Safeguard Flashcards Preview

Accounting Information Systems > Safeguard > Flashcards

Flashcards in Safeguard Deck (11):
1

10 Domains of Cybersecurity

1) Legal, regulatory, compliance and investigation
2) Information security and risk management
3) Security architecture and design
4) Telecommunication, network and internet
5) Access
6) Operations security
7) Physical and environmental security
8) Application security
9) Business continuity and disaster recovery
10) Cryptography

2

1) Legal, regulation, compliance and investigation

Cybercrimes = connected to information assets and IT (Salami Attacks, Social Engineering, Dumpster Diving, Password Sniffing)

Cyberlaws = laws and regulations to prevent,investigate, and prosecute cybercrimes. Most are protecting consumer privacy.

Cyber forensics = involves collecting, examining, and preserving evidence of cybercrimes.

3

2) Information security and risk management

Information security and risk management = preventive and proactive measures taken to prevent cybercrimes

Information security = policies and procedures required to secure information assets, including IT hardware, software, and stored data.

Information risk management = manages the risk related to information assets and IT and is part of the larger enterprise risk management (ERM).

Principles = Confidentiality, Integrity and Availability

3 Controls = Administrative, Technological/Logical, Physical

4

3) Security architecture and design

Security architecture and design = security for IT architecture of computers, networks, and databases

5

4) Telecommunication, network and internet

Telecommunication, network and internet = relate to data transmission

Network access points (NAP) = Routers, bridges, and gateways

Firewalls = Software programs that control traffic
between two networks can be installed on these
routing devices to prevent unauthorized access

6

5) Access

Access = security for access to enterprise system (computers, networks, routers and databases)

4 Principles: Identification, Authentication, Authorization, and Accountable

Threats - Network sniffers (devices that examine traffic on network), Phishing (social engineering to fish personal info), Identity Theft (impersonate to do fraud), Password Attacks, Fake Log-In windows

Fix Attempt -Intrusion prevention systems (IPS) = to prevent cyberattacks from occurring

7

6) Operation Security

Operation Security = activities and procedures to keep IT running securely.

8

7) Physical and environmental security

Physical and environmental security = literal security via physical components ad Information assets. (Ex. natural environmental disasters, supply system threats, man-made threats and politically motivated threats)

-Build grounds to protect assets and deter intruders

9

8) Application Security

Application Security = security and controls for application software, including input, processing, and output (Ex. accounting spreadsheet software)

Threats -Malware (malicious software) = spread throughout an enterprise system by email, fake advertisements, Internet downloads, and shared drives (Bots, Worms, Logic Bombs, Virus, Trojan Horses, Spam)

10

9) Business continuity and disaster recovery

Business continuity and disaster recovery = minimize disruption, damage and loss, provide temporary method for business, resume normal operations quickly

-Accounting data backups are critical and should be
scheduled on a regular basis.

Grandfather-Father-Son method involves making multiple backups, one each day

11

10) Cryptography

Cryptography= secure data during transmission and storage, ensure confidentiality, maintain integrity. Encoding data in a form that only sender and intended receiver understand. (Algorithm + Key)

Encryption = method of converting plaintext data into an unreadable form called ciphertext.

Ciphertext = converted back to plaintext using decryption.