Confidentiality – A core area of the information security triad that addresses the data being
            stored and data in transit.

            Continuous monitoring – The system of processes and technology used to ensure compliance
            and avoid risk issues associated with an entity’s financial and operational systems. CM involves
            people, processes, and technology that work together to detect weak or poorly designed
            controls, allowing management to correct or replace them.

            Critical data elements – Metrics and attributes that are of high importance to the business. CDEs
            have a significant impact on regulatory reporting, operational performance, and business
            intelligence.

            Critical success factors – A CSF is a comprehensive structure and process that measures and
            analyzes enterprise performance, operational and financial, to achieve strategic advantages.

            Cross-site request forgery – An attack that tricks an end user into performing unwanted actions
            on a web application in which they're currently logged in.

            Cross-site scripting – A type of injection attack in which an attacker uses an application to send
            malicious code to another end user. Because the script appears to come from a trusted source,
            that user’s browser assumes the script can be trusted and will execute it. The malicious script
            can then access any information retained by the browser, such as cookies, and use it.
            Cyber adversaries – Individuals, groups, organizations, or governments that conduct or have the
            intent to conduct detrimental activities.

            Cybercriminals – People who engage in criminal activity by means of computers or the internet.

            Cybersecurity threat – Anything that can have a negative impact on the organization, its assets,
            or its operations via an information system. Such threats can be in the form of circumstances
            (such as a weak control) or an event (such as a purposeful security breach), and they can result
            in the destruction or alteration of information, unauthorized or inappropriate access, disclosure
            of sensitive information, or outright denial of service.

            Dark web – The part of the World Wide Web that is only accessible by means of special
            software, which allows users and website operators to remain anonymous or untraceable.

            Dashboard – A visual presentation of information that allows for quick assimilation of the facts,
            and understanding of the significance or importance of the information.

            Data – A collection of numbers, characters, images, and other outputs from devices or
            processes that collect data and information..

            Data analytics – The analysis of raw data sets with the express goal of reaching conclusions
            about the information therein. Today, most data analytics involves the use of specialized tools
            and software.

            Data breach – An event in which confidential data has potentially been viewed, stolen, or used by
            an individual unauthorized to do so.




            © 2019 Association of International Certified Professional Accountants. All rights reserved.    Glossary 3