System Design and Other elements Flashcards Preview

BEC2015 > System Design and Other elements > Flashcards

Flashcards in System Design and Other elements Deck (11):
1

What is COBIT?

COBIT - Control Objectives for Information and Related Technology framework was created by the information Systems Audit and Control Association - ISACA and the IT Governance Institute (ITGI) in 1992. It has been updated several times as technology changes. COBIT 5 was released in 2012 - the most recent.

2

What does COBIT entails?

The framework provides managers, auditors, and IT users with a set of measures, indicators, processes and best practices to maximize the benefit of information technology.
In addition, the COBIT framework is intended to assist in the development of appropriate IT governance and IT management within an organization.

3

Hows if the COBIT framework is organized?

The framework is organizes as follows:
1. Business Objectives
2. Governance Objectives
3. Information Criteria
4. IT Resources
5. Domains and Processes of COBIT

4

What are the Business Objectives of COBIT?

Might include, but not limited to:
1. Effective decision support
2. Efficient transaction processing
3. Compliance with either reporting requirements (tax) or information security requirements.

5

What are the Governance Objectives of COBIT?

The framework anticipates that IT governance will reframed by the following 5 focus areas:
1. STRATEGIC ALIGNMENT - linkage between business and IT plans. Includes defining, maintaining, and validating the IT value proposition, with a focus on customer satisfaction.
2. VALUE DELIVERY - includes the provision by IT of promised benefits to the organization, while satisfying its customers and optimizing costs.
3. RESOURCE MANAGEMENT - focuses on the optimization of knowledge and infrastructure.
4. RISK MANAGEMENT - risk awareness by sr. management, characterized by understanding risk appetite and risk management responsibilities (event ID, risk assessment, and responses). Risk management begins with identification of risk, followed by determining how the company will respond to risk. The company can avoid, mitigate, share, or ignore.
5. PERFORMANCE MEASUREMENT - include tracking and monitoring strategy implementation, project completion, resource usage,process performance, and service delivery. It is important to define milestones and/or deliverables trough the project so that progress toward completion can be measured.

6

What are the Information Criteria of COBIT?

the business requirements for information (ICE RACE)
Integrity
Confidentiality
Efficiency
Reliability
Availability
Compliance
Effectiveness

7

What are the IT Resources of COBIT?

IT uses clearly defined processes to deploy people skills and technology infrastructure to run automated business applications and leverage business information. The resources and the processes are collectively referred to as enterprise architecture for IT.
1. application
2. Information
3. Infrastructure
4. People

8

What are the Domains and Processes of COBIT?

COBIT defines IT processes within the context of 4 domains that direct the delivery of solutions and services and ensure that directions are followed.
PO - Plan and Organize - provides direction to solution
and service delivery
AI - Acquire and Implement - provides solution of IT
needs
DS - Deliver and Support - provides svcs - translate
solution into svs received.
ME - Monitor and Evaluate - Ensure direction provided
in the planning and organizing
steps are followed in the
solution and svs processes

9

What are the controls in IT's Control Monitoring?

They are:
1. General and Applications controls
2. Input controls
3. Processing controls
4. Output controls
5. Managing the control activities

10

What are the General and Application controls in control monitoring?

GC tend to be system wide, they are designed to ensure that an organization's control environment is stable and well-managed, and include:
a. System development standards
b. Security management controls
c. Change management procedures
d. Software acquisition, development, operations, and maintenance.
AC focus on specific application, they prevent, detect, and correct transaction errors and fraud, providing reasonable assurance as to system:
a. Accuracy
b. Completeness
c. Validity
d. Authorization

11

What are the Input Controls in Control Monitoring?

The following source data controls regulate the integrity of input, which crucial to accurate and complete output.
1. Data validation at the field level - edit checks, meaningful error messages, input masks, etc.
2. Pre numbering forms - input is accounted for, no duplicates exist.
3. Well-defined source data preparation procedures