CRISC - Certified in Risk and Information Systems Control term definition - Part 53

IT Governance Basic

Subject matter

The specific information subject to an IS auditor’s report and related procedures, which can include things such as the design or operation of internal controls and compliance with privacy practices or standards or specified laws and regulations (area of activity).

Substantive testing

Obtaining audit evidence on the completeness, accuracy or existence of activities or transactions during the audit period.

Sufficient audit evidence

Audit evidence is sufficient if it is adequate, convincing and would lead another IS auditor to form the same conclusions.

Supply chain management (SCM)

A concept that allows an enterprise to more effectively and efficiently manage the activities of design, manufacturing, distribution, service and recycling of products and service its customers.

Surge suppressor

Filters out electrical surges and spikes.

Suspense file

A computer file used to maintain information (transactions, payments or other events) until the proper disposition of that information can be determined.

Switches

Typically associated as a data link layer device, switches enable local area network (LAN) segments to be created and interconnected, which has the added benefit of reducing collision domains in Ethernet-based networks.

Symmetric key encryption

System in which a different key (or set of keys) is used by each pair of trading partners to ensure that no one else can read their messages. The same key is used for encryption and decryption. See also Private Key Cryptosystem.

Synchronize (SYN)

A flag set in the initial setup packets to indicate that the communicating parties are synchronizing the sequence numbers used for the data transmission.

Synchronous transmission

Block-at-a-time data transmission.

System development life cycle (SDLC)

The phases deployed in the development or acquisition of a software system.

System exit

Special system software features and utilities that allow the user to perform complex system maintenance.

System flowchart

Graphic representations of the sequence of operations in an information system or program

System narrative

Provides an overview explanation of system flowcharts, with explanation of key control points and system interfaces.

System software

A collection of computer programs used in the design, processing and control of all applications.

System testing

Testing conducted on a complete, integrated system to evaluate the system's compliance with its specified requirements.

Systems acquisition process

Procedures established to purchase application software, or an upgrade, including evaluation of the supplier's financial stability, track record, resources and references from existing customers.

Systems analysis

The systems development phase in which systems specifications and conceptual designs are developed based on end-user needs and requirements.

Service catalogue

Structured information on all IT services available to customers. COBIT 5 perspective

Skill

The learned capacity to achieve pre-determined results