|
|
 |
| Àâòîðèçàöèÿ |
|
|
|
| Ïîèñê ïî óêàçàòåëÿì |
|
|
|
|
|
|
|
 |
|
|
|
| Gregg M. — CISA Exam Cram |
|
|
|
| Ïðåäìåòíûé óêàçàòåëü |
802.11 standards 269
Abnormal events, tracking 202—203
access creep 301
Accuracy of biometric systems 388
Acid (atomicity, consistency, isolation, durability) test 464
ACID test (atomicity, consistency, isolation, and durability) 171 229 464
Active attacks 314—319 467
Active RFID tags 218
Administrative audits 41
AES (Advanced Encryption Standard) 344
Aggregation 226
Agile Software Development 143—144
Al-Kindi, Abu 340
ALE (Annual Loss Expectancy) 452
ALE (annual loss expectancy), calculating 85 416
Algorithms 341
Alternative applicationdevelopment techniques 142—145
ANSI X12 180
Answers (practice exam) 509—525
application layer, OSI reference model 246
Application layer, TCP/IP model 253—254
Application proxies 263
Application testing 172—173
Applications, auditing 168
Applications, auditing, continuous online auditing 173—175
Applications, auditing, data integrity controls 170—171
Applications, auditing, via observation and testing 169—170
Applications, disposing of 140—141
applications, testing 172—173
Application—development techniques 142—145
AR (abandon rate) 199
Arithmetic logic unit 210
ARO (annual rate of occurrence) estimating 416
ARP (Address Resolution Protocol) 251
artificial intelligence 185
ASCII (American Standard Code for Information Exchange) 225
assemblers 222 463
Asset identification 81—83
Assets, information assets, classifying 296—297
Assets, information assets, evaluating 296
Asymmetric encryption 341 344
Asymmetric encryption, ECC 345
Asymmetric encryption, RSA encryption 345
Asynchronous attacks 316
ATBASH 340
ATM (Asynchronous Transfer Mode) 267
Attack-detection tools 311
Attacks, active 314—319
Attacks, against Bluetooth 327
Attacks, cryptographic 351—352
Attacks, passive 313—314
Attenuation 256
Attribute sampling 47 450
Attributes 226
Attributes of CSAs 51
Audit monitors 181
Audit opinion, required elements 49
Audit planning process 26—27
Audit programs 41
Audit reduction tools 200 312
Auditing 39
Auditing, applications 168
Auditing, applications, continuous online auditing 173—175
Auditing, applications, data integrity controls 170—171
Auditing, applications, testing methods 172—173
Auditing, applications, via observation and testing 169—170
Auditing, business application systems, business intelligence 182—186
Auditing, business application systems, e-commerce 179—180
Auditing, business application systems, EDI 180—181
Auditing, business application systems, email 181—182
Auditing, classifying types of audits 40—41
Auditing, compliance testing 46
Auditing, continuous auditing 52
Auditing, continuous online auditing 174
Auditing, CSAs 50—51
Auditing, evidence 47
Auditing, evidence, reliability of 48
Auditing, fraud, detecting 49
Auditing, general control procedures 37
Auditing, independence as requirement 40
Auditing, information security 335
Auditing, information security, data ownership 335—336
Auditing, information security, security baselines 336
Auditing, information system control procedures 37
Auditing, infrastructure security 337
Auditing, infrastructure security, change management 339—340
Auditing, infrastructure security, network assessments 339
Auditing, infrastructure security, penetration testing 337—339
Auditing, integrated auditing 51—52
Auditing, internal controls, CobiT 38—39
Auditing, ISACA code of ethics 31—32
Auditing, methodology 42—43
Auditing, methodology, documentation 43—45
Auditing, objectives, defining 45
Auditing, project management 177—178
Auditing, risk analysis 32
Auditing, risk analysis, categories of risk 32—33
Auditing, risk management 33
Auditing, risk management, monitoring phase 35
Auditing, risk management, risk management team, establishing 33—34
Auditing, risk management, risk mitigation 34
Auditing, risk-based 35—36
Auditing, sampling 46—47
Auditing, substantive testing 46
Auditing, systems development 176—177
AUPs (Acceptable Use Policies) 311
Authentication by characteristic 306—307
Authentication by knowledge 304—305
Authentication by ownership 305
Authentication, biometric systems 387—389 466
Authentication, digital signatures 346—347
authentication, Kerberos 309
Authentication, single sign-on 307—309
Automated WPs, documenting audit findings 43—45
Availability, reports 219
Availability, role in IS 295—296
Awareness and training, role in overcoming privacy issues 298
B-to-B (Business to Business) e-commerce model 179
B-to-C (Business to Consumer) e-commerce model 179
B-to-E (Business to Employee) e-commerce model 179
B-to-G (Business to Government) e-commerce model 179
Background checks 92
Backup and restoration methods 431—432
Backup and restoration methods, media rotation 433
Backup and restoration methods, SANs 434
Backup power supplies 382
Balance data 165
Balanced matrix organizational form 119
Balanced score card 71
Balanced score card, performance, measuring 72
Base case system evaluation 173
Baseband transmission 256
Basel Accord Standard II 25
bastion hosts 265
Batch control 160
Batch controls 162
BCP (business continuity plan) 409 471
BCP (business continuity plan), BIA 411—412
BCP (business continuity plan), BIA, criticality analysis 416—417
BCP (business continuity plan), BIA, information gathering 413
BCP (business continuity plan), BIA, loss, methods of calculating 412—413
BCP (business continuity plan), implementation and testing phase 421—423
BCP (business continuity plan), implementation and testing phase, full operation tests 424
BCP (business continuity plan), implementation and testing phase, paper tests 423
BCP (business continuity plan), implementation and testing phase, preparedness tests 424
BCP (business continuity plan), monitoring and maintenance 425
BCP (business continuity plan), plan design and development 419—420
BCP (business continuity plan), project management and initiation 410
BCP (business continuity plan), recovery strategy 417—419
BCP (business continuity plan), tests 473
| BCP (business continuity plan), training and awareness 420—421
BCP (business continuity plan), verifying 436—437
Beaman, Bob 225
Berners-Lee, Tim 272
Best practices for IT governance, goals of 67—68
BIA (business impact analysis) 472
BIA (business impact analysis), criticality analysis 416—417
BIA (business impact analysis), information gathering 413
BIA (business impact analysis), loss, methods of calculating 412—413
BIA (business impact analysis), role in BCP process 411—412
Biometric systems 306—307 387—389 466
Black Hats 331
Black-box tests 456
Block cipher algorithm 343
Blu-ray discs 213
Bluetooth 243 327
Bollards as physical security control 373
Bottom-up policy development 75 451
bottom-up testing 137
BRI (Basic Rate Interface) 268
bridges 259 261
Broadband transmission 256
broadcast domains 259
Broadcast transmission 251
brute-force attacks 318
Bump keys 379
Bus topology 255
Business application development 130—131
Business application development, systems-development methodology 131—132
Business application systems, business intelligence 182
Business application systems, business intelligence, artificial intelligence 185
Business application systems, business intelligence, CRM 185
Business application systems, business intelligence, data architecture components 183
Business application systems, business intelligence, DSS 184—185
Business application systems, business intelligence, SCM 186
Business application systems, e-commerce, auditing 179—180
Business application systems, EDI 180—181
Business application systems, email 181—182
Business intelligence 182
Business intelligence, artificial intelligence 185
Business intelligence, CRM 185
Business intelligence, data architecture components 183
Business intelligence, DSS 184—185
Business intelligence, SCM 186
Business process controls 159
Business process controls, input controls 160—162
Business process controls, output controls 166—167
Business process controls, processing controls 162—164
Business process controls, processing controls, data file controls 165—166
Business Software Alliance 230
Bypass label processing 311
CAATs (computer-assisted auditing techniques) 43
Cabling, attenuation 256
cabling, coaxial 256
cabling, fiber-optic 257
Cabling, plenum-grade 256
Cabling, twisted pair 256
Cabling, wireless communication 257
Caesar's cipher 340
Calculating, ALE 85 416 452
Calculating, project task time estimates 127
Calculating, SLE 86 416
Capacity management 220—221 463
Categories of twisted-pair cabling 256
CBD (component-based development) 145
CDs (compact discs) 213
Cerf, Vinton 272
CERTs (Computer Emergency Response Teams), responding to incidents 332—334
CGI (Common Gateway Interface) 273
Chain of custody 41
Change-management 95 206—207 339—340
Change-management, post-deployment 209
Change-management, program library systems 207—208
Change-management, release management 208—209
Changeover, methods of 456
Chargeback method of security system funding 74
Chief privacy officer, role in information security 295
Chief security officer, role in information security 295
Cipher text-only attacks 351
Circuit-level firewalls 321
Circuit-level proxies 264
Circuit-switched WANs 268
Citizen programmers 138
Class A networks 251
Class B networks 251
Class C networks 251
Classifying, information assets 296—297
Classifying, types of audits 40—41
Client systems 215
client/server networks 216
Client/server networks, security 324—325
closing projects 128—129
CMM (Capability Maturity Model) 98 453
Coaxial cable 256
CobiT (Control Objectives for Information and Related Technology) 38—39 98 454
COBOL (Common Business-Oriented Language) 222
COCOMO (Constructive Cost Model) 122
Cohen, Fred 316
Cold sites 427
collision domains 259
Collisions 259
Commercial data-classification system 297
Commercial information classification system 393
Common Criteria 76
Communication-driven DSS 184
Comparative analysis 317
Comparing OSI reference model and TCP/IP model 249
Compilers 222 463
Compliance testing 28 46
Compliance, ensuring 46—47
Compliance, regulatory standards, verifying with external regulations 25—26
computer forensics 334—335
Computer viruses 316
Computers 214
Computers, types of 462
Confidential information, handling 312—313
Confidentiality, role in IS 295—296
Confidentiality-based data classification systems 297
Content switches 260
Continuous assurance 52
Continuous audit techniques 52 460
Continuous backups 432
Continuous online auditing 173—175
Control procedures, information system control 449—450
Control procedures, processing control 458
Control unit (CPU) 210
Control zones 314
Controls for physical security 371
Controls for physical security, exterior controls 372—374
Controls for physical security, interior controls 375—378
Controls for physical security, personnel controls 379—381
Controls, compliance testing 46
Cookies 273
Core competency 94
Corrective control 76
COSO (Committee for Sponsoring Organizations of the Treadway Commission) 25 99
Cost of software, estimating 122—123
CPM (critical path methodology) 127 455
CPTED (crime prevention through environmental design) 373
CPUs 210 461
CPUs, Kilby, Jack 212
CPUs, types of 461
crackers 331
Crashing 127
Critical systems 472
Criticality analysis, quantitative method 416—417
CRM (Customer Relationship Management) 185 227
Cross-cut shredders 369
CRs (change requests) 96
Cryptographic attacks 351—352
|
|
|
| Ðåêëàìà |
|
|
|
|
|
Î ïðîåêòå