Page 125 - ITGC_Audit Guides
P. 125

Appendix B. Glossary










                   Definitions of terms marked with an asterisk are taken from the “Glossary” of The IIA’s
                                                             ®
                   International Professional Practices Framework , 2017 edition. Other definitions are either
                   defined for the purposes of this document or derived from the following sources:

                   •  Internal Auditing: Assurance & Advisory Services, 4th edition,
                      https://bookstore.theiia.org/internal-auditing-assurance-advisory-services-fourth-edition.

                   •  ISACA, Glossary, accessed August 3, 2021, https://www.isaca.org/resources/glossary.
                   •  NIST SP 800-63-3: Digital Identity Guidelines, Glossary, https://doi.org/10.6028/NIST.SP.800-63-3.
                   •  NIST SP 800-53: Security and Privacy Controls for Information Systems and Organizations,
                      Revision 5 , Glossary, https://doi.org/10.6028/NIST.SP.800-53r5.



                   Application — A computer program or set of programs that performs the processing of records
                       for a specific function. Contrasts with systems programs, such as an operating system or
                       network control program, and with utility programs, such as copy or sort [ISACA Glossary].

                   application functionality controls — The programmed routines and related parameters that
                       enable software to execute according to business rules.
                   application programming interface (API) — A set of routines, protocols and tools referred to as
                       “building blocks” used in business application software development. A good API makes it
                       easier to develop a program by providing all the building blocks related to functional
                       characteristics of an operating system that applications need to specify, for example, when
                       interfacing with the operating system. A programmer utilizes these APIs in developing
                       applications that can operate effectively and efficiently on the platform chosen [ISACA
                       Glossary].

                   application security — The set of system-specific and inherited IS controls applied to the
                       development, operation, and usage of an application.

                   asset management — A set of processes to record, safeguard, and optimize the use of
                       resources.
                   assurance services* — An objective examination of evidence for the purpose of providing an
                       independent assessment on governance, risk management, and control processes for the
                       organization. Examples may include financial, performance, compliance, system security,
                       and due diligence engagements.
                   authentication — Verifying the identity of a user, process, or device, often as a prerequisite to
                       allowing access to resources in a system [NIST SP 800-53r5 Glossary].


                   25 — theiia.org
   120   121   122   123   124   125   126   127   128   129   130