Cisa Exam Cram 2

Index

[SYMBOL] [A] [B] [C] [D] [E] [F] [G] [H] [I] [J] [K] [L] [M] [N] [O] [P] [Q] [R] [S] [T] [U] [V] [W] [X]

sags (voltage)

salvage teamssampling     attribute sampling 2nd

     variance sampling 2nd 3rd

SANs (storage area networks) 2nd SANS InstituteSAS (Statement on Auditing Standards)

     SAS 70 2nd     SAS 94 2nd

scanning scheduling     projects

SCM (supply chain management)

scorecards, balanced 2nd 3rd

SDLC (Software Development Life Cycle) 2nd 3rd

     Classic Life Cycle Model     design 2nd 3rd

     development 2nd 3rd

     feasibility 2nd     implementation 2nd 3rd

     Linear Sequential Model

     programming languages

     prototyping 2nd     RAD (rapid application development) 2nd     requirements definition 2nd 3rd

     Software Capability Maturity Model (CMM) 2nd

     Waterfall Method 2nd

SDLC (system development life cycle) 2nd 3rd

secret keys

Secure Sockets Layer (SSL)

security 2nd 3rd

     callback systems

     controls design, implementation, and monitoring 2nd 3rd

     defense-in-depth strategy

     denial-of-service attacks (DoS) 2nd

     design and implementation 2nd 3rd

         access standards

         auditing logical access 2nd         data ownership         formal security awareness and training 2nd

         logical access policies

         reviewing policies and procedures         security administrators     digital signatures 2nd 3rd

     distributed denial-of-service attacks (DDoS)     encryption

         AES (Advanced Encryption Standard)

         algorithms

         asymmetric encryption 2nd 3rd         Certificate Authorities (CAs) 2nd         cryptography

         DES (Data Encryption Standard)

         digital certificates 2nd         nonrepudiation         private keys

         public key infrastructure (PKI) 2nd 3rd         public keys 2nd 3rd

         symmetric encryption 2nd         symmetric keys 2nd     environmental security 2nd 3rd 4th 5th

         electromagnetic interference (EMI) 2nd

         fire-detection systems 2nd

         fire-suppression systems 2nd 3rd

         power failures 2nd     exam prep questions 2nd 3rd 4th 5th

     firewalls 2nd 3rd 4th 5th 6th 7th

     intrusion methods 2nd         active attacks 2nd

         passive attacks 2nd

         viruses 2nd

         worms     intrusion-detection systems (IDS) 2nd     logical access controls 2nd 3rd

         access

         access paths

         access-control matrices

         ACLs (access-control lists) 2nd

         authentication 2nd 3rd 4th

         authorization

         centralized/decentralized

         discretionary access

         identification 2nd 3rd 4th

         lattice-based access

         MACs (mandatory access controls) 2nd

         nondiscretionary access 2nd

         objects         restricted interfaces         role-based access

         rule-based access

         subjects         task-based access     monitoring, detection, and escalation processes 2nd

     network controls 2nd    networks

         encryption 2nd 3rd 4th 5th 6th 7th

     physical controls 2nd 3rd 4th 5th

         biometric systems 2nd     policies     resources 2nd

     security risk

     single sign-on (SSO) systems     social engineering     SSL (Secure Sockets Layer)

     strategies and policies 2nd 3rd 4th 5th 6th 7th         CIA triad

         data integrity risks 2nd         logical controls 2nd 3rd         physical controls 2nd

     testing

     testing and assessment tools 2nd 3rd 4th 5th 6th

     voice communications security 2nd

security administration     segregation of duties

security administrators

security committees     security management responsibilities

security department 2nd

security policies

security risksecurity specialists/advisors     security management responsibilities

security teams

segment PDU (protocol data unit) 2nd

segregation of duties 2nd

segregation of IT duties 2nd 3rd

segretation of duties

     IS roles and responsibilities 2nd 3rd

self-assessment

     Certified Information Systems Auditor candidate 2nd 3rd

     educational background 2nd

     exam readiness 2nd

     hands-on experience 2nd

sensitive functions

sequence checks service-level agreements service-level agreements (SLAs) 2nd

Session layer (OSI) 2nd 3rd

shared secret keys signatures, digital 2nd 3rd Simple Mail Transfer Protocol (SMTP)

simplex single sign-on (SSO) systems

SLAs (service-level agreements) 2nd

SMEs (subject matter experts)

smoke detectors SMTP (Simple Mail Transfer Protocol) social engineering

software 2nd

     change control 2nd     configuration management 2nd     DBMS (database management systems) 2nd 3rd

     firmware     middleware 2nd

     operating systems 2nd     risks and controls 2nd Software Capability Maturity Model (CMM) 2nd 3rd 4th

Software Development Life Cycle (SDLC) 2nd 3rd

     Classic Life Cycle Model

     design 2nd 3rd

     development 2nd 3rd     feasibility 2nd

     implementation 2nd 3rd

     Linear Sequential Model     programming languages

     prototyping 2nd

     RAD (rapid application development) 2nd

     requirements definition 2nd 3rd     Software Capability Maturity Model (CMM) 2nd     Waterfall Method 2nd

software teams

software. [See application systems]

spamming

spikes (voltage)

SSL (Secure Sockets Layer)

SSO (single sign-on) systems

standards

     ISACA IS Auditing Standards 2nd 3rd

         codification 2nd

         table of 2nd 3rd

star topology 2nd

stateful packet-inspection firewalls 2nd

Statement on Auditing Standards. [See SAS] steering committees 2nd steering committees (IT) 2nd

storage

     evaluating 2nd     SANs (storage area networks) 2nd     tape storage 2nd 3rd

storage area networks (SANs) 2nd strategic planning 2nd 3rd 4th

strategies 2nd

     BCP (business continuity management) 2nd 3rd

     contract management 2nd         confidentiality agreements         contract audit objectives 2nd

         discovery agreements

         employee contracts         noncompete agreements         trade secret agreements

     DRP (disaster recovery planning) 2nd 3rd     IS steering committees 2nd

     problem- and change management 2nd 3rd     project management 2nd 3rd 4th         project life cycle 2nd

         risk indicators 2nd

         system upgrade risks 2nd

     quality management 2nd 3rd 4th 5th

         accreditation         certification

         ISO 9001 2nd

         ISO 9126 2nd         QA (quality assurance)

         QC (quality control)

         Software Capability Maturity Model (CMM) 2nd

    risk-mitigation strategies         third-party services 2nd 3rd     security management 2nd 3rd 4th 5th 6th 7th

         CIA triad

         data integrity risks 2nd

         logical controls 2nd 3rd

         physical controls 2nd

     strategic planning 2nd

strategies. [See also policies, procedures]

strong authentication

structure (IS)

     evaluating 2nd 3rd 4th 5th

    outsourcing

         evaluating 2nd 3rd 4th 5th

         risk-mitigation strategies 2nd 3rd

         SLAs (service-level agreements)         when to use     segregation of duties 2nd 3rd

subject matter experts (SMEs)

subjects 2nd substantive testing supercomputers

supplies teams supply chain management (SCM)

surges (voltage)

switches 2nd

symmetric encryption 2nd symmetric keys 2nd system development life cycle (SDLC) 2nd 3rd

system performance and monitoring processes 2nd

system testingsystem upgrades     risks 2nd

systems administratorssystems development

     segregation of duties systems software 2nd     change control 2nd

     configuration management 2nd

     DBMS (database management systems) 2nd 3rd

     firmware

     middleware 2nd     operating systems 2nd

     risks and controls 2nd