or" of t#e !ame t%pe) Al!o, &#ene$er re1uired, it proce!!e! and for&ard! me!!a(e! to a different data lin" t%pe net&or"

ba!ed on t#e net&or" protocol addre!!) >#en connectin( !ame data lin" t%pe

net&or"!, t#e% are a! fa!t a! brid(e! be!ide! bein( able to connect different datalin" t%pe net&or"!)

Bro&!er A computer pro(ram t#at enable! t#e u!er to retrie$e information t#at #a! been

made publicl% a$ailable on t#e internet- al!o, t#at permit! multimedia*(rap#ic!+application! on t#e &orld &ide &eb

:




Brute force T#e name (i$en to a cla!! of al(orit#m! t#at repeatedl% tr% all po!!ible

combination! until a !olution i! found

BS*bu!ine!! !er$ice

pro$ider+

An AS t#at al!o pro$ide! out!ourcin( of bu!ine!! proce!!e! !uc# a! pa%ment

proce!!in(, !ale! order proce!!in( and application de$elopment

Bud(et E!timated co!t and re$enue amount! for a (i$en ran(e of period! and !et of boo"!)

T#ere can be multiple bud(et $er!ion! for t#e !ame !et of boo"!

Bud(et formula A mat#ematical e'pre!!ion u!ed to calculate bud(et amount! ba!ed on actual

re!ult!, ot#er bud(et amount! and !tati!tic!) >it# bud(et formula!, bud(et! u!in(comple' e1uation!, calculation! and allocation! can be automaticall% created) )

Bud(et #ierarc#% A (roup of bud(et! lin"ed to(et#er at different le$el! !uc# t#at t#e bud(etin(

aut#orit% of a lo&er3 le$el bud(et i! controlled b% an upper3le$el bud(et)

Bud(et or(ani.ation An entit% *department, co!t center, di$i!ion or ot#er (roup+ re!pon!ible for enterin( and maintainin( bud(et data)

Buffer Memor% re!er$ed to temporaril% #old data) Buffer! are u!ed to off!et difference! bet&een t#e operatin( !peed! of different de$ice!, !uc# a! a printer and a

computer) In a pro(ram, buffer! are re!er$ed area! of RAM t#at #old data &#ile

t#e% are bein( proce!!ed)

Bul" data tran!fer A data reco$er% !trate(% t#at include! a reco$er% from complete bac"up! t#at are

p#%!icall% !#ipped off !ite once a &ee") Specificall%, lo(! are batc#edelectronicall% !e$eral time! dail% and t#en loaded into a tape librar% loaded at t#e

!ame facilit% a! t#e planned reco$er%)

Bu! Common pat# or c#annel bet&een #ard&are de$ice!) It can be bet&een

component! internal to a computer or bet&een e'ternal computer! in acommunication! net&or")

Bu! confi(uration All de$ice! *node!+ are lin"ed alon( one communication line &#ere tran!mi!!ion!

are recei$ed b% all attac#ed node!) T#i! arc#itecture i! reliable in $er% !mallnet&or"!, a! &ell a! ea!% to u!e and under!tand) T#i! confi(uration re1uire! t#e

lea!t amount of cable to connect t#e computer! to(et#er and, t#erefore, i! le!!

e'pen!i$e t#an ot#er cablin( arran(ement!) It i! al!o ea!% to e'tend, and t&o

cable! can be ea!il% oined &it# a connector to ma"e a lon(er cable for morecomputer! to oin t#e net&or") A repeater can al!o be u!ed to e'tend a bu!

confi(uration

Bu!ine!! ca!e A document t#at pro$ide! mana(ement &it# !ufficient information, needed to

enable t#em to decide &#et#er to !upport a propo!ed proect, before !i(nificant

re!ource! are committed to it! de$elopment) A bu!ine!! ca!e include! anal%!i! of current bu!ine!! proce!! performance- a!!ociated a!!umption!, need! or problem!-

propo!ed !olution! and potential con!traint!, ba!ed upon a ri!"3adu!ted, co!t3

benefit anal%!i!)

Bu! topolo(% A t%pe of local area net&or" *A+ arc#itecture in &#ic# eac# !tation i! directl%

attac#ed to a common communication c#annel, !i(nal! tran!mitted o$er t#e

c#annel ta"e t#e form of me!!a(e!) A! eac# me!!a(e pa!!e! alon( t#e c#annel,eac# !tation recei$e! it) Eac# !tation t#en determine!, ba!ed on an addre!!

contained in t#e me!!a(e, &#et#er to accept and proce!! t#e me!!a(e or !impl% to

i(nore it)

50




Bu!ine!! impact

anal%!i!*BIA+

A proce!! to determine t#e impact of lo!in( t#e !upport of an% re!ource) T#e

bu!ine!! impact anal%!i! a!!e!!ment !tud% &ill e!tabli!# t#e e!calation of t#at lo!!

o$ertime )It i! predicated on t#e fact t#at !enior mana(ement, &#en pro$idedreliable date to document t#e potential impact of a lo!t re!ource, can ma"e t#e

appropriate deci!ion)

Bu!ine!! proce!!

inte(rit%

Control! o$er t#e bu!ine!! proce!!e! t#at are !upported b% t#e ER

Bu!ine!! proce!!reen(ineerin(*BR+

Modern e'pre!!ion for or(ani.ational de$elopment !temmin( from IS9IT impact!)T#e ultimate (oal of BR i! to %ield a better performin( !tructure, more re!pon!i$e

to t#e cu!tomer ba!e and mar"et condition!, &#ile %ieldin( material co!t !a$in(!

)To reen(ineer mean! rede!i(nin( a !tructure and procedure! &it# intelli(ence and!"ill!, &#ile bein( &ell informed about all of t#e attendant factor! of a (i$en

!ituation, !o a! to obtain t#e ma'imum benefit! from mec#ani.ation a! ba!ic

rationale)

Bu!ine!! ri!" otential for #arm or lo!! in ac#ie$in( bu!ine!! obecti$e!

Bu!ine!!3to3con!umer e3commerce*B2C+

Refer! to t#e proce!!e! b% &#ic# or(ani.ation! conduct bu!ine!! electronicall%&it# t#eir cu!tomer! and or public at lar(e u!in( t#e internet a! t#e enablin(

tec#nolo(%)

B%pa!! label proce!!in(*B+

A tec#ni1ue of readin( a computer file &#ile b%pa!!in( t#e internal file9data !etlabel) T#i! proce!! could re!ult in b%pa!!in( of t#e !ecurit% acce!! control !%!tem)

CAAT! See computer3a!!i!ted audit tec#ni1ue!

Cadbur% T#e committee on t#e financial A!pect! of corporate o$ernance, !et up in Ma%

5::5 b% t#e ?4 accountanc% profe!!ion, &a! c#aired b% !ir Adrian Cadbur% and produced a report on t#e !ubect commonl% "no&n, in t#e ?4, a! t#e Cadbur%report)

Capacit% !tre!! te!tin( Te!tin( an application &it# lar(e 1uantitie! of data to e$aluate it! performance

durin( pea" period!) It al!o i! called $olume te!tin()

Card !&ipe! A p#%!ical control tec#ni1ue t#at u!e! a !ecured card or ID to (ain acce!! to a

#i(#l% !en!iti$e location) Card !&ipe!, if built correctl%, act a! a pre$entati$e

control o$er p#%!ical acce!! to t#o!e !en!iti$e location!) After a card #a! been!&iped, t#e application attac#ed to t#e p#%!ical card !&ipe de$ice lo(! all card

u!er! t#at tr% to acce!! t#e !ecured location) T#e card !&ipe de$ice pre$ent!

unaut#ori.ed acce!! and lo(! all attempt! to enter t#e !ecured location)Cat#ode ra% tube *CRT+ A $acuum tube t#at di!pla%! data b% mean! of an electron beam !tri"in( t#e

!erene, &#ic# i! coated &it# !uitable p#o!p#or material or a de$ice !imilar to a

tele$i!ion !erene upon &#ic# data can be di!pla%ed

Capabilit% Maturit%

Model *CMM+

T#e capabilit% Maturit% Model *CMM+ for !oft&are, from t#e !oft&are

En(ineerin( In!titute *SEI+, i! a model u!ed b% man% or(ani.ation! to identif% be!t practice! u!eful in #elpin( t#em a!!e!! and increa!e t#e maturit% if t#eir !oft&are

de$elopment proce!!)

55




Central office *C+ A telecommunication! carrier/! facilitie! in a local area in &#ic# !er$ice i!

pro$ided &#ere local !er$ice i! !&itc#ed to lon( di!tance

Central proce!!in( unit

*C?+

Computer #ard&are t#at #ou!e! t#e electronic circuit! t#at control9direct all

operation! of t#e computer !%!tem

Centrali.ed data

proce!!in(

Identified b% one central proce!!or and databa!e! t#at form a di!tributed

proce!!in( confi(uration

Certificate A Di(ital Si(nature Certificate i!!ued b% Certif%in( Aut#orit%

Certificate*certification+

*CA+ aut#orit%

In cr%pto(rap#%, a certificate aut#orit% or certificate aut#orit% or certification

aut#orit% *CA+ i! an entit% &#ic# i!!ue! di(ital certificate! for u!e b% ot#er partie!)

It i! an e'ample of a tru!ted t#ird part%) A certificate aut#orit% atte!t!, a! t#e tru!ted pro$ider of t#e public9pri$ate "e% pair!, to t#e aut#enticit% of t#e o&ner *entit% or

indi$idual+ to &#om a public 9pri$ate "e% pair #a! been (i$en) T#e proce!!

in$ol$e! a CA &#o ma"e! a deci!ion to i!!ue a certificate ba!ed on e$idence or "no&led(e obtained in $erif%in( t#e identit% of t#e recipient) ?pon $erif%in( t#e

identit% of t#e recipient, t#e CA !i(n! t#e certificate &it# it! pri$ate "e% for

di!tribution to t#e u!er, &#ere, upon receipt, t#e u!er &ill decr%pt t#e certificate&it# t#e CA/! public "e% *e)(), commercial CA! !uc# a! Jeri!i(n pro$ide public

"e%! on &eb bro&!er!+) T#e ideal CA i! aut#oritati$e *!omeone t#at t#e u!er tru!t!+ for t#e name or "e% !pace it repre!ent!) CA/! are c#aracteri!tic of man%

public "e% infra!tructure *4I+ !c#eme!) T#ere are man% commercial CA! t#atc#ar(e for t#eir !er$ice!) In!titution! and (o$ernment! ma% #a$e t#eir o&n CA!,

and t#ere are free CA!)

Certificate C#ain An ordered li!t of certificate! containin( an end3u!er !ub!criber certificate and

Certif%in( Aut#orit% certificate! *See $alid certificate+

Certificate Cla!! A Di(ital Si(nature Certificate of a !pecified le$el of tru!t

Certificate E'piration T#e time and date !pecified in t#e Di(ital Si(nature Certificate &#en t#e

operational period end!, &it#out re(ard to an% earlier !u!pen!ion or re$ocation

Certificate E'ten!ion An e'ten!ion field to a Di(ital Si(nature Certificate &#ic# ma% con$e% additionalinformation about t#e public "e% bein( certified, t#e certified !ub!criber, t#e

Di(ital Si(nature Certificate i!!uer, and9or t#e certification proce!! Standard

e'ten!ion! are defined in Amendment 5 to IS9IEC :F:3<5::F *F0:+ Cu!tome'ten!ion! can al!o be defined b% communitie! of intere!t

Certificate I!!uance T#e action! performed b% a Certif%in( Aut#orit% in creatin( a Di(ital Si(natureCertificate and notif%in( t#e Di(ital Si(nature Certificate applicant *anticipated to

become a !ub!criber+ li!ted in t#e Di(ital Si(nature Certificate of it! content!

Certificate Mana(ement

KMana(ement of Di(ital

Si(nature CertificateL

Certificate mana(ement include!, but i! not limited to, !tora(e, di!tribution,

di!!emination, accountin(, publication, compromi!e, reco$er%, re$ocation,

!u!pen!ion and admini!tration of Di(ital Si(nature Certificate! A Certif%in(

Aut#orit% underta"e! Di(ital Si(nature Certificate mana(ement function! b%!er$in( a! a re(i!tration aut#orit% for !ub!criber Di(ital Si(nature Certificate! A

Certif%in( Aut#orit% de!i(nate! i!!ued and accepted Di(ital Si(nature Certificate!

a! $alid b% publication)

Certificate olic% A !peciali.ed form of admini!trati$e polic% tuned to electronic tran!action!

performed durin( Di(ital Si(nature Certificate mana(ement A Certificate olic%addre!!e! all a!pect! a!!ociated &it# t#e (eneration, production, di!tribution,

accountin(, compromi!e reco$er% and admini!tration of di(ital certificate!

Indirectl%, a certificate polic% can al!o (o$ern t#e tran!action! conducted u!in( acommunication! !%!tem protected b% a certificate3ba!ed !ecurit% !%!tem B%

52




controllin( critical certificate e'ten!ion!, !uc# policie! and a!!ociated enforcement

tec#nolo(% can !upport pro$i!ion of t#e !ecurit% !er$ice! re1uired b% particular

application!

Certificate re$ocation li!t

*CR+

An in!trument for c#ec"in( t#e continued $alidit% of t#e certificate! for &#ic# t#e

certification aut#orit% *CA+ #a! re!pon!ibilit%) CR detail! di(ital certificate! t#atare no lon(er $alid) T#e time (ap bet&een t&o update! i! $er% critical and i! al!o

a ri!" in di(ital certificate! $erification)

A periodicall% *or e'i(entl%+ i!!ued li!t, di(itall% !i(ned b% a Certif%in( Aut#orit%,

of identified Di(ital Si(nature Certificate! t#at #a$e been !u!pended or re$o"ed

prior to t#eir e'piration date! T#e li!t (enerall% indicate! t#e CR i!!uer! name,t#e date of i!!ue, t#e date of t#e ne't !c#eduled CR i!!ue, t#e !u!pended or

re$o"ed Di(ital Si(nature Certificate! !erial number!, and t#e !pecific time! and

rea!on! for !u!pen!ion and re$ocation

Certificate Serial umber A $alue t#at unambi(uou!l% identifie! a Di(ital Si(nature Certificate (enerated b%

a Certif%in( Aut#orit%

Certificate Si(nin(

Re1ue!t *CSR+

A mac#ine3readable form of a Di(ital Si(nature Certificate application)

Certification 9 Certif% T#e proce!! of i!!uin( a Di(ital Si(nature Certificate b% a Certif%in( Aut#orit%

Certification practice

!tatement *CS+

A CS i! a detailed !et of rule! (o$ernin( t#e certificate aut#orit%/! operation!) It

pro$ide! an under!tandin( of t#e $alue and tru!t&ort#ine!! of certificate! i!!ued b% a (i$en CA in term! of t#e control! t#at an or(ani.ation ob!er$e!, t#e met#od it

u!e! to $alidate t#e aut#enticit% of certificate applicant! and t#e CA/! e'pectation!

of #o& it! certificate! ma% be u!ed)

A !tatement i!!ued b% a Certif%in( Aut#orit% to !pecif% t#e practice! t#at t#e

Certif%in( Aut#orit% emplo%! in i!!uin( Di(ital Si(nature Certificate!)Certif%in( Aut#orit%

*CA+

A per!on &#o #a! been (ranted a licence to i!!ue a Di(ital Si(nature Certificate

under an Act

Certif%in( Aut#orit%

Soft&are

T#e cr%pto(rap#ic !oft&are re1uired to mana(e t#e "e%! of end entitie!

Certif%in( Aut#orit%

S%!tem

All t#e #ard&are and !oft&are !%!tem *e( Computer, 4I !er$er!, net&or" de$ice!

etc+ u!ed b% t#e Certif%in( Aut#orit% for (eneration, production, i!!ue andmana(ement of Di(ital Si(nature Certificate)

C#allen(e #ra!e A !et of number! and9or letter! t#at are c#o!en b% a Di(ital Si(nature Certificate

applicant, communicated to t#e Certif%in( Aut#orit% &it# a Di(ital Si(natureCertificate application, and u!ed b% t#e Certif%in( Aut#orit% to aut#enticate t#e

!ub!criber for $ariou! purpo!e! a! re1uired b% t#e Certification ractice StatementA c#allen(e p#ra!e i! al!o u!ed b% a !ecret !#are #older to aut#enticate #im!elf,#er!elf, or it!elf to a !ecret !#are i!!uer

C#annel !er$ice?nit9Di(ital !er$ice ?nit

*CS?9DS?+

Interface! at t#e p#%!ical la%er of t#e SI reference model, data terminale1uipment *DTE+ to data circuit terminatin( e1uipment *DCE+) 6or !&itc#ed

carrier net&or"!

Certificate re$ocation

i!t

A li!t of retracted certificate!

C#allen(e9re!pon!e to"en A met#od of u!er aut#entication) C#allen(e re!pon!e aut#entication i! carried out

5;




t#roat% u!e of t#e c#allen(e Hand!#a"e Aut#entication protocol *CHA+) >#en a

u!er trie! to lo( into t#e !er$er, t#e !er$er !end! t#e u!er a c#allen(e,8 &#ic# i! a

random $alue) T#e u!er enter! a pa!!&ord, &#ic# i! u!ed a! an encr%ption "e% toencr%pt t#e c#allen(e8 and return it to t#e !er$er) T#e !er$er i! a&are of t#e

pa!!&ord) It) t#erefore, encr%pt! t#e c#allen(e8 $alue and compare! it &it# t#e

$alue recei$ed from t#e u!er) If t#e $alue! matc# t#e u!er i! aut#enticated)

T#e c#allen(e9re!pon!e acti$it% continue! t#rou(#out t#e !e!!ion and t#i! prote!t!t#e !e!!ion from pa!!&ord !niffin( attac"!) In addition, CHA i! not $ulnerable to

man in t#e middle8 attac"! a! t#e c#allen(e $alue i! a random $alue t#at c#an(e!on eac# acce!! attempt)

C#ec" di(it A numeric $alue, &#ic# #a! been calculated mat#ematicall%, i! added to data toen!ure t#at ori(inal data #a$e not been altered or t#at an incorrect, but $alid matc#

#a! occurred) T#i! control i! effecti$e in detectin( tran!po!ition and tran!cription

error!)

C#ec" di(it $erification

*!elf3c#ec"in( di(it+

A pro(rammed edit or routine t#at detect! tran!po!ition and tran!cription error! b%

calculatin( and c#ec"in( t#e c#ec" di(it

C#ec"point re!tart

procedure!

A point in a routine at &#ic# !ufficient information can be !tored to permit

re!tartin( t#e computation from t#at pointC#ec"li!t A li!t of item! t#at i! u!ed to $erif% t#e completene!! of a ta!" or (oal) A c#ec"li!t

i! u!ed in 1ualit% a!!urance *and in (eneral, in information !%!tem! audit+, to

c#ec" proce!! compliance, code !tandardi.ation and error pre$ention, and ot#er item! for &#ic# con!i!tenc% proce!!e! or !tandard! #a$e been defined)

C#ec"!um A cr%pto(rap#ic c#ec"!um i! a mat#ematical $alue t#at i! a!!i(ned to a file andu!ed to te!t8 t#e file at a later date to $erif% t#at t#e data contained in t#e file #a!

not been maliciou!l% c#an(ed) A cr%pto(rap#ic c#ec"!um i! created b% performin(

a complicated !erie! of mat#ematical operation! *"no&n a! a cr%pto(rap#ical(orit#m+ t#at tran!late! t#e data in t#e file into a fi'ed !trin( if di(it! called a

#a!# $alue, &#ic# i! t#en u!ed a! t#e c#ec"!um) >it#out "no&in( &#ic#

cr%pto(rap#ic al(orit#m &a! u!ed to create t#e #a!# $alue, it i! #i(#l% unli"el%t#at an unaut#ori.ed per!on &ould be able to c#an(e data &it#out inad$ertentl%c#an(in( t#e corre!pondin( c#ec"!um) Cr%pto(rap#ic c#ec"!um! are u!ed in data

tran!mi!!ion and data !tora(e) Cr%pto(rap#ic c#ec"!um! are al!o "no&n a!

me!!a(e aut#entication code!, inte(rit% c#ec" $ale!, modification detection code!or me!!a(e inte(rit% code!)

Cip#erte't Information (enerated b% an encr%ption al(orit#m to protect t#e plainte't) T#ecip#erte't i! unintelli(ible to t#e unaut#ori.ed reader)

Circuit3!&itc#ed net&or" A data tran!mi!!ion !er$ice re1uirin( t#e e!tabli!#ment of a circuit3!&itc#ed

connection before data can be tran!ferred from !ource data terminal e1uipment*DTE+ to a !in" DTE) A circuit3!&itc#ed connection before data tran!mi!!ion

!er$ice u!e! a connection net&or")Circular routin( In open !%!tem! arc#itecture, circular routin( i! t#e lo(ical pat# of a me!!a(e in a

communication! net&or" ba!ed on a !erie! of (ate! at t#e p#%!ical net&or" la%er

in t#e open !%!tem! interconnection *SI+ model)

Clearte't Data t#at i! not encr%pted) Al!o "no&n a! plainte't)

Client Application An application t#at run! on a per!onal computer or &or"!tation and relie! on a!er$er to perform !ome operation

Client3!er$er A (roup of computer! connected b% a communication! net&or", &#ere t#e client i!

5




t#e re1ue!tin( mac#ine and t#e !er$er i! t#e !uppl%in( mac#ine, !oft&are i!

!peciali.ed at bot# end!) roce!!in( ma% ta"e place on eit#er t#e client or t#e

!er$er, but it i! tran!parent to t#e u!er)

Clu!ter controller A communication! terminal control #ard&are unit t#at control! a number of

computer terminal!) All me!!a(e! are buffered b% t#e controller and t#entran!mitted to t#e recei$er)

Coa'ial cable It i! compo!ed of an in!ulated &ire t#at run! t#rou(# t#e middle of eac# cable, a

!econd &ire t#at !urround! t#e in!ulation of t#e inner &ire li"e a !#eat#, and t#eouter in!ulation &#ic# &rap! t#e !econd &ire) Coa'ial cable #a! a (reater

tran!mi!!ion capacit% t#an !tandard t&i!ted3pair cable! but #a! a limited ran(e of

effecti$e di!tance)

CBIT Control becti$e! for information and related Tec#nolo(%, t#e international !et of

IT control obecti$e! publi!#ed b% ISAC6)2000,5::,5::G

CC Criteria f control, ubli!#ed b% t#e Canadian in!titute of c#artered Accountant!

in 5::F

Co#e!ion T#e e'tent to &#ic# a !%!tem unit NN!ubroutine, pro(ram, module, component,

!ub!%!temNN perform! a !in(le dedicated function, enerall%, t#e more co#e!i$e

are unit!, t#e ea!ier it i! to maintain and en#ance a !%!tem, !ince it i! ea!ier to

determine &#ere and #o& to appl% a c#an(e)Cold !ite An IS bac"up facilit% t#at #a! t#e nece!!ar% electrical and p#%!ical component! of

a computer facilit%, but die! not #a$e t#e computer e1uipment in place) T#e !ite i!

read% to recei$e t#e nece!!ar% replacement computer e1uipment in t#e e$ent t#e

u!er! #a$e to mo$e from t#eir main computin( location to t#e alternati$e computer facilit%)

Combined code oncorporate o$ernance

T#e con!olidation in 5:: of t#e Cadbur%,8 reenbur%8 and Hampel8 Report!) amed after t#e committee c#air!, t#e!e report! &ere !pon!ored b% t#e ?

financial Reportin( council, t#e ondon !toc" E'c#an(e, t#e confederation of

Briti!# indu!tr%, t#e in!titute of Director!, t#e con!ultati$e committee of

Accountanc% Bodice, t#e ational A!!ociation of en!ion fund! and t#e

A!!ociation of Briti!# in!urer! to addre!! t#e financial A!pect! of corporateo$ernance) Director!/ Remuneration and t#e implementation of t#e Cadbur% and

reenbur% recommendation!)

Common 4e% Some !%!tem! of cr%pto(rap#ic #ard&are re1uire armin( t#rou(# a !ecret3!#arin(

proce!! and re1uire t#at t#e la!t of t#e!e !#are! remain p#%!icall% attac#ed to t#e#ard&are in order for it to !ta% armed In t#i! ca!e, common "e%8 refer! to t#i! la!t

!#are It i! not a!!umed to be !ecret a! it i! not continuall% in an indi$idual/!

po!!e!!ion)

Communication9et&or"

S%!tem

A !et of related, remotel% connected de$ice! and communication! facilitie!

includin( more t#an one computer !%!tem &it# t#e capabilit% to tran!mit data

amon( t#em t#rou(# t#e communication! facilitie! *co$erin( ISD, lea!e line!,

dial3up, A, >A, etc+Communication!controller

Small computer! u!ed to connect and coordinate communication lin"! bet&eendi!tributed or remote de$ice! and t#e main computer, t#u! freein( t#e main

computer from t#i! o$er#ead function

Communication

proce!!or

A computer embedded in a communication! !%!tem t#at (enerall% perform! ba!ic

ta!"! of cla!!if%in( net&or" traffic and enforcin( net&or" polic% function!) An

e'ample i! t#e me!!a(e data proce!!or of a DD !&itc#in( center) More ad$anced

communication! proce!!or! ma% perform additional function!)

5F




Compari!on pro(ram A pro(ram for t#e e'amination of data, u!in( lo(ical or conditional te!t! to

determine or to identif% !imilaritie! or difference!

Compen!atin( control An internal control t#at reduce! t#e ri!" of an e'i!tin( or potential control

&ea"ne!! re!ultin( in error! and omi!!ion!

Compiler A pro(ram t#at tran!late! pro(rammin( lan(ua(e*!ource code+into mac#ine

e'ecutable in!truction!*obect code+

Completel% connected

*me!#+confi(uration

A net&or" topolo(% in &#ic# de$ice! are connected &it# man% redundant

interconnection! bet&een net&or" node!) *rimaril% u!ed for bac"bone net&or"!)+Completene!! c#ec" A procedure de!i(ned to en!ure t#at no field! are mi!!in( from a record

Compliance te!tin( Audit te!t! t#at determine if internal control! are bein( applied in a manner

de!cribed in t#e documentation and in accordance &it# mana(ement/! intent!)

T#e!e are te!t! t#at are u!ed to determine &#et#er internal control! actuall% e'i!tand are &or"in( effecti$el%)

Component!*a! incomponent3ba!ed

de$elopment+

Cooperatin( pac"a(e! of e'ecutable !oft&are t#at ma"e t#eir !er$ice! a$ailablet#rou(# defined interface!) Component! u!ed in de$elopin( !%!tem! ma% be

commercial off3t#e3!#elf !oft&are *CTS+ or ma% be purpo!el% built) Ho&e$er,

t#e (oal of component3ba!ed de$elopment i! to ultimatel% u!e a! muc#

prede$eloped, prete!ted rete!ted component! a! po!!ible)Compre#en!i$e audit An audit de!i(ned to determine t#e accurac% of financial record!, a! &ell a!

e$aluate t#e internal control! of a function or department

Compromi!e A $iolation *or !u!pected $iolation+ of a !ecurit% polic%, in &#ic# an unaut#ori.ed

di!clo!ure of, or lo!! of control o$er, !en!iti$e information ma% #a$e occurred * Cf,data inte(rit%+)

Computationall% (reed% Re1uirin( a (reat deal of computin( po&er- proce!!or inten!i$e

Computer An% electronic, ma(netic, optical or ot#er #i(#3!peed data proce!!in( de$ice or

!%!tem &#ic# perform! lo(ical, arit#metic, and memor% function! b%manipulation! of electronic, ma(netic or optical impul!e!, and include! all input,

output, proce!!in(, !tora(e, computer !oft&are, or communication facilitie! &#ic#are connected or related to t#e computer in a computer !%!tem or computer net&or"

Computer Data Ba!e Mean! a repre!entation of information, "no&led(e, fact!, concept! or in!truction!in te't, ima(e, audio, $ideo t#at are bein( prepared or #a$e been prepared in a

formali!ed manner or #a$e been produced b% a computer, computer !%!tem or

computer net&or" and are intended for u!e in a computer, computer !%!tem or computer net&or")

Computer et&or" Interconnection of one or more computer! t#rou(#O

*i+ t#e u!e of !atellite, micro&a$e, terre!trial line or ot#er communicationmedia- and

*ii+ terminal! or a comple' con!i!tin( of t&o or more interconnected computer!&#et#er or not t#e interconnection i! continuou!l% maintained)

Computer erip#eral Mean! e1uipment t#at &or"! in conunction &it# a computer but i! not a part of

t#e main computer it!elf, !uc# a! printer, ma(netic tape reader, etc)

Computer Re!ource Mean! computer, computer !%!tem, computer net&or", data, computer databa!e or

!oft&are)

Computer !e1uence

c#ec"in(

Jerifie! t#at t#e control number follo&! !e1uentiall% and an% control number! out

of !e1uence are reected or noted on an e'ception report for furt#er re!earc#

5G




Computer !er$er 5+ A computer dedicated to !er$icin( re1ue!t! for re!ource! from ot#er computer!on a net&or", !er$er! t%picall% run net&or" operatin( !%!tem!) 2+ A computer t#at

pro$ide! !er$ice! to anot#er computer *t#e client+)

Computer3emer(enc%

re!pon!e team *CERT+

A (roup of people inte(rated at t#e or(ani.ation &it# clear line! lf reportin( and

re!pon!ibilitie! for !tandb% !upport in ca!e of an information !%!tem! emer(enc%)

T#i! (roup &ill act a! an efficient correcti$e control, and !#ould al!o act a! a

!in(le point of contact for all incident! and i!!ue! related to information !%!tem!)Computer3a!!i!ted audit

tec#ni1ue *CASE+

T#e u!e of !oft&are pac"a(e! t#at aid in t#e de$elopment of all p#a!e! of an

information !%!tem, !%!tem anal%!i!, de!i(n pro(rammin( and documentation are pro$ided) C#an(e! introduced in one CASE c#art &ill update all ot#er related

c#art! automaticall%) CASE can be in!talled on a microcomputer for ea!% acce!!)

Computer3a!!i!ted audit

tec#ni1ue *CAAT+

An% automated audit tec#ni1ue, !uc# a! (enerali.ed audit !oft&are, te!t data

(enerator!, computeri.ed audit pro(ram! and !peciali.ed audit utilitie!

Computer S%!tem A de$ice or collection of de$ice!, includin( input and output !upport de$ice! and

e'cludin( calculator! &#ic# are not pro(rammable and capable of bein( u!ed in

conunction &it# e'ternal file!, &#ic# contain computer pro(ramme!, electronic

in!truction!, input data and output data, t#at perform! lo(ic, arit#metic, data

!tora(e and retrie$al, communication control and ot#er function!Concurrent acce!! A fail3o$er proce!!, in &#ic# al node! run t#e !ame re!ource (roup *t#ere can be

no I or MAC addre!!e! in a concurrent re!ource (roup+and acce!! t#e e'ternal

!tora(e concurrentl%

Confidentialit% Confidentialit% concern! t#e protection of !en!iti$e information from unaut#ori.ed

di!clo!ure)

T#e condition in &#ic# !en!iti$e data i! "ept !ecret and di!clo!ed onl% toaut#ori.ed partie!)

Confirm To a!certain t#rou(# appropriate in1uir% and in$e!ti(ation *See alsoaut#entication- $erif% a di(ital !i(nature+)

Confirmation of Di(italSi(nature Certificate

C#ain

T#e proce!! of $alidatin( a Di(ital Si(nature Certificate c#ain and !ub!e1uentl%$alidatin( an end3u!er !ub!criber Di(ital Si(nature Certificate)

Computer foren!ic! T#e application of t#e !cientific met#od to di(ital media to e!tabli!# factual

information for udicial re$ie&) T#i! proce!! often in$ol$e! in$e!ti(atin( computer

!%!tem! to determine &#et#er t#e% are or #a$e been u!ed for ille(al or unaut#ori.ed acti$itie!) A! a di!cipline, it combine! element! lf la& and computer

!cience to collect and anal%.e data from information !%!tem! *e, (), per!onal

computer!, net&or"!, &irele!! communication! and di(ital !tora(e and di(ital!tora(e de$ice!+ in a &a% t#at i! admi!!ible a! e$idence in a court of la&)

Concurrenc% control Refer! to a cla!! of control! u!ed in databa!e mana(ement !%!tem! *DBMS+ toen!ure t#at tran!action! are proce!!ed in an atomic, con!i!tent, i!olated and

durable manner *ACID+) T#i! implie! t#at onl% !erial and reco$erable !c#edule!

are permitted) And t#at committed tran!action! are not di!carded &#en undoin(aborted tran!action!)

Con!ole lo( An automated detail report of computer !%!tem acti$it%

Con!umer ne &#o obtain! product! or !er$ice! from a ban" to be u!ed primaril% for

per!onal, famil% or #ou!e#old purpo!e!)

57




Content filterin( Controllin( acce!! to a net&or" b% anal%.in( t#e content! of t#e incomin( and

out(oin( pac"et! and eit#er lettin( t#em pa! or den%in( t#em ba!ed on a li!t lf

rule!) Differ! from pac"et filterin( in t#at it i! t#e data in t#e pac"et t#at areanal%.ed in!tead of t#e attribute! of t#e pac"et it!elf *e)(), !ource9tar(et I addre!!,

TC fla(!+

Contin(enc% lan! T#e e!tabli!#ment of emer(enc% re!pon!e, bac" up operation, and po!t3di!a!ter

reco$er% proce!!e! maintained b% an information proce!!in( facilit% or for an

information !%!tem)

E!tabli!# t#e !trate(% for reco$erin( from unplanned di!ruption of information

proce!!in( operation! T#e !trate(% include! t#e identification and priorit% of &#at

mu!t be done, &#o perform! t#e re1uired action, and &#at tool! mu!t be u!ed)

A document, de$eloped in conunction &it# application o&ner! and maintained at

t#e primar% and bac"up computer in!tallation, &#ic# de!cribe! procedure! andidentifie! t#e per!onnel nece!!ar% to re!pond to abnormal !ituation! !uc# a!

di!a!ter! Contin(enc% plan! #elp mana(er! en!ure t#at computer application

o&ner! continue to proce!! *&it# or &it#out computer!+ mi!!ion3critical

application! in t#e e$ent t#at computer !upport i! interrupted)Continuit% T#e act! pre$entin(, miti(atin( and reco$erin( from di!ruption) T#e term!

bu!ine!! re!umption plannin(, di!a!ter

Reco$er% plannin( and contin(enc% plannin( al!o ma% be u!ed in t#i! conte't-

t#e% all concentrate on t#e reco$er% a!pect! of continuit%)

Continuou! auditin( T#i! approac# allo&! IS auditor! to monitor !%!tem reliabilit% on a continuou!

ba!i! and to (at#er !electi$e audit e$idence t#rou(# t#e computer)

Continuou! impro$ement T#e (oal! of continuou! impro$ement *"ai.en+ include t#e elimination of &a!te,

defined a! acti$itie! t#at add co!t but do not add $alue,8 u!t3in3time deli$er%- production load le$elin( of amount! and t%pe!- !tandardi.ed &or"- paced mo$in(

line!- ri(#t3!i.ed e1uipment, and !o on) A clo!er definition of t#e @apane!e u!a(e

of "ai.en i! to ta"e it apart and put bac" to(et#er in a better &a%)8 >#at i! ta"enapart i! u!uall% a proce!! t#at, &#en done correctl%, #umani.e! t#e &or"place,eliminate! #are &or" *bot# mental and p#%!ical+, and teac#e! people #o& to do

rapid e'periment! u!in( t#e !cientific met#od and #o& to learn to !ee and

eliminate &a!te in bu!ine!! proce!!e!)

Control! Mea!ure! ta"en to en!ure t#e inte(rit% and 1ualit% of a proce!!)

Control (roup Member! of t#e operation! area t#at are re!pon!ible for t#e collection, lo((in( and!ubmi!!ion of input for t#e $ariou! u!er (roup!

Control obecti$e T#e obecti$e! of mana(ement t#at are u!ed a! t#e frame&or" for de$elopin( and

implementin( control! *control procedure!+)

Control becti$e! for Enterpri!e o$ernance

A di!cu!!ion document &#ic# !et! out an Enterpri!e o$ernance Model8focu!in( !tron(l% on bot# t#e enterpri!e bu!ine!! (oal! and t#e information!%!tem! Audit and control 6oundation in 5:::

Control perimeter T#e boundar% definin( t#e !cope of control aut#orit% for an entit%) 6or e'ample, if a !%!tem i! &it#in t#e control perimeter, t#e ri(#t and abilit% e'i!t! to control it in

re!pon!e to an attac")

Control ri!" T#e ri!" t#at an error &#ic# could occur in an audit area, and &#ic# could be

material, indi$iduall% or in combination &it# ot#er error!, &ill not be pre$ented or

detected and corrected on a timel% ba!i! b% t#e internal control !%!tem

5




Control ri!" !elf

a!!e!!ment

An empo&erin( met#od9proce!! b% &#ic# mana(ement and !taff of all le$el!

collecti$el% identif% and e$aluate IS related ri!"! and control! under t#e (uidance

of a facilitator &#o could be an IS auditor) T#e IS auditor can utili.e CRSA for (at#erin( rele$ant information about ri!"! and control! and to for(e (reater

collaboration &it# mana(ement and !taff) CRSA pro$ide! a frame&or" and tool!

for mana(ement and emplo%ee! to-Identif% and prioritie! t#eir bu!ine!! obecti$e!)

A!!e!! and mana(e #i(# ri!" area! of bu!ine!! proce!!e!)Self3e$aluate t#e ade1uac% of control!)

De$elop ri!" treatment recommendation!

Control !ection T#e area of t#e central proce!!in( unit *C?+ t#at e'ecute! !oft&are, allocate!

internal memor% and tran!fer! operation! bet&een t#e arit#metic3lo(ic, internal!tora(e and output !ection! of t#e computer

Control &ea"ne!! A deficienc% in t#e de!i(n or operation of a control procedure) Control&ea"ne!!e! can potentiall% re!ult in ri!"! rele$ant to t#e area of acti$it% not bein(

reduced to an acceptable le$el *rele$ant ri!"! are t#o!e t#at t#reaten ac#ie$ement

of t#e obecti$e! rele$ant to t#e area of acti$it% bein( e'amined+) Control&ea"ne!!e! can be material &#en t#e de!i(n or operation of one or more control

procedure! doe! not reduce to a relati$el% lo& le$el t#e ri!" t#at mi!!tatement!cau!ed b% ille(al act! or irre(ularitie! ma% occur and not be detected b% t#e related

control procedure!)

Control! *control procedure!+ T#o!e policie! and procedure! implemented to ac#ie$e arelated control obecti$e

Corporate e'c#an(e rate An e'c#an(e rate, &#ic# can be u!ed optionall% to perform forei(n currenc%con$er!ion) T#e corporate e'c#an(e rate i! (enerall% a !tandard mar"et rate

determined b% !enior financial mana(ement for u!e t#rou(#out t#e or(ani.ation)

Corre!pond To belon( to t#e !ame "e% pair *See also public "e%- pri$ate "e%+

Coo"ie A me!!a(e "ept in t#e &eb bro&!er for t#e purpo!e of identif%in( u!er! and

po!!ibl% preparin( cu!tomi.ed &eb pa(e! for t#em) 6or t#e fir!t time, a u!er ma%

be re1uired to (o t#rou(# a re(i!tration proce!!) Sub!e1uent to t#i!, &#ene$er t#e

coo"ie/! me!!a(e i! !ent to t#e !er$er, a cu!tomi.ed $ie&, ba!ed on t#at u!er/! preference!, can be produced) T#e bro&!er/! implementation of coo"ie! #a!

#o&e$er brou(#t !e$eral !ecurit% concern!, allo&in( breac#e! of !ecurit% and t#e

t#eft of per!onal information *e)(), u!er pa!!&ord! t#at $alidate t#e u!er/! identit%and enable re!tricted &eb !er$ice!+)

Corporate (o$ernance T#e !%!tem b% &#ic# or(ani.ation! are directed and controlled) Board! of director! are re!pon!ible for t#e (o$ernance of t#eir or(ani.ation!) It con!i!t! of

t#e leader!#ip and or(ani.ational !tructure! and proce!!e! t#at en!ure t#eor(ani.ation !u!tain! and e'tend! !trate(ie! and obecti$e!)

Correcti$e control! T#e!e control! are de!i(ned to correct error!, omi!!ion! and unaut#ori.ed u!e! and

intru!ion! once t#e% are detected)

Correcti$e control! T#e!e control! are de!i(ned to correct error!, omi!!ion! and unaut#ori.ed u!e! and

intru!ion!, once t#e% are detected)

CS A report on Internal controlOAn Inte(rated 6rame&or"8 !pon!ored b% t#e

committee of !pon!orin( r(ani.ation! of t#e Tread &a% commi!!ion in 5::2)It

pro$ide! (uidance and a compre#en!i$e frame&or" of internal control for all

5:




or(ani.ation!)

Countermea!ure! An action, proce!!, de$ice or !%!tem t#at can pre$ent or miti(ate t#e effect! of

t#reat! to a computer, !er$er or net&or") In t#i! conte't, a t#reat i! a potential or actual ad$er!e e$ent t#at ma% be maliciou! or incidental, and t#at can compromi!e

t#e a!!et! of an enterpri!e or t#e inte(rit% of a computer or net&or" )Internal

control! are countermea!ure!, a! t#e% miti(ate t#e ri!"! pre!ented b% t#e t#reat!)

Countermea!ure!, can ta"e t#e form of !oft&are, #ard&are and mode! of be#a$ior)Couplin( Mea!ure of interconnecti$it% amon( !oft&are pro(ram module!/ !tructure)

Couplin( depend! on t#e interface comple'it% bet&een module!) T#i! can bedefined a! t#e point at &#ic# entr% or reference i! made to a module, and &#at data

pa!! acro!! t#e interface) In application !oft&are de!i(n, it i! preferable to !tri$e

for t#e lo&e!t po!!ible couplin( bet&een module!) Simple connecti$it% amon(module! re!ult! in !oft&are t#at i! ea!ier to under!tand, maintain and le!! prone to

a ripple or domino effect, cau!ed &#en error! occur at one location and propa(ate

t#rou(# a !%!tem)

Cu!tomer relation!#ip

mana(ement *CRM+

Cu!tomer relation!#ip mana(ement i! a &a% to identif%, ac1uire and retain

cu!tomer!) CRM i! al!o an indu!tr% term for !oft&are !olution! t#at #elp an

or(ani.ation mana(e cu!tomer relation!#ip! in an or(ani.ed manner)Co$era(e T#e proportion of "no&n attac"! detected b% an intru!ion detection !%!tem)

Credentialed anal%!i! In $ulnerabilit% anal%!i!, pa!!i$e monitorin( approac#e! in &#ic# pa!!&ord! or

ot#er acce!! credential! are re1uired) T#i! !ort of c#ec" u!uall% in$ol$e!acce!!in( a !%!tem data obect)

Credit ri!" T#e ri!" to earnin(! or capital ari!in( from an obli(or/! failure to meet t#e term!of an% contract &it# t#e ban" or ot#er&i!e to perform a! a(reed) Internet ban"in(

pro$ide! t#e opportunit% for band! to e'pand t#eir (eo(rap#ic ran(e) Cu!tomer!

can reac# a (i$en ban" from literall% an%&#ere in t#e &orld) In dealin( &it#cu!tomer! o$er t#e internet, ab!ent an% per!onal contact, it i! c#allen(in( for

ban"! to $erif% t#e (ood fait# of t#eir cu!tomer!, &#ic# i! an important element inma"in( !ound credit deci!ion!)

Criteria T#e !tandard! and benc#mar"! u!ed to mea!ure and pre!ent t#e !ubect matter and

a(ain!t &#ic# t#e IS auditor e$aluate! t#e !ubect matter) Criteria !#ould be-

becti$e 3 free from bia!Mea!urable 3 pro$ide for con!i!tent mea!urement

Complete 3 include all rele$ant factor! to reac# a conclu!ion

Rele$ant 3 relate to t#e !ubect matter

Critical Information Data determined b% t#e data o&ner a! mi!!ion critical or e!!ential to bu!ine!!

purpo!e!)

Cro!!3 certification A certificate i!!ued b% one certification aut#orit% to a !econd certification aut#orit%

and $erifie! t#e certificate! it #a! created) ften cro!! certification refer!!pecificall% to certificate! i!!ued to eac# ot#er b% t&o CA! at t#e !ame le$el in a

#ierarc#%)

A Certificate u!ed to e!tabli!# a tru!t relation!#ip bet&een t&o Certif%in(Aut#oritie!)

Cr%pto(rap#ic Al(orit#m A clearl% !pecified mat#ematical proce!! for computation- a !et of rule! t#at produce a pre!cribed re!ult)

Cr%pto(rap#% T#e art of de!i(nin(, anal%.in( and attac"in( cr%pto(rap#ic !c#eme!)

20




databa!e)

Data inte(rit% T#e propert% t#at data meet &it# a priorit% e'pectation of 1ualit% and t#at t#e data

can be relied upon)

A condition in &#ic# data #a! not been altered or de!tro%ed in an unaut#ori.ed

manner *See also t#reat- compromi!e+)Data lea"a(e Sip#onin( out or lea"in( information b% dumpin( computer file! or !tealin(

computer report! and tape!

Data o&ner Indi$idual!, normall% mana(er! or director!, &#o #a$e re!pon!ibilit% for t#e

inte(rit%, accurate reportin( and u!e of computeri.ed data

Data !ecurit% T#o!e control! t#at !ee" to maintain confidentialit%, inte(rit% and a$ailabilit% of

information)

T#e practice of protectin( data from accidental or maliciou! modification,

de!truction, or di!clo!ure)

Data !tructure T#e relation!#ip! amon( file! in a databa!e and amon( data item! &it#in eac# file

Databa!e A !tored collection of related data needed b% or(ani.ation! and indi$idual! to meett#eir information proce!!in( and retrie$al re1uirement!

Databa!e admini!trator

*DBA+

An indi$idual or department re!pon!ible for t#e !ecurit% and information

cla!!ification of t#e !#ared data !tored on a databa!e !%!tem) T#i! re!pon!ibilit%include! t#e de!i(n, definition and maintenance of t#e databa!e)

Databa!e mana(ement!%!tem *DBMS+

A comple' !et of !oft&are pro(ram! t#at control t#e or(ani.ation, !tora(e andretrie$al of data in a databa!e) It al!o control! t#e !ecurit% and inte(rit% of t#e

databa!e)

Databa!e replication T#e proce!! of creatin( and mana(in( duplicate $er!ion! of a databa!e)

Replication not onl% copie! a databa!e but al!o !%nc#roni.e! a !et of replica! !o

t#at c#an(e! made to one replica are reflected in all t#e ot#er!) T#e beaut% or replication i! t#at it enable! man% u!er! to &or" &it# t#eir o&n local cop% of a

databa!e but #a$e t#e databa!e updated a! if t#e% &ere &or"in( on a !in(le

centrali.ed databa!e) 6or databa!e application! &#ere (eo(rap#icall% u!er! are

di!tributed &idel%, replication i! often t#e mo!t efficient met#od of databa!eacce!!)

Databa!e !pecification! T#e!e are t#e re1uirement! for e!tabli!#in( a databa!e application) T#e% includefield definition!, field re1uirement!, and reportin( re1uirement! fir t#e indi$idual

information in t#e databa!e)

Data(ram A pac"et *encap!ulated &it# a frame containin( information+, &#ic# i! tran!mitted

in a pac"et3!&itc#in( net&or" from !ource to de!tination

Data3oriented !%!tem!de$elopment

T#e purpo!e i! to pro$ide u!able data rat#er t#an a function) T#e focu! of t#ede$elopment i! to pro$ide ad #oc reportin( for u!er! b% de$elopin( a !uitable

acce!!ible databa!e of information)

DDoS *di!tributed denial3

of3!er$ice+attac"

A denial3of3!er$ice *DoS+ a!!ault from multiple !ource!- !ee DoS

Decentrali.ation T#e proce!! of di!tributin( computer proce!!in( to different location! &it#in an

or(ani.ation

Deci!ion !upport

!%!tem!*DSS+

An interacti$e !%!tem t#at pro$ide! t#e u!er &it# ea!% acce!! to deci!ion model!

and data, to !upport !emi !tructured deci!ion3ma"in( ta!"!

22




Deco% !er$er See #one% pot,

Decr%ption "e% A piece of information, in a di(iti.ed form, u!ed to reco$er t#e plainte't from t#e

corre!pondin( cip#er te't b% decr%ption

Decr%ption A tec#ni1ue u!ed to reco$er t#e ori(inal plainte't from t#e cip#er te't, !uc# t#at it

i! intelli(ible to t#e reader) T#e decr%ption i! a re$er!e proce!! of t#e encr%ption)

Default den% polic% A polic% &#ereb% acce!! i! denied unle!! it i! !pecificall% allo&ed) T#e in$er!e! of

default allo&)Default pa!!&ord T#e pa!!&ord u!ed to (ain acce!! &#en a !%!tem i! fir!t in!talled on a computer or

net&or" de$ice) T#ere i! a lar(e li!t publi!#ed on t#e interne and maintained at

!e$eral location!) 6ailure to c#an(e t#e!e after t#e in!tallation lea$e! t#e !%!tem$ulnerable)

De(au!! To appl% a $ariable, alternatin( current *AC+ field for t#e purpo!e of dema(neti.in( ma(netic recordin( media) T#e proce!! in$ol$e! increa!in( t#e AC

field (raduall% from .ero to !ome ma'imum $alue and bac" to .ero, &#ic# lea$e!

a $er% lo& re!idue of ma(netic induction on t#e media) De(au!! loo!el% mean! toera!e)

Demo Certificate A Di(ital Si(nature Certificate i!!ued b% a Certif%in( Aut#orit% to be u!ed

e'clu!i$el% for demon!tration and pre!entation purpo!e! and not for an% !ecure or confidential communication! Demo Di(ital Si(nature Certificate! ma% be u!ed b%

aut#ori.ed per!on! onl%)

Demodulation T#e proce!! of con$ertin( an analo( telecommunication! !i(nal into a di(ital

computer !i(nal

Detailed IS control! Control! o$er t#e ac1ui!ition, implementation, deli$er% and !upport of IS !%!tem!

and !er$ice!) T#e% are made up of application control! plu! t#o!e (eneral control!

not included in per$a!i$e control!)

Detection ri!" T#e r i!" t#at material error! or mi!!tatement! t#at #a$e occurred &ill not be

detected b% t#e IS auditor

Detecti$e control T#e!e control! e'i!t to detect and report &#en error!, omi!!ion! and unaut#ori.ed

u!e or entr% occur)Dial3bac" ?!ed a! a control o$er dial3up telecommunication! line!) T#e telecommunication!

lin" e!tabli!#ed t#rou(# dialup into t#e computer from a remote location i!

interrupted !o t#e computer can dial bac" to t#e caller) T#e lin" i! permitted onl% if t#e caller i! from a $alid p#one number or telecommunication! c#annel)

Dial3in acce!! control! Control! t#at pre$ent unaut#ori.ed acce!! from remote u!er! t#at attempt to acce!!a !ecured en$ironment) T#e!e control! ran(e from dial3bac" control! to remote

u!er aut#entication)

Di(ital certificate A certificate identif%in( a public "e% to it! !ub!criber, corre!pondin( to a pri$ate

"e% #eld b% t#at !ub!criber) It i! a uni1ue code t#at t%picall% i! u!ed to allo& t#e

aut#enticit% and inte(rit% of communicated data to be $erified)

Di(ital CertificateApplicant

A per!on t#at re1ue!t! t#e i!!uance of a public "e% Di(ital Si(nature Certificate b%a Certif%in( Aut#orit% *See also CA applicant- !ub!criber+)

Di(ital Certificate

Application

A re1ue!t from a Di(ital Si(nature Certificate applicant *or aut#ori.ed a(ent+ to a

Certif%in( Aut#orit% for t#e i!!uance of a Di(ital Si(nature Certificate *See also

certificate applicant- certificate !i(nin( re1ue!t+)

Di(ital certification A proce!! to aut#enticate *or certif%+ a part%/! di(ital !i(nature, carried out b%

tru!ted t#ird partie!)

Di(ital !i(nature A piece of information, a di(iti.ed form of !i(nature, t#at pro$ide! !ender

aut#enticit%, me!!a(e inte(rit% and no repudiation) A di(ital !i(nature i! (enerated

2;




u!in( t#e !ender/!

ri$ate "e% or appl%in( a one3 &a% #a!# function)

Mean! aut#entication of an% electronic record b% a !ub!criber b% mean! of an

electronic met#od or procedure in accordance &it# t#e pro$i!ion! of t#e Act)

Di(ital Si(nature

Certificate

Mean! a Di(ital Si(nature Certificate i!!ued under t#e Act)

Di!a!ter tolerance Di!a!ter tolerance i! t#e time tap t#e bu!ine!! can accept t#e non3a$ailabilit% of ITfacilitie!)

Direct reportin(en(a(ement

An en(a(ement &#ere mana(ement doe! not ma"e a &ritten a!!ertion about t#eeffecti$ene!! of t#eir control procedure!, and t#e IS auditor pro$ide! an opinion

about !ubect matter directl%, !uc# a! t#e effecti$ene!! if t#e control procedure!

Di!co$er% !amplin( A form of attribute !amplin( t#at i! u!ed to determine a !pecified probabilit% of

findin( at lea!t one e'ample of an occurrence*attribute+ in a population

Di!cretionar% acce!!

control*DAC+

A protection t#at ma% be acti$ated or modified b% t#e data o&ner at #i!9#er

di!cretion) T#i! &ould be t#e ca!e of data =o&ner3defined !#arin( of information

re!ource!, &#ere t#e data o&ner ma% !elect &#o can acce!! #i!9#er re!ource and

t#e !ecurit% le$el of t#e acce!!) Di!cretionar% acce!! control! cannot o$erride

mandator% acce!! control!, t#e% act a! an additional filter, pro#ibitin( !till moreacce!! &it# t#e !ame e'clu!ionar% principle)

Di!"le!! &or"!tation! A &or"!tation or C on a net&or" t#at doe! not #a$e it! o&n di!") In!tead, it

!tore! file! on a net&or" file !er$er)

Di!tin(ui!#ed ame A !et of data t#at identifie! a real3&orld entit%, !uc# a! a per!on in a computer3

ba!ed conte't)

Di!tributed data

proce!!in( net&or"

A !%!tem of computer! connected to(et#er b% a communication! net&or") Eac#

computer proce!!e! it! data, and t#e net&or" !upport! t#e !%!tem a! a &#ole) Suc#

a net&or" en#ance! communication amon( t#e lin"ed computer! and allo&!

acce!! to !#ared file!)

DMP *demilitari.ed

.one+

Commonl% it i! t#e net&or" !e(ment bet&een t#e internet and a pri$ate net&or") It

allo&! acce!! to !er$ice! from t#e internet and t#e internal pri$ate net&or", &#ileden%in( acce!! from t#e internet directl% to t#e pri$ate net&or")

DS *domain name!%!tem+

A #ierarc#ical databa!e t#at i! di!tributed acro!! t#e internet t#at allo&! name! to be re!ol$ed into I addre!!e! *and $ice $er!a+ to locate !er$ice! !uc# a! &eb and e3

mail !er$er!

Doe! *denial3of3!er$ice+

Attac"

An a!!ault on a !er$ice from a !in(le !ource t#at flood! it &it# !o man% re1ue!t!

t#at it become! o$er&#elmed and i! eit#er !topped completel% or operate! at a

!i(nificantl% reduced rate

DS poi!onin( Domain name !%!tem poi!onin( al!o called DS cac#e poi!onin( or cac#e

poi!onin( corrupt! t#e table of an internet !er$er/! DS replacin( an Internet

addre!! &it# t#e addre!! of anot#er $a(rant or !coundrel addre!!) If a >eb u!er

loo"! for t#e pa(e &it# t#at addre!!, t#e re1ue!t i! redirected b% t#e !coundrelentr% in t#e table to a different addre!!) Cac#e poi!onin( differ! from anot#er form

of DS poi!onin(, in &#ic# t#e attac"er !poor! $alid e3 mail account! and fl:ood!t#e inbo'e! of admini!trati$e and tec#nical contact!) Cac#e poi!onin( i! related to

?R poi!onin( or location poi!onin(, &#ere an Internet u!er be#a$ior i! trac"ed

b% addin( an identification number to t#e location line of t#e bro&!er t#at can be

recorded a! t#e u!er $i!it! !ucce!!i$e pa(e! on t#e !ite)

Document A record con!i!tin( of information in!cribed on a tan(ible medium !uc# a! paper

rat#er t#an computer3ba!ed information *See also me!!a(e- record+

2




Do&nloadin( T#e act of tran!ferrin( computeri.ed information from one computer to anot#er

computer

Do&ntime report A report t#at identifie! t#e elap!ed time &#en a computer i! not operatin( correctl%

becau!e of mac#ine failure

Dr%3pipe fire e'tin(ui!#er

!%!tem

Refer! to a !prin"ler !%!tem t#at doe! not #a$e &ater in t#e pipe! durin( idle

u!a(e, unli"e a full% c#ar(ed fire e'tin(ui!#er !%!tem t#at #a! &ater in t#e pipe! at

all time!) T#e dr%3pipe !%!tem i! acti$ated at t#e time of t#e fire alarm, and &ater

i! emitted to t#e pipe! from a &ater re!er$oir for di!c#ar(e to t#e location of t#efore)

Due care Dili(ence &#ic# a per!on &ould e'erci!e under a (i$en !et of circum!tance!

Due profe!!ional

Care

Dili(ence &#ic# a per!on, &#o po!!e!!e! a !pecial !"ill, &ould e'erci!e under a

(i$en !et of circum!tance!

Dumb terminal A di!pla% terminal &it#out proce!!in( capabilit%) Dumb terminal! are dependent

upon t#e main computer for proce!!in( All entered data are accepted &it#out

furt#er editin( or $alidation)

Duple' routin( T#e met#od or communication mode of routin( data o$er t#e communication

net&or" *al!o !ee #alf duple' and full duple'+

Do&ntime report A report t#at identifie! t#e elap!ed time &#en a computer i! not operatin( correctl% becau!e of mac#ine failure

Dumb terminal A di!pla% terminal &it#out proce!!in( capabilit%) Dumb terminal! are dependent

upon t#e main computer for proce!!in() All entered data are accepted &it#out

furt#er editin( or $alidation)

Duple' routin( T#e met#od or communication mode of routin( data o$er t#e communication

net&or" *al!o !ee #alf duple' and full duple'+

D%namic anal%!i! Anal%!i! t#at i! performed in real time or in continuou! form

EBCDIC*E'tended

Binar%3coded Decimal

Interc#an(e code+

An 3bit code repre!entin( 2FG c#aracter!- u!ed in mo!t lar(e computer !%!tem!)

An 3bit code repre!entin( 2FG c#aracter!- u!ed in mo!t lar(e computer !%!tem!)

Ec#o c#ec"! Detect! line error! b% retran!mittin( data bac" to t#e !endin( de$ice for compari!on&it# t#e ori(inal tran!mi!!ion

e3commerce Defined b% ISACA a! t#e proce!!e! b% &#ic# or(ani.ation! conduct bu!ine!!electronicall% &it# t#eir cu!tomer!, !upplier! and ot#er e'ternal bu!ine!! partner!,

u!in( t#e internet a! an enablin( tec#nolo(%, it t#erefore encompa!!e! bot#

bu!ine!!3to3bu!ine!! *B2B+ and bu!ine!!3to con!umer *B2C+e3Commerce model!,

but doe! not include e'i!tin( non3Internet e3Commerce met#od! ba!ed on pri$atenet&or"! !uc# a! EDI and S>I6T)

Edit control! Detect! error! in t#e input portion of information t#at i! !ent to t#e computer for proce!!in() T#e control! ma% be manual or automated and allo& t#e u!er to edit

data error! before proce!!in()

Editin( Editin( en!ure! t#at data conform to predetermined criteria and enable earl%

identification of potential error!)

Electronic ca!# An electronic form functionall% e1ui$alent to ca!# in order to ma"e and recei$e

pa%ment! in c%ber ban"in(

2F




Electronic data

interc#an(e *EDI+

T#e electronic tran!mi!!ion of tran!action! *information+ bet&een t&o

or(ani.ation!) EDI promote! a more efficient paperle!! en$ironment) EDI

tran!mi!!ion! can replace t#e u!e of !tandard document!, includin( in$oice! or purc#a!e order!)

Electronic 6orm >it# reference to information mean! an% information (enerated, !ent, recei$ed or !tored in media, ma(netic, optical, computer memor%, micro3film, computer

(enerated micro fic#e or !imilar de$ice

Electronic fund! tran!fer *E6T+

T#e e'c#an(e of mone% $ia telecommunication!) E6T refer! to an% financialtran!action t#at ori(inate! at a terminal and tran!fer! a !um of mone% from one

account to anot#er)

Electronic Mail *E3

Mail8+

Me!!a(e! !ent, recei$ed or for&arded in di(ital form $ia a computer3ba!ed

communication mec#ani!m)

Electronic Record Mean! data, record or data (enerated, ima(e or !ound !tored, recei$ed or !ent in an

electronic form or microfilm or computer (enerated micro3fic#e)

Electronic !i(nature An% tec#ni1ue de!i(ned to pro$ide t#e electronic e1ui$alent of a #and&ritten

!i(nature to demon!trate t#e ori(in and inte(rit% of !pecific data) Di(ital !i(nature!

are an e'ample of electronic !i(nature!)

Electronic $aultin( A data reco$er% !trate(% t#at allo&! or(ani.ation! to reco$er data &it#in #our! after

a di!a!ter) It include! reco$er% of data from an off!ite !tora(e media t#at mirror!data $ia a communication lin") T%picall% u!ed fir batc#9ournal update! to criticalfile! to !upplement full bac"up! ta"en periodicall%)

E3mail9interper!onalme!!a(in(

An indi$idual u!in( a terminal, E or an application can acce!! a net&or" to !endan un!tructured me!!a(e to anot#er indi$idual or (roup of people)

Embedded audit module A !creenin( proce!! t#at i! incorporated into t#e re(ular production pro(ram!) T#emodule !elect! item! durin( t#e re(ular production run! t#at fulfill certain criteria

e!tabli!#ed b% t#e IS auditor and u!uall% output! or copie! t#e!e item! to a file or

report)

Encap!ulation *obect!+ Encap!ulation i! t#e tec#ni1ue u!ed b% la%ered protocol! in &#ic# a lo&er la%er

protocol accept! a me!!a(e from a #i(#er3la%er protocol and place! it in t#e data

portion of a frame in t#e lo&er la%er)Encr%ption A tec#ni1ue u!ed to protect t#e plainte't, b% codin( t#e data !o it i! unintelli(ible to

t#e reader)

T#e proce!! of tran!formin( plainte't data into an unintelli(ible form *cip#er te't+

!uc# t#at t#e ori(inal data eit#er cannot be reco$ered *one3&a% encr%ption+ or cannot be reco$ered &it#out u!in( an in$er!e decr%ption proce!! *t&o3&a%

encr%ption+)

Encr%ption "e% A piece of information, in a di(iti.ed form, u!ed b% an encr%ption al(orit#m to

con$ert t#e plainte't to t#e cip#er te't

End3u!er computin( T#e abilit% of end u!er! to de!i(n and implement t#eir o&n information !%!tem,utili.in( computer !oft&are product!

En(a(ement letter 6ormal document &#ic# define! t#e IS auditor/! re!pon!ibilit%) aut#orit% and

accountabilit% for a !pecific a!!i(nment

Enterpri!e (o$ernance A broad and &ide3ran(in( concept of corporate (o$ernance) Co$erin( a!!ociated

or(ani.ation! !uc# a! (lobal !trate(ic alliance partner!) *!ource- control becti$e!

for Enterpri!e o$ernance Di!cu!!ion Document, publi!#ed b% t#e information

!%!tem! Audit and control 6oundation in 5:::+

2G




Enterpri!e re!ource

plannin(

6ir!t, it denote! t#e plannin( and mana(ement of re!ource! in an enterpri!e)

Second, it denote! a !oft&are !%!tem t#at can be u!ed to mana(e &#ole bu!ine!!

proce!!e!) Inte(ratin( purc#a!in(, in$entor%, per!onnel, cu!tomer !er$ice, !#ippin(,financial mana(ement and ot#er a!pect! of t#e bu!ine!!) An ER !%!tem t%picall% i!

ba!ed on a common databa!e, $ariou! inte(rated bu!ine!! proce!! application

module! and bu!ine!! anal%!i! tool!

Error

Error control de$iation! *compliance te!tin(+or mi!!tatement! *!ub!tanti$e te!tin(+Error ri!" T#e ri!" of error! occurrin( in t#e area bein( audited

Enterpri!e re!ource plannin( *ER+

An enterpri!e re!ource plannin( !%!tem i! an inte(rated !%!tem i! an inte(rated!%!tem containin( multiple bu!ine!! !ub!%!tem!) E'ample! include SA, racle

6inancial! and @)D) Ed&ard!)

E!cro& a(ent A per!on, a(enc% or or(ani.ation t#at i! aut#ori.ed to act on be#alf of anot#er to

create a le(al relation!#ip &it# a t#ird part% in re(ard! to an e!cro& a(reement) In

ot#er &ord!, an e!cro& a(ent i! t#e cu!todian of an a!!et accordin( to an e!cro&a(reement) A! it relate! to a cr%pto(rap#ic "e%, it i! t#e a(enc% or or(ani.ation

c#ar(ed &it# t#e re!pon!ibilit% for !afe(uardin( t#e "e% component! of t#e uni1ue

"e%)E!cro& a(reement A le(al arran(ement &#ereb% an a!!et *often mone%, but !ometime! ot#er propert%

!uc# a! art, a deed of title, &eb !ite, !oft&are !ource code or cr%pto(rap#ic "e%+i!

deli$ered to a t#ird part% *called an e!cro& a(ent+ to be #eld in tru!t or ot#er&i!e pendin( a contin(enc% or t#e fulfillment of a condition or condition! in a contract)

?pon t#at e$ent occurrin(, t#e e!cro& a(ent &ill deli$er t#e a!!et to t#e proper

percipient- ot#er&i!e t#e e!cro& a(ent i! bound b% #i!9#er fiduciar% dut% tomaintain t#e e!cro& account) Source code e!cro& mean! depo!it of t#e !ource code

for t#e !oft&are into an account #eld b% an e!cro& a(ent) E!cro& i! t%picall%

re1ue!ted b% part% licen!in( !oft&are *e) (), licen!ee or bu%er+, to en!uremaintenance of t#e !oft&are, T#e !oft&are !ource code i! relea!ed b% t#e e!cro&

a(ent to t#e licen!ee if t#e licen!or *e) (), !eller or contractor+ file! for ban"ruptc%or ot#er&i!e fail! to maintain update t#e !oft&are a! promi!ed in t#e !oft&are

licen!e a(reement)

Et#ernet A popular net&or" protocol and cablin( !c#eme t#at u!e! a bu! topolo(% and

CSMA9CD *carrier !en!e multiple acce!!9colli!ion detection+ to pre$ent net&or" failure! or colli!ion! &#en t&o de$ice! tr% to acce!! t#e net&or" at t#e !ame time

E$idence T#e information an auditor (at#er! in t#e cour!e of performin( an IS audit,E$idence i! rele$ant if it pertain! to t#e audit obecti$e! and #a! a lo(ical

relation!#ip to t#e findin(! and conclu!ion! it i! u!ed to !upport)

E'ception report! An e'ception report i! (enerated b% a pro(ram t#at identifie! tran!action! or datat#at appear to be incorrect) T#e!e item! ma% be out!ide a predetermined ran(e or

ma% nit conform to !pecified criteriaE'ecutable code3R

*R+

T#e R operation i! a Boolean operation t#at produce! a 0if it! t&o Boolean

input! are t#e !ame *0and 0 or 5if it! t&o in put! are different *5and 0+) In ot#er

&ord!, t#e e'clu!i$e3R operator return! a $alue of TR?E onl% if u!t one of it!operand! i! TR?E) nl% if u!t one of it! operand! i! TR?E) In contra!t, an

inclu!i$e3R operator return! a $alue of TR?E if eit#er or bot# of it! operand! are

TR?E)

E'ecutable code T#e mac#ine lan(ua(e code t#at i! (enerall% referred to a! t#e obect or load

module

27




E'pert !%!tem! E'pert !%!tem #a! a built in #ierarc#% of rule! &#ic# are ac1uired from #uman

e'pert! in t#e appropriate field) nce input i! pro$ided t#e !%!tem !#ould be able to

define t#e nature of t#e problem and pro$ide recommendation! to !ol$e t#e problem)

E'po!ure A potentiall% ad$er!e re!ult or con!e1uence to be con!idered in t#e e$aluation of internal control!) Stren(t#enin( internal control! can reduce e'po!ure but !eldom

eliminate! it)

E'tended Binar%3codedDecimal Interc#an(e

Code !ee EBCDIC

A n 3bit code repre!entin( 2FG c#aracter!- u!ed in mo!t lar(e computer !%!tem!

E'ten!ible Mar"up

an(ua(e *M+

romul(ated t#rou(# t#e >orld >ide >eb con!ortium, M i! a &eb3ba!ed

application de$elopment tec#ni1ue t#at allo&! de!i(ner! to create t#eir o&n

cu!tomi.ed ta(!, t#u!, enablin( t#e definition, tran!mi!!ion, $alidation andinterpretation of data bet&een application! and or(ani.ation!

E'ten!ion! E'ten!ion field! in F0: $; certificate! *See F0:+)

E'tranet A pri$ate net&or" t#at re!ide! on t#e Internet and allo&! a compan% to !ecurel%

!#are bu!ine!! information &it# cu!tomer!, !upplier!, or ot#er bu!ine!!e!, a! &ill a!

to e'ecute electronic tran!action!) It i! different from an Intranet in t#at it i! located be%ond t#e compan%/! fire&all) T#erefore, an E'tranet relie! on t#e!e of !ecurel%

i!!ued di(ital certificate! *or alternati$e met#od! of u!er aut#entication+ and

encr%ption of me!!a(e!) A $irtual pri$ate net&or" *J+ and tunnelin( are often

u!ed to implement E'tranet!, to en!ure !ecurit% and pri$ac%)

E'ten!ion!

E'ten!ion field! in F0: $; certificate! *See F0:+

E'ternal router T#e router at t#e e'tra me ed(e of t#e net&or" under control, u!uall% connected to

an IS or t#ere !er$ice pro$ider- al!o "no&n a! border router

6allbac" procedure! A plan of action or !et of procedure! to be performed if a !%!tem implementation,up(rade or modification doe! not &or" a! intended) T#e!e ma% in$ol$e re!torin(

t#e !%!tem to it! !tate prior to t#e implementation or c#an(e) 6allbac" procedure!are needed to en!ure t#at normal bu!ine!! proce!!e! continue in t#e e$ent of

failure and !#ould al&a%! be con!idered in !%!tem mi(ration or implementation)

6al!e aut#ori.ation Al!o called fal!e acceptance, it occur! &#en an unaut#ori.ed per!on i! identified

a! an aut#ori.ed per!on b% t#e biometric !%!tem)

6al!e enrollment ccur! &#en an unaut#ori.ed per!on mana(e! to enroll in to t#e biometric !%!tem

*enrollment i! t#e initial proce!! of ac1uirin( a biometric feature and !a$in( it a! a

per!onal reference on a !mart card, a C or in a central databa!e+)

6ail3o$er T#e tran!fer of !er$ice from an incapacitated primar% component to it! bac"up

component6oil3!afe De!cribe! t#e de!i(n propertie! of a computer !%!tem t#at allo& it to re!i!t acti$e

attempt! to attac" or b%pa!! it

6al!e ne(ati$e In intru!ion detection, an error t#at occur! &#en an attac" i! mi!dia(no!ed a! a

normal acti$it%

6al!e po!iti$e In intru!ion detection, an error t#at occur! &#en a normal acti$it% i! mi!dia(no!ed

a! an attac"

6ault tolerance A !%!tem/! le$el of re!ilience to !eamle!!l% react from #ard&are and9or !oft&arefailure

2




6ea!ibilit% !tud% A p#a!e of an SDC met#odolo(% t#at re!earc#e! t#e fea!ibilit% and ade1uac% of

re!ource! for t#e de$elopment or ac1ui!ition of a !%!tem !olution to a u!er need

6iber3optic cable la!! fiber! t#at tran!mit binar% !i(nal! o$er a telecommunication! net&or")

6iber3optic !%!tem! #a$e lo& tran!mi!!ion !a!!e! a! compared to t&i!ted3pair

cable!) T#e% do not radiate ener(% or conduct electricit%) T#e% are free fromcorruption, li(#tnin(3induced interference and reduce t#e ri!" of &iretap!)

6ield An indi$idual data element in a computer record) E'ample! include emplo%ee

name, cu!tomer addre!!, account number, product unit price and product 1uantit%in !toc")

6ile A named collection lf related record!

6ile allocation table

*6AT+

A table u!ed b% t#e operatin( !%!tem to "eep trac" of &#ere e$er% file i! located

on t#e di!") Since a file i! often fra(mented and t#u! !ubdi$ided into man% !ector!

&it#in t#e di!", t#e information !tored in t#e 6AT i! u!ed &#en loadin( or updatin( t#e content of t#e file)

6ile la%out Specifie! t#e len(t# of t#e file/! record and t#e !e1uence and !i.e of it! field!) Afile la%out al!o &ill !pecif% t#e t%pe of data contained &it#in eac# field) 6or

e'ample, alp#anumeric, .oned decimal) ac"ed and binar% are t%pe! of data)

6ile !er$er A #i(#3capacit% di!" !tora(e de$ice or a computer t#at !tore! data centrall% for net&or" u!er! and mana(e! acce!! to t#at data) 6ile !er$er! can be dedicated !o

t#at no proce!! ot#er t#an net&or" mana(ement can be e'ecuted &#ile t#e

net&or" i! a$ailable- file !er$er! can be no dedicated !o t#at !tandard u!er application! can run &#ile t#e net&or" i! a$ailable)

6ile Tran!fer rotocol*6T+

T#e application protocol t#at offer! file !%!tem acce!! from t#e Internet !uite of protocol!

6ilterin( router A router t#at i! confi(ured to control net&or" acce!! b% comparin( t#e attribute!of t#e incomin( or out(oin( pac"et! to a !et of rule!

6I *final+ A fla( !et in a pac"et to indicate t#at t#i! pac"et i! t#e final data pac"et i! t#e finaldata pac"et of t#e tran!mi!!ion

6inancial audit An audit de!i(ned to determine t#e accurac% of financial record! and information

6in(er A protocol and pro(ram t#at allo&! t#e remote identification of u!er! lo((ed into a!%!tem

6ire&all 9Double 6ire&all A de$ice t#at form! a barrier bet&een a !ecure and an open en$ironment) ?!uall%,t#e open en$ironment i! con!idered #o!tile) T#e mo!t notable #o!tile en$ironment

i! t#e internet) In ot#er &ord!, a fire&all enforce! a boundar% bet&een t&o or more

net&or"!)

ne of !e$eral t%pe! of intelli(ent de$ice! *!uc# a! router! or (ate&a%!+ u!ed to

i!olate net&or"! 6ire&all! ma"e it difficult for attac"er! to ump from net&or" to

net&or" A double fire&all i! t&o fire&all! connected to(et#er Double fire&all! areu!ed to minimi!e ri!" if one fire&all (et! compromi!ed or pro$ide addre!!

tran!lation function!)

6irm&are Memor% c#ip! &it# embedded pro(ram code t#at #old t#eir content &#en po&er i!

turned off

6i!cal %ear An% %earl% accountin( period &it#out re(ard to it! relation!#ip to a calendar %ear)

6orei(n e'c#an(e ri!" I! pre!ent &#en a financial a!!et or liabilit% i! denominated in a forei(n currenc%

or i! funded b% borro&in(! in anot#er currenc%

2:




6ormat c#ec"in( T#e application of an edit, u!in( a predefined field definition to a !ubmitted

information !team- a te!t to en!ure t#at data conform to a predefined format

6orei(n "e% A forei(n "e% i! a $alue t#at repre!ent! a reference to a duple *a ro& in a table+

containin( t#e matc#in( candidate "e% $alue *in t#e relational t#eor% it &ould be a

candidate "e%, but in real DBMS implementation! it i! al&a%! t#e primar% "e%+)T#e problem of en!urin( t#at t#e databa!e doe! not include an% in$alid forei(n "e%

$alue! i! t#erefore "no&n a! t#ere referential inte(rit% problem) T#e con!traint t#at

$alue! of a (i$en forei(n "e% mu!t matc# $alue! of t#e corre!pondin( candidate"e% i! "no&n a! a referential con!traint) T#e relation *table+ t#at contain! t#eforei(n "e% i! referred a! t#e referencin( relation and t#e relation! t#at contain t#e

corre!pondin( candidate "e% a! t#e referenced relation or tar(et relation)

6ourt#3(eneration

lan(ua(e *+

En(li!#3 li"e u!er friendl%, nonprocedural computer lan(ua(e! u!ed to pro(ram

and9or read and proce!! computer file!

6rame rela% A pac"et3!&itc#ed &ide area net&or" tec#nolo(% t#at pro$ide! fa!ter performance

t#an older pac"et3!&itc#ed >A tec#nolo(ie!, !uc# a! )2F net&or"!, becau!e it

&a! de!i(ned for toda%/! reliable circuit! and perform! le!! ri(orou! error detection) 6rame rela% i! be!t !uited for data and ima(e tran!fer!) Becau!e of it!

$ariable3len(t# pac"et arc#itecture, it i! not t#e mo!t efficient tec#nolo(% for real3

time $oice and $ideo) In a frame3rela% net&or") End node! e!tabli!# a connection$ia a permanent $irtual circuit *JC+

6raud ri!" T#e ri!" t#at acti$itie! &ill include deliberate circum$ention of control! &it# t#e

intent to conceal t#e perpetuation of irre(ularitie!) T#e unaut#ori.ed u!e of a!!et!or !er$iced and abettin( or #elpin( to conceal)

6T *file tran!fer protocol+

A protocol u!ed to tran!fer file! o$er a TC9I net&or" *internet, ?I) etc)+

6ull duple' A communication! c#annel o$er &#ic# data can be !ent and recei$ed!imultaneou!l%

6unction In relation to a computer, include! lo(ic, control, arit#metical proce!!, deletion,

!tora(e and retrie$al and communication or telecommunication from or &it#in a

computer)6unction point anal%!i! A tec#ni1ue u!ed to determine t#e !i.e of a de$elopment ta!", ba!ed on t#e

number of function point!) 6unction point! are factor! !uc# a! input!, output!,

in1uirie! and lo(ical internal !ite!)

ate&a% A #ard&are9!oft&are pac"a(e t#at i! u!ed to connect net&or"! &it# different

protocol!) T#e (ate&a% #a! it! o&n proce!!or and memor% and can perform

protocol and band&idt# con$er!ion!)

Hard&are or !oft&are t#at i! u!ed to tran!late protocol! bet&een t&o or more!%!tem!)

eneral computer control!

Control!, ot#er t#an application control!, &#ic# relate to t#e en$ironment &it#in&#ic# computer3ba!ed application !%!tem! are de$eloped, maintained and

operated, and &#ic# are t#erefore applicable to al application!) T#e obecti$e! of

(eneral control! are to en!ure t#e proper de$elopment and implementation of

application!, t#e inte(rit% of pro(ram and data file! and of computer operation!)i"e application control!, (eneral control! ma% be eit#er manual or pro(rammed)

;0




E'ample! of (eneral control! include t#e de$elopment and implementation of an

IS !trate(% and an IS !ecurit% polic%, t#e or(ani.ation of IS !taff to !eparate

conflictin( dutie! and plannin( for di!a!ter pre$ention and reco$er%)

enerali.ed audit

!oft&are

A computer pro(ram or !erie! of pro(ram! de!i(ned to perform certain automated

function!) T#e!e function! include readin( computer file!, !electin( data,manipulatin( data, !ortin( data, !ummari.in( data, performin( calculation!,

!electin( !ample! and printin( report! or letter! in a format !pecified b% t#e IS

auditor) T#i! tec#ni1ue include! !oft&are ac1uired or &ritten for audit purpo!e!and !oft&are embedded in production !%!tem!)

enerali.ed audit

!oft&are *AS+

Multipurpo!e audit !oft&are t#at can be u!ed for !uc# (eneral proce!!e!, !uc# a!

record !election, matc#in(, recalculation and reportin(

enerate a 4e% air A tru!t&ort#% proce!! of creatin( pri$ate "e%! durin( Di(ital Si(nature Certificate

application &#o!e corre!pondin( public "e%! are !ubmitted to t#e applicableCertif%in( Aut#orit% durin( Di(ital Si(nature Certificate application in a manner

t#at demon!trate! t#e applicant/! capacit% to u!e t#e pri$ate "e%)

eo(rap#ical information

!%!tem*IS+

A toll u!ed to inte(rate, con$ert, #andle, anal%.e and produce information

re(ardin( t#e !urface of t#e eart#) T#e!e data e'i!t a! map!, t#ree3dimen!ional

$irtual model!, li!t! and table!)

eo(rap#ic di!" mirrorin(

A data reco$er% !trate(% t#at ta"e! a !et of p#%!icall% di!parate di!"! and!%nc#ronou!l% mirror! t#em o$er #i(# performance communication line!) An%

&rite to a di!" on one !ide &ill re!ult in a &rite on t#e ot#er) T#e local &rite &illnot return until t#e ac"no&led(ement of t#e remote &rite i! !ucce!!ful)

o$ernance Corporate o$ernance !#ould !uffice)

Hard Cop% A cop% of computer output t#at i! printed on paper in a $i!uall% readable form- e( printed report!, li!tin(, and document!)

Hard&are Relate! to t#e tec#nical and p#%!ical feature! of t#e computer

Hac"er An indi$idual &#o attempt! to (ain unaut#ori.ed acce!! to a computer !%!tem

Half duple' A communication! c#annel t#at can #andle onl% one !i(nal at a time) T#e t&o

!tation! mu!t alternate t#eir tran!mi!!ion!)

Handprint !canner A biometric de$ice t#at i! u!ed to aut#enticate a u!er t#rou(# palm !can!

Harden To confi(ure a computer or ot#er net&or" de$ice to re!i!t attac"!

Ha!# function 9 Ha!# An al(orit#m t#at map! or tran!late! one !et of bit! into anot#er *(enerall%

!maller+ !o t#at a me!!a(e %ield! t#e !ame re!ult e$er% time t#e al(orit#m i!

e'ecuted u!in( t#e !ame me!!a(e a! input) It i! computationall% infea!ible for a

me!!a(e to be deri$ed or recon!tituted from t#e re!ult produced b% t#e re!ult produced b% t#e al(orit#m) It i! computationall% infea!ible to find t&o different

me!!a(e! t#at produce t#e !ame #a!# re!ult u!in( t#e !ame al(orit#m)

An al(orit#m t#at map! or tran!late! one !et of bit! into anot#er *(enerall%

!maller+ !et in !uc# a &a% t#at <

3A me!!a(e %ield! t#e !ame re!ult e$er% time t#e al(orit#m i! e'ecuted u!in( t#e!ame me!!a(e a! input,

3It i! computationall% infea!ible for a me!!a(e to be deri$ed or recon!tituted from

t#e re!ult produced b% t#e al(orit#m,

;5




3It i! computationall% infea!ible to find t&o different me!!a(e! t#at produce t#e

!ame #a!# re!ult u!in( t#e !ame al(orit#m)

Ha!# total T#e total of an% numeric data died on a document or computer file) T#i! total i!

c#ec"ed a(ain!t a control total of t#e !ame field to facilitate accurac% of proce!!in()

He'adecimal A numberin( !%!tem t#at u!e! a ba!e of 5G and u!e! 5G di(it!- 0, 5, 2, ;, , F, G, 7,

, :, A, B, C, D, E and 6)Help de!" A !er$ice offered $ia p#one9Internet b% an or(ani.ation to it! client! or emplo%ee!,

&#ic# pro$ide! information, a!!i!tance, and trouble!#ootin( ad$ice! re(ardin(!oft&are, #ard&are, or net&or"!) A #elp de!" i! !taffed b% people t#at can eit#er

re!ol$e t#e problem on t#eir o&n or e!calate t#e problem to !peciali.ed per!onnel)

A #elp de!" i! often e1uipped &it# dedicated CRM3t%pe !oft&are t#at lo(! t#e problem! and trac"! t#em until t#e% are !ol$ed)

Heuri!tic filter A met#od often emplo%ed b% anti! am !oft&are to filter !pam u!in( criteriae!tabli!#ed in a centrali.ed rule databa!e) E$er% e3mail me!!a(e i! (i$en a ran",

ba!ed upon it! #eader and content!, &#ic# i! t#en matc#ed a(ain!t pre!et

t#re!#old!) A me!!a(e t#at !urpa!!e! t#e t#re!#old &ill be fla((ed a! !pam and

di!carded, returned to it! !ender or put in a !pam director% for furt#er re$ie& b%t#e intended recipient)

Hierarc#ical databa!e A databa!e !tructured in a tree9foot or parent9c#ild relation!#ip) Eac# parent can#a$e man% c#ildren, but eac# c#ild ma% #a$e onl% one parent)

Hi(#3Securit% Pone An area to &#ic# acce!! i! controlled t#rou(# an entr% point and limited toaut#ori.ed, appropriatel% !creened per!onnel and properl% e!corted $i!itor! Hi(#3

Securit% Pone! !#ould be acce!!ible onl% from Securit% Pone!, and are !eparated

from Securit% Pone! and peration! Pone! b% a perimeter Hi(#3Securit% Pone!are monitored 2 #our! a da% a &ee" b% !ecurit% !taff, ot#er per!onnel or

electronic mean!)

Hone% pot A trap !et to detect, deflect or in !ome manner counteract attempt! at unaut#ori.ed

u!e of information !%!tem!) enerall%, it con!i!t! of a computer, data or a net&or" !ite t#at appear! to be part of a net&or" but &#ic# i! actuall% i!olated and

protected, and &#ic# !eem! to contain information or a re!ource t#at &ould be of $alue to attac"er!) Hone% pot! can carr% ri!"! to a net&or", and mu!t be #andled

&it# care) If t#e% are not properl% &alled off, an attac"er!) Hone% pot! can carr%

ri!"! to a net&or", and mu!t be #andled &it# care) If t#e% are not properl% &alledoff, an attac"er can u!e t#em to actuall% brea" in to a !%!tem) A #one% pot t#at

ma!1uerade! a! an open pro'% i! "no&n a! a !u(arcane) A #one% pot i! $aluable a!

a !ur$eillance and earl%3&arnin( tool) >#ile often a computer, a #one% pot can

ta"e on ot#er form!, !uc# a! file! or data record!, or e$en unu!ed I addre!! !pace)Hone% pot! !#ould #a$e no production $alue and, #ence, !#ould not !ee an%

le(itimate traffic or acti$it%) >#ate$er t#e% capture can t#en be !urmi!ed a!maliciou! or unaut#ori.ed) ne $er% practical implication of t#i! i! t#at Hone% pot! de!i(ned to t#&art !pam b% ma!1ueradin( a! !%!tem! of t#e t%pe! abu!ed b%

!pammer! to !end !pam can cate(ori.e t#e material t#e% trap 500 percent

accuratel%- it i! all illicit) A #one% pot need! no !pam3reco(nition capabilit%, nofilter to !eparate ordinar% e3mail form !pam) rdinar% E3mail ne$er come! to a

#one% pot)

Hot !ite A full% operational off!ite data proce!!in( facilit% e1uipped &it# bot# #ard&are

and !%!tem !oft&are to be u!ed in t#e e$ent if a di!a!ter

;2




HTT *#%per te't

tran!fer protocol+

A communication protocol u!ed to connect to !er$er! on t#e &orld >ide >eb) It!

primar% function i! to e!tabli!# a connection &it# a &eb !er$er and tran!mit

HTM pa(e! to t#e client bro&!er)

HTTS*#%per te't

tran!fer protocol !ecure+

A protocol for acce!!in( a !ecure &eb !er$er, &#ereb% all data tran!ferred i!

encr%pted

Hub A common connection point for de$ice! in a net&or", #ub! commonl% i! u!ed to

connect !e(ment! of a A) A can !ee all pac"et!)

#%perlin" I! an electronic pat#&a% t#at ma% be di!pla%ed in t#e form of #i(#li(#ted te't,(rap#ic! or a button t#at connect! one &eb pa(e &it# anot#er &eb pa(e addre!!Q

H%perte't A lan(ua(e, &#ic# enable! electronic document! t#at pre!ent information t#at, can

be connected to(et#er b% lin"! in!tead of bein( pre!ented !e1uentiall%, a! i! t#e

ca!e &it# normal te't)

H%perte't mar"up

lan(ua(e *HTM+

A lan(ua(e de!i(ned for t#e creation of &eb pa(e! &it# #%perte't and ot#er

information to be di!pla%ed in a &eb bro&!er) HTM i! u!ed to !tructureinformation333denotin( certain te't a! #eadin(!, para(rap#!, li!t! and !o on333 and

can be u!ed to de!cribe, to !ome de(ree, t#e appearance and !emantic! of a

document)

ICM *internet control

me!!a(e protocol+

A !et of protocol! t#at tallo& !%!tem! to communicate information about t#e !tate

of !er$ice! on ot#er !%!tem!) It i! u!ed, for e'ample, in determinin( &#et#er

!%!tem! are up, ma'imum pac"et !i.e! on lin"!, &#et#er a de!tination #o!t9net&or"9port i! a$ailable) Hac"er! t%picall% *abu!e+ u!e ICM to determine

information about t#e remote !ite)

Identification 9 Identif% T#e proce!! of confirmin( t#e identit% of a per!on Identification i! facilitated in

public "e% cr%pto(rap#% b% mean! of certificate!)

Identit% A uni1ue piece of information t#at mar"! or !i(nifie! a particular entit% &it#in adomain Suc# information i! onl% uni1ue &it#in a particular domain)

Idle !tandb% A fail3o$er proce!! in &#ic# t#e primar% node o&n! t#e re!ource (roup) T#e

bac"up node run! idle, onl% !uper$i!in( t#e primar% node) In ca!e of a primar%node outa(e, t#e bac"up node ta"e! o$er) T#e node! are prioriti.ed, &#ic# mean!

t#e !ur$i$in( node &it# t#e #i(#e!t priorit% &ill ac1uire t#e re!ource (roup) A#i(#er priorit% node oinin( t#e clu!ter &ill t#u! cau!e a !#ort !er$ice interruption)

IDS *intru!ion detection!%!tem+

An intru!ion detection !%!tem *IDS+ in!pect! net&or" acti$it% to identif%!u!piciou! pattern! t#at ma% indicate a net&or" or !%!tem attac" from !omeone

attemptin( to brea" into or compromi!e a !%!tem

IEEE *In!titute of Electrical and Electronic! En(ineer!+Opronounced I3triple3E, IEEE i!an or(ani.ation compo!ed of en(ineer!, !cienti!t! and !tudent!- T#e IEEE i! be!t

"no&n for de$elopin( !tandard! fir t#e computer and electronic! indu!tr%)

Ima(e proce!!in( T#e proce!! of electronicall% inputtin( !ource document! b% ta"in( an ima(e of

t#e document, t#ereb% eliminatin( t#e need for "e% entr%

Implementation life c%cle

re$ie&

Refer! to t#e control! t#at !upport t#e proce!! of tran!formation of t#e

or(ani.ation/! le(ac% information !%!tem! into t#e ER application!) T#i! &ould

lar(el% co$er all a!pect! of !%!tem! implementation and confi(uration, !uc# a!c#an(e mana(ement

Incremental te!tin( Deliberatel% te!tin( onl% t#e $alue3added functionalit% of a !oft&are component

Impact a!!e!!ment A !tud% of t#e potential future effect! of a de$elopment proect on current proect!and re!ource!) T#e re!ultin( document !#ould li!t t#e pro! and con! of pur!uin( a

;;




!pecific cour!e of action)

Imper!onation Imper!onation, a! a !ecurit% concept related to >indo&! T, allo&! a !er$er

application to temporaril% be8 t#e client in term! of acce!! to !ecure obect!)Imper!onation #a! t#ere po!!ible le$el!- identification, lettin( t#e !er$er act on

be#alf of t#e client- and dele(ation, t#e !ame a! imper!onation but e'tended to

remote !%!tem! to &#ic# t#e !er$er connect! *t#rou(# t#e pre!er$ation of

credential!+) Imper!onation b% imitatin( or cop%in( t#e identification, be#a$ior or action! of anot#er ma% al!o be u!ed in !ocial en(ineerin( to obtain ot#er&i!e

unaut#ori.ed p#%!ical acce!!)

Independence An IS auditor/! !elf3(o$ernance and freedom from conflict of intere!t and undue

influence) T#e IS auditor !#ould be free to ma"e #i!9#er o&n deci!ion!, not

influenced b% t#e or(ani.ation bein( audited and it! people *mana(er! andemplo%ee!+)

Independent appearance T#e out&ard impre!!ion of bein( elf3(o$ernin( and free from conflict of intere!tand undue influence

Independent attitude Impartial point of $ie& &#ic# allo&! t#e IS auditor to act obecti$el% and &it#fairne!!

Inde'ed !e1uential acce!!met#od *ISAM+

A di!" acce!! met#od t#at !tore! data !e1uentiall%, &#ile al!o maintainin( an inde'of "e% field! to all t#e record! in t#e file for direct acce!! capabilit%

Inde'ed !e1uential file A file format in &#ic# record! are or(ani.ed and can be acce!!ed, accordin( to a

ree!tabli!#ed "e% t#at i! part of t#e record

Information Include! data, te't, ima(e!, !ound, $oice, code!, computer pro(ramme!, !oft&are

and databa!e! or micro3film or computer (enerated micro fic#e)

Information A!!et! Mean! all information re!ource! utili.ed in t#e cour!e of an% or(ani!ation/!

bu!ine!! and include! all information, application !oft&are *de$eloped or purc#a!ed+, and tec#nolo(% *#ard&are, !%!tem !oft&are and net&or"!+

Information en(ineerin( Data3oriented de$elopment to tec#ni1ue! t#at &or" on t#e premi!e t#at data are att#e center of information proce!!in( and t#at certain data relation!#ip! are

!i(nificant to a bu!ine!! and mu!t be repre!ented in t#e data !tructure of it!!%!tem!

Information proce!!in(

facilit% *I6+

T#e computer room and !upport area!

Information !ecurit%

(o$ernance

T#e leader!#ip or(ani.ational !tructure! and proce!!e! t#at !afe(uard information)

Information Tec#nolo(%

Securit%

All a!pect! related to definin(, ac#ie$in(, and maintainin( confidentialit%,

inte(rit%, a$ailabilit%, accountabilit%, aut#enticit%, and reliabilit%

Information Tec#nolo(%

Securit% olic%

Rule!, directi$e! and practice! t#at (o$ern #o& information a!!et!, includin(

!en!iti$e information, are mana(ed, protected and di!tributed &it#in an

or(ani.ation and it! Information Tec#nolo(% !%!tem!)

In#erent ri!" T#e ri!" t#at a material error could occur, a!!umin( t#at t#ere are no relatedinternal control! to pre$ent or detect t#e error *Al!o !ee control ri!"+

;




In#eritance *obect!+ In#eritance refer! to databa!e !tructure! t#at #a$e a !trict #ierarc#% *no multiple

in#eritance+) In#eritance can initiate ot#er obect! irre!pecti$e of t#e cla!!

#ierarc#%, t#u! t#ere i! no !trict #ierarc#% if obect!,

Initial pro(ram load *I+ T#e initiali.ation procedure t#at cau!e! an operatin( !%!tem to be loaded into

!tora(e at t#e be(innin( of a &or"da% or after a !%!tem malfunction

Input control! Tec#ni1ue! and procedure! u!ed to $erif%, $alidate and edit data, to en!ure t#atonl% correct data are entered into t#e computer

In!tant me!!a(in( An online mec#ani!m or a form of real3time communication bet&een t&o or more people ba!ed on t%ped te't and multimedia data) T#e te't i! con$e%ed $ia

compute! or anot#er electronic de$ice *e)(), cell p#one or DA+ connected o$er a

net&or", !uc# a! t#e Internet)

Inte(rated !er$ice! di(italnet&or" *ISD+

A public end3to3end di(ital telecommunication! net&or" &it# !i(nalin(, !&itc#in(,and tran!port capabilitie! !upportin( a &ide ran(e of !er$ice acce!!ed b%

!tandardi.ed interface! &it# inte(rated cu!tomer control) T#e !tandard allo&!tran!mi!!ion of di(ital $oice, $ideo and data o$er G 4pb! line!)

Inte(rated te!t facilitie!*IT6+

A te!tin( met#odolo(% &#ere te!t data are proce!!ed in production !%!tem!) T#edata u!uall% repre!ent a !et of fictitiou! entitie! !uc# a! department!, cu!tomer!

and product!) utput report! are $erified to confirm t#e correctne!! of t#e

proce!!in()

Inte(rit% T#e accurac% and completene!! of information a! &ell a! to it! $alidit% in

accordance &it# bu!ine!! $alue! and e'pectation!

Intelli(ent terminal A terminal &it# built3in proce!!in( capabilit%) It #a! no di!" or tape !tora(e but #a!

memor%) T#e terminal interact! &it# t#e u!er b% editin( and $alidatin( data a!t#e% are entered prior to final proce!!in()

Intere!t rate ri!" I! t#e ri!" to earnin(! or capital ari!in( from mo$ement! in intere!t rate!) 6rom an

economic per!pecti$e, a ban" focu!e! on t#e !en!iti$it% of t#e $alue of it! a!!et!,liabilitie! and re$enue! to c#an(e! in intere!t rate!) Internet ban"in( ma% attract

depo!it!, loan! and ot#er relation!#ip! from a lar(er pool of po!!ible cu!tomer!

t#an ot#er form! of mar"etin() reater acce!! to cu!tomer! &#o primaril% !ee" t#e be!t rate or term reinforce! t#e need for mana(er! to maintain appropriate

a!!et9liabilit% mana(ement !%!tem!) T#i! !#ould include t#e abilit% to react 1uic"l%

to c#an(in( mar"et condition!)

Interface! te!tin( A te!tin( tec#ni1ue t#at i! u!ed to e$aluate output from one application, &#ile t#e

information i! !ent a! input to anot#er applicationIntermediar% >it# re!pect to an% particular electronic me!!a(e mean! an% per!on &#o on be#alf

of anot#er per!on recei$e!, !tore! or tran!mit! t#at me!!a(e or pro$ide! an%

!er$ice &it# re!pect to t#at me!!a(e

Internal control T#e policie!, procedure!, practice! and or(ani.ational !tructure! de!i(ned to

pro$ide rea!onable a!!urance t#at bu!ine!! obecti$e! &ill be ac#ie$ed and tatunde!ired e$ent! &ill be pre$ented or detected and corrected)

Internal control !tructure T#e d%namic, inte(rated proce!!e!, effected b% t#e (o$ernin( bod%, mana(ement

and all ot#er !taff, t#at are de!i(ned to pro$ide rea!onable a!!urance re(ardin( t#e

;F




ac#ie$ement of t#e follo&in( (eneral obecti$e!-

Effecti$ene!!, efficienc% and econom% of operation!

Reliabilit% of mana(ementCompliance &it# applicable la&!, re(ulation! and internal policie!

Mana(ement/! !trate(ie! for ac#ie$in( t#e!e (eneral obecti$e! are affected b% t#ede!i(n and operation of t#e follo&in( component!-

Control en$ironmentInformation !%!tem

Control procedure!

Internal !tora(e T#e main memor% of t#e computer/! central proce!!in( unit

Internet 5+ T&o or more net&or"! connected b% a router- 2+ t#e &orld/! lar(e!t net&or" u!in( TC9I protocol! to lin" (o$ernment, uni$er!it% and commercial

in!titution!)

Internet ban"in( ?!e of t#e internet a! a remote deli$er% c#annel for ban"in( !er$ice!) Ser$ice!

include t#e traditional one!, !uc# a! openin( an account or tran!ferrin( fund! to

different account!, and ne& ban"in( !er$ice!, !uc# a! electronic bill pre!entment

and pa%ment *allo&in( cu!tomer! to recei$e and pa% bill! on a ban"/! &eb !ite+)Internet En(ineerin( Ta!"

6orce *IET6+

T#e Internet !tandard! !ettin( or(ani.ation &it# affiliate! internationall% from

net&or" indu!tr% repre!entati$e!) T#i! include! al net&or" in indu!tr% de$eloper!and re!earc#er!) T#i! include! all net&or" indu!tr% de$eloper! and re!earc#er!

concerned &it# e$olution and planned (ro&t# of t#e Internet)

Internet inter3RB

rotocol *II+

A protocol de$eloped b% t#e obect mana(ement (roup *M+ to implement

common bect Re1ue!t Bro"er Arc#itecture *CBBA+ !olution! o$er t#e >orld

>ide >eb) CRBA enable! module! of net&or"3ba!ed pro(ram! to communicate&it# one anot#er) T#e!e module! or pro(ram part!, !uc# a! table!, arra%!, and

more comple' pro(ram !ub element!, are one anot#er, T#e!e module! or pro(ram

part!, !uc# a! table, arra%!, and more comple' pro(ram !ub element!, are referred

to a! obect!, ?!e of II in t#i! proce!! enable! bro&!er! and !er$er! to e'c#an(e bot# !imple and comple' obect!) T#i! !i(nificantl% differ! from HTT, &#ic#

onl% !upport! t#e tran!mi!!ion of te't)

Internet pac"et *I+

!poofin(

An attac" u!in( pac"et! &it# t#e !poofed !ource Internet pac"et *I+ addre!!e!)

T#i! tec#ni1ue e'ploit! application! t#at u!e aut#entication ba!ed on I addre!!e!)

T#i! tec#ni1ue al!o ma% enable an unaut#ori.ed u!er to (ain root acce!! on t#etar(et !%!tem)

Intranet A pri$ate net&or" t#at u!e! t#e infra!tructure and !tandard! of t#e internet and>orld >ide >eb, but i! i!olated from t#e public internet b% fire&all barrier!)

Intru!ion An% intentional $iolation of t#e !ecurit% polic% of a !%!tem

Intru!ion detection T#e proce!! of monitorin( t#e e$ent! occurrin( in a computer !%!tem or net&or",detectin( !i(n! of !ecurit% problem!

Intru!i$e monitorin( In $ulnerabilit% anal%!i!, (ainin( information b% performin( c#ec"! t#at affect! t#enormal operation of t#e !%!tem, e$en cra!#in( t#e !%!tem

I *internet protocol+ Specifie! t#e format of pac"et! and t#e addre!!in( !c#eme

ISec *Internet protocol

!ecurit%+

A !et of protocol! de$eloped b% t#e IET6 to !upport t#e !ecure e'c#an(e of

pac"et!

Irre(ularitie! Intentional $iolation! of e!tabli!#ed polic% or &illful mi!!tatement! or omi!!ion!

of

;G




information

IS577:: An international !tandard t#at define! information confidentialit%, inte(rit% and

a$ailabilit% control!

IS *internet !er$ice

pro$ider+

A t#ird part% t#at pro$ide! or(ani.ation! &it# $ariet% or internet, and internet3

related !er$ice!

IT (o$ernance frame&or" A model t#at inte(rate! a !et of (uideline!, policie! and met#od! t#at repre!ent t#e

or(ani.ational approac# to t#e IT (o$ernance) er Cob IT )0, IT (o$ernance i!t#e re!pon!ibilit% of t#e board of director! and e'ecuti$e mana(ement) It i! an

inte(ral part of in!titutional (o$ernance and con!i!t! of t#e leader!#ip and

or(ani.ational !tructure! and proce!!e! t#at en!ure t#at t#e or(ani.ation/! IT

!u!tain! and e'tend! t#e or(ani.ation/! !trate(% and obecti$e!)

IT infra!tructureT#e !et of #ard&are, !oft&are and facilitie! t#at inte(rate! an or(ani.ation!/ IT

a!!et!) Specificall%, t#e e1uipment *includin( !er$er!, router!, !&itc#e!, and

cablin(+, !oft&are, !er$ice! and product! u!ed in !torin(, proce!!in(, tran!mittin(and di!pla%in( all form! of information for t#e or(ani.ation/! u!er!)

@ob control

lan(ua(e*@C+

A lan(ua(e u!ed to connection &it# performin( ta!"! on a computer

@ournal entr% A debit or credit to a (eneral led(er account) See al!o manual ournal entr%)

@ud(ment !amplin( An% !ample t#at i! !elected !ubecti$el% or in !uc# a manner t#at t#e !ample!election proce!! i! not random or t#e !amplin( re!ult! are not e$aluated

mat#ematicall%

4ai.en See continuou! impro$ement

4e% A !e1uence of !%mbol! t#at control! t#e operation of a cr%pto(rap#ic

tran!formation *e)() encip#erment, decip#erment, cr%pto(rap#ic c#ec" functioncomputation, !i(nature (eneration, or !i(nature $erification+)

4e% eneration T#e tru!t&ort#% proce!! of creatin( a pri$ate "e%9public "e% pair)

4e% Mana(ement T#e admini!tration and u!e of t#e (eneration, re(i!tration, certification,

dere(i!tration, di!tribution, in!tallation, !tora(e, arc#i$in(, re$ocation, deri$ation

and de!truction of "e%in( material in accordance &it# a !ecurit% polic%)

4e% air In an a!%mmetric cr%pto !%!tem, mean! a pri$ate "e% and it! mat#ematicall%related public "e%, &#ic# are !o related t#at t#e public "e% can $erif% a di(ital

!i(nature created b% t#e pri$ate "e%)

4e% performance

indicator *4I+

Defined mea!ure! t#at determine #o& &ell t#e proce!! i! performin( in enablin(

t#e (oal to be reac#ed) T#e% are lead indicator! of &#et#er a (oal &ill li"el% bereac#ed or not, and are (ood indicator! of capabilitie!, practice! and !"ill!) T#e%

mea!ure t#e acti$it% (oal!, &#ic# are t#e action! t#e proce!! o&ner mu!t ta"e to

ac#ie$e effecti$e proce!! performance)

;7




26 *a%er 2 for&ardin(+ A tunnelin( protocol de$eloped b% Ci!co !%!tem! to !upport t#e creation of J!

2T *la%er 2tunnelin(

protocol+

An e'ten!ion to to facilitate t#e creation of J!) 2T mer(e! t#e be!t

feature! of T *from Micro!oft+ and eft *from Ci!co+)

atenc% T#e time it ta"e! a !%!tem and net&or" dela% to re!pond) S%!tem latenc% i! t#e

time a !%!tem ta"e! to retrie$e data) et&or" latenc% i! t#e time it ta"e! for a pac"et to tra$el from !ource to t#e final de!tination)

DA*i(#t&ei(#tDirector% Acce!!

protocol+

A !et of protocol! for acce!!in( information director!) It i! ba!ed on t#e ')F00!tandard) But i! !i(nificantl% !impler)

ea!ed line! A communication line permanentl% a!!i(ned to connect t&o point!, a! oppo!ed toa dial3up line t#at i! onl% a$ailable and open &#en a connection i! made b% dialin(

t#e tar(et mac#ine or net&or") Al!o "no&n a! a dedicated line)

e(al ri!" I! t#e ri!" to earnin(! or capital ari!in( from $iolation! of, or nonconformance

&it#, la&!) Rule!, re(ulation!, pre!cribed practice! or et#ical !tandard!) Ban"! are

!ubect to $ariou! form! of le(al ri!") T#i! can include t#e ri!" t#at a!!et! &ill turnout to be &ort# le!! or liabilitie! &ill turn out to be (reater t#an e'pected becau!e

of inade1uate or incorrect le(al ad$ice or documentation) In addition, e'i!tin( la&!

ma% fail to re!ol$e le(al i!!ue! in$ol$in( a ban"- a court ca!e in$ol$in( a particular ban" ma% #a$e &ider implication! for bandin( bu!ine!! and in$ol$e

co!t! to it and man% or all ot#er ban"!- and, la&! affectin( ban"! or ot#er

commercial enterpri!e! ma% c#an(e) Ban"! are particularl% !u!ceptible to le(al

ri!"! &#en enterin( ne& t%pe! of tran!action! and &#en t#e le(al ri(#t of acounter3part% to enter into tran!action! i! not e!tabli!#ed)

ibrarian T#e indi$idual re!pon!ible for t#e !afe(uard and maintenance of all pro(ram anddata file!)

icence Mean! a licence (ranted to a bod%, !a% a, Certif%in( Aut#orit%)

icen!in( a(reement A contract t#at e!tabli!#e! t#e term! and condition! under &#ic# a piece of

!oft&are i! bein( licen!ed *i)e), made le(all% a$ailable for u!e+ from t#e !oft&arede$eloper *o&ner+ to t#e u!er

imit c#ec" Te!t! of !pecified amount field! a(ain!t !tipulated #i(# or lo& limit! of

acceptabilit%) >#en bot# #i(# and lo& $alue! are u!ed, t#e te!t ma% be called a

ran(e c#ec")

in" editor *lin"a(e

editor+

A utilit% pro(ram t#at combine! !e$eral !eparatel% compiled module! into one,

re!ol$in( internal reference! bet&een t#em

iteral! An% notation for repre!entin( a $alue &it#in pro(rammin( lan(ua(e !ource code,

e)(), a !trin( literal- a c#un" of input data t#at i! repre!ented a!8 i! in compre!!eddata

ocal area net&or"

*A+

Communication! net&or"! t#at !er$e !e$eral u!er! &it#in a !pecified (eo(rap#ical

area) er!onal computer A! function a! di!tributed proce!!in( !%!tem! in &#ic#eac# computer in t#e net&or" doe! it! o&n proce!!in( and mana(e! !ome of it!

data) S#ared data are !tored in a file !er$er t#at act! a! a remote di!" dri$e for all

u!er! in t#e net&or")

A (eo(rap#icall% !mall net&or" of computer! and !upportin( component! u!ed b%

a (roup or department to !#are related !oft&are and #ard&are re!ource!)

ocal loop T#e communication line! t#at pro$ide connecti$it% bet&een t#e

telecommunication! carrier/! central office and t#e !ub!criber/! facilitie!

;




o( Record! detail! of t#e information or e$ent! in an or(ani.ed record3"eepin(

!%!tem, u!uall% !e1uenced in t#e order t#e% occurred

o(ical acce!! control! T#e policie!, procedure!, or(ani.ational !tructure and electronic acce!! control!

de!i(ned to re!trict acce!! to computer !oft&are and data file!

o(off Di!connectin( from t#e computer

o(on T#e proce!! of connectin( to t#e computer) It t%picall% re1uire! entr% of a u!er ID

and pa!!&ord in to a computer terminal)o(!9o( file 6ile! created !pecificall% to record $ariou! action! occurrin( on t#e !%!tem to be

monitored, !uc# a! failed lo(in attempt!) 6ull di!" dri$e! and e3mail deli$er%

failure!

o&3Sen!iti$e Applie! to information t#at, if compromi!ed, could rea!onabl% be e'pected to

cau!e inur% out!ide t#e national intere!t, for e'ample, di!clo!ure of an e'act!alar% fi(ure)

Mac#ine lan(ua(e T#e lo(ical lan(ua(e a computer under!tand!

Ma(netic card reader A card reader t#at read! card! &it# a ma(neticall% !urface on &#ic# data can be!tored and retraced

Ma(netic in" c#aracter

reco(nition *MICR+

?!ed to electronicall% input, read and interpret information directl% from a !ource

document- re1uire! t#e !ource document to #a$e !peciall%3coded ma(netic in" t%pe!et

Mal&are S#ort for maliciou! !oft&are,8 mal&are i! !oft&are de!i(ned to infiltrate, dama(eor obtain information from a computer !%!tem &it#out t#e o&ner/! con!ent)

Mal&are i! commonl% ta"en to include computer $iru!e!, &orm!, Troan #or!e!,

!p% &are and ad &are) Sp% &are i! (enerall% u!ed for mar"etin( purpo!e! and, a!!uc#, not reall% maliciou! alt#ou(# it i! (enerall% un&anted) Ho&e$er, !p% &are

can al!o be u!ed to (at#er information for identit% t#eft or ot#er clearl% illicit

purpo!e!)Mana(ement information

!%!tem *MIS+

An or(ani.ed a!!embl% of re!ource! and procedure! re1uired to collect proce!!

and di!tribute data for u!e in deci!ion ma"in()

Mandator% acce!!

control! *MAC+

o(ical acce!! control filter!, u!ed to $alidate acce!! credential! t#at cannot be

controlled or modified b% normal u!er! or data o&ner!- t#e% act b% default)

Con$er!el%, t#o!e control! t#at ma% be confi(ured or modified b% t#e u!er! or datao&ner! are called di!cretionar% acce!! control!)

Man Nin3t#e3middleattac"

An attac" !trate(% in &#ic# t#e attac"er intercept! t#e communication! !tream bet&een t&o part! of t#e $ictim !%!tem and t#en replace! terrific bet&een t#e t&o

component! &it# t#e intruder/! o&n) E$entuall% a!!umin( control of t#e

communication

Manual ournal entr% A ournal entr% entered at a computer terminal) Manual ournal entrie! can includere(ular, !tati!tical, inter3compan% and forei(n currenc% entrie!

Mappin( Dia(rammin( data t#at i! to be e'c#an(ed electronicall%, includin( #o& it i! to be

u!ed and &#at bu!ine!! mana(ement !%!tem! need it) It i! a preliminar% !tep for

de$elopin( an application! lin") *Al!o !ee application tracin( and mappin()+

Ma!"in( A computeri.ed tec#ni1ue of bloc"in( out t#e di!pla% of !en!iti$e information)

Suc# a! pa!!&ord!, on a computer terminal or report

Ma!1uerader! Attac"er! t#at penetrate !%!tem! b% u!in( u!er identifier! and pa!!&ord! ta"en

from le(itimate u!er!

;:




Ma!ter file A file of !emi permanent information t#at i! u!ed fre1uentl% for proce!!in( data or

for more t#an one purpo!e

Materialit% An auditin( concept re(ardin( t#e importance of an item of information &it#

re(ard to it! impact or effect on t#e functionin( if t#e entit% bein( audited) An

e'pre!!ion of t#e relati$e !i(nificance or importance of a particular matter in t#econte't of t#e or(ani.ation a! a &#ole)

Maturit% model A collection of in!truction! an or(ani.ation can follo& to (ain better control o$er

it! !oft&are de$elopment proce!!) T#e Capabilit% Maturit% Model *CMM+ for !oft&are, from t#e !oft&are En(ineerin( In!titute *SEI+, i! a model u!ed b% man%

or(ani.ation! to identif% be!t practice! u!eful in #elpin( t#em a!!e!! and increa!e

t#e maturit% of t#eir !oft&are de$elopment proce!!e!) T#e CMM ran"! !oft&arede$elopment or(ani.ation! accordin( to a #ierarc#% of fi$e proce!! maturit%

le$el!) Eac# le$el ran"! t#e de$elopment en$ironment accordin( to it! capabilit%

of producin( 1ualit% !oft&are) A !et of !tandard! i! a!!ociated &it# eac# of t#e fi$ele$el!) T#e !tandard! for le$el one de!cribe t#e mo!t immature or c#aotic,

proce!!e! and t#e !tandard! for le$el fi$e de!cribe t#e mo!t mature, or 1ualit%,

proce!!e!)

Media T#e material or confi(uration on &#ic# data i! recorded E'ample! include

ma(netic tap! and di!"!)Media acce!! Control

*MAC+

A uni1ue, 3bit, #ard3coded addre!! of a p#%!ical la%er de$ice, !uc# a! an

Et#ernet A or a &irele!! net&or" card) T#e MAC i! applied to t#e #ard&are at

t#e factor% and cannot be modified)

Media o'idation T#e deterioration of t#e media *e)(), tape!+ upon &#ic# data i! di(itall% !tored due

to e'po!ure to o'%(en and moi!ture, for e'ample, tape! deterioratin( in a &arm,#umid en$ironment) roper en$ironmental control! !#ould pre$ent, or

!i(nificantl% !lo&, t#i! proce!!)

Memor% dump T#e act of cop%in( ra& data from on e place to anot#er &it# little or no formattin(

for readabilit%3?!uall%3dump refer! to cop%in( data from main memor% to a

di!pla% !creen or a printer) Dump! are u!eful for dia(no!in( bu(!) After a pro(ram

fail!, one can !tud% t#e dump and anal%.e t#e content! of memor% at t#e time of t#e failure) Dump! are u!uall% output in a difficult3to3 read form *t#at i!, binar%,

octal or #e'adecimal+) So a memor% dump &ill not #elp unle!! eac# per!on "no&!

e'actl% for &#at to loo")

Me!!a(e A di(ital repre!entation of information- a computer3ba!ed record A !ub!et of

record *See also record+

Me!!a(e !&itc#in( A telecommunication! traffic controllin( met#odolo(% in &#ic# a complete

me!!a(e i! !ent to a concentration point and !tored until t#e communication! pat#i! e!tabli!#ed)

Micro&a$e tran!mi!!ion A #i(#3 capacit% line3of3!i(#t tran!mi!!ion of data !i(nal! t#rou(# t#e atmo!p#ere

&#ic# often re1uire! rela% !tation!

Middle&are Anot#er term for an application pro(rammer interface *AI+) It refer! to t#einterface! t#at allo& pro(rammer! to acce!! lo&er3or #i(#er3le$el !er$ice! b% pro$idin( an intermediar% la%er t#at include! function call! to t#e !er$ice!)

Mile!tone A terminal element t#at mar"! t#e completion of a &or" pac"a(e or p#a!e,t%picall% mar"ed b% a #i(#3le$el anent !uc# a! proect completion- receipt,

endor!ement or !i(nin( of a pre$iou!l%3defined deli$erable- or a #i(#3le$el re$ie&

meetin( at &#ic# t#e appropriate le$el of prefect completion i! determined and

a(reed to) T%picall%, a mile!tone i! a!!ociated &it# !ome !ort of deci!ion t#atoutline! t#e future of a proect and, for out!ourced proect, ma% #a$e a pa%ment to

0




t#e contractor a!!ociated &it# it)

Mi!!ion3critical

application

An application t#at i! $ital to t#e operation of t#e or(ani.ation) T#e term i! $er%

popular for de!cribin( t#e application! re1uired to run t#e da%3to3da% bu!ine!!)

Mi!u!e detection Detection on t#e ba!i! of &#et#er t#e !%!tem acti$it% matc#e! t#at defined a! bad

Modem *modulator

demodulator+

Connect! a terminal or computer to a communication! net&or" $ia telep#one

!%!tem!) >#en actin( in t#e recei$er capacit%) A modem decode! incomin(fre1uencie!)

Mobile !ite T#i! i! a !peciall% de!i(ned trailer t#at can be 1uic"l% tran!ported to a bu!ine!!

location or to an alternate !ite to pro$ide a read%3conditioned information proce!!in( facilit%) T#e!e mobile !ite! can be connected to form lar(er &or" area!

and can be preconfi(ured &it# !er$er!, de!"top computer!, communication!

e1uipment, and e$en micro&a$e and !atellite data lin"!)

Modulation T#e proce!! of con$ertin( a di(ital computer !i(nal into an analo(

telecommunication! !i(nal

Monetar% unit !amplin( A !amplin( tec#ni1ue t#at e!timate! t#e amount of o$er!tatement in an account

balance

Monitor An% information collection mec#ani!m utili.ed b% an intru!ion detection !%!tem

Monitorin( polic% T#e rule! outlinin( t#e &a% in &#ic# information i! captured and interpreted

Multiple'in( T#e tran!mi!!ion of more t#an one !i(nal acro!! a p#%!ical c#annel

Multiple'er A de$ice u!ed for combinin( !e$eral lo&er3!peed c#annel! onto a #i(#er3!peed

c#annel

Mutual ta"eo$er A fail3o$er proce!!, &#ic# i! ba!icall% a t&o3&a% idle !tandb%- t&o !er$er! are

confi(ured !o t#at bot# can ta"e o$er t#e ot#er node/! re!ource (roup) Bot# mu!t#a$e enou(# C? po&er to run bot# application! &it# !ufficient !peed, or

performance lo!!e! mu!t be ta"en into account e'pected until t#e failed nodereinte(rate!) T#i! al!o &or"! nicel% in t#ree or more node confi(uration!)

ame A !et of identif%in( attribute! purported to de!cribe an entit% of a certain t%pe)

AT*et&or" addre!!Tran!lation+

An Internet !tandard t#at allo&! a net&or" to u!e on!et of I addre!!e! for internaltraffic and a !econd !et of addre!!e! for eternal traffic) T#e !er$er, pro$idin( t#e

AT !er$ice, c#an(e! t#e !ource addre!! of out(oin( pac"et! form t#e internal to

t#e e'ternal traffic) T#e !er$er, pro$idin( t#e AT !er$ice, c#an(e! t#e !ource

addre!! of out(oin( pac"et! from t#e internal to t#e e'ternal addre!! and re$er!e!it for pac"et! returnin()

et &are A popular local area net&or" operatin( !%!tem de$eloped b% t#e o$ell Corp)

et&or" A !%!tem of interconnected computer! and t#e communication! e1uipment u!ed to

connect t#em)

A !et of related, remotel% connected de$ice! and communication! facilitie!

includin( more t#an one computer !%!tem &it# t#e capabilit% to tran!mit data

5




re1ue!tin( t#e information) enerall%, t#e (o$ernmental entit% &ill include a

pro$i!ion in t#e contract to allo& t#e !eller to re$ie& a re1ue!t for information t#e

!eller identifie! a! confidential and t#e !eller ma% appeal !uc# a deci!ion re1uirin(di!clo!ure)+ DA! can be mutual,8 meanin( bot# partie! are re!tricted in t#eir u!e

of t#e material! pro$ided, or t#e% can onl% re!trict a !in(le part%) It i! al!o po!!ible

for an emplo%ee to !i(n an DA or DA3li"e a(reement &it# a compan% at t#etime of #irin(- in fact, !ome emplo%ment a(reement! &ill include a clau!e

re!trictin( confidential information8 in (eneral) otar% A natural per!on aut#ori.ed b% an e'ecuti$e (o$ernmental a(enc% to perform

notarial !er$ice! !uc# a! ta"in( ac"no&led(ment!, admini!terin( oat#! or

affirmation!, &itne!!in( or atte!tin( !i(nature!, and notin( prote!t! of ne(otiable

in!trument!)

bect code Mac#ine3readable in!truction! produced from a compiler or a!!embler pro(ram

t#at #a! accepted and tran!lated t#e !ource code

bect Mana(ement

roup *M+

A con!ortium &it# more t#an 700affiliate! from t#e !oft&are indu!tr% it! purpo!e

i! to pro$ide a common frame&or" for de$elopin( application! u!in( obect3

oriented pro(rammin( tec#ni1ue!) 6or e'ample) M i! "no&n principall% for promul(atin( t#e CRBA !pecification)

bect orientation An approac# to !%!tem de$elopment &#ere t#e ba!ic unit of attention i! an obect,&#ic# repre!ent! an encap!ulation of bot# data *an obect/! met#od!+) bect!

u!uall% are created u!in( a (eneral template ca"ed a cla!!) Cla!!e! are t#e ba!i! for

mo!t de!i(n &or" in obect!) Cla!!e! and t#eir obect! communicate in defined&a%!) A((re(ate cla!!e! interact t#rou(# me!!a(e!, &#ic# are directed re1ue!t! for

!er$ice! from one cla!! *t#e client+ to anot#er cla!! *t#e !er$er+) A cla!! ma% !#are

t#e !tructure or met#od! defined in one or more ot#er cla!!e!3a relation!#ip "no&na! in#eritance)

becti$it% T#e abilit% to e'erci!e ud(ment, e'pre!! opinion! and pre!ent recommendation!

&it# impartialit%bect3oriented !%!tem

de$elopment

A !%!tem de$elopment met#odolo(% t#at i! or(ani.ed around obect!8 rat#er t#an

action!,8 and data8 rat#er t#an lo(ic)8 bect3oriented anal%!i! i! an a!!e!!mentof a p#%!ical !%!tem to determine &#ic# obect! in t#e real &orld need to be

repre!ented a! obect! in a !oft&are !%!tem) An% obect3oriented de!i(n i! !oft&are

de!i(n t#at i! centered around de!i(nin( t#e obect! t#at &ill ma"e up a pro(ram)An% obect3oriented pro(ram i! one t#at i! compo!ed of obect! or !oft&are part!)

ffline file! Computer file !tora(e media not p#%!icall% connected to t#e computer- t%picall%tape! or tape cartrid(e! u!ed for bac"up purpo!e!

ff!ite !tora(e A !tora(e facilit% located a&a% from t#e buildin( #ou!in( t#e primar% information

proce!!in( facilit% *I6+) u!ed for !tora(e of computer media !uc# a! offline

bac"up data and !tora(e file!)n3ine Communication! t#at pro$ide a real3time connection)

nline data proce!!in( roce!!in( i! ac#ie$ed b% enterin( information into t#e computer $ia a $ideo

di!pla% terminal) T#e computer immediatel% accept! or reect! t#e information, a!

it i! entered)

pen !%!tem! S%!tem! for &#ic# detailed !pecification! of t#eir component! compo!ition are

publi!#ed in a nonproprietar% en$ironment, t#ereb% enablin( competin(or(ani.ation! to u!e t#e!e !tandard component! to build competiti$e !%!tem!) T#e

;




ad$anta(e! of u!in( open !%!tem! include portabilit%, interoperabilit% and

inte(ration)

pen S#orte!t pat# 6ir!t

*S6+

A routin( protocol, de$eloped for I net&or"! t#at i! ba!ed on t#e !#orte!t3pat#3

fir!t or lin"3!tate al(orit#m)

peratin( !%!tem A ma!ter control pro(ram t#at run! t#e computer and act! a! a !c#eduler and

traffic controller) It i! t#e fir!t pro(ram copied into t#e computer/! memor% after

t#e computer i! turned on and mu!t re!ide in memor% at all time!) It !et! t#e

!tandard! for t#e application pro(ram! t#at run in it)peratin( !%!tem audit

trail!

Record! of !%!tem e$ent! (enerated b% a !peciali.ed operatin( !%!tem mec#ani!m

perational audit An audit de!i(ned to e$aluate t#e $ariou! internal control!, econom% and

efficienc% of a function or department

perational Certificate A Di(ital Si(nature Certificate &#ic# i! &it#in it! operational period at t#e pre!ent

date and time or at a different !pecified date and time, dependin( on t#e conte't)

perational control T#e!e control! deal &it# t#e e$er%da% operation of a compan% or or(ani.ation to

en!ure all obecti$e! are ac#ie$ed)

perational Mana(ement Refer! to all bu!ine!!9!er$ice unit mana(ement *ie t#e u!er mana(ement+ a! &ell

a! Information Tec#nolo(% mana(ement)

perational eriod T#e period !tartin( &it# t#e date and time a Di(ital Si(nature Certificate i! i!!ued*or on a later date and time certain if !tated in t#e Di(ital Si(nature Certificate+

and endin( &it# t#e date and time on &#ic# t#e Di(ital Si(nature Certificatee'pire! or i! earlier !u!pended or re$o"ed)

perational ri!" T#e mo!t important t%pe! of operational ri!" in$ol$e brea"do&n! in internalcontrol! and corporate (o$ernance) Suc# brea"do&n! can lead to financial lo!!e!

t#rou(# error, fraud or failure to perform in a timel% manner or cau!e t#e intere!t!

of t#e ban" to be compromi!ed in !ome ot#er &a%, for e'ample, b% it! dealer!,

lendin( officer! or ot#er !taff e'ceedin( t#eir aut#orit% or conductin( bu!ine!! inan unet#ical or ri!"% manner) t#er a!pect! of operational ri!" include maor

failure of information tec#nolo(% !%!tem! or e$ent! !uc# a! !ecurit% problem! or

ot#er di!a!ter!)peration! Pone An area &#ere acce!! i! limited to per!onnel &#o &or" t#ere and to properl%

e!corted $i!itor! peration! Pone! !#ould be monitored at lea!t periodicall%, ba!edon a t#reat ri!" a!!e!!ment *TRA+, and !#ould preferabl% be acce!!ible from a

Reception Pone)

perator con!ole A !pecial terminal u!ed b% computer operation! per!onnel to control computer and

!%!tem! operation! function!) T#e!e terminal! t%picall% pro$ide a #i(# le$el of

computer acce!! and !#ould be properl% !ecured)

ptical c#aracter

reco(nition

?!ed to electronicall% !can and input &ritten information from a !ource document

ptical !canner An input de$ice t#at read! c#aracter! and ima(e! t#at are printed or painted on a

paper form into t#e computer)

r(ani.ation An entit% &it# &#ic# a u!er i! affiliated An or(ani.ation ma% al!o be a u!er)

ri(inator A per!on &#o !end!, (enerate!, !tore! or tran!mit! an% electronic me!!a(e or

cau!e! an% electronic me!!a(e to be !ent, (enerated, !tored or tran!mitted to an%ot#er per!on but doe! not include an intermediar%)

utput anal%.er C#ec"! t#e accurac% of t#e re!ult! produced b% a te!t run) T#ere are t#ree t%pe! of

c#ec"! t#at an output anal%.er can perform) 6ir!t, if a !tandard !et of te!t data andte!t re!ult! e'i!t! for a pro(ram, t#e output of a te!t run after pro(ram maintenance




can be compared &it# t#e !et if re!ult! t#at !#ould be produced) Second, a!

pro(rammer! prepare te!t data and calculate t#e e'pected re!ult!, t#e!e re!ult! can

be !tored on a file and t#e output anal%.er compare! t#e actual re!ult! of a te!t run&it# t#e e'pected re!ult!) T#ird, t#e output anal%.er can act a! a 1uer% lan(ua(e- it

accept! 1uerie! about &#et#er certain relation!#ip! e'i!t in t#e file of output

re!ult! and report! compliance or noncompliance)

ut!ourcin( A formal a(reement &it# a t#ird part% to perform an IS function for an

or(ani.ation

ac"et Data unit t#at i! routed from !ource to de!tination in a pac"et3!&itc#ed net&or") A

pac"et contain! bot# routin( information and data) Tran!mi!!ion control protocol9internet protocol *TC9I+ i! !uc# a pac"et3!&itc#ed net&or")

ac"et filterin( Controllin( acce!! to a net&or" b% anal%.in( t#e attribute! of t#e incomin( andout(oin( pac"et! and eit#er lettin( t#em pa!!, or den%in( t#em, ba!ed on a li!t of

rule!

ac"et !&itc#in( T#e proce!! of tran!mittin( me!!a(e! in con$enient piece! t#at can be rea!!embled

at t#e de!tinationarallel !imulation arallel !imulation in$ol$e! t#e IS auditor &ritin( a pro(ram to replicate t#o!e

application proce!!e! t#at are critical to an audit opinion and u!in( t#i! pro(ram to

reproce!! application !%!tem data) T#e re!ult! produced are compared &it# t#e

re!ult! (enerated b% t#e application !%!tem and an% di!crepancie! identified)

aper te!t A &al"3 t#rou(# of t#e !tep! of a re(ular te!t, but &it#out actuall% performin( t#e

!tep!) It i! u!uall% u!ed in di!a!ter reco$er% and contin(enc% te!tin(, &#ere teammember! re$ie& and become familiar &it# t#e plan!, t#eir !pecific role! and

re!pon!ibilitie!)

arallel te!tin( T#e proce!! of feedin( te!t data into t&o !%!tem!, t#e modified !%!tem and analternati$e !%!tem *po!!ibl% t#e ori(inal !%!tem+and comparin( re!ult!

arit% c#ec" A (eneral #ard&are control, &#ic# #elp! to detect data error! &#en data are readfrom memor% or communicated from one computer to anot#er, a 53bit di(it *eit#er

0or 5+i! added to a data item to indicate &#et#er t#e !um of t#at data item/! bit i!

odd or e$en) >#en t#e parit% bit di!a(ree! &it# t#e !um of t#e ot#er bit!, t#ecomputer report! an error) T#e probabilit% of a parit% c#ec" detectin( an error i! F0

percent)

articularl% Sen!iti$e Applie! to information t#at, if compromi!ed, could rea!onabl% be e'pected to

cau!e !eriou! inur% out!ide t#e national intere!t, for e'ample lo!! of reputation or

competiti$e ad$anta(e)

artitioned file

artitioned file

A file format in &#ic# t#e file i! di$ided into multiple !ub file! and a director% i!

e!tabli!#ed to locate eac# !ub file

a!!i$e a!!ault In a pa!!i$e a!!ault, intruder! attempt to lean !ome c#aracteri!tic of t#e data bein(tran!mitted) T#e% ma% be able to read t#e content! of t#e data !o t#e pri$ac% of

t#e data i! $iolated) Alternati$el%, alt#ou(# t#e content of t#e data it!elf ma%remain !ecure, intruder! ma% read and anal%.e t#e plainte't !ource and de!tination

identifier! attac#ed to a me!!a(e for routin( purpo!e!, or t#e% ma% e'amine t#e

len(t#! and fre1uenc% of me!!a(e! bein( tran!mitted)

a!!i$e re!pon!e A re!pon!e option in intru!ion detection in &#ic# t#e !%!tem !impl% report! and

record! t#e problem detected, rel%in( on t#e u!er to ta"e !ub!e1uent action

F




a!!&ord 9 a!! #ra!e-

in umber

A protected, (enerall% computer3encr%pted !trin( of c#aracter! t#at aut#enticate a

computer u!er to t#e computer !%!tem)

Confidential aut#entication information u!uall% compo!ed of a !trin( of c#aracter!

u!ed to pro$ide acce!! to a computer re!ource)

a!!&ord crac"er Speciali.ed !ecurit% c#ec"er t#at te!t! u!er/! pa!!&ord!, !earc#in( for pa!!&ord!

t#at are ea!% to (ue!! b% repeatedl% tr%in( &ord! from !peciall% crafted

dictionarie!) 6ailin( t#at, man% pa!!&ord crac"er! can brute force all po!!iblecombination! in a relati$el% !#ort period of time &it# current de!"top computer #ard&are)

a%ment !%!tem A financial !%!tem t#at e!tabli!#e! t#e mean! for tran!ferrin( mone% bet&een!upplier! and u!er! of fund!, ordinaril% b% e'c#an(in( debit! or credit! bet&een

ban"! or financial in!titution!)

atc# mana(ement An area of !%!tem! mana(ement t#at in$ol$e! ac1uirin(, te!tin(, and in!tallin(

multiple patc#e! *code c#an(e!+ to an admini!tered computer !%!tem, to date

!oft&are and often to addre!! !ecurit% ri!"!) atc# mana(ement ta!"! include t#efollo&in(- maintainin( current "no&led(e of a$ailable atc#e!- decidin( &#at

patc#e! are appropriate for particular !%!tem!- en!urin( t#at patc#e! are in!talled

properl%- te!tin( !%!tem! after in!tallation- and documentin( all a!!ociated procedure!, !uc# a! !pecific confi(uration! re1uired) A number of product! area$ailable to automate patc# mana(ement e'pert! !u((e!t t#at !%!tem

admini!trator! ta"e !imple !tep! to a$oid problem!, !uc# a! performin( bac"up!

and te!tin( patc#e! on non3critical !%!tem! prior to in!tallation!) atc#mana(ement can be $ie&ed a! part of c#an(e mana(ement) 6or furt#er detail refer

to-

a%roll !%!tem An electronic !%!tem for proce!!in( pa%roll information and t#e related electronic

time"eepin( and9or #uman re!ource! !%!tem+, #uman *e)(), pa%roll cler"+, and

e'ternal part% *e)(), ban"+ interface!) In a more limited !en!e, it i! t#e electronic!%!tem t#at perform! t#e proce!!in( for (eneratin( pa%roll c#ec"! and9or ban"

direct depo!it! to emplo%ee!)C Card *See Al!o SmartCard+

A #ard&are to"en compliant &it# !tandard! promul(ated b% t#e er!onalComputer Memor% Card International A!!ociation *CMCIA+ pro$idin(

e'pan!ion capabilitie! to computer!, includin( t#e facilitation of information

!ecurit%)

enetration te!tin( Ali$e te!t of t#e effecti$ene!! of !ecurit% defen!e! t#rou(# mimic"in( t#e action!

of real3life attac"er!

erformance indicator! A !et of metric! de!i(ned to mea!ure t#e e'tent to &#ic# performance obecti$e!

are bein( ac#ie$ed on an on3(oin( ba!i!) T#e% can include !er$ice le$el

a(reement!, critical !ucce!! factor!, cu!tomer !ati!faction ratin(!, internal or e'ternal benc#mar"!, indu!tr% be!t practice! and international !tandard!)

ri$ate branc# e'c#an(e*B+

A telep#one e'c#an(e t#at i! o&ned b% a pri$ate bu!ine!!, a! oppo!ed to oneo&ned b% a common carrier or b% a telep#one compan%)

erformance te!tin( Comparin( t#e !%!tem, performance to ot#er e1ui$alent !%!tem! u!in( &elldefined benc#mar"!

erip#eral! Au'iliar% computer #ard&are e1uipment u!ed for input, output and data !tora(e)E'ample! include di!" dri$e! and printer!)

ermanent $irtual

circuit*JC+

A permanent connection bet&een #o!t! in a pac"et !&itc#ed net&or"

G




er!on Mean! an% compan% or a!!ociation or indi$idual or bod% of indi$idual!, &#et#er

incorporated or not)

er!onal di(ital

a!!i!tant*DA+

Al!o called palmtop and poc"et computer, t#e!e are #and#eld de$ice! t#at pro$ide

computin(, Internet, net&or"in( and telep#one c#aracteri!tic!)

er!onal identification

number *I+

A t%pe of pa!!&ord *i)e), a !ecret number a!!i(ned to an indi$idual+ t#at, in

conunction &it# !ome mean! of identif%in( t#e indi$idual, !er$e! to $erif% t#e

aut#enticit% of t#e indi$idual in! #a$e been adopted b% financial in!titution! a!

t#e primar% mean! of $erif%in( cu!tomer! in an electronic fund! tran!fer !%!tem*E6TS+)

er!onal re!ence T#e act of appearin( *p#%!icall% rat#er t#an $irtuall% or fi(urati$el%+ before aCertif%in( Aut#orit% or it! de!i(nee and pro$in( one! identit% a! a prere1ui!ite to

Di(ital Si(nature Certificate i!!uance under certain circum!tance!)

#i!#in( T#i! i! t%pe of e3mail attac" t#at attempt! to con$ince a u!er t#at t#e ori(inator i!

(enuine, but &it# t#e intention of obtainin( information for u!e in !ocial

en(ineerin() T#e!e attac"! ma% ta"e t#e form of ma!1ueradin( a! a lotter%or(ani.ation ad$i!in( t#e recipient of a lar(e &in or t#e u!er/! ban"- in eit#er ca!e,

t#e intent i! to obtain account and I detail!) Alternati$e attac"! ma% !ee" to

obtain apparentl% innocuou! bu!ine!! information, &#ic# ma% be u!ed in anot#er

form of acti$e attac")#rea"er! T#o!e &#o crac" !ecurit%, mo!t fre1uentl% p#one and ot#er communication

net&or"!

i((% bac"in( 5+ 6ollo&in( an aut#ori.ed per!on into a re!tricted acce!! area- 2+ electronicall%

attac#in( to an aut#ori.ed telecommunication! lin" to intercept and po!!ibl% alter tran!mi!!ion!)

lainte't Di(ital information, !uc# a! clear te't, t#at i! intelli(ible to t#e reader

oint3of3!ale

*S+!%!tem!

Enable t#e capture of data at t#e time and place of tran!action) S terminal! ma%

include u!e of optical !canner! for u!e &it# bar code! or ma(netic card reader! for

u!e &it# credit card!) S !%!tem! ma% be online to a central computer or ma%

u!e !tand3alone terminal! or microcomputer! t#at #old t#e tran!action! until t#eend of a !pecified period &#en t#e% are !ent to t#e main computer for batc#

proce!!in()

olic% A brief document t#at !tate! t#e #i(#3le$el or(ani.ation po!ition, !tate! t#e !cope,

and e!tabli!#e! &#o i! re!pon!ible for compliance &it# t#e polic% and t#e

corre!pondin( !tandard! 6ollo&in( i! an abbre$iated e'ample of &#at a polic%ma% contain

• Introduction

• Definition!

• olic% Statement identif%in( t#e need for !omet#in(8 *e( data !ecurit%+

• Scope

• eople pla%in( a role and t#eir re!pon!ibilitie!

• Statement of Enforcement, includin( re!pon!ibilit%

ol%morp#i!m *obect!+ ol%morp#i!m refer! to databa!e !tructure! t#at !end t#e !ame command to

different c#ild obect! t#at can produce different re!ult! dependin( on t#eir famil%

#ierarc#ical tree !tructure)

opulation T#e entire !et of data from &#ic# a !ample i! !elected and about &#ic# t#e IS

auditor &i!#e! to dra& conclu!ion!

7




ort An interface point bet&een t#e C? and a perip#eral de$ice

o!tin( T#e proce!! of actuall% enterin( tran!action! into computeri.ed or manual file!)

Suc# tran!action! mi(#t immediatel% update t#e ma!ter file! or ma% re!ult inmemo po!tin(, in &#ic# t#e tran!action! are accumulated o$er a period of time)

T#en applied to ma!ter file updatin()

oint3to oint protocol

*+

Commonl% u!ed to e!tabli!# a direct connection bet&een t&o node!, it can connect

computer! u!in( !erial cable, p#one line, trun" line, cellular telep#one, !peciali.edradio lin"! or fiber optic lin"!) It! main feature! include en#anced error detection,automatic !elf3 confi(uration and looped lin" detection) Mo!t Internet !er$ice

pro$ider! u!e for cu!tomer!/ dial3up acce!! to t#e Internet) i! commonl%

u!ed to act a! a la%er 28 *t#e data lin" la%er of t#e SI model+ protocol for

connection o$er !%nc#ronou! and a!%nc#ronou! circuit!, &#ere it #a! lar(el%!uper!eded an older non!tandard protocol *"no&n a! SI+and telep#one compan%

mandated !tandard! *!uc# a! )2F+) &a! de!i(ned to &or" &it# numerou!

la%er ;8net&or" la%er protocol!, includin( I, o$ell/! I, and AppleTal")

T*point3to3point

tunnelin( protocol+

A protocol u!ed to tran!mit data !ecurel% bet&een t&o endpoint! to create a J

re$enti$e control! T#e!e control! are de!i(ned to pre$ent or re!trict an error, omi!!ion or unaut#ori.ed intru!ion)

rice ri!" I! t#e ri!" to earnin(! or capital ari!in( from c#an(e! in t#e $alue of portfolio! of

financial in!trument!) rice ri!" ari!e! from mar"et ma"in(, dealin( and po!ition

ta"in( in intere!t rate, forei(n e'c#an(e, e1uit% and commoditie! mar"et!) Ban"!na% be e'po!ed to price ri!" if t#e% create or e'pand depo!it bro"erin(, loan !ale!

or !ecuriti.ation pro(ram! a! a re!ult of internet ban"in( acti$itie!,

ri$ac% ri$ac% in$ol$e! pro$idin( proper protection for per!onall% identifiable

information relatin( to an identified or identifiable indi$idual *data

!ubect+)Mana(ement !#ould en!ure t#at proper control! are in place andfunctionin( to be in compliance &it# it! pri$ac% polic% or applicable pri$ac% la&!

and re(ulation!)roblem e!calation procedure

T#e proce!! of e!calatin( a problem up from unior to !enior !upport !taff, andultimatel% to #i(#er le$el! of mana(ement) It i! often u!ed in #elp de!"

mana(ement, &#ere an unre!ol$ed problem i! e!calated up t#e c#ain of command,

until it i! !ol$ed)

rocedure A !et of !tep! performed to en!ure t#at a (uideline i! met)

ro(ram A detailed and e'plicit !et of in!truction! for accompli!#in( !ome purpo!e, t#e !et bein( e'pre!!ed in !ome lan(ua(e !uitable for input to a computer, or in mac#ine

lan(ua(e)

ri$ate "e% A mat#ematical "e% *"ept !ecret b% t#e #older+ u!ed to create di(ital !i(nature!

and), dependin( upon t#e al(orit#m, to decr%pt me!!a(e! or file! encr%pted *for confidentialit%+ &it# t#e corre!pondin( public "e%)

T#e "e% of a "e% pair u!ed to create a di(ital !i(nature)

ri$ate "e%

cr%pto!%!tem!

?!ed in data encr%ption, it u!e! a !ecret "e% to encr%pt t#e plainte't to t#e cip#er

te't) It al!o u!e! t#e !ame "e% to decr%pt t#e cip#er te't to t#e corre!pondin(

plainte't) In t#i! ca!e, t#e "e% i! !%mmetric !uc# t#at t#e encr%ption "e% i!e1ui$alent to t#e decr%ption "e%)




ri$ile(e T#e le$el of tru!t &it# &#ic# !%!tem obect i! imbued

rocedure T#e portion of a !ecurit% polic% t#at !tate! t#e (eneral proce!! t#at &ill be

performed to accompli!# a !ecurit% (oal

roduction pro(ram! ro(ram! t#at are u!ed to proce!! li$e or actual data t#at &ere recei$ed a! input

into t#e production en$ironment)

roduction !oft&are Soft&are t#at i! bein( u!ed and e'ecuted to !upport normal and aut#ori.ed

or(ani.ational operation!) Suc# !oft&are i! to be di!tin(ui!#ed from te!t !oft &are)>#ic# i! bein( de$eloped or modified, but #a! not %et been aut#ori.ed for u!e b%

mana(ement)

rofe!!ional competence ro$en le$el of abilit%, often lin"ed to 1ualification! i!!ued b% rele$ant profe!!ional bodie! and compliance &it# t#eir code! of practice and !tandard!

ro(ram E$aluation andRe$ie& Tec#ni1ue

*ERT+

roect mana(ement tec#ni1ue u!ed in t#e plannin( and control of !%!tem proect!

roect portfolio T#e !et of proect! o&ned b% a compan%- it u!uall% include! t#e main (uideline!

relati$e to eac# proect includin( obecti$e!, co!t!, timeline! and ot#er information

!pecific to t#e proect)

ro(ram flo&c#art! ro(ram flo&c#art! !#o& t#e !e1uence of in!truction! in a !in(le pro(ram or !ubroutine) T#e !%mbol! u!ed !#ould be t#e internationall% accepted !tandard)

ro(ram flo&c#art! !#ould be updated &#en nece!!ar%)

ro(ram narrati$e! ro(ram narrati$e! pro$ide a detailed e'planation of pro(ram flo&c#art!,

includin( control point! and an% e'ternal input

roect !pon!or Con!idered for ac1ui!ition t#e per!on re!pon!ible for #i(#3le$el deci!ion!, !uc# a!

c#an(e! to t#e !cope and9or bud(et of t#e proect, and &#et#er or not toimplement

roect team roup of people re!pon!ible for a proect, &#o!e term! of reference ma% includet#e de$elopment, ac1ui!ition, implementation or maintenance of an application

!%!tem) T#e team member! ma% include line mana(ement, operational line !taff,

e'ternal contractor! and auditor!)romi!cuou! mode Allo&! t#e net&or" interface to capture all net&or" traffic irre!pecti$e of t#e

#ard&are de$ice to &#ic# t#e pac"et i! addre!!ed

rotection domain T#e area of t#e !%!tem t#at t#e intru!ion detection !%!tem i! meant to monitor and

protect

rotocol T#e rule! b% &#ic# a net&or" operate! and control! t#e flo& and priorit% of

tran!mi!!ion!

)rotocol con$erter Hard&are de$ice!, !uc# a! a!%nc#ronou! and !%nc#ronou! tran!mi!!ion!, t#at

con$ert bet&een t&o different t%pe! of tran!mi!!ion

rotocol !tac" A !et of utilitie! t#at implement a particular net&or" protocol) 6or in!tance, in&indo&! mac#ine! a TC9I !tac" con!i!t! of IC9I !oft&are,

rotot%pin( A !%!tem de$elopment tec#ni1ue t#at enable! u!er! and de$eloper! to reac#a(reement on !%!tem re1uirement!) rotot%pin( u!e! pro(rammed !imulation

tec#ni1ue! to repre!ent a model of t#e final emp#a!i! i! on end3u!er !creen! and

!%!tem to t#e u!er for ad$i!ement and criti1ue) T#e emp#a!i! i! on end3u!er !creen! and report!) Internal control! are not a priorit% item !ince t#i! i! onl% a

model)

ro'% !er$er A !er$er t#at act! on be#alf of a u!er) T%pical pro'ie! accept a connection from au!er, ma"e a deci!ion a! to &#et#er or not t#e u!er or client I addre!! i! permitted

to u!e t#e pro'%, per#ap! perform additional aut#entication, and complete a

:




connection to a remote de!tination on be#alf of t#e u!er)

A !er$er t#at !it! bet&een a client application !uc# a! a &eb bro&!er and a real

!er$er It intercept! all re1ue!t! to t#e real !er$er to !ee if it can fulfill t#e re1ue!t

it!elf If not, it for&ard! t#e re1ue!t to t#e real !er$er)

ublic Acce!! Pone enerall% !urround! or form! part of a (o$ernment facilit% E'ample! include t#e

(round! !urroundin( a buildin(, and public corridor! and ele$ator lobbie! inmultiple3occupanc% buildin(! Boundar% de!i(nator! !uc# a! !i(n! and direct or remote !ur$eillance ma% be u!ed to di!coura(e unaut#ori.ed acti$it%)

ublic "e% In an a!%mmetric cr%pto(rap#ic !c#eme, t#e "e% t#at ma% be &idel% publi!#ed toenable t#e operation of t#e !c#eme)

T#e "e% of a "e% pair u!ed to $erif% a di(ital !i(nature and li!ted in t#e Di(italSi(nature Certificate)

ublic 4e% Cr%pto(rap#%

*See Cr%pto(rap#%+

A t%pe of cr%pto(rap#% t#at u!e! a "e% pair of mat#ematicall% related

cr%pto(rap#ic "e%! T#e public "e% can be made a$ailable to an%one &#o &i!#e! to

u!e it and can encr%pt information or $erif% a di(ital !i(nature- t#e pri$ate "e% i!"ept !ecret b% it! #older and can decr%pt information or (enerate a di(ital !i(nature

ublic "e% cr%pto!%!tem ?!ed in data encr%ption) It u!e! an encr%ption "e%, a! a public "e%, to encr%pt t#e

plainte't to t#e cip#er te't) It u!e! t#e different decr%ption "e%, a! a !ecret "e%, todecr%pt t#e cip#er te't to t#e corre!pondin( plainte't) In contra!t to a pri$ate "e%

cr%pto!%!tem, t#e decr%ption "e% !#ould be !ecret- #o&e$er, t#e encr%ption "e%

can be "no&n to e$er%one, in a public "e% cr%pto!%!tem, t&o "e%! are a!%mmetric,!uc# t#at t#e encr%ption "e% i! not e1ui$alent to t#e decr%ption "e%)

ublic "e% infra!tructure*4I+ 9 4I Ser$er

A !%!tem t#at aut#enticall% di!tribute! u!er!/ public "e%! u!in( certificate!)

A !%!tem t#at aut#enticall% di!tribute! u!er/! public "e%! u!in( certificate!) It

$erifie! and aut#enticate! t#e $alidit% of eac# part% in$ol$ed in an Internettran!action t#rou(# di(ital certificate!, certificate aut#oritie! and ot#er re(i!trationaut#oritie!)

A !et of policie!, proce!!e!, !er$er platform!, !oft&are and &or"!tation! u!ed for t#e purpo!e of admini!terin( Di(ital Si(nature Certificate! and public3pri$ate "e%

pair!, includin( t#e abilit% to (enerate, i!!ue, maintain, and re$o"e public "e%

certificate!)

T#e arc#itecture, or(ani.ation, tec#ni1ue!, practice!, and procedure! t#at

collecti$el% !upport t#e implementation and operation of a certificate3ba!ed public

"e% cr%pto(rap#ic !%!tem It include! a !et of policie!, proce!!e!, !er$er platform!,!oft&are and &or"!tation!, u!ed for t#e purpo!e of admini!terin( Di(ital Si(nature

Certificate! and "e%!)

4I Hierarc#% A !et of Certif%in( Aut#oritie! &#o!e function! are or(ani.ed accordin( to t#e

principle of dele(ation of aut#orit% and related to eac# ot#er a! !ubordinate and!uperior Certif%in( Aut#orit%)

ublic "e% encr%ption A cr%pto(rap#ic !%!tem t#at u!e! to& "e%!) ne i! a public "e%, &#ic# i! "no&nto e$er%one, and t#e !econd i! a pri$ate or !ecret "e%, &#ic# i! onl% "no&n to t#e

F0




recipient of t#e me!!a(e)

ualit% a!!urance A tec#ni1ue u!ed to de!i(n, de$elop and implement a product or !er$ice reducin(

co!t! and pre!er$in( t#e 1ualit%)

ueue A (roup of item! t#at are &aitin( to be !er$iced or proce!!ed

uic" !#ip A reco$er% !olution pro$ided b% reco$er% and9or #ard&are $endor! and include! a

pre3 e!tabli!#ed contract to deli$er #ard&are re!ource! &it#in a !pecified number

amount of #our! after a di!a!ter occur!) T#i! !olution u!uall% pro$ide!or(ani.ation! &it# t#e abilit% to reco$er &it#in 72#our! or (reater)

Radio &a$e interference T#e !uperpo!ition of t&o or more radio &a$e! re!ultin( in a different radio &a$e

pattern t#at i! more difficult to intercept and decode properl%

RADI?S *remote aut#entication dial3in u!er !er$ice+

A t%pe of !er$ice pro$idin( an aut#entication and accountin( !%!tem often u!ed for dial3up and remote acce!! !ecurit%

Random acce!! memor%

*RAM+

T#e computer/! primar% &or"in( memor%) Eac# b%te of memor% can be acce!!ed

randoml% re(ardle!! of adacent b%te!)

Ran(e c#ec" Ran(e c#ec"! en!ure t#at data fall &it#in a predetermined ran(e *al!o !ee limit

c#ec"!+)

Rapid application

de$elopment

A met#odolo(% t#at enable! or(ani.ation! to de$elop !trate(icall% important

!%!tem! fa!ter, &#ile reducin( de$elopment co!t! and maintainin( 1ualit% b% u!in(

a !erie! of pro$en application de$elopment tec#ni1ue!, &it#in a &ell3definedmet#odolo(%)

Real3time anal%!i! Anal%!i! t#at i! performed on a continuou! ba!i!, &it# re!ult! (ained in time to

alter t#e run3time !%!temReal3time proce!!in( An interacti$e online !%!tem capabilit% t#at immediatel% update! computer file!

&#en tran!action! are initiated t#rou(# a terminal

Rea!onable a!!urance A le$el of comfort !#ort of a (uarantee but con!idered ade1uate (i$en t#e co!t! of

t#e control and t#e li"el% benefit! ac#ie$ed

Rea!onablene!! c#ec" Compare! data to predefined rea!onabilit% limit! or occurrence rate! e!tabli!#ed

for t#e data)

Recipient *of a Di(ital

Si(nature+

A per!on &#o recei$e! a di(ital !i(nature and &#o i! in a po!ition to rel% on it,

&#et#er or not !uc# reliance occur! *See also rel%in( part%+

Reciprocal a(reement Emer(enc% proce!!in( a(reement! bet&een t&o or more or(ani.ation! &it#

!imilar e1uipment or application!) T%picall%) articipant! promi!e to pro$ide

proce!!in( time to eac# ot#er &#en an emer(enc% ari!e!)Record A collection of related information treated a! a unit) Separate field! &it#in t#e

record are u!ed for proce!!in( t#e information)

Information t#at i! in!cribed on a tan(ible medium *a document+ or !tored in an

electronic or ot#er medium and retrie$able in percei$able form) T#e term record8

i! a !uper!et of t#e t&o term! document8 and me!!a(e8 *See also document-me!!a(e+

F5




Record, !creen and report

la%out!

Record la%out! pro$ide information re(ardin( t#e t%pe of record, it! !i.e and t#e

t%pe of data contained in t#e record) Screen and report la%out! de!cribe &#at

information i! pro$ided and nece!!ar% for input

Reco$er% point obecti$e

*R+

T#e reco$er% point obecti$e i! determined ba!ed on t#e acceptable data lo!! in

ca!e of di!ruption of operation!) It indicate! t#e earlie!t point in time to &#ic# it i!acceptable to reco$er t#e data) R effecti$el% 1uantifie! permi!!ible amount of

data lo!! in ca!e of interruption)

Reco$er% te!tin( A te!t to c#ec" t#e !%!tem/! abilit% to reco$er after a !oft&are or #ard&are failure

Reco$er% time obecti$e

*RT+

T#e reco$er% time obecti$e i! determined ba!ed on t#e acceptable !o&n time in

ca!e of di!ruption of operation!) It indicate! )It indicate! t#e earlie!t point in time

at &#ic# t#e bu!ine!! operation! mu!t re!ume after di!a!ter)

Redundant Arra% of

Ine'pen!i$e Di!"!*RAID+

ro$ide! performance impro$ement! and fault3tolerant capabilitie! $ia #ard&are

or !oft&are !oft &are !olution!, b% &ritin( to a !erie! of multiple di!"! to impro$e performance and9or !a$e lar(e file! !imultaneou!l%

Redo lo(! 6ile! maintained b% a !%!tem, primaril% a databa!e mana(ement !%!tem, for t#e purpo!ed of reappl%in( c#an(e! follo&in( an error or outa(e reco$er%

Redundanc% c#ec" Detect! tran!mi!!ion error! b% appendin( calculated bit! onto t#e end of eac#

!e(ment of dataReen(ineerin( A proce!! in$ol$in( t#e e'traction of component! from e'i!tin( !%!tem! and

re!tructurin( t#e!e component! to de$elop ne& !%!tem! or to en#ance t#eefficienc% of e'i!tin( !%!tem!) E'i!tin( !oft&are !%!tem! t#u! can be moderni.ed

to prolon( t#eir functionalit%) An e'ample of t#i! i! a !oft&are code tran!lator t#at

can ta"e an e'i!tin( #ierarc#ical databa!e !%!tem and tran!po!e it to a relationaldataba!e !%!tem) CASE include! a !ource code reen(ineerin( feature)

Re(i!tration aut#orit%*RA+

An optional entit% !eparate from a CA t#at &ould be u!ed b% a CA &it# a $er%lar(e cu!tomer ba!e, CA! u!e RA! to dele(ate !ome of t#e admini!trati$e

function! a!!ociated &it# recordin( or $erif%in( !ome or all or t#e information

needed b% a CAA to i!!ue certificate! or CR! and to perform ot#er certificate

mana(ement function!) Ho&e$er, &it# t#i! arran(ement, t#e CA !till retain! !olere!pon!ibilit% for !i(nin( eit#er di(ital certificate! or CR!) I6 an RA i! not

pre!ent in t#e e!tabli!#ed 4I !tructure, t#e CA i! a!!umed to #a$e t#e !ame !et of

capabilitie! a! t#o!e defined for an RA)

Re(re!!ion te!tin( A te!tin( tec#ni1ue u!ed to rete!t earlier pro(ram a bend! or lo(ical error! t#at

occurred durin( t#e initial te!tin( p#a!e

Rele$ant audit e$idence Audit e$idence i! rele$ant if it pertain! to t#e audit obecti$e! and #a! a lo(ical

relation!#ip to t#e findin(! and conclu!ion!

Reliable audit e$idence Audit e$idence i! reliable of, in t#e IS auditor/! opinion, it i! $alid, factual,

obecti$e and !upportable)

Rel% 9 Reliance *on a

Certificate and Di(italSi(nature+

To accept a di(ital !i(nature and act in a manner t#at could be detrimental to

one!elf &ere t#e di(ital !i(nature to be ineffecti$e *See also rel%in( part%-recipient+

Rel%in( art% A recipient &#o act! in reliance on a certificate and di(ital !i(nature) See also

recipient- rel% or reliance *on a certificate and di(ital !i(nature+)

Remote acce!! !er$ice

*RAS+

Refer! to an% combination of #ard&are and !oft&are to enable t#e remote acce!! to

tool! or information t#at t%picall% re!ide on a net&or" of IT de$ice!) ri(inall%coined b% Micro!oft &#en referrin( t#eir built3in T remote acce!! tool!, RAS

&a! a !er$ice pro$ided b% &indo&! T &#ic# allo&! mo!t of t#e !er$ice! t#at

&ould be a$ailable on a net&or" to be acce!!ed o$er a modem lin") $er t#e

F2




%ear!, Man% $endor! #a$e pro$ided bot# #ard&are and !oft&are !olution! to (ain

remote acce!! to $ariou! t%pe! of net&or"ed information) In fact, mo!t modern

router! include a ba!ic RAS capabilit% t#at can be enabled for an% dial3upinterface)

Remote ob entr% *R@E+ T#e tran!mi!!ion of ob control lan(ua(e *@C+ and batc#e! of tran!action! from aremote terminal location

Remote rocedure Call

*RC+

T#e traditional Internet !er$ice protocol &idel% u!ed for man% %ear! on ?I3

ba!ed operatin( !%!tem! and !upported b% t#e Internet En(ineerin( Ta!" 6orce*IET6+t#at allo&! a pro(ram on one computer to e'ecute a pro(ram on anot#er

*e)(), !er$er+) T#e primar% benefit deri$ed from it! u!e i! t#at a !%!tem de$eloper

need not de$elop !pecific procedure! for t#e tar(eted computer !%!tem) 6or e'ample, in a client3!er$er arran(ement, t#e client pro(ram !end! a me!!a(e to t#e

!er$er &it# appropriate ar(ument!, and t#e !er$er return! a me!!a(e containin( t#e

re!ult! of t#e pro(ram e'ecuted) Common bect Re1ue!t Bro"er Arc#itecture*CRBA+ and Di!tributed Component bect Model *DCM+ are t&o ne&er

obect3oriented met#od! for related RC functionalit%)

Rene&al T#e proce!! of obtainin( a ne& Di(ital Si(nature Certificate of t#e !ame cla!! and

t%pe for t#e !ame !ubect once an e'i!tin( Di(ital Si(nature Certificate #a!

e'pired)Repeater! A #%!ical la%er de$ice t#at re(enerate! and propa(ate! electrical !i(nal! bet&een

t&o net&or" !e(ment!) Repeater! recei$e !i(nal! from one net&or" !e(ment and

amplif% *re(enerate+ t#e !i(nal to compen!ate for !i(nal! *analo( or di(ital+di!torted b% tran!mi!!ion lo!! due to reduction of !i(nal !tren(t# durin(

tran!mi!!ion *i)e), attenuation+)

Replication In it! broad computin( !en!e, in$ol$e! t#e u!e of redundant !oft&are or #ard&are

element! to pro$ide a$ailabilit% and fault3tolerant capabilitie!) In a databa!e

conte't, replication in$ol$e! t#e !#arin( of data bet&een databa!e! to reduce&or"load amon( databa!e !er$er!, t#ereb% impro$in( client performance, &#ile

maintainin( con!i!tenc% amon( all !%!tem!)

Repo!itor% T#e central databa!e t#at !tore! and or(ani.e! data)

A databa!e of Di(ital Si(nature Certificate! and ot#er rele$ant informationacce!!ible on3line)

Repudiation T#e denial b% one of t#e partie! to a tran!action or part of t#at tran!action or of t#econtent of communication! related to t#at tran!action)

T#e denial or attempted denial b% an entit% in$ol$ed in a communication of #a$in(

participated in all or part of t#e communication) *See Also onrepudiation+)

Reputational ri!" T#e current and pro!pecti$e effect on earnin(! and capital ari!in( from ne(ati$e

public opinion) T#i! affect! t#e ban"/! abilit% to e!tabli!# ne& relation!#ip! or !er$ice! or continue !er$icin( e'i!tin( relation!#ip!) Reputation ri!" ma% e'po!e

t#e ban" to liti(ation, financial lo!! or a decline in it! cu!tomer ba!e) A ban"/!

reputation can be dama(ed b% internet ban"in( !er$ice! t#at are poorl% e'ecuted or ot#er&i!e alienate cu!tomer! and t#e public) An internet ban" #a! a (reater

reputation ri!" a! compared to a traditional bric"3and3mortar ban" !ince it i! ea!ier

for it! cu!tomer! to lea$e and (o to a different internet band and !ince it cannotdi!cu!! an% problem! &it# t#e cu!tomer in per!on

F;




Repo!itor% *R6+ A document di!tributed to !oft&are $endor! re1ue!tin( t#eir !ubmi!!ion of a

propo!al to de$elop or pro$ide a !oft&are product

Re1uirement! definition A p#a!e of a SDC met#odolo(% &#ere t#e affected u!er (roup! define t#e

re1uirement! of t#e !%!tem for meetin( t#e defined need!

Re!idual ri!" T#e ri!" a!!ociated &it# an e$ent &#en t#e control i! in place to reduce t#e effect

or li"eli#ood of t#at e$ent bein( ta"en into account

Re1uirement! definition A p#a!e of a SDC met#odolo(% &#ere t#e affected u!er (roup! define t#e

re1uirement! of t#e !%!tem for meetin( t#e defined need!Re!ilience T#e abilit% of a !%!tem or net&or" to reco$er automaticall% from an% di!ruption,

u!uall% &it# minimal reco(ni.able effect

Return on in$e!tment*RI+

A mea!ure of operatin( performance and efficienc%, computed in it! !imple!t form b% di$idin( net income b% a$era(e total a!!et!)

Re$er!e en(ineerin( A !oft&are en(ineerin( tec#ni1ue &#ereb% e'i!tin( application !%!tem code can be rede!i(ned and coded u!in( computer3aided !oft&are en(ineerin( *CASE+)

Re$o"e a Certificate T#e proce!! of permanentl% endin( t#e operational period of a Di(ital Si(nature

Certificate from a !pecified time for&ard

Rin( confi(uration ?!ed in dit#er to"en rin( or 6DDI net&or"!, all !tation! *node!+ are connected to a

multi!tation acce!! unit *MSA?+, &#ic# p#%!icall% re!emble! a !tar3t%pe topolo(%,

A rin( confi(uration i! created &#en t#e!e MSA?! are lin"ed to(et#er in formin(a net&or") Me!!a(e! in t#i! net&or" are !ent in a determini!tic fa!#ion from

!ender and recei$er $ia a !mall frame, referred to a! a to"en rin() To !end ame!!a(e, a !ender obtain! t#e to"en &it# t#e ri(#t priorit% a! t#e to"en tra$el!

around t#e rin(, &it# recei$in( node! readin( t#o!e me!!a(e! addre!!ed to it)

R6C*re1ue!t for

comment!+

A document t#at #a! been appro$ed b% t#e IET6 become! an R6C and i! a!!i(ned

a uni1ue number once publi!#ed) If it (ain! enou(# intere!t, it ma% e$ol$e into an

Internet !tandard)

Rin( topolo(% A t%pe of A arc#itecture in &#ic# t#e cable form! a loop, &it# !tation! attac#ed

at inter$al! around t#e loop) Si(nal! tran!mitted around t#e rin( ta"e t#e form of

me!!a(e!) Eac# !tation recei$e! t#e me!!a(e! and eac# !tation determine!, on t#e

ba!i! of an addre!!, &#et#er to accept or proce!! a (i$en me!!a(e) Ho&e$er) after recei$in( a me!!a(e, eac# !tation act! a! a repeater, retran!mittin( t#e me!!a(e at

it! ori(inal !i(nal !tren(t#

Ri!" T#e potential t#at a (i$en t#reat &ill e'ploit $ulnerabilitie! of an a!!et or (roup of

a!!et! to cau!e lo!! of9or dama(e to t#e a!!et!) It u!uall% i! mea!ured b% acombination of impact and probabilit% of occurrence)

T#e potential of dama(e to a !%!tem or a!!ociated a!!et! t#at e'i!t! a! a re!ult of t#e combination of !ecurit% t#reat and $ulnerabilit%)

Ri!" Anal%!i! T#e proce!! of identif%in( !ecurit% ri!"!, determinin( t#eir ma(nitude, and

identif%in( area! needin( !afe(uard!)

Ri!" a!!e!!ment A proce!! u!ed to identif% and e$aluate ri!"! and t#eir potential effect!)

An anal%!i! of !%!tem a!!et! and $ulnerabilitie! to e!tabli!# an e'pected lo!! fromcertain e$ent! ba!ed on e!timated probabilitie! of t#e occurrence of t#o!e e$ent!)

Ri!" Mana(ement T#e total proce!! of identif%in(, controllin(, and eliminatin( or minimi.in(

uncertain e$ent! t#at ma% affect Information Tec#nolo(% !%!tem re!ource!)

F




Root "it A !oft&are !uite de!i(ned to aid an intruder in (ainin( unaut#ori.ed admini!trati$e

acce!! to a computer !%!tem

Rotatin( !tandb% A fail3o$er proce!! in &#ic# t#ere are t&o node! *a! in idle !tandb% but &it#out

priorit%+) T#e node t#at enter! t#e clu!ter fir!t o&n! t#e re!ource (roup, and t#e

!econd &ill oin a! a !tandb% node)

Roundin( do&n A met#od of computer fraud in$ol$in( a computer code t#at in!truct! t#e computer

to remo$e !mall amount! of mone% from an aut#ori.ed computer tran!action b%

roundin( do&n to t#e neare!t &#ole $alue denomination and reroutin( t#e roundedoff amount to t#e perpetrator/! account

Router A net&or"in( de$ice t#at can !end *route+ pac"et! to t#e connected A !e(ment, ba!ed on addre!!in( at t#e net&or" la%er *a%er ;+ in t#e SI model) et&or"!

connected b% router! can u!e different or !imilar net&or"in( protocol!) Router!

u!uall% are capable of filterin( pac"et! ba!ed on parameter!, !uc# a! !ourceaddre!!, de!tination addre!!, protocol and net&or" application *port!+)

RS32;2 interface Interface bet&een data terminal e1uipment and data communication! e1uipmentemplo%in( !erial binar% data interc#an(e

RSA A public "e% cr%pto!%!tem de$eloped b% R) Ri$e!t, A) S#amir and ) Adleman)

RSA #a! t&o different "e%!- t#e public encr%ption "e% and t#e !ecret decr%ption

"e%) T#e !tren(t# of RSA depend! on t#e difficult% of t#e prime number factori.ation) 6or application! &it# #i(#3le$el !ecurit%, t#e number of t#e

decr%ption "e% bit! !#ould be (reater t#an F52 bit!) RSA i! u!ed for bot#encr%ption and di(ital !i(nature!)

A public "e% cr%pto(rap#ic !%!tem in$ented b% Ri$e!t, S#amir Adelman)

Rule ba!e T#e li!t of rule! and9or (uidance t#at i! u!ed to anal%.e e$ent data

Run in!truction! Computer operatin( in!truction! &#ic# detail t#e !tep3b%3!tep proce!!e! t#at are to

occur !o an application !%!tem can be properl% e'ecuted) It al!o identifie! #o& to

addre!! problem! t#at occur durin( proce!!in()Run3to3run total! ro$ide $erification t#at all tran!mitted data are read and proce!!ed

Salami tec#ni1ue A met#od of computer fraud in$ol$in( a computer code t#at in!truct! t#e computer

to !lice off !mall amount! of mone% from an aut#ori.ed computer tran!action andreroute t#i! amount to t#e perpetrator/! account

Samplin( ri!" T#e probabilit% t#at t#e IS auditor #a! reac#ed an incorrect conclu!ion becau!e anaudit !ample, rater t#an t#e &#ole population, &a! te!ted, &#ile !amplin( ri!" can

be reduced to an acceptabl% lo& le$el b% u!in( an appropriate !ample !i.e and

!election met#od, it can ne$er be eliminated)Sc#edulin( A met#od u!ed in t#e information proce!!in( facilit% *I6+ to determine and

e!tabli!# t#e !e1uence of computer ob proce!!in(

Scope creep Al!o called re1uirement creep, t#i! refer! to uncontrolled c#an(e! in a proect/!

!cope) T#i! p#enomenon can occur &#en t#e !cope lf a proect i! not properl%

defined, documented and controlled) T%picall%, t#e !cope increa!e con!i!t! of eit#er ne& product! or ne& feature! of alread% appro$ed product!) Hence, t#e

proect team drift! a&a% from it! ori(inal purpo!e) Becau!e of one/! tendenc% to

focu! on onl% one dimen!ion of a proect, !cope creep can al!o re!ult in a proect

FF




team o$errunnin( it! ori(inal bud(et and !c#edule) 6or e'ample, !cope creep can

be a re!ult of poor c#an(e control, lac" of proper identification of &#at product!

and feature! are re1uired to brin( about t#e ac#ie$ement of proect obecti$e! int#e fir!t place, or a &ea" proect mana(er or e'ecuti$e !pon!or)

Screenin( router! A router confi(ured to permit or den% traffic ba!ed on a !et of permi!!ion rule!in!talled b% t#e admini!trator

Secret S#are A portion of a cr%pto(rap#ic !ecret !plit amon( a number of p#%!ical to"en!)

Secret S#are Holder An aut#ori.ed #older of a p#%!ical to"en containin( a !ecret !#are)

Secure C#annel A cr%pto(rap#icall% en#anced communication! pat# t#at protect! me!!a(e! a(ain!t percei$ed !ecurit% t#reat!)

Secure Soc"et! a%er *SS+

A protocol t#at i! u!ed to tran!mit pri$ate document! t#rou(# t#e Internet) T#i! protocol u!e! a pri$ate "e% to encr%pt t#e data t#at i! to be tran!ferred t#rou(# t#e

SS connection)

Secure S%!tem Mean! computer #ard&are, !oft&are, and procedure t#atO

*a+ are rea!onabl% !ecure from unaut#ori!ed acce!! and mi!u!e-

*b+ pro$ide a rea!onable le$el of reliabilit% and correct operation-

*c+ are rea!onabl% !uited to performin( t#e intended function!- and *d+ ad#ere to (enerall% accepted !ecurit% procedure!)

Securit% T#e 1ualit% or !tate of bein( protected from unaut#ori.ed acce!! or uncontrolledlo!!e! or effect!) Ab!olute !ecurit% i! impo!!ible to ac#ie$e in practice and t#e

1ualit% of a (i$en !ecurit% !%!tem i! relati$e) >it#in a !tate3model !ecurit%

!%!tem, !ecurit% i! a !pecific !tate to be pre!er$ed under $ariou! operation!)

Securit% admini!trator T#e per!on re!pon!ible for implementin(, monitorin( and enforcin( !ecurit% rule!

e!tabli!#ed and aut#ori.ed b% mana(ement

Securit% mana(ement 5+ T#e proce!! of e!tabli!#in( and maintainin( !ecurit% in a computer or net&or"

!%!tem) T#e !ta(e! of t#i! proce!! include pre$ention of !ecurit% problem!,

detection of intru!ion!, in$e!ti(ation of intru!ion! and re!olution)

2+ In net&or" mana(ement, controllin( acce!! to t#e net&or" and re!ource!,findin( intru!ion!, identif%in( entr% point! for intruder! and repairin( or ot#er&i!e

clo!in( t#o!e a$enue! of acce!!)

Securit% perimeter T#e boundar% t#at define! t#e area of !ecurit% concern and !ecurit% polic%

co$era(e

Securit% polic% 5+T#e !et of mana(ement !tatement! t#at document! an or(ani.ation/! p#ilo!op#%

of protectin( it! computin( and information a!!et!)

2+T#e !et of !ecurit% rule! enforced b% t#e !%!tem/! !ecurit% feature!)

A document &#ic# articulate! re1uirement! and (ood practice! re(ardin( t#e protection! maintained b% a tru!t&ort#% !%!tem)

Securit% rocedure Mean! t#e !ecurit% procedure pre!cribed under an Act pa!!ed b% t#e o$ernment)

Securit% Ser$ice! Ser$ice! pro$ided b% a !et of !ecurit% frame&or"! and performed b% mean! of

certain !ecurit% mec#ani!m! Suc# !er$ice! include, but are not limited to, acce!!

control, data confidentialit%, and data inte(rit%)

Securit% !oft&are Soft&are u!ed to admini!ter lo(ical !ecurit%) It u!uall% include! aut#entication of

u!er!, acce!! (rantin( accordin( to predefined rule!, monitorin( and reportin(

FG




function!,

Securit% te!tin( Ma"in( !ure t#e modified9ne& !%!tem include! appropriate acce!! control! and

doe! not introduce an% !ecurit% #ole! t#at mi(#t compromi!e ot#er !%!tem!

Securit%9tran!action ri!" T#e current and pro!pecti$e ri!" to earnin(! and capital ari!in( from fraud, error

and t#e inabilit% to deli$er product! or !er$ice!, maintain a competiti$e po!itionand mana(e information) Securit% ri!" i! e$ident in eac# product and !er$ice

offered and encompa!!e! product de$elopment and deli$er%, tran!action

proce!!in(, !%!tem! de$elopment, computin( !%!tem!, comple'it% of product! and!er$ice! and t#e internal control en$ironment) A #i(# le$el of !ecurit% ri!" ma%

e'i!t &it# Internet ban"in( product!, particularl% if t#o!e line! of bu!ine!! are not

ade1uatel% planned, implemented and monitored)

Securit% Pone An area to &#ic# acce!! i! limited to aut#ori!ed per!onnel and to aut#ori!ed and

properl% e!corted $i!itor! Securit% Pone! !#ould preferabl% be acce!!ible from an

peration! Pone, and t#rou(# a !pecific entr% point A Securit% Pone need not be!eparated from an peration! Pone b% a !ecure perimeter A Securit% Pone !#ould

be monitored 2 #our! a da% and 7 &ee" b% !ecurit% !taff, ot#er per!onnel or

electronic mean!)

Se(re(ation9!eparation of

dutie!

A ba!ic control t#at pre$ent! or detect! error! !and irre(ularitie! b% a!!i(nin(

re!pon!ibilit% for initiatin( tran!action!, recordin( tran!action! and cu!tod% of a!!et! to !eparate indi$idual!) Commonl% u!ed in lar(e IT or(ani.ation! !o t#at on

!in(le per!on i! in a po!ition to introduce fraudulent or maliciou! code &it#out

detection)

Self3Si(ned ublic 4e% A data !tructure t#at i! con!tructed t#e !ame a! a Di(ital Si(nature Certificate but

t#at i! !i(ned b% it! !ubect ?nli"e a Di(ital Si(nature Certificate, a !elf3!i(ned

public "e% cannot be u!ed in a tru!t&ort#% manner to aut#enticate a public "e% toot#er partie!)

Se1uence c#ec" Jerifie! t#at t#e control number follo&! !e1uentiall%/ and an% control number! outof !e1uence are reected or noted on an e'ception report for furt#er re!earc# *can

be alp#a or numeric and u!uall% utili.e! a "e% field+

Se1uential file A computer file !tora(e format in &#ic# one record follo&! anot#er) Record! can

be acce!!ed !e1uentiall% onl%) It i! re1uired &it# ma(netic tape)

Ser$er A computer !%!tem t#at re!pond! to re1ue!t! from client !%!tem!)

Ser$ice bureau A computer facilit% t#at pro$ide! data proce!!in( !er$ice! to client! on a continual

ba!i!

Ser$ice le$el a(reement

*SA+

Defined minimum performance mea!ure! at or abo$e &#ic# t#e !er$ice deli$ered

i! con!idered acceptable

Ser$ice pro$ider T#e or(ani.ation pro$idin( t#e out!ourced !er$ice

Ser$ice u!er T#e or(ani.ation u!in( t#e out!ourced !er$ice

Ser$ice !et identifier

*SSID+

In >i3fi >irele!! A computer net&or"in(, t#i! i! a code attac#ed to al pac"et!

on a &irele!! net&or" to identif% eac# pac"et a! part of t#at net&or") T#e code

con!i!t! of a ma'imum of ;2 alp#anumeric c#aracter!) All &irele!! de$ice!attemptin( to communicate &it# eac# ot#er mu!t !#are t#e !ame SSID) Apart from

identif%in( eac# pac"et, SSID al!o !er$e! to uni1uel% identif% a (roup of &irele!!

net&or" de$ice! u!ed in a (i$en !er$ice !et) T#ere are t&o maor $ariant! of t#e

F7




SSID) Ad #oc &irele!! net&or"! t#at con!i!t of client mac#ine! &it#out an acce!!

point u!e t#e IBSSID *Independent Ba!ic Ser$ice Set Identifier+- &#erea! on an

infra!tructure net&or" &#ic# include! an acce!! point, t#e ba!ic !er$ice !etidentifier *BSS ID+ or e'tended !er$ice !et identifier *ESS ID+ i! u!ed in!tead)

Ser$let T%picall% indicate! a a$a applet or a !mall pro(ram t#at run! &it#in a &eb !er$er en$ironment) A a$a !er$let i! !imilar to a CI pro(ram, but unli"e a CI

pro(ram, once !tarted, it !ta%! in memor% and can fulfill multiple re1ue!t!, t#ereb%

!a$in( !er$er e'ecution time and !peedin( up t#e !er$ice!)Se!!ion border controller

*SBC+

ro$ide !ecurit% feature! for JoI traffic !imilar to t#at pro$ided b% fire&all!)

SBC! can be confi(ured to filter !pecific JoI protocol!, monitor for denial3of3

!er$ice *DS+ attac"!, and pro$ide met&or" addre!! and protocol tran!lationfeature!)

S#ell T#e interface bet&een t#e u!er and t#e !%!tem

Si(n To create a di(ital !i(nature for a me!!a(e, or to affi' a !i(nature to a document,dependin( upon t#e conte't)

Si(nature! attern! indicatin( mi!u!e of a !%!tem)

Si(ner A per!on &#o create! a di(ital !i(nature for a me!!a(e, or a !i(nature for a

documentSimple fail3o$er A fail3o$er proce!! in &#ic# t#e primar% node o&n! t#e re!ource (roup) T#e

bac"up node run! a non3critical application *e)(), a de$elopment or te!t

en$ironment+ and ta"e! o$er t#e critical re!ource (roup but not $ice $er!a)

Si(n3on procedure T#e procedure performed b% a u!er to (ain acce!! to an application or operatin(!%!tem) If t#e u!er i! properl% identified and aut#enticated b% t#e !%!tem/!

!ecurit%, t#e% &ill be able to acce!! t#e !oft&are)

Simple bect Acce!!

protocol *SA+

A platform3independent, M3ba!ed formatted protocol enablin( application! to

communicate &it# eac# ot#er o$er t#e Internet) ?!e of t#i! protocol ma% pro$ide a

!i(nificant !ecurit% ri!" to &eb application operation!, !ince u!e of SA pi((%bac"! onto a &eb3ba!ed document obect model and i! tran!mitted $ia HTT

*port 0+ to penetrate !er$er fire&all!, &#ic# are u!uall% confi(ured to accept port0 and port 25 *6T+ re1ue!t!) >eb3 ba!ed document model! define #o& obect!on a &eb pa(e are a!!ociated &it# eac# ot#er and #o& t#e% can be manipulated

&#ile bein( !ent from a !er$er to a client bro&!er) SA form! t#e foundation

la%er of t#e &eb !er$ice! !tac", pro$idin( a ba!ic me!!a(in( frame&or" on &#ic#

more ab!tract la%er! can build) T#ere are !e$eral different t%pe! of pro$idin( a ba!ic me!!a(in( frame&or" on &#ic# more ab!tract la%er! can build) T#ere are

!e$eral different t%pe! of me!!a(in( pattern! in SA, but b% far t#e mo!t

common i! t#e Remote procedure Cal *RC+ pattern, in &#ic# one net&or" node*t#e client+!end! a re1ue!t me!!a(e to anot#er node *t#e !er$er+, and t#e !er$er

immediatel% !end! a re!pon!e me!!a(e to t#e client)

Sin(le point of failure A re!ource &#o!e lo!! &ill re!ult in t#e lo!! of !er$ice or production

Slac" time *float+ Time in t#e proect !c#edule, t#e u!e of &#ic# doe! not affect t#e proect/! critical

pat# *t#e minimum time to complete t#e proect ba!ed upon t#e e!timated time for eac# proect !e(ment and t#eir relation!#ip!+) Slac" time i! commonl% referred to

a! float8 and (enerall% i! not o&ned8 b% eit#er part% to t#e tran!action)

F




SMART *!pecific,

mea!urable, ac#ie$able,rele$ant, time3bound+

A de$elopment met#odolo(% for $alue mana(ement

Smart card A !mall electronic de$ice t#at contain! electronic memor%, and po!!ibl% anembedded inte(rated circuit) It can be u!ed for a number of purpo!e! includin( t#e

!tora(e of di(ital certificate! or di(ital ca!#, or it can be u!ed a! a to"en to

aut#enticate u!er!)

A #ard&are to"en t#at incorporate! one or more inte(rated circuit *IC+ c#ip! to

implement cr%pto(rap#ic function! and t#at po!!e!!e! !ome in#erent re!i!tance to

tamperin()

S9Mime A !pecification for E3mail !ecurit% e'ploitin( a cr%pto(rap#ic me!!a(e !%nta' in

an Internet mime en$ironment)

SMT *Simple Mail

Tran!port rotocol

T#e !tandard e3mail protocol on t#e internet

Sniff T#e act of capturin( net&or" pac"et!, includin( t#e!e not nece!!aril% de!tined for

t#e computer runnin( t#e !niffin(

Soft&are ro(ram! and !upportin( documentation t#at enable and facilitate u!e of t#ecomputer) Soft&are control! t#e operation of t#e #ard&are,

Source code Source code i! t#e lan(ua(e in &#ic# a pro(ram i! &ritten) Source code i!

tran!lated into obect code b% a!!embler! and compiler!) In !ome ca!e!, !ource

code ma% be con$erted automaticall% into anot#er lan(ua(e b% a con$er!ion pro(ram) Source code i! not e'ecutable b% t#e computer directl%) It mu!t fir!t be

con$erted into mac#ine lan(ua(e)

Source code compare

pro(ram!

ro(ram! t#at pro$ide a!!urance t#at t#e !oft&are bein( audited i! t#e correct

$er!ion of t#e !oft&are, b% pro$idin( a meanin(ful li!tin( of an% di!crepancie!

bet&een t#e t&o $er!ion! of t#e pro(ram

Source document! T#e form! u!ed to record data t#at #a$e been captured) A !ource document ma% be

a piece of paper/ a turnaround document or an ima(e di!pla%ed for online datainput)

Source line! of code

*SC+

Source line! of code are often u!ed in deri$in( !in(le3point !oft&are !i.e

e!timation!)

Spannin( port A port confi(ured on a net&or" !&itc# to recei$e copie! of traffic from one or

more ot#er port! on t#e !&itc#)

Split data !%!tem! A condition in &#ic# eac# of an or(ani.ation/! re(ional location! maintain! it!

o&n financial and operational data &#ile !#arin( proce!!in( &it# an or(ani.ation

&ide, centrali.ed databa!e) T#i! permit! ea!% !#arin( of data &#ile maintainin( acertain le$el of autonom%)

Split DS An implementation of DS intended to !ecure re!pon!e! pro$ided b% t#e !er$er

!uc# t#at different re!pon!e! are (i$en to internal $!) e'ternal u!er!

Spoofin( 6a"in( t#e !endin( addre!! of a tran!mi!!ion in order to (ain ille(al entr% into a!ecure !%!tem

Spool *!imultaneou! perip#eral operation!

online+

An automated function t#at can be operatin( !%!tem or application ba!ed in &#ic#electronic data bein( tran!mitted bet&een !tora(e area! are !pooled until t#e

recei$in( de$ice or !tora(e area i! prepared and able to recei$e t#e information)

T#i! operation allo&! more efficient electronic data tran!fer! from one de$ice to

anot#er b% permittin( #i(#er !peed !endin( function!, !uc# a! internal memor%, tocontinue on &it# ot#er operation! in!tead of &aitin( on t#e !lo&er !peed recei$in(

F:




de$ice, !uc# a! a printer) )

Standin( data ermanent reference data u!ed in tran!action proce!!in() T#e!e data are c#an(ed

infre1uentl%, !uc# a! a product price file or a name and addre!! file)

Sp%&are Soft&are &#o!e purpo!e i! to monitor a computer u!er/! action! *e)(), &eb !ite!

t#e% $i!it+ and report t#e!e action! to a t#ird part%, &it#out t#e informed con!ent of

t#e mac#ine/! o&ner or le(itimate u!er) A particularl% maliciou! form of !p%&arei! !oft&are t#at monitor! "e%!tro"e! * e)(), to obtain pa!!&ord!+ or ot#er&i!e

(at#er! !en!iti$e information !uc# a! credit card number!, &#ic# it t#em tran!mit!

to a maliciou! t#ird part%) T#e term #a! al!o come to refer more broadl% to!oft&are t#at !ub$ert! t#e computer/! operation for t#e benefit of a t#ird part%)

Determine! t#e inte(rit% if actual proce!!in(, &#ic# pro$ide! e$idence of t#e

$alidit% of t#e final out come) T#i! i! done out !ide of a re$ie& of proce!!e! andrelated internal control!) 6or e'ample, balance! in t#e financial !tatement and t#e

tran!action! to !upport t#o!e balance! are a !ub!tanti$e te!t) eneral t%pe! of

te!tin( in$ol$e recalculation, confirmation!, $erification of outcome! from ot#er information !ource! and ob!er$ation!) Sub!tanti$e te!tin( &ill be limited &#en

t#ere i! a lo& ri!" of control failure) Con$er!el%, if t#e te!tin( of bb

Stati!tical !amplin( A met#od of !electin( a portion of a population, b% mean! of mat#ematical

calculation! and probabilitie!, for t#e purpo!e of ma"in( !cenicall% and

mat#ematicall% !ound inference! re(ardin( t#e c#aracteri!tic! of t#e entire

population

Strate(ic ri!" T#e current and pro!pecti$e effect on earnin(! or capital ari!in( from ad$er!e

bu!ine!! deci!ion!, improper implementation of deci!ion! or lac" of re!pon!i$ene!! to indu!tr% c#an(e!)

Structured pro(rammin( A top3do&n tec#ni1ue of de!i(nin( pro(ram! and end u!er! in acce!!in( relationaldataba!e!

Stora(e area net&or"!*SA!+

A $ariation of a A t#at i! dedicated for t#e e'pre!! purpo!e of connectin(!tora(e de$ice! to !er$er! and ot#er computin( de$ice!) SA! centrali.e t#e

proce!! for t#e !tora(e and admini!tration of data)

Structured uer%an(ua(e *S+

T#e primar% lan(ua(e u!ed b% bot# application pro(rammer! and end u!er! inacce!!in( relational databa!e!

Subect *of a Certificate+ T#e #older of a pri$ate "e% corre!pondin( to a public "e% T#e term !ubect8 canrefer to bot# t#e e1uipment or de$ice t#at #old! a pri$ate "e% and to t#e indi$idual

per!on, if an%, &#o control! t#at e1uipment or de$ice A !ubect i! a!!i(ned an

unambi(uou! name, &#ic# i! bound to t#e public "e% contained in t#e !ubect/!Di(ital Si(nature Certificate)

Subect matter *Area of acti$it%+ T#e !pecific information !ubect to t#e IS auditor/! report andrelated procedure! &#ic# can include t#in(! !uc# a! t#e de!i(n or operation of

internal control! and compliance &it# pri$ac% practice! of !tandard! or !pecified

la&! and re(ulation!)

Subect ame T#e unambi(uou! $alue in t#e !ubect name field of a Di(ital Si(nature

Certificate, &#ic# i! bound to t#e public "e%)

Sub!criber A per!on in &#o!e name t#e Di(ital Si(nature Certificate i! i!!ued)

Sub!criber A(reement T#e a(reement e'ecuted bet&een a !ub!criber and a Certif%in( Aut#orit% for t#e

pro$i!ion of de!i(nated public certification !er$ice! in accordance &it# t#i!

Certification ractice Statement)

Sub!criber Information Information !upplied to a certification aut#orit% a! part of a Di(ital Si(nature

Certificate application *See also certificate application+)

G0




Sub!tanti$e te!tin( Determine! t#e inte(rit% of actual proce!!in(, &#ic# pro$ide! e$idence of t#e

$alidit% of t#e final outcome) T#i! i! done out!ide of a re$ie& of proce!!e! and

related internal control!) 6or e'ample, balance! in t#e financial !tatement and t#etran!action! to !upport t#o!e balance! are a !ub!tanti$e te!t) eneral t%pe! of

te!tin( in$ol$e recalculation, confirmation!, $erification of outcome! from ot#er

information !ource! and ob!er$ation!) Sub!tanti$e te!tin( &ill be limited &#ent#ere i! a lo& ri!" of control failure) Con$er!el%, if t#e te!tin( of control! re$eal!

&ea"ne!!e! in control, t#e le$el of !ub!tanti$e te!tin( &ould be increa!ed)Suppl% c#ainmana(ement*SCM+

A concept t#at allo&! an or(ani.ation to more effecti$el% and efficientl% mana(et#e acti$itie! of de!i(n, manufacturin(, di!tribution, !er$ice and rec%clin( of

product! and !er$ice! it! t#eir cu!tomer!)

Su!pend a Certificate A temporar% #old placed on t#e effecti$ene!! of t#e operational period of a

Di(ital Si(nature Certificate &it#out permanentl% re$o"in( t#e Di(ital Si(nature

Certificate A Di(ital Si(nature Certificate !u!pen!ion i! in$o"ed b%, eg, a CRentr% &it# a rea!on code *See also re$o"e a certificate+)

Su!pen!e file A computer file u!ed to maintain information *i)e), on tran!action!, pa%ment!, or ot#er e$ent!+ until t#e proper di!po!ition of t#at information can be determined)

nce t#e proper di!po!ition of t#e item i! determined, it !#ould be remo$ed from

t#e !u!pen!e file and proce!!ed in accordance &it# t#e proper procedure! for t#at particular tran!action) T&o e'ample! of item! t#at ma% be included in a !u!pen!efile are receipt of a pa%ment from a !ource t#at i! not readil% identified or data t#at

do not %et #a$e an identified matc# durin( mi(ration to a ne& application)

Sufficient audit e$idence

Audit e$idence i! !ufficient if it i! ade1uate, con$incin( and &ould lead anot#er IS

auditor to form t#e !ame conclu!ion!)

Sur(e !uppre!!or 6ilter! ort electrical !ur(e! and !pi"e!

S>I6T 6ounded in Bru!!el! in5:7;, t#e !ociet% for t#e &orld&ide interban" 6inancial

Telecommunication *S>I6T+ i! a cooperati$e or(ani.ation dedicated to t#e

promotion and de$elopment of !tandardi.ed (lobal interacti$it% for financialtran!action!) S>I6T! ori(inal mandate &a! to e!tabli!# a (lobal communication!

lin" for data proce!!in( and a common lan(ua(e for international financial

tran!action!) T#e !ociet% operate! a me!!a(in( !er$ice for financial me!!a(e!, !uc#

a! letter! of credit, pa%ment!, and !ecuritie! tran!action!, bet&een member ban"!&orld&ide) S>I6T! e!!ential function i! to deli$er t#e!e me!!a(e! 1uic"l% and

!ecurel%Obot# of &#ic# are prime con!ideration! for financial matter!) Member

or(ani.ation! create formatted me!!a(e! t#at are t#em for&arded to S>I6T for deli$er% to t#e recipient member or(ani.ation) S>I6T operate! out of it! Bru!!el!

#ead1uarter! and proce!!e! data at center! in Bel(ium and t#e united !tate!

S&itc#e! T%picall% a!!ociated a! a data lin" la%er de$ice, !&itc#e! enable A net&or"

!e(ment! to be created and interconnected, &#ic# al!o #a$e t#e added benefit of

reducin( colli!ion domain! in Et#ernet3ba!ed net&or"!)

S%mmetric "e%

encr%ption

T&o tradin( partner! bot# !#are one or more !ecret!, o one el!e can read t#eir

me!!a(e!) A different "e% *or !et of "e%!+ i! needed for eac# pair of tradin(

partner!) Same "e% i! u!ed for encr%ption and decr%ption) *Al!o !ee ri$ate "e%Cr%pto!%!tem!+)

SU *!%nc#roni.e+ A fla( !et in t#e initial !etup pac"et! to indicate t#at t#e communicatin( partie! are!%nc#roni.in( t#e !e1uence number! u!ed for t#e data tran!mi!!ion

S%nc#ronou!tran!mi!!ion

Bloc"3at3a3time data tran!mi!!ion)

S%!tem Admini!trator T#e per!on at a computer in!tallation &#o de!i(n!, control!, and mana(e! t#e u!e

G5




of t#e computer !%!tem)

S%!tem e'it Special !%!tem !oft&are feature! and utilitie! t#at allo& t#e u!er to perform

comple' !%!tem maintenance) ?!e of t#e!e e'it! often permit! t#e u!er to operate

out!ide of t#e !ecurit% acce!! control !%!tem)

S%!tem flo&c#art! S%!tem flo&c#art! are (rap#ical repre!entation! of t#e !e1uence of operation! in

an information !%!tem or pro(ram) Information !%!tem flo&c#art! !#o& #o& datafrom !ource document! flo& t#rou(# t#e computer to final di!tribution to u!er!)

S%mbol! u!ed !#ould be t#e internationall% accepted !tandard) S%!tem flo&c#art!

!#ould be updated &#en nece!!ar%)

S%!tem narrati$e! S%!tem narrati$e! pro$ide an o$er$ie& e'planation of !%!tem flo&c#art!, &it#

e'planation of "e% control point! and !%!tem interface!)

S%!tem Securit% A !%!tem function t#at re!trict! t#e u!e of obect! to certain u!er!)

S%!tem !oft&are A collection of computer pro(ram! u!ed in t#e de!i(n, proce!!in( and control of

all application!) T#e pro(ram! and proce!!in( routine! t#at control t#e computer

#ard&are, includin( t#e operatin( !%!tem and utilit% pro(ram!)

Application3independent !oft&are t#at !upport! t#e runnin( of application!oft&are) It i! a !oft&are t#at i! part of or made a$ailable &it# a computer !%!tem

and t#at determine! #o& application pro(ram! are run- for e'ample, an operatin(

!%!tem)

S%!tem te!tin( A !erie! of te!t! de!i(ned to en!ure t#at t#e modified pro(ram interact! correctl%

&it# ot#er !%!tem component!) T#e!e te!t procedure! t%picall% are performed b%

t#e !%!tem maintenance !taff in t#eir de$elopment librar%)

S%!tem! ac1ui!ition

proce!!

T#e procedure! e!tabli!#ed to purc#a!e application !oft&are, or an up(rade,

includin( e$aluation lf t#e !upplier/! financial !tabilit%, trac" record, re!ource! andreference! from e'i!tin( cu!tomer!

S%!tem! anal%!i! T#e !%!tem! de$elopment p#a!e in &#ic# !%!tem! !pecification! and conceptual

de!i(n! are de$eloped, ba!ed on end u!er need! and re1uirement!S%!tem! de$elopment lifec%cle *SDC+

An approac# u!ed to plan, de!i(n, de$elop, te!t and implement an application!%!tem or a maor modification to an application !%!tem) T%pical p#a!e! include

t#e fea!ibilit% !tud%, re1uirement! !tud%, re1uirement! definition, detailed de!i(n,

pro(rammin(, te!tin(, in!tallation and po!t3implementation re$ie&)

Table loo"3up! ?!ed to en!ure t#at input data a(ree &it# predetermined criteria !tored in a table

TACACSV *terminal acce!! controller acce!! control !%!tem plu!+NN

An aut#entication protocol, often u!ed b% remote3acce!! !er$er!

Tape mana(ement!%!tem*TMS+ A !%!tem !oft&are tool t#at lo(!, monitor! and direct! computer tape u!a(e

Tap! >irin( de$ice! t#at ma% be in!erted into communication lin"! for ru!e &it#

anal%!i! probe!, A anal%.er! and intru!ion detection !ecurit% !%!tem!

TC *tran!mi!!ion

control protocol+

A connection3ba!ed internet protocol t#at !upport! reliable data tran!fer

connection!) ac"et data i! $erified u!in( c#ec"!um! and retran!mitted if it i!

mi!!in( or corrupted) T#e application pla%! no part in $alidatin( t#e tran!fer)

TC9I protocol *Tran!mi!!ion Control protocol9internet protocol+ a !et of communication!

protocol! t#at encompa!!e! media acce!!) ac"et tran!port, !e!!ioncommunication!, file tran!fer, electronic mail) Terminal emulation, remote file

G2




acce!! and net&or" mana(ement, TC9I pro$ide! t#e ba!i! for t#e internet)

Te!t Certificate A Di(ital Si(nature Certificate i!!ued b% a Certif%in( Aut#orit% for t#e limited

purpo!e of internal tec#nical te!tin() Te!t certificate! ma% be u!ed b% aut#ori.ed per!on! onl%)

Top dump A net&or" monitorin( and data ac1ui!ition tool t#at perform! filter tran!lation, pac"et ac1ui!ition and pac"et di!pla%

Tec#nical infra!tructure Refer! to t#e !ecurit% of t#e infra!tructure t#at !upport! t#e ER net&or"in( andtelecommunication!, operatin( !%!tem! and databa!e!)

Telecommunication! Electronic communication! b% !pecial de$ice! o$er di!tance! or around de$ice!

t#at preclude detect interper!onal e'c#an(e

Teleproce!!in( ?!in( telecommunication! facilitie! for #andlin( and proce!!in( of computeri.ed

information

Telnet ?!ed to enable remote acce!! to a !er$er computer) Command! t%ped are run on

t#e remote !er$er)

Terminal A de$ice for !endin( and recei$in( computeri.ed data o$er tran!mi!!ion line!

Term! of reference A document t#at confirm! t#e client/! and t#e IS auditor/! acceptance of a re$ie&

a!!i(nmentTe!t data Simulated tran!action! t#at can be u!ed to te!t proce!!in( lo(ic, computation! and

control! actuall% pro(rammed in computer application!) Indi$idual pro(ram! or anentire !%!tem can be te!ted) T#i! tec#ni1ue include! inte(rated Te!t 6acilitie!

*IT6!+and Ba!e Ca!e S%!tem E$aluation! *BCSE!+

T#rou(#put T#e 1uantit% of u!eful &or" made b% t#e !%!tem per unit of time) T#rou(#put can

be mea!ured in in!truction! per !econd or !ome ot#er unit of performance) >#en

referrin( to a data tran!fer operation, t#rou(#out mea!ure! t#e u!eful data tran!fer rate and i! e'pre!!ed in "bp!, Mbp! and bp!)

Te!t (enerator! Soft&are u!ed to create data to be u!ed in t#e te!tin( of computer pro(ram!

Te!t pro(ram! ro(ram! t#at are te!ted and e$aluated before appro$al into t#e productionen$ironment) Te!t pro(ram!, t#rou(# a !erie! of c#an(e control mo$e!, mi(rate

from t#e te!t en$ironment to t#e production en$ironment and become production pro(ram!)

T#ird3part% re$ie& An independent audit of t#e control !tructure of a !er$ice or(ani.ation, !uc# a! a

!er$ice bureau, &it# t#e obecti$e of pro$idin( a!!urance! to t#e u!er! of t#e!er$ice or(ani.ation t#at t#e internal control !tructure i! ade1uate, effecti$e and

!ound

T#reat An% !ituation or e$ent t#at #a! t#e potential to #arm a !%!tem)

A circum!tance or e$ent &it# t#e potential to cau!e #arm to a !%!tem, includin( t#ede!truction, unaut#ori.ed di!clo!ure, or modification of data and9or denial of

!er$ice)

Time3ut A !ecurit% feature t#at lo(! off a u!er if an% entr% i! not made at t#e terminal

&it#in a !pecified period of time)

Time Stamp A notation t#at indicate! *at lea!t+ t#e correct date and time of an action, and

identit% of t#e per!on or de$ice t#at !ent or recei$ed t#e time !tamp)

To"en A de$ice t#at i! u!ed to aut#enticate a u!er, t%picall% in addition to a u!ername and

pa!!&ord) It i! u!uall% a credit card !i.ed de$ice t#at di!pla%! a p!eudo random

number t#at c#an(e! e$er% fe& minute!)

G;




A #ard&are !ecurit% to"en containin( a u!er/! pri$ate "e%*!+, public "e%certificate, and, optionall%, a cac#e of ot#er certificate!, includin( all certificate! in

t#e u!er/! certification c#ain)

To"en rin( topolo(% A t%pe of A rin( topolo(% in &#ic# a frame containin( a !pecific format, called

t#e to"en, i! pa!!ed from one !tation to t#e ne't around t#e rin() >#en a !tation

recei$e! t#e to"en, it i! allo&ed to tran!mit) T#e !tation can !end a! man% frame!a! de!ired until a predefined time limit i! reac#ed) >#en a !tation eit#er #a! nomore frame! to !end or reac#e! t#e time limit, it tran!mit! t#e to"en) To"en pa!!in(

pre$ent! data colli!ion! t#at can occur &#en t&o computer! be(in tran!mittin( at

t#e !ame time)

Top3 le$el mana(ement T#e #i(#e!t le$el of mana(ement in t#e or(ani.ation, re!pon!ible for direction and

control of t#e or(ani.ation a! a &#ole *!uc# a! director, (eneral mana(er, partner,c#ief officer and e'ecuti$e mana(er+

Topolo(% T#e p#%!ical la%out of #o& computer! are lin"ed to(et#er) E'ample! include rin(,!tar and bu!)

Tran!action Bu!ine!! e$ent! or information (rouped to(et#er becau!e t#e% #a$e a !in(le or

!imilar purpo!e) T%picall%, a tran!action i! applied to a calculation or e$ent t#att#en re!ult! in t#e updatin( of a #oldin( or ma!ter file)

A computer3ba!ed tran!fer of bu!ine!! information, &#ic# con!i!t! of !pecific

proce!!e! to facilitate communication o$er (lobal net&or"!)

Tran!action lo( A manual or automated lo( of all update! to data file! and databa!e!

Tran!action Bu!ine!! e$ent! or information (rouped to(et#er becau!e t#e% #a$e a !in(le or

!imilar purpo!e) T%picall%, a tran!action i! applied to a calculation or e$ent t#att#en re!ult! in t#e updatin( of a #oldin( or ma!ter file)

Tran!mi!!ion Controlrotocol9Internetrotocol*TC9I+

A!!et of communication! protocol! t#at encompa!!e! media acce!!, pac"ettran!port, !e!!ion communication!, file tran!fer, electronic mail, terminalemulation, remote file acce!! and net&or" mana(ement) TC9I pro$ide! t#e ba!i!

for t#e Internet)

Trap door

?naut#ori.ed electronic e'it!, or door&a%!, out of an aut#ori.ed computer

pro(ram into a !et of maliciou! in!truction! or pro(ram!

Troan #or!e urpo!efull% #idden maliciou! or dama(in( code &it#in an aut#ori.ed computer

pro(ram) ?nli"e $iru!e!, t#e% do not replicate t#em!el$e!, but t#e% can be u!t a!de!tructi$e to a !in(le computer)

Tru!t enerall%, t#e a!!umption t#at an entit% &ill be#a$e !ub!tantiall% a! e'pected)

Tru!t ma% appl% onl% for a !pecific function) T#e "e% role of t#i! term in anaut#entication frame&or" i! to de!cribe t#e relation !#ip bet&een an aut#enticatin(

entit% and a certificate aut#orit% *CA+) An aut#enticatin( entit% mu!t be certain

t#at it can tru!t t#e CA to create onl% $alid and reliable certificate!, and u!er! of t#o!e Di(ital Si(nature Certificate! rel% upon t#e aut#enticatin( entit%/!

determination of tru!t)

Tru!ted o!ition A role t#at include! acce!! to or control o$er cr%pto(rap#ic operation! t#at ma%

G




materiall% affect t#e i!!uance, u!e, !u!pen!ion, or re$ocation of Di(ital Si(nature

Certificate!, includin( operation! t#at re!trict acce!! to a repo!itor%)

Tru!ted proce!!e! roce!!e! certified a! !upportin( a !ecurit% (oal)

Tru!ted T#ird art% In (eneral, an independent, unbia!ed t#ird part% t#at contribute! to t#e ultimate

!ecurit% and tru!t&ort#ine!! of computer3ba!ed information tran!fer!) A tru!tedt#ird part% doe! not connote t#e e'i!tence of a tru!tor3tru!tee or ot#er fiduciar%

relation!#ip *Cf, tru!t+)Tru!ted !%!tem! S%!tem! t#at emplo% !ufficient #ard&are and !oft&are a!!urance mea!ure! to

allo& t#eir u!e for proce!!in( of a ran(e of !en!iti$e or cla!!ified information)

Tru!t&ort#% S%!tem Computer #ard&are, !oft&are, and procedure! t#at are rea!onabl% !ecure fromintru!ion and mi!u!e- pro$ide a rea!onable le$el of a$ailabilit%, reliabilit%, and

correct operation- are rea!onabl% !uited to performin( t#eir intended function!-

and enforce t#e applicable !ecurit% polic%) A tru!t&ort#% !%!tem i! not nece!!aril%a tru!ted !%!tem8 a! reco(ni.ed in cla!!ified (o$ernment nomenclature)

Tunnelin( A met#od b% &#ic# one net&or" protocol encap!ulate! anot#er protocol &it#in

it!elf) It i! common u!ed to brid(e bet&een incompatible #o!t!9router! or to pro$ide encr%ption) >#en protocol A encap!ulate! protocol B, t#in a protocol a

#eader and optional tunnelin( #eader! are appended to t#e ori(inal protocol B pac"et, protocol A t#en become! t#e data lin" la%er of protocol B) e'ample! of tunnelin( protocol! include ISec, point3to3point protocol $er Et#ernet *oE+,

and a%er 2 Tunnelin( protocol *2T+)

Tuple A tuple i! a ro& in a databa!e table)

T&i!ted pair! A pair of !mall, in!ulated &ire! t#at are t&i!ted around eac# ot#er to minimi.e

interference from ot#er &ire! in t#e cable) T#i! i! a lo&3capacit% tran!mi!!ion

medium)

T&i!ted pair!

A pair of !mall, in!ulated &ire! t#at are t&i!ted around eac# ot#er to minimi.e

interference from ot#er &ire! in t#e cable) T#i! i! a lo&3capacit% tran!mi!!ionmedium)

T%pe *of Certificate+ T#e definin( propertie! of a Di(ital Si(nature Certificate, &#ic# limit it! intended purpo!e to a cla!! of application! uni1uel%, a!!ociated &it# t#at t%pe)

?D *?!er Data(ram protocol+

A connectionle!! internet protocol t#at i! de!i(ned for net&or" efficienc% and!peed at t#e e'pen!e of reliabilit%) A data re1ue!t b% t#e client i! !er$ed b% !endin(

pac"et! &it#out te!tin( to $erif% if t#e% actuall% arri$e at t#e de!tination, not if

t#e% &ere corrupted in tran!it) It i! up to t#e application to determine t#e!e factor!and re1ue!t retran!mi!!ion!)

?nicode A !tandard for repre!entin( c#aracter! a! inte(er!) It u!e! 5G bit!, &#ic# mean! t#at

it can repre!ent more t#an GF,000 uni1ue c#aracter!, a! i! nece!!ar% for lan(ua(e!!uc# a! C#ine!e and @apane!e)

?niform Re!ource

ocator *?R+

A !tandardi.ed de$ice for identif%in( and locatin( certain record! and ot#er

re!ource! located on t#e >orld >ide >eb)

?ninterruptible po&er !uppl% *?S+

ro$ide! !#ort3term bac"up po&er from batterie! for a computer !%!tem &#en t#eelectrical po&er fail! or drop! to an unacceptable $olta(e le$el

?nit te!tin( A te!tin( tec#ni1ue t#at i! u!ed to te!t pro(ram lo(ic &it#in a particular

pro(rammer module) T#e purpo!e of t#e te!t

GF




?ni$er!al Serial B?S

*?SB+

An e'ternal bu! !tandard t#at pro$ide! capabilitie! to tran!fer data at a rate of 52

Mbp!) A ?SB port can connect up to 527 perip#eral de$ice!)

?!er An aut#ori.ed entit% t#at u!e! a certificate a! applicant, !ub!criber, recipient or

rel%in( part%, but not includin( t#e Certif%in( Aut#orit% i!!uin( t#e Di(ital

Si(nature Certificate *See also certificate applicant- entit%- per!on- !ub!criber+)

?!er a&arene!! T#e trainin( proce!! in !ecurit%3!pecific i!!ue! to reduce !ecurit% problem!, !ince

u!er! are often t#e &ea"e!t lin" in t#e !ecurit% c#ain

?ni$er!al De!cription)Di!co$er% and inte(ration

*?DDI+A &eb3 ba!ed $er!ion of t#e traditional p#one boo"/! %ello& and &#ite pa(e!

enablin( bu!ine!!e! to be publicl% li!ted in promotin( (reater e3commerceacti$itie!)

?I A multi3u!er, multita!"in( operatin( !%!tem t#at i! u!ed &idel% a! t#e ma!ter control pro(ram in &or"!tation! and e!peciall% !er$er!

?ntru!t&ort#% #o!t To t#e ba!ic border fire&all, add a #o!t t#at re!ide! on an entru!ted net&or" &#eret#e fire&all cannot protect it) T#at #o!t i! minimall% confi(ured and carefull%

mana(ed to be a! !ecure a& po!!ible) T#e fire&all i! confi(ured to re1uire

incomin( and out(oin( traffic to (o t#rou(# t#e untru!t&ort#% #o!t) T#e #o!t i!

referred to a! untru!t&ort#% becau!e it cannot be protected b% t#e fire&all-

t#erefore, #o!t! on t#e tru!ted net&or"! can place onl% limited tru!t init)?ploadin( T#e proce!! of electronicall% !endin( computeri.ed information from one

computer to anot#er computer) Mo!t often, t#e tran!fer i! from a !maller computer

to a lar(er one)

?!eful audit e$idence Audit e$idence i! u!eful if it a!!i!t! t#e IS auditor! in meetin( t#eir audit

obecti$e!)

?tilit% pro(ram! Speciali.ed !%!tem !oft&are u!ed to perform particular computeri.ed function!

and routine! t#at are fre1uentl% re1uired durin( normal proce!!in() E'ample!

include !ortin(, bac"in( up and era!in( data)

?tilit% !oft&are Computer pro(ram! pro$ided b% a computer #ard&are manufacturer or !oft&are

$endor and u!ed in runnin( t#e !%!tem) T#i! tec#ni1ue can be u!ed to e'amine

proce!!in( acti$itie!- to te!t pro(ram!, !%!tem acti$itie! and operational procedure!- to e$aluate data file acti$it%- and, to anal%.e ob accountin( data)

?tilit% !cript A !e1uence of command! input into a !in(le file to automate a repetiti$e and!pecific ta!") T#e utilit% !cript i! t#en e'ecuted, eit#er automaticall% or manuall%,

to perform t#e ta!") In ?I, t#e!e are "no&n a! a !#ell !cript!)

Jaccine A pro(ram de!i(ned to detect computer $iru!e!

Jalid Certificate A Di(ital Si(nature Certificate i!!ued b% a Certif%in( Aut#orit% and accepted b%

t#e !ub!criber li!ted in it)Jalidate a Certificate

*i)e) of an end3u!er !ub!criber certificate+

T#e proce!! performed b% a recipient or rel%in( part% to confirm t#at an end3u!er

!ub!criber Di(ital Si(nature Certificate i! $alid and &a! operational at t#e date andtime a pertinent di(ital !i(nature &a! created)

Jalidation *of certificateapplication+

T#e proce!! performed b% t#e Certif%in( Aut#orit% or it! a(ent follo&in(!ubmi!!ion of a Di(ital Si(nature Certificate application a! a prere1ui!ite to

appro$al of t#e application and t#e i!!uance of a Di(ital Si(nature Certificate) See

also aut#entication- !oft&are $alidation)

GG




Jalidit% c#ec" ro(rammed c#ec"in( of data $alidit% in accordance &it# predetermined criteria

Jalue3added net&or"

*JA+

A data communication net&or" t#at add! proce!!in( !er$ice! !uc# a! error

correction, data tran!lation and9or !tora(e to t#e ba!ic function of tran!portin( data

Jariable !amplin( A !amplin( tec#ni1ue u!ed to e!timate t#e a$era(e or total $alue of a population

ba!ed on a !ample- a !tati!tical model u!ed to proect a 1uantitati$e c#aracteri!tic,!uc# a! a monetar% amount

Jerification C#ec"! t#at data are entered correctl%)

Jerif% *a di(ital

!i(nature+

In relation to a di(ital !i(nature, electronic record or public "e%, &it# it!

(rammatical $ariation! and co(nate e'pre!!ion! mean! to determine &#et#er O

*a+ t#e initial electronic record &a! affi'ed &it# t#e di(ital !i(nature b% t#e u!e of

pri$ate "e% corre!pondin( to t#e public "e% of t#e !ub!criber-*b+ t#e initial electronic record i! retained intact or #a! been altered !ince !uc#

electronic record &a! !o affi'ed &it# t#e di(ital !i(nature)

Jirtual or(ani.ation! r(ani.ation! t#at na$e no official p#%!ical !ite pre!ence and are made up of

di$er!e (eo(rap#icall% di!per!ed or mobile emplo%ee!)

Jirtual pri$ate net&or"

*J+

A pri$ate net&or" t#at i! confi(ured &it#in a public net&or") 6or %ear!, common

carrier! #a$e built J! t#at appear a! pri$ate national or international net&or"!to t#e cu!tomer, but p#%!icall% !#are bac"bone trun"! &it# ot#er cu!tomer!) J!eno% t#e !ecurit% of a pri$ate net&or" $ia acce!! control and encr%ption, &#ile

ta"in( ad$anta(e of t#e economie! of !cale and built3in mana(ement facilitie! of

lar(e public net&or"!)

Jiru! A de!tructi$e computer pro(ram t#at !pread! from computer to computer to

computer u!in( a ran(e of met#od!, includin( infectin( flopp% di!"! and ot#er

pro(ram!) Jiru!e! t%picall% attac# t#em!el$e! it a pro(ram and modif% it !o t#att#e $iru! code run! &#en t#e pro(ram i! fir!t !tarted) T#e infected pro(ram

t%picall% run! normall%, but t#e $iru! code t#in infect! ot#er pro(ram! &#ene$er it

can) *Al!o !ee &orm)+

Mean! an% computer in!truction, information, data or pro(ramme t#at de!tro%!,dama(e!, de(rade! or ad$er!el% affect! t#e performance of a computer re!ource or

attac#e! it!elf to anot#er computer re!ource and operate! &#en a pro(ramme, data

or in!truction i! e'ecuted or !ome ot#er e$ent ta"e! place in t#at computer

re!ource)

Joice mail A !%!tem of !torin( me!!a(e! in a pri$ate recordin( medium &#ere t#e called partcan later retrie$e t#e me!!a(e!

Joice3 o$er Internet protocol *JoI+

Al!o called I Telep#on%, Internet telep#on% and Broadband p#one, t#i! i! atec#nolo(% t#at ma"e! it po!!ible to #a$e a $oice con$er!ation o$er t#e Internet or

o$er an% dedicated Inter net protocol *I+ net&or" in!tead of dedicated $oice

tran!mi!!ion line!)

Julnerabilitie! >ea"ne!!e! in !%!tem! t#at can be e'ploited in &a%! t#at $iolate !ecurit% polic%)

Julnerabilit% i! a &ea"ne!! t#at could be e'ploited to cau!e dama(e to t#e !%!temor t#e a!!et! it contain!)

Julnerabilit% anal%!i! Anal%!i! of t#e !ecurit% !tate of a !%!tem or it! compromi!e on t#e ba!i! of information collected at inter$al!

G7




>A !&itc# A data lin" la%er de$ice u!ed for implementin( $ariou! >A tec#nolo(ie! !uc# a!

a!%nc#ronou! tran!fer mode, point3to3point frame rela% !olution!, and ISD)T#e!e de$ice! are t%picall% a!!ociated &it# carrier net&or"! pro$idin( dedicated

>A !&itc#in( and router !er$ice! to or(ani.ation! $ia T35or T3;connection!)>ar dialler Soft&are pac"a(e! t#at !e1uentiall% dial telep#one number!, recordin( an%

number! t#at an!&er

>arm3!ite A &arm3!ite i! !imilar to a #ot3!ite- #o&e$er, it i! not full% e1uipped &it# allnece!!ar% #ard&are needed for reco$er%)

>aterfall de$elopment Al!o "no&n a! traditional de$elopment) It i! a $er% procedure3focu!edde$elopment c%cle &it# formal !i(n3off at t#e completion of eac# le$el

>eb Bro&!er A !oft&are application u!ed to locate and di!pla% &eb pa(e!)

>eb pa(e A $ie&able !creen di!pla%in( information, pre!ented t#rou(# a &eb bro&!er in a!in(le $ie& !ometime! re1uirin( t#e u!er to !croll to re$ie& t#e entire pa(e) A

band &eb pa(e ma% di!pla% t#e ban"/! lo(o, pro$ide information about ban"

product! to !croll to re$ie& t#e centre pa(e) A ban" &eb pa(e ma% di!pla% t#e

ban"/! lo(o, pro$ide information about ban" product! and !er$ice!, or allo& acu!tomer to interact &it# T#eban or t#ird partie! t#at #a$e contracted &it# t#e

ban")

>eb Ser$ice! De!cription

an(ua(e *>SD+

An MN formatted lan(ua(e u!ed to de!cribe a &eb !er$ice/! capabilitie! a!

collection! of communication endpoint! capable of e'c#an(in( me!!a(e!) >SD

i! t#e lan(ua(e t#at ?DDl u!e!)*Al!o !ee ?ni$er!al De!cription, Di!co$er% andinte(ration *?DDI+

>eb !ite Con!i!t! of one or more &eb pa(e! t#at ma% ori(inate at one or more &eb !er$er computer!) A per!on can $ie& t#e pa(e! of a &eb!ite eon an% order, a! #e or !#e&ould a ma(a.ine)

>#ite bo' te!tin( A te!tin( approac# t#at u!e! "no&led(e of a pro(ram9module/! underl%in(implementation and code inter$al! to $erif% it! e'pected be#a$ior)

>ide area net&or" *>A+

A computer net&or" connectin( different remote location! t#at ma% ran(e from!#ort di!tance!, !uc# a! a floor or buildin(, to e'tremel% lon( tran!mi!!ion! t#at

encompa!! a lar(e re(ion or !e$eral countrie!

>indo&! T A $er!ion of t#e &indo&! operatin( !%!tem t#at !upport! preempti$e multita!"in(

>i36i protected acce!!

*>A+

A cla!! of !%!tem! u!ed to !ecure &irele!! *>i36i+ computer net&or"!) It &a!

created in re!pon!e to !e$eral !eriou! &ea"ne!!e! re!earc#er! found in t#e pre$iou! !%!tem, &ired E1ui$alent pri$ac% *>E+)>A implement! t#e maorit%

of t#e EDDD 02)5 5 I !tandard, and &a! intended a! an intermediate mea!ure to

ta"e t#e place of >C &#ile 02) 5 5 i &a! prepared) >A i! de!i(ned to &or"

&it# all &irele!! net&or" interface card!, but not nece!!aril% &it# fir!t (eneration&irele!! acce!! point!) >A2 implement! t#e full !tandard, but &ill not &or" &it#

!ome older net&or" card!) Bot# pro$ide (ood !ecurit% &it# t&o !i(nificant i!!ue!)

6ir!t, eit#er >A or >A2 mu!t be enabled and c#o!en in reference to >E->E i! u!uall% pre!ented a! t#e fir!t !ecurit% c#oice in mo!t in!tallation

in!truction!) Second, in t#e Wper!onal8 mode, t#e mo!t li"el% c#oice for #ome! and

G




!mall office!, a pa!! p#ra!e i! re1uired t#at, for full !ecurit%, mu!t be lon(er t#an

t#e t%pical Gto c#aracter pa!!&ord! u!er! are tau(#t to emplo%)

>ired E1ui$alent pri$ac%

*>E+

A !c#eme t#at i! part of t#e EDDD 02)55 &irele!! ET>R4S *AS

4> AS >E net&or"!+) Becau!e a &irele!! net&or" broadca!t! me!!a(e!

u!in( radio, it i! particularl% !u!ceptible to ea$e!droppin() >E &a! intended to pro$ide comparable confidentialit% to a traditional &ired net&or" *in particular it

doe! not protect u!er! of t#e net&or" from eac# ot#er+) Hence t#e name) Se$eral

!eriou! &ea"ne!!e! &ere identified b% cr%ptanal%!t!, and >E &a! !uper!eded b%>ife protected Acce!! *>A+ in 200;, and t#en b% t#e full IEEE 02) 5 5 I!tandard *al!o "no&n a! >A2+ in200) De!pite t#e &ea"ne!!e!, >E pro$ide! a

le$el of !ecurit% t#at can deter ca!ual !noopin()

>iretappin( T#e practice of ea$e!droppin( on information bein( tran!mitted o$er

telecommunication! lin"!

>orld &ide &eb *>>>+ A !ub3net&or" of t#e internet t#rou(# &#ic# information i! e'c#an(ed b% te't,

(rap#ic!, audio and $ideo)

A #%perte't3ba!ed, di!tributed information !%!tem in &#ic# u!er! ma% create, edit,

or bro&!e #%perte't document!) A (rap#ical document publi!#in( and retrie$almedium- a collection of lin"ed document! t#at re!ide on t#e Internet)

>orld >ide >eb

Con!ortium *>;C+

An international con!ortium founded in 5:: of affiliate! from public and pri$ate

or(ani.ation! in$ol$ed &it# t#e internet and t#e &eb) T#e >;c/! primar% mi!!ioni! to promul(ate open !tandard! to furt#er en#ance t#e economic (ro&t# of

internet &eb !er$ice! (loball%)

>orm >it# re!pect to !ecurit%, a !pecial t%pe of $iru! t#at doe! not attac# it!elf to

pro(ram!, but rat#er !pread! $ia ot#er met#od! !uc# a! e3mail *al!o !ee $iru!+)

>ritin( Information in a record t#at i! acce!!ible and u!able for !ub!e1uent reference)

)2F A protocol for pac"et3!&itc#in( net&or"!

)2F interface An interface bet&een data terminal e1uipment *DTE+ and data circuit3terminatin(

e1uipment *DCE+for terminal! operatin( in t#e pac"et mode on !ome public datanet&or"!

)F00 Standard t#at define! #o& (lobal directorie! !#ould be !tructured) )F00directorie! are #ierarc#ical &it# different le$el! for eac# cate(or% of information,

!uc# a! countr%, !tate and cit%)F0: T#e IT? T *International Telecommunication! ?nion T+ !tandard for Di(ital

Cisa Glossary Combined

Documents

Transcript of Cisa Glossary Combined