Term
|
Definition
| Overall control environment |
|
|
Term
|
Definition
| is a comprehensive plan that helps protect the company from internal and external threats. |
|
|
Term
| Issues considered when developing a security plan: |
|
Definition
1. Identify and evaluate assets to be protected
2. Identify threats
3. Assess risk
4. Establish security policy
5. Implement across the organization
6. Manage the security program |
|
|
Term
| When implementing a security policy what should be considered? |
|
Definition
| International Organization for Standardization (ISO 17799) |
|
|
Term
| What are the five types of organization-level controls for AIS? |
|
Definition
1. Personnel controls
2. File security controls
3. Fault-tolerant system, backup, and contingency planning
4. Computer facility controls
5. Access to computer files |
|
|
Term
| 2 main parts of personnel controls? |
|
Definition
| Segregation of duties, and use of computer accounts |
|
|
Term
| Define System Analysis Function: |
|
Definition
| Analyzing/processing/designing applications programs. |
|
|
Term
| What should a programmer not be allowed to do? |
|
Definition
| Use actual data to test a program (because they can manipulate it then) |
|
|
Term
| What should changes in programs be required to do? |
|
Definition
| All changes should be written and submitted to the manager. |
|
|
Term
| What should the computer operators do? |
|
Definition
| They should rotate throughout different jobs. Logs should be kept and checked. Should not give computer operators access to program documentation or logic. |
|
|
Term
| Where should the AIS librarian information stay? |
|
Definition
| It should stay in a seperate storage area. |
|
|
Term
| What should the data control functions and transaction authorization functions do? |
|
Definition
| Data control functions should be independent of computer operations? |
|
|
Term
| Under use of computer accounts, what should each separate computer have? |
|
Definition
| They should have separate unique passwords |
|
|
Term
| Define File Security controls: |
|
Definition
| used to protect computer files from either accidental or intentional abuse |
|
|
Term
| Define Fault-Tolerant System, Backup, and Contingency Planning: |
|
Definition
| Reduce financial and business risk |
|
|
Term
|
Definition
| Change that a company's financial statements are misstated |
|
|
Term
|
Definition
| Likelihood that an adverse or unwanted even that could injury company will occur. |
|
|
Term
|
Definition
| If one part of the system fails another part immediately takes over, and the system continues with no problem. |
|
|
Term
| Example of areas that use Fault-Tolerant systems: |
|
Definition
| Computer networks, CPU processors, Disks, and processors |
|
|
Term
| Define Consensus-based protocols: |
|
Definition
| Contain an odd number of processors. |
|
|
Term
|
Definition
| If something happens to first processor then other one takes over. |
|
|
Term
|
Definition
| Writing all data in parallel into two disks. |
|
|
Term
| Define Rollback processing: |
|
Definition
| Transactions are never written until finished. If fault happens then lose what was doing but system is at earlier place. |
|
|
Term
| What is the backup procedure typically used under the batch processing system |
|
Definition
| grandfather-father-child procedure |
|
|
Term
|
Definition
| backs up all files on a given disk: lots of time and space |
|
|
Term
|
Definition
| back up only those files that have been modified since the last full or last incremental backup |
|
|
Term
|
Definition
| Backs up only the files that have been changed since the last full backup |
|
|
Term
|
Definition
|
|
Term
|
Definition
| DB is offline and unavailable to its users. |
|
|
Term
| Define electronic vaulting: |
|
Definition
| Backup copies are stored at a remote site. |
|
|
Term
| What does contingency planning include: |
|
Definition
| The development of a disaster recovery plan. This is for unforseen disasters. |
|
|
Term
| What are the key components of the DRP? |
|
Definition
1. Data backup procedure
2. Replacement of infrastructure
3. Period testing
4. Other(insurance coverage, documentation) |
|
|
Term
|
Definition
| includes computers (too much money) |
|
|
Term
|
Definition
| A location that includes everything from a hot site as well as up-to-date backups. |
|
|
Term
| Define Computer Facility Controls (physical access controls) |
|
Definition
| prevent the unintentional/intentional harm to the computer system. |
|
|
Term
| Define Access to computer files: (logical access controls) |
|
Definition
|
|
Term
| Define IT General Controls: |
|
Definition
Changes/development of computer programs is authorized, tested, and approved.
Access to files is restricted to only who is allowed to look at it. |
|
|
Term
|
Definition
| Virtual Private Network, a private network that uses public internet. Focus on security, reliability, and timely delivery of messages. Secure because of encryption |
|
|
Term
| What are most risks associated from in AIS: |
|
Definition
| Errors, irregularities, general threats to security |
|
|
Term
| What are risks unique to Micro computer environments? |
|
Definition
Hardware- can easily be stolen or destroyed
Data and Software is easily accessed, modified, copied or destroyed.
All very difficult to protect. |
|
|
Term
| Hwo do you keep microcomputers safe? |
|
Definition
1. Lock in cabinets
2. Identify personal laptops
3. Use non-breakable cables to attach to furniture
4. Load antivirus software to disks
5. Backup laptop information |
|
|
Term
| What are application controls concerned about |
|
Definition
| Proventing, detecting, and correcting errors and irregularities in transactions. |
|
|
Term
|
Definition
| Examine selected fields of input data and reject those transactions whose data fields do not meet the pre-established standards of data quality. |
|
|
Term
| What is the objective of application control |
|
Definition
| To provide a good audit trail |
|
|
Term
| Define Batch control total |
|
Definition
| Comparison of items or documents actually processed against a predetermind control total. |
|
|
Term
|
Definition
| A meaningless total that is useful for control purposes only, detects errors only. |
|
|
Term
|
Definition
| Translation from code to machine language by an error-testing compiler. |
|
|
