Snowflake data schema – So called because an ER diagram looks like a snowflake. Snowflake is
            the data structure for data warehouse databases that uses normalized data, usually to 3NF. Bill
            Inmon is credited with the snowflake design.
            Social engineering – Social engineering leverages psychological manipulation to trick people into
            performing specified actions or providing confidential information.

            Spear phishing – A form of phishing generally delivered via email, targeting a specific individual,
            organization, or business.

            Spyware – A category of software that, when installed on your computer, may send you pop-up
            ads, redirect your browser to certain web sites, or monitor the web sites that you visit. Some
            extreme, invasive versions of spyware may track exactly what keys you type.

            SQL injection – An attack in which a structured query language (SQL) query or command is
            inserted (“injected”) in an application through a client’s input data, generally to execute
            predefined SQL commands. SQL injections can allow access to or reading of sensitive data and
            data modification; they can also give unauthorized users administrative access to a system.

            Star data schema – Star is the data structure for data warehouse databases that uses
            dimensional data to amplify factual data (quantifiable values). Ralph Kimball is credited with the
            star design.

            Structured query language – An SQL is a database function that allows users the ability to
            perform various database functions for a command line, such as adding, deleting, and changing
            data. Its most popular use, however, is querying where users can extract a list of information ad
            hoc using English-like commands.
            Substantive procedures – According to SAS 110, Performing Audit Procedures in Response to
            Assessed Risks and Evaluating the Audit Evidence Obtained, (AU sec. 318), substantive
            procedures,

                   “…are performed to detect material misstatements at the relevant assertion level, and
                   include tests of details of classes of transactions, account balances, and disclosures and
                   substantive analytical procedures. The auditor should plan and perform substantive
                   procedures to be responsive to the related assessment of the risk of material
                   misstatement.”

            Surface web – The web accessed by and available to all internet users. The websites in the
            surface web are indexed by search engines — Google is an example of a search engine — and
            the user can open websites and gain information.
            System and organization controls (SOC) – The suite of services practitioners may provide
            relating to system-level controls of a service organization and system- or entity-level controls of
            other organizations.

            Telemetry – A form of automated communication whereby measurements and other data are
            collected at remote points and transmitted to receiving equipment for monitoring.



            © 2019 Association of International Certified Professional Accountants. All rights reserved.    Glossary 10