Index[SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X] sags (voltage) salvage teams sampling attribute sampling 2nd variance sampling 2nd 3rd SANs (storage area networks) 2nd SANS Institute SAS (Statement on Auditing Standards) SAS 70 2nd SAS 94 2nd scanning scheduling projects SCM (supply chain management) scorecards, balanced 2nd 3rd SDLC (Software Development Life Cycle) 2nd 3rd Classic Life Cycle Model design 2nd 3rd development 2nd 3rd feasibility 2nd implementation 2nd 3rd Linear Sequential Model programming languages prototyping 2nd RAD (rapid application development) 2nd requirements definition 2nd 3rd Software Capability Maturity Model (CMM) 2nd Waterfall Method 2nd SDLC (system development life cycle) 2nd 3rd secret keys Secure Sockets Layer (SSL) security 2nd 3rd callback systems controls design, implementation, and monitoring 2nd 3rd defense-in-depth strategy denial-of-service attacks (DoS) 2nd design and implementation 2nd 3rd access standards auditing logical access 2nd data ownership formal security awareness and training 2nd logical access policies reviewing policies and procedures security administrators digital signatures 2nd 3rd distributed denial-of-service attacks (DDoS) encryption AES (Advanced Encryption Standard) algorithms asymmetric encryption 2nd 3rd Certificate Authorities (CAs) 2nd cryptography DES (Data Encryption Standard) digital certificates 2nd nonrepudiation private keys public key infrastructure (PKI) 2nd 3rd public keys 2nd 3rd symmetric encryption 2nd symmetric keys 2nd environmental security 2nd 3rd 4th 5th electromagnetic interference (EMI) 2nd fire-detection systems 2nd fire-suppression systems 2nd 3rd power failures 2nd exam prep questions 2nd 3rd 4th 5th firewalls 2nd 3rd 4th 5th 6th 7th intrusion methods 2nd active attacks 2nd passive attacks 2nd viruses 2nd worms intrusion-detection systems (IDS) 2nd logical access controls 2nd 3rd access access paths access-control matrices ACLs (access-control lists) 2nd authentication 2nd 3rd 4th authorization centralized/decentralized discretionary access identification 2nd 3rd 4th lattice-based access MACs (mandatory access controls) 2nd nondiscretionary access 2nd objects restricted interfaces role-based access rule-based access subjects task-based access monitoring, detection, and escalation processes 2nd network controls 2nd networks encryption 2nd 3rd 4th 5th 6th 7th physical controls 2nd 3rd 4th 5th biometric systems 2nd policies resources 2nd security risk single sign-on (SSO) systems social engineering SSL (Secure Sockets Layer) strategies and policies 2nd 3rd 4th 5th 6th 7th CIA triad data integrity risks 2nd logical controls 2nd 3rd physical controls 2nd testing testing and assessment tools 2nd 3rd 4th 5th 6th voice communications security 2nd security administration segregation of duties security administrators security committees security management responsibilities security department 2nd security policies security risk security specialists/advisors security management responsibilities security teams segment PDU (protocol data unit) 2nd segregation of duties 2nd segregation of IT duties 2nd 3rd segretation of duties IS roles and responsibilities 2nd 3rd self-assessment Certified Information Systems Auditor candidate 2nd 3rd educational background 2nd exam readiness 2nd hands-on experience 2nd sensitive functions sequence checks service-level agreements service-level agreements (SLAs) 2nd Session layer (OSI) 2nd 3rd shared secret keys signatures, digital 2nd 3rd Simple Mail Transfer Protocol (SMTP) simplex single sign-on (SSO) systems SLAs (service-level agreements) 2nd SMEs (subject matter experts) smoke detectors SMTP (Simple Mail Transfer Protocol) social engineering software 2nd change control 2nd configuration management 2nd DBMS (database management systems) 2nd 3rd firmware middleware 2nd operating systems 2nd risks and controls 2nd Software Capability Maturity Model (CMM) 2nd 3rd 4th Software Development Life Cycle (SDLC) 2nd 3rd Classic Life Cycle Model design 2nd 3rd development 2nd 3rd feasibility 2nd implementation 2nd 3rd Linear Sequential Model programming languages prototyping 2nd RAD (rapid application development) 2nd requirements definition 2nd 3rd Software Capability Maturity Model (CMM) 2nd Waterfall Method 2nd software teams software. [See application systems] spamming spikes (voltage) SSL (Secure Sockets Layer) SSO (single sign-on) systems standards ISACA IS Auditing Standards 2nd 3rd codification 2nd table of 2nd 3rd star topology 2nd stateful packet-inspection firewalls 2nd Statement on Auditing Standards. [See SAS] steering committees 2nd steering committees (IT) 2nd storage evaluating 2nd SANs (storage area networks) 2nd tape storage 2nd 3rd storage area networks (SANs) 2nd strategic planning 2nd 3rd 4th strategies 2nd BCP (business continuity management) 2nd 3rd contract management 2nd confidentiality agreements contract audit objectives 2nd discovery agreements employee contracts noncompete agreements trade secret agreements DRP (disaster recovery planning) 2nd 3rd IS steering committees 2nd problem- and change management 2nd 3rd project management 2nd 3rd 4th project life cycle 2nd risk indicators 2nd system upgrade risks 2nd quality management 2nd 3rd 4th 5th accreditation certification ISO 9001 2nd ISO 9126 2nd QA (quality assurance) QC (quality control) Software Capability Maturity Model (CMM) 2nd risk-mitigation strategies third-party services 2nd 3rd security management 2nd 3rd 4th 5th 6th 7th CIA triad data integrity risks 2nd logical controls 2nd 3rd physical controls 2nd strategic planning 2nd strategies. [See also policies, procedures] strong authentication structure (IS) evaluating 2nd 3rd 4th 5th outsourcing evaluating 2nd 3rd 4th 5th risk-mitigation strategies 2nd 3rd SLAs (service-level agreements) when to use segregation of duties 2nd 3rd subject matter experts (SMEs) subjects 2nd substantive testing supercomputers supplies teams supply chain management (SCM) surges (voltage) switches 2nd symmetric encryption 2nd symmetric keys 2nd system development life cycle (SDLC) 2nd 3rd system performance and monitoring processes 2nd system testing system upgrades risks 2nd systems administrators systems development segregation of duties systems software 2nd change control 2nd configuration management 2nd DBMS (database management systems) 2nd 3rd firmware middleware 2nd operating systems 2nd risks and controls 2nd |