A | B | C | D | E | F | G | H
I | J | K | L | M | N | O | P
Q | R | S | T | U | V | W
X | Y | Z
I | J | K | L | M | N | O | P
Q | R | S | T | U | V | W
X | Y | Z
- A
- Application Programming Interface (API): A set of structured functions, rules and protocols that allow applications to communicate with each other even across different application types.
- Attest Examination: An attest engagement is one in which a CPA in public practice examines and reports on data or conditions that are the responsibility of another party (usually management). SOC 1 and SOC 2 reporting are attest examinations.
- Authentication / Multi-factor Authentication (MFA): The action of verifying the identity of a user ("prove you who you say you are") and their eligibility to access information ("what permissions do you have?"). Multifactor authentication uses a combination of more than one authentication method, such as token and password (or personal identification number [PIN]) or token and biometric device.
- B
- Back-End: The part of an application typically made up of databases and integration assets where the information and data are stored and manipulated before being presented to a user.
- Bitcoin: A type of cryptocurrency in which a record of transactions is maintained and new units of currency are generated by the computation of mathematical problems, and which operates independently of a central bank. Bitcoin was the first successful cryptocurrency, all of which use blockchain technology. Conceived in 2008 by the pseudonymous Satoshi Nakamoto.
- Bitcoin Mining: The process by which Bitcoin transactions are validated digitally on the Bitcoin network and added to the distributed ledger.
- Blockchain: A system in which a record of transactions is maintained across computers that are linked in a peer-to-peer network; also known as distributed ledger technology.
- Business Intelligence: The use of data aggregation and analytics across datasets to identify thematic or performance indicators, represent trends and results graphically, and use the results for better decision-making.
- C
- Certification: A certification the provision by an independent certifying body of written assurance that the product, service or system in question meets specific requirements. Examples include ISO, PCI and HIPAA.
- ChatGPT: A well-known generative AI platform introduced to the public in late 2022.
- Cloud: "The cloud" or "cloud-based" is a metaphorical term used to describe a global network of remote servers, hooked together to operate collectively. Cloud resources can be used to serve up applications, store data, or provide other functions, depending on the nature of the business and/or data to be exchanged.
- Cryptocurrency: Digital currency in which transactions are verified and records maintained by a decentralized system using cryptography, usually on a blockchain, rather than by a centralized authority or government.
- Cyber Risk Assessment: Evaluation of potential threats and vulnerabilities to an organization's digital assets, systems, and data. It helps identify weak points and prioritize cybersecurity safeguards to mitigate and manage risks in alignment with organizational goals and objectives.
- Cybersecurity: The professional practice of protecting systems, networks, and data from digital attacks, unauthorized access, or damage.
- D
- Data Governance: The function or process of managing data to assure accuracy and tracking of changes. Data governance involves the development of policies and processes that assign accountability to critical data fields to ensure changes are adequately approved, impacts to reporting and downstream events are assessed, and integrity through the data lineage is maintained.
- Data Lake: A centralized repository to store both structured (e.g., tabular) data as well as unstructured data (e.g., PDFs or images), whether or not related, in one storage area. A Data Lake involves less curation and management than a Data Warehouse.
- Data Lakehouse: A hybrid concept where certain tables and data sets within the overall dataset are curated and governed in a model similar to a Data Warehouse, while the rest of the data operates under the less controlled Data Lake model.
- Data Lineage: The path a data record takes from the point of origin through transactional processing to reporting.
- Data Warehouse: A location that aggregates data from multiple related applications or data storage locations to provide one source where all data related to transactional records can be saved and accessed.
- Data Wrangling: The process of identifying, aggregating and cleansing data to put it into a consistent and analyzable format.
- Database: A collection of data stored and managed by a computer; the information can be either tabular or unstructured.
- Digital Assets: Any digital representation of value that is recorded on a cryptographically secured distributed ledger or any similar technology.
- Distributed Ledger: A database that is consensually shared and synchronized across multiple sites, institutions, or geographies, accessible by multiple people. Also known as blockchain.
- E
- Ethereum: A decentralized, open-source blockchain network with smart contract functionality. Ether is the native cryptocurrency of the platform. Ethereum was conceived in 2013 by Vitalik Buterin.
- F
- Front-End: The part of an application or software that is interacted with by the users to add, edit or view information.
- G
- Generative AI: Models that respond to natural language questions by synthesizing large quantities of data through a "large language model" (LLM) to provide a response in a near-human answer format.
- H
- I
- IT Risk: The potential for an unexpected negative business outcome involving the failure or misuse of IT, including but not limited to cybersecurity breaches.
- J
- K
- L
- Low-Code: A system designed with reduced requirements for technical or programming language to create technological solutions or modify system capabilities. Low-code systems often use icons that represent a programmatic function and can be chained or linked to other icons to perform tasks.
- M
- Machine Learning: The use of an analysis model with multiple layers of probability calculations based on criteria and historical data to determine the outcome. These models often include a component of "retraining" the probability calculations based on continuous feedback of incoming transactions.
- N
- O
- P
- Penetration Test (Pentest): A simulated cyber attack performed to identify weaknesses in a system's security, using tools and tactics similar to those used by malicious hackers. Often performed as part of a larger security assessment and/or cyber risk assessment.
- Process Mining: The process of analyzing process log data from each step in a transactional process (e.g. initiation, review, corrections, approvals, etc.) to identify process bottlenecks and potential efficiencies.
- Python: A highly portable interpreted language commonly used in data analytics and data science. It is open-source with a large community developing pre-built "packages" that can be incorporated to quickly build complex functionality.
- Q
- R
- Robotic Process Automation (RPA): Technology using "low-code" solutions to automate common business tasks without requiring significant coding or IT professional assistance. These tasks are commonly performed at the application layer or involve interactions between common user applications.
- S
- Server: A device or service that acts as a "hub" for providing data and services to client programs or devices.
- SHA-256: Stands for Secure Hash Algorithm 256, a cryptographic hashing algorithm used for message, file and data integrity verification. SHA-256 is part of the SHA-2 family of hash functions. It uses a 256-bit key to convert a piece of data into a new, unrecognizable data string of a fixed length. This string of random characters and numbers, called a hash value, is also 256 bits.
- Smart Contract: A computer program or a transaction protocol that is intended to automatically execute, control or document events and actions according to the terms of a contract or an agreement.
- Software as a Service (SaaS): Applications that run on cloud infrastructure. The applications are accessible from various client devices through a thin-client interface such as a web browser (e.g., web-based e-mail).
- Software Bill of Materials (SBOM): A detailed list of the components or building blocks used to create a software system or application, forming a nested inventory. The SBOM is key to foundational inventory practices and IT supply chain risk management.
- Software-Defined Perimeter (SDP): A network perimeter based on software attributes instead of hardware components. SDP is used to restrict internet-connected infrastructure based on identity and context, whether in the cloud or on-premises, to protect it from hackers and unauthorized users.
- Stablecoin: A type of cryptocurrency where the value of the digital asset is pegged to a reference asset, either fiat money or another cryptocurrency.
- Structured Data: Data that is tabular and easily machine readable, with a defined and consistent structure that establishes defined data attributes.
- System Administrator: The person or group responsible for implementing, monitoring and enforcing rules established and authorized by management. Security administrators focus on security rules and protocols, database administrators focus on database security and information classification, etc.
- T
- Thick-Client: An interface that performs a degree of local processing based on input from a user but also leverages a back-end processing function for high capacity requirements.
- Thin-Client: A user interface that provides for all processing and data resource activities to be performed in a server, rather than on the local machine.
- Tokenization: The process whereby ownership rights of an asset are represented as digital tokens and stored on a blockchain.
- Two-factor Authentication: See Authentication / Multi-factor Authentication.
- U
- Unstructured Data: Data that is not in a tabular format to make it easily machine-readable; examples include images, scanned documents, PDF files or physical documents.
- V
- Virtual Agent: Artificial intelligent "bots" that use defined processing rules or algorithmic models to provide answers from a defined data set based on a text question. For example, a virtual agent may be asked "What is our holiday policy?" and it would respond with a link to the current organizational holiday policy.
- Vulnerability Assessment: A systematic examination of IT systems and infrastructure to identify security weaknesses and determine the effectiveness of protections in place. A vulnerability assessment may include manual and automated procedures with additional anaylsis informed by adjacent processes. It is narrower than a cyber risk assessment, which also examines organizational risks.
- W
- Web Content Accessibility Guidelines: A series of guidelines provided by the W3 organization to ensure online content is accessible to a broad range of individuals, regardless of physical or mental accessibility needs. For example, is a site compatible with screen readers? Does it include text descriptions of image content? Is there adequate visual contrast between text and background?
- X
- Y
- Z
- Zero Trust Architecture (ZTA): An IT security concept based on treating every access request as if it's coming from an outside attacker, as opposed to traditional security that assumes users inside the organization can be trusted.