Shared Flashcard Set

Details

Audit 2 - Exam 1
Chapter 2
28
Accounting
Graduate
02/21/2009

Additional Accounting Flashcards

 


 

Cards

Term
Common criteria
Definition
A framework that helps developand evaluate features that support information security objectives at various levels of assurance
Term
Control
Definition
Anticipating such risks, the firm designs measures to mitigate such risks; these measures reprsent control, in essense sustaining the likelihood that the firm will achieve one or more of its objectives
Term
Control system
Definition
A system desinged to ensure that behaviors and decisions of people are consistent with the entity's objectives. A coordinated set of related control measures comprise a control system.
Term
Encryption
Definition
The cryptographic procedure use to convert plaintext into ciphertext to prevent anyone except teh owner(s) or intended recipient(s) from reading the data.
Term
Functionality
Definition
System features and attributes that help achieve desired results
Term
Granularity
Definition
The level at which a security or control measure is implemented within a hierarchy of levels in a system
Term
Information asset
Definition
An information asset is any tangible or intangible resource deployed to generate and use information
Term
Information security
Definition
Because the term here refers to security of information assets, it is commonly denoted as information security
Term
Internal controls
Definition
A set of control measures targeted to achieve control objectives
Term
Policy
Definition
A policy is a high-level document independent of all functions, roles, powers, and personalities within the firm
Term
Protocol
Definition
The rules of behavior, including behavior of people, systems, and processes. A set of rules for the exchange of information between computing devices.
Term
Redundancy
Definition
A duplicate or overlapping resource is employed to achieve a desired control objective
Term
Requisite variety
Definition
In any solution, the variety of responses included must be adequate to mitigate every possible out-of-control situation
Term
Risk
Definition
Risk is the reduction in likelihood that the firm achieves one or more of its objectives
Term
Risk avoidance
Definition
Risk avoidance is a deliberate attempt to keep the target system away from a specific risk
Term
Risk exposure
Definition
Risk exposure represents all kinds of possibilities of harm to an entity without regard to its likelihood
Term
Risk management
Definition
A systematic approach to manage risks to a target system
Term
Risk reduction
Definition
Risk reduction refers to proactive measures taken to prevent a loss from occurring or to limit losses from the consequences of a risk
Term
Risk retention
Definition
Risk retention is a behavior that suggests that a risk is "kept" by the risk managers
Term
Risk sharing
Definition
Risk sharing is a special case of risk transfer where entities facing identical exposure join to manage their collective risk
Term
Risk transfer
Definition
Risk transfer is an approach use to transfer target system risk to some other entity
Term
Security
Definition
Security measures, refers to specific types of controls designed to protect information assets
Term
Security policy
Definition
A security policy is a formal statement of the rules by which people who are given access to an organization's technolgoy and information assets must abide
Term
Standard
Definition
A widely accepted protocol that becomes the industry norm
Term
Target of evaluation (TOE)
Definition
A process, resource, or system subject to a systematic evaluation for assurance of security
Term
Target system
Definition
An information asset desired to be protected from all types of risks
Term
Trust
Definition
Relying on a person or thing
Term
Usability
Definition
System usability has the goal of making the system inviting, easy to use, and least obstructive to the end user
Supporting users have an ad free experience!