CRISC - Certified in Risk and Information Systems Control term definition - Part 46

IT Governance Basic

Remote procedure call (RPC)

The traditional Internet service protocol widely used for many years on UNIX-based operating systems and supported by the Internet Engineering Task Force (IETF) that allows a program on one computer to execute a program on another (e.g., server).

Repeaters

A physical layer device that regenerates and propagates electrical signals between two network segments.

Replication

In its broad computing sense, involves the use of redundant software or hardware elements to provide availability and fault-tolerant capabilities. In a database context, replication involves the sharing of data between databases to reduce workload among database servers, thereby improving client performance while maintaining consistency among all systems.

Repository

An enterprise database that stores and organizes data.

Repudiation

The denial by one of the parties to a transaction, or participation in all or part of that transaction, or of the content of communication related to that transaction.

Reputation risk

The current and prospective effect on earnings and capital arising from negative public opinion..

Request for comments (RFC)

A document that has been approved by the Internet Engineering Task Force (IETF) becomes an RFC and is assigned a unique number once published. If the RFC gains enough interest, it may evolve into an Internet standard.

Request for proposal (RFP)

A document distributed to software vendors requesting them to submit a proposal to develop or provide a software product.

Requirements definition

A technique used in which the affected user groups define the requirements of the system for meeting the defined needs.

Residual risk

The remaining risk after management has implemented a risk response.

Resilience

The ability of a system or network to resist failure or to recover quickly from any disruption, usually with minimal recognizable effect

Responsible

In a Responsible, Accountable, Consulted, Informed (RACI) chart, refers to the person who must ensure that activities are completed successfully.

Return on investment (ROI)

A measure of operating performance and efficiency, computed in its simplest form by dividing net income by the total investment over the period being considered.

Reverse engineering

A software engineering technique whereby an existing application system code can be redesigned and coded using computer-aided software engineering (CASE) technology.

Ring configuration

Used in either token ring or fiber distributed data interface (FDDI) networks, all stations (nodes) are connected to a multi-station access unit (MSAU), that physically resembles a star-type topology.

Ring topology

A type of local area network (LAN) architecture in which the cable forms a loop, with stations attached at intervals around the loop.

Risk

The combination of the probability of an event and its impact.

Risk aggregation

The process of integrating risk assessments at a corporate level to obtain a complete view on the overall risk for the enterprise.

Risk analysis

1. A process by which frequency and magnitude of IT risk scenarios are estimated. 2. The initial steps of risk management: analyzing the value of assets to the business, identifying threats to those assets and evaluating how vulnerable each asset is to those threats. It often involves an evaluation of the probable frequency of a particular event, as well as the probable impact of that event.

Risk appetite

The amount of risk, on a broad level, that an entity is willing to accept in pursuit of its mission.