CRISC - Certified in Risk and Information Systems Control term definition - Part 39

IT Governance Basic

Organization

The manner in which an enterprise is structured; can also mean the entity.

Organization for Economic Cooperation and Development (OECD)

An international organization helping governments tackle the economic, social and governance challenges of a global economy.

Outcome

Result

Outcome measure

Represents the consequences of actions previously taken; often referred to as a lag indicator. Outcome measure frequently focuses on results at the end of a time period and characterize historic performance. They are also referred to as a key goal indicator (KGI) and used to indicate whether goals have been met. These can be measured only after the fact and, therefore, are called "lag indicators."

Output analyzer

Checks the accuracy of the results produced by a test run. There are three types of checks that an output analyzer can perform. First, if a standard set of test data and test results exist for a program, the output of a test run after program maintenance can be compared with the set of results that should be produced. Second, as programmers prepare test data and calculate the expected results, these results can be stored in a file and the output analyzer compares the actual results of a test run with the expected results. Third, the output analyzer can act as a query language; it accepts queries about whether certain relationships exist in the file of output results and reports compliance or noncompliance.

Outsourcing

A formal agreement with a third party to perform IS or other business functions for an enterprise.

Objective

Statement of a desired outcome COBIT 5 perspective

Organizational structure

An enabler of governance and of management. Includes the enterprise and its structures, hierarchies and dependencies. COBIT 5 perspective

Owner

Individual or group that holds or possesses the rights of and the responsibilities for an enterprise, entity or asset- COBIT 5 perspective

Obfuscation

The deliberate act of creating source or machine code that is difficult for humans to understand

Open Systems Interconnect (OSI) model

A model for the design of a network. The open systems interconnect (OSI) model defines groups of functionality required to network computers into layers. Each layer implements a standard protocol to implement its functionality. There are seven layers in the OSI model.

Open Web Application Security Project (OWASP)

An open community dedicated to enabling organizations to conceive, develop, acquire, operate, and maintain applications that can be trusted

Packet

Data unit that is routed from source to destination in a packet-switched network.

Packet filtering

Controlling access to a network by analyzing the attributes of the incoming and outgoing packets and either letting them pass, or denying them, based on a list of rules.

Packet internet groper (PING)

An Internet program (Internet Control Message Protocol [ICMP]) used to determine whether a specific IP address is accessible or online. It is a network application that uses User Datagram Protocol (UDP) to verify reachability of another host on the connected network.

Packet switching

The process of transmitting messages in convenient pieces that can be reassembled at the destination.

Paper test

A walk-through of the steps of a regular test, but without actually performing the steps.

Parallel simulation

Involves an IS auditor writing a program to replicate those application processes that are critical to an audit opinion and using this program to reprocess application system data. Parallel testing

Parity check

A general hardware control that helps to detect data errors when data are read from memory or communicated from one computer to another.

Partitioned file

A file format in which the file is divided into multiple sub files and a directory is established to locate each sub file.