CRISC - Certified in Risk and Information Systems Control term definition - Part 16

Cryptosystem

A pair of algorithms that take a key and convert plaintext to ciphertext and back

Cyberespionage

Activities conducted in the name of security, business, politics or technology to find information that ought to remain secret. It is not inherently military.

Cybersecurity

The protection of information assets by addressing threats to information processed, stored, and transported by internetworked information systems

Cybersecurity architecture

Describes the structure, components and topology (connections and layout) of security controls within an enterprise's IT infrastructure

Cyberwarfare

Activities supported by military organizations with the purpose to threat the survival and well-being of society/foreign entity

checksum

A checksum value is generated by algorithm and associated with an input value and/or whole input file. The checksum value can be used to assess its corresponding input data or file at a later date and verify that the input has not been maliciously altered. It is highly improbable that an unauthorized party could alter the input without also altering the corresponding checksum output. If a subsequent checksum value no longer matches the initial value, the input may have been altered or corrupted.

Damage evaluation

The determination of the extent of damage that is necessary to provide for an estimation of the recovery time frame and the potential loss to the enterprise.

Dashboard

A tool for setting expectations for an enterprise at each level of responsibility and continuous monitoring of the performance against set targets.

Data analysis

Typically in large enterprises in which the amount of data processed by the enterprise resource planning (ERP) system is extremely voluminous, analysis of patterns and trends proves to be extremely useful in ascertaining the efficiency and effectiveness of operations.

Data classification

The assignment of a level of sensitivity to data (or information) that results in the specification of controls for each level of classification. Levels of sensitivity of data are assigned according to predefined categories as data are created, amended, enhanced, stored or transmitted. The classification level is an indication of the value or importance of the data to the enterprise.

Data classification scheme

An enterprise scheme for classifying data by factors such as criticality, sensitivity and ownership.

Data communications

The transfer of data between separate computer processing sites/devices using telephone lines, microwave and/or satellite links.

Data custodian

The individual(s) and department(s) responsible for the storage and safeguarding of computerized data.

Data dictionary

A database that contains the name, type, range of values, source and authorization for access for each data element in a database.It also indicates which application programs use those data so that when a data structure is contemplated, a list of the affected programs can be generated.

Data diddling

Changing data with malicious intent before or during input into the system.

Data Encryption Standard (DES)

An algorithm for encoding binary data.It is a secret key cryptosystem published by the National Bureau of Standards (NBS), the predecessor of the US National Institute of Standards and Technology (NIST). DES and its variants has been replaced by the Advanced Encryption Standard (AES)

Data flow

The flow of data from the input (in Internet banking, ordinarily user input at his/her desktop) to output (in Internet banking, ordinarily data in a bank’s central database).Data flow includes travel through the communication lines, routers, switches and firewalls as well as processing through various applications on servers, which process the data from user fingers to storage in a bank's central database.

Data integrity

The property that data meet with a priority expectation of quality and that the data can be relied on.

Data leakage

Siphoning out or leaking information by dumping computer files or stealing computer reports and tapes.

Data normalization

A structured process for organizing data into tables in such a way that it preserves the relationships among the data.