DISA Glossary

1 A proof of A proof of concept (POC) is a demonstration, the purpose of which is to verify that
concept (POC) certain concepts or theories have the potential for real-world application. POC is
therefore a prototype that is designed to determine feasibility, but does not represent
deliverables.
2 Acceptable Use An acceptable use policy (AUP) is a document stipulating constraints and practices
Policy (AUP) that a user must agree to for access to a corporate network or the Internet
3 Acceptance Acceptance testing is a test conducted to determine if the requirements of a
Testing specification or contract are met. It may involve chemical tests, physical tests, or
performance tests.
4 Access Control In computer security, general access control includes authorization, authentication,
access approval, and audit.
5 Access Control An access control list (ACL), with respect to a computer file system, is a list of
List permissions attached to an object. An ACL specifies which users or system
processes are granted access to objects, as well as what operations are allowed on
given objects.
6 Access Control In computer science, an Access Control Matrix or Access Matrix is an abstract, formal
Matrix security model of protection state in computer systems, that characterizes the rights
of each subject with respect to every object in the system.
7 Access Point (AP) A wireless access point (AP) is network access point in a WLAN radio network,
consisting of a radio (often more than one) and a network connection, enabling WLAN
clients to access network resources connected to a home or enterprise network.
Conceptually, an AP is like an Ethernet hub, but instead of relaying LAN frames only
to other 802.3 stations, an AP relays 802.11 frames to all other 802.11 or 802.3
stations in the same subnet.
8 Active Wiretap Active wiretapping is an attack that attempts to alter data being communicated or
otherwise affect data flow.
9 Adaptive software Adaptive software development (ASD) is a software development process that grew
development out of rapid application development work by Jim Highsmith and Sam Bayer. It
(ASD) embodies the principle that continuous adaptation of the process to the work at hand
is the normal state of affairs.
10 Address The Address Resolution Protocol (ARP) is a telecommunication protocol used for
Resolution resolution of network layer addresses into link layer addresses, a critical function in
Protocol (ARP) multiple-access networks.

11 Advanced An advanced persistent threat (APT) is a set of stealthy and continuous computer
Persistent hacking processes, often orchestrated by human(s) targeting a specific entity. APT
Threats(APT) usually targets organizations and/or nations for business or political motives.

12 Adware Ad supported software, often called Adware or Advertising Supported Software, is

used when referencing any type of program that downloads or displays unwanted
banner advertisements in the software being used.

13 Agile Agile development is an alternative to traditional project management where

development emphasis is placed on empowering people to collaborate and make team decisions in
addition to continuous planning, continuous testing and continuous integration.

14 Alpha testing Alpha testing is simulated or actual operational testing by potential users/customers
or an independent test team at the developers' site. Alpha testing is often employed
for off-the-shelf software as a form of internal acceptance testing, before the software
goes to beta testing.
15 Alternate Site Site which may be used for temporary relocation of office or IT facilities during an
emergency.
16 Anti-Virus Antivirus or anti-virus software (often abbreviated as AV), sometimes known as anti-
malware software, is computer software used to prevent, detect and remove
malicious software.

17 Application Application controls are controls over the input, processing, and output functions.
controls From the 30,000 foot view they include things like: Ensure the input data is complete,
accurate and valid. Ensure the internal processing produces the expected results.

18 Application API, an abbreviation of application program interface, is a set of routines, protocols,

program and tools for building software applications. The API specifies how software
interface(API) components should interact and APIs are used when programming graphical user
interface (GUI) components.

19 Application Application Software is a set of computer programs designed to permit the user to
Software perform a group of coordinated functions, tasks, or activities. Application software
cannot run on itself but is dependent on system software to execute.

20 Application Application system programmer is a programmer who aims to produce software which
System provides services to the user (e.g. word processor).
Programmers
(ASP)
21 Arithmetic ALU is a digital electronic circuit that performs arithmetic and bitwise logical
Logical Unit(ALU) operations on integer binary numbers.
22 Artificial Artificial intelligence is the branch of computer science concerned with making
intelligence(AI) computers behave like humans. The term was coined in 1956 by John McCarthy at
the Massachusetts Institute of Technology.

23 Assembler Assembler is a computer program which translates assembly language to an object

file or machine language format
24 Asset Risk Asset Risk is the risk associated with the asset, when any of the three get
compromised: - Integrity, Confidentiality and Availability

25 Asset-Liability Asset-Liability Committee – ALCO is risk-management committee in a bank or other

Committee - lending institution that generally comprises the senior-management levels of the
ALCO' institution. The ALCO's primary goal is to evaluate, monitor and approve practices
relating to risk due to imbalances in the capital structure.

26 Assurance Part of corporate governance in which , a management provides accurate and current
information to the stakeholders about the efficiency and effectiveness of its policies
and operations, and the status of its compliance with the statutory obligations.

27 Asymmetric Public-key cryptography, also known as asymmetric cryptography, is a class of

cryptography cryptographic protocols based on algorithms that require two separate keys, one of
which is secret (or private) and one of which is public. Although different, the two
parts of this key pair are mathematically linked.
28 Asynchronous ATM (asynchronous transfer mode) is a dedicated-connection switching technology
Transfer Mode that organizes digital data into 53-byte cell units and transmits them over a physical
(ATM) medium using digital signal technology.

29 Attenuation Attenuation is a general term that refers to any reduction in the strength of a signal.
Attenuation occurs with any type of signal, whether digital or analog. Sometimes
called loss, attenuation is a natural consequence of signal transmission over long
distances.

30 Authentication Authentication is a process in which the credentials provided are compared to those
on file in a database of authorized users' information on a local operating system or
within an authentication server. If the credentials match, the process is completed and
the user is granted authorization for access.

31 Authorization Authorization is the function of specifying access rights to resources related to

information security and computer security in general and to access control in
particular. More formally, "to authorize" is to define an access policy.

32 Automated Teller An automated teller machine (ATM) is a public banking machine that is usually
Machine (ATM) hooked up to a central computer through leased local lines and a multiplexed data
network.
33 Availability Availability is a term used by some computer storage manufacturers and storage
service providers (SSPs) to describe products and services that ensure that data
continues to be available at a required level of performance in situations ranging from
normal through disastrous.

34 Back End Back End is the Database behind an application.

35 Balance Score The balanced scorecard is a strategic planning and management system that is used
Card (BSC) extensively in business and industry, government, and non-profit organizations
worldwide to align business activities to the vision and strategy of the organization,
improve internal and external communications, and monitor organization performance
against strategic goals.

36 BaNCS TCS BaNCS is a core banking software suite developed by Tata Consultancy
Services for use by retail banks. It includes functions for universal banking, core
banking, payments, compliance, Wealth Management, Forex and Money Markets,
financial inclusion, Islamic banking and treasury operations.

37 Base-lining Base-lining is a method for analyzing computer network performance. The method is
marked by comparing current performance to a historical metric, or "baseline".

38 Bastion host A Bastion host is a special purpose computer on a network specifically designed and
configured to withstand attacks. The computer generally hosts a single application, for
example a proxy server, and all other services are removed or limited to reduce the
threat to the computer.

39 Battle Box The Battle Box is the popular name of the underground command centre constructed
under Fort Canning, Singapore, as an emergency, bomb-proof command centre
during the Malayan campaign and the Battle of Singapore. The Battle Box is now a
museum and tourist attraction.
40 Benefits Benefits realisation is the process for the identification, definition, tracking, realisation
realisation and optimisation of benefits ensuring that potential benefits arising from a programme
of change are actually realised.

41 Beta testing Beta testing is the last stage of testing, and normally can involve sending the product
to beta test sites outside the company for real-world exposure or offering the product
for a free trial download over the Internet.

42 Big data Big data is a broad term for data sets so large or complex that traditional data
processing applications are inadequate. Challenges include analysis, capture, data
curation, search, sharing, storage, transfer, visualization, and information privacy.

43 Biometric Access Biometric access control is the science and technology of the business as it relates to
Control Devices analyzing biological data as a means to control access. Devices which help in these
controls are called Biometric Access control devices.

44 Biometric Mouse A Biometric Mouse includes a fingerprint reader on the thumb side of the device. It
takes less than a second for the EyeD Mouse to verify a fingerprint.

45 Biometrics Biometrics refers to metrics related to human characteristics. Biometrics

authentication (or realistic authentication) is used in computer science as a form of
identification and access control. It is also used to identify individuals in groups that
are under surveillance.

46 Black-box testing Black-box testing is a method of software testing that examines the functionality of an
application without peering into its internal structures or workings. This method of test
can be applied to virtually every level of software testing: unit, integration, system and
acceptance.

47 Botnet A botnet (also known as a zombie army) is a number of Internet computers that,
although their owners are unaware of it, have been set up to forward transmissions
(including spam or viruses) to other computers on the Internet.

48 Bridge A network bridge is a network device that connects multiple network segments. In the
OSI model, bridging is performed in the first two layers, below the network layer.

49 Bring your own Bring your own device (BYOD)—also called bring your own technology (BYOT), bring
device (BYOD your own phone (BYOP), and bring your own PC (BYOPC)—refers to the policy of
permitting employees to bring personally owned mobile devices (laptops, tablets, and
smart phones) to their workplace, and to use those devices to access privileged
company information and applications.

50 Brute force Brute force is a trial and error method used by application programs to decode
encrypted data such as passwords or Data Encryption Standard (DES) keys, through
exhaustive effort (using brute force) rather than employing intellectual strategies.

51 Buffer Overflow In computer security and programming, a buffer overflow, or buffer overrun, is an
anomaly where a program, while writing data to a buffer, overruns the buffer's
boundary and overwrites adjacent memory locations. This is a special case of the
violation of memory safety.
52 BUS BUS is a communication system that transfers data between components inside a
computer, or between computers. This expression covers all related hardware
components (wire, optical fibre, etc.) and software, including communication
protocols.

53 Business Business software or business application is any software or set of computer

application programs that are used by business users to perform various business functions.
software These business applications are used to increase productivity, to measure
productivity and to perform business functions accurately.

54 Business Business application refers to any application that is important to running your
Application business. Business applications can range from large line-of-business systems to
System specialized tools. Consider all the applications that run on either client computers or
servers, including commercial off-the-shelf products, customized third-party systems,
and internally developed systems.

55 Business Case A business case is an argument, usually documented, that is intended to convince a
decision maker to approve some kind of action. The document itself is sometimes
referred to as a business case.

56 Business A member of the Business Continuity Management team who is assigned the overall
Continuity responsibility for co-coordination of the recovery planning programme including team
Coordinator member training, testing and maintenance of recovery plans

57 Business The Business Continuity Maturity Model (BCMM) is a free open access tool created to
Continuity assist businesses in building and maintaining a sustainable BC program.
Maturity Model
58 Business A committee of decision makers(including one or more members of executive
Continuity management appointed to this committee), business owners, technology experts and
Steering business continuity professionals, tasked with making strategic recovery and
Committee continuity planning decisions for the organization.

59 Business Drivers A business driver is a resource, process or condition that is vital for the continued
success and growth of a business. A company must identify its business drivers and
attempt to maximize any that are under their control.

60 Business model In theory and practice, the term business model is used for a broad range of informal
and formal descriptions to represent core aspects of a business, including purpose,
business process, target customers, offerings, strategies, infrastructure,
organizational structures, sourcing, trading practices, and operational processes and
policies.

61 Business process A business process is a collection of linked tasks which find their end in the delivery of
a service or product to a client. A business process has also been defined as a set of
activities and tasks that, once completed, will accomplish an organizational goal.

62 CAAT CAAT refers to computer-assisted audit technique. This implies that an auditor's use
of a computer-assisted audit technique is something special- normally the techniques
used by an auditor are not computer assisted.
63 Cache memory Cache memory is a type of memory used to hold frequently used data. Cache
memory is relatively small, but very fast. Most web browsers use a cache to load
regularly viewed webpages fast. The most important type of cache memory is the
CPU cache. The CPU cache stores the most frequently used pieces of information so
they can be retrieved more quickly.

64 Call Tree A call tree, sometimes referred to a phone tree, call list, phone chain or text chain, is a
telecommunications chain for notifying specific individuals of an event.

65 Capability Capability Maturity Model Integration (CMMI) is a process improvement training and
Maturity Model appraisal program and service administered and marketed by Carnegie Mellon
Integration University and required by many DoD and U.S. Government contracts, especially in
(CMMI) software development.

66 Capacity Planning In information technology, capacity planning is the science and art of estimating the
space, computer hardware, software and connection infrastructure resources that will
be needed over some future period of time.

67 Cash Reserve Cash Reserve Ratio (CRR) is a specified minimum fraction of the total deposits of
Ratio (CRR) customers, which commercial banks have to hold as reserves either in cash or as
deposits with the central bank. CRR is set according to the guidelines of the central
bank of a country.

68 Certification & Certification and Accreditation (C&A or CnA) is a process for implementing any formal
Accreditation process. It is a systematic procedure for evaluating, describing, testing and
authorizing systems or activities prior to or after a system is in operation.

69 Certifying A certificate authority (CA) is an authority in a network that issues and manages
Authority security credentials and public keys for message encryption. As part of a public key
infrastructure (PKI), a CA checks with a registration authority (RA) to verify
information provided by the requestor of a digital certificate.

70 CERT-In CERT-In (the Indian Computer Emergency Response Team) is a government-

mandated information technology (IT) security organization. The purpose of CERT-In
is to respond to computer security incidents, report on vulnerabilities and promote
effective IT security practices throughout the country.

71 Change Change management is an approach to transition individuals, teams, and

Management organizations to a desired future state. In a project management context, change
management may refer to a project management process wherein changes to the
scope of a project are formally introduced and approved.

72 Chartered The Chartered Institute of Management Accountants (CIMA) is a United Kingdom-

Institute of based professional body offering training and qualification in management
Management accountancy and related subjects, focused on accounting for business; together with
Accountants ongoing support for members.
(CIMA)
73 Chief Information Chief Information Officer (CIO) or Information Technology (IT) Director, is a job title
Officer (CIO commonly given to the most senior executive in an enterprise responsible for the
information technology and computer systems that support enterprise goals.
Generally, the CIO reports to the chief executive officer, chief operating officer or chief
financial officer.
74 Children's Online The Children's Online Privacy Protection Act of 1998 (COPPA) is a United States
Privacy federal law, enacted October 21, 1998).The act, details what a website operator must
Protection Act of include in a privacy policy, when and how to seek verifiable consent from a parent or
1998 (COPPA guardian, and what responsibilities an operator has to protect children's privacy and
safety online including restrictions on the marketing to those under 13

75 Cipher Text In cryptography, cipher text (or cipher text) is the result of encryption performed on
plaintext using an algorithm, called a cipher

76 Citrix Farm A Farm is a group of Citrix servers which provides published applications to all users
that can be managed as a unit, enabling the administrator to configure features and
settings for the entire farm rather than configuring each server individually. All the
servers in the farm share a single data store.

77 Class A class is the blueprint from which individual objects are created. The syntax of the
Java programming language will look new to you, but the design of this class is based
on the previous discussion of bicycle objects.

78 Clause 49 Clause 49 of the Listing Agreement to the Indian stock exchange comes into effect
from 31 December 2005. It has been formulated for the improvement of corporate
governance in all listed companies It would be necessary for chief executives and
chief financial officers to establish and maintain internal controls and implement
remediation and risk mitigation towards deficiencies in internal controls, among others
.Clause VI (ii) of Clause 49 requires all companies to submit a quarterly compliance
report to stock exchange in the prescribed form. The clause also requires that there
be a separate section on corporate governance in the annual report with a detailed
compliance report.

79 Cloud computing Cloud computing is a model for enabling ubiquitous network access to a shared pool
of configurable computing resources. Cloud computing and storage solutions provide
users and enterprises with various capabilities to store and process their data in third-
party data centers.

80 COBIT Control Objectives for Information and Related Technology (COBIT) is a framework
created by ISACA for information technology (IT) management and IT governance.
COBIT 5 is the latest edition of ISACA’s globally accepted framework, providing an
end-to-end business view of the governance of enterprise IT that reflects the central
role of information and technology in creating value for enterprises

81 Code Library The Code Library is a collection of articles, applications and resource files. The goal
of the Code Library is to provide you with sample applications and supplemental
information to help you create or customize your own Toolkit applications or other
customized content

82 Cognitive science Cognitive science is the scientific study of the human mind. The field is highly
interdisciplinary, combining ideas and methods from psychology, computer science,
linguistics, philosophy, and neuroscience.
83 Command Centre A command center or command centre(often called a war room) is any place that is
used to provide centralized command for some purpose. While frequently considered
to be a military facility, these can be used in many other cases by governments or
businesses.

84 Committee of The Committee of Sponsoring Organizations of the Treadway Commission (COSO) is

Sponsoring a joint initiative of five private sector organizations, established in the United States,
Organizations of dedicated to providing thought leadership to executive management and governance
the Treadway entities on critical aspects of organizational governance, business ethics, internal
Commission control, enterprise risk management, fraud, and financial reporting.
(COSO)

85 Common Object The Common Object Request Broker Architecture (CORBA) is a standard defined by
Request Broker the Object Management Group (OMG) designed to facilitate the communication of
Architecture systems that are deployed on diverse platforms. CORBA enables collaboration
(CORBA between systems on different operating systems, programming languages, and
computing hardware.

86 Compliance Compliance means conforming to a rule, such as a specification, policy, standard or

law. Compliance is a prevalent business concern, partly because of an ever-
increasing number of regulations that require companies to be vigilant about
maintaining a full understanding of their regulatory compliance requirements.

87 Compliance Compliance testing also know as Conformance testing is a non-functional testing

testing technique which is done to validate, weather the system developed meets the
organization’s prescribed standards or not.

88 Complier A compiler is a computer program (or set of programs) that transforms source code
written in a programming language (the source language) into another computer
language (the target language, often having a binary form known as object code)

89 Component Component Object Model (COM) is a binary-interface standard for software

Object Model components introduced by Microsoft in 1993. It is used to enable inter-process
(COM) communication and dynamic object creation in a large range of programming
languages.
90 Computer Abuse The unauthorized use of, or access to, a computer for purposes contrary to the
wishes of the owner of the computer or the data held thereon is called Computer
Abuse.
91 Computer A computer Information System is a system composed of people and computers that
Information processes or interprets information. The term is also sometimes used in more
System (CIS) restricted senses to refer to only the software used to run a computerized database or
to refer to only a computer system.

92 Computer A peripheral device is generally defined as any auxiliary device such as a computer
Peripherals mouse or keyboard that connects to and works with the computer in some way. Other
examples of peripherals are image scanners, tape drives, microphones,
loudspeakers, webcams, and digital cameras.

93 Computer A computer security incident is a violation or imminent threat of violation of computer

Security Incident security policies, acceptable user policies, or standard security practices
94 Computer-aided Computer-aided design (CAD) is the use of computer systems to assist in the
design (CAD) creation, modification, analysis, or optimization of a design.

95 Computer-aided Computer-aided software engineering (CASE) is the domain of software tools used to
software design and implement applications. CASE tools are similar to and were partly inspired
engineering by Computer Aided Design (CAD) tools used to design hardware products.
(CASE)

96 Conceptualisation The ability to invent or formulate an idea or concept. The conceptualization phase of a
project occurs in the initial design activity when the scope of the project is drafted and
a list of the desired design features and requirements is created.

97 Concurrency Concurrency control provides rules, methods, design methodologies, and theories to
control maintain the consistency of components operating concurrently while interacting, and
thus the consistency and correctness of the whole system.

98 Confidentiality Confidentiality is a set of rules or a promise that limits access or places restrictions on
certain types of information.
99 Configuration The way a system is set up. Configuration can refer to either hardware or software, or
the combination of both.
100 Configuration Configuration items (CI) are components of an infrastructure that currently is, or soon
items (CI) will be under configuration management. CIs may be a single module such as a
monitor or tape drive, or more complex items, such as a complete system.

101 Configuration Configuration management (CM) refers to a discipline for evaluating, coordinating,
management (CM) approving or disapproving, and implementing changes in artifacts that are used to
construct and maintain software systems. An artifact may be a piece of hardware or
software or documentation.

102 Continuity of Continuity of Operations (COOP) is the initiative that ensures that Federal
Operations Plan Government departments and agencies are able to continue operation of their
(COOP) essential functions under a broad range of circumstances including all-hazard
emergencies as well as natural, man-made, and technological threats and national
security emergencies. Today's threat environment makes COOP planning even more
critical.

103 Continuity Continuity Requirements Analysis(CRA) is the process to collect information on the
Requirements resources required to resume and continue the business activities at a level required
Analysis to support the organization’s objectives and obligations.

104 Continuous and CIS is a concurrent auditing technique, which can be used whenever application
intermittent systems use a database management system. CIS uses the database management
simulation (CIS) system to trap the expectations

105 Contract In common law legal systems, a contract (or informally known as an agreement in
some jurisdictions) is an agreement having a lawful object entered into voluntarily by
two or more parties, each of whom intends to create one or more legal obligations
between them.

106 Control CPU is the electronic circuitry within a computer that carries out the instructions of a
Processing Unit computer program by performing the basic arithmetic, logical, control and input/output
(I/O) operations specified by the instructions.
107 Control Self- Control self-assessment is a technique developed in 1987 that is used by a range of
assessment organisations including corporations, charities and government departments, to
assess the effectiveness of their risk management and control processes.

108 Control Unit The control unit (CU) is a component of a computer's central processing unit (CPU)
that directs operation of the processor. It tells the computer's memory, arithmetic/logic
unit and input and output devices how to respond to a program's instructions.

109 Cookies Cookies are small files which are stored on a user's computer. They are designed to
hold a modest amount of data specific to a particular client and website, and can be
accessed either by the web server or the client computer.

110 Core banking Strategic Information Technology defines core banking software as the functionality
software (CBS) required to run a bank or credit union.
111 Corporate The system of rules, practices and processes by which a company is directed and
governance controlled. Corporate governance essentially involves balancing the interests of the
many stakeholders in a company - these include its shareholders, management,
customers, suppliers, financiers, government and the community.

112 Crisis A Crisis Management Team is formed to protect an organization against the adverse
Management effects of crisis. Crisis Management team prepares an organization for inevitable
Team(CMT) threats.

113 Critical Business Critical Business Function(CBF) are Vital functions without which an organization will
Function (CBF) either not survive or will lose the capability to effectively achieve its critical objectives.

114 Critical Path The Critical Path Method (CPM) is one of several related techniques for doing project
Method (CPM) planning. CPM is for projects that are made up of a number of individual "activities." If
some of the activities require other activities to finish before they can start, then the
project becomes a complex web of activities.

115 Crossover Error the error rate obtained at the threshold that provides the same False Acceptance
Rate (CER) Rate and False Rejection Rate.
116 Cross-site Cross-site request forgery, also known as a one-click attack or session riding and
request forgery abbreviated as CSRF (sometimes pronounced sea-surf) or XSRF, is a type of
malicious exploit of a website whereby unauthorized commands are transmitted from
a user that the website trusts.

117 Cryptanalysis Cryptanalysis refers to the study of ciphers, cipher text, or cryptosystems (that is, to
secret code systems) with a view to finding weaknesses in them that will permit
retrieval of the plaintext from the cipher text, without necessarily knowing the key or
the algorithm.

118 Cryptography Cryptography is a method of storing and transmitting data in a particular form so that
only those for whom it is intended can read and process it. The term is most often
associated with scrambling plaintext (ordinary text, sometimes referred to as clear
text) into cipher text (a process called encryption), then back again (known as
decryption)

119 Cyber crime Computer crime, or cybercrime, is any crime that involves a computer and a network.
The computer may have been used in the commission of a crime, or it may be the
target. Net crime is criminal exploitation of the Internet, inherently a cybercrime.
120 Data analytics Data analytics is the process of examining big data to uncover hidden patterns,
unknown correlations and other useful information that can be used to make better
decisions.
121 Data Base A database administrator (DBA) is an IT professional responsible for the installation,
Administrator configuration, upgrading, administration,monitoring, maintenance, and security of
(DBA) databases in an organization.

122 Data Base Software which helps in organising, controlling and using the data needed by
Management application programs
System (DBMS)
123 Data Diddling Data diddling is the changing of data before or during entry into the computer system.
Examples include forging or counterfeiting documents used for data entry and
exchanging valid disks and tapes with modified replacements.

124 Data Encryption Data Encryption Standard (DES ) is a predominant symmetric-key algorithm for the
Standard (DES) encryption of electronic data. It was highly influential in the advancement of modern
cryptography in the academic world. Developed in the early 1970s at IBM and based
on an earlier design by Horst Feistel.

125 Data Flow A data flow diagram (DFD) is a graphical representation of the "flow" of data through
Diagrams (DFD) an information system, modelling its process aspects. A DFD is often used as a
preliminary step to create an overview of the system, which can later be elaborated.

126 Data Leak /loss Data loss prevention (DLP) is a strategy for making sure that end users do not send
Prevention (DLP) sensitive or critical information outside the corporate network. The term is also used
to describe software products that help a network administrator control what data end
users can transfer.

127 Data Management Data management is the development, execution and supervision of plans, policies,
programs and practices that control, protect, deliver and enhance the value of data
and information assets.

128 Data Migration Data migration is the process of transferring data between storage types, formats, or
computer systems. It is a key consideration for any system implementation, upgrade,
or consolidation.

129 Data Normalization involves decomposing a table into less redundant (and smaller) tables
Normalisation but without losing information; defining foreign keys in the old table referencing the
primary keys of the new ones.

130 Data Data Transmission is the physical transfer of data (a digital bit stream or a digitized
Transmission analog signal) over a point-to-point or point-to-multipoint communication channel.
Examples of such channels are copper wires, optical fibres, wireless communication
channels, storage media and computer buses.

131 Data Vault The Data Vault is a detail oriented, historical tracking and uniquely linked set of
normalized tables that support one or more functional areas of business. It is a hybrid
approach encompassing the best of breed between 3rd normal form (3NF) and star
schema. The design is flexible, scalable, consistent and adaptable to the needs of the
enterprise. It is a data model that is architected specifically to meet the needs of
today’s enterprise data warehouses.
132 Data warehouse In computing, a data warehouse (DW or DWH), also known as an enterprise data
warehouse (EDW), is a system used for reporting and data analysis. DWs are central
repositories of integrated data from one or more disparate sources.

133 Database A database administrator (DBA) is an IT professional responsible for the installation,
administrator configuration, upgrading, administration, monitoring, maintenance, and security of
(DBA) databases in an organization.

134 Database Database architecture focuses on the design, development, implementation and
architecture maintenance of computer programs that store and organize information for
businesses, agencies and institutions.

135 Deadman A mantrap or dead man door is a physical security access control system comprising
Doors/Mantrap a small space with two sets of interlocking doors, such that the first set of doors must
Systems close before the second set opens.

136 Debugger A debugger or debugging tool is a computer program that is used to test and debug
other programs (the "target" program).
137 Decision Support A Decision Support System () is a computer-based information system that supports
System (DSS) business or organizational decision-making activities. Decision support systems can
be either fully computerized, human-powered or a combination of both.

138 Demilitarized DMZ or demilitarized zone (sometimes referred to as a perimeter network) is a

zone (DMZ) physical or logical sub-network that contains and exposes an organization's external-
facing services to a larger and untrusted network, usually the Internet. The purpose of
a DMZ is to add an additional layer of security to an organization's local area network
(LAN); an external network node only has direct access to equipment in the DMZ,
rather than any other part of the network.

139 Denial Of Service A denial of service (DoS) attack is a malicious attempt to make a server or a network
(DoS) resource unavailable to users, usually by temporarily interrupting or suspending the
services of a host connected to the Internet.

140 Desk checking Desk checking is a manual (non computerised) technique for checking the logic of an
algorithm. The person performing the desk check effectively acts as the computer,
using pen and paper to record results.

141 Dictionary attack In cryptanalysis and computer security, a dictionary attack is a technique for defeating
a cipher or authentication mechanism by trying to determine its decryption key or
passphrase by trying hundreds or sometimes millions of likely possibilities, such as
words in a dictionary.

142 Digital Access Digital asset management (DAM) consists of management tasks and decisions
Management surrounding the ingestion, annotation, cataloguing, storage, retrieval and distribution
(DAM) of digital assets.
143 Digital rights Digital rights management (DRM) is a systematic approach to copyright protection for
management digital media. The purpose of DRM is to prevent unauthorized redistribution of digital
(DRM) media and restrict the ways consumers can copy content they've purchased.
144 Discretionary In computer security, discretionary access control (DAC) is a type of access control
Access Control defined by the Trusted Computer System Evaluation Criteria "as a means of
restricting access to objects based on the identity of subjects and/or groups to which
they belong.

145 Distributed Distributed Component Object Model (DCOM) is a proprietary Microsoft technology
Component for communication among software components distributed across networked
Object Model computers. DCOM, which originally was called "Network OLE", extends Microsoft's
(DCOM) COM, and provides the communication substrate under Microsoft's COM+ application
server infrastructure.

146 Distributed A distributed denial-of-service (DDoS) attack occurs when multiple systems flood the
denial-of-service bandwidth or resources of a targeted system, usually one or more web servers. Such
(DDoS) an attack is often the result of multiple compromised systems (for example a botnet)
flooding the targeted system with traffic.

147 DNS Attacks DNS spoofing or Attack is a computer hacking attack, whereby data is introduced into
a Domain Name System (DNS) resolver's cache, causing the name server to return
an incorrect IP address, diverting traffic to the attacker's computer (or any other
computer).

148 Domain Name DNS a hierarchical distributed naming system for computers, services, or any
System (DNS) resource connected to the Internet or a private network. It associates various
information with domain names assigned to each of the participating entities.

149 Domain Specialist A domain specialist is a person with special knowledge or skills in a particular area of
endeavour. An accountant is an expert in the domain of accountancy,

150 Downtime Downtime or outage duration refers to a period of time that a system fails to provide
or perform its primary function. Reliability, availability, recovery, and unavailability are
related concepts. The unavailability is the proportion of a time-span that a system is
unavailable or offline.

151 Dumpster Diving In the world of information technology, dumpster diving is a technique used to retrieve
information that could be used to carry out an attack on a computer network.
Dumpster diving isn't limited to searching through the trash for obvious treasures like
access codes or passwords written down on sticky notes.

152 Duplex A "duplex" communication channel requires two simplex channels operating in
opposite directions.
153 Dynamic systems Dynamic systems development method (DSDM) is an agile project delivery
development framework, primarily used as a software development method. It is an iterative and
method (DSDM) incremental approach that embraces principles of Agile development, including
continuous user/customer involvement.

154 Dynamic testing Dynamic testing (or dynamic analysis) is a term used in software engineering to
describe the testing of the dynamic behavior of code. That is, dynamic analysis refers
to the examination of the physical response from the system to variables that are not
constant and change with time. In dynamic testing the software must actually be
compiled and run.
155 Earned Value Earned Value Analysis (EVA) is an industry standard method of measuring a project's
Analysis (EVA) progress at any given point in time, forecasting its completion date and final cost, and
analyzing variances in the schedule and budget as the project proceeds.

156 Eavesdropping Eavesdropping or network sniffing is a network layer attack consisting of capturing
packets from the network transmitted by others' computers and reading the data
content in search of sensitive information like passwords, session tokens, or any kind
of confidential information.

157 E-commerce E-commerce (also written as e-Commerce, eCommerce or similar variants), short for
electronic commerce, is trading in products or services using computer networks,
such as the Internet.

158 Economic The purpose of the economic feasibility assessment is to determine the positive
Feasibility economic benefits to the organization that the proposed system will provide. It
includes quantification and identification of all the benefits expected. This assessment
typically involves a cost/ benefits analysis.

159 EDI EDI (Electronic Data Interchange) is the transfer of data from one computer system to
another by standardized message formatting, without the need for human
intervention. EDI permits multiple companies -- possibly in different countries -- to
exchange documents electronically.

160 Editor a program that enables you to create and edit text files.
161 Electronic Electronic Communications Privacy Act of 1986 (ECPA) was enacted by the United
Communications States Congress to extend government restrictions on wire taps from telephone calls
Privacy Act of to include transmissions of electronic data by computer, provisions prohibiting access
1986 (ECPA) to stored electronic communications

162 Electronic Electronic discovery (or e-discovery) refers to discovery in litigation or government
discovery (e- investigations which deals with the exchange of information in electronic format (often
discovery) referred to as electronically stored information or ESI).

163 Electronic funds Electronic funds transfer (EFT) is the electronic transfer of money from one bank
transfer (EFT) account to another, either within a single financial institution or across multiple
institutions, through computer-based systems and without the direct intervention of
bank staff.

164 Electrostatic Electrostatic discharge (ESD) is the sudden flow of electricity between two electrically
discharge (ESD) charged objects caused by contact, an electrical short, or dielectric breakdown. A
build-up of static electricity can be caused by tribo-charging or by electrostatic
induction.

165 Elicitation Elicitation is a technique used to discreetly gather information. It is a conversation

with a specific purpose: collect information that is not readily available and do so
without raising suspicion that specific facts are being sought. It is usually non-
threatening, easy to disguise, deniable, and effective.

166 Embedded audit A computer-assisted audit technique in which the program and additional data are
facility provided by the auditor and incorporated into the computerized accounting system of
the client.
167 Emergency An emergency operations center (EOC) is a central command and control facility
operations center responsible for carrying out the principles of emergency preparedness and
(EOC) emergency management, or disaster management functions at a strategic level in an
emergency situation, and ensuring the continuity of operation of a company, political
subdivision or other organization.

168 EMI EMI (electromagnetic interference) is the disruption of operation of an

(electromagnetic electronic device when it is in the vicinity of an electromagnetic field (EM field)
interference) in the radio frequency (RF) spectrum that is caused by another electronic
device.

169 Encryption Encryption is the most effective way to achieve data security. To read an encrypted
file, you must have access to a secret key or password that enables you to decrypt it.
Unencrypted data is called plain text ;encrypted data is referred to as cipher text.

170 Endpoint security In network security, endpoint security refers to a methodology of protecting the
corporate network when accessed via remote devices such as laptops or other
wireless and mobile devices. Each device with a remote connecting to the network
creates a potential entry point for security threats.

171 Enterprise Java Enterprise Java Beans (EJB) is a development architecture for building highly
Beans (EJB) scalable and robust enterprise level applications to be deployed on J2EE compliant
Application Server such as JBOSS, Web Logic etc.EJB 3.0 is being a great shift from
EJB 2.0 and makes development of EJB based applications quite easy.

172 Enterprise Enterprise resource planning (ERP) is business management software—typically a

resource planning suite of integrated applications—that a company can use to collect, store, manage
(ERP) and interpret data from many business activities, including: Product planning, cost.
Manufacturing or service delivery. Marketing and sales.

173 Enterprise risk Enterprise risk management (ERM) in business includes the methods and processes
Management used by organizations to manage risks and seize opportunities related to the
(ERM) achievement of their objectives. ERM provides a framework for risk management,
which typically involves identifying particular events or circumstances relevant to the
organization's objectives (risks and opportunities), assessing them in terms of
likelihood and magnitude of impact, determining a response strategy, and monitoring
progress.

174 Extranet An extranet is a website that allows controlled access to partners, vendors and
suppliers or an authorized set of customers - normally to a subset of the information
accessible from an organization's intranet.

175 Extreme Extreme programming (XP) is a software development methodology which is intended
programming to improve software quality and responsiveness to changing customer requirements.
(XP)
176 False acceptance The false acceptance rate, or FAR, is the measure of the likelihood that the biometric
rate(FAR) security system will incorrectly accept an access attempt by an unauthorized user. A
system's FAR typically is stated as the ratio of the number of false acceptances
divided by the number of identification attempts.
177 False rejection The false rejection rate is the measure of the likelihood that the biometric security
rate (FRR) system will incorrectly reject an access attempt by an authorized user. A system's
FRR typically is stated as the ratio of the number of false rejections divided by the
number of identification attempts.

178 Feasibility The state or degree of being easily or conveniently done.

179 Feasibility Study Feasibility study is an assessment of the practicality of a proposed project.

180 Finacle Finacle is a core banking software package developed by Indian technology
corporation Infosys. It is used by multiple banks across several countries, it can
handle multi-currency transactions.

181 Fire Wall In computing, a firewall is a network security system that monitors and controls the
incoming and outgoing network traffic based on an applied security rules.A firewall
typically establishes a barrier between a trusted, secure internal network and another
outside network, such as the Internet, that is assumed to not be secure or trusted.

182 First responder A first responder is an employee of an emergency service who is likely to be among
the first people to arrive at and assist at the scene of an emergency, such as an
accident, natural disaster, or terrorist attack. First responders typically include police
officers, fire fighters ,paramedics, and emergency medical technicians

183 Flexcube Flexcube is an internationally recognized core banking software developed by Oracle
Financial Solutions [ previously known as iFlex Solutions Limited ]. It is currently used
by top banks worldwide and in Nigeria . It is user-friendly and flexible to add value to
banking operations.

184 FM200 FM200 ( inert gas) systems reach extinguishing levels in 10 seconds or less, stopping
ordinary combustible, electrical, and flammable liquid fires before they cause
significant damage. FM200 extinguishes the fire quickly, which means less damage,
lower repair costs.

185 Forward Forward engineering is the opposite of reverse engineering. In forward engineering,
engineering one takes a set of primitives of interest, builds them into a working system, and then
observes what the system can and cannot do.

186 Four Eyes The four eyes principle is a requirement that two individuals approve some action
principle before it can be taken. The four eyes principle is sometimes called the two-man rule
or the two-person rule.

187 Front End User interface which works with Data base.
188 Function Point Function Point Analysis (FPA) is a sizing measure of clear business significance. First
Analysis (FPA) made public by Allan Albrecht of IBM in 1979, the FPA technique quantifies the
functions contained within software in terms that are meaningful to the software users.

189 Functional Functional organization is a type of organizational structure that uses the principle of
organization specialization based on function or role.
190 Functional In software engineering (and systems engineering), a functional requirement defines
Requirement a function of a system and its components. A function is described as a set of inputs,
the behaviour, and outputs . Functional requirements may be calculations, technical
details, data manipulation and processing and other specific functionality that define
what a system is supposed to accomplish.

191 Functional testing Functional testing is a quality assurance (QA) process and a type of black box testing
that bases its test cases on the specifications of the software component under test.

192 Gantt Chart A Gantt chart is a horizontal bar chart developed as a production control tool in 1917
by Henry L. Gantt, an American engineer and social scientist. Frequently used in
project management, a Gantt chart provides a graphical illustration of a schedule that
helps to plan, coordinate, and track specific tasks in a project.

193 Gateway A node on a network that serves as an entrance to another network. In enterprises,
the gateway is the computer that routes the traffic from a workstation to the outside
network that is serving the Web pages. In homes, the gateway is the ISP that
connects the user to the internet.

194 Generalized audit Generalized audit software (GAS) refers to software designed to read, process and
software (GAS) write data with the help of functions performing specific audit routines and with self-
made macros. It is a tool in applying Computer Assisted Auditing Techniques.

195 Governance The process of decision-making and the process by which decisions are implemented
(or not implemented).
196 Governance of Governance of enterprise IT (GEIT) is a system which successfully brings myriad
enterprise IT benefits including lower costs, greater control and overall increased efficiency and
(GEIT) effectiveness. The primary purpose of using a GEIT system is to deliver value to
stakeholders.

197 Gramm–Leach– The Gramm–Leach–Bliley Act (GLBA), also known as the Financial Services
Bliley Act (GLBA), Modernization Act of 1999 and commonly pronounced ″glibba″, (Pub.L. 106–102, 113
Stat. 1338, enacted November 12, 1999) is an actof the 106th United States
Congress (1999–2001).

198 Graphical user A graphical user interface (GUI) is a human-computer interface (i.e., a way for
interface (GUI) humans to interact with computers) that uses windows, icons and menus and which
can be manipulated by a mouse (and often to a limited extent by a keyboard as well).

199 Gray-box testing Gray-box testing (International English spelling: grey-box testing) is a combination of
white-box testing and black-box testing. The aim of this testing is to search for the
defects if any due to improper structure or improper usage of applications.

200 Hacking Hacking is to gain unauthorized access to data in a system or computer.

201 HADOOP Hadoop is an open-source framework that allows to store and process big data in a
distributed environment across clusters of computers using simple programming
models. It is designed to scale up from single servers to thousands of machines, each
offering local computation and storage.
202 Half Duplex Is a communications channel that operates in one direction at a time, but that may be
reversible.
203 Hardware Computer hardware is the physical parts or components of a computer, such as the
monitor, mouse, keyboard, computer data storage, hard disk drive (HDD), system unit
(graphic cards, sound cards, memory, motherboard and chips), and so on, all of
which are physical objects that can be touched.

204 Heat map A heat map is a two-dimensional representation of data in which values are
represented by colors. A simple heat map provides an immediate visual summary of
information. More elaborate heat maps allow the viewer to understand complex data
sets.

205 HIPAA HIPAA is the federal Health Insurance Portability and Accountability Act of 1996. The
primary goal of the law is to make it easier for people to keep health insurance,
protect the confidentiality and security of healthcare information and help the
healthcare industry control administrative costs.

206 Hosts file The hosts file is a computer file used by an operating system to map hostnames to IP
addresses. The hosts file is a plain text file, and is conventionally named hosts.

207 Hotfix A hotfix or Quick Fix Engineering update (QFE update) is a single, cumulative
package that includes information (often in the form of one or more files) that is used
to address a problem in a software product (i.e. a software bug). Typically, hotfixes
are made to address a specific customer situation. The term "hotfix" was originally
applied to software patches that were applied to "hot" systems; that is, systems which
are live, currently running and in production status rather than development status.
For the developer, a hotfix implies that the change may have been made quickly and
outside normal development and testing processes.

208 IaaS IaaS is defined as computer infrastructure, such as virtualization, being delivered as a
service. IaaS is popular in the data center where software and servers are purchased
as a fully outsourced service and usually billed on usage and how much of the
resource is used.

209 IDE (Integrated An integrated development environment (IDE) is a programming environment that has
Development been packaged as an application program, typically consisting of a code editor, a
Environment) compiler, a debugger, and a graphical user interface (GUI) builder.

210 IDEA Tool IDEA is a powerful and user-friendly data analysis tool designed to help auditors,
accountants and other finance professionals perform data analysis quickly to help
improve audits and identify control breakdowns.

211 Identification Identification is the process of presenting an identity to a system. It is done in the
initial stages of gaining access to the system and is what happens when you claim to
be a particular system user.

212 Identity & Access Identity and Access Management (IAM) Identity and access management (IAM) is the
Management security discipline that enables the right individuals to access the right resources at
(IDAM) the right times for the right reasons.

213 Implementation The process of putting a decision or plan into effect; execution.
214 Incremental Incremental Model is combination of one or more Waterfall Models. In Incremental
Model Model, Project requirements are divided into multiple modules and each module is
developed separately.

215 Information An information asset is a body of information, defined and managed as a single unit
Assets so it can be understood, shared, protected and exploited effectively. Information
assets have recognisable and manageable value, risk, content and lifecycles.

216 Information An information processing facility is defined as any system, service, or infrastructure,
processing or any physical location that houses. these things. A facility can be either an activity
facility (IFP) or a place; it can be either tangible or intangible.

217 Information The Information Technology Assurance Framework (ITAF) is a comprehensive and
Technology good-practice-setting model that: Provides guidance on the design, conduct and
Assurance reporting of IT audit and assurance assignments , defines terms and concepts
Framework (ITAF) specific to IT assurance, establishes standards that address IT audit and assurance
professional roles, responsibilities, knowledge, skills and reporting requirements .

218 Information The Information Technology Assurance Framework (ITAF), published by ISACA, is a
Technology comprehensive and good-practice-setting model that: Provides guidance on the
Assurance design, conduct and reporting of IT audit and assurance assignments; Defines terms
Framework (ITAF) and concepts specific to IT assurance;

219 Information ITIL, formerly an acronym for Information Technology Infrastructure Library, is a set of
Technology practices for IT Service Management (ITSM) that focuses on aligning IT services with
Infrastructure the needs of business.
Library (ITIL)
220 Integrated Test The ITF technique involves establishing a mini company or dummy entity on an
Facility (ITF) application system’s files and processing audit test data against the entity as a means
of verifying processing authenticity, accuracy and completeness. Auditors would then
use test data to update the fictitious entities.

221 Integration Integration testing (sometimes called integration and testing, abbreviated I&T) is the
testing phase in software testing in which individual software modules are combined and
tested as a group. It occurs after unit testing and before validation testing.

222 Integrity Integrity refers to maintaining and assuring the accuracy and consistency of data over
its entire life-cycle, and is a critical aspect to the design, implementation and usage of
any system which stores, processes, or retrieves data.

223 Internal control Internal control, as defined in accounting and auditing, is a process for assuring
achievement of an organization's objectives in operational effectiveness and
efficiency, reliable financial reporting, and compliance with laws, regulations and
policies.

224 International International Federation of Accountants (IFAC) is the global organization for the
Federation of accountancy profession. Founded in 1977, IFAC has 175 members and associates in
Accountants 130 countries and jurisdictions, representing more than 2.5 million accountants
(IFAC) employed in public practice, industry and commerce, government, and academe.
225 Internet Control The Internet Control Message Protocol (ICMP) is one of the main protocols of the
Message Protocol Internet Protocol Suite. It is used by network devices, like routers, to send error
(ICMP) messages indicating, for example, that a requested service is not available or that a
host or router could not be reached.

226 Internet The Internet Engineering Task Force (IETF) is a large open international community
Engineering Task of network designers, operators, vendors, and researchers concerned with the
Force (IETF) evolution of the Internet architecture and the smooth operation of the Internet.
227 Internet Protocol IP Network is a communication network that uses Internet Protocol to send and
Network receive messages between one and more computers.

228 Internet Protocol Internet Protocol Security (IPsec) is a protocol suite for securing Internet Protocol (IP)
Security (IPsec) communications by authenticating and encrypting each IP packet of a communication
session.

229 Interpreter In computer science, an interpreter is a computer program that directly executes, i.e.
performs, instructions written in a programming or scripting language, without
previously compiling them into a machine language program.

230 Intrusion An intrusion detection system (IDS) is a device or software application that monitors
detection system network or system activities for malicious activities or policy violations and produces
(IDS) reports to a management station.

231 Intrusion Intrusion prevention systems (IPS), are network security appliances that monitor
Prevention network and/or system activities for malicious activity.
System(IPS)
232 Ionosphere The ionosphere is a region of Earth's upper atmosphere, from about 60 km (37 mi) to
1,000 km (620 mi) altitude, and includes the thermosphere and parts of the
mesosphere and exosphere.

233 IP Spoofing IP spoofing is one of the most common forms of on-line camouflage. In IP spoofing,
an attacker gains unauthorized access to a computer or a network by making it
appear that a malicious message has come from a trusted machine by “spoofing” the
IP address of that machine.

234 ISACA ISACA is an international professional association focused on IT Governance.

Previously known as the Information Systems Audit and Control Association, ISACA
now goes by its acronym only, to reflect the broad range of IT governance
professionals it serves.

235 ISMS (Information An ISMS is a framework of policies and procedures that includes all legal, physical
Security and technical controls involved in an organisation's information risk management
Management processes.
System)
236 ISO 27001 ISO 27001:2013 is an information security standard that was published on the 25th
September 2013. It is a specification for an information security management system
(ISMS).
237 ISO 31000 ISO 31000:2009, Risk management – Principles and guidelines, provides principles,
framework and a process for managing risk. It can be used by any organization
regardless of its size, activity or sector.
238 ISO/IEC 15504 ISO/IEC 15504 Information technology — Process assessment, also known as
SPICE (Software Process Improvement and Capability Determination), is a set of
technical standards documents for the computer software development process and
related business management functions.

239 ISO/IEC 27000 The ISO 27000 family of standards helps organizations keep information assets
secure. Using this family of standards will help organization manage the security of
assets such as financial information, intellectual property, employee details or
information entrusted to you by third parties.ISO/IEC 27001 is the best-known
standard in the family providing requirements for an information security management
system (ISMS).

240 ISO/IEC 38500 ISO/IEC 38500:2015 provides guiding principles for members of governing bodies of
organizations (which can comprise owners, directors, partners, executive managers,
or similar) on the effective, efficient, and acceptable use of information technology (IT)
within their organizations.

241 IT governance IT governance (ITG) is defined as the processes that ensure the effective and
efficient use of IT in enabling an organization to achieve its goals.

242 IT Governance The IT Governance Institute (ITGI) was formed by ISACA in 1998 to advance
Institute (ITGI) international thinking on GEIT.
243 IT Security Policy A IT security policy is a strategy for how your company will implement Information
Security principles and technologies. It is essentially a business plan that applies only
to the Information Security aspects of a business.

244 Joint Application Joint Application Development (JAD) is a development methodology system originally
Development used for designing a computer-based system, but can be applied to any development
(JAD) process. It involves continuous interaction with the users and different designers of
the system in development.

245 Kerberos Kerberos is a computer network authentication protocol which works on the basis of
'tickets' to allow nodes communicating over a non-secure network to prove their
identity to one another in a secure manner.

246 Key Goal KGI / Key Goal Indicators refers to pre-set indicators of process objectives (goals)
Indicators (KGI) that indicate what should be achieved by a process (they define an objective).

247 Key Logger A key logger is a type of surveillance software (considered to be either software or
spyware) that has the capability to record every keystroke you make to a log file,
usually encrypted. A key logger recorder can record instant messages, e-mail, and
any information you type at any time using your keyboard.

248 Key Man policies An employer may take out a key person insurance policy on the life or health of any
employee whose knowledge, work, or overall contribution is considered uniquely
valuable to the company. This helps in securing information.

249 Key Performance A Key Performance Indicator (KPI) is a measurable value that demonstrates how
Indicator (KPI) effectively a company is achieving key business objectives. Organizations use KPIs to
evaluate their success at reaching targets.

250 Key Risk A Key Risk Indicator, also known as a KRI, is a measure used in management to
Indicator (KRI) indicate how risky an activity is.
251 Kickoff Meeting The Kickoff Meeting is the first meeting with the project team and the client of the
project. This meeting would follow definition of the base elements for the project and
other project planning activities.

252 Linker a linker or link editor is a computer program that takes one or more object files
generated by a compiler and combines them into a single executable file, library file,
or another object file.
253 LISP Lisp (historically, LISP) is a family of computer programming languages with a long
history and a distinctive, fully parenthesized Polish prefix notation.

254 Loader In computing, a loader is the part of an operating system that is responsible for
loading programs and libraries.
255 Logic bomb A logic bomb is a piece of code intentionally inserted into a software system that will
set off a malicious function when specified conditions are met.

256 logic error In computer programming, a logic error is a bug in a program that causes it to operate
incorrectly, but not to terminate abnormally (or crash). A logic error produces
unintended or undesired output or other behaviour, although it may not immediately
be recognised as such.

257 MAC spoofing MAC spoofing is a technique for changing a factory-assigned Media Access Control
(MAC) address of a network interface on a networked device. The MAC address is
hard-coded on a network interface controller (NIC) and cannot be changed.

258 Machine Cycle The steps performed by the computer processor for each machine language
instruction received. The machine cycle is a 4 process cycle that includes reading and
interpreting the machine language, executing the code and then storing that code.

259 Macro virus A macro virus is a computer virus that "infects" a Microsoft Word or similar application
and causes a sequence of actions to be performed automatically when the application
is started or something else triggers it.

260 Magnetic Ink Magnetic Ink Character Recognition Code (MICR Code) is a character-recognition
Character technology used mainly by the banking industry to ease the processing and clearance
Recognition Code of cheques and other documents.
(MICR Code)
261 Malware Malware' is an umbrella term used to refer to a variety of forms of hostile or intrusive
software, including computer viruses, worms, trojan horses, ransom ware, spyware,
adware, scareware, and other malicious programs. It can take the form of executable
code, scripts, active content, and other software.

262 Management Management in businesses and organizations is the function that coordinates the
efforts of people to accomplish goals and objectives by using available resources
efficiently and effectively.

263 Mandatory In computer security, mandatory access control (MAC) refers to a type of access
Access Control control by which the operating system constrains the ability of a subject or initiator to
access or generally perform some sort of operation on an object or target.
264 Man-in-the-middle In cryptography and computer security, a man-in-the-middle attack (often abbreviated
attack to MITM, MitM, MIM, MiM or MITMA) is an attack where the attacker secretly relays
and possibly alters the communication between two parties who believe they are
directly communicating with each other.

265 MapReduce MapReduce is a programming model and an associated implementation for

processing and generating large data sets with a parallel, distributed algorithm on a
cluster. Conceptually similar approaches have been very well known since 1995 with
the Message Passing Interface standard having reduce and scatter operations.

266 Masquerading Masquerade is a disguise. In terms of communications security issues, a masquerade

is a type of attack where the attacker pretends to be an authorized user of a system in
order to gain access to it or to gain greater privileges than they are authorized for.

267 Master Boot Many destructive viruses damage the Master Boot Record and make it impossible to
Record Virus start the computer from the hard disk. Because the code in the Master Boot Record
executes before any operating system is started, no operating system can detect or
recover from corruption of the Master Boot Record.

268 Matrix The matrix organization structure is a combination of two or more types of
organization organization structure, such as the projectized organization structure and the
functional organization structure. These two types of organization structures
represent the two extreme points of a string, while the matrix organization structure is
a balance of these two.

269 Mean time Mean time between failures (MTBF) is the predicted elapsed time between inherent
between failures failures of a system during operation. MTBF can be calculated as the arithmetic
(MTBF) mean(average) time between failures of a system.

270 Mean Time To Mean Time To Repair (MTTR) is a basic measure of the maintainability of repairable
Repair (MTTR) items. It represents the average time required to repair a failed component or device.
Expressed mathematically, it is the total corrective maintenance time for failures
divided by the total number of corrective maintenance actions for failures during a
given period of time.

271 Media Access a hardware address that uniquely identifies each node of a network.
Control (MAC)
address
272 Memory Unit of computer system that stores data and programs.
273 Microsoft Microsoft Transaction Server is a component-based transaction processing system
Transaction that allows developers to build, deploy, and administer robust network applications. In
Server (MTS) being component based, Microsoft Transaction Server (MTS) uses standard COM
components to encapsulate business logic that forms applications.

274 Milestone A milestone is a task of zero duration that shows an important achievement in a
project. Milestones are a way of knowing how the project is advancing if you are not
familiar with the tasks being executed. They have zero duration because they
symbolize an achievement, a point of time in a project.
275 Mobile banking Mobile banking is a term used to refer to systems that allow customers of a financial
institution to conduct a number of financial transactions through a mobile device such
as a mobile phone or tablet.

276 Mobile Mobile technology is the technology used for cellular communication. Mobile code
technology division multiple access (CDMA) technology has evolved rapidly over the past few
years.
277 Modem A modem (modulator-demodulator) is a device that modulates one or more carrier
wave signals to encode digital information for transmission and demodulates signals
to decode the transmitted information. The goal is to produce a signal that can be
transmitted easily and decoded to reproduce the original digital data.

278 Multiplexing Multiplexing(sometimes contracted to muxing) is a method by which multiple analog

message signals or digital data streams are combined into one signal over a shared
medium. The aim is to share an expensive resource.

279 Naive Users Naive Users are unsophisticated users who interact with the system by using
permanent application programs (e.g. automated teller machine).

280 National National Electronic Funds Transfer (NEFT) is one of the most prominent electronic
Electronic Funds funds transfer systems of India. Started in Nov.-2005, NEFT is a facility provided to
Transfer (NEFT) bank customers to enable them to transfer funds easily and securely on a one-to-one
basis.

281 National Financial National Financial Reporting Authority (NFRA), the proposed apex body for
Reporting accounting and auditing standards, will have powers to probe and review audits of
Authority (NFRA) companies, including those which have securities listed outside India.

282 Natural language Natural language processing (NLP) is a field of computer science, artificial
intelligence, and computational linguistics concerned with the interactions between
computers and human (natural) languages. As such, NLP is related to the area of
human–computer interaction.

283 Negative testing Negative testing ensures that your application can gracefully handle invalid input or
unexpected user behaviour.
284 Network address Network address translation (NAT) is a methodology of remapping one IP address
translation (NAT) space into another by modifying network address information in Internet Protocol
(IP)datagram packet headers while they are in transit across a traffic routing device.

285 Network Interface A network interface card (NIC) is a circuit board or card that is installed in a computer
Card (NIC) so that it can be connected to a network.

286 Network Protocol A protocol is a set of rules that governs the communications between computers on a
network. In order for two computers to talk to each other, they must be speaking the
same language
287 Noise Noise refers to any external and unwanted information that interferes with a
transmission signal. Noise can diminish transmission strength and disturb overall
communication efficiency. In communications, noise can be created by radio waves,
power lines, lightning and bad connections.
288 Non Disclosure A non-disclosure agreement (NDA), also known as a confidentiality agreement (CA),
Agreement(NDA) confidential disclosure agreement (CDA), proprietary information agreement (PIA), or
secrecy agreement (SA), is a legal contract between at least two parties that outlines
confidential material, knowledge, or information that the parties

289 Non-Functional In systems engineering and requirements engineering, a non-functional requirement

Requirement is a requirement that specifies criteria that can be used to judge the operation of a
system, rather than specific behaviours. This should be contrasted with functional
requirements that define specific behaviour or functions.

290 NoSQL A NoSQL (originally referring to "non SQL" or "non relational") database provides a
mechanism for storage and retrieval of data that is modeled in means other than the
tabular relations used in relational databases.

291 Object An object can be a variable, a data structure, or a function. In the class-based object-
oriented programming paradigm, "object" refers to a particular instance of a class
where the object can be a combination of variables, functions, and data structures.

292 Object Oriented The Object-Oriented Software Development Method (OOSD) includes object-oriented
Software requirements analysis, as well as object-oriented design. OOSD is a practical method
Development of developing a software system which focuses on the objects of a problem
(OOSD) throughout development. OOSD's focus on objects early in the development, with
attention to generating a useful model, creates a picture of the system that is
modifiable, reusable, reliable, and understandable

293 One Time A one-time password (OTP) is a password that is valid for only one login session or
Password (OTP) transaction, on a computer system or other digital device.

294 Operating System An operating system (OS) is software that manages computer hardware and software
resources and provides common services for computer programs. The operating
system is an essential component of the system software in a computer system.
Application programs usually require an operating system to function

295 Operational Operational resilience is a set of techniques that allow people, processes and
Resilience informational systems to adapt to changing patterns. It is the ability to alter operations
in the face of changing business conditions.

296 Operational-level An operational-level agreement (OLA) defines the interdependent relationships in

agreement (OLA) support of a service-level agreement (SLA). The agreement describes the
responsibilities of each internal support group toward other support groups, including
the process and timeframe for delivery of their services.

297 Outsourcing Outsourcing is an arrangement in which one company provides services for another
company that could also be or usually have been provided in-house. Outsourcing is a
trend that is becoming more common in information technology and other industries
for services that have usually been regarded as intrinsic to managing a business.
298 PaaS Platform as a service (PaaS) is a category of cloud computing services that provides
a platform allowing customers to develop, run, and manage Web applications without
the complexity of building and maintaining the infrastructure typically associated with
developing and launching an app.

299 Parallel testing Parallel testing means testing multiple applications or subcomponents of one
application concurrently to reduce the test time. Parallel tests consist of two or more
parts (projects or project suites) that check different parts or functional characteristics
of an application.

300 Parallel Parallel Transmission is a method of conveying multiple binary digits (bits)
Transmission simultaneously through a communication channel
301 Parity Check A parity bit, or check bit is a bit added to the end of a string of binary code that
indicates whether the number of bits in the string with the value one is even or odd.
Parity bits are used as the simplest form of error detecting code.

302 Password Policy A password policy is a set of rules designed to enhance computer security by
encouraging users to employ strong passwords and use them properly. A password
policy is often part of an organization's official regulations and may be taught as part
of security awareness training.

303 Patch / Patch A patch is a piece of software designed to update a computer program or its
Management supporting data, to fix or improve it. This includes fixing security vulnerabilities and
other bugs, with such patches usually called bugfixes or bug fixes, and improving the
usability or performance. Although meant to fix problems, poorly designed patches
can sometimes introduce new problems. In some special cases updates may
knowingly break the functionality, for instance, by removing components for which the
update provider is no longer licensed or disabling a device.Patch management is the
process of using a strategy and plan of what patches should be applied to which
systems at a specified time.

304 Payment Card The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary
Industry Data information security standard for organizations that handle branded credit cards from
Security Standard the major card schemes including Visa, MasterCard, American Express, Discover,
(PCI DSS) and JCB.

305 PCI DSS The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary
information security standard for organizations that handle branded credit cards from
the major card schemes including Visa, MasterCard, American Express, Discover,
and JCB.

306 Penetration test A penetration test, or sometimes pentest, is a software attack on a computer system
that looks for security weaknesses, potentially gaining access to the computer's
features and data.
307 Performance Performance testing is testing that is performed, to determine how fast some aspect
testing of a system performs under a particular workload. It can serve different purposes like
it can demonstrate that the system meets performance criteria. It can compare two
systems to find which performs better.
308 Personal A personal identification number (PIN, pronounced "pin"; often redundantly PIN
Identification number) is a numeric password shared between a user and a system, that can be
Number (PIN) used to authenticate the user to the system.

309 Personally Personally identifiable information (PII) is any data that could potentially identify a
identifiable specific individual. Any information that can be used to distinguish one person from
information (PII) another and can be used for de-anonymizing anonymous data can be considered PII.

310 Phishing Phishing is the attempt to acquire sensitive information such as usernames,
passwords, and credit card details (and sometimes, indirectly, money), often for
malicious reasons, by masquerading as a trustworthy entity in an electronic
communication

311 Photoelectric A photoelectric sensor, or photo eye, is a device used to detect the distance,
sensor absence, or presence of an object by using a light transmitter, often infrared, and a
photoelectric receiver.

312 Piggybacking Piggybacking on Internet access is the practice of establishing a wireless Internet
connection by using another subscriber's wireless Internet access service without the
subscriber's explicit permission or knowledge.

313 Ping of death On the Internet, ping of death is a denial of service (DoS) attack caused by an
attacker deliberately sending an IP packet larger than the 65,536 bytes allowed by the
IP protocol
314 Please include Business Drivers, Data Flow Diagrams (DFD), Process Flow Diagrams (PFD), Scope
the following Creep, SMART Objectives, WBS (Work Breakdown Structure), Work packages (WP),
additional terms: Project Sponsor, IDE (Integrated Development Environment), OOSD (Object Oriented
Software Development), System Landscape, Code Librarian, Production
System/Environment, Data Migration, Certification & Accreditation, Source Code

315 Pluggable A pluggable authentication module (PAM) is a mechanism to integrate multiple low-
authentication level authentication schemes into a high-level application programming interface
module (PAM (API). It allows programs that rely on authentication to be written independently of the
underlying authentication scheme.

316 Point of sale The point of sale (POS) is the time and place where a retail transaction is completed.
(POS) It is the point at which a customer makes a payment to the merchant in exchange for
goods or after provision of a service.

317 Polymorphic A virus that changes its virus signature (i.e., its binary pattern) every time it replicates
virus and infects a new file in order to keep from being detected by an antivirus program.

318 Port In computer networking, a port serves as an endpoint in an operating system for
many types of communication. It is not a hardware device, but a logical construct that
identifies a service or process.

319 Port Scan A port scan is a series of messages sent by someone attempting to break into a
computer to learn which computer network services, each associated with a "well-
known" port number, the computer provides.
320 Positive Positive Acknowledgment with Re-Transmission (PAR), is a method used by TCP to
Acknowledgment verify receipt of transmitted data. PAR operates by re-transmitting data at an
with Re- established period of time until the receiving host acknowledges reception of the data.
Transmission
 (PAR),

321 Positive testing Positive testing is a testing technique to show that a product or application under test
does what it is supposed to do. Positive testing verifies how the application behaves
for the positive set of data.

322 Post Office Post Office Protocol (POP) is an application-layer Internet standard protocol used by
Protocol (POP) local e-mail clients to retrieve e-mail from a remote server over a TCP/IP connection.
POP has been developed through several versions, with version 3 (POP3) being the
last standard in common use before largely made obsolete by the more advanced
IMAP.

323 Pretty Good Pretty Good Privacy (PGP) is a data encryption and decryption computer program
Privacy (PGP) that provides cryptographic privacy and authentication for data communication. PGP
is often used for signing, encrypting, and decrypting texts, e-mails, files, directories,
and whole disk partitions and to increase the security of e-mail communications.

324 PRINCE PRINCE2 (an acronym for Projects IN Controlled Environments) is a de facto
process-based method for effective project management. Used extensively by the UK
Government, PRINCE2 is also widely recognised and used in the private sector, both
in the UK and internationally.

325 Process Flow A process flow diagram (PFD) is a diagram commonly used in chemical and process
Diagram ( PFD) engineering to indicate the general flow of plant processes and equipment. The PFD
displays the relationship between major equipment of a plant facility and does not
show minor details such as piping details and designations.

326 Production Production environment is a term used mostly by developers to describe the setting
Environment where software and other products are actually put into operation for their intended
uses by end users. A production environment can be thought of as a real-time setting
where programs are run and hardware setups are installed and relied on for
organization or commercial daily operations.

327 Program Coding A programming language is a formal constructed language designed to communicate
Language instructions to a machine, particularly a computer. Programming languages can be
used to create programs to control the behaviour of a machine or to express
algorithms.

328 Program Coding Coding standards are a set of guidelines for a specific programming language that
Standards recommend programming style, practices and methods for each aspect of a piece
program written in this language.

329 Program The Program Evaluation and Review Technique (PERT) is a network model that
Evaluation and allows for randomness in activity completion times. PERT was developed in the late
Review 1950's for the U.S. Navy's Polaris project having thousands of contractors.
Technique (PERT)
330 Program Program management or programme management is the process of managing
Management several related projects, often with the intention of improving an organization's
performance. In practice and in its aims it is often closely related to systems
engineering and industrial engineering.

331 Programmer A programmer, computer programmer, developer, coder, or software engineer is a

person who writes computer software. The term computer programmer can refer to a
specialist in one area of computer programming or to a generalist who writes code for
many kinds of software.

332 Project Initiation The project initiation phase is the critical phase within the project life-cycle. It is also
called the project pre-planning phase and about stating the basic characteristics of
the project.

333 Project Project Management Body of Knowledge (PMBOK Guide) is a book which presents a
Management set of standard terminology and guidelines (a body of knowledge) for project
Body of management.
Knowledge
(PMBOK Guide)
334 Project A methodology is a model, which project managers employ for the design, planning,
management implementation and achievement of their project objectives. There are different
methodologies project management methodologies to benefit different projects.

335 Project Planning The Project Planning Phase is the second phase in the project life cycle. It involves
creating of a set of plans to help guide your team through the execution and closure
phases of the project.

336 Project Sponsor A senior management role that typically involves approving or supporting the
allocation of resources for a venture, defining its goals and assessing the venture's
eventual success. Furthermore, a project sponsor might also champion or advocate
for the project to be adopted with other members of senior management within the
business.

337 Projectized In projectized organizations, organizations arrange their activities into programs or
organization portfolios, and implement them through the projects. Here, the project manager is in
charge of his project, and he has full authority over it. Everyone in his team reports to
him.

338 PROLOG PROLOG is a general purpose logic programming language associated with artificial
intelligence and computational linguistics. PROLOG has its roots in first-order logic, a
formal logic, and unlike many other programming languages, PROLOG is declarative:
the program logic is expressed in terms of relations, represented as facts and rules. A
computation is initiated by running a query over these relations.

339 Prototyping The Prototyping Model is a systems development method (SDM) in which a prototype
Model (an early approximation of a final system or product) is built, tested, and then
reworked as necessary until an acceptable prototype is finally achieved from which
the complete system or product can now be developed.
340 Public key A public key infrastructure (PKI) is a set of hardware, software, people, policies, and
infrastructure procedures needed to create, manage, distribute, use, store, and revoke digital
(PKI) certificates and manage public-key encryption.

341 Qualitative Qualitative descriptions or distinctions are based on some quality or characteristic
rather than on some quantity or measured value.

342 Quality assurance Quality assurance (QA) is a way of preventing mistakes or defects in manufactured
(QA) products and avoiding problems when delivering solutions or services to customers;
which ISO 9000 defines as "part of quality management focused on providing
confidence that quality requirements will be fulfilled".

343 Quality The act of overseeing all activities and tasks needed to maintain a desired level of
Management excellence. This includes creating and implementing quality planning and assurance,
as well as quality control and quality improvement.

344 Quantitative The term quantitative refers to a type of information or data that is based on quantities
obtained using a quantifiable measurement process. In contrast, qualitative
information records qualities that are descriptive, subjective or difficult to measure.

345 Query A query is a set of instructions that describes what data to retrieve from a given data
source (or sources) and what shape and organization the returned data should have.
A query is distinct from the results that it produces.

346 RACI chart A RACI chart is a matrix of all the activities or decision making authorities undertaken
in an organisation set against all the people or roles. At each intersection of activity
and role it is possible to assign somebody responsible, accountable, consulted or
informed for that activity or decision.

347 Random-access Random-access memory is a form of computer data storage. A random-access

memory (RAM) memory device allows data items to be accessed (read or written) in almost the same
amount of time irrespective of the physical location of data inside the memory

348 Rapid application Rapid application development (RAD) is a software development methodology that
development uses minimal planning in favour of rapid prototyping. A prototype is a working model
(RAD) that is functionally equivalent to a component of the product.

349 Read-only Read-only memory (ROM) is a class of storage medium used in computers and other
memory (ROM) electronic devices. Data stored in ROM can only be modified slowly, with difficulty, or
not at all.
350 Reconnaissance Reconnaissance is a mission to obtain information by visual observation or other
detection methods, about the activities and resources of an enemy or potential
enemy, or about the meteorologic, hydrographic, or geographic characteristics of a
particular area.

351 Recovery testing In software testing, recovery testing is the activity of testing how well an application is
able to recover from crashes, hardware failures and other similar problems. Recovery
testing is the forced failure of the software in a variety of ways to verify that recovery
is properly performed.
352 Registers Register is a small amount of storage available as part of a digital processor, such as
a central processing unit (CPU). Such registers are typically addressed by
mechanisms other than main memory and can be accessed faster.

353 Registration A registration authority (RA) is an authority in a network that verifies user requests for
Authority (RA) a digital certificate and tells the certificate authority(CA) to issue it.

354 Regression Regression testing is a type of software testing that seeks to uncover new software
testing bugs, or regressions, in existing functional and non-functional areas of a system after
changes such as enhancements, patches or configuration changes, have been made
to them.

355 Relational A relational database management system (RDBMS) is a database management

database system (DBMS) that is based on the relational model as invented by E. F. Codd, of
management IBM's San Jose Research Laboratory. Many popular databases currently in use are
system (RDBMS) based on the relational database model.

356 Remote Remote Authentication Dial-In User Service (RADIUS) is a networking protocol that
Authentication provides centralized Authentication, Authorization, and Accounting (AAA)
Dial-In User management for users who connect and use a network service.
Service (RADIUS)
357 Remote Method Remote Method Invocation (Java RMI) is a Java API that performs the object-oriented
Invocation (Java equivalent of remote procedure calls (RPC), with support for direct transfer of
RMI) serialized Java classes and distributed garbage collection.

358 Remote Remote procedure call (RPC) is an inter-process communication that allows a
procedure call computer program to cause a subroutine or procedure to execute in another address
(RPC) space (commonly on another computer on a shared network) without the programmer
explicitly coding the details for this remote interaction. That is, the programmer writes
essentially the same code whether the subroutine is local to the executing program,
or remote.

359 Re-performance Re-performance is the auditor's independent execution of procedures or controls that
were originally performed as part of the entity's internal control, either manually or
through the use of CAATs (computer-assisted audit techniques).

360 Request for A request for proposal (RFP) is a solicitation, often made through a bidding process,
proposal (RFP) by an agency or company interested in procurement of a commodity, service or
valuable asset, to potential suppliers to submit business proposals.

361 Resource Resource management is the efficient and effective deployment and allocation of an
management organization's resources when and where they are needed. Such resources may
include financial resources, inventory, human skills, production resources, or
information technology. Resource optimisation is being one of the major objectives of
IT governance and intrinsically connected to Resource Management.

362 Resource Resource optimization is the set of processes and methods to match the available
optimization resources (human, machinery, financial) with the needs of the organization in order to
achieve established goals.
363 Reverse Address The Reverse Address Resolution Protocol (RARP) is an obsolete computer
Resolution networking protocol used by a client computer to request its Internet Protocol (IPv4)
Protocol (RARP) address from a computer network, when all it has available is its Link Layer or
hardware address, such as a MAC address.

364 Reverse Reverse engineering is taking apart an object to see how it works in order to duplicate
engineering or enhance the object. The practice, taken from older industries, is now frequently
used on computer hardware and software.

365 Risk Risk is potential of losing something of value. Values (such as physical health, social
status, emotional well being or financial wealth) can be gained or lost when taking risk
resulting from a given action, activity and/or inaction, foreseen or unforeseen.

366 Risk acceptance Risk acceptance is a risk response technique employed when the risk cannot be
avoided/ mitigated or the project team decides to accept the risk and its
consequences.
367 Risk and The Risk and Insurance Management Society, Inc. (RIMS) is a professional
Insurance association dedicated to advancing the practice of risk management.It was founded in
Management 1950, and is headquartered in Manhattan. It publishes the industry-focused Risk
Society, Inc. Management magazine.
(RIMS)
368 Risk appetite Risk appetite is a core consideration in an enterprise risk management approach.
Risk appetite can be defined as 'the amount and type of riskthat an organisation is
willing to take in order to meet their strategic objectives.

369 Risk assessment Risk assessment is the process where you: Identify hazards. Analyze or evaluate the
risk associated with that hazard. Determine appropriate ways to eliminate or control
the hazard.
370 Risk mitigation Risk mitigation is defined as taking steps to reduce adverse effects. There are four
types of risk mitigation strategies that hold unique to Business Continuity and Disaster
Recovery. It's important to develop a strategy that closely relates to and matches your
company's profile.

371 Risk Optimization Risk Optimization is a dynamic process centered around the work of Nobel Prize
winner William Sharpe. In 1964, Sharpe argued stock market risk is the most
important determinant of return. His work estimates 70% of a portfolio's return can be
explained by stock market risk accepted.

372 Risk response Risk response is the process of developing strategic options, and determining
actions, to enhance opportunities and reduce threats to the project's objectives. A
project team member is assigned to take responsibility for each risk response.

373 Risk tolerance Risk tolerance is an important component in investing. An individual should have a
realistic understanding of his or her ability and willingness to stomach large swings in
the value of his or her investments. Investors who take on too much risk may panic
and sell at the wrong time.

374 Risk transfer Risk transfer is a risk management and control strategy that involves the contractual
shifting of a pure risk from one party to another. One example is the purchase of an
insurance policy, by which a specific risk of loss is passed from the policyholder to the
insurer.
375 Robotics Robotics is the branch of mechanical engineering, electrical engineering and
computer science that deals with the design, construction, operation, and application
of robots, as well as computer systems for their control, sensory feedback, and
information processing.

376 Router A router is a device that forwards data packets along networks. A router is connected
to at least two networks, commonly two LANs or WANs or a LAN and its ISP's
network.
377 Routing diversity Routing diversity is generally defined as the communications routing between two
points over more than one geographic or physical path with no common points.

378 Routing Protocol A routing protocol specifies how routers communicate with each other, disseminating
information that enables them to select routes between any two nodes on a computer
network. Routing algorithms determine the specific choice of route.

379 RSAREF RSAREF is a free, portable software developer's library of popular encryption and
authentication algorithms. The name "RSAREF" means. The name "RSAREF" means
"RSA reference." RSA Laboratories intends RSAREF to serve as a free, educational
reference implementation of modern public- and secret-key cryptography.

380 SaaS Software as a service (or SaaS) is a way of delivering applications over the Internet—
as a service. Instead of installing and maintaining software, you simply access it via
the Internet, freeing yourself from complex software and hardware management.
SaaS applications are sometimes called Web-based software, on-demand software,
or hosted software.

381 SAN (Storage SAN (storage area network) is a high-speed network of storage devices that also
Area Network) connects those storage devices with servers. It provides block-level storage that can
be accessed by the applications running on any networked servers.

382 Sarbanes–Oxley The Sarbanes–Oxley Act of 2002 (Pub.L. 107–204, 116 Stat. 745, enacted July 30,
Act(SOX) 2002), also known as the "Public Company Accounting Reform and Investor
Protection Act" (in the Senate) and "Corporate and Auditing Accountability and
Responsibility Act" (in the House) and more commonly called Sarbanes–Oxley,
Sarbox or SOX. It is a United States federal law that set new or expanded
requirements for all U.S. public company boards, management and public accounting
firms.

383 Scope creep Scope creep (also called requirement creep, function creep and feature creep) in
project management refers to uncontrolled changes or continuous growth in a
project's scope. This can occur when the scope of a project is not properly defined,
documented, or controlled. It is generally considered harmful.

384 Script A small non-compiled program written for a scripting language or command
interpreter
385 Secure Sockets SSL stands for Secure Sockets Layer. It provides a secure connection between
Layer (SSL) internet browsers and websites, allowing you to transmit private data online. Sites
secured with SSL display a padlock in the browsers URL and possibly a green
address bar if secured by an Extended Validation (EV) Certificate.
386 Security Security awareness training is a formal process for educating employees about
Awareness computer security.
Training
387 Security testing Security testing is a testing technique to determine if an information system protects
data and maintains functionality as intended. It also aims at verifying 6 basic
principles as listed below: Confidentiality. Integrity. Authentication.

388 Segregation of Segregation of duties is the concept of having more than one person required to
Duties(SOD) complete a task. In business the separation by sharing of more than one individual in
one single task is an internal control intended to prevent fraud and error.

389 Serial serial transmission is the process of sending data one bit at a time, sequentially, over
Transmission a communication channel or computer bus.

390 Server Hardening Server Hardening is the process of enhancing server security through a variety of
means which results in a much more secure server operating environment.

391 Service level A service level agreement (SLA) is a contract between a service provider (either
agreement (SLA) internal or external) and the end user that defines the level of service expected from
the service provider. SLAs are output-based in that their purpose is specifically to
define what the customer will receive.

392 Service pack A service pack (SP) is a Windows update, often combining previously released
updates, that helps make Windows more reliable. Service packs, which are provided
free of charge on this page, can include security and performance improvements and
support for new types of hardware.

393 Service-level A service-level agreement (SLA) is a part of a service contract where a service is
agreement (SLA) formally defined. Particular aspects of the service - scope, quality, responsibilities -
are agreed between the service provider and the service user. A common feature of
an SLA is a contracted delivery time (of the service or performance).

394 Session Hijacking In computer science, session hijacking, sometimes also known as cookie hijacking is
the exploitation of a valid computer session, sometimes also called a session key, to
gain unauthorized access to information or services in a computer system.

395 SIEM (Security Security information and event management (SIEM) is a term for software products
Information & and services combining security information management (SIM) and security event
Event management (SEM). SIEM technology provides real-time analysis of security alerts
Management) generated by network hardware and applications.

396 Simple Mail Simple Mail Transfer Protocol (SMTP) is an Internet standard for electronic mail
Transfer Protocol (email) transmission. First defined by RFC 821 in 1982, it was last updated in 2008
(SMTP) with the Extended SMTP additions by RFC 5321—which is the protocol in widespread
use today. SMTP by default uses TCP port 25.

397 Simple Object SOAP (Simple Object Access Protocol) is a messaging protocol that allows programs
Access that run on disparate operating systems (such as Windows and Linux) to
Protocol(SOAP) communicate using Hypertext Transfer Protocol (HTTP) and its Extensible Markup
Language (XML).
398 Simplex Simplex communication is a communication channel that sends information in one
direction only
399 Single Point of A single point of failure (SPOF) is a part of a system that, if it fails, will stop the entire
Failure system from working.
400 Single sign-on Single sign-on (SSO) is a property of access control of multiple related, but
(SSO) independent software systems. With this property a user logs in with a single ID to
gain access to connected systems without being prompted for different usernames or
passwords, or in some configurations seamlessly sign on at each system.

401 SMART SMART is a mnemonic acronym, giving criteria to guide in the setting of objectives.
Objectives Objective should be: · Specific – target a specific area for improvement. · Measurable
– quantify or at least suggest an indicator of progress. Assignable – specify who will
do it. Realistic – state what results can realistically be achieved, given available
resources. Time-related – specify when the result(s) can be achieved.

402 Snapshot The snapshot technique involves having software take "pictures" of a transaction as it
technique flows through an application system. Typically auditors embed the software in the
application system at those points where they deem material processing occurs.

403 Social Social engineering is a non-technical method of intrusion hackers use that relies
Engineering heavily on human interaction and often involves tricking people into breaking normal
security procedures. It is one of the greatest threats that organizations today
encounter.

404 Social Social responsibility is an ethical framework which suggests that an entity, be it an
responsibility organization or individual, has an obligation to act for the benefit of society at large.
Social responsibility is a duty every individual has to perform so as to maintain a
balance between the economy and the ecosystems.

405 Socket A socket is an endpoint for communication between two machines. The actual work of
the socket is performed by an instance of the Socket Impl class.

406 Software is any set of machine-readable instructions that directs a computer's processor to
perform specific operations. Computer software contrasts with computer hardware,
which is the physical component of computers.

407 Software Asset Software asset management (SAM) is a business practice that involves managing
Management and optimizing the purchase, deployment, maintenance, utilization, and disposal of
software applications within an organization.

408 Software license A software license is a legal instrument (usually by way of contract law, with or
without printed material) governing the use or redistribution of software. Under United
States copyright law all software is copyright protected, except material in the public
domain.

409 Sophisticated Sophisticated Users interact with the system without writing programs. They form
Users requests by writing queries in a database query language. These are submitted to a
query processor that breaks a DML statement down into instructions for the database
manager module.
410 Source Code Source code and object code refer to the "before" and "after" versions of a computer
program that is compiled (see compiler) before it is ready to run in a computer. The
source code consists of the programming statements that are created by a
programmer with a text editor or a visual programming tool and then saved in a file.

411 Source lines of Source lines of code (SLOC), also known as lines of code (LOC), is a software metric
code (SLOC), used to measure the size of a computer program by counting the number of lines in
the text of the program's source code. SLOC is typically used to predict the amount of
effort that will be required to develop a program, as well as to estimate programming
productivity or maintainability once the software is produced.

412 Specialised audit Specialised audit software is software written in a procedure-oriented or problem-
software oriented language to full fill a specific set of audit tasks. The software might have
extensive functionality, but it has been developed for specific audit users to achieve
specific audit goals.

413 Specialized Users Specialized Users are sophisticated users writing special database application
programs. These may be CADD systems, knowledge-based and expert systems,
complex data systems (audio/video), etc.

414 Spiral Model The spiral model is a risk-driven process model generator for software projects.
Based on the unique risk patterns of a given project, the spiral model guides a team
to adopt elements of one or more process models, such as incremental, waterfall, or
evolutionary prototyping.

415 Spoofing attack In the context of network security, a spoofing attack is a situation in which one person
or program successfully masquerades as another by falsifying data and thereby
gaining an illegitimate advantage.

416 Spyware Spyware is software that aims to gather information about a person or organization
without their knowledge and that may send such information to another entity without
the consumer's consent, or that asserts control over a computer without the
consumer's knowledge.

417 SQL (Structured SQL (Structured Query Language) is a special-purpose programming language
Query Language) designed for managing data held in a relational database management system

418 SQL Engine A program which converts SQL statements into machine language

419 SQL Injection SQL injection is a code injection technique, used to attack data-driven applications, in
which malicious SQL statements are inserted into an entry field for execution (e.g. to
dump the database contents to the attacker).

420 Stakeholders Stakeholders can affect or be affected by the organization's actions, objectives and
policies. Some examples of key stakeholders are creditors, directors, employees,
government (and its agencies), owners (shareholders), suppliers, unions, and the
community from which the business draws its resources.
421 Static testing In software development, static testing, also called dry run testing, is a form of
software testing where the actual program or application is not used. Instead this
testing method requires programmers to manually read their own code to find any
errors.

422 Statutory liquidity Statutory liquidity ratio (SLR) is the Indian government term for reserve requirement
ratio (SLR) that the commercial banks in India require to maintain in the form of gold, government
approved securities before providing credit to the customers.

423 Stealth virus A stealth virus is complex malware that hides itself after infecting a computer. Once
hidden, it copies information from uninfected data onto itself and relays this to
antivirus software during a scan. This makes it a difficult type of virus to detect and
delete.

424 Steering A steering committee is a group of high-level advisors who have been asked to
committee govern an organization or organizational segment and provide it with direction.

425 Strategic Strategic Information Systems Planning (SISP) is an important activity for helping
Information organization to identify strategic applications and to align an organization’s strategy
Systems Planning with effective information systems to achieve organization’s objectives.
(SISP)
426 Strategic Score The Strategic Scorecard® was developed in 2004 by CIMA, in collaboration with the
Card Professional Accountants in Business Committee (PAIB) of the International
Federation of Accountants (IFAC). The scorecard aims to help boards of any
organisation engage effectively in the strategic process.

427 Stress testing Stress testing is a software testing activity that determines the robustness of software
by testing beyond the limits of normal operation. Stress testing is particularly
important for "mission critical" software, but is used for all types of software.

428 Structured Structured Financial Messaging System (SFMS) is a secure messaging standard
Financial developed to serve as a platform for intra-bank and inter-bank applications.
Messaging
System (SFMS)
429 Substantive Substantive testing is an audit procedure that examines the financial statements and
testing supporting documentation to see if they contain errors. These tests are needed as
evidence to support the assertion that the financial records of an entity are complete,
valid, and accurate.

430 Symmetric Symmetric-key algorithms are algorithms for cryptography that use the same
cryptography cryptographic keys for both encryption of plaintext and decryption of cipher text. The
keys may be identical or there may be a simple transformation to go between the two
keys.

431 Syntax The arrangement of words and phrases to create well-formed sentences in a
language.
432 System Landscape is like a server system or like a layout of the servers or some may even
Landscape call it the architecture of the servers.

433 System Software is computer software designed to operate and control the computer hardware and to
provide a platform for running application software.System software can be separated
into two different categories, operating systems and utility software.
434 System testing System testing of software or hardware is testing conducted on a complete,
integrated system to evaluate the system's compliance with its specified
requirements. System testing falls within the scope of black box testing, and as such,
should require no knowledge of the inner design of the code or logic.

435 Systems analyst A systems analyst is a person who uses analysis and design techniques to solve
business problems using information technology. Systems analysts may serve as
change agents who identify the organizational improvements needed, design systems
to implement those changes, and train and motivate others to use the systems.

436 Systems The systems development life cycle (SDLC) is a conceptual model used in project
development life management that describes the stages involved in an information system
cycle (SDLC) development project, from an initial feasibility study through maintenance of the
completed application.

437 Systems A system development methodology refers to the framework that is used to structure,
Development plan, and control the process of developing an information system. A wide variety of
Methodology such frameworks have evolved over the years, each with its own recognized
(SDM) strengths and weaknesses.

438 TCP Wrapper TCP Wrapper is a host-based networking ACL system, used to filter network access
to Internet Protocol servers on (Unix-like) operating systems such as Linux or BSD. It
allows host or sub-network IP addresses, names and/or ident query replies, to be
used as tokens on which to filter for access control purposes.

439 Technical Technical feasibility is one of the first studies that must be conducted after the project
Feasibility has been identified. In large engineering projects consulting agencies that have large
staffs of engineers and technicians conduct technical studies dealing with the
projects.

440 Technology Technology specialist applies technical expertise to the implementation, monitoring,
Specialist or maintenance of IT systems. Specialists typically focus on a specific computer
network, database, or systems administration function.

441 Teeming and Teeming and lading is a bookkeeping fraud also known as short banking, delayed
lading fraud accounting and lapping. It involves the allocation of one customer's payment to
another in order to make the books balance and often in order to hide a shortfall or
theft.

442 Terminal Access Terminal Access Controller Access-Control System (TACACS, usually pronounced
Controller like tack-axe) refers to a family of related protocols handling remote authentication
Access-Control and related services for networked access control through a centralized server.
System (TACACS)
443 Test Data Test Data Generator is any tool which creates random and/or large quantities data for
Generator testing purposes.
444 The Video Privacy The Video Privacy Protection Act (VPPA) was a bill passed by the United States
Protection Act Congress in 1988 as Pub.L. 100–618 and signed into law by President Ronald
(VPPA) Reagan. It was created to prevent what it refers to as "wrongful disclosure of video
tape rental or sale records [or similar audio visual materials, to cover items such as
video games and the future DVD format].
445 Topology Network Topology is the schematic description of a network arrangement, connecting
various nodes(sender and receiver) through lines of connection

446 Topology - Bus Bus topology is a network type in where every computer and network device is
connected to single cable.
447 Topology - Mesh It is a point-to-point connection to other nodes or devices. Traffic is carried only
between two devices or nodes to which it is connected. Mesh has n (n-2)/2 physical
channels to link devices.

448 Topology - Ring Ring topology forms a ring as each computer is connected to another computer, with
the last one connected to the first. Exactly two neighbours for each device.

449 Topology - Star In Star topology all the computers are connected to a single hub through a cable. This
hub is the central node and all others nodes are connected to the central node.

450 Training A training simulation is a virtual medium through which various types of skills can be
simulation acquired. Training simulations can be used in a wide variety of genres; however they
are most commonly used in corporate situations to improve business awareness and
management skills.

451 Trojan horse A Trojan horse, or Trojan, in computing is any malicious computer program which
misrepresents itself as useful, routine, or interesting in order to persuade a victim to
install it. The term is derived from the Ancient Greek story of the wooden horse.

452 Unified Modeling The Unified Modeling Language (UML) is a general-purpose modeling language in
Language (UML) the field of software engineering, which is designed to provide a standard way to
visualize the design of a system.

453 uninterruptible An uninterruptible power supply, UPS is an electrical apparatus that provides
power supply emergency power to a load when the input power source, typically mains power, fails.
(UPS) A UPS differs from an auxiliary or emergency power system or standby generator in
that it will provide near-instantaneous protection from input power interruptions, by
supplying energy stored in batteries, super capacitors, or flywheels.

454 Unit testing Unit testing is a software development process in which the smallest testable parts of
an application, called units, are individually and independently scrutinized for proper
operation. Unit testing is often automated but it can also be done manually.

455 User Acceptance User Acceptance Testing (UAT) is one sure way to reduce or eliminate change
Testing(UAT) requests, and drastically reduce project costs. If your organization does not practice
UAT or does not have a mature process of UAT, this article provides information to
hopefully persuade you to re-consider.

456 Virtual LAN A virtual LAN (VLAN) is any broadcast domain that is partitioned and isolated in a
(VLAN) computer network at the data link layer (OSI layer 2).LAN is an abbreviation of local
area network. To subdivide a network into virtual LANs, one configures a network
switch or router.

457 Virtual Memory Is a imaginary memory space created by the operating system in system hard disk to
store data or programs.
458 Virtual private A virtual private network (VPN) is a method for the extension of a private network
network (VPN) across a public network, such as the Internet. It enables users to send and receive
data across shared or public networks as if their computing devices were directly
connected to the private network, and thus are benefiting from the functionality,
security and management policies of the private network.

459 Virtualization Virtualization is the creation of a virtual (rather than actual) version of something, such
as an operating system, a server, a storage device or network resources.

460 Virus A computer virus is a malware program that, when executed, replicates by inserting
copies of itself (possibly modified) into other computer programs, data files, or the
boot sector of the hard drive; when this replication succeeds, the affected areas are
then said to be "infected".

461 Voice over IP Voice over IP (VoIP) is a methodology and group of technologies for the delivery of
(VoIP) voice communications and multimedia sessions over Internet Protocol (IP) networks,
such as the Internet. Other terms commonly associated with VoIP are IP telephony,
Internet telephony, broadband telephony, and broadband phone service.

462 Vulnerability Vulnerability is a weakness which allows an attacker to reduce a system's information
assessment assurance. A vulnerability assessment is the process of identifying, quantifying, and
prioritizing (or ranking) the vulnerabilities in a system.

463 Vulnerability Vulnerability management is the "cyclical practice of identifying, classifying,

management remediating, and mitigating vulnerabilities", especially in software and firmware.
Vulnerability management is integral to computer security and network security.

464 War dialing War dialing is a technique of using a modem to automatically scan a list of telephone
numbers, usually dialing every number in a local area code to search for computers,
bulletin board systems (computer servers) and fax machines.

465 Water fall Model The waterfall model is a sequential design process, used in software development
processes, in which progress is seen as flowing steadily downwards (like a waterfall)
through the phases of conception, initiation, analysis, design, construction, testing,
production/implementation and maintenance.

466 Web Service WSDL is an XML format for describing network services as a set of endpoints
Description operating on messages containing either document-oriented or procedure-oriented
Language (WSDL) information. The operations and messages are described abstractly, and then bound
to a concrete network protocol and message format to define an endpoint.

467 White-box testing White-box testing (also known as clear box testing, glass box testing, transparent box
testing, and structural testing) is a method of testing software that tests internal
structures or workings of an application, as opposed to its functionality.
468 Widge widget is a small application with limited functionality that can be installed and
executed within a web page by an end user. A widget has the role of a transient or
auxiliary application, meaning that it just occupies a portion of a webpage and does
something useful with information fetched from other websites and displayed in place.

469 Wi-Fi Wireless networking technology that uses radio waves to provide high speed internet
and network connection
470 Wireless Router A wireless router connects a group of wireless stations to an adjacent wired Network.
Conceptually, a wireless router is a wireless AP combined with an Ethernet router.

471 Work breakdown A work breakdown structure (WBS), in project management and systems engineering,
structure (WBS) is a deliverable-oriented decomposition of a project into smaller components. A work
breakdown structure is a key project deliverable that organizes the team's work into
manageable sections.

472 Work package In project management, a work package (WP) is a subset of a project that can be
(WP) assigned to a specific part for execution
473 Worm A computer worm is a standalone malware computer program that replicates itself in
order to spread to other computers. Often, it uses a computer network to spread itself,
relying on security failures on the target computer to access it. Unlike a computer
virus, it does not need to attach itself to an existing program.

474 XBRL XBRL (extensible Business Reporting Language) is a freely available and global
standard for exchanging business information. XBRL allows the expression of
semantic meaning commonly required in business reporting.