CRISC - Certified in Risk and Information Systems Control term definition - Part 26

IT Governance Basic

Hot site

A fully operational offsite data processing facility equipped with both hardware and system software to be used in the event of a disaster.

Hub

A common connection point for devices in a network, hubs are used to connect segments of a local area network (LAN).

Hurdle rate

Also known as required rate of return, above which an investment makes sense and below which it does not. Often based on the cost of capital, plus or minus a risk premium, and often varied based on prevailing economic conditions

Hybrid application controls

Consist of a combination of manual and automated activities, all of which must operate for the control to be effective.

Hyperlink

An electronic pathway that may be displayed in the form of highlighted text, graphics or a button that connects one web page with another web page address.

Hypertext

A language that enables electronic documents that present information to be connected by links instead of being presented sequentially, as is the case with normal text.

Hypertext Markup Language (HTML)

A language designed for the creation of web pages with hypertext and other information to be displayed in a web browser; used to structure information--denoting certain text sure as headings, paragraphs, lists--and can be used to describe, to some degree, the appearance and semantics of a document.

Hypertext Transfer Protocol Secure (HTTPS)

A protocol for accessing a secure web server, whereby all data transferred are encrypted.

Hypertext Transfer Protocol (HTTP)

A communication protocol used to connect to servers on the World Wide Web. Its primary function is to establish a connection with a web server and transmit hypertext markup language (HTML), extensible markup language (XML) or other pages to client browsers.

Hashing

Using a hash function (algorithm) to create hash valued or checksums that validate message integrity

Hijacking

An exploitation of a valid network session for unauthorized purposes

Horizontal defense-in depth

Controls are placed in various places in the path to access an asset (this is functionally equivalent to concentric ring model above).

Human firewall

A person prepared to act as a network layer of defense through education and awareness

hash

A cryptographic hash function takes an input of an arbitrary length and produces an output (also known as a message digest) that is a standard-sized binary string. The output is unique to the input in such a way that even a minor change to the input results in a completely different output. Modern cryptographic hash functions are also resistant to collisions (situations in which different inputs produce identical output); a collision, while possible, is statistically improbable. Cryptographic hash functions are developed so that input cannot be determined readily from the output.

Identity access management (IAM)

Encapsulates people, processes and products to identify and manage the data used in an information system to authenticate users and grant or deny access rights to data and system resources. The goal of IAM is to provide appropriate access to enterprise resources.

Idle standby

A fail-over process in which the primary node owns the resource group and the backup node runs idle, only supervising the primary node.

IEEE (Institute of Electrical and Electronics Engineers)

Pronounced I-triple-E; IEEE is an organization composed of engineers, scientists and students.

Image processing

The process of electronically inputting source documents by taking an image of the document, thereby eliminating the need for key entry.

Impact analysis

A study to prioritize the criticality of information resources for the enterprise based on costs (or consequences) of adverse events. In an impact analysis, threats to assets are identified and potential business losses determined for different time periods. This assessment is used to justify the extent of safeguards that are required and recovery time frames. This analysis is the basis for establishing the recovery strategy.

Impact assessment

A review of the possible consequences of a risk.