Term
|
Definition
device installed at the point where network connections enter a site
most vulnerable point between corp network and internet
they apply rules to control the type of networking traffic flowing in and out |
|
|
Term
|
Definition
configured for a specific environment and will monitor various internal resources of the OS to warn of a possible attack
o Detect the modification of executable programs, deletion of files and issue a warning when an attempt is made to use a privileged command |
|
|
Term
|
Definition
identify attacks within the monitored network and issue a warning to the operator
o If placed between the internet and the firewall, it will detect all the attack attempts whether or not they enter the firewall
o If placed between a firewall and the corp network, it will detect those attacks that enter the firewall (ie: an intruder) |
|
|
Term
| Hardware vs firewall platforms |
|
Definition
• Hardware-based – minimal overhead, faster but not as flexible
• Software-based – slower, significant overhead but flexible with additional services |
|
|
Term
| Two things a network layer firewall can't stop |
|
Definition
| don’t stop application based or input based attacks like SQL injection or buffer-overflowing attacks |
|
|
Term
| Stateful Inspection Firewall |
|
Definition
keeps track of the destination IP address of each packet that leaves the organizaation’s internal network
Whenever a response to a packet is received, its record is referenced to verify the incoming message is in response to the request that wnet out
Done by mapping the source IP address of an incoming packet with the list of destination IP addresses that is maintained and updated
Prevents any attack initiated and organized by an outsider |
|
|
Term
| Advantages & Disadvantages of Stateful Inspection Firewall |
|
Definition
Advantage: control the flow of IP traffic by matching info contained in the header of connection-oriented or connectionless IP packets at the transport layer against a set of rules specified by the firewall admin which creates greater degree of efficiency
Disadvantage: relatively complex to administer |
|
|
Term
| Screened host firewall implementation |
|
Definition
uses a packet filtering router and a bastion host to implement basic network layer security (packet filtering) and application server security (proxy services)
o Intruder must penetrate 2 separate systems before security of private network is compromised
o Bastion host is connected to the private network with a packet filtering router between the internet and the bastion host
o Router filtering rules allow inbound traffic to access only the bastion host, which blocks access to internal systems |
|
|
Term
| Dual-homed firewall implementation |
|
Definition
has two or more network interfaces, each of which is connected to a different network
o Blocks or filters some or al of the traffic trying to pass between the networks
o More restrictive form of a screened-host firewall system
o Dual-homed bastion host is configured with one interface established for info servers and another for private network host computers |
|
|
Term
| Demilitarized Zone firewall implementation |
|
Definition
utilizes two packet filtering routers and a basition host to create the most secure firewall system since it supports network and application level security while defining a separate DMZ network
o DMZ functions as a small, isolated network for an organization’s public servers, bastion host info servers and modem pools
o Limit access from the internet and the organizations private network
o Incoming traffic access is restricted into the DMZ network by the outside router and protects the organization against certain attacks by limiting the services available for use
o The Inside router provides 2nd layer by managing DMZ access to the private network while accepting only traffic originating from the bastion host
o For outbound traffic, the inside router manages private network access to the DMZ network, it permits internal systems to acess only the bastion host and info servers in the DMZ
o Filtering rules on the outside router require the use of proxy services by accepting only outbound traffic on the bastion host
o Advantage: an intrud must penetrate 3 devicces, private network addresses are not disclosed to the internet and internal systems do not have direct access to the internet |
|
|
Term
| What is another name for DMZ |
|
Definition
|
|
Term
|
Definition
|
|
Term
| Packet filtering firewall |
|
Definition
simplest & earliest – screening router examines the header of every pac ket of data traveling between the internet and corp network
Packet headers have info in them including IP address of the sneder and receiver, authorized port #s allowed to use the info so the firewall knows what kind of internet service is being used to send the data and identiies of sender and receiver |
|
|
Term
| Advantages & disadvantages of packet filtering firewall |
|
Definition
Advantages: simple, stable performace, filtering rules applied @ network layer
Disadvantage: vulnerable to attacks from improperly configured filters and attacks tunneled over permittied servces (b/c it’s simple); if a single packet filtering router is compromised, entire system is compromised
Potential for attack is determined by total number of hosts and services to which the packet filtering router permits traffic |
|
|
Term
| Potential attacks on a packet filtering firewall |
|
Definition
IP spoofing
Source Routing Specification
Miniature Fragment Attack |
|
|
Term
|
Definition
Performed on packet filtering firewalls
attacker fakes the IP address of either an internal network host or a trusted network host so that the packet will be allowed to pass
o If uses internal IP address, router can be configured to drop the packet (as a prevention method)
o If attacker has access to a secure/trusted external IP address and spoofs on it, firewall is defenseless |
|
|
Term
| Source routing specification attack |
|
Definition
attack performed on packet filtering firewall
hacker defines route the packet is supposed to take when travels from source host to destination host to bypass the firewall
o Must know the IP address, subnet mask and efault gateway settings at the firewall routing station
o Defense: examine each packet, if source routing specification is enabled, drop the packet
o But if topology permits a route, skipping the choke point, this countermeasure is not effective |
|
|
Term
| Miniature fragment attack |
|
Definition
attack performed on packet filtering firewall
attacker fragments the IP packet into smaller ones an dpushes it through hoping only the first of the sequence will be examined and the others will pass w/o review
o Only works if default setting is to pass residual packets
o Defense: configure firewall to drop all packets where IP fragmentation is enabled |
|
|
Term
| Application Firewall Systems |
|
Definition
provide greater capabilities than packet filtering, allow info to flow between systems but do not allow direct exchange of packets
Installed on hardened operating systems (like Windows NT or UNIX) and work at the application level of the Open Systems Interconnection (OSI) model
Set up as proxy servers to act on behalf of someone inside the private network, they are a go-between and can examine a service’s program code and modify and secure it to eliminate vulnerabilities
Can also log all traffic bvetween the internet and the network
Two types, both use Bastion Host (handles all incoming requests from the internet and are heavily fortified)
• One main host easier to maintain security and traffic attacks, none of the computers or hosts on the network can connect directly to the internet
• If break in, only the firewall system is compromised, not the entire network |
|
|
Term
| Two types of application firewall systems |
|
Definition
• Application-level – analyzes packets through a set of proxies, one for each service
o HTTP – proxy for web traffic
o Reduce network performance
• Circuit-level – operate at application level where Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) sessions are validated; usually through a single general purpose proxy before opening a connection
o Rare but more efficient |
|
|
Term
| Advantages and disadvantages of application firewall systems |
|
Definition
Advantage: provide security for commonly used protocols and generally hide the internal network from outside untrusted networks
Disadvantages: poor performance and scalability as Internet usage grows
• Can use load balancing in cases where a redundant fail-over firewall system may be used |
|
|
Term
|
Definition
o Sensors to collect data
o Analyzers that receive input from sensors and determine intrusive activity
o Admin console
o User inferface |
|
|
Term
|
Definition
o Signature-based: protect against detected intrusion patterns (intrusive patterns are stored in the form of signatures)
o Statistical-based: need comprehensive definition of the known and expected behavior of systems
o Neural networks: monitors the general patterns of activity and traffic on the network, creates a database; similar to statistical based but w/ added self-learning functionality |
|
|
Term
| What can IDS not help with? |
|
Definition
| • IDS cannot help w/ application level vulnerabilities or back doors to applications |
|
|
Term
|
Definition
| DNS is a translation tool that conversts webpages to ip addresses (doesn’t give them!) |
|
|
Term
| What does a stateful inspection firewall not protect against? |
|
Definition
| Stateful inspection firewall does not provide protection against into of malware b/c its designed to mitigate network-based attacks |
|
|
Term
|
Definition
| generic term applied to variety of malicious computer programs; self-propagating |
|
|
Term
|
Definition
| physically attaches to another program to propogate |
|
|
Term
|
Definition
| Does not physically attach itself, it exploits a security weakness in OS configurations to propogate |
|
|
Term
| What are the two major ways to prevent and detect malware? |
|
Definition
1. Having sound policies and procedures (preventive control)
2. Technical means (detective control) including anti-malware software
Neither is effective w/o the other |
|
|
Term
| What is the most effective means of protecting networks and host-based computer systems against malware? |
|
Definition
| Anti-malware software; it's preventive and detective |
|
|
Term
|
Definition
Type of anti-malware software
Looks for sequences of bits called signatures that are typical of malware programs
2 types and both need to be updated periodically to be effective |
|
|
Term
| Malware masks or signatures software |
|
Definition
| Type of anti-malware scanners that check files, sectors and system memory for known and new malware on the basis of malware masks or signatures |
|
|
Term
| Heuristic scanner software |
|
Definition
Type of Scanner anti-malware software
Analyzes the instructions in the code being scanned and decides on the basis of statistical probability whether it could contain malicious code
Generates high level of false-positive errors |
|
|
Term
|
Definition
Type of anti-malware software
Interprets DOS and read-only memory (ROM) BIOS calls, looking for malware-like actions
Disadvantage - cannot distinguish between a user request and a program or malware request so it asks users to confirm actions |
|
|
Term
| Integrity CRC checkers software |
|
Definition
type of anti-malware software
Compute a binary number on a known malware-free program that is them stored in a database file. On subsequent scans,, when that program is called to execute, it checks for changes to the files as compared to the database and reports possible infection if changes have occured
Disadvantage - can only detect infection after it has occurred; assumes files are malware free so can only detect subsequent infections; ineffective against new files that are infected |
|
|
Term
| Cyclical redundancy check |
|
Definition
| computes a binary number on a program and stores it in a database for later comparision |
|
|
Term
|
Definition
Type of anti-malware software
Focus on detecting potentially abnormal behavior such as writing to the boot sector or the master boot record or making changes to EXE files |
|
|
Term
|
Definition
Type of anti-malware software
Defend against malware by appending sections of themselves to files. Continuously checks the file for changes and reports changes as possible malware behavior. Other types can be focused on a specific type of malware and work by giving that malware the impression the file has already been infected
Disadvantage - it's not possible to immunized files against all types of malware |
|
|
Term
|
Definition
| program that does not allow a program to run if it contains malware |
|
|
Term
|
Definition
malware scanning software used with firewall technologies
Scan incoming traffic with the intent of detecting and removing malware before they enter the protected network |
|
|
Term
| Name the levels that malware walls normally work at |
|
Definition
SMTP - to scan inbound and outbound SMTP traffic for malware in coordination with the mail server
HTTP - to prevent malware-infected files from being downloaded and to offer protection against malicious java and active-x programs
FTP - to prevent infected files from being downlaoded |
|
|
Term
|
Definition
protocols used to carry the signal over the IP network
Voice traffic is carried on top of existing data infrastructure. Sounds are digitized into IP packets and transferred through the network layer before being decoded back into the original voice. |
|
|
Term
| What should be considered when designing a VoIP system? |
|
Definition
Backup has to be designed to ensure communication will not be interrupted should undesirable events occur on the data backbone.
Bandwith capacity should be base lined to determine the current levels of data traffic and adjust the necessary additional bandwidth for voice traffic.
Quality of service will need to be defined so that voice traffic will be given priority over data traffic.
Laws and regulations |
|
|
Term
| What is the key to securing VoIP? |
|
Definition
| Use the security mechanisms such as those deployed in data networks (ie: firewalls, encryption) to emulate the security level currently used by public switched telephone network (PSTN) network users |
|
|
Term
| What is a session border controller (SBCs)? |
|
Definition
| utilized to provide security features for VoIP traffic similar to that provided by firewalls. SBCs can be configured to filter specific VoIP protocols, monitor for DOS attacks and provide network address and protocol translation features. |
|
|
Term
| How can you enhance the protection of the telephone system and data traffic? |
|
Definition
Make sure patches & virus scanners up to date b/c VoIP require same care and maintenance as computer systems
Segregate VoIP infrastructure using virtual local area networks (VLANs); any connection between these two infrastructures should be protected using firewalls that can interpret VoIP protocols |
|
|
Term
| Private Branch Exchange (PBX) |
|
Definition
Sophisticated computer based switch that can be though of as a small in-house phone company for the organization that operates it
Protection is a high priority
Digital sounds are converted to analog for outside calls on the local loop using Plain Old Telephone Service (POTS - standard telephone service that most homes use) |
|
|
Term
| What can happen if a PBX is not secured? |
|
Definition
| organization is exposed to toll fraud, theft of proprietary or confidential info, loss of revenue or legal entanglements |
|
|
Term
|
Definition
Uses Halon gases that remove oxygen from air
No damage to equipment
Adversely affects ozone layer
Must be removed if have installed |
|
|
Term
| FM-200TM system fire supression system |
|
Definition
Also called heptafluoropropane, HFC-227 or HFC-227ea
Colorless odorless gaseous halocarbon
No residue after discharge
Safe for people and ozone
Large amts of energy are absorved from the surface of the burning material which lowers it's temp |
|
|
Term
| Argonite fire supression system |
|
Definition
Mixture of 50/50 Argon and Nitrogen
Inert gas used where damage to equipment is to be avoided
Environmentally friendly |
|
|
Term
| CO2 systemsfire supression system |
|
Definition
release pressurized carbon dioxide gas to replace oxygen
Unable to sustain human life
Most countries it is illegal to have them automatically discharge if humans are present so most are manual |
|
|
Term
| Charged water fire suppression system |
|
Definition
| Means the water is always in the pipe |
|
|
Term
| Local application vs total flooding fire suppression systems |
|
Definition
| Local application is only applied at the point of the fire, total flooding it is applied to a 3D enclosed space |
|
|
Term
| How can you prevent short, intermediate and long term interruptions in the power supply? |
|
Definition
Short (less than 1 sec) - surge protectors
Int (seconds to 30 min)- UPS devices
Long (hrs to days)- alternate power generators |
|
|
Term
|
Definition
| Severely Reduced Voltage - failure of elec company to supply power within an acceptable range; places strain on equipment and may limit their operational life (ie: need 108-125 volts in the US) |
|
|
Term
|
Definition
temporary and rapid decreases (sags) or increases in voltage levels
Can cause loss of data, data corruption, network transmission errors or physical damage |
|
|
Term
| Electromagnetic Interference (EMI) |
|
Definition
Caused by electrical storms or nosiy electrical equipment
Can cause systems to hang or crash or damages similar to surges/sags |
|
|
Term
| What are the phases of Penetration Testing? |
|
Definition
| Planning, Reconnaissance/discovery, Attacks (privilege escalation, information gathering from the inside & installation of further attack tools inside the system), Reporting |
|
|
Term
| External Penetration Testing |
|
Definition
| Performed from outside the target's system (usually the internet) |
|
|
Term
| Internal Penetration Testing |
|
Definition
| Performed from inside the target's system |
|
|
Term
| Blind Penetration Testing |
|
Definition
Penetration tester is provided with limited or no knowledge of target's information systems
Expense b/c of research costs |
|
|
Term
| Double Blind Penetration Testing |
|
Definition
Same as blind but Admin and Security staff also do not know
Effectively evaluates incident handling and response capability of the target |
|
|
Term
| Targeted Penetration Testing |
|
Definition
| Both the target's IT team and penetration testers are aware |
|
|
Term
|
Definition
| documenting, in detail, how evidence is handled and maintained, including ownership, transfer and modification |
|
|
Term
|
Definition
| Contains info for: who had access to the evidence (chronological manner); the procedures followed in working with the evidence; proving that the analysis is based on copies that are identical to the original evidence |
|
|
Term
| Bypass label processing (BLP) |
|
Definition
special feature only system programmers should have access to
Bypasses the computer reading of the file label |
|
|
Term
|
Definition
special feature only system programmers should have access to
Permits the user to perform complex system maintenance |
|
|
Term
|
Definition
special feature only system programmers should have access to
Usually provided by vendor |
|
|
Term
| What is a key audit issue with telecommunication software? |
|
Definition
| Ensuring all applications have been defined within the software and that the various optional telecommunication control and processing features used are appropriate and approved by management |
|
|
Term
| What type of control is promoting security awareness? |
|
Definition
| Preventive but can also be detective b/c encourages people to identify and report possible security violations |
|
|
Term
| What is a principal purpose of a PBX system? |
|
Definition
save cost of requiring a line for each user
Easier to call someone b/c only 3-4 digits needed |
|
|
Term
| Two important ways PXB security is different from conventional OS security? |
|
Definition
External access/control - typically requires remote maintenance by vendor
Feature Richness - provides possibility of unexpected attacks |
|
|
Term
| What are some additional control weaknesses of PBX systems? |
|
Definition
uncontrolled definintion of direct inward dial (DID) lines which allows external part to request dial tone locally and make unauthorized long distance calls
Lack os sytem access controls over long distance phones
Lack of blocking controls for long distance phone calls to certain #s
Lack of control over the numbers destined for fax machines & modems
Not activating the option to register calls (ie: call tracking logs) |
|
|
Term
|
Definition
1-Theft of Service - toll fraud
2-Disclosure of info - data disclosed w/o authorization
3-Data modification - ex: intruder changes billing info or modifies system tables to gain additional services
4-Unauthorized Access
5-Denial of service - render equipment or entity inoperable
6-Traffic analysis - passive attack to observe info |
|
|
Term
| When planning a PBX audit, what is the first thing you have to do? |
|
Definition
Preliminary assessment of the PBX system:
type of perceived threat and seriousness of any discovered vulnerabilities must be decided by auditor |
|
|
Term
| Maintenance out of service (MOS) |
|
Definition
| feature of PBX systems where someone can place a line out of service for maintenance; can be hijacked |
|
|
Term
| Data Integrity principal - Atomicity |
|
Definition
| Either the entire transaction is processed or none of it is |
|
|
Term
| Data Integrity principal - Durability |
|
Definition
| successful transaction will persist and cannot be undone |
|
|
Term
| Data Integrity principal - Isolation |
|
Definition
| While in an intermediate state, the transaction data are invisible to external operations; this prevents two transactions from attempting to access the same data at the same time |
|
|
Term
| Data Integrity principal - Consistency |
|
Definition
| the database is in proper state when the transaction beings and ends and that the transaction has not violated integrity rules |
|
|
Term
| Parallel Testing (change mgmt) |
|
Definition
| feeding data into two systems - the modified system and an alternate system - and comparing the results. Both systems operate concurrently for a period of time and perform same processing functions. Allows a new system to be tested without affecting existing systems |
|
|
Term
| Pilot testing (change mgmt) |
|
Definition
| Takes place first at one location and is then extended to other locations. Purpose is to see if new system operates satisfactorily in one place before implementing it at another location. In most cases the cutover to the new system will disable existing systems |
|
|
Term
| Interface/integration testing (change mgmt) |
|
Definition
| Hardware or software test that evaluates the connection of two or more components that pass info from one area to another. Objective is to take unit tested modules and build an integrated structure. Will not test in a true production environment |
|
|
Term
| Sociability testing (change mgmt) |
|
Definition
| Purpose is to confirm that a new or modified system can operate in its target environment without adversely impacting existing systems. Covers the platform that will perform primary application processing and interfaces with other systems as well as changes to the desktop in a client-server or web development |
|
|
Term
| What is the first step performed before creating a risk ranking for annual internal IS audit plan? |
|
Definition
|
|
Term
| Software baselining (system development project) |
|
Definition
| The cutoff point in the design phase, occurs after a rigorous review of user requirements. Any change thereafter will undergo strict formal change control and approval procedures |
|
|
Term
| Integrated Test Facility (ITF) (change mgmt) |
|
Definition
| fake company created to process test transactions simultaneously with live input; advantage is periodic testing does not require separate test processes |
|
|
Term
| What is the starting point for data integrity checks? |
|
Definition
|
|
Term
| What must contain a clear articulation of the IT mission and vision? |
|
Definition
|
|
Term
| At what layer does Secure Sockets Layer (SSL) encryption occur? |
|
Definition
| provides encryption at the transport layer of the open systems interconnection (OSI) model. This is commonly used by the web to encrypt data sessions of information sent client-to-server or server-to-server |
|
|
Term
| At what layer does IP Security (IPSec) encryption occur? |
|
Definition
|
|
Term
| At what layer does Secure Shell (SSH) encryption occur? |
|
Definition
|
|
Term
| At what layer does Secure/Hypertext Transfer Protocol (S/HTTP) encryption occur? |
|
Definition
|
|
Term
|
Definition
sets specific time and cost boundaries, effective in controlling costs and deliever time lines by ensuring that each segement of the project is divided into small controllable time frames
Integrates system & user acceptance testing
suitable for prototyping and rapid application development
Still need quality process |
|
|
Term
| What does the audit charter document? |
|
Definition
| audit function including purpose, responsibility, authority and accountability |
|
|
Term
| What type of control are backup procedures and contingency planning? |
|
Definition
|
|
Term
| What is an audit program? |
|
Definition
Step by step set of audit procedures and instructions to perform audit (strategy & plan)
Includes - scope, audit objectives and audit procedures |
|
|
Term
| what are the first three thing to identify in an audit? |
|
Definition
| identify subject (company), objective (purpose), scope (systems) |
|
|
Term
|
Definition
| risk without taking into account the controls that mgmt has implemented; exists independent of the audit and can occur b/c nature of the business |
|
|
Term
|
Definition
| risk that material error exists that would not be prevented or detected by the control (high if manual, low if automated) |
|
|
Term
|
Definition
| risk that material errors will not be detected by IS auditor |
|
|
Term
|
Definition
| risk that info or financial reports may contain material errors and that the auditr may not detect an error has occured |
|
|
Term
| statistical sampling risk |
|
Definition
| risk that incorrect assumptions are made about the characteristics of a population from which a sample is selected |
|
|
Term
| What are the steps in a risk-based audit approach? |
|
Definition
| gather info and plan, obtain understanding of internal control, perform compliance tests (ELCs - policies & procedures), perform substantive tests, conclude the audit |
|
|
Term
| What is the difference in the risk response options? (Mitigation, Acceptance, Avoidance, Transfer/Sharing) |
|
Definition
Mitigation - applying appropriate controls to reduce the risks
Acceptance- knowing the ris and not taking action
Avoidance - not allowing actions that would cause the risks to occur
Transfer/sharing - transferring risk to other parties (suppliers or insurers) |
|
|
Term
| Compliance vs Substantive Testing |
|
Definition
C- determines if controls are being applied in a manner that complies with mgmt polices & procedures
S- substantiates the integrity of actual processing (evaluate integrity of individual transactions/data)
Results of C testing indicate how much S testing to perform (b/c saying whether or not can rely on controls) |
|
|
Term
| Statistical sampling audit approach |
|
Definition
Objective method of determining sample size and selection criteria;
Uses mathematical laws of probability to calculate the sample size, select the sample items and evaluate the sample results |
|
|
Term
| What is assessing sample precision and reliability/confidence level |
|
Definition
ASP-how closely the sample represents the population
R/CL-# times in 100 that sample should represent the population |
|
|
Term
| Non-statistical sampling audit approach |
|
Definition
| judgemental sampling; auditor uses judgement to determine method, size and which items to select |
|
|
Term
| Attribute sampling method |
|
Definition
| Ususally in compliance testing; deals with presence/absence of the attribute, provides conclusions in rates of incidence |
|
|
Term
|
Definition
Usually in substantive testing;deals with population characteristics that vary (ie: money or weights) and provides conclusions related to deviations from the norm
Estimates unit of measure of population from a sample |
|
|
Term
|
Definition
part of attribute sampling method
Estimates the rate (%) of occurence of a specific quality (attribute) in a population
Answers the question how many?
Ex: approval signatures on computer access request form |
|
|
Term
| Other names for attribute sampling |
|
Definition
Fixed sample-size attribute sampling
Frequency-estimating sampling |
|
|
Term
|
Definition
part of attribute sampling method
Helps prevent excessive sampling of an attribute by allowing an audit test to be stopped at earliest possible moment
Used when believe few errors will be found |
|
|
Term
|
Definition
part of attribute sampling method
Used when expected occurence rate is extremely low
Usually used when objective of audit is to discover fraud, circumvention, etc |
|
|
Term
| Other names for variable sampling |
|
Definition
Dollar estimation
Mean estimatation |
|
|
Term
| Stratified mean per unit sampling |
|
Definition
variable sampling type
Population is divided into groups, samples are drawn from various groups
Used to produce smaller overall sample size relative to unstratified mean per unit |
|
|
Term
| Unstratified mean per unit sampling |
|
Definition
variable sampling method type
Sample mean is calculated and projected as an estimated total |
|
|
Term
|
Definition
variable sampling method type
Estimate total difference b/w audited values & book values based on differences obtained from sample observations |
|
|
Term
| Confidence Coefficient (sampling) |
|
Definition
percentage expression of the probability that the characteristics of the sample are true for the population (ie: 90, 95, 99)
Greater confidence coefficent, larger the sample |
|
|
Term
|
Definition
| equal to one minus the confidence coefficient |
|
|
Term
| Other names for confidence coefficient (sampling) |
|
Definition
confidence level
reliability factor |
|
|
Term
|
Definition
also called precision range
set by IS auditor
acceptable range difference b/w sample and population
attribute sampling = %
variable sampling = monitary amt or #
Higher precision, smaller sample, greater risk of error going undetected |
|
|
Term
| Expected Error Rate (sampling) |
|
Definition
estimate stated as % of errors that may exist
Greater expected error rate, greater sample
Only used in attribute sampling |
|
|
Term
|
Definition
sum of all sample values, divided by size of sample
measures average value of sample |
|
|
Term
| Sample standard deviation |
|
Definition
| computes variance of sample values from mean of sample |
|
|
Term
| Tolerable error rate (sampling) |
|
Definition
maximum mistatement or # of errors that can exist without an account being materially misstated
Used for pllanned upper limit of the precision range for comliance testing |
|
|
Term
| Population standard deviation (sampling) |
|
Definition
measures relationship to the normal distribution
Greater standard deviation, larger sample size
applied to variable sampling |
|
|
Term
| Precision range (sampling) |
|
Definition
|
|
Term
|
Definition
| @ end of audit when IS auditor should discuss w/ mgmt: facts presented in report are correct; recommendations are realistic and cost-effective; recommend implementation dates |
|
|
Term
| What is the primary goal of CSA (control self assessment)? |
|
Definition
leverage IA function by shifting some of the control monitoring responsibilities to the functional areas
to determine reliability of IC |
|
|
Term
| Business interruption insurance |
|
Definition
| covers the loss of profit due to disruption in the operations of an organization |
|
|
Term
|
Definition
| covers the loss arising from dishonest or fraudulent acts by employees |
|
|
Term
| errors and ommissions insurance |
|
Definition
| provides legal liability protection in the event that the professional practitioner commits an act that results in financial loss to a client |
|
|
Term
|
Definition
| cover the extra costs of continuing operations following a disaster/disruption within an organization |
|
|
Term
| In what order are the tests performed for a DR? (full, preparedness, paper) |
|
Definition
paper test (desk check)
Preparedness test
full operational test |
|
|
Term
|
Definition
| means of assessing the relative maturity of the IT processes within an organization; running from level 0 incomplete (processes are not implemented or fail to achieve their purpose) to level 5 (optimizing-metrics are defined and measured and continuous improvement techniques are in place) |
|
|
Term
|
Definition
| designed to assist in the definition, prioritization, approval and running of a set of projects within a given organization. these tools offer data capture, workflow and scenario planning functinoality, which can help identify the optimum set of projects to take forward w/i a given budget |
|
|
Term
| Quantitative business risk is expressed as |
|
Definition
| product of the likelihood and magnitude of the impact hsould a threat successfully exploit a vulnerability |
|
|
Term
| Simple Object Access Protocol |
|
Definition
| – XML based enabling applications to communicate w/ each other over the internet |
|
|
Term
| Address Resolution Protocol |
|
Definition
| – dynamic address mapping b/w IP address and MAC address |
|
|
Term
| Routing Information Protocol |
|
Definition
| – specifices how routers exchange routing table info |
|
|
Term
| Transmmission Control Protocol |
|
Definition
| – enables two hosts to establish a connection & exchange data |
|
|
