Index[SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] access access paths access-control matrices ACLs (access-control lists) 2nd authentication 2nd 3rd 4th alert thresholds passwords 2nd two-factor (strong) authentication authorization centralized/decentralized discretionary access identification 2nd 3rd 4th lattice-based access MACs (mandatory access controls) 2nd nondiscretionary access 2nd restricted interfaces role-based access rule-based access standards task-based access access control lists (ACLs) access-control lists (ACLs) 2nd access-control matrices accounting policies accreditation ACLs (access control lists) ACLs (access-control lists) 2nd acquisition (application systems) acquisition processes 2nd change control and emergency change-management 2nd implementation practices 2nd active attacks 2nd Address Resolution Protocol (ARP) administrative controls administrative support teams adminstrative audits Advanced Encryption Standard (AES) advisory policies AES (Advanced Encryption Standard) agreements (contract) confidentiality agreements discovery agreements noncompete agreements service-level agreements trade secret agreements alert thresholds algorithms aligning controls with business objectives applications 2nd data management IT department heads IT steering committees 2nd operations organizational structure 2nd 3rd quality assurance security department 2nd strategic planning 2nd technical support answer key 1 2nd 3rd 4th 5th 6th answer key 2 2nd 3rd 4th 5th 6th 7th 8th 9th 10th 11th application architecture 2nd 3rd 4th application controls 2nd 3rd automated controls 2nd data integrity controls 2nd data validation edits and controls 2nd 3rd 4th EDI (electronic data interchange) 2nd 3rd input/output controls batch controls input authorization 2nd manual controls output controls 2nd processing controls 2nd Application layer (OSI) 2nd 3rd application maintenance 2nd CCB (change-control board) change-management process post-implementation review techniques 2nd QC (quality control) application systems 2nd 3rd acquisition and implementation acquisition processes 2nd change control and emergency change-management 2nd implementation practices 2nd application architecture 2nd 3rd 4th application maintenance 2nd CCB (change-control board) change-management process post-implementation review techniques 2nd QC (quality control) exam prep questions 2nd 3rd 4th SDLC (Software Development Life Cycle) 2nd 3rd Classic Life Cycle Model design 2nd 3rd development 2nd 3rd feasibility 2nd implementation 2nd 3rd Linear Sequential Model programming languages prototyping 2nd RAD (rapid application development) 2nd requirements definition 2nd 3rd Software Capability Maturity Model (CMM) 2nd Waterfall Method 2nd software quality assurance methods 2nd testing principals, methods, and practices 2nd 3rd application systems. [See also project management] applications 2nd system upgrade risks applications interfaces applications teams aquisition control objectives (hardware) 2nd 3rd 4th 5th architecture applications 2nd 3rd 4th ARP (Address Resolution Protocol) assessment tools (security) 2nd 3rd 4th 5th 6th asymmetric encryption 2nd 3rd atomicity 2nd attacks active attacks 2nd denial-of-service attacks (DoS) 2nd distributed denial-of-service attacks (DDoS) passive attacks 2nd viruses 2nd worms attacks (security) dictionary attacks attestation 2nd attribute sampling 2nd attributes audit conclusions 2nd evidence obtaining 2nd 3rd preserving 2nd 3rd information-gathering techniques 2nd 3rd 4th organization's use of system platforms, IT infrastruction, and applications 2nd audit process 2nd adminstrative audits aligning controls with business objectives applications 2nd data management IT department heads IT steering committees 2nd operations organizational structure 2nd 3rd quality assurance security department 2nd strategic planning 2nd technical support audit conclusions 2nd evidence 2nd 3rd 4th 5th 6th information-gathering techniques 2nd 3rd 4th organization's use of system platforms, IT infrastruction, and applications 2nd audit phases 2nd communicating audit results 2nd 3rd 4th communication techniques 2nd compliance audits controls administrative controls internal accounting controls objectives and activities 2nd 3rd 4th operational controls table of 2nd CSA (control self-assessment) 2nd financial audits information systems audits 2nd 3rd attestation 2nd attribute sampling 2nd compliance testing 2nd findings and recommendations 2nd SAS 70 2nd SAS 94 2nd substantive testing variance sampling 2nd 3rd integrated audits ISACA CobiT framework 2nd 3rd ISACA Code of Professional Ethics 2nd 3rd 4th ISACA IS Auditing Guidelines and Procedures 2nd ISACA IS Auditing Standards 2nd 3rd codification 2nd table of 2nd 3rd operation audits personnel-management techniques 2nd 3rd planning and management techniques 2nd 3rd 4th 5th 6th practice questions 2nd 3rd reports 2nd 3rd review 2nd risk management and control practices 2nd IS, business, and audit risk 2nd 3rd risk-analysis methods 2nd 3rd risk-based audit strategy and objectives 2nd 3rd segregation of duties 2nd audit risk auditors security management responsibilities authentication 2nd 3rd 4th alert thresholds passwords 2nd cognitive passwords dictionary attacks one-time passwords SSO (single sign-on) systems two-factor (strong) authentication authorization input authorization 2nd automated controls 2nd |