Shared Flashcard Set

Details

Chapter 8
AIS Chapter 8
29
Accounting
Undergraduate 4
11/05/2013

Additional Accounting Flashcards

 


 

Cards

Term
COBIT Framework: 7 key criteria that information provided to management must satisfy
Definition
1. Effectiveness - information must be relevant and timely
2. Efficiency - the information must be produced in a cost-effective manner
3. Confidentiality - sensitive information must be protected from unauthorized disclosure
4. Integrity - the information must be accurate, complete, and valid
5. Availability - the information must be available whenever needed
6. Compliance - controls must ensure compliance with internal policies and with external legal and regulatory requirements
7. reliability - management must have access to appropriate information needed to conduct daily activities and to exercise its fiduciary and governance responsibilities
Term
COBIT: IT processes necessary to produce information that meet the 7 key criteria are grouped into four basic management activities (domains)
Definition
1. Plan and organize
2. Acquire and Implement
3. Deliver and Support
4. Monitor and Evaluate
Term
Trust Services Framework: 5 categories of information systems controls that most directly pertain to systems reliability
Definition
1. Security
2. Confidentiality
3. Privacy
4. Processing Integrity
5. Availability
Term
Two fundamental information security concepts
Definition
1. Security is a management issue, not a technology issue
2. Defense-in-depth and the time-based model of information security
Term
Management's Role in information security
Definition
1. Create and foster a pro-active "security-aware" environment
2. Inventory and value the organization's information resources
3. Assess risks and select a risk response
4. Develop and communicate security plans, policies, and procedures
5. Acquire and deploy information security technologies and products
6. Monitor and evaluate the effectiveness of the organization's information security program
Term
The idea of Defense-in-Depth
Definition
to employ multiple layers of controls in order to avoid having a single point of failure
Term
The goal of the time-based model of security; evaluation of three important variables
Definition
employ a combination of detective and corrective controls that identify an information security incident early enough to prevent the loss or compromise of information

P = the time it takes an attacker to break through preventative controls
D = the time it takes to detect that an attack is in progress
C = the time it takes to respond to the attack

if P > D + C, security procedures are effective; otherwise, security is ineffective.
Term
Steps that criminals use to attack and organization's information system
Definition
1. conduct reconnaissance
2. attempt social engineering
3. scan and map the target
4. research
5. execute the attack
6. cover tracks
Term
Preventative controls examples
Definition
- training
- user access controls
- physical access controls
- network access controls
- device and software hardening controls
Term
Detective controls examples
Definition
- log analysis
- intrusion detection systems
- security testing and audits
- managerial reports
Term
Corrective controls examples
Definition
- computer incident response teams
- chief information security officer
- patch management
Term
3 types of credentials can be used to verify a person's identity
Definition
1. something they know, such as passwords or PINs
2. Something they have, such as smart cards or ID badges
3. Some physical characteristic (biometric identifier), such as their fingerprints or voice
Term
multifactor authentication
Definition
the use of two or all three authentication types in conjunction
Term
multimodal authentication
Definition
using multiple credentials of the same type
Term
access control matrix and the compatibility test
Definition
authorization controls are often implemented by creating an access control matrix. Then when an employee attempts to access particular information, the system performs a compatibility test the matches the user's authentication credentials against the access control matrix
Term
border router
Definition
the device that connects an organization's information system to the internet
Term
firewall
Definition
either a special-purpose hardware device or software running on a general-purpose computer to prevent intrusion
Term
demilitarized zone (DMZ)
Definition
a separate network that permits controlled access from the internet to selected resources
Term
Transmission Control Protocol (TCP)
Definition
specifies the procedures for dividing files and documents into packets to be sent over the internet and the methods for reassembly of the original document or file at the destination
Term
Internet Protocol (IP)
Definition
specifies the structure of packets and how to route them to the proper destination
Term
Access control list
Definition
a set of rules that determines which packets are allowed entry and which are dropped
Term
static packet filtering
Definition
the screening of individual IP packets based solely on the contents of the source and/or destination fields in the IP packet header; usually performed by the border router
Term
stateful packet filtering
Definition
a process performed by a firewall that creates and maintains a table in memory that lists all established connections between the organization's computers and the internet.
Term
deep packet inspection
Definition
the process of examining the data contents of a packet
Term
intrusion prevention systems
Definition
systems that monitor patterns in the traffic flow, rather than only inspecting individual packets, to identify and automatically block attacks
Term
Remote Authentication Dial-In User Service (RADIUS)
Definition
a standard method of verifying the identify of users attempting to obtain dial-in access through a modem
Term
war dialing software
Definition
calls every telephone number assigned to the organization to identify those which are connected to modems
Term
Device and software hardening controls
Definition
1. endpoint configuration
2. User account management
3. software design
Term
hardening
Definition
the process of modifying the default configuration of endpoints to eliminate unnecessary settings and services
Supporting users have an ad free experience!