CRISC - Certified in Risk and Information Systems Control term definition - Part 40

IT Governance Basic

Passive assault

Intruders attempt to learn some characteristic of the data being transmitted.

Passive response

A response option in intrusion detection in which the system simply reports and records the problem detected, relying on the user to take subsequent action.

Password

A protected, generally computer-encrypted string of characters that authenticate a computer user to the computer system.

Password cracker

A tool that tests the strength of user passwords by searching for passwords that are easy to guess. It repeatedly tries words from specially crafted dictionaries and often also generates thousands (and in some cases, even millions) of permutations of characters, numbers and symbols.

Patch management

An area of systems management that involves acquiring, testing and installing multiple patches (code changes) to an administered computer system in order to maintain up-to-date software and often to address security risk.

Payback period

The length of time needed to recoup the cost of capital investment. Financial amounts in the payback formula are not discounted. Note that the payback period does not take into account cash flows after the payback period and therefore is not a measure of the profitability of an investment project. The scope of the internal rate of return (IRR), net present value (NPV) and payback period is the useful economic life of the project up to a maximum of five years.

Payment system

A financial system that establishes the means for transferring money between suppliers and users of funds, ordinarily by exchanging debits or credits between banks or financial institutions.

Payroll system

An electronic system for processing payroll information and the related electronic (e.g., electronic timekeeping and/or human resources [HR] system), human (e.g., payroll clerk), and external party (e.g., bank) interfaces. In a more limited sense, it is the electronic system that performs the processing for generating payroll checks and/or bank direct deposits to employees.

Penetration testing

A live test of the effectiveness of security defenses through mimicking the actions of real-life attackers

Performance

In IT, the actual implementation or achievement of a process.

Performance driver

A measure that is considered the "driver" of a lag indicator. It can be measured before the outcome is clear and, therefore, is called a "lead indicator.

Performance indicators

A set of metrics designed to measure the extent to which performance objectives are being achieved on an on-going basis.

Performance management

In IT, the ability to manage any type of measurement, including employee, team, process, operational or financial measurements. The term connotes closed-loop control and regular monitoring of the measurement.

Performance testing

Comparing the system’s performance to other equivalent systems, using well-defined benchmarks.

Peripherals

Auxiliary computer hardware equipment used for input, output and data storage.

Personal digital assistant (PDA)

Also called palmtop and pocket computer, PDA is a handheld device that provide computing, Internet, networking and telephone characteristics.

Personal identification number (PIN)

A type of password (i.e., a secret number assigned to an individual) that, in conjunction with some means of identifying the individual, serves to verify the authenticity of the individual.

Pervasive IS control

General control designed to manage and monitor the IS environment and which, therefore, affects all IS-related activities.

Phase of BCP

A step-by-step approach consisting of various phases

Phishing

This is a type of electronic mail (e-mail) attack that attempts to convince a user that the originator is genuine, but with the intention of obtaining information for use in social engineering.