CRISC - Certified in Risk and Information Systems Control term definition - Part 42

IT Governance Basic

Privilege

The level of trust with which a system object is imbued.

Problem

In IT, the unknown underlying cause of one or more incidents.

Problem escalation procedure

The process of escalating a problem up from junior to senior support staff, and ultimately to higher levels of management.

Procedure

A document containing a detailed description of the steps necessary to perform specific operations in conformance with applicable standards. Procedures are defined as part of processes.

Process

Generally, a collection of activities influenced by the enterprise’s policies and procedures that takes inputs from a number of sources, (including other processes), manipulates the inputs and produces outputs.

Process maturity assessment

A subjective assessment technique derived from the Software Engineering Institute (SEI) capability maturity model integration (CMMI) concepts and developed as a COBIT management tool. It provides management with a profile of how well developed the IT management processes are.

Process maturity attribute

The different aspects of a process covered in an assurance initiative.

Production program

Program used to process live or actual data that were received as input into the production environment.

Production software

Software that is being used and executed to support normal and authorized organizational operations.

Professional competence

Proven level of ability, often linked to qualifications issued by relevant professional bodies and compliance with their codes of practice and standards.

Professional standards

Refers to standards issued by ISACA. The term may extend to related guidelines and techniques that assist the professional in implementing and complying with authoritative pronouncements of ISACA. In certain instances, standards of other professional organizations may be considered, depending on the circumstances and their relevance and appropriateness.

Program

A structured grouping of interdependent projects that is both necessary and sufficient to achieve a desired business outcome and create value. These projects could include, but are not limited to, changes in the nature of the business, business processes and the work performed by people as well as the competencies required to carry out the work, the enabling technology, and the organizational structure.

Program Evaluation and Review Technique (PERT)

A project management technique used in the planning and control of system projects.

Program flowchart

Shows the sequence of instructions in a single program or subroutine.

Program narrative

Provides a detailed explanation of program flowcharts, including control points and any external input.

Project

A structured set of activities concerned with delivering a defined capability (that is necessary but not sufficient, to achieve a required business outcome) to the enterprise based on an agreed-on schedule and budget.

Project management officer (PMO)

The individual function responsible for the implementation of a specified initiative for supporting the project management role and advancing the discipline of project management.

Project portfolio

The set of projects owned by a company. It usually includes the main guidelines relative to each project, including objectives, costs, time lines and other information specific to the project.

Project team

Group of people responsible for a project, whose terms of reference may include the development, acquisition, implementation or maintenance of an application system.

Promiscuous mode

Allows the network interface to capture all network traffic irrespective of the hardware device to which the packet is addressed.