Shared Flashcard Set

Details

Information Controls for Systems Reliability
UMass Lowell AIS 303
69
Accounting
Undergraduate 3
06/21/2014

Additional Accounting Flashcards

 


 

Cards

Term
Trust Services Framework was developed by:
Definition
AICPA and CICA
Term
Trust Services Framework is a subset of what Control Framework?
Definition
COBIT
Term
Trust services framework consists of five principles that contribute to systems reliability. Name them:
Definition

Security 

 Confidentiality 

 Privacy 

 Processing integrity 

 Availability 

Term
The definition of Security in the Trust Services Framework is:
Definition
Access to the system and its data is controlled and restricted to legitmate users.
Term

The definition of Confidentiality in the Trust Service Framework is: 

 

Definition
Sensitive organizational information is protected from unauthorized disclosure.
Term
The Definition of Privacy in the Trust Services Framework is:
Definition
Personal information about customers is collected, used, disclosed, and maintained only in compliance with internal and external regulatory requirements and is protected from unauthorized disclosure.
Term
The definition of Processing Integrity in the Trust Service Framework is:
Definition
Data are processed accurately, completely, in a timely manner, and only with proper authorization.
Term
The definition of Accountability in the Trust Service Framework is:
Definition
The system and its information are available to meet operational and contractual obligations.
Term
Name four criteria for successfully implementing the five Trust Service Framework principles:
Definition

1) Developing and documenting policies 

 

2) Effectively communicating policies to authorized users


3) Designing and employing appropriate control procedures to implement policies 


4) Monitoring the system and taking corrective action to

maintain compliance with policies. 

 
Term
______________is responsible for the internal control structure, including security.
Definition
Management
Term
Understanding when a proper level of security and monitoring security has been reached is made more difficult by today's ____________ __________, leading to specialized management roles such as _____, CSO, and __________ _________.
Definition

Information Technology

 

CIO, Compliance Officers

Term
Management Obligations to the Internal Control System include:
Definition

Developing and documenting policies

 

Communicating the Policies developed

 

Designing the control procedures

 

Monitoring the system 

 
Term
The ________ an error/irregularity is found, the less ____ it takes to correct and less _____ occurs.
Definition

Sooner

 

Time

 

Damage

Term
The Training Control is used:
Definition

To facilitate employee understanding and adherance to the organization's security policies including: 

 

Safe computing practices

Social engineering

Piggybacking

Term
Authentication is:
Definition
The process of verifying the identity of the person or device attempting to access the system with the objective to ensure that only legitimate users can access the system.
Term
Three types of credentials used by Authentication Controls to verify a person's identity are:
Definition

Something they know (Password)

Something they have (Badge/Smart Card)

Something they are (Biometric Identifier)

Term
Authorization is:
Definition
the process of restricting access of authenticated users to specific portions of the system and limiting what actions they are permitted to perform.
Term
A capability test is performed to match users authentication credentials against authorized actions when an employee attempts to access a particular information resource system and access is granted or denied based upon the privileges authorized to that user. What source lists user access privileges used for the capatibility test?
Definition
An Access Control Matrix
Term
The Access Control Matrix must be updated for what events?:
Definition

Firings

 

Promotions

 

Demotions 

 

Transfers

 

Job rotation

Term
In addition to people, ________ are also set up with authorization controls.
Definition
Devices
Term
Card readers at entry ways, man traps, electronic eavesdroping countermeasures and screen guards are all examples of what type of controls?
Definition
Physical Access Controls
Term
Firewalls, Routers, war dialing and defense in depth are examples of what type of controls?
Definition
Network Access Controls
Term
Use of an Intrusion Detection System to perform log analysis in efforts to detect unauthorized access to the system is an example of what type of controls? 
Definition
Log Analysis
Term
Use of vulnerability scanners and penetration tests used to attempt unauthorized access to the system are examples of what type of control?
Definition
Security Testing
Term
Key component to prompt and effective response to security incidents is the standing up of a:
Definition
Computer Incident Reponse Team
Term
The Computer Incident Response Team should have as its membership:
Definition

Senior Operations Management

Technical Specialists

Term
The most important document for the effectiveness of the Computer Incident Respons team is:
Definition
Incident reponse plan including alert process.
Term
The Computer Incident Response Team (CIRT) leads the response to an incident through what 4 steps?
Definition

Recognition that a problem exists. 

 

Containment of the problem. 

 

Recovery. Damage must be repaired. 

 

Follow up. Analysis of what happened, how to prevent it from happening again, and what to do to exact capture and punishment of the perpetrator.

Term
Operating independently of other information systems functions and reporting to the COO, this officer is an impartial assessor and evalutator of the IT environment who is responsibile for insuring that vulnerability and risk assessments are performed regularly and that security audits are carried out periodically. The title of this role is:
Definition
Chief Information Security Officer (CISO)
Term
When a vulnerabilility is discovered in software a hacker writes an exploit, which instructs how to attack using the vulnerability. What name is given a control that to software updates that eliminate such vulnerabilities?
Definition
Patch management.
Term
Virtualization of software and hardware eliminates opportunities for physical access issues but opens up vulnerabilities where information is housed and controlled by another entity that is not under the control of the owner of that information. This type of environment is generally referred to as:
Definition
Cloud Computing
Term
What leads to effective confidentiality for an organization's intellectual property?
Definition

Identify sensitive information (data) that needs to be protected then protect it when is captured, while it is stored, when it is reported/accessed, and when it is disposed of. 

 
Term
Information in storage should be ______________ to prevent theft by unauthorized access.
Definition
Encrypted
Term
In the event of a breach in security at a firm, law requires notification of all customers unless that customer's data was ___________ at the time of the breach.
Definition
Encrypted
Term
Spreadsheets require special controls because of the high likelyhood of _________ _____.
Definition
Material Errors
Term
Trust Services Framework Principle that states states that a reliable system is one that produces information that is accurate, complete, timely and valid.
Definition
Processing Integrity
Term
Field Check
Definition
Determines whether the characters in a field are the proper type.
Term
Sign Check
Definition
Determines whether the data in a field have the appropriate arithmetic sign.
Term
Limit Check
Definition
Tests a numerical amount against a fixed value.
Term
Range Check
Definition
Tests whether a numerical amount falls between predetermined lower and upper limits.
Term
Size Check
Definition
Ensures that the input data will fit into the assigned field.
Term
Completeness Check
Definition
On each input record determines whether all required data items have been entered.
Term
Validity Check
Definition
Compares the ID code or account number in transaction data with similar data in the master file to verify that the account exists.
Term
Reasonableness Check
Definition
Determines the correctness of the logical relationship between two data items.
Term
Check Digit
Definition
Authorized ID numbers can contain a check digit thta is computed from the other digits. Data entry devices can be programmed to perform check digit verification by using all but one first or final digit to calculate the final digit each time the number is entered.
Term
Sequence Check
Definition
Checks whether a batch of input data is in the proper numerical or alphabetical sequence.
Term
Financial Total
Definition
A batch total that sums a field that contains monetary values.
Term
Hash Total
Definition
Sums a non-financial numericdal field.
Term
Record Count
Definition
Number of records in a batch.
Term
Prompting
Definition
Systems requests each input data item and waits for an acceptable response, ensures that all necessary data are entered.
Term
Closed-Loop Verification
Definition
Checks the accuracy of input data by using it to retrieve and display other related information.
Term
Transaction Log
Definition
Detailed record of all transactions, including a unique transaction identifier, the date and time of entry, and who entered the transaction.
Term
Data Matching
Definition
In certain cases, two or more items of data must be matched before an action can take place.
Term
File Labels
Definition
File Labels need to be checked to ensure the correct and most current files are being updated.
Term
Header Record
Definition
Located at the beginning of each file, contains the file name, expiration date, and other identification data
Term
Trailer Record
Definition
Located at the end of the file, contains batch totals calculated during input.
Term
Recalculation of Batch Totals
Definition
Batch totals should be recalculated as each transaction record is processed, and the total for the batch should then be compared to the values in the trailer record.
Term
Transposition Error
Definition
Two adjacent digits are inadvertently reversed.
Term
Cross-footing
Definition
Compare the sum of the sum of rows and the sum of the sum of columns. They should be equal.
Term
Zero Balance Test
Definition
Control accounts should zero out after all costs are allocated to expense categories.
Term
Write-Protection Mechanism
Definition
Protect against overwriting or erasing of data files stored on magnetic media.
Term
User Review of Output
Definition
Users should carefully examine system output to verify that it is reasonable, that it is complete, and that they are the intended receipients.
Term
External Data Reconciliation
Definition
Database totals should be periodically reconciled with data maintained outside the system.
Term
E
Definition
Term
Reconciliation Procedures
Definition
Periodically, all transactions and other system updates should be reconciled to control reports, file status/update reports, or other control mechanisms. General Ledger accounts should be reconciled to subsidiary account totals on a regular basis.
Term
Data Transmission Controls
Definition
Controls designed to minimize risk of data transmission errors.
Term
Checksums
Definition
When data are transmitted, the sending device can calculate a hash of the file, called a checksum.  The receiving device performs the same calculation and sends the results to the sending device. If the two hashes agree, the transmission is presumed to be acurate.
Term
Parity Bits
Definition
Extra digit added to the beginning of every character that can be used to check transmission accuracy.
Supporting users have an ad free experience!