Access control list (ACL). An internal computerized table of access rules regarding the levels of computer access permitted to logon IDs and computer terminals.
Access rights. The permission or privileges granted to users, programs or workstations to create, change, delete or view data and files within a system, as defined by rules established by data owners and the information security policy.
Application. A set of programs, data and clerical procedures which together form an information system designed to handle a specific administrative or business function (e.g. accounting, payment of grants, recording of inventory). Most applications can usefully be viewed as processes with input, processing, stored data, and output.
Audit trail. A visible trail of evidence enabling one to trace information contained in statements or reports back to the original input source.
Availability. The accessibility of a system, resource or file, where and when required. The time that a system is not available is called downtime. Availability is determined by reliability, maintainability, serviceability, performance, and security.
Backup. A duplicate copy (e.g. of a document or of an entire disc) made either for archiving purposes or for safeguarding valuable files from loss should the active copy be damaged or destroyed. A backup is an "insurance" copy.
Batch. A set of computer data or jobs to be processed in a single program run.
Buffer overflow. It occurs when a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold. Although it may occur accidentally through programming error, buffer overflow is an increasingly common type of security attack on data integrity.
Business continuity plan (BCP). A logistical plan to recover and restore the critical business operations within a predetermined time after a disaster or extended disruption. Some of the critical business operations need IT services to continue: these are the critical IT services. A part of the BCP is the Disaster Recovery Plan that addresses the restoration of the critical IT services.
Change management. The process responsible for controlling the lifecycle of all changes. The primary objective of change management is to enable beneficial changes to be made, with minimum disruption to IT Services.
Check digit. A numeric value, which has been calculated mathematically, is added to data to ensure that original data have not been altered or that an incorrect, but valid match has occurred.
Control objective. A statement of the desired result or purpose to be achieved by implementing control procedures in a particular process.
Data dictionary. A database that contains the name, type, source and authorization for access for each data element in the organisation’s files and databases. It also indicates which application programmes use that data so that when a data structure is contemplated, a list of the affected programmes can be generated.
Disaster recovery plan (DRP). A plan used to restore the critical IT services in case of a disaster affecting IT infrastructure. A DRP is not valid unless tested at least once a year. The DRP is a part of the BCP.
Hash total. A figure obtained by some operations upon all the items in a collection of data and used for control purposes. A recalculation of the hash total, and comparison with a previously computed value, provides a check on the loss or corruption of the data.
Input. Information/data received by the computer system either from an external source or from another area within the computer environment.
Integrity. One of the information criteria that information is valid, complete and accurate.
IT governance. The responsibility of executives and the board of directors, and consists of the leadership, organizational structures and processes that ensure that the enterprise’s IT sustains and extends the organization's strategies and objectives.
IT risks. The business risk associated with the use, ownership, operation, involvement, influence and adoption of IT within an enterprise
IT risk map. A tool for ranking and displaying IT risks by defined ranges for frequency and magnitude.
IT Steering Committee. Comprising of user representatives from all areas of the business, and IT. The steering committee would be responsible for the overall direction of IT. Involvement of the management in this committee is indispensable to assure business alignment in IT governance. The IT steering committee assists the executive in the delivery of the IT strategy, oversees day-to-day management of IT service delivery and IT projects and focuses on implementation.
IT strategic plan. A long term plan, i.e., three to five year horizon, in which business and IT management cooperatively describe how IT resources will contribute to the enterprise’s strategic objectives (goals).
Job description. A document which defines the roles, responsibilities, skills and knowledge required by a particular person.
Log. A log is to record details of information or events in an organized record-keeping system, usually sequenced in the order they occurred.
Logical access controls. The use of software to prevent unauthorized access to IT resources (including files, data, and programs) and the associated administrative procedures.
Output. Information/data produced by computer processing, such as graphic display on a terminal and hard copy.
Outsourcing. A formal agreement with a third party to perform a function for an organization.
Owner. The individual (or unit) responsible for particular (IS or IT) assets.
Recovery point objective (RPO). The RPO is determined based on the acceptable data loss in case of a disruption of operations. It indicates the earliest point in time to which it is acceptable to recover the data.
Recovery time objective (RTO). The amount of time allowed for the recovery of a business function or resource after a disaster occurs.
Production environment. A controlled environment containing live configuration items used to deliver it services to customers.
Segregation of duties. is a control which aims to ensure that transactions are properly authorised, recorded, and that assets are safeguarded. It has two dimensions: separation of the responsibility for the controls of assets from the responsibility for maintaining the related accounting records; and separation of functions within the IT environment.
Sequence check. A verification that the control number follows sequentially and any control numbers out of sequence are rejected or noted on an exception report for further research.
Service level agreement (SLA). A written agreement between the provider of a service and the users. A SLA contains “service level objectives” such as uptime (when an application must be available), and the acceptable response time. SLAs should exist between IT and the users for each service and application. SLAs must also be a part of the contract with external providers.
Source code. The text written in a computer programming language. The source code consists of the programming statements that are created by a programmer with a text editor or a visual programming tool and then saved in a file.
Source documents. The forms used to record data that have been captured. A source document may be a piece of paper, a turnaround document or an image displayed for online data input.
Token. A device that is used to authenticate a user, typically in addition to a username and password.
User. Individual or unit that makes use of information systems. Specifically, in business and administration, a managed organisational unit which uses information systems to carry out the functions for which it is responsible in the organization, and is thus the customer for a service provided by the IT department.
Validity check. Software control over input of data to a computer system. Data is compared with the type of data properly included in each input field, e.g., only letters in a name field.
Source:https://methodology.eca.europa.eu/aware/Documents/IT-audit-glossary.docx
Web site to visit: https://methodology.eca.europa.eu/
Author of the text: indicated on the source document of the above text
If you are the author of the text above and you not agree to share your knowledge for teaching, research, scholarship (for fair use as indicated in the United States copyrigh low) please send us an e-mail and we will remove your text quickly. Fair use is a limitation and exception to the exclusive right granted by copyright law to the author of a creative work. In United States copyright law, fair use is a doctrine that permits limited use of copyrighted material without acquiring permission from the rights holders. Examples of fair use include commentary, search engines, criticism, news reporting, research, teaching, library archiving and scholarship. It provides for the legal, unlicensed citation or incorporation of copyrighted material in another author's work under a four-factor balancing test. (source: http://en.wikipedia.org/wiki/Fair_use)
The information of medicine and health contained in the site are of a general nature and purpose which is purely informative and for this reason may not replace in any case, the council of a doctor or a qualified entity legally to the profession.
The texts are the property of their respective authors and we thank them for giving us the opportunity to share for free to students, teachers and users of the Web their texts will used only for illustrative educational and scientific purposes only.
All the information in our site are given for nonprofit educational purposes