Glossary of Terms Flashcards Preview

CISM > Glossary of Terms > Flashcards

Flashcards in Glossary of Terms Deck (182)
Loading flashcards...
31

Alternate Facilities

Locations and infrastructures from which emergency or backup processes are executed, when the main premises are unavailable or destroyed.

Scope Note: Includes other buildings, offices or data processing centers

32

Alternate Process

Automatic or manual process designed and established to continue critical business processes from
point‐of‐failure to return‐to‐normal

33

Alternate Routing

A service that allows the option of having an alternate route to complete a call when the marked destination is not available.

Scope Note: In signaling, alternative routing is the process of allocating substitute routes for a given signaling traffic stream in case of failure(s) affecting the normal signaling links or routes of that traffic stream.

34

ASCII

American Standard Code
for Information
Interchange

35

Amortization

The process of cost allocation that assigns the original cost of an intangible asset to the periods
benefited; calculated in the same way as depreciation

36

Analog

A transmission signal that varies continuously in amplitude and time and is generated in wave formation
Scope Note: Analog signals are used in telecommunications

37

Analytical technique

The examination of ratios, trends, and changes in balances and other values between periods to obtain a broad understanding of the enterprise's financial or operational position and to identify areas that may require further or closer investigation.

Scope Note: Often used when planning the assurance assignment

38

Anomaly

Unusual or statistically rare

39

Anomaly Detection

Detection on the basis of whether the system activity matches that defined as abnormal

40

Anonymity

The quality or state of not being named or identified

41

Anti-malware

A technology widely used to prevent, detect and remove many categories of malware, including computer viruses, worms, Trojans, keyloggers, malicious browser plug‐ins, adware and spyware

42

Antivirus software

An application software deployed at multiple points in an IT architecture It is designed to detect and potentially eliminate virus code before damage is done and repair or quarantine files that have already been infected

43

Appearance

The act of giving the idea or impression of being or doing something

44

Appearance of Independence

Behavior adequate to meet the situations occurring during audit work (interviews, meetings, reporting, etc.)

Scope Note: An IS auditor should be aware that appearance of independence depends on the perceptions of others and can be influenced by improper actions or associations.

45

Applet

A program written in a portable, platform‐independent computer language, such as Java, JavaScript or Visual Basic.

Scope Note: An applet is usually embedded in an HyperText Markup Language (HTML) page downloaded from webservers and then executed by a browser on client machines to run any web‐ based application (e.g., generate web page input forms, run audio/video programs, etc.). Applets can only perform a restricted set of operations, thus preventing, or at least minimizing, the possible security compromise of the host computers. However, applets expose the user's
machine to risk if not properly controlled by the browser, which should not allow an applet to access a machine's information without prior authorization of the user.

46

Application

A computer program or set of programs that performs the processing of records for a specific function

Scope Note: Contrasts with systems programs, such as an operating system or network control program, and with utility programs, such as copy or sort

47

Application acquisition
review

An evaluation of an application system being acquired or evaluated, that considers such matters as: appropriate
controls are designed into the system; the application will process information in a complete, accurate and reliable manner; the application will function as intended; the application will function in compliance with any applicable statutory provisions; the system is acquired in compliance with the established system acquisition process

48

Application architecture

Description of the logical grouping of capabilities that manage the objects necessary to process information and support the enterprise’s objectives.

Scope Note: COBIT 5 perspective

49

Application benchmarking

The process of establishing the effective design and operation of automated controls within an
application.

50

Application controls

The policies, procedures and activities designed to provide reasonable assurance that objectives
relevant to a given automated solution (application) are achieved

51

Application development
review

An evaluation of an application system under development that considers matters such as: appropriate controls are designed into the system; the application will process information in a complete, accurate and reliable manner; the application will function as intended; the application will function in compliance with any applicable statutory
provisions; the system is developed in
compliance with the established system development life cycle process

52

Application
implementation review

An evaluation of any part of an implementation project
Scope Note: Examples include project management, test plans and user acceptance testing (UAT) procedures.

53

Application layer

In the Open Systems Interconnection (OSI) communications model, the application layer provides services for an application program to ensure that effective communication with another application program in a network is possible.

Scope Note: The application layer is not the application that is doing the communication; a service layer that provides these services.

54

Application maintenance
review

An evaluation of any part of a project to perform maintenance on an application system.

Scope Note: Examples include project management, test plans and user acceptance testing (UAT) procedures.

55

Application or managed service provider (ASP/MSP)

A third party that delivers and manages applications and computer services, including security services to multiple users via the Internet or a private network.

56

Application Programme

A program that processes business data through activities such as data entry, update or query
Scope Note: Contrasts with systems programs, such as an operating system or network control program, and with utility programs such as copy or sort.

57

Application Programming Interface (API)

A set of routines, protocols and tools referred to as "building blocks" used in business application software
development.

Scope Note: A good API makes it easier to develop a program by providing all the building blocks related to functional characteristics of an operating system that applications need to specify, for example, when interfacing with the operating system (e.g., provided by Microsoft Windows, different versions of UNIX). A programmer utilizes these APIs in developing applications that can operate effectively and efficiently on the platform chosen.

58

Application proxy

A service that connects programs running on internal networks to services on exterior networks by creating two connections, one from the requesting client and another to the destination service.

59

Application security

Refers to the security aspects supported by the application, primarily with regard to the roles or
responsibilities and audit trails within the applications

60

Application Service Provider (ASP)

Also known as managed service provider (MSP), it deploys, hosts and manages access to a packaged application to multiple parties from a centrally managed facility.

Scope Note: The applications are delivered over networks on a subscription basis.