CRISC - Certified in Risk and Information Systems Control term definition - Part 43

IT Governance Basic

Protection domain

The area of the system that the intrusion detection system (IDS) is meant to monitor and protect.

Protocol

The rules by which a network operates and controls the flow and priority of transmissions.

Protocol converter

Hardware devices, such as asynchronous and synchronous transmissions, that convert between two different types of transmission.

Protocol stack

A set of utilities that implement a particular network protocol. For instance, in Windows machines a Transmission Control Protocol/Internet Protocol (TCP/IP) stack consists of TCP/IP software, sockets software and hardware driver software.

Prototyping

The process of quickly putting together a working model (a prototype) in order to test various aspects of a design, illustrate ideas or features and gather early user feedback. Prototyping uses programmed simulation techniques to represent a model of the final system to the user for advisement and critique. The emphasis is on end-user screens and reports. Internal controls are not a priority item since this is only a model.

Proxy server

A server that acts on behalf of a user. Typical proxies accept a connection from a user, make a decision as to whether the user or client IP address is permitted to use the proxy, perhaps perform additional authentication, and complete a connection to a remote destination on behalf of the user.

Public key

In an asymmetric cryptographic scheme, the key that may be widely published to enable the operation of the scheme.

Public key encryption

A cryptographic system that uses two keys: one is a public key, which is known to everyone, and the second is a private or secret key, which is only known to the recipient of the message. See also Asymmetric Key.

Public key infrastructure (PKI)

A series of processes and technologies for the association of cryptographic keys with the entity to whom those keys were issued.

Principle

An enabler of governance and of management. Comprises the values and fundamental assumptions held by the enterprise, the beliefs that guide and put boundaries around the enterprise’s decision making, communication within and outside the enterprise, and stewardship--caring for assets ownedby another- COBIT 5 perspective

Process goals

A statement describing the desired outcome of a process. An outcome can be an artifact, a significant change of a state or a significant capability improvement of other processes. COBIT 5 perspective

Program and project management office (PMO)

The function responsible for supporting program and project managers, and gathering, assessing and reporting information about the conduct of their programs and constituent projects

Patch

Fixes to software programming errors and vulnerabilities

Payload

The section of fundamental data in a transmission. In malicious software this refers to the section containing the harmful data/code.

Plain old telephone service (POTS)

A wired telecommunications system.

Port (Port number)

A process or application-specific software element serving as a communication endpoint for the Transport Layer IP protocols (UDP and TCP)

Port scanning

The act of probing a system to identify open ports

Prime number

A natural number greater than 1 that can only be divided by 1 and itself.

Principle of least privilege/access

Controls used to allow the least privilege access needed to complete a task

Probe

Inspect a network or system to find weak spots