CRISC - Certified in Risk and Information Systems Control term definition - Part 50

IT Governance Basic

Security metrics

A standard of measurement used in management of security-related activities.

Security perimeter

The boundary that defines the area of security concern and security policy coverage.

Security policy

A high-level document representing an enterprise’s information security philosophy and commitment.

Security procedures

The formal documentation of operational steps and processes that specify how security goals and objectives set forward in the security policy and standards are to be achieved.

Security software

Software used to administer security, which usually includes authentication of users, access granting according to predefined rules, monitoring and reporting functions.

Security standards

Practices, directives, guidelines, principles or baselines that state what needs to be done and focus areas of current relevance and concern; they are a translation of issues already mentioned in the security policy.

Security testing

Ensuring that the modified or new system includes appropriate controls and does not introduce any security holes that might compromise other systems or misuses of the system or its information

Security/transaction risk

The current and prospective risk to earnings and capital arising from fraud, error and the inability to deliver products or services, maintain a competitive position, and manage information.

Segregation/separation of duties (SoD)

A basic internal control that prevents or detects errors and irregularities by assigning to separate individuals the responsibility for initiating and recording transactions and for the custody of assets.

Sensitivity

A measure of the impact that improper disclosure of information may have on an enterprise.

Sequence check

Verification that the control number follows sequentially and any control numbers out of sequence are rejected or noted on an exception report for further research.

Sequential fle

A computer file storage format in which one record follows another.

Service bureau

A computer facility that provides data processing services to clients on a continual basis.

Service delivery objective (SDO)

Directly related to the business needs, SDO is the level of services to be reached during the alternate process mode until the normal situation is restored.

Service desk

The point of contact within the IT organization for users of IT services.

Service level agreement (SLA)

An agreement, preferably documented, between a service provider and the customer(s)/user(s) that defines minimum performance targets for a service and how they will be measured.

Service provider

An organization supplying services to one or more (internal or external) customers.

Service Set Identifier (SSID)

A 32-character unique identifier attached to the header of packets sent over a wireless local area network (WLAN) that acts as a password when a mobile device tries to connect to the base station subsystem (BSS).

Service user

The organization using the outsourced service.

Service-oriented architecture (SOA)

A cloud-based library of proven, functional software applets that are able to be connected together to become a useful online application.