Flashcards in Glossary of Terms Deck (182)
An abnormal end to a computer job; termination of a task prior to its completion because of an
error condition that cannot be resolved by recovery facilities while the task is executing
The maximum period of time that a system can be unavailable before compromising the
achievement of the enterprise's business objectives
Acceptable User Policy (AUP)
A policy that establishes an agreement between users and the enterprise and defines for all parties' the ranges of use that are approved before gaining access to a network or the Internet.
The processes, rules and deployment mechanisms that control access to information systems,
resources and physical access to premises
Access Control Lists (ACL)
An internal computerized table of access rules regarding the levels of computer access permitted to logon IDs and computer terminals
Scope Note: Also referred to as access control tables
Access control table
An internal computerized table of access rules regarding the levels of computer access permitted to
logon IDs and computer terminals
The technique used for selecting records in a file, one at a time, for processing, retrieval or storage
The access method is related to, but distinct from, the file organization, which determines how the records are stored.
The logical route that an end user takes to access computerized information
Scope Note: Typically includes a route through the operating system, telecommunications software, selected application software and the access control system
The permission or privileges granted to users, programs or workstations to create, change, delete or view data and files within a system, as defined by rules established by data owners and the information security policy
Provides centralized access control for managing remote access dial‐up services
The ability to map a given activity or event back to the responsible party
Governance ensures that enterprise objectives are achieved by evaluating stakeholder needs, conditions and options; setting direction through prioritization and decision making; and monitoring performance, compliance and progress against plans.
In most enterprises, governance is the responsibility of the board of directors under the leadership of the
Scope Note: COBIT 5 Perspective
The individual, group or entity that is ultimately responsible for a subject matter, process or scope
Scope Note: Within the IT Assurance Framework (ITAF), the term "management" is equivalent to "accountable party."
A flag set in a packet to indicate to the sender that the previous packet sent was accepted correctly by the receiver without errors, or that the receiver is now ready to accept a transmission.
Active recovery site
A recovery strategy that involves two active sites, each capable of taking over the other's workload in the event of a disaster
Scope Note: Each site will have enough idle processing power to restore data from the other site and to accommodate the excess workload in the event of a disaster.
A response in which the system either automatically, or in concert with the user, blocks or otherwise affects the
progress of a detected attack.
Scope Note: Takes one of three forms: amending the environment, collecting more information or striking back against the user
The main actions taken to operate the COBIT process
Within computer storage, the code used to designate the location of a specific piece of data
The number of distinct locations that may be referred to with the machine address.
Scope Note: For most binary machines, it is equal to 2n, where n is the number of bits in the machine address.
The method used to identify the location of a participant in a network
The calendar can contain "real" accounting periods and/or adjusting accounting periods. The "real" accounting periods must not overlap and cannot have any gaps between them. Adjusting accounting periods can overlap with other accounting periods.
The rules, procedures and practices dealing with operational effectiveness, efficiency and adherence
to regulations and management policies
Advanced Encryption Standard (AES)
A public algorithm that supports keys from 128 bits to 256 bits in size
Advanced Persistent Threat (APT)
An adversary that possesses sophisticated levels of expertise and significant resources which allow it to createopportunities to achieve its objectives using multiple attack vectors (NIST SP800‐61)
Scope Note: The APT:
1. pursues its objectives repeatedly over an extended period of time
2. adapts to defenders’ efforts to resist it
3. is determined to maintain the level of interaction needed to execute its objectives
A threat actor / agent
A software package that automatically plays, displays or downloads advertising material to a computer after the
software is installed on it or while the application is being used
The point in an emergency procedure when the elapsed time passes a threshold and the interruption is not resolved. The enterprise entering into an alert situation initiates a series of escalation steps
A state where the enablers of governance and management of enterprise IT support the goals and strategies of the enterprise
A recurring journal entry used to allocate revenues or costs
Scope Note: For example, an allocation entry could be defined to allocate costs to each department based on head count.