Term
| What is an Operating System? |
|
Definition
| It is the computer's control program. It allows users and their applications to share and access common computer resources, such as processors, main memory, databases, and printers. Because the operating system is common to all users, the larger the computer facility, the greater the scale of potential damage. |
|
|
Term
| The Operating System performs 3 main tasks: |
|
Definition
- It translates high-level languages, such as COBOL, C++, BASIC, and SQL, into the machine-level langauage that the computer can execute.
- The operating system allocates computer resources to users, workgroups, and applications.
- The Operating System manages the tasks of job scheduling and multiprogramming.
|
|
|
Term
| What are the 5 fundamental Controls in an OS? |
|
Definition
- To protect itself from users
- Protect users from each other
- Protect users from themselves
- Be protected from itself.
- Be protected from its enviornment.
|
|
|
Term
| Operating System Security? |
|
Definition
| Involves policies, procedures, and controls that determine who can access the operating system, which resources (files, programs, printers) they can access, and hwat actions they can take. |
|
|
Term
| What security components are found in secure Operating Systems: |
|
Definition
- Log-On Procedures
- Access Token
- Access Control List
- Discretionary Access Control
|
|
|
Term
| What are 3 primary threats to an OS? |
|
Definition
- Pivileged personnel who abuse their authority.
- Individuals, both internal and external to the organization, who browse the OS to identify and exploit security flaws.
- Individuals who intentionally (or accidentally) insert computer viruses or other forms of destructive programs into the OS.
|
|
|
Term
| What is the Audit Objective relating to Access Privileges? |
|
Definition
| The objective of the auditor is to verify that access privileges are granted in a manner that is consistent with the need to separate incompatible functions and is in accordance with the organization's policy. |
|
|
Term
| Audit Procedures for Access Privaleges |
|
Definition
Review or Verify
- Policies for separating incompatible functions
- a sample of user privileges, especially access to data and programs
- security clearance checks of privileged employees
- formal acknowledgements to maintain confidentiality of data
- users' log-on times
|
|
|
