Studied by 3 peopleIT Governance Basic
Stakeholder
Anyone who has a responsibility for, an expectation from or some other interest in the enterprise.
System of internal control
The policies, standards, plans and procedures, and organizational structures designed to provide reasonable assurance that enterprise objectives will be achieved and undesired events will be prevented or detected and corrected
Sampling stratification
The process of dividing a population into subpopulations with similar characteristics explicitly defined, so that each sampling unit can belong to only one stratum
Secure Electronic Transaction (SET)
A standard that will ensure that credit card and associated payment order information travels safely and securely between the various involved parties on the Internet.
Secure Multipurpose Internet Mail Extensions (S/MIME)
Provides cryptographic security services for electronic messaging applications: authentication, message integrity and non-repudiation of origin (using digital signatures) and privacy and data security (using encryption) to provide a consistent way to send and receive MIME data. (RFC 2311)
Secure Shell (SSH)
Network protocol that uses cryptography to secure communication, remote command line login and remote command execution between two networked computers
Security as a Service (SecaaS)
The next generation of managed security services dedicated to the delivery, over the Internet, of specialized information-security services.
Significant deficiency
A deficiency or a combination of deficiencies, in internal control, that is less severe than a material weakness, yet important enough to merit attention by those responsible for oversight.
Single factor authentication (SFA)
Authentication process that requires only the user ID and password to grant access
Source routing specification
A transmission technique where the sender of a packet can specify the route that packet should follow through the network
Spam
Computer-generated messages sent as unsolicited advertising
Spear phishing
A targeted attack where social engineering techniques are used to masquerade as a trusted party to obtain sensitive information (personal, financial, intellectual property, etc.) or install malware.
SQL injection
Results from failure of the application to appropriately validate input. When specially crafted user-controlled input consisting of SQL syntax is used without proper validation as part of SQL queries, it is possible to glean information from the database in ways not envisaged during application design. (MITRE)
Stateful inspection
A firewall architecture that tracks each connection traversing all interfaces of the firewall and makes sure they are valid.
Statutory requirements
Laws created by government institutions
Sufficient evidence
The measure of the quantity of audit evidence; supports all material questions to the audit objective and scope.
Sufficient information
Information is sufficient when evaluators have gathered enough of it to form a reasonable conclusion. For information to be sufficient, however, it must first be suitable.
Suitable information
Relevant (i.e., fit for its intended purpose), reliable (i.e., accurate, verifiable and from an objective source) and timely (i.e., produced and used in an appropriate time frame) information.
Supervisory control and data acquisition (SCADA)
Systems used to control and monitor industrial and manufacturing processes, and utility facilities
System hardening
A process to eliminate as many security risks as possible by removing all nonessential software programs, protocols, services and utilities from the system
Note
Flashcard