|
3GSM World Congress Show
Conference for the 3G mobile industry. Held in 2006 in Barcelona.
Application Access
Access to an application via direct connection, Web services or a terminal.
Application Controls
A type of control activity. Typically involve controls over processing of individual applications, ensure transactions are valid, properly authorized, completely and accurately processed.
ATE
Automated Test Environment
Blue Coat
Vendor of secure content and application delivery solutions.
By-name Authorization
From an individual username, connecting authorized access to a data target.
CISSP
Certified Information Systems Security Professional
CODIS
Combined DNA Index System
Control policies and procedures to ensure actions identified as necessary for risk assessment are carried out. They have to be both established and executed for their effectiveness to be established. Control activities are made up of two elements, policies and procedures.
Control Environment
One of five components of internal control according to the COSO Internal Control Framework
Senior management have to set the tone at the top, that positively influences the control consciousness of entity personnel. Discipline and structure are generated by the control environment and is the central building block for the other components of internal control.
COSO
Committee Of Sponsoring Organizations of the Treadway Commission
COSO Framework
Most widely used framework to assess the effectiveness of internal control.
CPS
Crown Prosecution Service
Data Confidentiality
Access to data is limited to the those with a need to know. All others are denied access.
Data Field Access
Access to one or more selected fields in a database.
Data Governance
The process by which companies govern appropriate access to and the use and transmission of their critical data by measuring operational risk and controlling security exposures.
Data Integrity
Accuracy and reliability of published and non-published information maintenance.
Database Access
Access to one or more data entries in a database.
DHS
Department of Homeland Security
DNS
Domain Name System
ECM
Enterprise Content Management
EDI
Electronic Data Interchange
ERM
Enterprise Risk Management
Gen2
RFID standard setting interoperability and bandwidth technologies
General Controls
A type of control activity. Typically involve controls over data center operations, system software acquisition, system maintenance and access security.
Homeland Security Presidential Directive 12.
Directive from the U.S. Federal Government requiring all Federal employees and contractors be issued with a uniform card by October 2006 for access to facilities and computer systems.
HSPD-12
Homeland Security Presidential Directive 12.
IAPP
International Association of Privacy Professionals
IISP
Institute of Information Security Professionals
Information Systems Audit and Control Association
Publisher with Information Technology Governance Institute of the IT Control Objectives for Sarbanes-Oxley.
Information Technology Governance Institute
Publisher with Information Systems Audit and Control Association of the IT Control Objectives for Sarbanes-Oxley.
Internal Control - Integrated Framework
Formal name of the COSO Framework
ITA
Information Technology Architecure
ITGI
Information Technology Governance Institute
NBA
Network Behavior Analysis
NetRegulus
Provider of web-based Enterprise Regulatory Management software that allows Life Science companies to effectively manage their clinical study and quality data.
Network Access
Access to network connected resources.
NIST
National Institute of Standards and Technology
Nonrepudiation
Reducing an end-users ability to deny he was the one who authorized an action or sent a message.
Objectives
The COSO Framework defines three broad categories:- compliance with laws and regulations, financial reporting and operations. In relation to Sarbanes-Oxley the important one is financial reporting.
Password Reset
Replacing an existing password with a new one. The old password is cancelled. Task performed by the end user, help desk or an administrator
Password Synchronisation
Moving passwords and sometimes usernames from one repository to another using automated processes.
Policy
1) Establishes what should be done. Part of the Control activities.
Public Company Accounting Oversight Board
Organization set up under Sarbanes-Oxley Act 2002 to regulate auditing of public companies and auditors.
RFID
Radio Frequency Identification
Risks faced by the company have to be recognized. Objectives have to be set, integrated into the value-chain. To achieve the objectives, risks have to be identified, analyzed and develop methods to manage them.
RSA Conference
Conference organised every year by security giant RSA.
Section 302
Section of the Sarbanes-Oxley Act of 2002 requiring a certification to accompany each quarterly and annual report filed with the SEC.
Section 404
Section of the Sarbanes-Oxley Act of 2002 mandating CEOs and CFOs of public companies to evaluate and report on the effectiveness of an entity's internal control over financial reporting.
Segregation of Duties
A type of control activity. Different people are assigned responsibilities for authorizing transactions, recording transactions and maintaining custody of assets. The purpose is to inhibit the perpetration and concealment errors or irregularities, by reducing the opportunity to do so in the course of people's everyday work.
Self-Enrollment
End-user is permitted to enter his own identity information using an online process
Single sign-on
Using the same username/password combination to access every resource from a single logon event.
SMTP
Simple Mail Transfer Protocol
SSL
Secure Sockets Layer
Web Access Control
Internal controls limiting Web server and Web application access.
WebEx
Provider or on-demand collaborative business applications.
WFI
Supplier of design, deployment and management of wireless communication networks, technology networks and security systems.
|