Cisa Glossary Combined
-
Upload
amanthegreat -
Category
Documents
-
view
221 -
download
0
Transcript of Cisa Glossary Combined
8/11/2019 Cisa Glossary Combined
http://slidepdf.com/reader/full/cisa-glossary-combined 1/69
CISA DECEMBER, 2007 BATCH
Glossary of Terms
Note : It is mandatory that you understand each and every term given below before you attempt your
CISA Eamination on !th "ecember# $%%&' (e epect concepts clarity on your part' (e advise you to
understand the concepts better rather epecting )uestions from the *anual or +uestion ,an-'
Definition
Abend An abnormal end to a computer ob termination of a ta!" prior to it! completion
becau!e of an error condition t#at cannot be re!ol$ed b% reco$er% facilitie! &#ile
t#e ta!" i! e'ecutin()
Accept *a di(ital
!i(nature certificate+
To demon!trate appro$al of a Di(ital Si(nature Certificate b% a Di(ital Si(nature
Certificate applicant &#ile "no&in( or #a$in( notice of it! informational content!)
Acce!! ainin( entr% into, in!tructin( or communicatin( &it# t#e lo(ical, arit#metical, or
memor% function re!ource! of a computer, computer !%!tem or computer net&or"-
Acce!! control T#e proce!! t#at limit! and control acce!! to re!ource of a compan% !%!tem a
lo(ical or p#%!ical control de!i(ned to protect a(ain!t unaut#ori.ed entr% or u!e)Acce!! control can be defined b% t#e !%!tem *mandator% acce!! control, or MAC+
or defined b% t#e u!er &#o o&n/! t#e obect *di!cretionar% acce!! control, or DAC+)
T#e proce!! of limitin( acce!! to t#e re!ource! of a computer !%!tem onl% to
aut#ori.ed u!er!, pro(ram! or ot#er computer !%!tem!)
Acce!! control
li!t*AC+
Al!o referred to a! acce!! control table!, t#i! i! an internal computeri.ed table of
acce!! rule! re(ardin( t#e le$el! of computer acce!!)
Acce!! control Table An internal computeri.ed table of acce!! rule! re(ardin( t#e le$el! of computer
acce!! permitted to lo(on ID/! and computer terminal!)
Acce!! met#od T#e tec#ni1ue u!ed for !electin( record! in file, one at time, for proce!!in(,
retrie$al or !tora(e) T#e acce!! met#od i! related to, but di!tinct from, t#e fileor(ani.ation, &#ic# determine! #o& t#e record! or !tored)
Acce!! pat# T#e lo(ical route an end u!er ta"e! to acce!! computeri.ed information) T%picall%,
it include! a route t#rou(# t#e operatin( !%!tem, telecommunication !oft&are,!elected application !oft&are and t#e acce!! control !%!tem)
Acce!! ri(#t! Al!o called permi!!ion or pri$ile(e!, t#e!e are t#e ri(#t! (ranted to u!er! b% t#eadmini!trator or !uper$i!or) Acce!! ri(#t! determine t#e action u!er! can perform
*E), read, &rite, e'ecute, create and delete on file! in !#ared $olume! or file!
!#are! on t#e !er$er)
Acce!! !er$er ro$ide! centrali.ed acce!! control for mana(in( remote acce!! dial3up !er$ice!
Accountabilit% T#e abilit% to map a (i$en acti$it% or e$ent bac" to t#e re!pon!ible part%
Accreditation A formal declaration b% t#e Competent Aut#oritie! t#at a particular information
!%!tem, profe!!ional or ot#er emplo%ee or contractor, or or(ani.ation i! appro$ed to perform certain dutie! and to operate in a !pecific !ecurit% mode, u!in( a pre!cribed
!et of !afe(uard!
AC4*Ac"no&led(ement
+
A! fla( !et in a pac"et to indicate to t#e !ender t#at t#e pre$iou! pac"et !ent &a!
accepted correctl% b% t#e recei$er &it#out error!, or t#at t#e recei$er i! no& read%
to accept tran!mi!!ion
Acti$e reco$er%
!ite*mirrored+
Reco$er% !trate(% t#at in$ol$e! t&o acti$e !ite!) Eac# capable of ta"in( o$er t#e
ot#er/! &or"load in t#e e$ent of a di!a!ter) Eac# !ite &ill #a$e enou(# idle
proce!!in( po&er to re!tore data from t#e ot#er !ite and to accommodate t#e e'ce!!&or"load in t#e e$ent of a di!a!ter
5
8/11/2019 Cisa Glossary Combined
http://slidepdf.com/reader/full/cisa-glossary-combined 2/69
CISA DECEMBER, 2007 BATCH
Acti$e re!pon!e A re!pon!e, in &#ic# t#e !%!tem *automaticall% or in correct &it# t#e u!er bloc"! or
ot#er&i!e affect! t#e pro(re!! of a detected attac") T#e re!pon!e ta"e! one of t#ree
form!3amendin( t#e en$ironment) Collectin( more information or !tri"in( bac" a(ain!t t#e u!er
Addre!! T#e code u!ed to de!i(n t#e location of a !pecific piece of data &it#in computer !tora(e
Addre!! !pace T#e number of di!tinct location t#at ma% be referred to &it# t#e mac#ine addre!!)
6or mo!t binar% mac#ine, it i! e1ual to 2n) &#ere n i! t#e number of bit! in t#emac#ine addre!!
Addre!!ee A per!on &#o i! intended b% t#e ori(inator to recei$e t#e electronic record but doe!not include an% intermediar%
Addre!!in( T#e met#od u!ed to identif% t#e location of t#e participant in a net&or") Ideall%,addre!!in( !pecifie! &#ere t#e participant i! located rat#er t#an &#o t#ere
are*name+ or #o& to (et t#ere*routin(+
Adu!tin( period T#e calendar can contain real8 accountin( period! and9or adu!tin( account
period!) T#e real8 accountin( period! mu!t not o$erlap, and cannot #a$e an% (ap!
bet&een real8 accountin( period) Adu!tin( accountin( period! can o$erlap &it#
ot#er accountin( period!) 6or e'ample, a period called DEC3:; can be defined t#at
include! 053DEC35::; t#rou(# ;53DEC35::;) An adu!tin( period called DEC;53:; can al!o be defined t#at include! onl% one da%< ;53DEC35::;
Admini!trati$e control T#e action9control dealin( &it# operational effecti$ene!!, efficienc% and ad#erence
to re(ulation and mana(ement policie!
Ad&are An% !oft&are pac"a(e t#at automaticall% pla%! di!pla%! or do&nload! ad$erti!in(
material to a computer after t#e !oft&are i! in!talled on it or &#ile t#e application i!
bein( u!ed) In mo!t ca!e!, t#i! i! done &it#out an% notification to t#e u!er or u!er/!con!ent) T#e term ad&are ma% al!o refer to !oft&are t#at di!pla%! ad$erti!ement!,
&#et#er or not it doe! !o &it# t#e u!er/! con!ent< !uc# pro(ram di!pla%!
ad$erti!ement a! an alternati$e to !#are re(i!tration fee!) T#e!e are cla!!ified a!
ad&are8 in t#e !en!e of ad$erti!in( =!upported, but not a! !p% &are, Ad&are in
t#i! form doe! not operate !urreptitiou!l% or mi!lead t#e u!er, and pro$ide! t#e u!er &it# a !pecific !er$ice)
Affiliated Certificate A certificate i!!ued to an affiliated indi$idual *See also affiliated indi$idual+
Affirm 9 Affirmation To !tate or indicate b% conduct t#at data i! correct or information i! true
Affi'in( Di(italSi(nature
>it# it! (rammatical $ariation! and co(nate e'pre!!ion! mean! adoption of an%met#odolo(% or procedure b% a per!on for t#e purpo!e of aut#enticatin( an
electronic record b% mean! of di(ital !i(nature
Alia! A p!eudon%m
Alp#a T#e u!e of alp#abetic c#aracter or an alp#abetic c#aracter !trin(
Alternati$e routin( A !er$ice t#at allo&! t#e option of #a$in( an alternate route to complete a call &#en
t#e mar"ed de!tination i! not a$ailable) In !i(nalin(, alternate routin( i! t#e proce!!!ub!titute route! for a (i$en !i(nalin( traffic !tream in ca!e of failure*!+ affectin(
t#e normal !i(nalin( lin"! or route! of t#at traffic !tream)
Analo( A tran!mi!!ion !i(nal t#at $arie! continuou!l% in amplitude and time and i!
(enerated in &a$e formation) Analo( !i(nal! are u!ed in telecommunication)
American Standard
Code 6or Information
Interc#an(e
See ASCII)
2
8/11/2019 Cisa Glossary Combined
http://slidepdf.com/reader/full/cisa-glossary-combined 3/69
CISA DECEMBER, 2007 BATCH
Anomal% ?nu!ual or !tati!ticall% rare)
Anomal% detection Detection on t#e ba!i! of &#et#er t#e !%!tem acti$it% matc#ed t#at defined a!abnormal)
Anon%mit% T#e 1ualit% or !tate of not bein( named or identified)
Anon%mou! 6ile
Tran!fer rotocol*6T+
A met#od for do&nloadin( public file! u!in( file tran!fer protocol *6T+)
Anon%mou! 6T i! called anon%mou! becau!e u!er! do not need to identif%t#em!el$e! before acce!!in( file! from a particular !e$er) I n (eneral, u!er enter! t#e
&ord anon%mou! &#en t#e #o!t prompt! for a u!ername< an%t#in( can be for t#e pa!!&ord, !uc# a! t#e u!er/! e3mail addre!! or !impl% t#e &ord (ue!t) In man%
ca!e!, an anon%mou! 6T !ite &ill not e$en prompt u!er! for a name and pa!!&ord)
Anti$iru! !oft&are Application! t#at detect!, pre$ent and po!!ibl% remo$e all "no&n $iru!e! from file!
located in a micro computer)
Applet A pro(ram &ritten in a portable, platform independent computer lan(ua(e, !uc# a!
a$a, @a$aScript or $i!ual ba!ic) It #i! u!uall% embedded in an HTM pa(edo&nloaded from &eb !er$er and t#en e'ecuted b% a bro&!er on client mac#ine! to
run an% &eb3ba!ed application*e)(), (enerate &eb pa(e input form!, run
audio9$ideo pro(ram!, etc)+) Applet! can onl% perform a re!tricted !et of operation!,
t#u! pre$entin(, or at lea!t minimi.in(, t#e po!!ible !ecurit% compromi!e of t#e
#o!t computer!) Ho&e$er, applet! e'po!e t#e u!er/! mac#ine to ri!"!, if not properl% controlled b% t#e bro&!er, &#ic# !#ould not allo& an applet to acce!! a
mac#ine/! information, &it#out prior aut#ori.ation of t#e u!er)
Application A computer pro(ram or !et of pro(ram! t#at perform! t#e proce!!in( of record! for
a !pecific function)
Application ac1ui!ition An e$aluation of an application !%!tem bein( ac1uired or e$aluated) >#ic#
con!ider! !uc# matter! a!< appropriate control! are de!i(ned into t#e !%!tem< t#eapplication &ill proce!! information in a complete, accurate and reliable manner<
t#e application &ill function a! intended< t#e application &ill function in
compliance &it# an% applicable !tatutor% pro$i!ion!< t#e !%!tem i! re1uired in
compliance &it# t#e e!tabli!# !%!tem ac1ui!ition proce!!)
Refer to t#e tran!action and data relatin( to eac# computer3ba!ed application !%!temand are, t#erefore, !pecific to eac# !uc# application) T#e obecti$e! of applicationcontrol!, &#ic# ma% be manual or pro(rammed) Are to en!ure t#e completene!! and
accurac% of t#e record! and t#e $alidit% of t#e entrie! made t#erein, re!ultin( from
bot# manual and pro(rammed proce!!in() E'ample! of application control includedata input $alidation, a(reement of batc# total! and encr%ption of data tran!mitted)
Application
De$elopment Re$ie&
An e$aluation of an application !%!tem under de$elopment &#ic# con!ider! matter!
!uc# a!< appropriate control! are
Application la%er A la%er &it#in t#e International r(ani.ation for !tandardi.ation *IS+ pen!%!tem! Interconnection *SI+ model it i! u!ed in information tran!fer! bet&een
u!er! t#rou(# application pro(ram! and ot#er de$ice!) In t#i! la%er, $ariou! protocol! are needed) Some of t#em are !pecific to certain application!, and ot#er!
are more (eneral for net&or" !er$ice!)
Application
maintenance re$ie&
An e$aluation of an% part of a proect to perform maintenance on an application
!%!tem*e)()) proect mana(ement, te!t plan!) u!er acceptance te!tin( procedure!+
;
8/11/2019 Cisa Glossary Combined
http://slidepdf.com/reader/full/cisa-glossary-combined 4/69
CISA DECEMBER, 2007 BATCH
Application pro(ram A pro(ram t#at proce!!e! bu!ine!! data t#rou(# acti$itie! !uc# a! data entr%, update
or 1uer%) It contra!t! &it# !%!tem! pro(ram!) Suc# a! an operatin( !%!tem or
net&or" control pro(ram!, and &it# utilit% pro(ram!, !uc# a! cop% or !ort)
Application pro(rammin(
T#e act or function of de$elopin( and maintainin( application! pro(ram! in production
Application pro(rammin(
interface*AI+
A !et of routine!, protocol! and tool! referred to a! buildin( bloc"!8 u!ed in bu!ine!! application !oft&are de$elopment) A (ood AI ma"e! it ea!ier to de$elop a
pro(ram b% pro$idin( all t#e buildin( bloc"! related to functional c#aracteri!tic! of
an operatin( !%!tem t#at application! need to !pecif%, for e'ample, &#en interfacin(&it# t#e operatin( !%!tem *e)(), pro$ided b% MS &indo&!, different $er!ion! of
?I+) A pro(rammer &ould utili.e t#e!e AI! in de$elopin( application! t#at can
operate effecti$el% and efficientl% on t#e platform c#o!en)
Application pro'% A pro'% !er$ice t#at connect! pro(ram! runnin( on internal net&or"! to !er$ice! on
e'terior net&or"! b% creatin( t&o connection!, one from t#e re1ue!tin( client and
anot#er to t#e de!tination !er$ice
Application !ecurit% Refer! to t#e !ecurit% a!pect! !upported b% t#e ER, primaril% &it# re(ard to t#e
role! or re!pon!ibilitie! and audit trail! &it#in t#e application!
Application Soft&are A !oft&are t#at i! !pecific to t#e !olution of an application problem It i! t#e !oft&are
coded b% or for an end u!er t#at perform! a !er$ice or relate! to t#e u!er/! &or"
Application !oft&are
tracin( and mappin(
Speciali.ed tool! t#at can be u!ed to anal%.e t#e flo& of data, t#rou(# t#e
proce!!in( lo(ic of t#e application !oft&are, and document t#e lo(ic, pat#!, controlcondition! and proce!!in( !e1uence!) Bot# t#e command lan(ua(e or ob control
!tatement! and pro(rammin( lan(ua(e can be anal%.ed) T#i! tec#ni1ue include!
pro(ram9!%!tem mappin(, tracin(, !nap!#ot!, parallel !imulation! and codecompari!on!)
Application S%!tem An inte(rated !et of computer pro(ram! de!i(ned to !er$e a particular function t#at
#a! !pecific input, proce!!in( and output acti$itie! *e)(), (eneral led(er,manufacturin( re!ource plannin(, #uman re!ource mana(ement+)
A famil% of product! de!i(ned to offer !olution! for commercial data proce!!in(,office, and communication! en$ironment!, a! &ell a! to pro$ide !imple, con!i!tent
pro(rammer and end u!er interface! for bu!ine!!e! of all !i.e!)
Arc#i$e To !tore record! and a!!ociated ournal! for a (i$en period of time for !ecurit%,
bac"up, or auditin( purpo!e!)
Arit#metic lo(ic unit
*A?+
T#e area of t#e central proce!!in( unit t#at perform! mat#ematical and anal%tical
operation!
Artificial intelli(ence Ad$anced computer !%!tem! t#at can !imulate #uman capabilitie!, !uc# a! anal%!i!,
ba!ed on a predetermined !et of rule!
8/11/2019 Cisa Glossary Combined
http://slidepdf.com/reader/full/cisa-glossary-combined 5/69
CISA DECEMBER, 2007 BATCH
ASCII*American
Standard Code for
Information Interc#an(e
Repre!entin( 52c#aracter!m t#e ASCII code normall% u!e! 7 bit!) Ho&e$er, !ome
$ariation! of t#e ASCII code !et allo& 3 bit ASCII code allo&! 2FG c#aracter! to be
repre!ented)
AS9MS *applicationor mana(ed !er$ice pro$ider+
A t#ird part% t#at deli$er! and mana(e! application! and computer !er$ice!,includin( !ecurit% !er$ice! to multiple u!er! $ia t#e internet or a pri$ate net&or"
A!!embler A pro(ram t#at ta"e! a! input a pro(ram &ritten in a!!embl% lan(ua(e and tran!late!
it into mac#ine code or mac#ine lan(ua(e
A!!embl% lan(ua(e A lo&3le$el computer pro(rammin( lan(ua(e &#ic# u!e! !%mbolic code and produce! mac#ine in!truction!
A!!urance! Statement! or conduct intended to con$e% a (eneral intention, !upported b% a (ood3fait# effort, to pro$ide and maintain a !pecified !er$ice A!!urance!8 doe! not
nece!!aril% impl% a (uarantee t#at t#e !er$ice! &ill be performed full% and!ati!factoril% A!!urance! are di!tinct from in!urance, promi!e!, (uarantee!, and
&arrantie!, unle!! ot#er&i!e e'pre!!l% indicated
A!%mmetric Cr%pto
S%!tem
A !%!tem of a !ecure "e% pair con!i!tin( of a pri$ate "e% for creatin( a di(ital
!i(nature and a public "e% to $erif% t#e di(ital !i(nature
A!%mmetric "e%
*public "e%+
A cip#er tec#ni1ue in &#ic# different cr%pto(rap#ic "e%! are u!ed to encr%pt and
decr%pt a me!!a(e *!ee public "e% encr%ption+
A!%nc#ronou! Tran!fer
Mode *ATM+
ATM i! a #i(#3band&idt# lo&3dela% !&itc#in( and multiple'in( tec#nolo(%) It i! a
data lin" la%er protocol) T#i! man! t#at it i! a protocol3independent tran!port
mec#ani!m) ATM allo&! inte(ration of real3time $oice and $ideo a! &ell a! data)ATM allo&! $er% #i(# !peed data tran!fer rate! at up to 5FF Mbit9!)
A!%nc#ronou!tran!mi!!ion
C#aracter3at3a3time tran!mi!!ion
Atte!t reportin(
en(a(ement
An en(a(ement &#ere an IS auditor i! en(a(ed to eit#er e'amine mana(ement/!
a!!ertion re(ardin( particular a !ubect matter or t#e !ubect matter directl%) T#e IS
auditor/! report con!i!t! of an opinion on one of t#e follo&in(<T#e !ubect matter) T#e!e report! relate directl% to t#e !ubect matter it!elf rat#er
t#an an a!!ertion) In certain !ituation! mana(ement &ill not be able to ma"e ana!!ertion o$er t#e !ubect of t#e en(a(ement) An e'ample of t#i! !ituation i! &#en
IT !er$ice! are out3!ourced to t#ird part%) Mana(ement &ill not ordinaril% be able to
ma"e an a!!ertion o$er t#e control! t#at t#e t#ird =part% i! re!pon!ible for) Hence, anI! auditor &ould #a$e to report directl% on t#e !ubect matter rat#er t#an an a!!ertion
Mana(ement/! a!!ertion about t#e effecti$ene!! of t#e
F
8/11/2019 Cisa Glossary Combined
http://slidepdf.com/reader/full/cisa-glossary-combined 6/69
8/11/2019 Cisa Glossary Combined
http://slidepdf.com/reader/full/cisa-glossary-combined 7/69
CISA DECEMBER, 2007 BATCH
Audit ri!" T#e ri!" t#at information or financial report! ma% contain material error! or t#at t#e
IS auditor ma% not detect an error t#at #a! occurred- al!o u!ed to de!cribe t#e le$el
of ri!" t#at an auditor i! prepared to accept durin( an audit en(a(ement
Audit !amplin( T#e application of audit procedure! to le!! t#an 500 percent of t#e item! &it#in a
population to obtain audit e$idence about a particular c#aracteri!tic of t#e
population
Audit trail A $i!ible trail of e$idence enablin( one to trace information contained in !tatement!
or report! bac" to t#e ori(inal input !ource)
A c#ronolo(ical record of !%!tem acti$itie! pro$idin( documentar% e$idence of
proce!!in( t#at enable! mana(ement !taff to recon!truct, re$ie&, and e'amine t#e
!e1uence of !tate! and acti$itie! !urroundin( or leadin( to eac# e$ent in t#e pat# of a
tran!action from it! inception to output of final re!ult!)
Auditabilit% T#e le$el to &#ic# tran!action! can be traced and audited t#rou(# a !%!tem
Aut#enticated Record A !i(ned document &it# appropriate a!!urance! of aut#entication or a me!!a(e &it#a di(ital !i(nature $erified b% a rel%in( part% Ho&e$er, for !u!pen!ion and
re$ocation notification purpo!e!, t#e di(ital !i(nature contained in !uc# notification
me!!a(e mu!t #a$e been created b% t#e pri$ate "e% corre!pondin( to t#e public "e%contained in t#e Di(ital Si(nature Certificate)
Aut#entication T#e act of $erif%in( t#e identit% of a u!er and t#e u!er/! eli(ibilit% to acce!!computeri.ed information) Aut#entication i! de!i(ned to protect a(ain!t fraudulent
lo(on acti$it%) It can al!o refer to t#e $erification of t#e correctne!! of a piece of
data)
A proce!! u!ed to confirm t#e identit% of a per!on or to pro$e t#e inte(rit% of
!pecific information Me!!a(e aut#entication in$ol$e! determinin( it! !ource and$erif%in( t#at it #a! not been modified or replaced in tran!it) See al!o $erif% *adi(ital !i(nature+)
Aut#ori.ation T#e proce!! of determinin( &#at t%pe! of acti$itie! are permitted) rdinaril%,
aut#ori.ation i! in t#e conte't of aut#entication< once %ou #a$e aut#enticated a u!er,
#e9!#e ma% be aut#ori.ed to perform different t%pe! of acce!! or acti$it%)
T#e (rantin( of ri(#t!, includin( t#e abilit% to acce!! !pecific information or
re!ource!
Automated teller
mac#ine*ATM+
A 23#our, !tand3 alone miniban", located out!ide branc# ban" office! or in public
place! li"e !#oppin( mall!) T#rou(# ATM!, client! can ma"e depo!it!, &it#dra&al!,account in1uirie! and tran!fer!) T%picall%,
t#e ATM net&or" i! compri!ed of t&o !p#ere!< a proprietar% !p#ere, in &#ic# t#e
ban" mana(e! t#e tran!action! of it! client!, and t#e public or !#ared domain, in
&#ic# a client of one financial in!titution can u!e anot#er/! ATM!)
7
8/11/2019 Cisa Glossary Combined
http://slidepdf.com/reader/full/cisa-glossary-combined 8/69
CISA DECEMBER, 2007 BATCH
A$ailabilit% A$ailabilit% relate! to information bein( a$ailable &#en re1uired b% t#e bu!ine!!
proce!! no& and in t#e future) It al!o concern! t#e !afe(uardin( of nece!!ar%re!ource! and a!!ociated capabilitie!)
T#e e'tent to &#ic# information or proce!!e! are rea!onabl% acce!!ible and u!able,upon demand, b% an aut#ori.ed entit%, allo&in( aut#ori.ed acce!! to re!ource! and
timel% performance of time3critical operation!)
Bac"bone T#e main communication! c#annel of a di(ital net&or") T#e part of a net&or" t#at
#andle! t#e maor traffic) It emplo%! t#e #i(#e!t3!peed tran!mi!!ion pat#! in t#e
net&or" and ma% al!o run t#e lon(e!t di!tance!) Smaller net&or"! are attac#ed tot#e bac"bone, and net&or"! t#at directl% connect to t#e end u!er or cu!tomer are
caller acce!! net&or"!)8 A bac"bone can !pan a (eo(rap#ic area of an% !i.e from
a !in(le buildin( to an office comple' to an entire countr%) r, it can be a! !mall a!a bac"plane in a !in(le cabinet)
Bac"up 6ile!, e1uipment, data and procedure! a$ailable for u!e in t#e e$ent of a failure or lo!!, if t#e ori(inal! are de!tro%ed or out of !er$ice)
T#e proce!! of cop%in( critical information, data and !oft&are for t#e purpo!e of
reco$erin( e!!ential proce!!in( bac" to t#e time t#e bac"up &a! ta"en)
Bad(e A card or ot#er de$ice t#at i! pre!ented or di!pla%ed to obtain acce!! to an
ot#er&i!e re!tricted facilit%, a! a !%mbol of aut#orit% *e) () police+, or a! a !implemean! of identification) T#e% are al!o u!ed in ad$erti!in( and publicit%)
Band&idt# T#e ran(e bet&een t#e #i(#e!t and lo&e!t tran!mittable fre1uencie!) It e1uate! to
t#e tran!mi!!ion capacit% of an electronic line and i! e'pre!!ed in b%te! per !econdor Hert. *c%cle! per !econd+)
Bar ca!e A !tandardi.ed bod% of data created for te!tin( purpo!e!) ?!er! normall% e!tabli!#
t#e data) Ba!e ca!e $alidate! production application !%!tem! and te!t! t#e on(oin(accurate operation of t#e !%!tem)
Barcode A printed mac#ine3 readable code t#at con!i!t! of parallel bar! of $aried &idt# and
!pacin(
Ba!e ca!e A !tandardi.ed bod% of data created for te!tin( purpo!e!) ?!er! normall% e!tabli!#t#e data) Ba!e ca!e! $alidate production application !%!tem! and te!t t#e on(oin(
accurate operation of t#e !%!tem)
Ba!e band A form of modulation in &#ic# data !i(nal! are pul!ed directl% on t#e tran!mi!!ionmedium &it#out fre1uenc% di$i!ion and u!uall% utili.e a tran!cei$er) In ba!e band,
t#e entire band&idt# of t#e tran!mi!!ion medium *e)(), coa'ial cable+
Batc# control Correctne!! c#ec"! built into data proce!!in( !%!tem! and applied to batc#e! of
input data, particularl% in t#e data preparation !ta(e) T#ere are t&o main form! of batc# control!< !e1uence control, &#ic# in$ol$e! numberin( t#e record! in a batc#
8/11/2019 Cisa Glossary Combined
http://slidepdf.com/reader/full/cisa-glossary-combined 9/69
CISA DECEMBER, 2007 BATCH
con!ecuti$el% !o t#at t#e pre!ence of eac# record can be confirmed, and control
total, &#ic# i! a total of t#e $alue! in !elected field! &it#in t#e tran!action!)
Batc# proce!!in( T#e proce!!in( of a (roup of tran!action! at t#e !ame time) Tran!action! are
collected and proce!!ed a(ain!t t#e ma!ter file! at a !pecified time)
Ba%e!ian filter A met#od often emplo%ed b% anti!pam !oft&are to filter !pam ba!ed on
probabilitie!) T#e me!!a(e #eader and e$er% &ord or number are eac# con!idered a
to"en and (i$en a probabilit% !core) T#en t#e entire me!!a(e i! (i$en a !pam probabilit% !core) A me!!a(e &it# a #i(# !core &ill be fla((ed a! !pam and
di!carded, returned to it! !ender or put in a !pam director% for furt#er re$ie& b%
t#e in tended recipient)
Baud rate T#e rate of tran!mi!!ion for telecommunication data) It i! e'pre!!ed in bit! per
!econd *bp!+
Benc#mar" A te!t t#at #a! been de!i(ned to e$aluate t#e performance of a !%!tem) In a
benc#mar" te!t, a !%!tem i! !ubected to a "no&n &or"load and t#e performance of t#e !%!tem a(ain!t t#i! &or"load i! mea!ured) T%picall%, t#e purpo!e i! to compare
t#e mea!ured performance &it# t#at of ot#er !%!tem! t#at #a$e been !ubect to t#e
!ame benc#mar" te!t)Binar% code A code &#o!e repre!entation i! limited to 0 and 5
Bindin( An affirmation b% a Certif%in( Aut#orit% of t#e relation!#ip bet&een a named
entit% and it! public "e%
Biometric loc"! Door and entr% loc"! t#at are acti$ated b% !uc# biometric feature! a! $oice, e%e
retina, fin(erprint or !i(nature
Biometric! A !ecurit% tec#ni1ue t#at $erifie! an indi$idual/! identit% b% anal%.in( a uni1ue p#%!ical attribute, !uc# a! a #andprint
Blac" bo' te!tin( A te!tin( approac# &#ic# focu!e! on t#e functionalit% of t#e application or product
and doe! not re1uire "no&led(e of t#e code inter$al!)
Border router See e'ternal router)
Brid(e A de$ice t#at connect! t&o !imilar net&or"! to(et#er
Broadband In broadband, multiple c#annel! are formed b% di$idin( t#e tran!mi!!ion mediuminto di!crete fre1uenc% !e(ment!) It (enerall% re1uire! t#e u!e of a modem)
Brouter! De$ice! t#at perform t#e function! of bot# brid(e! and router! are called brouter!)
aturall%, t#e% operate at bot# t#e data lin" and t#e net&or" la%er!) A brouter connect! !ame data lin" t%pe A !e(ment! a! &ell a! different data lin" one!,
&#ic# i! a !i(nificant ad$anta(e) i"e a brid(e it for&ard! pac"et! ba!ed on t#edata lin" la%er addre!! to a different net&or" of t#e !ame t%pe) Al!o, &#ene$er re1uired, it proce!!e! and for&ard! me!!a(e! to a different data lin" t%pe net&or"
ba!ed on t#e net&or" protocol addre!!) >#en connectin( !ame data lin" t%pe
net&or"!, t#e% are a! fa!t a! brid(e! be!ide! bein( able to connect different datalin" t%pe net&or"!)
Bro&!er A computer pro(ram t#at enable! t#e u!er to retrie$e information t#at #a! been
made publicl% a$ailable on t#e internet- al!o, t#at permit! multimedia*(rap#ic!+application! on t#e &orld &ide &eb
:
8/11/2019 Cisa Glossary Combined
http://slidepdf.com/reader/full/cisa-glossary-combined 10/69
CISA DECEMBER, 2007 BATCH
Brute force T#e name (i$en to a cla!! of al(orit#m! t#at repeatedl% tr% all po!!ible
combination! until a !olution i! found
BS*bu!ine!! !er$ice
pro$ider+
An AS t#at al!o pro$ide! out!ourcin( of bu!ine!! proce!!e! !uc# a! pa%ment
proce!!in(, !ale! order proce!!in( and application de$elopment
Bud(et E!timated co!t and re$enue amount! for a (i$en ran(e of period! and !et of boo"!)
T#ere can be multiple bud(et $er!ion! for t#e !ame !et of boo"!
Bud(et formula A mat#ematical e'pre!!ion u!ed to calculate bud(et amount! ba!ed on actual
re!ult!, ot#er bud(et amount! and !tati!tic!) >it# bud(et formula!, bud(et! u!in(comple' e1uation!, calculation! and allocation! can be automaticall% created) )
Bud(et #ierarc#% A (roup of bud(et! lin"ed to(et#er at different le$el! !uc# t#at t#e bud(etin(
aut#orit% of a lo&er3 le$el bud(et i! controlled b% an upper3le$el bud(et)
Bud(et or(ani.ation An entit% *department, co!t center, di$i!ion or ot#er (roup+ re!pon!ible for enterin( and maintainin( bud(et data)
Buffer Memor% re!er$ed to temporaril% #old data) Buffer! are u!ed to off!et difference! bet&een t#e operatin( !peed! of different de$ice!, !uc# a! a printer and a
computer) In a pro(ram, buffer! are re!er$ed area! of RAM t#at #old data &#ile
t#e% are bein( proce!!ed)
Bul" data tran!fer A data reco$er% !trate(% t#at include! a reco$er% from complete bac"up! t#at are
p#%!icall% !#ipped off !ite once a &ee") Specificall%, lo(! are batc#edelectronicall% !e$eral time! dail% and t#en loaded into a tape librar% loaded at t#e
!ame facilit% a! t#e planned reco$er%)
Bu! Common pat# or c#annel bet&een #ard&are de$ice!) It can be bet&een
component! internal to a computer or bet&een e'ternal computer! in acommunication! net&or")
Bu! confi(uration All de$ice! *node!+ are lin"ed alon( one communication line &#ere tran!mi!!ion!
are recei$ed b% all attac#ed node!) T#i! arc#itecture i! reliable in $er% !mallnet&or"!, a! &ell a! ea!% to u!e and under!tand) T#i! confi(uration re1uire! t#e
lea!t amount of cable to connect t#e computer! to(et#er and, t#erefore, i! le!!
e'pen!i$e t#an ot#er cablin( arran(ement!) It i! al!o ea!% to e'tend, and t&o
cable! can be ea!il% oined &it# a connector to ma"e a lon(er cable for morecomputer! to oin t#e net&or") A repeater can al!o be u!ed to e'tend a bu!
confi(uration
Bu!ine!! ca!e A document t#at pro$ide! mana(ement &it# !ufficient information, needed to
enable t#em to decide &#et#er to !upport a propo!ed proect, before !i(nificant
re!ource! are committed to it! de$elopment) A bu!ine!! ca!e include! anal%!i! of current bu!ine!! proce!! performance- a!!ociated a!!umption!, need! or problem!-
propo!ed !olution! and potential con!traint!, ba!ed upon a ri!"3adu!ted, co!t3
benefit anal%!i!)
Bu! topolo(% A t%pe of local area net&or" *A+ arc#itecture in &#ic# eac# !tation i! directl%
attac#ed to a common communication c#annel, !i(nal! tran!mitted o$er t#e
c#annel ta"e t#e form of me!!a(e!) A! eac# me!!a(e pa!!e! alon( t#e c#annel,eac# !tation recei$e! it) Eac# !tation t#en determine!, ba!ed on an addre!!
contained in t#e me!!a(e, &#et#er to accept and proce!! t#e me!!a(e or !impl% to
i(nore it)
50
8/11/2019 Cisa Glossary Combined
http://slidepdf.com/reader/full/cisa-glossary-combined 11/69
CISA DECEMBER, 2007 BATCH
Bu!ine!! impact
anal%!i!*BIA+
A proce!! to determine t#e impact of lo!in( t#e !upport of an% re!ource) T#e
bu!ine!! impact anal%!i! a!!e!!ment !tud% &ill e!tabli!# t#e e!calation of t#at lo!!
o$ertime )It i! predicated on t#e fact t#at !enior mana(ement, &#en pro$idedreliable date to document t#e potential impact of a lo!t re!ource, can ma"e t#e
appropriate deci!ion)
Bu!ine!! proce!!
inte(rit%
Control! o$er t#e bu!ine!! proce!!e! t#at are !upported b% t#e ER
Bu!ine!! proce!!reen(ineerin(*BR+
Modern e'pre!!ion for or(ani.ational de$elopment !temmin( from IS9IT impact!)T#e ultimate (oal of BR i! to %ield a better performin( !tructure, more re!pon!i$e
to t#e cu!tomer ba!e and mar"et condition!, &#ile %ieldin( material co!t !a$in(!
)To reen(ineer mean! rede!i(nin( a !tructure and procedure! &it# intelli(ence and!"ill!, &#ile bein( &ell informed about all of t#e attendant factor! of a (i$en
!ituation, !o a! to obtain t#e ma'imum benefit! from mec#ani.ation a! ba!ic
rationale)
Bu!ine!! ri!" otential for #arm or lo!! in ac#ie$in( bu!ine!! obecti$e!
Bu!ine!!3to3con!umer e3commerce*B2C+
Refer! to t#e proce!!e! b% &#ic# or(ani.ation! conduct bu!ine!! electronicall%&it# t#eir cu!tomer! and or public at lar(e u!in( t#e internet a! t#e enablin(
tec#nolo(%)
B%pa!! label proce!!in(*B+
A tec#ni1ue of readin( a computer file &#ile b%pa!!in( t#e internal file9data !etlabel) T#i! proce!! could re!ult in b%pa!!in( of t#e !ecurit% acce!! control !%!tem)
CAAT! See computer3a!!i!ted audit tec#ni1ue!
Cadbur% T#e committee on t#e financial A!pect! of corporate o$ernance, !et up in Ma%
5::5 b% t#e ?4 accountanc% profe!!ion, &a! c#aired b% !ir Adrian Cadbur% and produced a report on t#e !ubect commonl% "no&n, in t#e ?4, a! t#e Cadbur%report)
Capacit% !tre!! te!tin( Te!tin( an application &it# lar(e 1uantitie! of data to e$aluate it! performance
durin( pea" period!) It al!o i! called $olume te!tin()
Card !&ipe! A p#%!ical control tec#ni1ue t#at u!e! a !ecured card or ID to (ain acce!! to a
#i(#l% !en!iti$e location) Card !&ipe!, if built correctl%, act a! a pre$entati$e
control o$er p#%!ical acce!! to t#o!e !en!iti$e location!) After a card #a! been!&iped, t#e application attac#ed to t#e p#%!ical card !&ipe de$ice lo(! all card
u!er! t#at tr% to acce!! t#e !ecured location) T#e card !&ipe de$ice pre$ent!
unaut#ori.ed acce!! and lo(! all attempt! to enter t#e !ecured location)Cat#ode ra% tube *CRT+ A $acuum tube t#at di!pla%! data b% mean! of an electron beam !tri"in( t#e
!erene, &#ic# i! coated &it# !uitable p#o!p#or material or a de$ice !imilar to a
tele$i!ion !erene upon &#ic# data can be di!pla%ed
Capabilit% Maturit%
Model *CMM+
T#e capabilit% Maturit% Model *CMM+ for !oft&are, from t#e !oft&are
En(ineerin( In!titute *SEI+, i! a model u!ed b% man% or(ani.ation! to identif% be!t practice! u!eful in #elpin( t#em a!!e!! and increa!e t#e maturit% if t#eir !oft&are
de$elopment proce!!)
55
8/11/2019 Cisa Glossary Combined
http://slidepdf.com/reader/full/cisa-glossary-combined 12/69
CISA DECEMBER, 2007 BATCH
Central office *C+ A telecommunication! carrier/! facilitie! in a local area in &#ic# !er$ice i!
pro$ided &#ere local !er$ice i! !&itc#ed to lon( di!tance
Central proce!!in( unit
*C?+
Computer #ard&are t#at #ou!e! t#e electronic circuit! t#at control9direct all
operation! of t#e computer !%!tem
Centrali.ed data
proce!!in(
Identified b% one central proce!!or and databa!e! t#at form a di!tributed
proce!!in( confi(uration
Certificate A Di(ital Si(nature Certificate i!!ued b% Certif%in( Aut#orit%
Certificate*certification+
*CA+ aut#orit%
In cr%pto(rap#%, a certificate aut#orit% or certificate aut#orit% or certification
aut#orit% *CA+ i! an entit% &#ic# i!!ue! di(ital certificate! for u!e b% ot#er partie!)
It i! an e'ample of a tru!ted t#ird part%) A certificate aut#orit% atte!t!, a! t#e tru!ted pro$ider of t#e public9pri$ate "e% pair!, to t#e aut#enticit% of t#e o&ner *entit% or
indi$idual+ to &#om a public 9pri$ate "e% pair #a! been (i$en) T#e proce!!
in$ol$e! a CA &#o ma"e! a deci!ion to i!!ue a certificate ba!ed on e$idence or "no&led(e obtained in $erif%in( t#e identit% of t#e recipient) ?pon $erif%in( t#e
identit% of t#e recipient, t#e CA !i(n! t#e certificate &it# it! pri$ate "e% for
di!tribution to t#e u!er, &#ere, upon receipt, t#e u!er &ill decr%pt t#e certificate&it# t#e CA/! public "e% *e)(), commercial CA! !uc# a! Jeri!i(n pro$ide public
"e%! on &eb bro&!er!+) T#e ideal CA i! aut#oritati$e *!omeone t#at t#e u!er tru!t!+ for t#e name or "e% !pace it repre!ent!) CA/! are c#aracteri!tic of man%
public "e% infra!tructure *4I+ !c#eme!) T#ere are man% commercial CA! t#atc#ar(e for t#eir !er$ice!) In!titution! and (o$ernment! ma% #a$e t#eir o&n CA!,
and t#ere are free CA!)
Certificate C#ain An ordered li!t of certificate! containin( an end3u!er !ub!criber certificate and
Certif%in( Aut#orit% certificate! *See $alid certificate+
Certificate Cla!! A Di(ital Si(nature Certificate of a !pecified le$el of tru!t
Certificate E'piration T#e time and date !pecified in t#e Di(ital Si(nature Certificate &#en t#e
operational period end!, &it#out re(ard to an% earlier !u!pen!ion or re$ocation
Certificate E'ten!ion An e'ten!ion field to a Di(ital Si(nature Certificate &#ic# ma% con$e% additionalinformation about t#e public "e% bein( certified, t#e certified !ub!criber, t#e
Di(ital Si(nature Certificate i!!uer, and9or t#e certification proce!! Standard
e'ten!ion! are defined in Amendment 5 to IS9IEC :F:3<5::F *F0:+ Cu!tome'ten!ion! can al!o be defined b% communitie! of intere!t
Certificate I!!uance T#e action! performed b% a Certif%in( Aut#orit% in creatin( a Di(ital Si(natureCertificate and notif%in( t#e Di(ital Si(nature Certificate applicant *anticipated to
become a !ub!criber+ li!ted in t#e Di(ital Si(nature Certificate of it! content!
Certificate Mana(ement
KMana(ement of Di(ital
Si(nature CertificateL
Certificate mana(ement include!, but i! not limited to, !tora(e, di!tribution,
di!!emination, accountin(, publication, compromi!e, reco$er%, re$ocation,
!u!pen!ion and admini!tration of Di(ital Si(nature Certificate! A Certif%in(
Aut#orit% underta"e! Di(ital Si(nature Certificate mana(ement function! b%!er$in( a! a re(i!tration aut#orit% for !ub!criber Di(ital Si(nature Certificate! A
Certif%in( Aut#orit% de!i(nate! i!!ued and accepted Di(ital Si(nature Certificate!
a! $alid b% publication)
Certificate olic% A !peciali.ed form of admini!trati$e polic% tuned to electronic tran!action!
performed durin( Di(ital Si(nature Certificate mana(ement A Certificate olic%addre!!e! all a!pect! a!!ociated &it# t#e (eneration, production, di!tribution,
accountin(, compromi!e reco$er% and admini!tration of di(ital certificate!
Indirectl%, a certificate polic% can al!o (o$ern t#e tran!action! conducted u!in( acommunication! !%!tem protected b% a certificate3ba!ed !ecurit% !%!tem B%
52
8/11/2019 Cisa Glossary Combined
http://slidepdf.com/reader/full/cisa-glossary-combined 13/69
CISA DECEMBER, 2007 BATCH
controllin( critical certificate e'ten!ion!, !uc# policie! and a!!ociated enforcement
tec#nolo(% can !upport pro$i!ion of t#e !ecurit% !er$ice! re1uired b% particular
application!
Certificate re$ocation li!t
*CR+
An in!trument for c#ec"in( t#e continued $alidit% of t#e certificate! for &#ic# t#e
certification aut#orit% *CA+ #a! re!pon!ibilit%) CR detail! di(ital certificate! t#atare no lon(er $alid) T#e time (ap bet&een t&o update! i! $er% critical and i! al!o
a ri!" in di(ital certificate! $erification)
A periodicall% *or e'i(entl%+ i!!ued li!t, di(itall% !i(ned b% a Certif%in( Aut#orit%,
of identified Di(ital Si(nature Certificate! t#at #a$e been !u!pended or re$o"ed
prior to t#eir e'piration date! T#e li!t (enerall% indicate! t#e CR i!!uer! name,t#e date of i!!ue, t#e date of t#e ne't !c#eduled CR i!!ue, t#e !u!pended or
re$o"ed Di(ital Si(nature Certificate! !erial number!, and t#e !pecific time! and
rea!on! for !u!pen!ion and re$ocation
Certificate Serial umber A $alue t#at unambi(uou!l% identifie! a Di(ital Si(nature Certificate (enerated b%
a Certif%in( Aut#orit%
Certificate Si(nin(
Re1ue!t *CSR+
A mac#ine3readable form of a Di(ital Si(nature Certificate application)
Certification 9 Certif% T#e proce!! of i!!uin( a Di(ital Si(nature Certificate b% a Certif%in( Aut#orit%
Certification practice
!tatement *CS+
A CS i! a detailed !et of rule! (o$ernin( t#e certificate aut#orit%/! operation!) It
pro$ide! an under!tandin( of t#e $alue and tru!t&ort#ine!! of certificate! i!!ued b% a (i$en CA in term! of t#e control! t#at an or(ani.ation ob!er$e!, t#e met#od it
u!e! to $alidate t#e aut#enticit% of certificate applicant! and t#e CA/! e'pectation!
of #o& it! certificate! ma% be u!ed)
A !tatement i!!ued b% a Certif%in( Aut#orit% to !pecif% t#e practice! t#at t#e
Certif%in( Aut#orit% emplo%! in i!!uin( Di(ital Si(nature Certificate!)Certif%in( Aut#orit%
*CA+
A per!on &#o #a! been (ranted a licence to i!!ue a Di(ital Si(nature Certificate
under an Act
Certif%in( Aut#orit%
Soft&are
T#e cr%pto(rap#ic !oft&are re1uired to mana(e t#e "e%! of end entitie!
Certif%in( Aut#orit%
S%!tem
All t#e #ard&are and !oft&are !%!tem *e( Computer, 4I !er$er!, net&or" de$ice!
etc+ u!ed b% t#e Certif%in( Aut#orit% for (eneration, production, i!!ue andmana(ement of Di(ital Si(nature Certificate)
C#allen(e #ra!e A !et of number! and9or letter! t#at are c#o!en b% a Di(ital Si(nature Certificate
applicant, communicated to t#e Certif%in( Aut#orit% &it# a Di(ital Si(natureCertificate application, and u!ed b% t#e Certif%in( Aut#orit% to aut#enticate t#e
!ub!criber for $ariou! purpo!e! a! re1uired b% t#e Certification ractice StatementA c#allen(e p#ra!e i! al!o u!ed b% a !ecret !#are #older to aut#enticate #im!elf,#er!elf, or it!elf to a !ecret !#are i!!uer
C#annel !er$ice?nit9Di(ital !er$ice ?nit
*CS?9DS?+
Interface! at t#e p#%!ical la%er of t#e SI reference model, data terminale1uipment *DTE+ to data circuit terminatin( e1uipment *DCE+) 6or !&itc#ed
carrier net&or"!
Certificate re$ocation
i!t
A li!t of retracted certificate!
C#allen(e9re!pon!e to"en A met#od of u!er aut#entication) C#allen(e re!pon!e aut#entication i! carried out
5;
8/11/2019 Cisa Glossary Combined
http://slidepdf.com/reader/full/cisa-glossary-combined 14/69
CISA DECEMBER, 2007 BATCH
t#roat% u!e of t#e c#allen(e Hand!#a"e Aut#entication protocol *CHA+) >#en a
u!er trie! to lo( into t#e !er$er, t#e !er$er !end! t#e u!er a c#allen(e,8 &#ic# i! a
random $alue) T#e u!er enter! a pa!!&ord, &#ic# i! u!ed a! an encr%ption "e% toencr%pt t#e c#allen(e8 and return it to t#e !er$er) T#e !er$er i! a&are of t#e
pa!!&ord) It) t#erefore, encr%pt! t#e c#allen(e8 $alue and compare! it &it# t#e
$alue recei$ed from t#e u!er) If t#e $alue! matc# t#e u!er i! aut#enticated)
T#e c#allen(e9re!pon!e acti$it% continue! t#rou(#out t#e !e!!ion and t#i! prote!t!t#e !e!!ion from pa!!&ord !niffin( attac"!) In addition, CHA i! not $ulnerable to
man in t#e middle8 attac"! a! t#e c#allen(e $alue i! a random $alue t#at c#an(e!on eac# acce!! attempt)
C#ec" di(it A numeric $alue, &#ic# #a! been calculated mat#ematicall%, i! added to data toen!ure t#at ori(inal data #a$e not been altered or t#at an incorrect, but $alid matc#
#a! occurred) T#i! control i! effecti$e in detectin( tran!po!ition and tran!cription
error!)
C#ec" di(it $erification
*!elf3c#ec"in( di(it+
A pro(rammed edit or routine t#at detect! tran!po!ition and tran!cription error! b%
calculatin( and c#ec"in( t#e c#ec" di(it
C#ec"point re!tart
procedure!
A point in a routine at &#ic# !ufficient information can be !tored to permit
re!tartin( t#e computation from t#at pointC#ec"li!t A li!t of item! t#at i! u!ed to $erif% t#e completene!! of a ta!" or (oal) A c#ec"li!t
i! u!ed in 1ualit% a!!urance *and in (eneral, in information !%!tem! audit+, to
c#ec" proce!! compliance, code !tandardi.ation and error pre$ention, and ot#er item! for &#ic# con!i!tenc% proce!!e! or !tandard! #a$e been defined)
C#ec"!um A cr%pto(rap#ic c#ec"!um i! a mat#ematical $alue t#at i! a!!i(ned to a file andu!ed to te!t8 t#e file at a later date to $erif% t#at t#e data contained in t#e file #a!
not been maliciou!l% c#an(ed) A cr%pto(rap#ic c#ec"!um i! created b% performin(
a complicated !erie! of mat#ematical operation! *"no&n a! a cr%pto(rap#ical(orit#m+ t#at tran!late! t#e data in t#e file into a fi'ed !trin( if di(it! called a
#a!# $alue, &#ic# i! t#en u!ed a! t#e c#ec"!um) >it#out "no&in( &#ic#
cr%pto(rap#ic al(orit#m &a! u!ed to create t#e #a!# $alue, it i! #i(#l% unli"el%t#at an unaut#ori.ed per!on &ould be able to c#an(e data &it#out inad$ertentl%c#an(in( t#e corre!pondin( c#ec"!um) Cr%pto(rap#ic c#ec"!um! are u!ed in data
tran!mi!!ion and data !tora(e) Cr%pto(rap#ic c#ec"!um! are al!o "no&n a!
me!!a(e aut#entication code!, inte(rit% c#ec" $ale!, modification detection code!or me!!a(e inte(rit% code!)
Cip#erte't Information (enerated b% an encr%ption al(orit#m to protect t#e plainte't) T#ecip#erte't i! unintelli(ible to t#e unaut#ori.ed reader)
Circuit3!&itc#ed net&or" A data tran!mi!!ion !er$ice re1uirin( t#e e!tabli!#ment of a circuit3!&itc#ed
connection before data can be tran!ferred from !ource data terminal e1uipment*DTE+ to a !in" DTE) A circuit3!&itc#ed connection before data tran!mi!!ion
!er$ice u!e! a connection net&or")Circular routin( In open !%!tem! arc#itecture, circular routin( i! t#e lo(ical pat# of a me!!a(e in a
communication! net&or" ba!ed on a !erie! of (ate! at t#e p#%!ical net&or" la%er
in t#e open !%!tem! interconnection *SI+ model)
Clearte't Data t#at i! not encr%pted) Al!o "no&n a! plainte't)
Client Application An application t#at run! on a per!onal computer or &or"!tation and relie! on a!er$er to perform !ome operation
Client3!er$er A (roup of computer! connected b% a communication! net&or", &#ere t#e client i!
5
8/11/2019 Cisa Glossary Combined
http://slidepdf.com/reader/full/cisa-glossary-combined 15/69
CISA DECEMBER, 2007 BATCH
t#e re1ue!tin( mac#ine and t#e !er$er i! t#e !uppl%in( mac#ine, !oft&are i!
!peciali.ed at bot# end!) roce!!in( ma% ta"e place on eit#er t#e client or t#e
!er$er, but it i! tran!parent to t#e u!er)
Clu!ter controller A communication! terminal control #ard&are unit t#at control! a number of
computer terminal!) All me!!a(e! are buffered b% t#e controller and t#entran!mitted to t#e recei$er)
Coa'ial cable It i! compo!ed of an in!ulated &ire t#at run! t#rou(# t#e middle of eac# cable, a
!econd &ire t#at !urround! t#e in!ulation of t#e inner &ire li"e a !#eat#, and t#eouter in!ulation &#ic# &rap! t#e !econd &ire) Coa'ial cable #a! a (reater
tran!mi!!ion capacit% t#an !tandard t&i!ted3pair cable! but #a! a limited ran(e of
effecti$e di!tance)
CBIT Control becti$e! for information and related Tec#nolo(%, t#e international !et of
IT control obecti$e! publi!#ed b% ISAC6)2000,5::,5::G
CC Criteria f control, ubli!#ed b% t#e Canadian in!titute of c#artered Accountant!
in 5::F
Co#e!ion T#e e'tent to &#ic# a !%!tem unit NN!ubroutine, pro(ram, module, component,
!ub!%!temNN perform! a !in(le dedicated function, enerall%, t#e more co#e!i$e
are unit!, t#e ea!ier it i! to maintain and en#ance a !%!tem, !ince it i! ea!ier to
determine &#ere and #o& to appl% a c#an(e)Cold !ite An IS bac"up facilit% t#at #a! t#e nece!!ar% electrical and p#%!ical component! of
a computer facilit%, but die! not #a$e t#e computer e1uipment in place) T#e !ite i!
read% to recei$e t#e nece!!ar% replacement computer e1uipment in t#e e$ent t#e
u!er! #a$e to mo$e from t#eir main computin( location to t#e alternati$e computer facilit%)
Combined code oncorporate o$ernance
T#e con!olidation in 5:: of t#e Cadbur%,8 reenbur%8 and Hampel8 Report!) amed after t#e committee c#air!, t#e!e report! &ere !pon!ored b% t#e ?
financial Reportin( council, t#e ondon !toc" E'c#an(e, t#e confederation of
Briti!# indu!tr%, t#e in!titute of Director!, t#e con!ultati$e committee of
Accountanc% Bodice, t#e ational A!!ociation of en!ion fund! and t#e
A!!ociation of Briti!# in!urer! to addre!! t#e financial A!pect! of corporateo$ernance) Director!/ Remuneration and t#e implementation of t#e Cadbur% and
reenbur% recommendation!)
Common 4e% Some !%!tem! of cr%pto(rap#ic #ard&are re1uire armin( t#rou(# a !ecret3!#arin(
proce!! and re1uire t#at t#e la!t of t#e!e !#are! remain p#%!icall% attac#ed to t#e#ard&are in order for it to !ta% armed In t#i! ca!e, common "e%8 refer! to t#i! la!t
!#are It i! not a!!umed to be !ecret a! it i! not continuall% in an indi$idual/!
po!!e!!ion)
Communication9et&or"
S%!tem
A !et of related, remotel% connected de$ice! and communication! facilitie!
includin( more t#an one computer !%!tem &it# t#e capabilit% to tran!mit data
amon( t#em t#rou(# t#e communication! facilitie! *co$erin( ISD, lea!e line!,
dial3up, A, >A, etc+Communication!controller
Small computer! u!ed to connect and coordinate communication lin"! bet&eendi!tributed or remote de$ice! and t#e main computer, t#u! freein( t#e main
computer from t#i! o$er#ead function
Communication
proce!!or
A computer embedded in a communication! !%!tem t#at (enerall% perform! ba!ic
ta!"! of cla!!if%in( net&or" traffic and enforcin( net&or" polic% function!) An
e'ample i! t#e me!!a(e data proce!!or of a DD !&itc#in( center) More ad$anced
communication! proce!!or! ma% perform additional function!)
5F
8/11/2019 Cisa Glossary Combined
http://slidepdf.com/reader/full/cisa-glossary-combined 16/69
CISA DECEMBER, 2007 BATCH
Compari!on pro(ram A pro(ram for t#e e'amination of data, u!in( lo(ical or conditional te!t! to
determine or to identif% !imilaritie! or difference!
Compen!atin( control An internal control t#at reduce! t#e ri!" of an e'i!tin( or potential control
&ea"ne!! re!ultin( in error! and omi!!ion!
Compiler A pro(ram t#at tran!late! pro(rammin( lan(ua(e*!ource code+into mac#ine
e'ecutable in!truction!*obect code+
Completel% connected
*me!#+confi(uration
A net&or" topolo(% in &#ic# de$ice! are connected &it# man% redundant
interconnection! bet&een net&or" node!) *rimaril% u!ed for bac"bone net&or"!)+Completene!! c#ec" A procedure de!i(ned to en!ure t#at no field! are mi!!in( from a record
Compliance te!tin( Audit te!t! t#at determine if internal control! are bein( applied in a manner
de!cribed in t#e documentation and in accordance &it# mana(ement/! intent!)
T#e!e are te!t! t#at are u!ed to determine &#et#er internal control! actuall% e'i!tand are &or"in( effecti$el%)
Component!*a! incomponent3ba!ed
de$elopment+
Cooperatin( pac"a(e! of e'ecutable !oft&are t#at ma"e t#eir !er$ice! a$ailablet#rou(# defined interface!) Component! u!ed in de$elopin( !%!tem! ma% be
commercial off3t#e3!#elf !oft&are *CTS+ or ma% be purpo!el% built) Ho&e$er,
t#e (oal of component3ba!ed de$elopment i! to ultimatel% u!e a! muc#
prede$eloped, prete!ted rete!ted component! a! po!!ible)Compre#en!i$e audit An audit de!i(ned to determine t#e accurac% of financial record!, a! &ell a!
e$aluate t#e internal control! of a function or department
Compromi!e A $iolation *or !u!pected $iolation+ of a !ecurit% polic%, in &#ic# an unaut#ori.ed
di!clo!ure of, or lo!! of control o$er, !en!iti$e information ma% #a$e occurred * Cf,data inte(rit%+)
Computationall% (reed% Re1uirin( a (reat deal of computin( po&er- proce!!or inten!i$e
Computer An% electronic, ma(netic, optical or ot#er #i(#3!peed data proce!!in( de$ice or
!%!tem &#ic# perform! lo(ical, arit#metic, and memor% function! b%manipulation! of electronic, ma(netic or optical impul!e!, and include! all input,
output, proce!!in(, !tora(e, computer !oft&are, or communication facilitie! &#ic#are connected or related to t#e computer in a computer !%!tem or computer net&or"
Computer Data Ba!e Mean! a repre!entation of information, "no&led(e, fact!, concept! or in!truction!in te't, ima(e, audio, $ideo t#at are bein( prepared or #a$e been prepared in a
formali!ed manner or #a$e been produced b% a computer, computer !%!tem or
computer net&or" and are intended for u!e in a computer, computer !%!tem or computer net&or")
Computer et&or" Interconnection of one or more computer! t#rou(#O
*i+ t#e u!e of !atellite, micro&a$e, terre!trial line or ot#er communicationmedia- and
*ii+ terminal! or a comple' con!i!tin( of t&o or more interconnected computer!&#et#er or not t#e interconnection i! continuou!l% maintained)
Computer erip#eral Mean! e1uipment t#at &or"! in conunction &it# a computer but i! not a part of
t#e main computer it!elf, !uc# a! printer, ma(netic tape reader, etc)
Computer Re!ource Mean! computer, computer !%!tem, computer net&or", data, computer databa!e or
!oft&are)
Computer !e1uence
c#ec"in(
Jerifie! t#at t#e control number follo&! !e1uentiall% and an% control number! out
of !e1uence are reected or noted on an e'ception report for furt#er re!earc#
5G
8/11/2019 Cisa Glossary Combined
http://slidepdf.com/reader/full/cisa-glossary-combined 17/69
CISA DECEMBER, 2007 BATCH
Computer !er$er 5+ A computer dedicated to !er$icin( re1ue!t! for re!ource! from ot#er computer!on a net&or", !er$er! t%picall% run net&or" operatin( !%!tem!) 2+ A computer t#at
pro$ide! !er$ice! to anot#er computer *t#e client+)
Computer3emer(enc%
re!pon!e team *CERT+
A (roup of people inte(rated at t#e or(ani.ation &it# clear line! lf reportin( and
re!pon!ibilitie! for !tandb% !upport in ca!e of an information !%!tem! emer(enc%)
T#i! (roup &ill act a! an efficient correcti$e control, and !#ould al!o act a! a
!in(le point of contact for all incident! and i!!ue! related to information !%!tem!)Computer3a!!i!ted audit
tec#ni1ue *CASE+
T#e u!e of !oft&are pac"a(e! t#at aid in t#e de$elopment of all p#a!e! of an
information !%!tem, !%!tem anal%!i!, de!i(n pro(rammin( and documentation are pro$ided) C#an(e! introduced in one CASE c#art &ill update all ot#er related
c#art! automaticall%) CASE can be in!talled on a microcomputer for ea!% acce!!)
Computer3a!!i!ted audit
tec#ni1ue *CAAT+
An% automated audit tec#ni1ue, !uc# a! (enerali.ed audit !oft&are, te!t data
(enerator!, computeri.ed audit pro(ram! and !peciali.ed audit utilitie!
Computer S%!tem A de$ice or collection of de$ice!, includin( input and output !upport de$ice! and
e'cludin( calculator! &#ic# are not pro(rammable and capable of bein( u!ed in
conunction &it# e'ternal file!, &#ic# contain computer pro(ramme!, electronic
in!truction!, input data and output data, t#at perform! lo(ic, arit#metic, data
!tora(e and retrie$al, communication control and ot#er function!Concurrent acce!! A fail3o$er proce!!, in &#ic# al node! run t#e !ame re!ource (roup *t#ere can be
no I or MAC addre!!e! in a concurrent re!ource (roup+and acce!! t#e e'ternal
!tora(e concurrentl%
Confidentialit% Confidentialit% concern! t#e protection of !en!iti$e information from unaut#ori.ed
di!clo!ure)
T#e condition in &#ic# !en!iti$e data i! "ept !ecret and di!clo!ed onl% toaut#ori.ed partie!)
Confirm To a!certain t#rou(# appropriate in1uir% and in$e!ti(ation *See alsoaut#entication- $erif% a di(ital !i(nature+)
Confirmation of Di(italSi(nature Certificate
C#ain
T#e proce!! of $alidatin( a Di(ital Si(nature Certificate c#ain and !ub!e1uentl%$alidatin( an end3u!er !ub!criber Di(ital Si(nature Certificate)
Computer foren!ic! T#e application of t#e !cientific met#od to di(ital media to e!tabli!# factual
information for udicial re$ie&) T#i! proce!! often in$ol$e! in$e!ti(atin( computer
!%!tem! to determine &#et#er t#e% are or #a$e been u!ed for ille(al or unaut#ori.ed acti$itie!) A! a di!cipline, it combine! element! lf la& and computer
!cience to collect and anal%.e data from information !%!tem! *e, (), per!onal
computer!, net&or"!, &irele!! communication! and di(ital !tora(e and di(ital!tora(e de$ice!+ in a &a% t#at i! admi!!ible a! e$idence in a court of la&)
Concurrenc% control Refer! to a cla!! of control! u!ed in databa!e mana(ement !%!tem! *DBMS+ toen!ure t#at tran!action! are proce!!ed in an atomic, con!i!tent, i!olated and
durable manner *ACID+) T#i! implie! t#at onl% !erial and reco$erable !c#edule!
are permitted) And t#at committed tran!action! are not di!carded &#en undoin(aborted tran!action!)
Con!ole lo( An automated detail report of computer !%!tem acti$it%
Con!umer ne &#o obtain! product! or !er$ice! from a ban" to be u!ed primaril% for
per!onal, famil% or #ou!e#old purpo!e!)
57
8/11/2019 Cisa Glossary Combined
http://slidepdf.com/reader/full/cisa-glossary-combined 18/69
CISA DECEMBER, 2007 BATCH
Content filterin( Controllin( acce!! to a net&or" b% anal%.in( t#e content! of t#e incomin( and
out(oin( pac"et! and eit#er lettin( t#em pa! or den%in( t#em ba!ed on a li!t lf
rule!) Differ! from pac"et filterin( in t#at it i! t#e data in t#e pac"et t#at areanal%.ed in!tead of t#e attribute! of t#e pac"et it!elf *e)(), !ource9tar(et I addre!!,
TC fla(!+
Contin(enc% lan! T#e e!tabli!#ment of emer(enc% re!pon!e, bac" up operation, and po!t3di!a!ter
reco$er% proce!!e! maintained b% an information proce!!in( facilit% or for an
information !%!tem)
E!tabli!# t#e !trate(% for reco$erin( from unplanned di!ruption of information
proce!!in( operation! T#e !trate(% include! t#e identification and priorit% of &#at
mu!t be done, &#o perform! t#e re1uired action, and &#at tool! mu!t be u!ed)
A document, de$eloped in conunction &it# application o&ner! and maintained at
t#e primar% and bac"up computer in!tallation, &#ic# de!cribe! procedure! andidentifie! t#e per!onnel nece!!ar% to re!pond to abnormal !ituation! !uc# a!
di!a!ter! Contin(enc% plan! #elp mana(er! en!ure t#at computer application
o&ner! continue to proce!! *&it# or &it#out computer!+ mi!!ion3critical
application! in t#e e$ent t#at computer !upport i! interrupted)Continuit% T#e act! pre$entin(, miti(atin( and reco$erin( from di!ruption) T#e term!
bu!ine!! re!umption plannin(, di!a!ter
Reco$er% plannin( and contin(enc% plannin( al!o ma% be u!ed in t#i! conte't-
t#e% all concentrate on t#e reco$er% a!pect! of continuit%)
Continuou! auditin( T#i! approac# allo&! IS auditor! to monitor !%!tem reliabilit% on a continuou!
ba!i! and to (at#er !electi$e audit e$idence t#rou(# t#e computer)
Continuou! impro$ement T#e (oal! of continuou! impro$ement *"ai.en+ include t#e elimination of &a!te,
defined a! acti$itie! t#at add co!t but do not add $alue,8 u!t3in3time deli$er%- production load le$elin( of amount! and t%pe!- !tandardi.ed &or"- paced mo$in(
line!- ri(#t3!i.ed e1uipment, and !o on) A clo!er definition of t#e @apane!e u!a(e
of "ai.en i! to ta"e it apart and put bac" to(et#er in a better &a%)8 >#at i! ta"enapart i! u!uall% a proce!! t#at, &#en done correctl%, #umani.e! t#e &or"place,eliminate! #are &or" *bot# mental and p#%!ical+, and teac#e! people #o& to do
rapid e'periment! u!in( t#e !cientific met#od and #o& to learn to !ee and
eliminate &a!te in bu!ine!! proce!!e!)
Control! Mea!ure! ta"en to en!ure t#e inte(rit% and 1ualit% of a proce!!)
Control (roup Member! of t#e operation! area t#at are re!pon!ible for t#e collection, lo((in( and!ubmi!!ion of input for t#e $ariou! u!er (roup!
Control obecti$e T#e obecti$e! of mana(ement t#at are u!ed a! t#e frame&or" for de$elopin( and
implementin( control! *control procedure!+)
Control becti$e! for Enterpri!e o$ernance
A di!cu!!ion document &#ic# !et! out an Enterpri!e o$ernance Model8focu!in( !tron(l% on bot# t#e enterpri!e bu!ine!! (oal! and t#e information!%!tem! Audit and control 6oundation in 5:::
Control perimeter T#e boundar% definin( t#e !cope of control aut#orit% for an entit%) 6or e'ample, if a !%!tem i! &it#in t#e control perimeter, t#e ri(#t and abilit% e'i!t! to control it in
re!pon!e to an attac")
Control ri!" T#e ri!" t#at an error &#ic# could occur in an audit area, and &#ic# could be
material, indi$iduall% or in combination &it# ot#er error!, &ill not be pre$ented or
detected and corrected on a timel% ba!i! b% t#e internal control !%!tem
5
8/11/2019 Cisa Glossary Combined
http://slidepdf.com/reader/full/cisa-glossary-combined 19/69
CISA DECEMBER, 2007 BATCH
Control ri!" !elf
a!!e!!ment
An empo&erin( met#od9proce!! b% &#ic# mana(ement and !taff of all le$el!
collecti$el% identif% and e$aluate IS related ri!"! and control! under t#e (uidance
of a facilitator &#o could be an IS auditor) T#e IS auditor can utili.e CRSA for (at#erin( rele$ant information about ri!"! and control! and to for(e (reater
collaboration &it# mana(ement and !taff) CRSA pro$ide! a frame&or" and tool!
for mana(ement and emplo%ee! to-Identif% and prioritie! t#eir bu!ine!! obecti$e!)
A!!e!! and mana(e #i(# ri!" area! of bu!ine!! proce!!e!)Self3e$aluate t#e ade1uac% of control!)
De$elop ri!" treatment recommendation!
Control !ection T#e area of t#e central proce!!in( unit *C?+ t#at e'ecute! !oft&are, allocate!
internal memor% and tran!fer! operation! bet&een t#e arit#metic3lo(ic, internal!tora(e and output !ection! of t#e computer
Control &ea"ne!! A deficienc% in t#e de!i(n or operation of a control procedure) Control&ea"ne!!e! can potentiall% re!ult in ri!"! rele$ant to t#e area of acti$it% not bein(
reduced to an acceptable le$el *rele$ant ri!"! are t#o!e t#at t#reaten ac#ie$ement
of t#e obecti$e! rele$ant to t#e area of acti$it% bein( e'amined+) Control&ea"ne!!e! can be material &#en t#e de!i(n or operation of one or more control
procedure! doe! not reduce to a relati$el% lo& le$el t#e ri!" t#at mi!!tatement!cau!ed b% ille(al act! or irre(ularitie! ma% occur and not be detected b% t#e related
control procedure!)
Control! *control procedure!+ T#o!e policie! and procedure! implemented to ac#ie$e arelated control obecti$e
Corporate e'c#an(e rate An e'c#an(e rate, &#ic# can be u!ed optionall% to perform forei(n currenc%con$er!ion) T#e corporate e'c#an(e rate i! (enerall% a !tandard mar"et rate
determined b% !enior financial mana(ement for u!e t#rou(#out t#e or(ani.ation)
Corre!pond To belon( to t#e !ame "e% pair *See also public "e%- pri$ate "e%+
Coo"ie A me!!a(e "ept in t#e &eb bro&!er for t#e purpo!e of identif%in( u!er! and
po!!ibl% preparin( cu!tomi.ed &eb pa(e! for t#em) 6or t#e fir!t time, a u!er ma%
be re1uired to (o t#rou(# a re(i!tration proce!!) Sub!e1uent to t#i!, &#ene$er t#e
coo"ie/! me!!a(e i! !ent to t#e !er$er, a cu!tomi.ed $ie&, ba!ed on t#at u!er/! preference!, can be produced) T#e bro&!er/! implementation of coo"ie! #a!
#o&e$er brou(#t !e$eral !ecurit% concern!, allo&in( breac#e! of !ecurit% and t#e
t#eft of per!onal information *e)(), u!er pa!!&ord! t#at $alidate t#e u!er/! identit%and enable re!tricted &eb !er$ice!+)
Corporate (o$ernance T#e !%!tem b% &#ic# or(ani.ation! are directed and controlled) Board! of director! are re!pon!ible for t#e (o$ernance of t#eir or(ani.ation!) It con!i!t! of
t#e leader!#ip and or(ani.ational !tructure! and proce!!e! t#at en!ure t#eor(ani.ation !u!tain! and e'tend! !trate(ie! and obecti$e!)
Correcti$e control! T#e!e control! are de!i(ned to correct error!, omi!!ion! and unaut#ori.ed u!e! and
intru!ion! once t#e% are detected)
Correcti$e control! T#e!e control! are de!i(ned to correct error!, omi!!ion! and unaut#ori.ed u!e! and
intru!ion!, once t#e% are detected)
CS A report on Internal controlOAn Inte(rated 6rame&or"8 !pon!ored b% t#e
committee of !pon!orin( r(ani.ation! of t#e Tread &a% commi!!ion in 5::2)It
pro$ide! (uidance and a compre#en!i$e frame&or" of internal control for all
5:
8/11/2019 Cisa Glossary Combined
http://slidepdf.com/reader/full/cisa-glossary-combined 20/69
CISA DECEMBER, 2007 BATCH
or(ani.ation!)
Countermea!ure! An action, proce!!, de$ice or !%!tem t#at can pre$ent or miti(ate t#e effect! of
t#reat! to a computer, !er$er or net&or") In t#i! conte't, a t#reat i! a potential or actual ad$er!e e$ent t#at ma% be maliciou! or incidental, and t#at can compromi!e
t#e a!!et! of an enterpri!e or t#e inte(rit% of a computer or net&or" )Internal
control! are countermea!ure!, a! t#e% miti(ate t#e ri!"! pre!ented b% t#e t#reat!)
Countermea!ure!, can ta"e t#e form of !oft&are, #ard&are and mode! of be#a$ior)Couplin( Mea!ure of interconnecti$it% amon( !oft&are pro(ram module!/ !tructure)
Couplin( depend! on t#e interface comple'it% bet&een module!) T#i! can bedefined a! t#e point at &#ic# entr% or reference i! made to a module, and &#at data
pa!! acro!! t#e interface) In application !oft&are de!i(n, it i! preferable to !tri$e
for t#e lo&e!t po!!ible couplin( bet&een module!) Simple connecti$it% amon(module! re!ult! in !oft&are t#at i! ea!ier to under!tand, maintain and le!! prone to
a ripple or domino effect, cau!ed &#en error! occur at one location and propa(ate
t#rou(# a !%!tem)
Cu!tomer relation!#ip
mana(ement *CRM+
Cu!tomer relation!#ip mana(ement i! a &a% to identif%, ac1uire and retain
cu!tomer!) CRM i! al!o an indu!tr% term for !oft&are !olution! t#at #elp an
or(ani.ation mana(e cu!tomer relation!#ip! in an or(ani.ed manner)Co$era(e T#e proportion of "no&n attac"! detected b% an intru!ion detection !%!tem)
Credentialed anal%!i! In $ulnerabilit% anal%!i!, pa!!i$e monitorin( approac#e! in &#ic# pa!!&ord! or
ot#er acce!! credential! are re1uired) T#i! !ort of c#ec" u!uall% in$ol$e!acce!!in( a !%!tem data obect)
Credit ri!" T#e ri!" to earnin(! or capital ari!in( from an obli(or/! failure to meet t#e term!of an% contract &it# t#e ban" or ot#er&i!e to perform a! a(reed) Internet ban"in(
pro$ide! t#e opportunit% for band! to e'pand t#eir (eo(rap#ic ran(e) Cu!tomer!
can reac# a (i$en ban" from literall% an%&#ere in t#e &orld) In dealin( &it#cu!tomer! o$er t#e internet, ab!ent an% per!onal contact, it i! c#allen(in( for
ban"! to $erif% t#e (ood fait# of t#eir cu!tomer!, &#ic# i! an important element inma"in( !ound credit deci!ion!)
Criteria T#e !tandard! and benc#mar"! u!ed to mea!ure and pre!ent t#e !ubect matter and
a(ain!t &#ic# t#e IS auditor e$aluate! t#e !ubect matter) Criteria !#ould be-
becti$e 3 free from bia!Mea!urable 3 pro$ide for con!i!tent mea!urement
Complete 3 include all rele$ant factor! to reac# a conclu!ion
Rele$ant 3 relate to t#e !ubect matter
Critical Information Data determined b% t#e data o&ner a! mi!!ion critical or e!!ential to bu!ine!!
purpo!e!)
Cro!!3 certification A certificate i!!ued b% one certification aut#orit% to a !econd certification aut#orit%
and $erifie! t#e certificate! it #a! created) ften cro!! certification refer!!pecificall% to certificate! i!!ued to eac# ot#er b% t&o CA! at t#e !ame le$el in a
#ierarc#%)
A Certificate u!ed to e!tabli!# a tru!t relation!#ip bet&een t&o Certif%in(Aut#oritie!)
Cr%pto(rap#ic Al(orit#m A clearl% !pecified mat#ematical proce!! for computation- a !et of rule! t#at produce a pre!cribed re!ult)
Cr%pto(rap#% T#e art of de!i(nin(, anal%.in( and attac"in( cr%pto(rap#ic !c#eme!)
20
8/11/2019 Cisa Glossary Combined
http://slidepdf.com/reader/full/cisa-glossary-combined 21/69
8/11/2019 Cisa Glossary Combined
http://slidepdf.com/reader/full/cisa-glossary-combined 22/69
CISA DECEMBER, 2007 BATCH
databa!e)
Data inte(rit% T#e propert% t#at data meet &it# a priorit% e'pectation of 1ualit% and t#at t#e data
can be relied upon)
A condition in &#ic# data #a! not been altered or de!tro%ed in an unaut#ori.ed
manner *See also t#reat- compromi!e+)Data lea"a(e Sip#onin( out or lea"in( information b% dumpin( computer file! or !tealin(
computer report! and tape!
Data o&ner Indi$idual!, normall% mana(er! or director!, &#o #a$e re!pon!ibilit% for t#e
inte(rit%, accurate reportin( and u!e of computeri.ed data
Data !ecurit% T#o!e control! t#at !ee" to maintain confidentialit%, inte(rit% and a$ailabilit% of
information)
T#e practice of protectin( data from accidental or maliciou! modification,
de!truction, or di!clo!ure)
Data !tructure T#e relation!#ip! amon( file! in a databa!e and amon( data item! &it#in eac# file
Databa!e A !tored collection of related data needed b% or(ani.ation! and indi$idual! to meett#eir information proce!!in( and retrie$al re1uirement!
Databa!e admini!trator
*DBA+
An indi$idual or department re!pon!ible for t#e !ecurit% and information
cla!!ification of t#e !#ared data !tored on a databa!e !%!tem) T#i! re!pon!ibilit%include! t#e de!i(n, definition and maintenance of t#e databa!e)
Databa!e mana(ement!%!tem *DBMS+
A comple' !et of !oft&are pro(ram! t#at control t#e or(ani.ation, !tora(e andretrie$al of data in a databa!e) It al!o control! t#e !ecurit% and inte(rit% of t#e
databa!e)
Databa!e replication T#e proce!! of creatin( and mana(in( duplicate $er!ion! of a databa!e)
Replication not onl% copie! a databa!e but al!o !%nc#roni.e! a !et of replica! !o
t#at c#an(e! made to one replica are reflected in all t#e ot#er!) T#e beaut% or replication i! t#at it enable! man% u!er! to &or" &it# t#eir o&n local cop% of a
databa!e but #a$e t#e databa!e updated a! if t#e% &ere &or"in( on a !in(le
centrali.ed databa!e) 6or databa!e application! &#ere (eo(rap#icall% u!er! are
di!tributed &idel%, replication i! often t#e mo!t efficient met#od of databa!eacce!!)
Databa!e !pecification! T#e!e are t#e re1uirement! for e!tabli!#in( a databa!e application) T#e% includefield definition!, field re1uirement!, and reportin( re1uirement! fir t#e indi$idual
information in t#e databa!e)
Data(ram A pac"et *encap!ulated &it# a frame containin( information+, &#ic# i! tran!mitted
in a pac"et3!&itc#in( net&or" from !ource to de!tination
Data3oriented !%!tem!de$elopment
T#e purpo!e i! to pro$ide u!able data rat#er t#an a function) T#e focu! of t#ede$elopment i! to pro$ide ad #oc reportin( for u!er! b% de$elopin( a !uitable
acce!!ible databa!e of information)
DDoS *di!tributed denial3
of3!er$ice+attac"
A denial3of3!er$ice *DoS+ a!!ault from multiple !ource!- !ee DoS
Decentrali.ation T#e proce!! of di!tributin( computer proce!!in( to different location! &it#in an
or(ani.ation
Deci!ion !upport
!%!tem!*DSS+
An interacti$e !%!tem t#at pro$ide! t#e u!er &it# ea!% acce!! to deci!ion model!
and data, to !upport !emi !tructured deci!ion3ma"in( ta!"!
22
8/11/2019 Cisa Glossary Combined
http://slidepdf.com/reader/full/cisa-glossary-combined 23/69
CISA DECEMBER, 2007 BATCH
Deco% !er$er See #one% pot,
Decr%ption "e% A piece of information, in a di(iti.ed form, u!ed to reco$er t#e plainte't from t#e
corre!pondin( cip#er te't b% decr%ption
Decr%ption A tec#ni1ue u!ed to reco$er t#e ori(inal plainte't from t#e cip#er te't, !uc# t#at it
i! intelli(ible to t#e reader) T#e decr%ption i! a re$er!e proce!! of t#e encr%ption)
Default den% polic% A polic% &#ereb% acce!! i! denied unle!! it i! !pecificall% allo&ed) T#e in$er!e! of
default allo&)Default pa!!&ord T#e pa!!&ord u!ed to (ain acce!! &#en a !%!tem i! fir!t in!talled on a computer or
net&or" de$ice) T#ere i! a lar(e li!t publi!#ed on t#e interne and maintained at
!e$eral location!) 6ailure to c#an(e t#e!e after t#e in!tallation lea$e! t#e !%!tem$ulnerable)
De(au!! To appl% a $ariable, alternatin( current *AC+ field for t#e purpo!e of dema(neti.in( ma(netic recordin( media) T#e proce!! in$ol$e! increa!in( t#e AC
field (raduall% from .ero to !ome ma'imum $alue and bac" to .ero, &#ic# lea$e!
a $er% lo& re!idue of ma(netic induction on t#e media) De(au!! loo!el% mean! toera!e)
Demo Certificate A Di(ital Si(nature Certificate i!!ued b% a Certif%in( Aut#orit% to be u!ed
e'clu!i$el% for demon!tration and pre!entation purpo!e! and not for an% !ecure or confidential communication! Demo Di(ital Si(nature Certificate! ma% be u!ed b%
aut#ori.ed per!on! onl%)
Demodulation T#e proce!! of con$ertin( an analo( telecommunication! !i(nal into a di(ital
computer !i(nal
Detailed IS control! Control! o$er t#e ac1ui!ition, implementation, deli$er% and !upport of IS !%!tem!
and !er$ice!) T#e% are made up of application control! plu! t#o!e (eneral control!
not included in per$a!i$e control!)
Detection ri!" T#e r i!" t#at material error! or mi!!tatement! t#at #a$e occurred &ill not be
detected b% t#e IS auditor
Detecti$e control T#e!e control! e'i!t to detect and report &#en error!, omi!!ion! and unaut#ori.ed
u!e or entr% occur)Dial3bac" ?!ed a! a control o$er dial3up telecommunication! line!) T#e telecommunication!
lin" e!tabli!#ed t#rou(# dialup into t#e computer from a remote location i!
interrupted !o t#e computer can dial bac" to t#e caller) T#e lin" i! permitted onl% if t#e caller i! from a $alid p#one number or telecommunication! c#annel)
Dial3in acce!! control! Control! t#at pre$ent unaut#ori.ed acce!! from remote u!er! t#at attempt to acce!!a !ecured en$ironment) T#e!e control! ran(e from dial3bac" control! to remote
u!er aut#entication)
Di(ital certificate A certificate identif%in( a public "e% to it! !ub!criber, corre!pondin( to a pri$ate
"e% #eld b% t#at !ub!criber) It i! a uni1ue code t#at t%picall% i! u!ed to allo& t#e
aut#enticit% and inte(rit% of communicated data to be $erified)
Di(ital CertificateApplicant
A per!on t#at re1ue!t! t#e i!!uance of a public "e% Di(ital Si(nature Certificate b%a Certif%in( Aut#orit% *See also CA applicant- !ub!criber+)
Di(ital Certificate
Application
A re1ue!t from a Di(ital Si(nature Certificate applicant *or aut#ori.ed a(ent+ to a
Certif%in( Aut#orit% for t#e i!!uance of a Di(ital Si(nature Certificate *See also
certificate applicant- certificate !i(nin( re1ue!t+)
Di(ital certification A proce!! to aut#enticate *or certif%+ a part%/! di(ital !i(nature, carried out b%
tru!ted t#ird partie!)
Di(ital !i(nature A piece of information, a di(iti.ed form of !i(nature, t#at pro$ide! !ender
aut#enticit%, me!!a(e inte(rit% and no repudiation) A di(ital !i(nature i! (enerated
2;
8/11/2019 Cisa Glossary Combined
http://slidepdf.com/reader/full/cisa-glossary-combined 24/69
CISA DECEMBER, 2007 BATCH
u!in( t#e !ender/!
ri$ate "e% or appl%in( a one3 &a% #a!# function)
Mean! aut#entication of an% electronic record b% a !ub!criber b% mean! of an
electronic met#od or procedure in accordance &it# t#e pro$i!ion! of t#e Act)
Di(ital Si(nature
Certificate
Mean! a Di(ital Si(nature Certificate i!!ued under t#e Act)
Di!a!ter tolerance Di!a!ter tolerance i! t#e time tap t#e bu!ine!! can accept t#e non3a$ailabilit% of ITfacilitie!)
Direct reportin(en(a(ement
An en(a(ement &#ere mana(ement doe! not ma"e a &ritten a!!ertion about t#eeffecti$ene!! of t#eir control procedure!, and t#e IS auditor pro$ide! an opinion
about !ubect matter directl%, !uc# a! t#e effecti$ene!! if t#e control procedure!
Di!co$er% !amplin( A form of attribute !amplin( t#at i! u!ed to determine a !pecified probabilit% of
findin( at lea!t one e'ample of an occurrence*attribute+ in a population
Di!cretionar% acce!!
control*DAC+
A protection t#at ma% be acti$ated or modified b% t#e data o&ner at #i!9#er
di!cretion) T#i! &ould be t#e ca!e of data =o&ner3defined !#arin( of information
re!ource!, &#ere t#e data o&ner ma% !elect &#o can acce!! #i!9#er re!ource and
t#e !ecurit% le$el of t#e acce!!) Di!cretionar% acce!! control! cannot o$erride
mandator% acce!! control!, t#e% act a! an additional filter, pro#ibitin( !till moreacce!! &it# t#e !ame e'clu!ionar% principle)
Di!"le!! &or"!tation! A &or"!tation or C on a net&or" t#at doe! not #a$e it! o&n di!") In!tead, it
!tore! file! on a net&or" file !er$er)
Di!tin(ui!#ed ame A !et of data t#at identifie! a real3&orld entit%, !uc# a! a per!on in a computer3
ba!ed conte't)
Di!tributed data
proce!!in( net&or"
A !%!tem of computer! connected to(et#er b% a communication! net&or") Eac#
computer proce!!e! it! data, and t#e net&or" !upport! t#e !%!tem a! a &#ole) Suc#
a net&or" en#ance! communication amon( t#e lin"ed computer! and allo&!
acce!! to !#ared file!)
DMP *demilitari.ed
.one+
Commonl% it i! t#e net&or" !e(ment bet&een t#e internet and a pri$ate net&or") It
allo&! acce!! to !er$ice! from t#e internet and t#e internal pri$ate net&or", &#ileden%in( acce!! from t#e internet directl% to t#e pri$ate net&or")
DS *domain name!%!tem+
A #ierarc#ical databa!e t#at i! di!tributed acro!! t#e internet t#at allo&! name! to be re!ol$ed into I addre!!e! *and $ice $er!a+ to locate !er$ice! !uc# a! &eb and e3
mail !er$er!
Doe! *denial3of3!er$ice+
Attac"
An a!!ault on a !er$ice from a !in(le !ource t#at flood! it &it# !o man% re1ue!t!
t#at it become! o$er&#elmed and i! eit#er !topped completel% or operate! at a
!i(nificantl% reduced rate
DS poi!onin( Domain name !%!tem poi!onin( al!o called DS cac#e poi!onin( or cac#e
poi!onin( corrupt! t#e table of an internet !er$er/! DS replacin( an Internet
addre!! &it# t#e addre!! of anot#er $a(rant or !coundrel addre!!) If a >eb u!er
loo"! for t#e pa(e &it# t#at addre!!, t#e re1ue!t i! redirected b% t#e !coundrelentr% in t#e table to a different addre!!) Cac#e poi!onin( differ! from anot#er form
of DS poi!onin(, in &#ic# t#e attac"er !poor! $alid e3 mail account! and fl:ood!t#e inbo'e! of admini!trati$e and tec#nical contact!) Cac#e poi!onin( i! related to
?R poi!onin( or location poi!onin(, &#ere an Internet u!er be#a$ior i! trac"ed
b% addin( an identification number to t#e location line of t#e bro&!er t#at can be
recorded a! t#e u!er $i!it! !ucce!!i$e pa(e! on t#e !ite)
Document A record con!i!tin( of information in!cribed on a tan(ible medium !uc# a! paper
rat#er t#an computer3ba!ed information *See also me!!a(e- record+
2
8/11/2019 Cisa Glossary Combined
http://slidepdf.com/reader/full/cisa-glossary-combined 25/69
CISA DECEMBER, 2007 BATCH
Do&nloadin( T#e act of tran!ferrin( computeri.ed information from one computer to anot#er
computer
Do&ntime report A report t#at identifie! t#e elap!ed time &#en a computer i! not operatin( correctl%
becau!e of mac#ine failure
Dr%3pipe fire e'tin(ui!#er
!%!tem
Refer! to a !prin"ler !%!tem t#at doe! not #a$e &ater in t#e pipe! durin( idle
u!a(e, unli"e a full% c#ar(ed fire e'tin(ui!#er !%!tem t#at #a! &ater in t#e pipe! at
all time!) T#e dr%3pipe !%!tem i! acti$ated at t#e time of t#e fire alarm, and &ater
i! emitted to t#e pipe! from a &ater re!er$oir for di!c#ar(e to t#e location of t#efore)
Due care Dili(ence &#ic# a per!on &ould e'erci!e under a (i$en !et of circum!tance!
Due profe!!ional
Care
Dili(ence &#ic# a per!on, &#o po!!e!!e! a !pecial !"ill, &ould e'erci!e under a
(i$en !et of circum!tance!
Dumb terminal A di!pla% terminal &it#out proce!!in( capabilit%) Dumb terminal! are dependent
upon t#e main computer for proce!!in( All entered data are accepted &it#out
furt#er editin( or $alidation)
Duple' routin( T#e met#od or communication mode of routin( data o$er t#e communication
net&or" *al!o !ee #alf duple' and full duple'+
Do&ntime report A report t#at identifie! t#e elap!ed time &#en a computer i! not operatin( correctl% becau!e of mac#ine failure
Dumb terminal A di!pla% terminal &it#out proce!!in( capabilit%) Dumb terminal! are dependent
upon t#e main computer for proce!!in() All entered data are accepted &it#out
furt#er editin( or $alidation)
Duple' routin( T#e met#od or communication mode of routin( data o$er t#e communication
net&or" *al!o !ee #alf duple' and full duple'+
D%namic anal%!i! Anal%!i! t#at i! performed in real time or in continuou! form
EBCDIC*E'tended
Binar%3coded Decimal
Interc#an(e code+
An 3bit code repre!entin( 2FG c#aracter!- u!ed in mo!t lar(e computer !%!tem!)
An 3bit code repre!entin( 2FG c#aracter!- u!ed in mo!t lar(e computer !%!tem!)
Ec#o c#ec"! Detect! line error! b% retran!mittin( data bac" to t#e !endin( de$ice for compari!on&it# t#e ori(inal tran!mi!!ion
e3commerce Defined b% ISACA a! t#e proce!!e! b% &#ic# or(ani.ation! conduct bu!ine!!electronicall% &it# t#eir cu!tomer!, !upplier! and ot#er e'ternal bu!ine!! partner!,
u!in( t#e internet a! an enablin( tec#nolo(%, it t#erefore encompa!!e! bot#
bu!ine!!3to3bu!ine!! *B2B+ and bu!ine!!3to con!umer *B2C+e3Commerce model!,
but doe! not include e'i!tin( non3Internet e3Commerce met#od! ba!ed on pri$atenet&or"! !uc# a! EDI and S>I6T)
Edit control! Detect! error! in t#e input portion of information t#at i! !ent to t#e computer for proce!!in() T#e control! ma% be manual or automated and allo& t#e u!er to edit
data error! before proce!!in()
Editin( Editin( en!ure! t#at data conform to predetermined criteria and enable earl%
identification of potential error!)
Electronic ca!# An electronic form functionall% e1ui$alent to ca!# in order to ma"e and recei$e
pa%ment! in c%ber ban"in(
2F
8/11/2019 Cisa Glossary Combined
http://slidepdf.com/reader/full/cisa-glossary-combined 26/69
CISA DECEMBER, 2007 BATCH
Electronic data
interc#an(e *EDI+
T#e electronic tran!mi!!ion of tran!action! *information+ bet&een t&o
or(ani.ation!) EDI promote! a more efficient paperle!! en$ironment) EDI
tran!mi!!ion! can replace t#e u!e of !tandard document!, includin( in$oice! or purc#a!e order!)
Electronic 6orm >it# reference to information mean! an% information (enerated, !ent, recei$ed or !tored in media, ma(netic, optical, computer memor%, micro3film, computer
(enerated micro fic#e or !imilar de$ice
Electronic fund! tran!fer *E6T+
T#e e'c#an(e of mone% $ia telecommunication!) E6T refer! to an% financialtran!action t#at ori(inate! at a terminal and tran!fer! a !um of mone% from one
account to anot#er)
Electronic Mail *E3
Mail8+
Me!!a(e! !ent, recei$ed or for&arded in di(ital form $ia a computer3ba!ed
communication mec#ani!m)
Electronic Record Mean! data, record or data (enerated, ima(e or !ound !tored, recei$ed or !ent in an
electronic form or microfilm or computer (enerated micro3fic#e)
Electronic !i(nature An% tec#ni1ue de!i(ned to pro$ide t#e electronic e1ui$alent of a #and&ritten
!i(nature to demon!trate t#e ori(in and inte(rit% of !pecific data) Di(ital !i(nature!
are an e'ample of electronic !i(nature!)
Electronic $aultin( A data reco$er% !trate(% t#at allo&! or(ani.ation! to reco$er data &it#in #our! after
a di!a!ter) It include! reco$er% of data from an off!ite !tora(e media t#at mirror!data $ia a communication lin") T%picall% u!ed fir batc#9ournal update! to criticalfile! to !upplement full bac"up! ta"en periodicall%)
E3mail9interper!onalme!!a(in(
An indi$idual u!in( a terminal, E or an application can acce!! a net&or" to !endan un!tructured me!!a(e to anot#er indi$idual or (roup of people)
Embedded audit module A !creenin( proce!! t#at i! incorporated into t#e re(ular production pro(ram!) T#emodule !elect! item! durin( t#e re(ular production run! t#at fulfill certain criteria
e!tabli!#ed b% t#e IS auditor and u!uall% output! or copie! t#e!e item! to a file or
report)
Encap!ulation *obect!+ Encap!ulation i! t#e tec#ni1ue u!ed b% la%ered protocol! in &#ic# a lo&er la%er
protocol accept! a me!!a(e from a #i(#er3la%er protocol and place! it in t#e data
portion of a frame in t#e lo&er la%er)Encr%ption A tec#ni1ue u!ed to protect t#e plainte't, b% codin( t#e data !o it i! unintelli(ible to
t#e reader)
T#e proce!! of tran!formin( plainte't data into an unintelli(ible form *cip#er te't+
!uc# t#at t#e ori(inal data eit#er cannot be reco$ered *one3&a% encr%ption+ or cannot be reco$ered &it#out u!in( an in$er!e decr%ption proce!! *t&o3&a%
encr%ption+)
Encr%ption "e% A piece of information, in a di(iti.ed form, u!ed b% an encr%ption al(orit#m to
con$ert t#e plainte't to t#e cip#er te't
End3u!er computin( T#e abilit% of end u!er! to de!i(n and implement t#eir o&n information !%!tem,utili.in( computer !oft&are product!
En(a(ement letter 6ormal document &#ic# define! t#e IS auditor/! re!pon!ibilit%) aut#orit% and
accountabilit% for a !pecific a!!i(nment
Enterpri!e (o$ernance A broad and &ide3ran(in( concept of corporate (o$ernance) Co$erin( a!!ociated
or(ani.ation! !uc# a! (lobal !trate(ic alliance partner!) *!ource- control becti$e!
for Enterpri!e o$ernance Di!cu!!ion Document, publi!#ed b% t#e information
!%!tem! Audit and control 6oundation in 5:::+
2G
8/11/2019 Cisa Glossary Combined
http://slidepdf.com/reader/full/cisa-glossary-combined 27/69
CISA DECEMBER, 2007 BATCH
Enterpri!e re!ource
plannin(
6ir!t, it denote! t#e plannin( and mana(ement of re!ource! in an enterpri!e)
Second, it denote! a !oft&are !%!tem t#at can be u!ed to mana(e &#ole bu!ine!!
proce!!e!) Inte(ratin( purc#a!in(, in$entor%, per!onnel, cu!tomer !er$ice, !#ippin(,financial mana(ement and ot#er a!pect! of t#e bu!ine!!) An ER !%!tem t%picall% i!
ba!ed on a common databa!e, $ariou! inte(rated bu!ine!! proce!! application
module! and bu!ine!! anal%!i! tool!
Error
Error control de$iation! *compliance te!tin(+or mi!!tatement! *!ub!tanti$e te!tin(+Error ri!" T#e ri!" of error! occurrin( in t#e area bein( audited
Enterpri!e re!ource plannin( *ER+
An enterpri!e re!ource plannin( !%!tem i! an inte(rated !%!tem i! an inte(rated!%!tem containin( multiple bu!ine!! !ub!%!tem!) E'ample! include SA, racle
6inancial! and @)D) Ed&ard!)
E!cro& a(ent A per!on, a(enc% or or(ani.ation t#at i! aut#ori.ed to act on be#alf of anot#er to
create a le(al relation!#ip &it# a t#ird part% in re(ard! to an e!cro& a(reement) In
ot#er &ord!, an e!cro& a(ent i! t#e cu!todian of an a!!et accordin( to an e!cro&a(reement) A! it relate! to a cr%pto(rap#ic "e%, it i! t#e a(enc% or or(ani.ation
c#ar(ed &it# t#e re!pon!ibilit% for !afe(uardin( t#e "e% component! of t#e uni1ue
"e%)E!cro& a(reement A le(al arran(ement &#ereb% an a!!et *often mone%, but !ometime! ot#er propert%
!uc# a! art, a deed of title, &eb !ite, !oft&are !ource code or cr%pto(rap#ic "e%+i!
deli$ered to a t#ird part% *called an e!cro& a(ent+ to be #eld in tru!t or ot#er&i!e pendin( a contin(enc% or t#e fulfillment of a condition or condition! in a contract)
?pon t#at e$ent occurrin(, t#e e!cro& a(ent &ill deli$er t#e a!!et to t#e proper
percipient- ot#er&i!e t#e e!cro& a(ent i! bound b% #i!9#er fiduciar% dut% tomaintain t#e e!cro& account) Source code e!cro& mean! depo!it of t#e !ource code
for t#e !oft&are into an account #eld b% an e!cro& a(ent) E!cro& i! t%picall%
re1ue!ted b% part% licen!in( !oft&are *e) (), licen!ee or bu%er+, to en!uremaintenance of t#e !oft&are, T#e !oft&are !ource code i! relea!ed b% t#e e!cro&
a(ent to t#e licen!ee if t#e licen!or *e) (), !eller or contractor+ file! for ban"ruptc%or ot#er&i!e fail! to maintain update t#e !oft&are a! promi!ed in t#e !oft&are
licen!e a(reement)
Et#ernet A popular net&or" protocol and cablin( !c#eme t#at u!e! a bu! topolo(% and
CSMA9CD *carrier !en!e multiple acce!!9colli!ion detection+ to pre$ent net&or" failure! or colli!ion! &#en t&o de$ice! tr% to acce!! t#e net&or" at t#e !ame time
E$idence T#e information an auditor (at#er! in t#e cour!e of performin( an IS audit,E$idence i! rele$ant if it pertain! to t#e audit obecti$e! and #a! a lo(ical
relation!#ip to t#e findin(! and conclu!ion! it i! u!ed to !upport)
E'ception report! An e'ception report i! (enerated b% a pro(ram t#at identifie! tran!action! or datat#at appear to be incorrect) T#e!e item! ma% be out!ide a predetermined ran(e or
ma% nit conform to !pecified criteriaE'ecutable code3R
*R+
T#e R operation i! a Boolean operation t#at produce! a 0if it! t&o Boolean
input! are t#e !ame *0and 0 or 5if it! t&o in put! are different *5and 0+) In ot#er
&ord!, t#e e'clu!i$e3R operator return! a $alue of TR?E onl% if u!t one of it!operand! i! TR?E) nl% if u!t one of it! operand! i! TR?E) In contra!t, an
inclu!i$e3R operator return! a $alue of TR?E if eit#er or bot# of it! operand! are
TR?E)
E'ecutable code T#e mac#ine lan(ua(e code t#at i! (enerall% referred to a! t#e obect or load
module
27
8/11/2019 Cisa Glossary Combined
http://slidepdf.com/reader/full/cisa-glossary-combined 28/69
CISA DECEMBER, 2007 BATCH
E'pert !%!tem! E'pert !%!tem #a! a built in #ierarc#% of rule! &#ic# are ac1uired from #uman
e'pert! in t#e appropriate field) nce input i! pro$ided t#e !%!tem !#ould be able to
define t#e nature of t#e problem and pro$ide recommendation! to !ol$e t#e problem)
E'po!ure A potentiall% ad$er!e re!ult or con!e1uence to be con!idered in t#e e$aluation of internal control!) Stren(t#enin( internal control! can reduce e'po!ure but !eldom
eliminate! it)
E'tended Binar%3codedDecimal Interc#an(e
Code !ee EBCDIC
A n 3bit code repre!entin( 2FG c#aracter!- u!ed in mo!t lar(e computer !%!tem!
E'ten!ible Mar"up
an(ua(e *M+
romul(ated t#rou(# t#e >orld >ide >eb con!ortium, M i! a &eb3ba!ed
application de$elopment tec#ni1ue t#at allo&! de!i(ner! to create t#eir o&n
cu!tomi.ed ta(!, t#u!, enablin( t#e definition, tran!mi!!ion, $alidation andinterpretation of data bet&een application! and or(ani.ation!
E'ten!ion! E'ten!ion field! in F0: $; certificate! *See F0:+)
E'tranet A pri$ate net&or" t#at re!ide! on t#e Internet and allo&! a compan% to !ecurel%
!#are bu!ine!! information &it# cu!tomer!, !upplier!, or ot#er bu!ine!!e!, a! &ill a!
to e'ecute electronic tran!action!) It i! different from an Intranet in t#at it i! located be%ond t#e compan%/! fire&all) T#erefore, an E'tranet relie! on t#e!e of !ecurel%
i!!ued di(ital certificate! *or alternati$e met#od! of u!er aut#entication+ and
encr%ption of me!!a(e!) A $irtual pri$ate net&or" *J+ and tunnelin( are often
u!ed to implement E'tranet!, to en!ure !ecurit% and pri$ac%)
E'ten!ion!
E'ten!ion field! in F0: $; certificate! *See F0:+
E'ternal router T#e router at t#e e'tra me ed(e of t#e net&or" under control, u!uall% connected to
an IS or t#ere !er$ice pro$ider- al!o "no&n a! border router
6allbac" procedure! A plan of action or !et of procedure! to be performed if a !%!tem implementation,up(rade or modification doe! not &or" a! intended) T#e!e ma% in$ol$e re!torin(
t#e !%!tem to it! !tate prior to t#e implementation or c#an(e) 6allbac" procedure!are needed to en!ure t#at normal bu!ine!! proce!!e! continue in t#e e$ent of
failure and !#ould al&a%! be con!idered in !%!tem mi(ration or implementation)
6al!e aut#ori.ation Al!o called fal!e acceptance, it occur! &#en an unaut#ori.ed per!on i! identified
a! an aut#ori.ed per!on b% t#e biometric !%!tem)
6al!e enrollment ccur! &#en an unaut#ori.ed per!on mana(e! to enroll in to t#e biometric !%!tem
*enrollment i! t#e initial proce!! of ac1uirin( a biometric feature and !a$in( it a! a
per!onal reference on a !mart card, a C or in a central databa!e+)
6ail3o$er T#e tran!fer of !er$ice from an incapacitated primar% component to it! bac"up
component6oil3!afe De!cribe! t#e de!i(n propertie! of a computer !%!tem t#at allo& it to re!i!t acti$e
attempt! to attac" or b%pa!! it
6al!e ne(ati$e In intru!ion detection, an error t#at occur! &#en an attac" i! mi!dia(no!ed a! a
normal acti$it%
6al!e po!iti$e In intru!ion detection, an error t#at occur! &#en a normal acti$it% i! mi!dia(no!ed
a! an attac"
6ault tolerance A !%!tem/! le$el of re!ilience to !eamle!!l% react from #ard&are and9or !oft&arefailure
2
8/11/2019 Cisa Glossary Combined
http://slidepdf.com/reader/full/cisa-glossary-combined 29/69
CISA DECEMBER, 2007 BATCH
6ea!ibilit% !tud% A p#a!e of an SDC met#odolo(% t#at re!earc#e! t#e fea!ibilit% and ade1uac% of
re!ource! for t#e de$elopment or ac1ui!ition of a !%!tem !olution to a u!er need
6iber3optic cable la!! fiber! t#at tran!mit binar% !i(nal! o$er a telecommunication! net&or")
6iber3optic !%!tem! #a$e lo& tran!mi!!ion !a!!e! a! compared to t&i!ted3pair
cable!) T#e% do not radiate ener(% or conduct electricit%) T#e% are free fromcorruption, li(#tnin(3induced interference and reduce t#e ri!" of &iretap!)
6ield An indi$idual data element in a computer record) E'ample! include emplo%ee
name, cu!tomer addre!!, account number, product unit price and product 1uantit%in !toc")
6ile A named collection lf related record!
6ile allocation table
*6AT+
A table u!ed b% t#e operatin( !%!tem to "eep trac" of &#ere e$er% file i! located
on t#e di!") Since a file i! often fra(mented and t#u! !ubdi$ided into man% !ector!
&it#in t#e di!", t#e information !tored in t#e 6AT i! u!ed &#en loadin( or updatin( t#e content of t#e file)
6ile la%out Specifie! t#e len(t# of t#e file/! record and t#e !e1uence and !i.e of it! field!) Afile la%out al!o &ill !pecif% t#e t%pe of data contained &it#in eac# field) 6or
e'ample, alp#anumeric, .oned decimal) ac"ed and binar% are t%pe! of data)
6ile !er$er A #i(#3capacit% di!" !tora(e de$ice or a computer t#at !tore! data centrall% for net&or" u!er! and mana(e! acce!! to t#at data) 6ile !er$er! can be dedicated !o
t#at no proce!! ot#er t#an net&or" mana(ement can be e'ecuted &#ile t#e
net&or" i! a$ailable- file !er$er! can be no dedicated !o t#at !tandard u!er application! can run &#ile t#e net&or" i! a$ailable)
6ile Tran!fer rotocol*6T+
T#e application protocol t#at offer! file !%!tem acce!! from t#e Internet !uite of protocol!
6ilterin( router A router t#at i! confi(ured to control net&or" acce!! b% comparin( t#e attribute!of t#e incomin( or out(oin( pac"et! to a !et of rule!
6I *final+ A fla( !et in a pac"et to indicate t#at t#i! pac"et i! t#e final data pac"et i! t#e finaldata pac"et of t#e tran!mi!!ion
6inancial audit An audit de!i(ned to determine t#e accurac% of financial record! and information
6in(er A protocol and pro(ram t#at allo&! t#e remote identification of u!er! lo((ed into a!%!tem
6ire&all 9Double 6ire&all A de$ice t#at form! a barrier bet&een a !ecure and an open en$ironment) ?!uall%,t#e open en$ironment i! con!idered #o!tile) T#e mo!t notable #o!tile en$ironment
i! t#e internet) In ot#er &ord!, a fire&all enforce! a boundar% bet&een t&o or more
net&or"!)
ne of !e$eral t%pe! of intelli(ent de$ice! *!uc# a! router! or (ate&a%!+ u!ed to
i!olate net&or"! 6ire&all! ma"e it difficult for attac"er! to ump from net&or" to
net&or" A double fire&all i! t&o fire&all! connected to(et#er Double fire&all! areu!ed to minimi!e ri!" if one fire&all (et! compromi!ed or pro$ide addre!!
tran!lation function!)
6irm&are Memor% c#ip! &it# embedded pro(ram code t#at #old t#eir content &#en po&er i!
turned off
6i!cal %ear An% %earl% accountin( period &it#out re(ard to it! relation!#ip to a calendar %ear)
6orei(n e'c#an(e ri!" I! pre!ent &#en a financial a!!et or liabilit% i! denominated in a forei(n currenc%
or i! funded b% borro&in(! in anot#er currenc%
2:
8/11/2019 Cisa Glossary Combined
http://slidepdf.com/reader/full/cisa-glossary-combined 30/69
CISA DECEMBER, 2007 BATCH
6ormat c#ec"in( T#e application of an edit, u!in( a predefined field definition to a !ubmitted
information !team- a te!t to en!ure t#at data conform to a predefined format
6orei(n "e% A forei(n "e% i! a $alue t#at repre!ent! a reference to a duple *a ro& in a table+
containin( t#e matc#in( candidate "e% $alue *in t#e relational t#eor% it &ould be a
candidate "e%, but in real DBMS implementation! it i! al&a%! t#e primar% "e%+)T#e problem of en!urin( t#at t#e databa!e doe! not include an% in$alid forei(n "e%
$alue! i! t#erefore "no&n a! t#ere referential inte(rit% problem) T#e con!traint t#at
$alue! of a (i$en forei(n "e% mu!t matc# $alue! of t#e corre!pondin( candidate"e% i! "no&n a! a referential con!traint) T#e relation *table+ t#at contain! t#eforei(n "e% i! referred a! t#e referencin( relation and t#e relation! t#at contain t#e
corre!pondin( candidate "e% a! t#e referenced relation or tar(et relation)
6ourt#3(eneration
lan(ua(e *+
En(li!#3 li"e u!er friendl%, nonprocedural computer lan(ua(e! u!ed to pro(ram
and9or read and proce!! computer file!
6rame rela% A pac"et3!&itc#ed &ide area net&or" tec#nolo(% t#at pro$ide! fa!ter performance
t#an older pac"et3!&itc#ed >A tec#nolo(ie!, !uc# a! )2F net&or"!, becau!e it
&a! de!i(ned for toda%/! reliable circuit! and perform! le!! ri(orou! error detection) 6rame rela% i! be!t !uited for data and ima(e tran!fer!) Becau!e of it!
$ariable3len(t# pac"et arc#itecture, it i! not t#e mo!t efficient tec#nolo(% for real3
time $oice and $ideo) In a frame3rela% net&or") End node! e!tabli!# a connection$ia a permanent $irtual circuit *JC+
6raud ri!" T#e ri!" t#at acti$itie! &ill include deliberate circum$ention of control! &it# t#e
intent to conceal t#e perpetuation of irre(ularitie!) T#e unaut#ori.ed u!e of a!!et!or !er$iced and abettin( or #elpin( to conceal)
6T *file tran!fer protocol+
A protocol u!ed to tran!fer file! o$er a TC9I net&or" *internet, ?I) etc)+
6ull duple' A communication! c#annel o$er &#ic# data can be !ent and recei$ed!imultaneou!l%
6unction In relation to a computer, include! lo(ic, control, arit#metical proce!!, deletion,
!tora(e and retrie$al and communication or telecommunication from or &it#in a
computer)6unction point anal%!i! A tec#ni1ue u!ed to determine t#e !i.e of a de$elopment ta!", ba!ed on t#e
number of function point!) 6unction point! are factor! !uc# a! input!, output!,
in1uirie! and lo(ical internal !ite!)
ate&a% A #ard&are9!oft&are pac"a(e t#at i! u!ed to connect net&or"! &it# different
protocol!) T#e (ate&a% #a! it! o&n proce!!or and memor% and can perform
protocol and band&idt# con$er!ion!)
Hard&are or !oft&are t#at i! u!ed to tran!late protocol! bet&een t&o or more!%!tem!)
eneral computer control!
Control!, ot#er t#an application control!, &#ic# relate to t#e en$ironment &it#in&#ic# computer3ba!ed application !%!tem! are de$eloped, maintained and
operated, and &#ic# are t#erefore applicable to al application!) T#e obecti$e! of
(eneral control! are to en!ure t#e proper de$elopment and implementation of
application!, t#e inte(rit% of pro(ram and data file! and of computer operation!)i"e application control!, (eneral control! ma% be eit#er manual or pro(rammed)
;0
8/11/2019 Cisa Glossary Combined
http://slidepdf.com/reader/full/cisa-glossary-combined 31/69
CISA DECEMBER, 2007 BATCH
E'ample! of (eneral control! include t#e de$elopment and implementation of an
IS !trate(% and an IS !ecurit% polic%, t#e or(ani.ation of IS !taff to !eparate
conflictin( dutie! and plannin( for di!a!ter pre$ention and reco$er%)
enerali.ed audit
!oft&are
A computer pro(ram or !erie! of pro(ram! de!i(ned to perform certain automated
function!) T#e!e function! include readin( computer file!, !electin( data,manipulatin( data, !ortin( data, !ummari.in( data, performin( calculation!,
!electin( !ample! and printin( report! or letter! in a format !pecified b% t#e IS
auditor) T#i! tec#ni1ue include! !oft&are ac1uired or &ritten for audit purpo!e!and !oft&are embedded in production !%!tem!)
enerali.ed audit
!oft&are *AS+
Multipurpo!e audit !oft&are t#at can be u!ed for !uc# (eneral proce!!e!, !uc# a!
record !election, matc#in(, recalculation and reportin(
enerate a 4e% air A tru!t&ort#% proce!! of creatin( pri$ate "e%! durin( Di(ital Si(nature Certificate
application &#o!e corre!pondin( public "e%! are !ubmitted to t#e applicableCertif%in( Aut#orit% durin( Di(ital Si(nature Certificate application in a manner
t#at demon!trate! t#e applicant/! capacit% to u!e t#e pri$ate "e%)
eo(rap#ical information
!%!tem*IS+
A toll u!ed to inte(rate, con$ert, #andle, anal%.e and produce information
re(ardin( t#e !urface of t#e eart#) T#e!e data e'i!t a! map!, t#ree3dimen!ional
$irtual model!, li!t! and table!)
eo(rap#ic di!" mirrorin(
A data reco$er% !trate(% t#at ta"e! a !et of p#%!icall% di!parate di!"! and!%nc#ronou!l% mirror! t#em o$er #i(# performance communication line!) An%
&rite to a di!" on one !ide &ill re!ult in a &rite on t#e ot#er) T#e local &rite &illnot return until t#e ac"no&led(ement of t#e remote &rite i! !ucce!!ful)
o$ernance Corporate o$ernance !#ould !uffice)
Hard Cop% A cop% of computer output t#at i! printed on paper in a $i!uall% readable form- e( printed report!, li!tin(, and document!)
Hard&are Relate! to t#e tec#nical and p#%!ical feature! of t#e computer
Hac"er An indi$idual &#o attempt! to (ain unaut#ori.ed acce!! to a computer !%!tem
Half duple' A communication! c#annel t#at can #andle onl% one !i(nal at a time) T#e t&o
!tation! mu!t alternate t#eir tran!mi!!ion!)
Handprint !canner A biometric de$ice t#at i! u!ed to aut#enticate a u!er t#rou(# palm !can!
Harden To confi(ure a computer or ot#er net&or" de$ice to re!i!t attac"!
Ha!# function 9 Ha!# An al(orit#m t#at map! or tran!late! one !et of bit! into anot#er *(enerall%
!maller+ !o t#at a me!!a(e %ield! t#e !ame re!ult e$er% time t#e al(orit#m i!
e'ecuted u!in( t#e !ame me!!a(e a! input) It i! computationall% infea!ible for a
me!!a(e to be deri$ed or recon!tituted from t#e re!ult produced b% t#e re!ult produced b% t#e al(orit#m) It i! computationall% infea!ible to find t&o different
me!!a(e! t#at produce t#e !ame #a!# re!ult u!in( t#e !ame al(orit#m)
An al(orit#m t#at map! or tran!late! one !et of bit! into anot#er *(enerall%
!maller+ !et in !uc# a &a% t#at <
3A me!!a(e %ield! t#e !ame re!ult e$er% time t#e al(orit#m i! e'ecuted u!in( t#e!ame me!!a(e a! input,
3It i! computationall% infea!ible for a me!!a(e to be deri$ed or recon!tituted from
t#e re!ult produced b% t#e al(orit#m,
;5
8/11/2019 Cisa Glossary Combined
http://slidepdf.com/reader/full/cisa-glossary-combined 32/69
CISA DECEMBER, 2007 BATCH
3It i! computationall% infea!ible to find t&o different me!!a(e! t#at produce t#e
!ame #a!# re!ult u!in( t#e !ame al(orit#m)
Ha!# total T#e total of an% numeric data died on a document or computer file) T#i! total i!
c#ec"ed a(ain!t a control total of t#e !ame field to facilitate accurac% of proce!!in()
He'adecimal A numberin( !%!tem t#at u!e! a ba!e of 5G and u!e! 5G di(it!- 0, 5, 2, ;, , F, G, 7,
, :, A, B, C, D, E and 6)Help de!" A !er$ice offered $ia p#one9Internet b% an or(ani.ation to it! client! or emplo%ee!,
&#ic# pro$ide! information, a!!i!tance, and trouble!#ootin( ad$ice! re(ardin(!oft&are, #ard&are, or net&or"!) A #elp de!" i! !taffed b% people t#at can eit#er
re!ol$e t#e problem on t#eir o&n or e!calate t#e problem to !peciali.ed per!onnel)
A #elp de!" i! often e1uipped &it# dedicated CRM3t%pe !oft&are t#at lo(! t#e problem! and trac"! t#em until t#e% are !ol$ed)
Heuri!tic filter A met#od often emplo%ed b% anti! am !oft&are to filter !pam u!in( criteriae!tabli!#ed in a centrali.ed rule databa!e) E$er% e3mail me!!a(e i! (i$en a ran",
ba!ed upon it! #eader and content!, &#ic# i! t#en matc#ed a(ain!t pre!et
t#re!#old!) A me!!a(e t#at !urpa!!e! t#e t#re!#old &ill be fla((ed a! !pam and
di!carded, returned to it! !ender or put in a !pam director% for furt#er re$ie& b%t#e intended recipient)
Hierarc#ical databa!e A databa!e !tructured in a tree9foot or parent9c#ild relation!#ip) Eac# parent can#a$e man% c#ildren, but eac# c#ild ma% #a$e onl% one parent)
Hi(#3Securit% Pone An area to &#ic# acce!! i! controlled t#rou(# an entr% point and limited toaut#ori.ed, appropriatel% !creened per!onnel and properl% e!corted $i!itor! Hi(#3
Securit% Pone! !#ould be acce!!ible onl% from Securit% Pone!, and are !eparated
from Securit% Pone! and peration! Pone! b% a perimeter Hi(#3Securit% Pone!are monitored 2 #our! a da% a &ee" b% !ecurit% !taff, ot#er per!onnel or
electronic mean!)
Hone% pot A trap !et to detect, deflect or in !ome manner counteract attempt! at unaut#ori.ed
u!e of information !%!tem!) enerall%, it con!i!t! of a computer, data or a net&or" !ite t#at appear! to be part of a net&or" but &#ic# i! actuall% i!olated and
protected, and &#ic# !eem! to contain information or a re!ource t#at &ould be of $alue to attac"er!) Hone% pot! can carr% ri!"! to a net&or", and mu!t be #andled
&it# care) If t#e% are not properl% &alled off, an attac"er!) Hone% pot! can carr%
ri!"! to a net&or", and mu!t be #andled &it# care) If t#e% are not properl% &alledoff, an attac"er can u!e t#em to actuall% brea" in to a !%!tem) A #one% pot t#at
ma!1uerade! a! an open pro'% i! "no&n a! a !u(arcane) A #one% pot i! $aluable a!
a !ur$eillance and earl%3&arnin( tool) >#ile often a computer, a #one% pot can
ta"e on ot#er form!, !uc# a! file! or data record!, or e$en unu!ed I addre!! !pace)Hone% pot! !#ould #a$e no production $alue and, #ence, !#ould not !ee an%
le(itimate traffic or acti$it%) >#ate$er t#e% capture can t#en be !urmi!ed a!maliciou! or unaut#ori.ed) ne $er% practical implication of t#i! i! t#at Hone% pot! de!i(ned to t#&art !pam b% ma!1ueradin( a! !%!tem! of t#e t%pe! abu!ed b%
!pammer! to !end !pam can cate(ori.e t#e material t#e% trap 500 percent
accuratel%- it i! all illicit) A #one% pot need! no !pam3reco(nition capabilit%, nofilter to !eparate ordinar% e3mail form !pam) rdinar% E3mail ne$er come! to a
#one% pot)
Hot !ite A full% operational off!ite data proce!!in( facilit% e1uipped &it# bot# #ard&are
and !%!tem !oft&are to be u!ed in t#e e$ent if a di!a!ter
;2
8/11/2019 Cisa Glossary Combined
http://slidepdf.com/reader/full/cisa-glossary-combined 33/69
CISA DECEMBER, 2007 BATCH
HTT *#%per te't
tran!fer protocol+
A communication protocol u!ed to connect to !er$er! on t#e &orld >ide >eb) It!
primar% function i! to e!tabli!# a connection &it# a &eb !er$er and tran!mit
HTM pa(e! to t#e client bro&!er)
HTTS*#%per te't
tran!fer protocol !ecure+
A protocol for acce!!in( a !ecure &eb !er$er, &#ereb% all data tran!ferred i!
encr%pted
Hub A common connection point for de$ice! in a net&or", #ub! commonl% i! u!ed to
connect !e(ment! of a A) A can !ee all pac"et!)
#%perlin" I! an electronic pat#&a% t#at ma% be di!pla%ed in t#e form of #i(#li(#ted te't,(rap#ic! or a button t#at connect! one &eb pa(e &it# anot#er &eb pa(e addre!!Q
H%perte't A lan(ua(e, &#ic# enable! electronic document! t#at pre!ent information t#at, can
be connected to(et#er b% lin"! in!tead of bein( pre!ented !e1uentiall%, a! i! t#e
ca!e &it# normal te't)
H%perte't mar"up
lan(ua(e *HTM+
A lan(ua(e de!i(ned for t#e creation of &eb pa(e! &it# #%perte't and ot#er
information to be di!pla%ed in a &eb bro&!er) HTM i! u!ed to !tructureinformation333denotin( certain te't a! #eadin(!, para(rap#!, li!t! and !o on333 and
can be u!ed to de!cribe, to !ome de(ree, t#e appearance and !emantic! of a
document)
ICM *internet control
me!!a(e protocol+
A !et of protocol! t#at tallo& !%!tem! to communicate information about t#e !tate
of !er$ice! on ot#er !%!tem!) It i! u!ed, for e'ample, in determinin( &#et#er
!%!tem! are up, ma'imum pac"et !i.e! on lin"!, &#et#er a de!tination #o!t9net&or"9port i! a$ailable) Hac"er! t%picall% *abu!e+ u!e ICM to determine
information about t#e remote !ite)
Identification 9 Identif% T#e proce!! of confirmin( t#e identit% of a per!on Identification i! facilitated in
public "e% cr%pto(rap#% b% mean! of certificate!)
Identit% A uni1ue piece of information t#at mar"! or !i(nifie! a particular entit% &it#in adomain Suc# information i! onl% uni1ue &it#in a particular domain)
Idle !tandb% A fail3o$er proce!! in &#ic# t#e primar% node o&n! t#e re!ource (roup) T#e
bac"up node run! idle, onl% !uper$i!in( t#e primar% node) In ca!e of a primar%node outa(e, t#e bac"up node ta"e! o$er) T#e node! are prioriti.ed, &#ic# mean!
t#e !ur$i$in( node &it# t#e #i(#e!t priorit% &ill ac1uire t#e re!ource (roup) A#i(#er priorit% node oinin( t#e clu!ter &ill t#u! cau!e a !#ort !er$ice interruption)
IDS *intru!ion detection!%!tem+
An intru!ion detection !%!tem *IDS+ in!pect! net&or" acti$it% to identif%!u!piciou! pattern! t#at ma% indicate a net&or" or !%!tem attac" from !omeone
attemptin( to brea" into or compromi!e a !%!tem
IEEE *In!titute of Electrical and Electronic! En(ineer!+Opronounced I3triple3E, IEEE i!an or(ani.ation compo!ed of en(ineer!, !cienti!t! and !tudent!- T#e IEEE i! be!t
"no&n for de$elopin( !tandard! fir t#e computer and electronic! indu!tr%)
Ima(e proce!!in( T#e proce!! of electronicall% inputtin( !ource document! b% ta"in( an ima(e of
t#e document, t#ereb% eliminatin( t#e need for "e% entr%
Implementation life c%cle
re$ie&
Refer! to t#e control! t#at !upport t#e proce!! of tran!formation of t#e
or(ani.ation/! le(ac% information !%!tem! into t#e ER application!) T#i! &ould
lar(el% co$er all a!pect! of !%!tem! implementation and confi(uration, !uc# a!c#an(e mana(ement
Incremental te!tin( Deliberatel% te!tin( onl% t#e $alue3added functionalit% of a !oft&are component
Impact a!!e!!ment A !tud% of t#e potential future effect! of a de$elopment proect on current proect!and re!ource!) T#e re!ultin( document !#ould li!t t#e pro! and con! of pur!uin( a
;;
8/11/2019 Cisa Glossary Combined
http://slidepdf.com/reader/full/cisa-glossary-combined 34/69
CISA DECEMBER, 2007 BATCH
!pecific cour!e of action)
Imper!onation Imper!onation, a! a !ecurit% concept related to >indo&! T, allo&! a !er$er
application to temporaril% be8 t#e client in term! of acce!! to !ecure obect!)Imper!onation #a! t#ere po!!ible le$el!- identification, lettin( t#e !er$er act on
be#alf of t#e client- and dele(ation, t#e !ame a! imper!onation but e'tended to
remote !%!tem! to &#ic# t#e !er$er connect! *t#rou(# t#e pre!er$ation of
credential!+) Imper!onation b% imitatin( or cop%in( t#e identification, be#a$ior or action! of anot#er ma% al!o be u!ed in !ocial en(ineerin( to obtain ot#er&i!e
unaut#ori.ed p#%!ical acce!!)
Independence An IS auditor/! !elf3(o$ernance and freedom from conflict of intere!t and undue
influence) T#e IS auditor !#ould be free to ma"e #i!9#er o&n deci!ion!, not
influenced b% t#e or(ani.ation bein( audited and it! people *mana(er! andemplo%ee!+)
Independent appearance T#e out&ard impre!!ion of bein( elf3(o$ernin( and free from conflict of intere!tand undue influence
Independent attitude Impartial point of $ie& &#ic# allo&! t#e IS auditor to act obecti$el% and &it#fairne!!
Inde'ed !e1uential acce!!met#od *ISAM+
A di!" acce!! met#od t#at !tore! data !e1uentiall%, &#ile al!o maintainin( an inde'of "e% field! to all t#e record! in t#e file for direct acce!! capabilit%
Inde'ed !e1uential file A file format in &#ic# record! are or(ani.ed and can be acce!!ed, accordin( to a
ree!tabli!#ed "e% t#at i! part of t#e record
Information Include! data, te't, ima(e!, !ound, $oice, code!, computer pro(ramme!, !oft&are
and databa!e! or micro3film or computer (enerated micro fic#e)
Information A!!et! Mean! all information re!ource! utili.ed in t#e cour!e of an% or(ani!ation/!
bu!ine!! and include! all information, application !oft&are *de$eloped or purc#a!ed+, and tec#nolo(% *#ard&are, !%!tem !oft&are and net&or"!+
Information en(ineerin( Data3oriented de$elopment to tec#ni1ue! t#at &or" on t#e premi!e t#at data are att#e center of information proce!!in( and t#at certain data relation!#ip! are
!i(nificant to a bu!ine!! and mu!t be repre!ented in t#e data !tructure of it!!%!tem!
Information proce!!in(
facilit% *I6+
T#e computer room and !upport area!
Information !ecurit%
(o$ernance
T#e leader!#ip or(ani.ational !tructure! and proce!!e! t#at !afe(uard information)
Information Tec#nolo(%
Securit%
All a!pect! related to definin(, ac#ie$in(, and maintainin( confidentialit%,
inte(rit%, a$ailabilit%, accountabilit%, aut#enticit%, and reliabilit%
Information Tec#nolo(%
Securit% olic%
Rule!, directi$e! and practice! t#at (o$ern #o& information a!!et!, includin(
!en!iti$e information, are mana(ed, protected and di!tributed &it#in an
or(ani.ation and it! Information Tec#nolo(% !%!tem!)
In#erent ri!" T#e ri!" t#at a material error could occur, a!!umin( t#at t#ere are no relatedinternal control! to pre$ent or detect t#e error *Al!o !ee control ri!"+
;
8/11/2019 Cisa Glossary Combined
http://slidepdf.com/reader/full/cisa-glossary-combined 35/69
CISA DECEMBER, 2007 BATCH
In#eritance *obect!+ In#eritance refer! to databa!e !tructure! t#at #a$e a !trict #ierarc#% *no multiple
in#eritance+) In#eritance can initiate ot#er obect! irre!pecti$e of t#e cla!!
#ierarc#%, t#u! t#ere i! no !trict #ierarc#% if obect!,
Initial pro(ram load *I+ T#e initiali.ation procedure t#at cau!e! an operatin( !%!tem to be loaded into
!tora(e at t#e be(innin( of a &or"da% or after a !%!tem malfunction
Input control! Tec#ni1ue! and procedure! u!ed to $erif%, $alidate and edit data, to en!ure t#atonl% correct data are entered into t#e computer
In!tant me!!a(in( An online mec#ani!m or a form of real3time communication bet&een t&o or more people ba!ed on t%ped te't and multimedia data) T#e te't i! con$e%ed $ia
compute! or anot#er electronic de$ice *e)(), cell p#one or DA+ connected o$er a
net&or", !uc# a! t#e Internet)
Inte(rated !er$ice! di(italnet&or" *ISD+
A public end3to3end di(ital telecommunication! net&or" &it# !i(nalin(, !&itc#in(,and tran!port capabilitie! !upportin( a &ide ran(e of !er$ice acce!!ed b%
!tandardi.ed interface! &it# inte(rated cu!tomer control) T#e !tandard allo&!tran!mi!!ion of di(ital $oice, $ideo and data o$er G 4pb! line!)
Inte(rated te!t facilitie!*IT6+
A te!tin( met#odolo(% &#ere te!t data are proce!!ed in production !%!tem!) T#edata u!uall% repre!ent a !et of fictitiou! entitie! !uc# a! department!, cu!tomer!
and product!) utput report! are $erified to confirm t#e correctne!! of t#e
proce!!in()
Inte(rit% T#e accurac% and completene!! of information a! &ell a! to it! $alidit% in
accordance &it# bu!ine!! $alue! and e'pectation!
Intelli(ent terminal A terminal &it# built3in proce!!in( capabilit%) It #a! no di!" or tape !tora(e but #a!
memor%) T#e terminal interact! &it# t#e u!er b% editin( and $alidatin( data a!t#e% are entered prior to final proce!!in()
Intere!t rate ri!" I! t#e ri!" to earnin(! or capital ari!in( from mo$ement! in intere!t rate!) 6rom an
economic per!pecti$e, a ban" focu!e! on t#e !en!iti$it% of t#e $alue of it! a!!et!,liabilitie! and re$enue! to c#an(e! in intere!t rate!) Internet ban"in( ma% attract
depo!it!, loan! and ot#er relation!#ip! from a lar(er pool of po!!ible cu!tomer!
t#an ot#er form! of mar"etin() reater acce!! to cu!tomer! &#o primaril% !ee" t#e be!t rate or term reinforce! t#e need for mana(er! to maintain appropriate
a!!et9liabilit% mana(ement !%!tem!) T#i! !#ould include t#e abilit% to react 1uic"l%
to c#an(in( mar"et condition!)
Interface! te!tin( A te!tin( tec#ni1ue t#at i! u!ed to e$aluate output from one application, &#ile t#e
information i! !ent a! input to anot#er applicationIntermediar% >it# re!pect to an% particular electronic me!!a(e mean! an% per!on &#o on be#alf
of anot#er per!on recei$e!, !tore! or tran!mit! t#at me!!a(e or pro$ide! an%
!er$ice &it# re!pect to t#at me!!a(e
Internal control T#e policie!, procedure!, practice! and or(ani.ational !tructure! de!i(ned to
pro$ide rea!onable a!!urance t#at bu!ine!! obecti$e! &ill be ac#ie$ed and tatunde!ired e$ent! &ill be pre$ented or detected and corrected)
Internal control !tructure T#e d%namic, inte(rated proce!!e!, effected b% t#e (o$ernin( bod%, mana(ement
and all ot#er !taff, t#at are de!i(ned to pro$ide rea!onable a!!urance re(ardin( t#e
;F
8/11/2019 Cisa Glossary Combined
http://slidepdf.com/reader/full/cisa-glossary-combined 36/69
CISA DECEMBER, 2007 BATCH
ac#ie$ement of t#e follo&in( (eneral obecti$e!-
Effecti$ene!!, efficienc% and econom% of operation!
Reliabilit% of mana(ementCompliance &it# applicable la&!, re(ulation! and internal policie!
Mana(ement/! !trate(ie! for ac#ie$in( t#e!e (eneral obecti$e! are affected b% t#ede!i(n and operation of t#e follo&in( component!-
Control en$ironmentInformation !%!tem
Control procedure!
Internal !tora(e T#e main memor% of t#e computer/! central proce!!in( unit
Internet 5+ T&o or more net&or"! connected b% a router- 2+ t#e &orld/! lar(e!t net&or" u!in( TC9I protocol! to lin" (o$ernment, uni$er!it% and commercial
in!titution!)
Internet ban"in( ?!e of t#e internet a! a remote deli$er% c#annel for ban"in( !er$ice!) Ser$ice!
include t#e traditional one!, !uc# a! openin( an account or tran!ferrin( fund! to
different account!, and ne& ban"in( !er$ice!, !uc# a! electronic bill pre!entment
and pa%ment *allo&in( cu!tomer! to recei$e and pa% bill! on a ban"/! &eb !ite+)Internet En(ineerin( Ta!"
6orce *IET6+
T#e Internet !tandard! !ettin( or(ani.ation &it# affiliate! internationall% from
net&or" indu!tr% repre!entati$e!) T#i! include! al net&or" in indu!tr% de$eloper!and re!earc#er!) T#i! include! all net&or" indu!tr% de$eloper! and re!earc#er!
concerned &it# e$olution and planned (ro&t# of t#e Internet)
Internet inter3RB
rotocol *II+
A protocol de$eloped b% t#e obect mana(ement (roup *M+ to implement
common bect Re1ue!t Bro"er Arc#itecture *CBBA+ !olution! o$er t#e >orld
>ide >eb) CRBA enable! module! of net&or"3ba!ed pro(ram! to communicate&it# one anot#er) T#e!e module! or pro(ram part!, !uc# a! table!, arra%!, and
more comple' pro(ram !ub element!, are one anot#er, T#e!e module! or pro(ram
part!, !uc# a! table, arra%!, and more comple' pro(ram !ub element!, are referred
to a! obect!, ?!e of II in t#i! proce!! enable! bro&!er! and !er$er! to e'c#an(e bot# !imple and comple' obect!) T#i! !i(nificantl% differ! from HTT, &#ic#
onl% !upport! t#e tran!mi!!ion of te't)
Internet pac"et *I+
!poofin(
An attac" u!in( pac"et! &it# t#e !poofed !ource Internet pac"et *I+ addre!!e!)
T#i! tec#ni1ue e'ploit! application! t#at u!e aut#entication ba!ed on I addre!!e!)
T#i! tec#ni1ue al!o ma% enable an unaut#ori.ed u!er to (ain root acce!! on t#etar(et !%!tem)
Intranet A pri$ate net&or" t#at u!e! t#e infra!tructure and !tandard! of t#e internet and>orld >ide >eb, but i! i!olated from t#e public internet b% fire&all barrier!)
Intru!ion An% intentional $iolation of t#e !ecurit% polic% of a !%!tem
Intru!ion detection T#e proce!! of monitorin( t#e e$ent! occurrin( in a computer !%!tem or net&or",detectin( !i(n! of !ecurit% problem!
Intru!i$e monitorin( In $ulnerabilit% anal%!i!, (ainin( information b% performin( c#ec"! t#at affect! t#enormal operation of t#e !%!tem, e$en cra!#in( t#e !%!tem
I *internet protocol+ Specifie! t#e format of pac"et! and t#e addre!!in( !c#eme
ISec *Internet protocol
!ecurit%+
A !et of protocol! de$eloped b% t#e IET6 to !upport t#e !ecure e'c#an(e of
pac"et!
Irre(ularitie! Intentional $iolation! of e!tabli!#ed polic% or &illful mi!!tatement! or omi!!ion!
of
;G
8/11/2019 Cisa Glossary Combined
http://slidepdf.com/reader/full/cisa-glossary-combined 37/69
CISA DECEMBER, 2007 BATCH
information
IS577:: An international !tandard t#at define! information confidentialit%, inte(rit% and
a$ailabilit% control!
IS *internet !er$ice
pro$ider+
A t#ird part% t#at pro$ide! or(ani.ation! &it# $ariet% or internet, and internet3
related !er$ice!
IT (o$ernance frame&or" A model t#at inte(rate! a !et of (uideline!, policie! and met#od! t#at repre!ent t#e
or(ani.ational approac# to t#e IT (o$ernance) er Cob IT )0, IT (o$ernance i!t#e re!pon!ibilit% of t#e board of director! and e'ecuti$e mana(ement) It i! an
inte(ral part of in!titutional (o$ernance and con!i!t! of t#e leader!#ip and
or(ani.ational !tructure! and proce!!e! t#at en!ure t#at t#e or(ani.ation/! IT
!u!tain! and e'tend! t#e or(ani.ation/! !trate(% and obecti$e!)
IT infra!tructureT#e !et of #ard&are, !oft&are and facilitie! t#at inte(rate! an or(ani.ation!/ IT
a!!et!) Specificall%, t#e e1uipment *includin( !er$er!, router!, !&itc#e!, and
cablin(+, !oft&are, !er$ice! and product! u!ed in !torin(, proce!!in(, tran!mittin(and di!pla%in( all form! of information for t#e or(ani.ation/! u!er!)
@ob control
lan(ua(e*@C+
A lan(ua(e u!ed to connection &it# performin( ta!"! on a computer
@ournal entr% A debit or credit to a (eneral led(er account) See al!o manual ournal entr%)
@ud(ment !amplin( An% !ample t#at i! !elected !ubecti$el% or in !uc# a manner t#at t#e !ample!election proce!! i! not random or t#e !amplin( re!ult! are not e$aluated
mat#ematicall%
4ai.en See continuou! impro$ement
4e% A !e1uence of !%mbol! t#at control! t#e operation of a cr%pto(rap#ic
tran!formation *e)() encip#erment, decip#erment, cr%pto(rap#ic c#ec" functioncomputation, !i(nature (eneration, or !i(nature $erification+)
4e% eneration T#e tru!t&ort#% proce!! of creatin( a pri$ate "e%9public "e% pair)
4e% Mana(ement T#e admini!tration and u!e of t#e (eneration, re(i!tration, certification,
dere(i!tration, di!tribution, in!tallation, !tora(e, arc#i$in(, re$ocation, deri$ation
and de!truction of "e%in( material in accordance &it# a !ecurit% polic%)
4e% air In an a!%mmetric cr%pto !%!tem, mean! a pri$ate "e% and it! mat#ematicall%related public "e%, &#ic# are !o related t#at t#e public "e% can $erif% a di(ital
!i(nature created b% t#e pri$ate "e%)
4e% performance
indicator *4I+
Defined mea!ure! t#at determine #o& &ell t#e proce!! i! performin( in enablin(
t#e (oal to be reac#ed) T#e% are lead indicator! of &#et#er a (oal &ill li"el% bereac#ed or not, and are (ood indicator! of capabilitie!, practice! and !"ill!) T#e%
mea!ure t#e acti$it% (oal!, &#ic# are t#e action! t#e proce!! o&ner mu!t ta"e to
ac#ie$e effecti$e proce!! performance)
;7
8/11/2019 Cisa Glossary Combined
http://slidepdf.com/reader/full/cisa-glossary-combined 38/69
CISA DECEMBER, 2007 BATCH
26 *a%er 2 for&ardin(+ A tunnelin( protocol de$eloped b% Ci!co !%!tem! to !upport t#e creation of J!
2T *la%er 2tunnelin(
protocol+
An e'ten!ion to to facilitate t#e creation of J!) 2T mer(e! t#e be!t
feature! of T *from Micro!oft+ and eft *from Ci!co+)
atenc% T#e time it ta"e! a !%!tem and net&or" dela% to re!pond) S%!tem latenc% i! t#e
time a !%!tem ta"e! to retrie$e data) et&or" latenc% i! t#e time it ta"e! for a pac"et to tra$el from !ource to t#e final de!tination)
DA*i(#t&ei(#tDirector% Acce!!
protocol+
A !et of protocol! for acce!!in( information director!) It i! ba!ed on t#e ')F00!tandard) But i! !i(nificantl% !impler)
ea!ed line! A communication line permanentl% a!!i(ned to connect t&o point!, a! oppo!ed toa dial3up line t#at i! onl% a$ailable and open &#en a connection i! made b% dialin(
t#e tar(et mac#ine or net&or") Al!o "no&n a! a dedicated line)
e(al ri!" I! t#e ri!" to earnin(! or capital ari!in( from $iolation! of, or nonconformance
&it#, la&!) Rule!, re(ulation!, pre!cribed practice! or et#ical !tandard!) Ban"! are
!ubect to $ariou! form! of le(al ri!") T#i! can include t#e ri!" t#at a!!et! &ill turnout to be &ort# le!! or liabilitie! &ill turn out to be (reater t#an e'pected becau!e
of inade1uate or incorrect le(al ad$ice or documentation) In addition, e'i!tin( la&!
ma% fail to re!ol$e le(al i!!ue! in$ol$in( a ban"- a court ca!e in$ol$in( a particular ban" ma% #a$e &ider implication! for bandin( bu!ine!! and in$ol$e
co!t! to it and man% or all ot#er ban"!- and, la&! affectin( ban"! or ot#er
commercial enterpri!e! ma% c#an(e) Ban"! are particularl% !u!ceptible to le(al
ri!"! &#en enterin( ne& t%pe! of tran!action! and &#en t#e le(al ri(#t of acounter3part% to enter into tran!action! i! not e!tabli!#ed)
ibrarian T#e indi$idual re!pon!ible for t#e !afe(uard and maintenance of all pro(ram anddata file!)
icence Mean! a licence (ranted to a bod%, !a% a, Certif%in( Aut#orit%)
icen!in( a(reement A contract t#at e!tabli!#e! t#e term! and condition! under &#ic# a piece of
!oft&are i! bein( licen!ed *i)e), made le(all% a$ailable for u!e+ from t#e !oft&arede$eloper *o&ner+ to t#e u!er
imit c#ec" Te!t! of !pecified amount field! a(ain!t !tipulated #i(# or lo& limit! of
acceptabilit%) >#en bot# #i(# and lo& $alue! are u!ed, t#e te!t ma% be called a
ran(e c#ec")
in" editor *lin"a(e
editor+
A utilit% pro(ram t#at combine! !e$eral !eparatel% compiled module! into one,
re!ol$in( internal reference! bet&een t#em
iteral! An% notation for repre!entin( a $alue &it#in pro(rammin( lan(ua(e !ource code,
e)(), a !trin( literal- a c#un" of input data t#at i! repre!ented a!8 i! in compre!!eddata
ocal area net&or"
*A+
Communication! net&or"! t#at !er$e !e$eral u!er! &it#in a !pecified (eo(rap#ical
area) er!onal computer A! function a! di!tributed proce!!in( !%!tem! in &#ic#eac# computer in t#e net&or" doe! it! o&n proce!!in( and mana(e! !ome of it!
data) S#ared data are !tored in a file !er$er t#at act! a! a remote di!" dri$e for all
u!er! in t#e net&or")
A (eo(rap#icall% !mall net&or" of computer! and !upportin( component! u!ed b%
a (roup or department to !#are related !oft&are and #ard&are re!ource!)
ocal loop T#e communication line! t#at pro$ide connecti$it% bet&een t#e
telecommunication! carrier/! central office and t#e !ub!criber/! facilitie!
;
8/11/2019 Cisa Glossary Combined
http://slidepdf.com/reader/full/cisa-glossary-combined 39/69
CISA DECEMBER, 2007 BATCH
o( Record! detail! of t#e information or e$ent! in an or(ani.ed record3"eepin(
!%!tem, u!uall% !e1uenced in t#e order t#e% occurred
o(ical acce!! control! T#e policie!, procedure!, or(ani.ational !tructure and electronic acce!! control!
de!i(ned to re!trict acce!! to computer !oft&are and data file!
o(off Di!connectin( from t#e computer
o(on T#e proce!! of connectin( to t#e computer) It t%picall% re1uire! entr% of a u!er ID
and pa!!&ord in to a computer terminal)o(!9o( file 6ile! created !pecificall% to record $ariou! action! occurrin( on t#e !%!tem to be
monitored, !uc# a! failed lo(in attempt!) 6ull di!" dri$e! and e3mail deli$er%
failure!
o&3Sen!iti$e Applie! to information t#at, if compromi!ed, could rea!onabl% be e'pected to
cau!e inur% out!ide t#e national intere!t, for e'ample, di!clo!ure of an e'act!alar% fi(ure)
Mac#ine lan(ua(e T#e lo(ical lan(ua(e a computer under!tand!
Ma(netic card reader A card reader t#at read! card! &it# a ma(neticall% !urface on &#ic# data can be!tored and retraced
Ma(netic in" c#aracter
reco(nition *MICR+
?!ed to electronicall% input, read and interpret information directl% from a !ource
document- re1uire! t#e !ource document to #a$e !peciall%3coded ma(netic in" t%pe!et
Mal&are S#ort for maliciou! !oft&are,8 mal&are i! !oft&are de!i(ned to infiltrate, dama(eor obtain information from a computer !%!tem &it#out t#e o&ner/! con!ent)
Mal&are i! commonl% ta"en to include computer $iru!e!, &orm!, Troan #or!e!,
!p% &are and ad &are) Sp% &are i! (enerall% u!ed for mar"etin( purpo!e! and, a!!uc#, not reall% maliciou! alt#ou(# it i! (enerall% un&anted) Ho&e$er, !p% &are
can al!o be u!ed to (at#er information for identit% t#eft or ot#er clearl% illicit
purpo!e!)Mana(ement information
!%!tem *MIS+
An or(ani.ed a!!embl% of re!ource! and procedure! re1uired to collect proce!!
and di!tribute data for u!e in deci!ion ma"in()
Mandator% acce!!
control! *MAC+
o(ical acce!! control filter!, u!ed to $alidate acce!! credential! t#at cannot be
controlled or modified b% normal u!er! or data o&ner!- t#e% act b% default)
Con$er!el%, t#o!e control! t#at ma% be confi(ured or modified b% t#e u!er! or datao&ner! are called di!cretionar% acce!! control!)
Man Nin3t#e3middleattac"
An attac" !trate(% in &#ic# t#e attac"er intercept! t#e communication! !tream bet&een t&o part! of t#e $ictim !%!tem and t#en replace! terrific bet&een t#e t&o
component! &it# t#e intruder/! o&n) E$entuall% a!!umin( control of t#e
communication
Manual ournal entr% A ournal entr% entered at a computer terminal) Manual ournal entrie! can includere(ular, !tati!tical, inter3compan% and forei(n currenc% entrie!
Mappin( Dia(rammin( data t#at i! to be e'c#an(ed electronicall%, includin( #o& it i! to be
u!ed and &#at bu!ine!! mana(ement !%!tem! need it) It i! a preliminar% !tep for
de$elopin( an application! lin") *Al!o !ee application tracin( and mappin()+
Ma!"in( A computeri.ed tec#ni1ue of bloc"in( out t#e di!pla% of !en!iti$e information)
Suc# a! pa!!&ord!, on a computer terminal or report
Ma!1uerader! Attac"er! t#at penetrate !%!tem! b% u!in( u!er identifier! and pa!!&ord! ta"en
from le(itimate u!er!
;:
8/11/2019 Cisa Glossary Combined
http://slidepdf.com/reader/full/cisa-glossary-combined 40/69
CISA DECEMBER, 2007 BATCH
Ma!ter file A file of !emi permanent information t#at i! u!ed fre1uentl% for proce!!in( data or
for more t#an one purpo!e
Materialit% An auditin( concept re(ardin( t#e importance of an item of information &it#
re(ard to it! impact or effect on t#e functionin( if t#e entit% bein( audited) An
e'pre!!ion of t#e relati$e !i(nificance or importance of a particular matter in t#econte't of t#e or(ani.ation a! a &#ole)
Maturit% model A collection of in!truction! an or(ani.ation can follo& to (ain better control o$er
it! !oft&are de$elopment proce!!) T#e Capabilit% Maturit% Model *CMM+ for !oft&are, from t#e !oft&are En(ineerin( In!titute *SEI+, i! a model u!ed b% man%
or(ani.ation! to identif% be!t practice! u!eful in #elpin( t#em a!!e!! and increa!e
t#e maturit% of t#eir !oft&are de$elopment proce!!e!) T#e CMM ran"! !oft&arede$elopment or(ani.ation! accordin( to a #ierarc#% of fi$e proce!! maturit%
le$el!) Eac# le$el ran"! t#e de$elopment en$ironment accordin( to it! capabilit%
of producin( 1ualit% !oft&are) A !et of !tandard! i! a!!ociated &it# eac# of t#e fi$ele$el!) T#e !tandard! for le$el one de!cribe t#e mo!t immature or c#aotic,
proce!!e! and t#e !tandard! for le$el fi$e de!cribe t#e mo!t mature, or 1ualit%,
proce!!e!)
Media T#e material or confi(uration on &#ic# data i! recorded E'ample! include
ma(netic tap! and di!"!)Media acce!! Control
*MAC+
A uni1ue, 3bit, #ard3coded addre!! of a p#%!ical la%er de$ice, !uc# a! an
Et#ernet A or a &irele!! net&or" card) T#e MAC i! applied to t#e #ard&are at
t#e factor% and cannot be modified)
Media o'idation T#e deterioration of t#e media *e)(), tape!+ upon &#ic# data i! di(itall% !tored due
to e'po!ure to o'%(en and moi!ture, for e'ample, tape! deterioratin( in a &arm,#umid en$ironment) roper en$ironmental control! !#ould pre$ent, or
!i(nificantl% !lo&, t#i! proce!!)
Memor% dump T#e act of cop%in( ra& data from on e place to anot#er &it# little or no formattin(
for readabilit%3?!uall%3dump refer! to cop%in( data from main memor% to a
di!pla% !creen or a printer) Dump! are u!eful for dia(no!in( bu(!) After a pro(ram
fail!, one can !tud% t#e dump and anal%.e t#e content! of memor% at t#e time of t#e failure) Dump! are u!uall% output in a difficult3to3 read form *t#at i!, binar%,
octal or #e'adecimal+) So a memor% dump &ill not #elp unle!! eac# per!on "no&!
e'actl% for &#at to loo")
Me!!a(e A di(ital repre!entation of information- a computer3ba!ed record A !ub!et of
record *See also record+
Me!!a(e !&itc#in( A telecommunication! traffic controllin( met#odolo(% in &#ic# a complete
me!!a(e i! !ent to a concentration point and !tored until t#e communication! pat#i! e!tabli!#ed)
Micro&a$e tran!mi!!ion A #i(#3 capacit% line3of3!i(#t tran!mi!!ion of data !i(nal! t#rou(# t#e atmo!p#ere
&#ic# often re1uire! rela% !tation!
Middle&are Anot#er term for an application pro(rammer interface *AI+) It refer! to t#einterface! t#at allo& pro(rammer! to acce!! lo&er3or #i(#er3le$el !er$ice! b% pro$idin( an intermediar% la%er t#at include! function call! to t#e !er$ice!)
Mile!tone A terminal element t#at mar"! t#e completion of a &or" pac"a(e or p#a!e,t%picall% mar"ed b% a #i(#3le$el anent !uc# a! proect completion- receipt,
endor!ement or !i(nin( of a pre$iou!l%3defined deli$erable- or a #i(#3le$el re$ie&
meetin( at &#ic# t#e appropriate le$el of prefect completion i! determined and
a(reed to) T%picall%, a mile!tone i! a!!ociated &it# !ome !ort of deci!ion t#atoutline! t#e future of a proect and, for out!ourced proect, ma% #a$e a pa%ment to
0
8/11/2019 Cisa Glossary Combined
http://slidepdf.com/reader/full/cisa-glossary-combined 41/69
CISA DECEMBER, 2007 BATCH
t#e contractor a!!ociated &it# it)
Mi!!ion3critical
application
An application t#at i! $ital to t#e operation of t#e or(ani.ation) T#e term i! $er%
popular for de!cribin( t#e application! re1uired to run t#e da%3to3da% bu!ine!!)
Mi!u!e detection Detection on t#e ba!i! of &#et#er t#e !%!tem acti$it% matc#e! t#at defined a! bad
Modem *modulator
demodulator+
Connect! a terminal or computer to a communication! net&or" $ia telep#one
!%!tem!) >#en actin( in t#e recei$er capacit%) A modem decode! incomin(fre1uencie!)
Mobile !ite T#i! i! a !peciall% de!i(ned trailer t#at can be 1uic"l% tran!ported to a bu!ine!!
location or to an alternate !ite to pro$ide a read%3conditioned information proce!!in( facilit%) T#e!e mobile !ite! can be connected to form lar(er &or" area!
and can be preconfi(ured &it# !er$er!, de!"top computer!, communication!
e1uipment, and e$en micro&a$e and !atellite data lin"!)
Modulation T#e proce!! of con$ertin( a di(ital computer !i(nal into an analo(
telecommunication! !i(nal
Monetar% unit !amplin( A !amplin( tec#ni1ue t#at e!timate! t#e amount of o$er!tatement in an account
balance
Monitor An% information collection mec#ani!m utili.ed b% an intru!ion detection !%!tem
Monitorin( polic% T#e rule! outlinin( t#e &a% in &#ic# information i! captured and interpreted
Multiple'in( T#e tran!mi!!ion of more t#an one !i(nal acro!! a p#%!ical c#annel
Multiple'er A de$ice u!ed for combinin( !e$eral lo&er3!peed c#annel! onto a #i(#er3!peed
c#annel
Mutual ta"eo$er A fail3o$er proce!!, &#ic# i! ba!icall% a t&o3&a% idle !tandb%- t&o !er$er! are
confi(ured !o t#at bot# can ta"e o$er t#e ot#er node/! re!ource (roup) Bot# mu!t#a$e enou(# C? po&er to run bot# application! &it# !ufficient !peed, or
performance lo!!e! mu!t be ta"en into account e'pected until t#e failed nodereinte(rate!) T#i! al!o &or"! nicel% in t#ree or more node confi(uration!)
ame A !et of identif%in( attribute! purported to de!cribe an entit% of a certain t%pe)
AT*et&or" addre!!Tran!lation+
An Internet !tandard t#at allo&! a net&or" to u!e on!et of I addre!!e! for internaltraffic and a !econd !et of addre!!e! for eternal traffic) T#e !er$er, pro$idin( t#e
AT !er$ice, c#an(e! t#e !ource addre!! of out(oin( pac"et! form t#e internal to
t#e e'ternal traffic) T#e !er$er, pro$idin( t#e AT !er$ice, c#an(e! t#e !ource
addre!! of out(oin( pac"et! from t#e internal to t#e e'ternal addre!! and re$er!e!it for pac"et! returnin()
et &are A popular local area net&or" operatin( !%!tem de$eloped b% t#e o$ell Corp)
et&or" A !%!tem of interconnected computer! and t#e communication! e1uipment u!ed to
connect t#em)
A !et of related, remotel% connected de$ice! and communication! facilitie!
includin( more t#an one computer !%!tem &it# t#e capabilit% to tran!mit data
5
8/11/2019 Cisa Glossary Combined
http://slidepdf.com/reader/full/cisa-glossary-combined 42/69
8/11/2019 Cisa Glossary Combined
http://slidepdf.com/reader/full/cisa-glossary-combined 43/69
CISA DECEMBER, 2007 BATCH
re1ue!tin( t#e information) enerall%, t#e (o$ernmental entit% &ill include a
pro$i!ion in t#e contract to allo& t#e !eller to re$ie& a re1ue!t for information t#e
!eller identifie! a! confidential and t#e !eller ma% appeal !uc# a deci!ion re1uirin(di!clo!ure)+ DA! can be mutual,8 meanin( bot# partie! are re!tricted in t#eir u!e
of t#e material! pro$ided, or t#e% can onl% re!trict a !in(le part%) It i! al!o po!!ible
for an emplo%ee to !i(n an DA or DA3li"e a(reement &it# a compan% at t#etime of #irin(- in fact, !ome emplo%ment a(reement! &ill include a clau!e
re!trictin( confidential information8 in (eneral) otar% A natural per!on aut#ori.ed b% an e'ecuti$e (o$ernmental a(enc% to perform
notarial !er$ice! !uc# a! ta"in( ac"no&led(ment!, admini!terin( oat#! or
affirmation!, &itne!!in( or atte!tin( !i(nature!, and notin( prote!t! of ne(otiable
in!trument!)
bect code Mac#ine3readable in!truction! produced from a compiler or a!!embler pro(ram
t#at #a! accepted and tran!lated t#e !ource code
bect Mana(ement
roup *M+
A con!ortium &it# more t#an 700affiliate! from t#e !oft&are indu!tr% it! purpo!e
i! to pro$ide a common frame&or" for de$elopin( application! u!in( obect3
oriented pro(rammin( tec#ni1ue!) 6or e'ample) M i! "no&n principall% for promul(atin( t#e CRBA !pecification)
bect orientation An approac# to !%!tem de$elopment &#ere t#e ba!ic unit of attention i! an obect,&#ic# repre!ent! an encap!ulation of bot# data *an obect/! met#od!+) bect!
u!uall% are created u!in( a (eneral template ca"ed a cla!!) Cla!!e! are t#e ba!i! for
mo!t de!i(n &or" in obect!) Cla!!e! and t#eir obect! communicate in defined&a%!) A((re(ate cla!!e! interact t#rou(# me!!a(e!, &#ic# are directed re1ue!t! for
!er$ice! from one cla!! *t#e client+ to anot#er cla!! *t#e !er$er+) A cla!! ma% !#are
t#e !tructure or met#od! defined in one or more ot#er cla!!e!3a relation!#ip "no&na! in#eritance)
becti$it% T#e abilit% to e'erci!e ud(ment, e'pre!! opinion! and pre!ent recommendation!
&it# impartialit%bect3oriented !%!tem
de$elopment
A !%!tem de$elopment met#odolo(% t#at i! or(ani.ed around obect!8 rat#er t#an
action!,8 and data8 rat#er t#an lo(ic)8 bect3oriented anal%!i! i! an a!!e!!mentof a p#%!ical !%!tem to determine &#ic# obect! in t#e real &orld need to be
repre!ented a! obect! in a !oft&are !%!tem) An% obect3oriented de!i(n i! !oft&are
de!i(n t#at i! centered around de!i(nin( t#e obect! t#at &ill ma"e up a pro(ram)An% obect3oriented pro(ram i! one t#at i! compo!ed of obect! or !oft&are part!)
ffline file! Computer file !tora(e media not p#%!icall% connected to t#e computer- t%picall%tape! or tape cartrid(e! u!ed for bac"up purpo!e!
ff!ite !tora(e A !tora(e facilit% located a&a% from t#e buildin( #ou!in( t#e primar% information
proce!!in( facilit% *I6+) u!ed for !tora(e of computer media !uc# a! offline
bac"up data and !tora(e file!)n3ine Communication! t#at pro$ide a real3time connection)
nline data proce!!in( roce!!in( i! ac#ie$ed b% enterin( information into t#e computer $ia a $ideo
di!pla% terminal) T#e computer immediatel% accept! or reect! t#e information, a!
it i! entered)
pen !%!tem! S%!tem! for &#ic# detailed !pecification! of t#eir component! compo!ition are
publi!#ed in a nonproprietar% en$ironment, t#ereb% enablin( competin(or(ani.ation! to u!e t#e!e !tandard component! to build competiti$e !%!tem!) T#e
;
8/11/2019 Cisa Glossary Combined
http://slidepdf.com/reader/full/cisa-glossary-combined 44/69
CISA DECEMBER, 2007 BATCH
ad$anta(e! of u!in( open !%!tem! include portabilit%, interoperabilit% and
inte(ration)
pen S#orte!t pat# 6ir!t
*S6+
A routin( protocol, de$eloped for I net&or"! t#at i! ba!ed on t#e !#orte!t3pat#3
fir!t or lin"3!tate al(orit#m)
peratin( !%!tem A ma!ter control pro(ram t#at run! t#e computer and act! a! a !c#eduler and
traffic controller) It i! t#e fir!t pro(ram copied into t#e computer/! memor% after
t#e computer i! turned on and mu!t re!ide in memor% at all time!) It !et! t#e
!tandard! for t#e application pro(ram! t#at run in it)peratin( !%!tem audit
trail!
Record! of !%!tem e$ent! (enerated b% a !peciali.ed operatin( !%!tem mec#ani!m
perational audit An audit de!i(ned to e$aluate t#e $ariou! internal control!, econom% and
efficienc% of a function or department
perational Certificate A Di(ital Si(nature Certificate &#ic# i! &it#in it! operational period at t#e pre!ent
date and time or at a different !pecified date and time, dependin( on t#e conte't)
perational control T#e!e control! deal &it# t#e e$er%da% operation of a compan% or or(ani.ation to
en!ure all obecti$e! are ac#ie$ed)
perational Mana(ement Refer! to all bu!ine!!9!er$ice unit mana(ement *ie t#e u!er mana(ement+ a! &ell
a! Information Tec#nolo(% mana(ement)
perational eriod T#e period !tartin( &it# t#e date and time a Di(ital Si(nature Certificate i! i!!ued*or on a later date and time certain if !tated in t#e Di(ital Si(nature Certificate+
and endin( &it# t#e date and time on &#ic# t#e Di(ital Si(nature Certificatee'pire! or i! earlier !u!pended or re$o"ed)
perational ri!" T#e mo!t important t%pe! of operational ri!" in$ol$e brea"do&n! in internalcontrol! and corporate (o$ernance) Suc# brea"do&n! can lead to financial lo!!e!
t#rou(# error, fraud or failure to perform in a timel% manner or cau!e t#e intere!t!
of t#e ban" to be compromi!ed in !ome ot#er &a%, for e'ample, b% it! dealer!,
lendin( officer! or ot#er !taff e'ceedin( t#eir aut#orit% or conductin( bu!ine!! inan unet#ical or ri!"% manner) t#er a!pect! of operational ri!" include maor
failure of information tec#nolo(% !%!tem! or e$ent! !uc# a! !ecurit% problem! or
ot#er di!a!ter!)peration! Pone An area &#ere acce!! i! limited to per!onnel &#o &or" t#ere and to properl%
e!corted $i!itor! peration! Pone! !#ould be monitored at lea!t periodicall%, ba!edon a t#reat ri!" a!!e!!ment *TRA+, and !#ould preferabl% be acce!!ible from a
Reception Pone)
perator con!ole A !pecial terminal u!ed b% computer operation! per!onnel to control computer and
!%!tem! operation! function!) T#e!e terminal! t%picall% pro$ide a #i(# le$el of
computer acce!! and !#ould be properl% !ecured)
ptical c#aracter
reco(nition
?!ed to electronicall% !can and input &ritten information from a !ource document
ptical !canner An input de$ice t#at read! c#aracter! and ima(e! t#at are printed or painted on a
paper form into t#e computer)
r(ani.ation An entit% &it# &#ic# a u!er i! affiliated An or(ani.ation ma% al!o be a u!er)
ri(inator A per!on &#o !end!, (enerate!, !tore! or tran!mit! an% electronic me!!a(e or
cau!e! an% electronic me!!a(e to be !ent, (enerated, !tored or tran!mitted to an%ot#er per!on but doe! not include an intermediar%)
utput anal%.er C#ec"! t#e accurac% of t#e re!ult! produced b% a te!t run) T#ere are t#ree t%pe! of
c#ec"! t#at an output anal%.er can perform) 6ir!t, if a !tandard !et of te!t data andte!t re!ult! e'i!t! for a pro(ram, t#e output of a te!t run after pro(ram maintenance
8/11/2019 Cisa Glossary Combined
http://slidepdf.com/reader/full/cisa-glossary-combined 45/69
CISA DECEMBER, 2007 BATCH
can be compared &it# t#e !et if re!ult! t#at !#ould be produced) Second, a!
pro(rammer! prepare te!t data and calculate t#e e'pected re!ult!, t#e!e re!ult! can
be !tored on a file and t#e output anal%.er compare! t#e actual re!ult! of a te!t run&it# t#e e'pected re!ult!) T#ird, t#e output anal%.er can act a! a 1uer% lan(ua(e- it
accept! 1uerie! about &#et#er certain relation!#ip! e'i!t in t#e file of output
re!ult! and report! compliance or noncompliance)
ut!ourcin( A formal a(reement &it# a t#ird part% to perform an IS function for an
or(ani.ation
ac"et Data unit t#at i! routed from !ource to de!tination in a pac"et3!&itc#ed net&or") A
pac"et contain! bot# routin( information and data) Tran!mi!!ion control protocol9internet protocol *TC9I+ i! !uc# a pac"et3!&itc#ed net&or")
ac"et filterin( Controllin( acce!! to a net&or" b% anal%.in( t#e attribute! of t#e incomin( andout(oin( pac"et! and eit#er lettin( t#em pa!!, or den%in( t#em, ba!ed on a li!t of
rule!
ac"et !&itc#in( T#e proce!! of tran!mittin( me!!a(e! in con$enient piece! t#at can be rea!!embled
at t#e de!tinationarallel !imulation arallel !imulation in$ol$e! t#e IS auditor &ritin( a pro(ram to replicate t#o!e
application proce!!e! t#at are critical to an audit opinion and u!in( t#i! pro(ram to
reproce!! application !%!tem data) T#e re!ult! produced are compared &it# t#e
re!ult! (enerated b% t#e application !%!tem and an% di!crepancie! identified)
aper te!t A &al"3 t#rou(# of t#e !tep! of a re(ular te!t, but &it#out actuall% performin( t#e
!tep!) It i! u!uall% u!ed in di!a!ter reco$er% and contin(enc% te!tin(, &#ere teammember! re$ie& and become familiar &it# t#e plan!, t#eir !pecific role! and
re!pon!ibilitie!)
arallel te!tin( T#e proce!! of feedin( te!t data into t&o !%!tem!, t#e modified !%!tem and analternati$e !%!tem *po!!ibl% t#e ori(inal !%!tem+and comparin( re!ult!
arit% c#ec" A (eneral #ard&are control, &#ic# #elp! to detect data error! &#en data are readfrom memor% or communicated from one computer to anot#er, a 53bit di(it *eit#er
0or 5+i! added to a data item to indicate &#et#er t#e !um of t#at data item/! bit i!
odd or e$en) >#en t#e parit% bit di!a(ree! &it# t#e !um of t#e ot#er bit!, t#ecomputer report! an error) T#e probabilit% of a parit% c#ec" detectin( an error i! F0
percent)
articularl% Sen!iti$e Applie! to information t#at, if compromi!ed, could rea!onabl% be e'pected to
cau!e !eriou! inur% out!ide t#e national intere!t, for e'ample lo!! of reputation or
competiti$e ad$anta(e)
artitioned file
artitioned file
A file format in &#ic# t#e file i! di$ided into multiple !ub file! and a director% i!
e!tabli!#ed to locate eac# !ub file
a!!i$e a!!ault In a pa!!i$e a!!ault, intruder! attempt to lean !ome c#aracteri!tic of t#e data bein(tran!mitted) T#e% ma% be able to read t#e content! of t#e data !o t#e pri$ac% of
t#e data i! $iolated) Alternati$el%, alt#ou(# t#e content of t#e data it!elf ma%remain !ecure, intruder! ma% read and anal%.e t#e plainte't !ource and de!tination
identifier! attac#ed to a me!!a(e for routin( purpo!e!, or t#e% ma% e'amine t#e
len(t#! and fre1uenc% of me!!a(e! bein( tran!mitted)
a!!i$e re!pon!e A re!pon!e option in intru!ion detection in &#ic# t#e !%!tem !impl% report! and
record! t#e problem detected, rel%in( on t#e u!er to ta"e !ub!e1uent action
F
8/11/2019 Cisa Glossary Combined
http://slidepdf.com/reader/full/cisa-glossary-combined 46/69
CISA DECEMBER, 2007 BATCH
a!!&ord 9 a!! #ra!e-
in umber
A protected, (enerall% computer3encr%pted !trin( of c#aracter! t#at aut#enticate a
computer u!er to t#e computer !%!tem)
Confidential aut#entication information u!uall% compo!ed of a !trin( of c#aracter!
u!ed to pro$ide acce!! to a computer re!ource)
a!!&ord crac"er Speciali.ed !ecurit% c#ec"er t#at te!t! u!er/! pa!!&ord!, !earc#in( for pa!!&ord!
t#at are ea!% to (ue!! b% repeatedl% tr%in( &ord! from !peciall% crafted
dictionarie!) 6ailin( t#at, man% pa!!&ord crac"er! can brute force all po!!iblecombination! in a relati$el% !#ort period of time &it# current de!"top computer #ard&are)
a%ment !%!tem A financial !%!tem t#at e!tabli!#e! t#e mean! for tran!ferrin( mone% bet&een!upplier! and u!er! of fund!, ordinaril% b% e'c#an(in( debit! or credit! bet&een
ban"! or financial in!titution!)
atc# mana(ement An area of !%!tem! mana(ement t#at in$ol$e! ac1uirin(, te!tin(, and in!tallin(
multiple patc#e! *code c#an(e!+ to an admini!tered computer !%!tem, to date
!oft&are and often to addre!! !ecurit% ri!"!) atc# mana(ement ta!"! include t#efollo&in(- maintainin( current "no&led(e of a$ailable atc#e!- decidin( &#at
patc#e! are appropriate for particular !%!tem!- en!urin( t#at patc#e! are in!talled
properl%- te!tin( !%!tem! after in!tallation- and documentin( all a!!ociated procedure!, !uc# a! !pecific confi(uration! re1uired) A number of product! area$ailable to automate patc# mana(ement e'pert! !u((e!t t#at !%!tem
admini!trator! ta"e !imple !tep! to a$oid problem!, !uc# a! performin( bac"up!
and te!tin( patc#e! on non3critical !%!tem! prior to in!tallation!) atc#mana(ement can be $ie&ed a! part of c#an(e mana(ement) 6or furt#er detail refer
to-
a%roll !%!tem An electronic !%!tem for proce!!in( pa%roll information and t#e related electronic
time"eepin( and9or #uman re!ource! !%!tem+, #uman *e)(), pa%roll cler"+, and
e'ternal part% *e)(), ban"+ interface!) In a more limited !en!e, it i! t#e electronic!%!tem t#at perform! t#e proce!!in( for (eneratin( pa%roll c#ec"! and9or ban"
direct depo!it! to emplo%ee!)C Card *See Al!o SmartCard+
A #ard&are to"en compliant &it# !tandard! promul(ated b% t#e er!onalComputer Memor% Card International A!!ociation *CMCIA+ pro$idin(
e'pan!ion capabilitie! to computer!, includin( t#e facilitation of information
!ecurit%)
enetration te!tin( Ali$e te!t of t#e effecti$ene!! of !ecurit% defen!e! t#rou(# mimic"in( t#e action!
of real3life attac"er!
erformance indicator! A !et of metric! de!i(ned to mea!ure t#e e'tent to &#ic# performance obecti$e!
are bein( ac#ie$ed on an on3(oin( ba!i!) T#e% can include !er$ice le$el
a(reement!, critical !ucce!! factor!, cu!tomer !ati!faction ratin(!, internal or e'ternal benc#mar"!, indu!tr% be!t practice! and international !tandard!)
ri$ate branc# e'c#an(e*B+
A telep#one e'c#an(e t#at i! o&ned b% a pri$ate bu!ine!!, a! oppo!ed to oneo&ned b% a common carrier or b% a telep#one compan%)
erformance te!tin( Comparin( t#e !%!tem, performance to ot#er e1ui$alent !%!tem! u!in( &elldefined benc#mar"!
erip#eral! Au'iliar% computer #ard&are e1uipment u!ed for input, output and data !tora(e)E'ample! include di!" dri$e! and printer!)
ermanent $irtual
circuit*JC+
A permanent connection bet&een #o!t! in a pac"et !&itc#ed net&or"
G
8/11/2019 Cisa Glossary Combined
http://slidepdf.com/reader/full/cisa-glossary-combined 47/69
CISA DECEMBER, 2007 BATCH
er!on Mean! an% compan% or a!!ociation or indi$idual or bod% of indi$idual!, &#et#er
incorporated or not)
er!onal di(ital
a!!i!tant*DA+
Al!o called palmtop and poc"et computer, t#e!e are #and#eld de$ice! t#at pro$ide
computin(, Internet, net&or"in( and telep#one c#aracteri!tic!)
er!onal identification
number *I+
A t%pe of pa!!&ord *i)e), a !ecret number a!!i(ned to an indi$idual+ t#at, in
conunction &it# !ome mean! of identif%in( t#e indi$idual, !er$e! to $erif% t#e
aut#enticit% of t#e indi$idual in! #a$e been adopted b% financial in!titution! a!
t#e primar% mean! of $erif%in( cu!tomer! in an electronic fund! tran!fer !%!tem*E6TS+)
er!onal re!ence T#e act of appearin( *p#%!icall% rat#er t#an $irtuall% or fi(urati$el%+ before aCertif%in( Aut#orit% or it! de!i(nee and pro$in( one! identit% a! a prere1ui!ite to
Di(ital Si(nature Certificate i!!uance under certain circum!tance!)
#i!#in( T#i! i! t%pe of e3mail attac" t#at attempt! to con$ince a u!er t#at t#e ori(inator i!
(enuine, but &it# t#e intention of obtainin( information for u!e in !ocial
en(ineerin() T#e!e attac"! ma% ta"e t#e form of ma!1ueradin( a! a lotter%or(ani.ation ad$i!in( t#e recipient of a lar(e &in or t#e u!er/! ban"- in eit#er ca!e,
t#e intent i! to obtain account and I detail!) Alternati$e attac"! ma% !ee" to
obtain apparentl% innocuou! bu!ine!! information, &#ic# ma% be u!ed in anot#er
form of acti$e attac")#rea"er! T#o!e &#o crac" !ecurit%, mo!t fre1uentl% p#one and ot#er communication
net&or"!
i((% bac"in( 5+ 6ollo&in( an aut#ori.ed per!on into a re!tricted acce!! area- 2+ electronicall%
attac#in( to an aut#ori.ed telecommunication! lin" to intercept and po!!ibl% alter tran!mi!!ion!)
lainte't Di(ital information, !uc# a! clear te't, t#at i! intelli(ible to t#e reader
oint3of3!ale
*S+!%!tem!
Enable t#e capture of data at t#e time and place of tran!action) S terminal! ma%
include u!e of optical !canner! for u!e &it# bar code! or ma(netic card reader! for
u!e &it# credit card!) S !%!tem! ma% be online to a central computer or ma%
u!e !tand3alone terminal! or microcomputer! t#at #old t#e tran!action! until t#eend of a !pecified period &#en t#e% are !ent to t#e main computer for batc#
proce!!in()
olic% A brief document t#at !tate! t#e #i(#3le$el or(ani.ation po!ition, !tate! t#e !cope,
and e!tabli!#e! &#o i! re!pon!ible for compliance &it# t#e polic% and t#e
corre!pondin( !tandard! 6ollo&in( i! an abbre$iated e'ample of &#at a polic%ma% contain
• Introduction
• Definition!
• olic% Statement identif%in( t#e need for !omet#in(8 *e( data !ecurit%+
• Scope
• eople pla%in( a role and t#eir re!pon!ibilitie!
• Statement of Enforcement, includin( re!pon!ibilit%
ol%morp#i!m *obect!+ ol%morp#i!m refer! to databa!e !tructure! t#at !end t#e !ame command to
different c#ild obect! t#at can produce different re!ult! dependin( on t#eir famil%
#ierarc#ical tree !tructure)
opulation T#e entire !et of data from &#ic# a !ample i! !elected and about &#ic# t#e IS
auditor &i!#e! to dra& conclu!ion!
7
8/11/2019 Cisa Glossary Combined
http://slidepdf.com/reader/full/cisa-glossary-combined 48/69
CISA DECEMBER, 2007 BATCH
ort An interface point bet&een t#e C? and a perip#eral de$ice
o!tin( T#e proce!! of actuall% enterin( tran!action! into computeri.ed or manual file!)
Suc# tran!action! mi(#t immediatel% update t#e ma!ter file! or ma% re!ult inmemo po!tin(, in &#ic# t#e tran!action! are accumulated o$er a period of time)
T#en applied to ma!ter file updatin()
oint3to oint protocol
*+
Commonl% u!ed to e!tabli!# a direct connection bet&een t&o node!, it can connect
computer! u!in( !erial cable, p#one line, trun" line, cellular telep#one, !peciali.edradio lin"! or fiber optic lin"!) It! main feature! include en#anced error detection,automatic !elf3 confi(uration and looped lin" detection) Mo!t Internet !er$ice
pro$ider! u!e for cu!tomer!/ dial3up acce!! to t#e Internet) i! commonl%
u!ed to act a! a la%er 28 *t#e data lin" la%er of t#e SI model+ protocol for
connection o$er !%nc#ronou! and a!%nc#ronou! circuit!, &#ere it #a! lar(el%!uper!eded an older non!tandard protocol *"no&n a! SI+and telep#one compan%
mandated !tandard! *!uc# a! )2F+) &a! de!i(ned to &or" &it# numerou!
la%er ;8net&or" la%er protocol!, includin( I, o$ell/! I, and AppleTal")
T*point3to3point
tunnelin( protocol+
A protocol u!ed to tran!mit data !ecurel% bet&een t&o endpoint! to create a J
re$enti$e control! T#e!e control! are de!i(ned to pre$ent or re!trict an error, omi!!ion or unaut#ori.ed intru!ion)
rice ri!" I! t#e ri!" to earnin(! or capital ari!in( from c#an(e! in t#e $alue of portfolio! of
financial in!trument!) rice ri!" ari!e! from mar"et ma"in(, dealin( and po!ition
ta"in( in intere!t rate, forei(n e'c#an(e, e1uit% and commoditie! mar"et!) Ban"!na% be e'po!ed to price ri!" if t#e% create or e'pand depo!it bro"erin(, loan !ale!
or !ecuriti.ation pro(ram! a! a re!ult of internet ban"in( acti$itie!,
ri$ac% ri$ac% in$ol$e! pro$idin( proper protection for per!onall% identifiable
information relatin( to an identified or identifiable indi$idual *data
!ubect+)Mana(ement !#ould en!ure t#at proper control! are in place andfunctionin( to be in compliance &it# it! pri$ac% polic% or applicable pri$ac% la&!
and re(ulation!)roblem e!calation procedure
T#e proce!! of e!calatin( a problem up from unior to !enior !upport !taff, andultimatel% to #i(#er le$el! of mana(ement) It i! often u!ed in #elp de!"
mana(ement, &#ere an unre!ol$ed problem i! e!calated up t#e c#ain of command,
until it i! !ol$ed)
rocedure A !et of !tep! performed to en!ure t#at a (uideline i! met)
ro(ram A detailed and e'plicit !et of in!truction! for accompli!#in( !ome purpo!e, t#e !et bein( e'pre!!ed in !ome lan(ua(e !uitable for input to a computer, or in mac#ine
lan(ua(e)
ri$ate "e% A mat#ematical "e% *"ept !ecret b% t#e #older+ u!ed to create di(ital !i(nature!
and), dependin( upon t#e al(orit#m, to decr%pt me!!a(e! or file! encr%pted *for confidentialit%+ &it# t#e corre!pondin( public "e%)
T#e "e% of a "e% pair u!ed to create a di(ital !i(nature)
ri$ate "e%
cr%pto!%!tem!
?!ed in data encr%ption, it u!e! a !ecret "e% to encr%pt t#e plainte't to t#e cip#er
te't) It al!o u!e! t#e !ame "e% to decr%pt t#e cip#er te't to t#e corre!pondin(
plainte't) In t#i! ca!e, t#e "e% i! !%mmetric !uc# t#at t#e encr%ption "e% i!e1ui$alent to t#e decr%ption "e%)
8/11/2019 Cisa Glossary Combined
http://slidepdf.com/reader/full/cisa-glossary-combined 49/69
CISA DECEMBER, 2007 BATCH
ri$ile(e T#e le$el of tru!t &it# &#ic# !%!tem obect i! imbued
rocedure T#e portion of a !ecurit% polic% t#at !tate! t#e (eneral proce!! t#at &ill be
performed to accompli!# a !ecurit% (oal
roduction pro(ram! ro(ram! t#at are u!ed to proce!! li$e or actual data t#at &ere recei$ed a! input
into t#e production en$ironment)
roduction !oft&are Soft&are t#at i! bein( u!ed and e'ecuted to !upport normal and aut#ori.ed
or(ani.ational operation!) Suc# !oft&are i! to be di!tin(ui!#ed from te!t !oft &are)>#ic# i! bein( de$eloped or modified, but #a! not %et been aut#ori.ed for u!e b%
mana(ement)
rofe!!ional competence ro$en le$el of abilit%, often lin"ed to 1ualification! i!!ued b% rele$ant profe!!ional bodie! and compliance &it# t#eir code! of practice and !tandard!
ro(ram E$aluation andRe$ie& Tec#ni1ue
*ERT+
roect mana(ement tec#ni1ue u!ed in t#e plannin( and control of !%!tem proect!
roect portfolio T#e !et of proect! o&ned b% a compan%- it u!uall% include! t#e main (uideline!
relati$e to eac# proect includin( obecti$e!, co!t!, timeline! and ot#er information
!pecific to t#e proect)
ro(ram flo&c#art! ro(ram flo&c#art! !#o& t#e !e1uence of in!truction! in a !in(le pro(ram or !ubroutine) T#e !%mbol! u!ed !#ould be t#e internationall% accepted !tandard)
ro(ram flo&c#art! !#ould be updated &#en nece!!ar%)
ro(ram narrati$e! ro(ram narrati$e! pro$ide a detailed e'planation of pro(ram flo&c#art!,
includin( control point! and an% e'ternal input
roect !pon!or Con!idered for ac1ui!ition t#e per!on re!pon!ible for #i(#3le$el deci!ion!, !uc# a!
c#an(e! to t#e !cope and9or bud(et of t#e proect, and &#et#er or not toimplement
roect team roup of people re!pon!ible for a proect, &#o!e term! of reference ma% includet#e de$elopment, ac1ui!ition, implementation or maintenance of an application
!%!tem) T#e team member! ma% include line mana(ement, operational line !taff,
e'ternal contractor! and auditor!)romi!cuou! mode Allo&! t#e net&or" interface to capture all net&or" traffic irre!pecti$e of t#e
#ard&are de$ice to &#ic# t#e pac"et i! addre!!ed
rotection domain T#e area of t#e !%!tem t#at t#e intru!ion detection !%!tem i! meant to monitor and
protect
rotocol T#e rule! b% &#ic# a net&or" operate! and control! t#e flo& and priorit% of
tran!mi!!ion!
)rotocol con$erter Hard&are de$ice!, !uc# a! a!%nc#ronou! and !%nc#ronou! tran!mi!!ion!, t#at
con$ert bet&een t&o different t%pe! of tran!mi!!ion
rotocol !tac" A !et of utilitie! t#at implement a particular net&or" protocol) 6or in!tance, in&indo&! mac#ine! a TC9I !tac" con!i!t! of IC9I !oft&are,
rotot%pin( A !%!tem de$elopment tec#ni1ue t#at enable! u!er! and de$eloper! to reac#a(reement on !%!tem re1uirement!) rotot%pin( u!e! pro(rammed !imulation
tec#ni1ue! to repre!ent a model of t#e final emp#a!i! i! on end3u!er !creen! and
!%!tem to t#e u!er for ad$i!ement and criti1ue) T#e emp#a!i! i! on end3u!er !creen! and report!) Internal control! are not a priorit% item !ince t#i! i! onl% a
model)
ro'% !er$er A !er$er t#at act! on be#alf of a u!er) T%pical pro'ie! accept a connection from au!er, ma"e a deci!ion a! to &#et#er or not t#e u!er or client I addre!! i! permitted
to u!e t#e pro'%, per#ap! perform additional aut#entication, and complete a
:
8/11/2019 Cisa Glossary Combined
http://slidepdf.com/reader/full/cisa-glossary-combined 50/69
CISA DECEMBER, 2007 BATCH
connection to a remote de!tination on be#alf of t#e u!er)
A !er$er t#at !it! bet&een a client application !uc# a! a &eb bro&!er and a real
!er$er It intercept! all re1ue!t! to t#e real !er$er to !ee if it can fulfill t#e re1ue!t
it!elf If not, it for&ard! t#e re1ue!t to t#e real !er$er)
ublic Acce!! Pone enerall% !urround! or form! part of a (o$ernment facilit% E'ample! include t#e
(round! !urroundin( a buildin(, and public corridor! and ele$ator lobbie! inmultiple3occupanc% buildin(! Boundar% de!i(nator! !uc# a! !i(n! and direct or remote !ur$eillance ma% be u!ed to di!coura(e unaut#ori.ed acti$it%)
ublic "e% In an a!%mmetric cr%pto(rap#ic !c#eme, t#e "e% t#at ma% be &idel% publi!#ed toenable t#e operation of t#e !c#eme)
T#e "e% of a "e% pair u!ed to $erif% a di(ital !i(nature and li!ted in t#e Di(italSi(nature Certificate)
ublic 4e% Cr%pto(rap#%
*See Cr%pto(rap#%+
A t%pe of cr%pto(rap#% t#at u!e! a "e% pair of mat#ematicall% related
cr%pto(rap#ic "e%! T#e public "e% can be made a$ailable to an%one &#o &i!#e! to
u!e it and can encr%pt information or $erif% a di(ital !i(nature- t#e pri$ate "e% i!"ept !ecret b% it! #older and can decr%pt information or (enerate a di(ital !i(nature
ublic "e% cr%pto!%!tem ?!ed in data encr%ption) It u!e! an encr%ption "e%, a! a public "e%, to encr%pt t#e
plainte't to t#e cip#er te't) It u!e! t#e different decr%ption "e%, a! a !ecret "e%, todecr%pt t#e cip#er te't to t#e corre!pondin( plainte't) In contra!t to a pri$ate "e%
cr%pto!%!tem, t#e decr%ption "e% !#ould be !ecret- #o&e$er, t#e encr%ption "e%
can be "no&n to e$er%one, in a public "e% cr%pto!%!tem, t&o "e%! are a!%mmetric,!uc# t#at t#e encr%ption "e% i! not e1ui$alent to t#e decr%ption "e%)
ublic "e% infra!tructure*4I+ 9 4I Ser$er
A !%!tem t#at aut#enticall% di!tribute! u!er!/ public "e%! u!in( certificate!)
A !%!tem t#at aut#enticall% di!tribute! u!er/! public "e%! u!in( certificate!) It
$erifie! and aut#enticate! t#e $alidit% of eac# part% in$ol$ed in an Internettran!action t#rou(# di(ital certificate!, certificate aut#oritie! and ot#er re(i!trationaut#oritie!)
A !et of policie!, proce!!e!, !er$er platform!, !oft&are and &or"!tation! u!ed for t#e purpo!e of admini!terin( Di(ital Si(nature Certificate! and public3pri$ate "e%
pair!, includin( t#e abilit% to (enerate, i!!ue, maintain, and re$o"e public "e%
certificate!)
T#e arc#itecture, or(ani.ation, tec#ni1ue!, practice!, and procedure! t#at
collecti$el% !upport t#e implementation and operation of a certificate3ba!ed public
"e% cr%pto(rap#ic !%!tem It include! a !et of policie!, proce!!e!, !er$er platform!,!oft&are and &or"!tation!, u!ed for t#e purpo!e of admini!terin( Di(ital Si(nature
Certificate! and "e%!)
4I Hierarc#% A !et of Certif%in( Aut#oritie! &#o!e function! are or(ani.ed accordin( to t#e
principle of dele(ation of aut#orit% and related to eac# ot#er a! !ubordinate and!uperior Certif%in( Aut#orit%)
ublic "e% encr%ption A cr%pto(rap#ic !%!tem t#at u!e! to& "e%!) ne i! a public "e%, &#ic# i! "no&nto e$er%one, and t#e !econd i! a pri$ate or !ecret "e%, &#ic# i! onl% "no&n to t#e
F0
8/11/2019 Cisa Glossary Combined
http://slidepdf.com/reader/full/cisa-glossary-combined 51/69
CISA DECEMBER, 2007 BATCH
recipient of t#e me!!a(e)
ualit% a!!urance A tec#ni1ue u!ed to de!i(n, de$elop and implement a product or !er$ice reducin(
co!t! and pre!er$in( t#e 1ualit%)
ueue A (roup of item! t#at are &aitin( to be !er$iced or proce!!ed
uic" !#ip A reco$er% !olution pro$ided b% reco$er% and9or #ard&are $endor! and include! a
pre3 e!tabli!#ed contract to deli$er #ard&are re!ource! &it#in a !pecified number
amount of #our! after a di!a!ter occur!) T#i! !olution u!uall% pro$ide!or(ani.ation! &it# t#e abilit% to reco$er &it#in 72#our! or (reater)
Radio &a$e interference T#e !uperpo!ition of t&o or more radio &a$e! re!ultin( in a different radio &a$e
pattern t#at i! more difficult to intercept and decode properl%
RADI?S *remote aut#entication dial3in u!er !er$ice+
A t%pe of !er$ice pro$idin( an aut#entication and accountin( !%!tem often u!ed for dial3up and remote acce!! !ecurit%
Random acce!! memor%
*RAM+
T#e computer/! primar% &or"in( memor%) Eac# b%te of memor% can be acce!!ed
randoml% re(ardle!! of adacent b%te!)
Ran(e c#ec" Ran(e c#ec"! en!ure t#at data fall &it#in a predetermined ran(e *al!o !ee limit
c#ec"!+)
Rapid application
de$elopment
A met#odolo(% t#at enable! or(ani.ation! to de$elop !trate(icall% important
!%!tem! fa!ter, &#ile reducin( de$elopment co!t! and maintainin( 1ualit% b% u!in(
a !erie! of pro$en application de$elopment tec#ni1ue!, &it#in a &ell3definedmet#odolo(%)
Real3time anal%!i! Anal%!i! t#at i! performed on a continuou! ba!i!, &it# re!ult! (ained in time to
alter t#e run3time !%!temReal3time proce!!in( An interacti$e online !%!tem capabilit% t#at immediatel% update! computer file!
&#en tran!action! are initiated t#rou(# a terminal
Rea!onable a!!urance A le$el of comfort !#ort of a (uarantee but con!idered ade1uate (i$en t#e co!t! of
t#e control and t#e li"el% benefit! ac#ie$ed
Rea!onablene!! c#ec" Compare! data to predefined rea!onabilit% limit! or occurrence rate! e!tabli!#ed
for t#e data)
Recipient *of a Di(ital
Si(nature+
A per!on &#o recei$e! a di(ital !i(nature and &#o i! in a po!ition to rel% on it,
&#et#er or not !uc# reliance occur! *See also rel%in( part%+
Reciprocal a(reement Emer(enc% proce!!in( a(reement! bet&een t&o or more or(ani.ation! &it#
!imilar e1uipment or application!) T%picall%) articipant! promi!e to pro$ide
proce!!in( time to eac# ot#er &#en an emer(enc% ari!e!)Record A collection of related information treated a! a unit) Separate field! &it#in t#e
record are u!ed for proce!!in( t#e information)
Information t#at i! in!cribed on a tan(ible medium *a document+ or !tored in an
electronic or ot#er medium and retrie$able in percei$able form) T#e term record8
i! a !uper!et of t#e t&o term! document8 and me!!a(e8 *See also document-me!!a(e+
F5
8/11/2019 Cisa Glossary Combined
http://slidepdf.com/reader/full/cisa-glossary-combined 52/69
CISA DECEMBER, 2007 BATCH
Record, !creen and report
la%out!
Record la%out! pro$ide information re(ardin( t#e t%pe of record, it! !i.e and t#e
t%pe of data contained in t#e record) Screen and report la%out! de!cribe &#at
information i! pro$ided and nece!!ar% for input
Reco$er% point obecti$e
*R+
T#e reco$er% point obecti$e i! determined ba!ed on t#e acceptable data lo!! in
ca!e of di!ruption of operation!) It indicate! t#e earlie!t point in time to &#ic# it i!acceptable to reco$er t#e data) R effecti$el% 1uantifie! permi!!ible amount of
data lo!! in ca!e of interruption)
Reco$er% te!tin( A te!t to c#ec" t#e !%!tem/! abilit% to reco$er after a !oft&are or #ard&are failure
Reco$er% time obecti$e
*RT+
T#e reco$er% time obecti$e i! determined ba!ed on t#e acceptable !o&n time in
ca!e of di!ruption of operation!) It indicate! )It indicate! t#e earlie!t point in time
at &#ic# t#e bu!ine!! operation! mu!t re!ume after di!a!ter)
Redundant Arra% of
Ine'pen!i$e Di!"!*RAID+
ro$ide! performance impro$ement! and fault3tolerant capabilitie! $ia #ard&are
or !oft&are !oft &are !olution!, b% &ritin( to a !erie! of multiple di!"! to impro$e performance and9or !a$e lar(e file! !imultaneou!l%
Redo lo(! 6ile! maintained b% a !%!tem, primaril% a databa!e mana(ement !%!tem, for t#e purpo!ed of reappl%in( c#an(e! follo&in( an error or outa(e reco$er%
Redundanc% c#ec" Detect! tran!mi!!ion error! b% appendin( calculated bit! onto t#e end of eac#
!e(ment of dataReen(ineerin( A proce!! in$ol$in( t#e e'traction of component! from e'i!tin( !%!tem! and
re!tructurin( t#e!e component! to de$elop ne& !%!tem! or to en#ance t#eefficienc% of e'i!tin( !%!tem!) E'i!tin( !oft&are !%!tem! t#u! can be moderni.ed
to prolon( t#eir functionalit%) An e'ample of t#i! i! a !oft&are code tran!lator t#at
can ta"e an e'i!tin( #ierarc#ical databa!e !%!tem and tran!po!e it to a relationaldataba!e !%!tem) CASE include! a !ource code reen(ineerin( feature)
Re(i!tration aut#orit%*RA+
An optional entit% !eparate from a CA t#at &ould be u!ed b% a CA &it# a $er%lar(e cu!tomer ba!e, CA! u!e RA! to dele(ate !ome of t#e admini!trati$e
function! a!!ociated &it# recordin( or $erif%in( !ome or all or t#e information
needed b% a CAA to i!!ue certificate! or CR! and to perform ot#er certificate
mana(ement function!) Ho&e$er, &it# t#i! arran(ement, t#e CA !till retain! !olere!pon!ibilit% for !i(nin( eit#er di(ital certificate! or CR!) I6 an RA i! not
pre!ent in t#e e!tabli!#ed 4I !tructure, t#e CA i! a!!umed to #a$e t#e !ame !et of
capabilitie! a! t#o!e defined for an RA)
Re(re!!ion te!tin( A te!tin( tec#ni1ue u!ed to rete!t earlier pro(ram a bend! or lo(ical error! t#at
occurred durin( t#e initial te!tin( p#a!e
Rele$ant audit e$idence Audit e$idence i! rele$ant if it pertain! to t#e audit obecti$e! and #a! a lo(ical
relation!#ip to t#e findin(! and conclu!ion!
Reliable audit e$idence Audit e$idence i! reliable of, in t#e IS auditor/! opinion, it i! $alid, factual,
obecti$e and !upportable)
Rel% 9 Reliance *on a
Certificate and Di(italSi(nature+
To accept a di(ital !i(nature and act in a manner t#at could be detrimental to
one!elf &ere t#e di(ital !i(nature to be ineffecti$e *See also rel%in( part%-recipient+
Rel%in( art% A recipient &#o act! in reliance on a certificate and di(ital !i(nature) See also
recipient- rel% or reliance *on a certificate and di(ital !i(nature+)
Remote acce!! !er$ice
*RAS+
Refer! to an% combination of #ard&are and !oft&are to enable t#e remote acce!! to
tool! or information t#at t%picall% re!ide on a net&or" of IT de$ice!) ri(inall%coined b% Micro!oft &#en referrin( t#eir built3in T remote acce!! tool!, RAS
&a! a !er$ice pro$ided b% &indo&! T &#ic# allo&! mo!t of t#e !er$ice! t#at
&ould be a$ailable on a net&or" to be acce!!ed o$er a modem lin") $er t#e
F2
8/11/2019 Cisa Glossary Combined
http://slidepdf.com/reader/full/cisa-glossary-combined 53/69
CISA DECEMBER, 2007 BATCH
%ear!, Man% $endor! #a$e pro$ided bot# #ard&are and !oft&are !olution! to (ain
remote acce!! to $ariou! t%pe! of net&or"ed information) In fact, mo!t modern
router! include a ba!ic RAS capabilit% t#at can be enabled for an% dial3upinterface)
Remote ob entr% *R@E+ T#e tran!mi!!ion of ob control lan(ua(e *@C+ and batc#e! of tran!action! from aremote terminal location
Remote rocedure Call
*RC+
T#e traditional Internet !er$ice protocol &idel% u!ed for man% %ear! on ?I3
ba!ed operatin( !%!tem! and !upported b% t#e Internet En(ineerin( Ta!" 6orce*IET6+t#at allo&! a pro(ram on one computer to e'ecute a pro(ram on anot#er
*e)(), !er$er+) T#e primar% benefit deri$ed from it! u!e i! t#at a !%!tem de$eloper
need not de$elop !pecific procedure! for t#e tar(eted computer !%!tem) 6or e'ample, in a client3!er$er arran(ement, t#e client pro(ram !end! a me!!a(e to t#e
!er$er &it# appropriate ar(ument!, and t#e !er$er return! a me!!a(e containin( t#e
re!ult! of t#e pro(ram e'ecuted) Common bect Re1ue!t Bro"er Arc#itecture*CRBA+ and Di!tributed Component bect Model *DCM+ are t&o ne&er
obect3oriented met#od! for related RC functionalit%)
Rene&al T#e proce!! of obtainin( a ne& Di(ital Si(nature Certificate of t#e !ame cla!! and
t%pe for t#e !ame !ubect once an e'i!tin( Di(ital Si(nature Certificate #a!
e'pired)Repeater! A #%!ical la%er de$ice t#at re(enerate! and propa(ate! electrical !i(nal! bet&een
t&o net&or" !e(ment!) Repeater! recei$e !i(nal! from one net&or" !e(ment and
amplif% *re(enerate+ t#e !i(nal to compen!ate for !i(nal! *analo( or di(ital+di!torted b% tran!mi!!ion lo!! due to reduction of !i(nal !tren(t# durin(
tran!mi!!ion *i)e), attenuation+)
Replication In it! broad computin( !en!e, in$ol$e! t#e u!e of redundant !oft&are or #ard&are
element! to pro$ide a$ailabilit% and fault3tolerant capabilitie!) In a databa!e
conte't, replication in$ol$e! t#e !#arin( of data bet&een databa!e! to reduce&or"load amon( databa!e !er$er!, t#ereb% impro$in( client performance, &#ile
maintainin( con!i!tenc% amon( all !%!tem!)
Repo!itor% T#e central databa!e t#at !tore! and or(ani.e! data)
A databa!e of Di(ital Si(nature Certificate! and ot#er rele$ant informationacce!!ible on3line)
Repudiation T#e denial b% one of t#e partie! to a tran!action or part of t#at tran!action or of t#econtent of communication! related to t#at tran!action)
T#e denial or attempted denial b% an entit% in$ol$ed in a communication of #a$in(
participated in all or part of t#e communication) *See Also onrepudiation+)
Reputational ri!" T#e current and pro!pecti$e effect on earnin(! and capital ari!in( from ne(ati$e
public opinion) T#i! affect! t#e ban"/! abilit% to e!tabli!# ne& relation!#ip! or !er$ice! or continue !er$icin( e'i!tin( relation!#ip!) Reputation ri!" ma% e'po!e
t#e ban" to liti(ation, financial lo!! or a decline in it! cu!tomer ba!e) A ban"/!
reputation can be dama(ed b% internet ban"in( !er$ice! t#at are poorl% e'ecuted or ot#er&i!e alienate cu!tomer! and t#e public) An internet ban" #a! a (reater
reputation ri!" a! compared to a traditional bric"3and3mortar ban" !ince it i! ea!ier
for it! cu!tomer! to lea$e and (o to a different internet band and !ince it cannotdi!cu!! an% problem! &it# t#e cu!tomer in per!on
F;
8/11/2019 Cisa Glossary Combined
http://slidepdf.com/reader/full/cisa-glossary-combined 54/69
CISA DECEMBER, 2007 BATCH
Repo!itor% *R6+ A document di!tributed to !oft&are $endor! re1ue!tin( t#eir !ubmi!!ion of a
propo!al to de$elop or pro$ide a !oft&are product
Re1uirement! definition A p#a!e of a SDC met#odolo(% &#ere t#e affected u!er (roup! define t#e
re1uirement! of t#e !%!tem for meetin( t#e defined need!
Re!idual ri!" T#e ri!" a!!ociated &it# an e$ent &#en t#e control i! in place to reduce t#e effect
or li"eli#ood of t#at e$ent bein( ta"en into account
Re1uirement! definition A p#a!e of a SDC met#odolo(% &#ere t#e affected u!er (roup! define t#e
re1uirement! of t#e !%!tem for meetin( t#e defined need!Re!ilience T#e abilit% of a !%!tem or net&or" to reco$er automaticall% from an% di!ruption,
u!uall% &it# minimal reco(ni.able effect
Return on in$e!tment*RI+
A mea!ure of operatin( performance and efficienc%, computed in it! !imple!t form b% di$idin( net income b% a$era(e total a!!et!)
Re$er!e en(ineerin( A !oft&are en(ineerin( tec#ni1ue &#ereb% e'i!tin( application !%!tem code can be rede!i(ned and coded u!in( computer3aided !oft&are en(ineerin( *CASE+)
Re$o"e a Certificate T#e proce!! of permanentl% endin( t#e operational period of a Di(ital Si(nature
Certificate from a !pecified time for&ard
Rin( confi(uration ?!ed in dit#er to"en rin( or 6DDI net&or"!, all !tation! *node!+ are connected to a
multi!tation acce!! unit *MSA?+, &#ic# p#%!icall% re!emble! a !tar3t%pe topolo(%,
A rin( confi(uration i! created &#en t#e!e MSA?! are lin"ed to(et#er in formin(a net&or") Me!!a(e! in t#i! net&or" are !ent in a determini!tic fa!#ion from
!ender and recei$er $ia a !mall frame, referred to a! a to"en rin() To !end ame!!a(e, a !ender obtain! t#e to"en &it# t#e ri(#t priorit% a! t#e to"en tra$el!
around t#e rin(, &it# recei$in( node! readin( t#o!e me!!a(e! addre!!ed to it)
R6C*re1ue!t for
comment!+
A document t#at #a! been appro$ed b% t#e IET6 become! an R6C and i! a!!i(ned
a uni1ue number once publi!#ed) If it (ain! enou(# intere!t, it ma% e$ol$e into an
Internet !tandard)
Rin( topolo(% A t%pe of A arc#itecture in &#ic# t#e cable form! a loop, &it# !tation! attac#ed
at inter$al! around t#e loop) Si(nal! tran!mitted around t#e rin( ta"e t#e form of
me!!a(e!) Eac# !tation recei$e! t#e me!!a(e! and eac# !tation determine!, on t#e
ba!i! of an addre!!, &#et#er to accept or proce!! a (i$en me!!a(e) Ho&e$er) after recei$in( a me!!a(e, eac# !tation act! a! a repeater, retran!mittin( t#e me!!a(e at
it! ori(inal !i(nal !tren(t#
Ri!" T#e potential t#at a (i$en t#reat &ill e'ploit $ulnerabilitie! of an a!!et or (roup of
a!!et! to cau!e lo!! of9or dama(e to t#e a!!et!) It u!uall% i! mea!ured b% acombination of impact and probabilit% of occurrence)
T#e potential of dama(e to a !%!tem or a!!ociated a!!et! t#at e'i!t! a! a re!ult of t#e combination of !ecurit% t#reat and $ulnerabilit%)
Ri!" Anal%!i! T#e proce!! of identif%in( !ecurit% ri!"!, determinin( t#eir ma(nitude, and
identif%in( area! needin( !afe(uard!)
Ri!" a!!e!!ment A proce!! u!ed to identif% and e$aluate ri!"! and t#eir potential effect!)
An anal%!i! of !%!tem a!!et! and $ulnerabilitie! to e!tabli!# an e'pected lo!! fromcertain e$ent! ba!ed on e!timated probabilitie! of t#e occurrence of t#o!e e$ent!)
Ri!" Mana(ement T#e total proce!! of identif%in(, controllin(, and eliminatin( or minimi.in(
uncertain e$ent! t#at ma% affect Information Tec#nolo(% !%!tem re!ource!)
F
8/11/2019 Cisa Glossary Combined
http://slidepdf.com/reader/full/cisa-glossary-combined 55/69
CISA DECEMBER, 2007 BATCH
Root "it A !oft&are !uite de!i(ned to aid an intruder in (ainin( unaut#ori.ed admini!trati$e
acce!! to a computer !%!tem
Rotatin( !tandb% A fail3o$er proce!! in &#ic# t#ere are t&o node! *a! in idle !tandb% but &it#out
priorit%+) T#e node t#at enter! t#e clu!ter fir!t o&n! t#e re!ource (roup, and t#e
!econd &ill oin a! a !tandb% node)
Roundin( do&n A met#od of computer fraud in$ol$in( a computer code t#at in!truct! t#e computer
to remo$e !mall amount! of mone% from an aut#ori.ed computer tran!action b%
roundin( do&n to t#e neare!t &#ole $alue denomination and reroutin( t#e roundedoff amount to t#e perpetrator/! account
Router A net&or"in( de$ice t#at can !end *route+ pac"et! to t#e connected A !e(ment, ba!ed on addre!!in( at t#e net&or" la%er *a%er ;+ in t#e SI model) et&or"!
connected b% router! can u!e different or !imilar net&or"in( protocol!) Router!
u!uall% are capable of filterin( pac"et! ba!ed on parameter!, !uc# a! !ourceaddre!!, de!tination addre!!, protocol and net&or" application *port!+)
RS32;2 interface Interface bet&een data terminal e1uipment and data communication! e1uipmentemplo%in( !erial binar% data interc#an(e
RSA A public "e% cr%pto!%!tem de$eloped b% R) Ri$e!t, A) S#amir and ) Adleman)
RSA #a! t&o different "e%!- t#e public encr%ption "e% and t#e !ecret decr%ption
"e%) T#e !tren(t# of RSA depend! on t#e difficult% of t#e prime number factori.ation) 6or application! &it# #i(#3le$el !ecurit%, t#e number of t#e
decr%ption "e% bit! !#ould be (reater t#an F52 bit!) RSA i! u!ed for bot#encr%ption and di(ital !i(nature!)
A public "e% cr%pto(rap#ic !%!tem in$ented b% Ri$e!t, S#amir Adelman)
Rule ba!e T#e li!t of rule! and9or (uidance t#at i! u!ed to anal%.e e$ent data
Run in!truction! Computer operatin( in!truction! &#ic# detail t#e !tep3b%3!tep proce!!e! t#at are to
occur !o an application !%!tem can be properl% e'ecuted) It al!o identifie! #o& to
addre!! problem! t#at occur durin( proce!!in()Run3to3run total! ro$ide $erification t#at all tran!mitted data are read and proce!!ed
Salami tec#ni1ue A met#od of computer fraud in$ol$in( a computer code t#at in!truct! t#e computer
to !lice off !mall amount! of mone% from an aut#ori.ed computer tran!action andreroute t#i! amount to t#e perpetrator/! account
Samplin( ri!" T#e probabilit% t#at t#e IS auditor #a! reac#ed an incorrect conclu!ion becau!e anaudit !ample, rater t#an t#e &#ole population, &a! te!ted, &#ile !amplin( ri!" can
be reduced to an acceptabl% lo& le$el b% u!in( an appropriate !ample !i.e and
!election met#od, it can ne$er be eliminated)Sc#edulin( A met#od u!ed in t#e information proce!!in( facilit% *I6+ to determine and
e!tabli!# t#e !e1uence of computer ob proce!!in(
Scope creep Al!o called re1uirement creep, t#i! refer! to uncontrolled c#an(e! in a proect/!
!cope) T#i! p#enomenon can occur &#en t#e !cope lf a proect i! not properl%
defined, documented and controlled) T%picall%, t#e !cope increa!e con!i!t! of eit#er ne& product! or ne& feature! of alread% appro$ed product!) Hence, t#e
proect team drift! a&a% from it! ori(inal purpo!e) Becau!e of one/! tendenc% to
focu! on onl% one dimen!ion of a proect, !cope creep can al!o re!ult in a proect
FF
8/11/2019 Cisa Glossary Combined
http://slidepdf.com/reader/full/cisa-glossary-combined 56/69
CISA DECEMBER, 2007 BATCH
team o$errunnin( it! ori(inal bud(et and !c#edule) 6or e'ample, !cope creep can
be a re!ult of poor c#an(e control, lac" of proper identification of &#at product!
and feature! are re1uired to brin( about t#e ac#ie$ement of proect obecti$e! int#e fir!t place, or a &ea" proect mana(er or e'ecuti$e !pon!or)
Screenin( router! A router confi(ured to permit or den% traffic ba!ed on a !et of permi!!ion rule!in!talled b% t#e admini!trator
Secret S#are A portion of a cr%pto(rap#ic !ecret !plit amon( a number of p#%!ical to"en!)
Secret S#are Holder An aut#ori.ed #older of a p#%!ical to"en containin( a !ecret !#are)
Secure C#annel A cr%pto(rap#icall% en#anced communication! pat# t#at protect! me!!a(e! a(ain!t percei$ed !ecurit% t#reat!)
Secure Soc"et! a%er *SS+
A protocol t#at i! u!ed to tran!mit pri$ate document! t#rou(# t#e Internet) T#i! protocol u!e! a pri$ate "e% to encr%pt t#e data t#at i! to be tran!ferred t#rou(# t#e
SS connection)
Secure S%!tem Mean! computer #ard&are, !oft&are, and procedure t#atO
*a+ are rea!onabl% !ecure from unaut#ori!ed acce!! and mi!u!e-
*b+ pro$ide a rea!onable le$el of reliabilit% and correct operation-
*c+ are rea!onabl% !uited to performin( t#e intended function!- and *d+ ad#ere to (enerall% accepted !ecurit% procedure!)
Securit% T#e 1ualit% or !tate of bein( protected from unaut#ori.ed acce!! or uncontrolledlo!!e! or effect!) Ab!olute !ecurit% i! impo!!ible to ac#ie$e in practice and t#e
1ualit% of a (i$en !ecurit% !%!tem i! relati$e) >it#in a !tate3model !ecurit%
!%!tem, !ecurit% i! a !pecific !tate to be pre!er$ed under $ariou! operation!)
Securit% admini!trator T#e per!on re!pon!ible for implementin(, monitorin( and enforcin( !ecurit% rule!
e!tabli!#ed and aut#ori.ed b% mana(ement
Securit% mana(ement 5+ T#e proce!! of e!tabli!#in( and maintainin( !ecurit% in a computer or net&or"
!%!tem) T#e !ta(e! of t#i! proce!! include pre$ention of !ecurit% problem!,
detection of intru!ion!, in$e!ti(ation of intru!ion! and re!olution)
2+ In net&or" mana(ement, controllin( acce!! to t#e net&or" and re!ource!,findin( intru!ion!, identif%in( entr% point! for intruder! and repairin( or ot#er&i!e
clo!in( t#o!e a$enue! of acce!!)
Securit% perimeter T#e boundar% t#at define! t#e area of !ecurit% concern and !ecurit% polic%
co$era(e
Securit% polic% 5+T#e !et of mana(ement !tatement! t#at document! an or(ani.ation/! p#ilo!op#%
of protectin( it! computin( and information a!!et!)
2+T#e !et of !ecurit% rule! enforced b% t#e !%!tem/! !ecurit% feature!)
A document &#ic# articulate! re1uirement! and (ood practice! re(ardin( t#e protection! maintained b% a tru!t&ort#% !%!tem)
Securit% rocedure Mean! t#e !ecurit% procedure pre!cribed under an Act pa!!ed b% t#e o$ernment)
Securit% Ser$ice! Ser$ice! pro$ided b% a !et of !ecurit% frame&or"! and performed b% mean! of
certain !ecurit% mec#ani!m! Suc# !er$ice! include, but are not limited to, acce!!
control, data confidentialit%, and data inte(rit%)
Securit% !oft&are Soft&are u!ed to admini!ter lo(ical !ecurit%) It u!uall% include! aut#entication of
u!er!, acce!! (rantin( accordin( to predefined rule!, monitorin( and reportin(
FG
8/11/2019 Cisa Glossary Combined
http://slidepdf.com/reader/full/cisa-glossary-combined 57/69
CISA DECEMBER, 2007 BATCH
function!,
Securit% te!tin( Ma"in( !ure t#e modified9ne& !%!tem include! appropriate acce!! control! and
doe! not introduce an% !ecurit% #ole! t#at mi(#t compromi!e ot#er !%!tem!
Securit%9tran!action ri!" T#e current and pro!pecti$e ri!" to earnin(! and capital ari!in( from fraud, error
and t#e inabilit% to deli$er product! or !er$ice!, maintain a competiti$e po!itionand mana(e information) Securit% ri!" i! e$ident in eac# product and !er$ice
offered and encompa!!e! product de$elopment and deli$er%, tran!action
proce!!in(, !%!tem! de$elopment, computin( !%!tem!, comple'it% of product! and!er$ice! and t#e internal control en$ironment) A #i(# le$el of !ecurit% ri!" ma%
e'i!t &it# Internet ban"in( product!, particularl% if t#o!e line! of bu!ine!! are not
ade1uatel% planned, implemented and monitored)
Securit% Pone An area to &#ic# acce!! i! limited to aut#ori!ed per!onnel and to aut#ori!ed and
properl% e!corted $i!itor! Securit% Pone! !#ould preferabl% be acce!!ible from an
peration! Pone, and t#rou(# a !pecific entr% point A Securit% Pone need not be!eparated from an peration! Pone b% a !ecure perimeter A Securit% Pone !#ould
be monitored 2 #our! a da% and 7 &ee" b% !ecurit% !taff, ot#er per!onnel or
electronic mean!)
Se(re(ation9!eparation of
dutie!
A ba!ic control t#at pre$ent! or detect! error! !and irre(ularitie! b% a!!i(nin(
re!pon!ibilit% for initiatin( tran!action!, recordin( tran!action! and cu!tod% of a!!et! to !eparate indi$idual!) Commonl% u!ed in lar(e IT or(ani.ation! !o t#at on
!in(le per!on i! in a po!ition to introduce fraudulent or maliciou! code &it#out
detection)
Self3Si(ned ublic 4e% A data !tructure t#at i! con!tructed t#e !ame a! a Di(ital Si(nature Certificate but
t#at i! !i(ned b% it! !ubect ?nli"e a Di(ital Si(nature Certificate, a !elf3!i(ned
public "e% cannot be u!ed in a tru!t&ort#% manner to aut#enticate a public "e% toot#er partie!)
Se1uence c#ec" Jerifie! t#at t#e control number follo&! !e1uentiall%/ and an% control number! outof !e1uence are reected or noted on an e'ception report for furt#er re!earc# *can
be alp#a or numeric and u!uall% utili.e! a "e% field+
Se1uential file A computer file !tora(e format in &#ic# one record follo&! anot#er) Record! can
be acce!!ed !e1uentiall% onl%) It i! re1uired &it# ma(netic tape)
Ser$er A computer !%!tem t#at re!pond! to re1ue!t! from client !%!tem!)
Ser$ice bureau A computer facilit% t#at pro$ide! data proce!!in( !er$ice! to client! on a continual
ba!i!
Ser$ice le$el a(reement
*SA+
Defined minimum performance mea!ure! at or abo$e &#ic# t#e !er$ice deli$ered
i! con!idered acceptable
Ser$ice pro$ider T#e or(ani.ation pro$idin( t#e out!ourced !er$ice
Ser$ice u!er T#e or(ani.ation u!in( t#e out!ourced !er$ice
Ser$ice !et identifier
*SSID+
In >i3fi >irele!! A computer net&or"in(, t#i! i! a code attac#ed to al pac"et!
on a &irele!! net&or" to identif% eac# pac"et a! part of t#at net&or") T#e code
con!i!t! of a ma'imum of ;2 alp#anumeric c#aracter!) All &irele!! de$ice!attemptin( to communicate &it# eac# ot#er mu!t !#are t#e !ame SSID) Apart from
identif%in( eac# pac"et, SSID al!o !er$e! to uni1uel% identif% a (roup of &irele!!
net&or" de$ice! u!ed in a (i$en !er$ice !et) T#ere are t&o maor $ariant! of t#e
F7
8/11/2019 Cisa Glossary Combined
http://slidepdf.com/reader/full/cisa-glossary-combined 58/69
CISA DECEMBER, 2007 BATCH
SSID) Ad #oc &irele!! net&or"! t#at con!i!t of client mac#ine! &it#out an acce!!
point u!e t#e IBSSID *Independent Ba!ic Ser$ice Set Identifier+- &#erea! on an
infra!tructure net&or" &#ic# include! an acce!! point, t#e ba!ic !er$ice !etidentifier *BSS ID+ or e'tended !er$ice !et identifier *ESS ID+ i! u!ed in!tead)
Ser$let T%picall% indicate! a a$a applet or a !mall pro(ram t#at run! &it#in a &eb !er$er en$ironment) A a$a !er$let i! !imilar to a CI pro(ram, but unli"e a CI
pro(ram, once !tarted, it !ta%! in memor% and can fulfill multiple re1ue!t!, t#ereb%
!a$in( !er$er e'ecution time and !peedin( up t#e !er$ice!)Se!!ion border controller
*SBC+
ro$ide !ecurit% feature! for JoI traffic !imilar to t#at pro$ided b% fire&all!)
SBC! can be confi(ured to filter !pecific JoI protocol!, monitor for denial3of3
!er$ice *DS+ attac"!, and pro$ide met&or" addre!! and protocol tran!lationfeature!)
S#ell T#e interface bet&een t#e u!er and t#e !%!tem
Si(n To create a di(ital !i(nature for a me!!a(e, or to affi' a !i(nature to a document,dependin( upon t#e conte't)
Si(nature! attern! indicatin( mi!u!e of a !%!tem)
Si(ner A per!on &#o create! a di(ital !i(nature for a me!!a(e, or a !i(nature for a
documentSimple fail3o$er A fail3o$er proce!! in &#ic# t#e primar% node o&n! t#e re!ource (roup) T#e
bac"up node run! a non3critical application *e)(), a de$elopment or te!t
en$ironment+ and ta"e! o$er t#e critical re!ource (roup but not $ice $er!a)
Si(n3on procedure T#e procedure performed b% a u!er to (ain acce!! to an application or operatin(!%!tem) If t#e u!er i! properl% identified and aut#enticated b% t#e !%!tem/!
!ecurit%, t#e% &ill be able to acce!! t#e !oft&are)
Simple bect Acce!!
protocol *SA+
A platform3independent, M3ba!ed formatted protocol enablin( application! to
communicate &it# eac# ot#er o$er t#e Internet) ?!e of t#i! protocol ma% pro$ide a
!i(nificant !ecurit% ri!" to &eb application operation!, !ince u!e of SA pi((%bac"! onto a &eb3ba!ed document obect model and i! tran!mitted $ia HTT
*port 0+ to penetrate !er$er fire&all!, &#ic# are u!uall% confi(ured to accept port0 and port 25 *6T+ re1ue!t!) >eb3 ba!ed document model! define #o& obect!on a &eb pa(e are a!!ociated &it# eac# ot#er and #o& t#e% can be manipulated
&#ile bein( !ent from a !er$er to a client bro&!er) SA form! t#e foundation
la%er of t#e &eb !er$ice! !tac", pro$idin( a ba!ic me!!a(in( frame&or" on &#ic#
more ab!tract la%er! can build) T#ere are !e$eral different t%pe! of pro$idin( a ba!ic me!!a(in( frame&or" on &#ic# more ab!tract la%er! can build) T#ere are
!e$eral different t%pe! of me!!a(in( pattern! in SA, but b% far t#e mo!t
common i! t#e Remote procedure Cal *RC+ pattern, in &#ic# one net&or" node*t#e client+!end! a re1ue!t me!!a(e to anot#er node *t#e !er$er+, and t#e !er$er
immediatel% !end! a re!pon!e me!!a(e to t#e client)
Sin(le point of failure A re!ource &#o!e lo!! &ill re!ult in t#e lo!! of !er$ice or production
Slac" time *float+ Time in t#e proect !c#edule, t#e u!e of &#ic# doe! not affect t#e proect/! critical
pat# *t#e minimum time to complete t#e proect ba!ed upon t#e e!timated time for eac# proect !e(ment and t#eir relation!#ip!+) Slac" time i! commonl% referred to
a! float8 and (enerall% i! not o&ned8 b% eit#er part% to t#e tran!action)
F
8/11/2019 Cisa Glossary Combined
http://slidepdf.com/reader/full/cisa-glossary-combined 59/69
CISA DECEMBER, 2007 BATCH
SMART *!pecific,
mea!urable, ac#ie$able,rele$ant, time3bound+
A de$elopment met#odolo(% for $alue mana(ement
Smart card A !mall electronic de$ice t#at contain! electronic memor%, and po!!ibl% anembedded inte(rated circuit) It can be u!ed for a number of purpo!e! includin( t#e
!tora(e of di(ital certificate! or di(ital ca!#, or it can be u!ed a! a to"en to
aut#enticate u!er!)
A #ard&are to"en t#at incorporate! one or more inte(rated circuit *IC+ c#ip! to
implement cr%pto(rap#ic function! and t#at po!!e!!e! !ome in#erent re!i!tance to
tamperin()
S9Mime A !pecification for E3mail !ecurit% e'ploitin( a cr%pto(rap#ic me!!a(e !%nta' in
an Internet mime en$ironment)
SMT *Simple Mail
Tran!port rotocol
T#e !tandard e3mail protocol on t#e internet
Sniff T#e act of capturin( net&or" pac"et!, includin( t#e!e not nece!!aril% de!tined for
t#e computer runnin( t#e !niffin(
Soft&are ro(ram! and !upportin( documentation t#at enable and facilitate u!e of t#ecomputer) Soft&are control! t#e operation of t#e #ard&are,
Source code Source code i! t#e lan(ua(e in &#ic# a pro(ram i! &ritten) Source code i!
tran!lated into obect code b% a!!embler! and compiler!) In !ome ca!e!, !ource
code ma% be con$erted automaticall% into anot#er lan(ua(e b% a con$er!ion pro(ram) Source code i! not e'ecutable b% t#e computer directl%) It mu!t fir!t be
con$erted into mac#ine lan(ua(e)
Source code compare
pro(ram!
ro(ram! t#at pro$ide a!!urance t#at t#e !oft&are bein( audited i! t#e correct
$er!ion of t#e !oft&are, b% pro$idin( a meanin(ful li!tin( of an% di!crepancie!
bet&een t#e t&o $er!ion! of t#e pro(ram
Source document! T#e form! u!ed to record data t#at #a$e been captured) A !ource document ma% be
a piece of paper/ a turnaround document or an ima(e di!pla%ed for online datainput)
Source line! of code
*SC+
Source line! of code are often u!ed in deri$in( !in(le3point !oft&are !i.e
e!timation!)
Spannin( port A port confi(ured on a net&or" !&itc# to recei$e copie! of traffic from one or
more ot#er port! on t#e !&itc#)
Split data !%!tem! A condition in &#ic# eac# of an or(ani.ation/! re(ional location! maintain! it!
o&n financial and operational data &#ile !#arin( proce!!in( &it# an or(ani.ation
&ide, centrali.ed databa!e) T#i! permit! ea!% !#arin( of data &#ile maintainin( acertain le$el of autonom%)
Split DS An implementation of DS intended to !ecure re!pon!e! pro$ided b% t#e !er$er
!uc# t#at different re!pon!e! are (i$en to internal $!) e'ternal u!er!
Spoofin( 6a"in( t#e !endin( addre!! of a tran!mi!!ion in order to (ain ille(al entr% into a!ecure !%!tem
Spool *!imultaneou! perip#eral operation!
online+
An automated function t#at can be operatin( !%!tem or application ba!ed in &#ic#electronic data bein( tran!mitted bet&een !tora(e area! are !pooled until t#e
recei$in( de$ice or !tora(e area i! prepared and able to recei$e t#e information)
T#i! operation allo&! more efficient electronic data tran!fer! from one de$ice to
anot#er b% permittin( #i(#er !peed !endin( function!, !uc# a! internal memor%, tocontinue on &it# ot#er operation! in!tead of &aitin( on t#e !lo&er !peed recei$in(
F:
8/11/2019 Cisa Glossary Combined
http://slidepdf.com/reader/full/cisa-glossary-combined 60/69
CISA DECEMBER, 2007 BATCH
de$ice, !uc# a! a printer) )
Standin( data ermanent reference data u!ed in tran!action proce!!in() T#e!e data are c#an(ed
infre1uentl%, !uc# a! a product price file or a name and addre!! file)
Sp%&are Soft&are &#o!e purpo!e i! to monitor a computer u!er/! action! *e)(), &eb !ite!
t#e% $i!it+ and report t#e!e action! to a t#ird part%, &it#out t#e informed con!ent of
t#e mac#ine/! o&ner or le(itimate u!er) A particularl% maliciou! form of !p%&arei! !oft&are t#at monitor! "e%!tro"e! * e)(), to obtain pa!!&ord!+ or ot#er&i!e
(at#er! !en!iti$e information !uc# a! credit card number!, &#ic# it t#em tran!mit!
to a maliciou! t#ird part%) T#e term #a! al!o come to refer more broadl% to!oft&are t#at !ub$ert! t#e computer/! operation for t#e benefit of a t#ird part%)
Determine! t#e inte(rit% if actual proce!!in(, &#ic# pro$ide! e$idence of t#e
$alidit% of t#e final out come) T#i! i! done out !ide of a re$ie& of proce!!e! andrelated internal control!) 6or e'ample, balance! in t#e financial !tatement and t#e
tran!action! to !upport t#o!e balance! are a !ub!tanti$e te!t) eneral t%pe! of
te!tin( in$ol$e recalculation, confirmation!, $erification of outcome! from ot#er information !ource! and ob!er$ation!) Sub!tanti$e te!tin( &ill be limited &#en
t#ere i! a lo& ri!" of control failure) Con$er!el%, if t#e te!tin( of bb
Stati!tical !amplin( A met#od of !electin( a portion of a population, b% mean! of mat#ematical
calculation! and probabilitie!, for t#e purpo!e of ma"in( !cenicall% and
mat#ematicall% !ound inference! re(ardin( t#e c#aracteri!tic! of t#e entire
population
Strate(ic ri!" T#e current and pro!pecti$e effect on earnin(! or capital ari!in( from ad$er!e
bu!ine!! deci!ion!, improper implementation of deci!ion! or lac" of re!pon!i$ene!! to indu!tr% c#an(e!)
Structured pro(rammin( A top3do&n tec#ni1ue of de!i(nin( pro(ram! and end u!er! in acce!!in( relationaldataba!e!
Stora(e area net&or"!*SA!+
A $ariation of a A t#at i! dedicated for t#e e'pre!! purpo!e of connectin(!tora(e de$ice! to !er$er! and ot#er computin( de$ice!) SA! centrali.e t#e
proce!! for t#e !tora(e and admini!tration of data)
Structured uer%an(ua(e *S+
T#e primar% lan(ua(e u!ed b% bot# application pro(rammer! and end u!er! inacce!!in( relational databa!e!
Subect *of a Certificate+ T#e #older of a pri$ate "e% corre!pondin( to a public "e% T#e term !ubect8 canrefer to bot# t#e e1uipment or de$ice t#at #old! a pri$ate "e% and to t#e indi$idual
per!on, if an%, &#o control! t#at e1uipment or de$ice A !ubect i! a!!i(ned an
unambi(uou! name, &#ic# i! bound to t#e public "e% contained in t#e !ubect/!Di(ital Si(nature Certificate)
Subect matter *Area of acti$it%+ T#e !pecific information !ubect to t#e IS auditor/! report andrelated procedure! &#ic# can include t#in(! !uc# a! t#e de!i(n or operation of
internal control! and compliance &it# pri$ac% practice! of !tandard! or !pecified
la&! and re(ulation!)
Subect ame T#e unambi(uou! $alue in t#e !ubect name field of a Di(ital Si(nature
Certificate, &#ic# i! bound to t#e public "e%)
Sub!criber A per!on in &#o!e name t#e Di(ital Si(nature Certificate i! i!!ued)
Sub!criber A(reement T#e a(reement e'ecuted bet&een a !ub!criber and a Certif%in( Aut#orit% for t#e
pro$i!ion of de!i(nated public certification !er$ice! in accordance &it# t#i!
Certification ractice Statement)
Sub!criber Information Information !upplied to a certification aut#orit% a! part of a Di(ital Si(nature
Certificate application *See also certificate application+)
G0
8/11/2019 Cisa Glossary Combined
http://slidepdf.com/reader/full/cisa-glossary-combined 61/69
CISA DECEMBER, 2007 BATCH
Sub!tanti$e te!tin( Determine! t#e inte(rit% of actual proce!!in(, &#ic# pro$ide! e$idence of t#e
$alidit% of t#e final outcome) T#i! i! done out!ide of a re$ie& of proce!!e! and
related internal control!) 6or e'ample, balance! in t#e financial !tatement and t#etran!action! to !upport t#o!e balance! are a !ub!tanti$e te!t) eneral t%pe! of
te!tin( in$ol$e recalculation, confirmation!, $erification of outcome! from ot#er
information !ource! and ob!er$ation!) Sub!tanti$e te!tin( &ill be limited &#ent#ere i! a lo& ri!" of control failure) Con$er!el%, if t#e te!tin( of control! re$eal!
&ea"ne!!e! in control, t#e le$el of !ub!tanti$e te!tin( &ould be increa!ed)Suppl% c#ainmana(ement*SCM+
A concept t#at allo&! an or(ani.ation to more effecti$el% and efficientl% mana(et#e acti$itie! of de!i(n, manufacturin(, di!tribution, !er$ice and rec%clin( of
product! and !er$ice! it! t#eir cu!tomer!)
Su!pend a Certificate A temporar% #old placed on t#e effecti$ene!! of t#e operational period of a
Di(ital Si(nature Certificate &it#out permanentl% re$o"in( t#e Di(ital Si(nature
Certificate A Di(ital Si(nature Certificate !u!pen!ion i! in$o"ed b%, eg, a CRentr% &it# a rea!on code *See also re$o"e a certificate+)
Su!pen!e file A computer file u!ed to maintain information *i)e), on tran!action!, pa%ment!, or ot#er e$ent!+ until t#e proper di!po!ition of t#at information can be determined)
nce t#e proper di!po!ition of t#e item i! determined, it !#ould be remo$ed from
t#e !u!pen!e file and proce!!ed in accordance &it# t#e proper procedure! for t#at particular tran!action) T&o e'ample! of item! t#at ma% be included in a !u!pen!efile are receipt of a pa%ment from a !ource t#at i! not readil% identified or data t#at
do not %et #a$e an identified matc# durin( mi(ration to a ne& application)
Sufficient audit e$idence
Audit e$idence i! !ufficient if it i! ade1uate, con$incin( and &ould lead anot#er IS
auditor to form t#e !ame conclu!ion!)
Sur(e !uppre!!or 6ilter! ort electrical !ur(e! and !pi"e!
S>I6T 6ounded in Bru!!el! in5:7;, t#e !ociet% for t#e &orld&ide interban" 6inancial
Telecommunication *S>I6T+ i! a cooperati$e or(ani.ation dedicated to t#e
promotion and de$elopment of !tandardi.ed (lobal interacti$it% for financialtran!action!) S>I6T! ori(inal mandate &a! to e!tabli!# a (lobal communication!
lin" for data proce!!in( and a common lan(ua(e for international financial
tran!action!) T#e !ociet% operate! a me!!a(in( !er$ice for financial me!!a(e!, !uc#
a! letter! of credit, pa%ment!, and !ecuritie! tran!action!, bet&een member ban"!&orld&ide) S>I6T! e!!ential function i! to deli$er t#e!e me!!a(e! 1uic"l% and
!ecurel%Obot# of &#ic# are prime con!ideration! for financial matter!) Member
or(ani.ation! create formatted me!!a(e! t#at are t#em for&arded to S>I6T for deli$er% to t#e recipient member or(ani.ation) S>I6T operate! out of it! Bru!!el!
#ead1uarter! and proce!!e! data at center! in Bel(ium and t#e united !tate!
S&itc#e! T%picall% a!!ociated a! a data lin" la%er de$ice, !&itc#e! enable A net&or"
!e(ment! to be created and interconnected, &#ic# al!o #a$e t#e added benefit of
reducin( colli!ion domain! in Et#ernet3ba!ed net&or"!)
S%mmetric "e%
encr%ption
T&o tradin( partner! bot# !#are one or more !ecret!, o one el!e can read t#eir
me!!a(e!) A different "e% *or !et of "e%!+ i! needed for eac# pair of tradin(
partner!) Same "e% i! u!ed for encr%ption and decr%ption) *Al!o !ee ri$ate "e%Cr%pto!%!tem!+)
SU *!%nc#roni.e+ A fla( !et in t#e initial !etup pac"et! to indicate t#at t#e communicatin( partie! are!%nc#roni.in( t#e !e1uence number! u!ed for t#e data tran!mi!!ion
S%nc#ronou!tran!mi!!ion
Bloc"3at3a3time data tran!mi!!ion)
S%!tem Admini!trator T#e per!on at a computer in!tallation &#o de!i(n!, control!, and mana(e! t#e u!e
G5
8/11/2019 Cisa Glossary Combined
http://slidepdf.com/reader/full/cisa-glossary-combined 62/69
CISA DECEMBER, 2007 BATCH
of t#e computer !%!tem)
S%!tem e'it Special !%!tem !oft&are feature! and utilitie! t#at allo& t#e u!er to perform
comple' !%!tem maintenance) ?!e of t#e!e e'it! often permit! t#e u!er to operate
out!ide of t#e !ecurit% acce!! control !%!tem)
S%!tem flo&c#art! S%!tem flo&c#art! are (rap#ical repre!entation! of t#e !e1uence of operation! in
an information !%!tem or pro(ram) Information !%!tem flo&c#art! !#o& #o& datafrom !ource document! flo& t#rou(# t#e computer to final di!tribution to u!er!)
S%mbol! u!ed !#ould be t#e internationall% accepted !tandard) S%!tem flo&c#art!
!#ould be updated &#en nece!!ar%)
S%!tem narrati$e! S%!tem narrati$e! pro$ide an o$er$ie& e'planation of !%!tem flo&c#art!, &it#
e'planation of "e% control point! and !%!tem interface!)
S%!tem Securit% A !%!tem function t#at re!trict! t#e u!e of obect! to certain u!er!)
S%!tem !oft&are A collection of computer pro(ram! u!ed in t#e de!i(n, proce!!in( and control of
all application!) T#e pro(ram! and proce!!in( routine! t#at control t#e computer
#ard&are, includin( t#e operatin( !%!tem and utilit% pro(ram!)
Application3independent !oft&are t#at !upport! t#e runnin( of application!oft&are) It i! a !oft&are t#at i! part of or made a$ailable &it# a computer !%!tem
and t#at determine! #o& application pro(ram! are run- for e'ample, an operatin(
!%!tem)
S%!tem te!tin( A !erie! of te!t! de!i(ned to en!ure t#at t#e modified pro(ram interact! correctl%
&it# ot#er !%!tem component!) T#e!e te!t procedure! t%picall% are performed b%
t#e !%!tem maintenance !taff in t#eir de$elopment librar%)
S%!tem! ac1ui!ition
proce!!
T#e procedure! e!tabli!#ed to purc#a!e application !oft&are, or an up(rade,
includin( e$aluation lf t#e !upplier/! financial !tabilit%, trac" record, re!ource! andreference! from e'i!tin( cu!tomer!
S%!tem! anal%!i! T#e !%!tem! de$elopment p#a!e in &#ic# !%!tem! !pecification! and conceptual
de!i(n! are de$eloped, ba!ed on end u!er need! and re1uirement!S%!tem! de$elopment lifec%cle *SDC+
An approac# u!ed to plan, de!i(n, de$elop, te!t and implement an application!%!tem or a maor modification to an application !%!tem) T%pical p#a!e! include
t#e fea!ibilit% !tud%, re1uirement! !tud%, re1uirement! definition, detailed de!i(n,
pro(rammin(, te!tin(, in!tallation and po!t3implementation re$ie&)
Table loo"3up! ?!ed to en!ure t#at input data a(ree &it# predetermined criteria !tored in a table
TACACSV *terminal acce!! controller acce!! control !%!tem plu!+NN
An aut#entication protocol, often u!ed b% remote3acce!! !er$er!
Tape mana(ement!%!tem*TMS+ A !%!tem !oft&are tool t#at lo(!, monitor! and direct! computer tape u!a(e
Tap! >irin( de$ice! t#at ma% be in!erted into communication lin"! for ru!e &it#
anal%!i! probe!, A anal%.er! and intru!ion detection !ecurit% !%!tem!
TC *tran!mi!!ion
control protocol+
A connection3ba!ed internet protocol t#at !upport! reliable data tran!fer
connection!) ac"et data i! $erified u!in( c#ec"!um! and retran!mitted if it i!
mi!!in( or corrupted) T#e application pla%! no part in $alidatin( t#e tran!fer)
TC9I protocol *Tran!mi!!ion Control protocol9internet protocol+ a !et of communication!
protocol! t#at encompa!!e! media acce!!) ac"et tran!port, !e!!ioncommunication!, file tran!fer, electronic mail) Terminal emulation, remote file
G2
8/11/2019 Cisa Glossary Combined
http://slidepdf.com/reader/full/cisa-glossary-combined 63/69
CISA DECEMBER, 2007 BATCH
acce!! and net&or" mana(ement, TC9I pro$ide! t#e ba!i! for t#e internet)
Te!t Certificate A Di(ital Si(nature Certificate i!!ued b% a Certif%in( Aut#orit% for t#e limited
purpo!e of internal tec#nical te!tin() Te!t certificate! ma% be u!ed b% aut#ori.ed per!on! onl%)
Top dump A net&or" monitorin( and data ac1ui!ition tool t#at perform! filter tran!lation, pac"et ac1ui!ition and pac"et di!pla%
Tec#nical infra!tructure Refer! to t#e !ecurit% of t#e infra!tructure t#at !upport! t#e ER net&or"in( andtelecommunication!, operatin( !%!tem! and databa!e!)
Telecommunication! Electronic communication! b% !pecial de$ice! o$er di!tance! or around de$ice!
t#at preclude detect interper!onal e'c#an(e
Teleproce!!in( ?!in( telecommunication! facilitie! for #andlin( and proce!!in( of computeri.ed
information
Telnet ?!ed to enable remote acce!! to a !er$er computer) Command! t%ped are run on
t#e remote !er$er)
Terminal A de$ice for !endin( and recei$in( computeri.ed data o$er tran!mi!!ion line!
Term! of reference A document t#at confirm! t#e client/! and t#e IS auditor/! acceptance of a re$ie&
a!!i(nmentTe!t data Simulated tran!action! t#at can be u!ed to te!t proce!!in( lo(ic, computation! and
control! actuall% pro(rammed in computer application!) Indi$idual pro(ram! or anentire !%!tem can be te!ted) T#i! tec#ni1ue include! inte(rated Te!t 6acilitie!
*IT6!+and Ba!e Ca!e S%!tem E$aluation! *BCSE!+
T#rou(#put T#e 1uantit% of u!eful &or" made b% t#e !%!tem per unit of time) T#rou(#put can
be mea!ured in in!truction! per !econd or !ome ot#er unit of performance) >#en
referrin( to a data tran!fer operation, t#rou(#out mea!ure! t#e u!eful data tran!fer rate and i! e'pre!!ed in "bp!, Mbp! and bp!)
Te!t (enerator! Soft&are u!ed to create data to be u!ed in t#e te!tin( of computer pro(ram!
Te!t pro(ram! ro(ram! t#at are te!ted and e$aluated before appro$al into t#e productionen$ironment) Te!t pro(ram!, t#rou(# a !erie! of c#an(e control mo$e!, mi(rate
from t#e te!t en$ironment to t#e production en$ironment and become production pro(ram!)
T#ird3part% re$ie& An independent audit of t#e control !tructure of a !er$ice or(ani.ation, !uc# a! a
!er$ice bureau, &it# t#e obecti$e of pro$idin( a!!urance! to t#e u!er! of t#e!er$ice or(ani.ation t#at t#e internal control !tructure i! ade1uate, effecti$e and
!ound
T#reat An% !ituation or e$ent t#at #a! t#e potential to #arm a !%!tem)
A circum!tance or e$ent &it# t#e potential to cau!e #arm to a !%!tem, includin( t#ede!truction, unaut#ori.ed di!clo!ure, or modification of data and9or denial of
!er$ice)
Time3ut A !ecurit% feature t#at lo(! off a u!er if an% entr% i! not made at t#e terminal
&it#in a !pecified period of time)
Time Stamp A notation t#at indicate! *at lea!t+ t#e correct date and time of an action, and
identit% of t#e per!on or de$ice t#at !ent or recei$ed t#e time !tamp)
To"en A de$ice t#at i! u!ed to aut#enticate a u!er, t%picall% in addition to a u!ername and
pa!!&ord) It i! u!uall% a credit card !i.ed de$ice t#at di!pla%! a p!eudo random
number t#at c#an(e! e$er% fe& minute!)
G;
8/11/2019 Cisa Glossary Combined
http://slidepdf.com/reader/full/cisa-glossary-combined 64/69
CISA DECEMBER, 2007 BATCH
A #ard&are !ecurit% to"en containin( a u!er/! pri$ate "e%*!+, public "e%certificate, and, optionall%, a cac#e of ot#er certificate!, includin( all certificate! in
t#e u!er/! certification c#ain)
To"en rin( topolo(% A t%pe of A rin( topolo(% in &#ic# a frame containin( a !pecific format, called
t#e to"en, i! pa!!ed from one !tation to t#e ne't around t#e rin() >#en a !tation
recei$e! t#e to"en, it i! allo&ed to tran!mit) T#e !tation can !end a! man% frame!a! de!ired until a predefined time limit i! reac#ed) >#en a !tation eit#er #a! nomore frame! to !end or reac#e! t#e time limit, it tran!mit! t#e to"en) To"en pa!!in(
pre$ent! data colli!ion! t#at can occur &#en t&o computer! be(in tran!mittin( at
t#e !ame time)
Top3 le$el mana(ement T#e #i(#e!t le$el of mana(ement in t#e or(ani.ation, re!pon!ible for direction and
control of t#e or(ani.ation a! a &#ole *!uc# a! director, (eneral mana(er, partner,c#ief officer and e'ecuti$e mana(er+
Topolo(% T#e p#%!ical la%out of #o& computer! are lin"ed to(et#er) E'ample! include rin(,!tar and bu!)
Tran!action Bu!ine!! e$ent! or information (rouped to(et#er becau!e t#e% #a$e a !in(le or
!imilar purpo!e) T%picall%, a tran!action i! applied to a calculation or e$ent t#att#en re!ult! in t#e updatin( of a #oldin( or ma!ter file)
A computer3ba!ed tran!fer of bu!ine!! information, &#ic# con!i!t! of !pecific
proce!!e! to facilitate communication o$er (lobal net&or"!)
Tran!action lo( A manual or automated lo( of all update! to data file! and databa!e!
Tran!action Bu!ine!! e$ent! or information (rouped to(et#er becau!e t#e% #a$e a !in(le or
!imilar purpo!e) T%picall%, a tran!action i! applied to a calculation or e$ent t#att#en re!ult! in t#e updatin( of a #oldin( or ma!ter file)
Tran!mi!!ion Controlrotocol9Internetrotocol*TC9I+
A!!et of communication! protocol! t#at encompa!!e! media acce!!, pac"ettran!port, !e!!ion communication!, file tran!fer, electronic mail, terminalemulation, remote file acce!! and net&or" mana(ement) TC9I pro$ide! t#e ba!i!
for t#e Internet)
Trap door
?naut#ori.ed electronic e'it!, or door&a%!, out of an aut#ori.ed computer
pro(ram into a !et of maliciou! in!truction! or pro(ram!
Troan #or!e urpo!efull% #idden maliciou! or dama(in( code &it#in an aut#ori.ed computer
pro(ram) ?nli"e $iru!e!, t#e% do not replicate t#em!el$e!, but t#e% can be u!t a!de!tructi$e to a !in(le computer)
Tru!t enerall%, t#e a!!umption t#at an entit% &ill be#a$e !ub!tantiall% a! e'pected)
Tru!t ma% appl% onl% for a !pecific function) T#e "e% role of t#i! term in anaut#entication frame&or" i! to de!cribe t#e relation !#ip bet&een an aut#enticatin(
entit% and a certificate aut#orit% *CA+) An aut#enticatin( entit% mu!t be certain
t#at it can tru!t t#e CA to create onl% $alid and reliable certificate!, and u!er! of t#o!e Di(ital Si(nature Certificate! rel% upon t#e aut#enticatin( entit%/!
determination of tru!t)
Tru!ted o!ition A role t#at include! acce!! to or control o$er cr%pto(rap#ic operation! t#at ma%
G
8/11/2019 Cisa Glossary Combined
http://slidepdf.com/reader/full/cisa-glossary-combined 65/69
CISA DECEMBER, 2007 BATCH
materiall% affect t#e i!!uance, u!e, !u!pen!ion, or re$ocation of Di(ital Si(nature
Certificate!, includin( operation! t#at re!trict acce!! to a repo!itor%)
Tru!ted proce!!e! roce!!e! certified a! !upportin( a !ecurit% (oal)
Tru!ted T#ird art% In (eneral, an independent, unbia!ed t#ird part% t#at contribute! to t#e ultimate
!ecurit% and tru!t&ort#ine!! of computer3ba!ed information tran!fer!) A tru!tedt#ird part% doe! not connote t#e e'i!tence of a tru!tor3tru!tee or ot#er fiduciar%
relation!#ip *Cf, tru!t+)Tru!ted !%!tem! S%!tem! t#at emplo% !ufficient #ard&are and !oft&are a!!urance mea!ure! to
allo& t#eir u!e for proce!!in( of a ran(e of !en!iti$e or cla!!ified information)
Tru!t&ort#% S%!tem Computer #ard&are, !oft&are, and procedure! t#at are rea!onabl% !ecure fromintru!ion and mi!u!e- pro$ide a rea!onable le$el of a$ailabilit%, reliabilit%, and
correct operation- are rea!onabl% !uited to performin( t#eir intended function!-
and enforce t#e applicable !ecurit% polic%) A tru!t&ort#% !%!tem i! not nece!!aril%a tru!ted !%!tem8 a! reco(ni.ed in cla!!ified (o$ernment nomenclature)
Tunnelin( A met#od b% &#ic# one net&or" protocol encap!ulate! anot#er protocol &it#in
it!elf) It i! common u!ed to brid(e bet&een incompatible #o!t!9router! or to pro$ide encr%ption) >#en protocol A encap!ulate! protocol B, t#in a protocol a
#eader and optional tunnelin( #eader! are appended to t#e ori(inal protocol B pac"et, protocol A t#en become! t#e data lin" la%er of protocol B) e'ample! of tunnelin( protocol! include ISec, point3to3point protocol $er Et#ernet *oE+,
and a%er 2 Tunnelin( protocol *2T+)
Tuple A tuple i! a ro& in a databa!e table)
T&i!ted pair! A pair of !mall, in!ulated &ire! t#at are t&i!ted around eac# ot#er to minimi.e
interference from ot#er &ire! in t#e cable) T#i! i! a lo&3capacit% tran!mi!!ion
medium)
T&i!ted pair!
A pair of !mall, in!ulated &ire! t#at are t&i!ted around eac# ot#er to minimi.e
interference from ot#er &ire! in t#e cable) T#i! i! a lo&3capacit% tran!mi!!ionmedium)
T%pe *of Certificate+ T#e definin( propertie! of a Di(ital Si(nature Certificate, &#ic# limit it! intended purpo!e to a cla!! of application! uni1uel%, a!!ociated &it# t#at t%pe)
?D *?!er Data(ram protocol+
A connectionle!! internet protocol t#at i! de!i(ned for net&or" efficienc% and!peed at t#e e'pen!e of reliabilit%) A data re1ue!t b% t#e client i! !er$ed b% !endin(
pac"et! &it#out te!tin( to $erif% if t#e% actuall% arri$e at t#e de!tination, not if
t#e% &ere corrupted in tran!it) It i! up to t#e application to determine t#e!e factor!and re1ue!t retran!mi!!ion!)
?nicode A !tandard for repre!entin( c#aracter! a! inte(er!) It u!e! 5G bit!, &#ic# mean! t#at
it can repre!ent more t#an GF,000 uni1ue c#aracter!, a! i! nece!!ar% for lan(ua(e!!uc# a! C#ine!e and @apane!e)
?niform Re!ource
ocator *?R+
A !tandardi.ed de$ice for identif%in( and locatin( certain record! and ot#er
re!ource! located on t#e >orld >ide >eb)
?ninterruptible po&er !uppl% *?S+
ro$ide! !#ort3term bac"up po&er from batterie! for a computer !%!tem &#en t#eelectrical po&er fail! or drop! to an unacceptable $olta(e le$el
?nit te!tin( A te!tin( tec#ni1ue t#at i! u!ed to te!t pro(ram lo(ic &it#in a particular
pro(rammer module) T#e purpo!e of t#e te!t
GF
8/11/2019 Cisa Glossary Combined
http://slidepdf.com/reader/full/cisa-glossary-combined 66/69
CISA DECEMBER, 2007 BATCH
?ni$er!al Serial B?S
*?SB+
An e'ternal bu! !tandard t#at pro$ide! capabilitie! to tran!fer data at a rate of 52
Mbp!) A ?SB port can connect up to 527 perip#eral de$ice!)
?!er An aut#ori.ed entit% t#at u!e! a certificate a! applicant, !ub!criber, recipient or
rel%in( part%, but not includin( t#e Certif%in( Aut#orit% i!!uin( t#e Di(ital
Si(nature Certificate *See also certificate applicant- entit%- per!on- !ub!criber+)
?!er a&arene!! T#e trainin( proce!! in !ecurit%3!pecific i!!ue! to reduce !ecurit% problem!, !ince
u!er! are often t#e &ea"e!t lin" in t#e !ecurit% c#ain
?ni$er!al De!cription)Di!co$er% and inte(ration
*?DDI+A &eb3 ba!ed $er!ion of t#e traditional p#one boo"/! %ello& and &#ite pa(e!
enablin( bu!ine!!e! to be publicl% li!ted in promotin( (reater e3commerceacti$itie!)
?I A multi3u!er, multita!"in( operatin( !%!tem t#at i! u!ed &idel% a! t#e ma!ter control pro(ram in &or"!tation! and e!peciall% !er$er!
?ntru!t&ort#% #o!t To t#e ba!ic border fire&all, add a #o!t t#at re!ide! on an entru!ted net&or" &#eret#e fire&all cannot protect it) T#at #o!t i! minimall% confi(ured and carefull%
mana(ed to be a! !ecure a& po!!ible) T#e fire&all i! confi(ured to re1uire
incomin( and out(oin( traffic to (o t#rou(# t#e untru!t&ort#% #o!t) T#e #o!t i!
referred to a! untru!t&ort#% becau!e it cannot be protected b% t#e fire&all-
t#erefore, #o!t! on t#e tru!ted net&or"! can place onl% limited tru!t init)?ploadin( T#e proce!! of electronicall% !endin( computeri.ed information from one
computer to anot#er computer) Mo!t often, t#e tran!fer i! from a !maller computer
to a lar(er one)
?!eful audit e$idence Audit e$idence i! u!eful if it a!!i!t! t#e IS auditor! in meetin( t#eir audit
obecti$e!)
?tilit% pro(ram! Speciali.ed !%!tem !oft&are u!ed to perform particular computeri.ed function!
and routine! t#at are fre1uentl% re1uired durin( normal proce!!in() E'ample!
include !ortin(, bac"in( up and era!in( data)
?tilit% !oft&are Computer pro(ram! pro$ided b% a computer #ard&are manufacturer or !oft&are
$endor and u!ed in runnin( t#e !%!tem) T#i! tec#ni1ue can be u!ed to e'amine
proce!!in( acti$itie!- to te!t pro(ram!, !%!tem acti$itie! and operational procedure!- to e$aluate data file acti$it%- and, to anal%.e ob accountin( data)
?tilit% !cript A !e1uence of command! input into a !in(le file to automate a repetiti$e and!pecific ta!") T#e utilit% !cript i! t#en e'ecuted, eit#er automaticall% or manuall%,
to perform t#e ta!") In ?I, t#e!e are "no&n a! a !#ell !cript!)
Jaccine A pro(ram de!i(ned to detect computer $iru!e!
Jalid Certificate A Di(ital Si(nature Certificate i!!ued b% a Certif%in( Aut#orit% and accepted b%
t#e !ub!criber li!ted in it)Jalidate a Certificate
*i)e) of an end3u!er !ub!criber certificate+
T#e proce!! performed b% a recipient or rel%in( part% to confirm t#at an end3u!er
!ub!criber Di(ital Si(nature Certificate i! $alid and &a! operational at t#e date andtime a pertinent di(ital !i(nature &a! created)
Jalidation *of certificateapplication+
T#e proce!! performed b% t#e Certif%in( Aut#orit% or it! a(ent follo&in(!ubmi!!ion of a Di(ital Si(nature Certificate application a! a prere1ui!ite to
appro$al of t#e application and t#e i!!uance of a Di(ital Si(nature Certificate) See
also aut#entication- !oft&are $alidation)
GG
8/11/2019 Cisa Glossary Combined
http://slidepdf.com/reader/full/cisa-glossary-combined 67/69
CISA DECEMBER, 2007 BATCH
Jalidit% c#ec" ro(rammed c#ec"in( of data $alidit% in accordance &it# predetermined criteria
Jalue3added net&or"
*JA+
A data communication net&or" t#at add! proce!!in( !er$ice! !uc# a! error
correction, data tran!lation and9or !tora(e to t#e ba!ic function of tran!portin( data
Jariable !amplin( A !amplin( tec#ni1ue u!ed to e!timate t#e a$era(e or total $alue of a population
ba!ed on a !ample- a !tati!tical model u!ed to proect a 1uantitati$e c#aracteri!tic,!uc# a! a monetar% amount
Jerification C#ec"! t#at data are entered correctl%)
Jerif% *a di(ital
!i(nature+
In relation to a di(ital !i(nature, electronic record or public "e%, &it# it!
(rammatical $ariation! and co(nate e'pre!!ion! mean! to determine &#et#er O
*a+ t#e initial electronic record &a! affi'ed &it# t#e di(ital !i(nature b% t#e u!e of
pri$ate "e% corre!pondin( to t#e public "e% of t#e !ub!criber-*b+ t#e initial electronic record i! retained intact or #a! been altered !ince !uc#
electronic record &a! !o affi'ed &it# t#e di(ital !i(nature)
Jirtual or(ani.ation! r(ani.ation! t#at na$e no official p#%!ical !ite pre!ence and are made up of
di$er!e (eo(rap#icall% di!per!ed or mobile emplo%ee!)
Jirtual pri$ate net&or"
*J+
A pri$ate net&or" t#at i! confi(ured &it#in a public net&or") 6or %ear!, common
carrier! #a$e built J! t#at appear a! pri$ate national or international net&or"!to t#e cu!tomer, but p#%!icall% !#are bac"bone trun"! &it# ot#er cu!tomer!) J!eno% t#e !ecurit% of a pri$ate net&or" $ia acce!! control and encr%ption, &#ile
ta"in( ad$anta(e of t#e economie! of !cale and built3in mana(ement facilitie! of
lar(e public net&or"!)
Jiru! A de!tructi$e computer pro(ram t#at !pread! from computer to computer to
computer u!in( a ran(e of met#od!, includin( infectin( flopp% di!"! and ot#er
pro(ram!) Jiru!e! t%picall% attac# t#em!el$e! it a pro(ram and modif% it !o t#att#e $iru! code run! &#en t#e pro(ram i! fir!t !tarted) T#e infected pro(ram
t%picall% run! normall%, but t#e $iru! code t#in infect! ot#er pro(ram! &#ene$er it
can) *Al!o !ee &orm)+
Mean! an% computer in!truction, information, data or pro(ramme t#at de!tro%!,dama(e!, de(rade! or ad$er!el% affect! t#e performance of a computer re!ource or
attac#e! it!elf to anot#er computer re!ource and operate! &#en a pro(ramme, data
or in!truction i! e'ecuted or !ome ot#er e$ent ta"e! place in t#at computer
re!ource)
Joice mail A !%!tem of !torin( me!!a(e! in a pri$ate recordin( medium &#ere t#e called partcan later retrie$e t#e me!!a(e!
Joice3 o$er Internet protocol *JoI+
Al!o called I Telep#on%, Internet telep#on% and Broadband p#one, t#i! i! atec#nolo(% t#at ma"e! it po!!ible to #a$e a $oice con$er!ation o$er t#e Internet or
o$er an% dedicated Inter net protocol *I+ net&or" in!tead of dedicated $oice
tran!mi!!ion line!)
Julnerabilitie! >ea"ne!!e! in !%!tem! t#at can be e'ploited in &a%! t#at $iolate !ecurit% polic%)
Julnerabilit% i! a &ea"ne!! t#at could be e'ploited to cau!e dama(e to t#e !%!temor t#e a!!et! it contain!)
Julnerabilit% anal%!i! Anal%!i! of t#e !ecurit% !tate of a !%!tem or it! compromi!e on t#e ba!i! of information collected at inter$al!
G7
8/11/2019 Cisa Glossary Combined
http://slidepdf.com/reader/full/cisa-glossary-combined 68/69
CISA DECEMBER, 2007 BATCH
>A !&itc# A data lin" la%er de$ice u!ed for implementin( $ariou! >A tec#nolo(ie! !uc# a!
a!%nc#ronou! tran!fer mode, point3to3point frame rela% !olution!, and ISD)T#e!e de$ice! are t%picall% a!!ociated &it# carrier net&or"! pro$idin( dedicated
>A !&itc#in( and router !er$ice! to or(ani.ation! $ia T35or T3;connection!)>ar dialler Soft&are pac"a(e! t#at !e1uentiall% dial telep#one number!, recordin( an%
number! t#at an!&er
>arm3!ite A &arm3!ite i! !imilar to a #ot3!ite- #o&e$er, it i! not full% e1uipped &it# allnece!!ar% #ard&are needed for reco$er%)
>aterfall de$elopment Al!o "no&n a! traditional de$elopment) It i! a $er% procedure3focu!edde$elopment c%cle &it# formal !i(n3off at t#e completion of eac# le$el
>eb Bro&!er A !oft&are application u!ed to locate and di!pla% &eb pa(e!)
>eb pa(e A $ie&able !creen di!pla%in( information, pre!ented t#rou(# a &eb bro&!er in a!in(le $ie& !ometime! re1uirin( t#e u!er to !croll to re$ie& t#e entire pa(e) A
band &eb pa(e ma% di!pla% t#e ban"/! lo(o, pro$ide information about ban"
product! to !croll to re$ie& t#e centre pa(e) A ban" &eb pa(e ma% di!pla% t#e
ban"/! lo(o, pro$ide information about ban" product! and !er$ice!, or allo& acu!tomer to interact &it# T#eban or t#ird partie! t#at #a$e contracted &it# t#e
ban")
>eb Ser$ice! De!cription
an(ua(e *>SD+
An MN formatted lan(ua(e u!ed to de!cribe a &eb !er$ice/! capabilitie! a!
collection! of communication endpoint! capable of e'c#an(in( me!!a(e!) >SD
i! t#e lan(ua(e t#at ?DDl u!e!)*Al!o !ee ?ni$er!al De!cription, Di!co$er% andinte(ration *?DDI+
>eb !ite Con!i!t! of one or more &eb pa(e! t#at ma% ori(inate at one or more &eb !er$er computer!) A per!on can $ie& t#e pa(e! of a &eb!ite eon an% order, a! #e or !#e&ould a ma(a.ine)
>#ite bo' te!tin( A te!tin( approac# t#at u!e! "no&led(e of a pro(ram9module/! underl%in(implementation and code inter$al! to $erif% it! e'pected be#a$ior)
>ide area net&or" *>A+
A computer net&or" connectin( different remote location! t#at ma% ran(e from!#ort di!tance!, !uc# a! a floor or buildin(, to e'tremel% lon( tran!mi!!ion! t#at
encompa!! a lar(e re(ion or !e$eral countrie!
>indo&! T A $er!ion of t#e &indo&! operatin( !%!tem t#at !upport! preempti$e multita!"in(
>i36i protected acce!!
*>A+
A cla!! of !%!tem! u!ed to !ecure &irele!! *>i36i+ computer net&or"!) It &a!
created in re!pon!e to !e$eral !eriou! &ea"ne!!e! re!earc#er! found in t#e pre$iou! !%!tem, &ired E1ui$alent pri$ac% *>E+)>A implement! t#e maorit%
of t#e EDDD 02)5 5 I !tandard, and &a! intended a! an intermediate mea!ure to
ta"e t#e place of >C &#ile 02) 5 5 i &a! prepared) >A i! de!i(ned to &or"
&it# all &irele!! net&or" interface card!, but not nece!!aril% &it# fir!t (eneration&irele!! acce!! point!) >A2 implement! t#e full !tandard, but &ill not &or" &it#
!ome older net&or" card!) Bot# pro$ide (ood !ecurit% &it# t&o !i(nificant i!!ue!)
6ir!t, eit#er >A or >A2 mu!t be enabled and c#o!en in reference to >E->E i! u!uall% pre!ented a! t#e fir!t !ecurit% c#oice in mo!t in!tallation
in!truction!) Second, in t#e Wper!onal8 mode, t#e mo!t li"el% c#oice for #ome! and
G
8/11/2019 Cisa Glossary Combined
http://slidepdf.com/reader/full/cisa-glossary-combined 69/69
CISA DECEMBER, 2007 BATCH
!mall office!, a pa!! p#ra!e i! re1uired t#at, for full !ecurit%, mu!t be lon(er t#an
t#e t%pical Gto c#aracter pa!!&ord! u!er! are tau(#t to emplo%)
>ired E1ui$alent pri$ac%
*>E+
A !c#eme t#at i! part of t#e EDDD 02)55 &irele!! ET>R4S *AS
4> AS >E net&or"!+) Becau!e a &irele!! net&or" broadca!t! me!!a(e!
u!in( radio, it i! particularl% !u!ceptible to ea$e!droppin() >E &a! intended to pro$ide comparable confidentialit% to a traditional &ired net&or" *in particular it
doe! not protect u!er! of t#e net&or" from eac# ot#er+) Hence t#e name) Se$eral
!eriou! &ea"ne!!e! &ere identified b% cr%ptanal%!t!, and >E &a! !uper!eded b%>ife protected Acce!! *>A+ in 200;, and t#en b% t#e full IEEE 02) 5 5 I!tandard *al!o "no&n a! >A2+ in200) De!pite t#e &ea"ne!!e!, >E pro$ide! a
le$el of !ecurit% t#at can deter ca!ual !noopin()
>iretappin( T#e practice of ea$e!droppin( on information bein( tran!mitted o$er
telecommunication! lin"!
>orld &ide &eb *>>>+ A !ub3net&or" of t#e internet t#rou(# &#ic# information i! e'c#an(ed b% te't,
(rap#ic!, audio and $ideo)
A #%perte't3ba!ed, di!tributed information !%!tem in &#ic# u!er! ma% create, edit,
or bro&!e #%perte't document!) A (rap#ical document publi!#in( and retrie$almedium- a collection of lin"ed document! t#at re!ide on t#e Internet)
>orld >ide >eb
Con!ortium *>;C+
An international con!ortium founded in 5:: of affiliate! from public and pri$ate
or(ani.ation! in$ol$ed &it# t#e internet and t#e &eb) T#e >;c/! primar% mi!!ioni! to promul(ate open !tandard! to furt#er en#ance t#e economic (ro&t# of
internet &eb !er$ice! (loball%)
>orm >it# re!pect to !ecurit%, a !pecial t%pe of $iru! t#at doe! not attac# it!elf to
pro(ram!, but rat#er !pread! $ia ot#er met#od! !uc# a! e3mail *al!o !ee $iru!+)
>ritin( Information in a record t#at i! acce!!ible and u!able for !ub!e1uent reference)
)2F A protocol for pac"et3!&itc#in( net&or"!
)2F interface An interface bet&een data terminal e1uipment *DTE+ and data circuit3terminatin(
e1uipment *DCE+for terminal! operatin( in t#e pac"et mode on !ome public datanet&or"!
)F00 Standard t#at define! #o& (lobal directorie! !#ould be !tructured) )F00directorie! are #ierarc#ical &it# different le$el! for eac# cate(or% of information,
!uc# a! countr%, !tate and cit%)F0: T#e IT? T *International Telecommunication! ?nion T+ !tandard for Di(ital