ISACA® CISA® - Glossary (EN)
Questions 100% Answered!!
Acceptable use policy - ANSWERA policy that establishes an agreement between
users and the enterprise and defines for all parties' the ranges of use that are
approved before gaining access to a network or the Internet.
Access control - ANSWERThe processes, rules and deployment mechanisms that
control access to information systems, resources and physical access to premises.
Access control list (ACL) - ANSWERAn internal computerized table of access rules
regarding the levels of computer access permitted to logon IDs and computer
terminals.
Scope Note: Also referred to as access control tables.
Access path - ANSWERThe logical route that an end user takes to access
computerized information.
Scope Note: Typically includes a route through the operating system,
telecommunications software, selected application software and the access control
system
Access rights - ANSWERThe permission or privileges granted to users, programs or
workstations to create, change, delete or view data and files within a system, as
defined by rules established by data owners and the information security policy.
Adware - ANSWERA software package that automatically plays, displays or
downloads advertising material to a computer after the software is installed on it or
while the application is being used.
Scope Note: In most cases, this is done without any notification to the user or without
the user's consent. The term adware may also refer to software that displays
advertisements, whether or not it does so with the user's consent; such programs
display advertisements as an alternative to shareware registration fees. These are
classified as adware in the sense of advertising supported software, but not as
spyware. Adware in this form does not operate surreptitiously or mislead the user,
and it provides the user with a specific service.
Alternative routing - ANSWERA service that allows the option of having an alternate
route to complete a call when the marked destination is not available.
Scope Note: In signaling, alternative routing is the process of allocating substitute
routes for a given signaling traffic stream in case of failure(s) affecting the normal
signaling links or routes of that traffic stream.
,Antivirus software - ANSWERAn application software deployed at multiple points in
an IT architecture.
It is designed to detect and potentially eliminate virus code before damage is done
and repair or quarantine files that have already been infected
Application - ANSWERA computer program or set of programs that performs the
processing of records for a specific function.
Scope Note: Contrasts with systems programs, such as an operating system or
network control program, and with utility programs, such as copy or sort.
Application controls - ANSWERThe policies, procedures and activities designed to
provide reasonable assurance that objectives relevant to a given automated solution
(application) are achieved.
Application programming interface (API) - ANSWERA set of routines, protocols and
tools referred to as "building blocks" used in business application software
development.
Scope Note: A good API makes it easier to develop a program by providing all the
building blocks related to functional characteristics of an operating system that
applications need to specify, for example, when interfacing with the operating system
(e.g., provided by Microsoft Windows, different versions of UNIX). A programmer
utilizes these APIs in developing applications that can operate effectively and
efficiently on the platform chosen.
Application software tracing and mapping - ANSWERSpecialized tools that can be
used to analyze the flow of data through the processing logic of the application
software and document the logic, paths, control conditions and processing
sequences.
Scope Note: Both the command language or job control statements and
programming language can be analyzed. This technique includes program/system:
mapping, tracing, snapshots, parallel simulations and code comparisons.
Asymmetric key (public key) - ANSWERA cipher technique in which different
cryptographic keys are used to encrypt and decrypt a message.
Scope Note: See Public key encryption.
Attribute sampling - ANSWERAn audit technique used to select items from a
population for audit testing purposes based on selecting all those items that have
certain attributes or characteristics (such as all items over a certain size).
Audit evidence - ANSWERThe information used to support the audit opinion.
Audit objective - ANSWERThe specific goal(s) of an audit.
,Scope Note: These often center on substantiating the existence of internal controls
to minimize business risk.
Audit plan - ANSWER1. A plan containing the nature, timing and extent of audit
procedures to be performed by engagement team members in order to obtain
sufficient appropriate audit evidence to form an opinion.
Scope Note: Includes the areas to be audited, the type of work planned, the high-
level objectives and scope of the work, and topics such as budget, resource
allocation, schedule dates, type of report and its intended audience and other
general aspects of the work.
2. A high-level description of the audit work to be performed in a certain period of
time.
Audit program - ANSWERA step-by-step set of audit procedures and instructions
that should be performed to complete an audit.
Audit risk - ANSWERThe probability that information or financial reports may contain
material errors and that the auditor may not detect an error that has occurred.
Audit trail - ANSWERA visible trail of evidence enabling one to trace information
contained in statements or reports back to the original input source.
Authentication - ANSWER1. The act of verifying identity (i.e., user, system).
Scope Note: Risk: Can also refer to the verification of the correctness of a piece of
data.
2. The act of verifying the identity of a user and the user's eligibility to access
computerized information.
Scope Note: Assurance: Authentication is designed to protect against fraudulent
logon activity. It can also refer to the verification of the correctness of a piece of data.
Backbone - ANSWERThe main communication channel of a digital network. The part
of a network that handles the major traffic.
Scope Note: Employs the highest-speed transmission paths in the network and may
also run the longest distances. Smaller networks are attached to the backbone, and
networks that connect directly to the end user or customer are called "access
networks." A backbone can span a geographic area of any size from a single
building to an office complex to an entire country. Or, it can be as small as a
backplane in a single cabinet.
Backup - ANSWERFiles, equipment, data and procedures available for use in the
event of a failure or loss, if the originals are destroyed or out of service.
Balanced scorecard (BSC) - ANSWERDeveloped by Robert S. Kaplan and David P.
Norton as a coherent set of performance measures organized into four categories
, that includes traditional financial measures, but adds customer, internal business
process, and learning and growth perspectives.
Bandwidth - ANSWERThe range between the highest and lowest transmittable
frequencies. It equates to the transmission capacity of an electronic line and is
expressed in bytes per second or Hertz (cycles per second).
Batch control - ANSWERCorrectness checks built into data processing systems and
applied to batches of input data, particularly in the data preparation stage.
Scope Note: There are two main forms of batch controls: sequence control, which
involves numbering the records in a batch consecutively so that the presence of
each record can be confirmed; and control total, which is a total of the values in
selected fields within the transactions.
Batch processing - ANSWERThe processing of a group of transactions at the same
time.
Scope Note: Transactions are collected and processed against the master files at a
specified time.
Baud rate - ANSWERThe rate of transmission for telecommunications data,
expressed in bits per second (bps).
Benchmarking - ANSWERA systematic approach to comparing enterprise
performance against peers and competitors in an effort to learn the best ways of
conducting business.
Scope Note: Examples include benchmarking of quality, logistic efficiency and
various other metrics.
Biometrics - ANSWERA security technique that verifies an individual's identity by
analyzing a unique physical attribute, such as a handprint.
Black box testing - ANSWERA testing approach that focuses on the functionality of
the application or product and does not require knowledge of the code intervals.
Broadband - ANSWERMultiple channels are formed by dividing the transmission
medium into discrete frequency segments.
Scope Note: Broadband generally requires the use of a modem.
Brouter - ANSWERDevice that performs the functions of both a bridge and a router.
Scope Note: A brouter operates at both the data link and the network layers. It
connects same data link type LAN segments as well as different data link ones,
which is a significant advantage. Like a bridge, it forwards packets based on the data
link layer address to a different network of the same type. Also, whenever required, it
processes and forwards messages to a different data link type network based on the