CRISC - Certified in Risk and Information Systems Control term definition - Part 22

IT Governance Basic

Event

Something that happens at a specific place and/or time

Event type

For the purpose of IT risk management, one of three possible sorts of events: threat event, loss event and vulnerability event.

Evidence

1 Information that proves or disproves a stated issue. 2 Information that an auditor gathers in the course of performing an IS audit; relevant if it pertains to the audit objectives and has a logical relationship to the findings and conclusions it is used to support.

Exception reports

An exception report is generated by a program that identifies transactions or data that appear to be incorrect.

Exclusive-OR (XOR)

The exclusive-OR operator returns a value of TRUE only if just one of its operands is TRUE. The XOR operation is a Boolean operation that produces a 0 if its two Boolean inputs are the same (0 and 0 or 1 and 1) and that produces a 1 if its two inputs are different (1 and 0). In contrast, an inclusive-OR operator returns a value of TRUE if either or both of its operands are TRUE.

Executable code

The machine language code that is generally referred to as the object or load module.

Expert system

The most prevalent type of computer system that arises from the research of artificial intelligence.

Exposure

The potential loss to an area due to the occurrence of an adverse event.

Extended Binary-coded for Decimal Interchange Code (EBCDIC)

An 8-bit code representing 256 characters; used in most large computer systems

Extended enterprise

Describes an enterprise that extends outside its traditional boundaries. Such enterprise concentrate on the processes they do best and rely on someone outside the entity to perform the remaining processes.

eXtensible Access Control Markup Language (XACML)

A declarative online software application user access control policy language implemented in Extensible Markup Language (XML).

eXtensible Markup Language (XML)

Promulgated through the World Wide Web Consortium, XML is a web-based application development technique that allows designers to create their own customized tags, thus, enabling the definition, transmission, validation and interpretation of data between applications and enterprises.

External router

The router at the extreme edge of the network under control, usually connected to an Internet service provider (ISP) or other service provider; also known as border router.

External storage

The location that contains the backup copies to be used in case recovery or restoration is required in the event of a disaster.

Extranet

A private network that resides on the Internet and allows a company to securely share business information with customers, suppliers or other businesses as well as to execute electronic transactions.

Eavesdropping

Listening a private communication without permission

Egress

Network communications going out

Elliptical curve cryptography (ECC)

An algorithm that combines plane geometry with algebra to achieve stronger authentication with smaller keys compared to traditional methods, such as RSA, which primarily use algebraic factoring.

Encapsulation security payload (ESP)

Protocol, which is designed to provide a mix of security services in IPv4 and IPv6. ESP can be used to provide confidentiality, data origin authentication, connectionless integrity, an anti-replay service (a form of partial sequence integrity), and (limited) traffic flow confidentiality. (RFC 4303).

Encryption algorithm

A mathematically based function orcalculation that encrypts/decrypts data