Shared Flashcard Set

Details

Systems
Systems Lecture 12 - Info Systems controls for systems reliability
18
Accounting
Undergraduate 4
12/11/2007

Additional Accounting Flashcards

 


 

Cards

Term
Systems Reliability
Definition
1. Confidentiality
2. Privacy
3. Processing integrity
4. Availabilty
5. Security 
Term
Confidentiality
Definition
Sensitive information is protected from unauthorized disclosure
Term
Privacy
Definition
Personal information about customers collected through e-commerce is collected, used, and maintained in an appropriate manner
Term
Processing Integrity
Definition
Data is processed
  • Accurately
  • Completely
  • In a timely manner
  • with proper authorization 
Term
Availability
Definition
The system is available to meet operational and contractual obligations
Term
Security
Definition
Access to the system and its data is controlled
Term
Major types of preventative controls
Definition
1. Authentication controls - passwords, tokens, biometrics
2. Authorization controls - access control matrices and compatability test
3. Training
4. Physical access controls - locks, guards, biometric devices
5. Remote access controls - IP packet filtering by border routers
6. Host and application hardening procedures - Firewalls, anti virus software, etc
7. Encryption 
Term
Detective controls
Definition
Authorization and authentication controls represent the organization's policies governing access to the system and limits the actions that can be performed by authorized users.
Term
Actual system use must be examined to assess compliance through:
Definition
- Log analysis (like computer lab)
- Intrusion detection systems
- Managerial reports
- Periodically testing the effectiveness of existing security procedures 
Term
Three key components that satisft the preceding criteria are:
Definition
- Establishment of computer emergency response team
- Designation of a specific individual with organization-wide responsibility for security
- an organized path management system (download a fix online) 
Term
Encryption
Definition
The process of transforming normal text, called plaintext, into unreadable gibberish.
 
Decription reverses this process.
 
To encrypt or decrypt, both a key and an algorithm are needed 
Term
Two types of encryption systems
Definition
- symmetric key encryption systems: use same key to emcrypt and decrypt
  • both parties must know the secret key
  • A different key needs to be created for each party with whom the entity engages in encrypted transactions
  • Since both sides are using the same key, no way to prove who created a document 
Term
Asymmetric encryption systems
Definition
Use two keys
  • The public key is publicly available
  • the private key is kept secret and known only to the owner of the pair of keys
  • Either can be used to encrypt
  • Which ever is used to encrypt, the other must be used to decrypt
  • Much slower than symmetric 
Term
Encryption
Definition
- Symmetric to encode most commercial documents like PO and invoices
- Asymmetric to safely send the symmetric key to the recipeient for use in decrypting
  • sender uses recipients public key to encrypt symmetric key
  • recipient uses the private key to decrpyt the symmetric key 
Term
Hashing
Definition
Hashing takes plaintext of any length and transforms it into a short code called a "hash"
  • Differs from encryption because encryption always produces ciphertext similar in length to plaintext, but hashing produces a hash of a fixed short length
  • Encryption is reversible, but hashing is irreversible 
Term
Digital signatures
Definition
1 hashing of the commercial data and 2 encryption of the hash, are used to make a digital signature
 
- the document is first hashed
- the hash is then encrypted, using the senders private key, to create a digital signature
- A digital signature is info encrypted with the creators private key 
Term
5 categories of integrity controls
Definition
- source data controls
- data entry controls
- processing controls
- data transmission controls
- output controls 
Term
Source data controls
Definition
If the data entered into a system is inaccurate or incomplete, the output will be too
 
Companies must establish control procedures to ensure that all source documents are authorized, accurate, complete, properly accounted for, and entered into the systems or sent to their intended destination in a timely manner 
Supporting users have an ad free experience!