Flashcards in General Deck (25)
what is continuous auditing
a real-time feed of information to management through automated reporting processes so that management may implement corrective actions more quickly.
WHAT IS AUTOMATED SYSTEMS BALANCING
Automated systems balancing checks any imbalance between total inputs and total outputs would be reported for investigation and correction.
what are validation controls
comparing for input and output
what is a VPN
. The most secure method is a virtual private network, using encryption, authentication and tunneling to allow data to travel securely from a private network to the Internet.
Which of the following would be BEST prevented by a raised floor in the computer machine room?
damage of wires around the computers and servers
what defines the strategy of a Disaster recovery strategies how
maximum tolerable downtime and data loss
what is RTO
It is the time within which a business process must be restored after a disaster in order to avoid unacceptable consequences associated with a break in continuity.
what is RPO
Point in recovery where data has to be restored as the last backup was until then
what does Hash Algorithms does
It provides a finger print to ensure authentication. it does not provide encryption, authorization and identification.
governance of IT should be whose stakeholders
Board of Directors
what is the actual purpose of audit trails
It is to determine accountability and NOT help the IS auditor
what does row level and column level access controls do
they restrict access to certain types of information that require additional security.
what is the diff between Data warehouse and database
data warehouse pulls data from multiple sources
what is being considered the most for reciprocal agreements as a recovery alternative
they must not be in close proximity
what is most concern when orgn outsouces IS processing
the lack of right to audit
what ensures accountability when updating data in a production database
review of audit logs
what is a web site certificate
it is to prove the authenticity of the site
Digital signatures requires what keys
It requires the sender to have his private key and the receiver to have a public key
what is a IT project portfolio analysis
provides information of planned initiatives, and ongoing IT services
what is a table link / reference checks
table linking errors (completeness and accuracy of contents of the database
which is the greatest concern
1) DR is invalid and need to be revised
2) Data may be lost in event of system failure
3) new vendor is not familiar with orgn policies
4) application owners were not informed of the change
application owners were not informed of the change
what is the most impt thing for IS auditor to consider to faciliate new policy implementation
esiting IT mechanisms to enable compliance
in a change management process, what does a IS auditor look out for most
the test plans are followed and complied
what is the critical success factor of a succesful implementation
1) assimilation of the framweork and intent of the written policy by all appropriate parties
2) management support ?
1) assimilation of framework and intent of the written policy