CRISC - Certified in Risk and Information Systems Control term definition - Part 44

IT Governance Basic

Professional judgement

The application of relevant knowledge and experience in making informed decisions about the courses of action that are appropriate in the circumstances of the IS audit and assurance engagement

Professional skepticism

An attitude that includes a questioning mind and a critical assessment of audit evidence. American Institute of Certified Public Accountants (AICPA) AU 230.07

Public switched telephone network (PSTN)

A communications system that sets up a dedicated channel (or circuit) between two points for the duration of the transmission.

primitive

A primitive is a fundamental interface, block of code or basic functionality that can be deployed and reused within broader systems or interfaces. Primitives can be combined in various ways to accomplish particular tasks. In cryptosystems, primitives form the building blocks of cryptographic algorithms.

private key cryptosystems

Private key cryptosystems involve secret, private keys. The keys are also known as symmetric ciphers because the same key both encrypts message plaintext from the sender and decrypts resulting ciphertext for a recipient. See symmetric cipher.

Public key cryptosystem

Public key cryptosystems combine a widely distributed public key and a closely held, protected private key. A message that is encrypted by the public key can only be decrypted by the mathematically related, counterpart private key. Conversely, only the public key can decrypt data that was encrypted by its corresponding private key. See asymmetric cipher.

Quality Assurance (QA)

A planned and systematic patter of all actions necessary to provide adequate confidence that an item or product conforms to established technical requirements. (ISO/IEC 24765)

Quality management system (QMS)

A system that outlines the policies and procedures necessary to improve and control the various processes that will ultimately lead to improved enterprise performance.

Queue

A group of items that is waiting to be serviced or processed.

Quick ship

A recovery solution provided by recovery and/or hardware vendors and includes a pre-established contract to deliver hardware resources within a specified number amount of hours after a disaster occurs.

Quality

Being fit for purpose (achieving intended value)

RACI chart

Illustrates who is Responsible, Accountable, Consulted and Informed within an organizational framework.

Radio wave interference

The superposition of two or more radio waves resulting in a different radio wave pattern that is more difficult to intercept and decode properly.

Random access memory (RAM)

The computer’s primary working memory.

Range check

Range checks ensure that data fall within a predetermined range.

Rapid application development

A methodology that enables enterprises to develop strategically important systems faster, while reducing development costs and maintaining quality by using a series of proven application development techniques, within a well-defined methodology.

Real-time analysis

Analysis that is performed on a continuous basis, with results gained in time to alter the run-time system.

Real-time processing

An interactive online system capability that immediately updates computer files when transactions are initiated through a terminal.

Reasonable assurance

A level of comfort short of a guarantee, but considered adequate given the costs of the control and the likely benefits achieved.

Reasonableness check

Compares data to predefined reasonability limits or occurrence rates established for the data.