Professional certification, trade certification, or professional designation, often called simply certification or qualification, is a designation earned by a person to assure qualification to perform a job or task. Not all certifications that use post-nominal letters are an acknowledgement of educational achievement, or an agency appointed to safeguard the public interest.
In computing, a legacy system is an old method, technology, computer system, or application program, "of, relating to, or being a previous or outdated computer system," yet still in use. Often referencing a system as "legacy" means that it paved the way for the standards that would follow it. This can also imply that the system is out of date or in need of replacement.
An operating system (OS) is system software that manages computer hardware, software resources, and provides common services for computer programs.
A computing platform or digital platform is the environment in which a piece of software is executed. It may be the hardware or the operating system (OS), even a web browser and associated application programming interfaces, or other underlying software, as long as the program code is executed with it. Computing platforms have different abstraction levels, including a computer architecture, an OS, or runtime libraries. A computing platform is the stage on which computer programs can run.
An audit is a systematic and independent examination of books, accounts, statutory records, documents and vouchers of an organization to ascertain how far the financial statements as well as non-financial disclosures present a true and fair view of the concern. It also attempts to ensure that the books of accounts are properly maintained by the concern as required by law. Auditing has become such a ubiquitous phenomenon in the corporate and the public sector that academics started identifying an "Audit Society". The auditor perceives and recognizes the propositions before them for examination, obtains evidence, evaluates the same and formulates an opinion on the basis of his judgement which is communicated through their auditing report.
In computing, syslog is a standard for message logging. It allows separation of the software that generates messages, the system that stores them, and the software that reports and analyzes them. Each message is labeled with a facility code, indicating the software type generating the message, and assigned a severity level.
Information Technology Auditing began as Electronic Data Process (EDP) Auditing and developed largely as a result of the rise in technology in accounting systems, the need for IT control, and the impact of computers on the ability to perform attestation services. The last few years have been an exciting time in the world of IT auditing as a result of the accounting scandals and increased regulation. IT auditing has had a relatively short yet rich history when compared to auditing as a whole and remains an ever-changing field.
Computer-assisted audit tool (CAATs) or computer-assisted audit tools and techniques (CAATs) is a growing field within the IT audit profession. CAATs is the practice of using computers to automate the IT audit processes. CAATs normally includes using basic office productivity software such as spreadsheet, word processors and text editing programs and more advanced software packages involving use statistical analysis and business intelligence tools. But also more dedicated specialized software are available.
A mainframe audit is a comprehensive inspection of computer processes, security, and procedures,with recommendations for improvement.
In business and accounting, information technology controls are specific activities performed by persons or systems designed to ensure that business objectives are met. They are a subset of an enterprise's internal control. IT control objectives relate to the confidentiality, integrity, and availability of data and the overall management of the IT function of the business enterprise. IT controls are often described in two categories: IT general controls (ITGC) and IT application controls. ITGC include controls over the Information Technology (IT) environment, computer operations, access to programs and data, program development and program changes. IT application controls refer to transaction processing controls, sometimes called "input-processing-output" controls. Information technology controls have been given increased prominence in corporations listed in the United States by the Sarbanes-Oxley Act. The COBIT Framework is a widely used framework promulgated by the IT Governance Institute, which defines a variety of ITGC and application control objectives and recommended evaluation approaches. IT departments in organizations are often led by a Chief Information Officer (CIO), who is responsible for ensuring effective information technology controls are utilized.
An information security audit is an audit on the level of information security in an organization. Within the broad scope of auditing information security there are multiple types of audits, multiple objectives for different audits, etc. Most commonly the controls being audited can be categorized to technical, physical and administrative. Auditing information security covers topics from auditing the physical security of data centers to auditing the logical security of databases and highlights key components to look for and different methods for auditing these areas.
OpenBSM is an open source implementation of Sun's Basic Security Module (BSM) Audit API and file format. BSM, which is a system used for auditing, describes a set of system call and library interfaces for managing audit records as well as a token stream file format that permits extensible and generalized audit trail processing.
Commercial off-the-shelf or commercially available off-the-shelf (COTS) products are packaged solutions which are then adapted to satisfy the needs of the purchasing organization, rather than the commissioning of custom-made, or bespoke, solutions. A related term, Mil-COTS, refers to COTS products for use by the U.S. military.
Security event management (SEM), and the related SIM and SIEM, are computer security disciplines that use data inspection tools to centralize the storage and interpretation of logs or events generated by other software running on a network.
A system profiler is a program that can provide detailed information about the software installed and hardware attached to a computer. Typically workstations and personal computers have had system profilers as a common feature since the mid-1990s.
In computer log management and intelligence, log analysis is an art and science seeking to make sense out of computer-generated records. The process of creating such records is called data logging.
Log management (LM) comprises an approach to dealing with large volumes of computer-generated log messages.
Lynis is an extensible security audit tool for computer systems running Linux, FreeBSD, macOS, OpenBSD, Solaris, and other Unix-derivatives. It assists system administrators and security professionals with scanning a system and its security defenses, with the final goal being system hardening.
Continuous auditing is an automatic method used to perform auditing activities, such as control and risk assessments, on a more frequent basis. Technology plays a key role in continuous audit activities by helping to automate the identification of exceptions or anomalies, analyze patterns within the digits of key numeric fields, review trends, and test controls, among other activities.
Octopussy, also known as 8Pussy, is a free and open-source computer-software which monitors systems, by constantly analyzing the syslog data they generate and transmit to such a central Octopussy server. Therefore, software like Octopussy plays an important role in maintaining an ISMS within ISO/IEC 27001-compliant environments.
