This site is 100% ad supported. Please add an exception to adblock for this site.

CISA Glossary 5

Start Studying!

Terms

undefined, object
copy deck
"Degauss"
"To apply a variable# alternating current (AC) field for the purpose of demagnetizing magnetic recording media. The process involves increasing the AC field gradually from zero to some maximum value and back to zero# which leaves a very low residue of magnetic induction on the media. Degauss loosely means to erase."
"Demodulation"
"The process of converting an analog telecommunications signal into a digital computer signal"
"Detailed IS ontrols"
"Controls over the acquisition# implementation# delivery and support of IS systems and services. They are made up of application controls plus those general controls not included in pervasive controls."
"Detection risk"
"The risk that the IS auditor's substantive procedures will not detect an error which could be material# individually or in combination with other errors"
"Detective controls"
"These controls exist to detect and report when errors# omissions and unauthorized uses or entries occur."
"Dial-back"
"Used as a control over dial-up telecommunications lines. The telecommunications link established through dial-up into the computer from a remote location is interrupted so the computer can dial back to the caller. The link is permitted only if the caller is from a valid phone number or telecommunications channel."
"Dial-in access controls"
"Controls that prevent unauthorized access from remote users that attempt to access a secured environment. These controls range from dial-back controls to remote user authentication."
"Digital certificate"
"A certificate identifying a public key to its subscriber# corresponding to a private key held by that subscriber. It is a unique code that typically is used to allow the authenticity and integrity of communicated data to be verified."
"digital certification"
"A process to authenticate (or certify) a party’s digital signature# carried out by trusted third parties."
"Digital signature"
"A piece of information# a digitized form of signature# that provides sender authenticity# message integrity and nonrepudiation. A digital signature is generated using the sender’s private key or applying a one-way hash function."
"Direct reporting engagement"
"An engagement where management does not make a written assertion about the effectiveness of their control procedures# and the IS auditor provides an opinion about subject matter directly# such as the effectiveness of the control procedures"
"Discovery sampling"
"A form of attribute sampling that is used to determine a specified probability of finding at least one example of an occurrence (attribute) in a population"
"Diskless workstations"
"A workstation or PC on a network that does not have its own disk. Instead# it stores files on a network file server."
"Distributed data processing network"
"A system of computers connected together by a communications network. Each computer processes its data and the network supports the system as a whole. Such a network enhances communication among the linked computers and allows access to shared files."
"DMZ (demilitarized zone)"
"Commonly it is the network segment between the Internet and a private network. It allows access to services from the Internet and the internal private network# while denying access from the Internet directly to the private network."
"DNS (domain name system)"
"A hierarchical database that is distributed across the Internet that allows names to be resolved into IP addresses (and vice versa) to locate services such as web and e-mail servers"
"DoS (denial-of-service) attack"
"An assault on a service from a single source that floods it with so many requests that it becomes overwhelmed and is either stopped completely or operates at a significantly reduced rate"
"Downloading"
"The act of transferring computerized information from one computer to another computer"
"Downtime report"
"A report that identifies the elapsed time when a computer is not operating correctly because of machine failure"
"Dry-pipe fire extinguisher system"
"Refers to a sprinkler system that does not have water in the pipes during idle usage# unlike a fully charged fire extinguisher system that has water in the pipes at all times. The dry-pipe system is activated at the time of the fire alarm# and water is emitted to the pipes from a water reservoir for discharge to the location of the fire."
"Due care"
"Diligence which a person would exercise under a given set of circumstances"
"Due professional care"
"Diligence which a person# who possesses a special skill# would exercise under a given set of circumstances"
"Dumb terminal"
"A display terminal without processing capability. Dumb terminals are dependent upon the main computer for processing. All entered data are accepted without further editing or validation."
"Duplex routing"
"The method or communication mode of routing data over the communication network (also see half duplex and full duplex)"
"Dynamic analysis"
"Analysis that is performed in real time or in continuous form"
"Echo checks"
"Detects line errors by retransmitting data back to the sending device for comparison with the original transmission"
"e-commerce"
"Defined by ISACA as the processes by which organisations conduct business electronically with their customers# suppliers and other external business partners# using the Internet as an enabling technology. It therefore encompasses both business-to-business (B2B) and business-to-consumer (B2C) e-Commerce models# but does not include existing non-Internet e-Commerce methods based on private networks such as EDI and SWIFT."
"Edit controls"
"Detects errors in the input portion of information that is sent to the computer for processing. The controls may be manual or automated and allow the user to edit data errors before processing."
"Editing"
"Editing ensures that data conform to predetermined criteria and enable early identification of potential errors."
"Electronic cash"
"An electronic form functionally equivalent to cash in order to make and receive payments in cyberbanking"
"Electronic data interchange (EDI)"
"The electronic transmission of transactions (information) between two organizations. EDI promotes a more efficient paperless environment. EDI transmissions can replace the use of standard documents# including invoices or purchase orders."
"Electronic funds transfer (EFT)"
"The exchange of money via telecommunications. EFT refers to any financial transaction that originates at a terminal and transfers a sum of money from one account to another."
"Electronic signature"
"Any technique designed to provide the electronic equivalent of a handwritten signature to demonstrate the origin and integrity of specific data. Digital signatures are an example of electronic signatures."
"Electronic vaulting"
"A data recovery strategy that allows organizations to recover data within hours after a disaster. It includes recovery of data from an offsite storage media that mirrors data via a communication link. Typically used for batch/journal updates to critical files to supplement full backups taken periodically."
"E-mail/interpersonal messaging"
"An individual using a terminal# PC or an application can access a network to send an unstructured message to another individual or group of people."
"Embedded audit module"
"Integral part of an application system that is designed to identify and report specific transactions or other information based on pre-determined criteria. Identification of reportable items occurs as part of real-time processing. Reporting may be real-time online# or may use store and forward methods. Also known as integrated test facility or continuous auditing module."
"Encapsulation (objects)"
"Encapsulation is the technique used by layered protocols in which a lower layer protocol accepts a message from a higher layer protocol and places it in the data portion of a frame in the lower layer."
"Encryption"
"The process of taking an unencrypted message (plaintext)# applying a mathematical function to it (encryption algorithm with a key) and producing an encrypted message (ciphertext)"
"Encryption key"
"A piece of information# in a digitized form# used by an encryption algorithm to convert the plaintext to the ciphertext"
"End-user computing"
"The ability of end users to design and implement their own information system utilizing computer software products"
"Engagement letter"
"Formal document which defines the IS auditor's responsibility# authority and accountability for a specific assignment"
"Enterprise governance"
"A broad and wide-ranging concept of corporate governance# covering associated organizations such as global strategic alliance partners. (Source: Control Objectives for Enterprise Governance Discussion Document# published by the Information Systems Audit and Control Foundation in 1999)"
"enterprise resource planning"
"First# it denotes the planning and management of resources in an enterprise. Second# it denotes a software system that can be used to manage whole business processes# integrating purchasing# inventory# personnel# customer service# shipping# financial management and other aspects of the business. An ERP system typically is based on a common database# various integrated business process application modules and business analysis tools"
"error"
"Error control deviations (compliance testing) or misstatements (substantive testing)"
"Error risk"
"The risk of errors occurring in the area being audited"
"Ethernet"
"A popular network protocol and cabling scheme that uses a bus topology and CSMA/CD (carrier sense multiple access/collision detection) to prevent network failures or collisions when two devices try to access the network at the same time"
"Evidence"
"The information an auditor gathers in the course of performing an IS audit. Evidence is relevant if it pertains to the audit objectives and has a logical relationship to the findings and conclusions it is used to support."
"Exception reports"
"An exception report is generated by a program that identifies transactions or data that appear to be incorrect. These items may be outside a predetermined range or may not conform to specified criteria."
"Executable code"
"The machine language code that is generally referred to as the object or load module"
"Expert systems"
"Expert systems are the most prevalent type of computer systems that arise from the research of artificial intelligence. An expert system has a built in hierarchy of rules# which are acquired from human experts in the appropriate field. Once input is provided# the system should be able to define the nature of the problem and provide recommendations to solve the problem."
Start Studying!

Deck Info

50

permalink