Information Technology Flashcards Preview

BEC > Information Technology > Flashcards

Flashcards in Information Technology Deck (103):

Which IT personnel roles should always be segregated?





What are the duties of a systems analyst?

Designs or purchases IT system

Responsible for flowcharts

Liaison between Users and Programmers

Note: Think IT Manager


What is the primary duty of a Systems Administrator?

A Systems Administrator controls database access.


What are the duties of a Systems Programmer?

Writes- Updates- Maintains- & Tests software- systems- and compilers


Which duties should a Systems Programmer NOT have?

In order to maximize internal control- a Systems Programmer should NOT have application programming duties/abilities or be an Operator on the system.


What are the duties of a Systems Operator?

Schedules and Monitors Jobs

Runs IT Help Desk


What duties should a System Operator NOT have?

For internal control purposes- they should not be a Programmer on the system.


If it is not possible to segregate duties in an IT System- what actions should be taken to compensate for internal control purposes?

Include Computer Logs.

Control Group should review the logs.


What is the purpose of a Management Information System (MIS)?

To assist with decision making.


What is an Accounting Information System (AIS)?

A type of Management Information System (MIS) that processes accounting transactions.


What are the characteristics of an Executive Information System (EIS)?

Specialized for Company Executive needs

Assists with Strategy Only

No Decision-Making Capabilities


What are the characteristics of an Expert System (ES)?

Computer uses reasoning


No human interpretation needed


What are the characteristics of a Decision Support System (DSS)?

Computer provides data

Gives Interactive Support

Human interpretation needed


What are the characteristics of an Ad Hoc computer report?

User initiates the report.

The report is created upon demand.


When are Exception reports generated?

Exception reports are produced when Edit Tests- Check Digits- or Self-Checking Digits identify a problem


What is a query?

A type of Ad Hoc report- initiated by a user.


What is End-User Computing?

The User develops and executes their own application.


What is the primary benefit of E-commerce?

E-commerce makes business transactions easier.


What are the risks of E-commerce?

Compromised data or theft.

Less paper trail for auditors.


What are the benefits of Electronic Data Interchange?

Uses globally-accepted standardsEfficient
EDI: more expensive, secure, slower batch, VAN( private)


What is a File Server?

A file server stores shared programs and documents.


What is the purpose of a Database?
Database : files that are interrelated and coordinated

Located on a File Server- a Database allows users to share documents.


What is the purpose of a LAN (Local Area Network)?

It connects computers in close proximity.


What is the purpose of a WAN (Wide Area Network)?

It connects computers that are far apart.


What are the characteristics of a VAN (Value-Added Network)?

Privately-owned Network

Serves as 3rd Party Between 2 Companies

Routes EDI Transactions

Accepts wide range of Protocols

Very Costly


What is the purpose of a Firewall?

Prevents unauthorized access to a network.


What are the characteristics of a virus?

Takes over a computer

Needs a host program to run


What are the characteristics of a computer worm?

Takes over multiple computers

Doesn't need a host program to run


What is the purpose of Automated Equipment Controls?

They prevent and detect hardware errors.


What is RAM?

Random Access Memory.

Internal memory in the computer used during immediate processing.


What is a CPU?

Computer Processing Unit

It processes commands within a computer.


What is Job Control Language?

It schedules and allocates system resources.


What are examples of input devices?

Magnetic Ink Reader
Magnetic Tape Reader
Point of Sale Scanner


What are examples of Output Devices?





What are the characteristics of Magnetic Tape storage?

Sequential Access - Sorts data in order

Slower data retrieval

Header Label prevents Operator error by loading wrong tape

External Labels prevent accidental destruction by operator


What are the characteristics of Magnetic Disks?

Random Access - Finds data in random spots

Faster data retrieval

Uses Boundary Protection for data


What is a Gateway?

Connects one network to another

Note: the Internet is connected by Gateways


What are Parity Checks?

A control that detects internal data errors.

A bit is added to each character- it checks to see if a bit was lost.


What is an Echo Check?

Transmitted data is returned to the sender for verification (it echoes back to the sender)


What is a Change Control?

It authorizes program changes and approves program test results.


What is security software?

Software that controls access to IT systems.

Note: Don't confuse this with anti-virus software


What is the purpose of a Digital Signature?

It confirms a message has not been altered.


List the types of computers from smallest to largest


Microcomputer - PC- Laptop (cost-effective)

Minicomputer - Like a Mainframe- but smaller

Mainframe - Large computer with terminals attached

Supercomputer - Very powerful and very big


What are the units of computer data from smallest to largest?

Bit - 1 (on) and 0 (off)
Byte - 8 bits to a byte/character
Field - group of related characters/bytes (i.e. Name- Zip Code- Serial #)
Record - Group of related fields (i.e. Member name- address- phone number)
File - Group of related records (i.e. Membership directory)


What is the duty of a design engineer?

Determine language used for a specific computer- on a computer-to-computer basis


What are object programs?

Programs written in base computer language- not similar to English.


How can source programs be recognized?

They are written in a language close to English.


What is the purpose of a Compiler?

Takes Source language (English) and converts to Object (Computer) Language


How does Online Analytical Processing work?

It uses a Data Warehouse to support management decision making.


What is Data Mining?

Using artificial intelligence and pattern recognition to analyze data stores within a Data Warehouse.


What is the purpose of online transaction processing?

To process a company's routine transactions - master files updates as transaction entered
Req random access storage device
Immediate processing - point of sale/ supermarket/ retail


What are the characteristics of batch processing?

Data held- updates multiple files all at onceLeaves a better audit trailUses Grandfather-Father-Son backup (3 levels of backup kept in 3 locations)
Always a time delay
Often used in traditional system - payroll; GL system - data do not need to be current all the time
Compare manual and computed generated bacth control totals
Uses both random access and/or sequential


What does an output control check for?

Checks to see if output data is valid- distributed and used in an authorized manner.


What does a processing control check?

Checks if data processing produced proper output


What is a hash total?

An input control number- a meaningless sum of values included in the input.

Example would be summing a list of SSNs to make sure the data is the same once entered as it was prior to input into the system.


What is a validity check?

Checks to see if data in existing tables or files belongs in the set

For example- is there a # in an alpha-only field or a letter in a numeric-only field


What is a limit check?

Checks to see if numbers surpass a certain limit- i.e. in an age field is the number greater than 110.


What is a check digit?

An input control that adds an identification number to a set of
digits - usually at the end


What is a field check?

An input check that prevents invalid characters- i.e. checks for alphabetic letters in a SSN field


What is a Hot Site?

A disaster recovery system where if the main system goes down- a Hot Site is ready to take over immediately.


What is a Cold Site?

If a main system goes down- a Cold Site will take time to get set up and running.


What is the most common database language?

SQL - Structured Query Language


What is a Data Definition Language?

Defines SQL Database

Controls SQL Tables


What is a Data Manipulation Language?

Queries SQL Database tables


What is a Data Control Language?

Controls Access to SQL Database


What are the characteristics of a Relational Database?

Logical structure

Uses rows and columns similar to spreadsheet


What are the characteristics of a Hierarchical Database?

Has various levels

Uses trees to store data


What are the advantages of a database?

Data is more accessible

Reduced redundancy


What are the disadvantages of a database?

Cost of installation

Skilled personnel required to maintain


What are the components of a database?

Desktop client

Application Server

Database Server

Think: Your desktop computer runs applications and saves to a database


Data input : input verification

trace data to appropriate supporting evidence contributes to validation of the accuracy of the transaction and its authorization


Data processing - transactions processed to keep info curent

whats done to the data: addition, update, and deletion.

methods: batch processing and OLRT


System development life cycle (SDLC)

framework for planning and controlling the detailed activities associated w system development. Ex: waterfall approach



System Analysis - first step
Design - conceptual and physical
Operations and Maintenance


Participants in Business Process Design

-Management - top lvl
-Info system steering committee: oversee. high lvl management : controllers, user dptment management. set gov policies for AIS, ensure top mgment participation, and facilitate integration of info system
-Project development team - responsible for successful design and implementation of bus system
-External Parties: major customers or suppliers


Control objectives for information and related technology : COBIT

measures, indicators, processes and best practices to max benefit of information technology


COBIT framework ( 5 )

1) Business objectives: effective decision support, compliance
2) Governance objectives: strategic alignment, value delivery, resource management, risk management, performance measure
3) Information criteria : ICE RACE: integrity, confidentiality, efficiency, reliability, availability, compliance, and effectiveness.
4) IT resources: applications, information, infrastructure, people
5) Domains and Processes: PO AIDS ME


Control Monitoring:
General Controls

apply to org lvl / control environment and includes:
*system development standards
*security management
*change management procedures
*software acquisition, development, operations, and maintenance controls

general controls that regulate the computer activity: Segregation of duties, proper authorization of transactions, and safeguarding assets


Control Monitoring:
Application Controls

application specific subject to I/C - authority, recording, and custody

Prevent, detect, and correct transaction error and fraud

provide reasonable assurance as to the system: accuracy, completeness, validity, and authorization


Input controls - make sure data is reliable (integrity)

Data validation at field lvl: edit checks, meaningful error messages, input masks, ect

Prenumering forms, making it possible to verify that all inputs is accounted for and that no duplicate entry exists

Well-defined source data preparation procedures. Ex collect and prepare source docs, but sometimes no source doc exist bcoz data entered via web application


Processing Controls

-Data matching
-File labels
-Recalculation batch totals
-Cross footing and zero balances
-Write-protection mechanism: against overwrite or erasing
-Database processing integrity procedures - procedures for accessing and updating database by administrators, concurrent updates protect records from errors when two users attempt to update same record


Outputs controls:

-User Review of output
-Reconciliation procedures (input control totals vs output control totals)
-External data reconciliation - payroll database and ficticious employees
- Output encryption - reduce data interception, error. protect data authenticity and integrity. ex: parity check and message ackwoledgement


Managing Control Activities/ Control procedures - controls related to use of information technology resources

*Appropriate segregation of duties to reduce opportunies to anyone to both perpetrate and conceal errors in the normal course of his/her duties

* Design and use adequate docs and records to help ensure proper recording of transactions

* Limit to asset access in accordance to management's authorization. Ex data librarian controls production data and allow access to it only to authorized ppl

* Info processing controls to ensure proper authorization, accuracy, and completeness of individual transaction.

* Implementation of security measures and contingency plans: security measures/ data security prevent and detect threats - authorization needed to access, change, and destroy storage media. Contingency plans to minimize disruptions of processing while maintaining data integrity.


Technologies and Security management features

*Safeguard Records and Files
*Backup files: son-father-grandfather, backup of system that can be shut down, and that do not shut down
*Uninterrupted Power Supply
*Program modification controls: track program changes and prevent changes from unauthorized ppl used in production applications
*Data encryption : digital certificates, digital signatures
*Managing passwords: length, complexity
*User Access: initial access, change in position access


Security Policies - how to protect info

secure info in stored info, processed info, and transmitted info

Program lvl policy - highest lvl
Program framework policy


Risk Event identification

Strategic - choose inappropiate technology
Operating - do right things in wrong way
Financial - resources lost, wasted, stolen
Information - loss data integrity, incomplete transaction, hackers
Specific risks: errors, intentional acts, disasters


Risk assessment and control activities

Risk - possibility of harm or loss
Threat - danger
Vulnerability - renders system susceptible to a threat
Safeguards and controls: policies and procedures to reduce vulnerability
Risk assessment: first assess risks and then they can be managed.
Evaluation and types of controls


Risk assessment - steps

1) identify risks
2) evaluate possibility that threat will occur
3) evaluate exposure - potential loss from threat
4) identify controls to guard against threats
5) evaluate costs and benefits of implementing controls
6) implement controls that are cost effective


Access Controls

limit access to program documentation, data files, programs, and computer hardware to those who require it in the performance of their job responsibilities.
Include multilevel security, user identification, user authorization (passwords), limited access room, use of file-level access attributes and firewalls.


Physical Access

access to computer rooms limited to computer operators and other IT ppl. Restriction by specially coded ID cards or keys to entry. Manual key locks. ID cards can be lost or stolen


Electronic Access - unathorized access to data and application programs

User identification codes - w change of passwords. backdoors should be eliminated.

Disconnect hardware devices and deactivate use ID when consecutive failed attempts to access to system occur

Req hardware devices to log-off when not in use or automatically log them off after inactive for certain time

Use password scanning to detect weak passwords

Req dual authentication. ex log in and use a code that was sent by text msg.

File-lvl access attributes: ex. read only access

Firewalls : protect against unauthorized access - hardware and software. Packet filtering (examine data coming in according to established rules
), circuit level gateways (allow data inside network only when inside computer request it). Application gateway/ Proxy (examine data in a more sophisticated way - more secure but slow)


Disaster recovery steps

assess risks
identify mission critical application and data
develop plan for handling mission critical application
determine responsibility of ppl involved
test disaster recovery plan


Internal check

Examples of internal checks are as follows:

Limit check, which identifies if data have a value higher or lower than a predetermined amount
Identification, which determines if the data is valid
Sequence check, which checks sequencing
Error log, which is simply an up-to-date log of all identified errors
Transaction log, which provides the basic audit trail
Arithmetic proof, which computes the calculation in order to validate the result - recalculation


Edit checks

accuracy checks performed by an edit program.

accuracy controls include the following:

Use of a current, approved price list
Verification of multiplication and addition
Matching of quantities ordered, received, and invoiced


A DBMS (database management system)

A tool - consists of computer program(s) for organizing, accessing, and modifying a database. It is a collection of programs that enables users to store, modify, or extract information from a database.

A database is a collection of interrelated information that can be used for a variety of purposes. A database is managed by a computer program called a database management system (DBMS).


data security of an online computer system protected by an internal user-to-data access control program

Security dependent upon the controls over the issuance of user IDs and user authentication is the key to enforcing personal accountability


Data integrity

relates to using data for its intended purpose. A local area network would promote data integrity by making data available only to those users having a legitimate reason for access. Centralized access controls would help promote data integrity.

Integrity is the protection of data from unauthorized tampering


Online access controls

Online access controls are absolutely essential in controlling access to and operation of modern computer systems. These controls include:

*user code numbers that restrict access to only authorized users,
*passwords that create a second barrier for access after user code numbers, and
*lists of files and programs along with lists of the type and extent of access a user is entitled to have to those files and programs.


Enterprise resource planning (ERP)

integrates all aspects of an organization's activities into one accounting information system. By combining financial and nonfinancial information, the entity can be more flexible and responsive while having more information available for decision making.
however changes to one module can flow throughout the system


Run-to-run controls

for an online system are able to accumulate separate totals for all transactions processed during the day and then agree the totals to the total of items accepted for processing.

One-for-one checking generally requires manual comparisons of input data elements to processing results.


general controls: user authentication procedures

seeks to determine if the person seeking access is who they say they are. Password masking is a part of this process. Password masking is the technique of either hiding the password as it is typed or displaying other characters so that observers cannot see what characters the user is actually entering.


Public Key Infrastructure (PKI)

PKI refers to the system and processes used to issue and manage asymmetric keys and digital certificates


compatibility test for users

procedure for checking a password to determine if its user is authorized to initiate the type of transaction or inquiry he or she is attempting to initiate.

Use of a compatibility test for users would assure that an employee used a CRT only for purposes related to that employee's job description. For example, an accounts receivable clerk would not be allowed access to inventory or fixed asset records since those records would not be compatible with the duties of an accounts receivable clerk.