Flashcards in IT Chapter 3 Deck (30)
Loading flashcards...
1
Where is the greatest information security risk?
Accidental employee error.
2
What are the three control environment sub componenets?
Managerial philosophy
Org Structure
Steering committee
3
What is logical security concerned with?
Safeguarding software to protect software and data.
4
What is org security concerned with?
Segregating the functions of the IS department and the end user
5
Restricting documentation, hardware and data follows into what control?
Access control
6
What are output controls there for?
Procedures ensure the accuracy of output including reports, data updates.
7
What is SOX? What is the policy in Canada?
Requirement to have external auditors examine the internal controls. In Canada, does not have to be external auditors.
8
What is COBIT a governance model of?
IT Governance.
9
What is a disaster recovery plan?
Set of policies and procedures to protect and recover IT infrastructure in the even of disaster.
10
What is Infrastrcture-as-a-service?
Cloud-computing categary where an org oursoucres hardware, storage, servers and networking to a service prodiver.
11
What is the most common computer crime?
Input manipulation
12
What is program manipulation?
Involves changing or altering existing programs in the computer system or inserting new programs.
13
What is the salami technique?
Nearly unnoticeable thin slices of financial transactions are repeatedly removed and transferred to another account.
14
What is the focus of a financial audit?
Focused on providing reasonable assurance over financial records and documentattion of financial information.
15
What is an IT audit?
Evaluates if information systems are safeguarding assets, and maintaining data integrity.
16
What are the stages of a financial audit?
1.Client acceptance
2. Audit planning stage
3. Control testing stage
4. Substantive testing stage
5. Opinion formulation stage
17
What are the auditing process for IT audits?
1. Physical and environment review
2. System admin review
3. Network security review
4. Business continuity review
5. Data integrity review
18
What is substantive testing?
Focuses on finding direct evidence that certain activities are happening as they should.
19
What does CAAT stand for?
Computer assisted audit techniques
20
What are the functions of CAAT?
Can sift through records looking for patterns.
100% verification
Detect fraud.
21
Which two control procedures are classified as access,input, processing, output, procedural and documentation control procedures?
Physical and logical
22
What are three features of physical security?
Safeguarding hardware
Network authentication of users
Server room security
23
What is the subset goal of data input controls?
To protect data integrity
24
What are the two most common IT governance framework for SOX compliance?
COBIT and COSO
25
What has resulted in simplifying disaster recovery plans?
Virtualization
26
What is the formal term for the collected techniques of securing communications?
Cryptology
27
Three types of data processing fraud?
Input, program, output
28
What is the main focus of substantive testing?
Direct evidence that certain activities such as calculations are happening as they should.
29
What is the most common BI method deployed using CAAT?
Pattern recognition.
30
