Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

BEC IV > 4-2. Protection of Information > Flashcards

4-2. Protection of Information Flashcards

1
Q

IT policies: what must it be link to?

A

To entity’s strategy and objectives.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

IT policies: what does it need?

A
  • An owner who is responsible for ensuring that the policy is operating and is updated
  • A process for evolving with change
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

IT policies: what should it include?

A

A title, purpose, scope and context, stmts of responsibilities, time for updating.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

IT policies: According to COSO, what are policies?

A
  • Central to internal control
  • Reflect management’s intentions re: actions
  • Procedures are actions to implement policies
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

IT policies: purposes?

A
  • Help establish a shared organizational understanding of IT
  • Help in managing cyber risks
  • Particularly valuable in decentralized or geographically distributed entities
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

IT policies: what are 4 important policies?

A
  1. Values and service culture: expectation of IT function personnel in interactions with clients and others
  2. Contractors, employees and sourcing: why, when and how entity selects IT human resources from employees vs. outside contractors (i.e. IT sourcing and outsourcing policy)
  3. Electronic communications use: policy related to employee use of the Internet, intranet, email, blogs, chat rooms and telephones
  4. Use and connection policy: entity’s position on the use of personal devices and applications in workplace and connection to the entity’s systems
  5. Procurement: policy on procurement processes for obtaining IT services
  6. Quality: Stmt of IT performance stds (e.g. we will respond to IT calls within a certain amount of time etc)
  7. Regulatory compliance: Stmt of regulatory requirements for IT systems (i.e. in banking or investment systems or related data privacy)
  8. Security: policy related to guarding against physical or electronic threats to IT. May include disaster recovery preparation policies
  9. Service management and operational service problem solving: policies for ensuring quality of live IT services
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

IT policies: what are things that included in monitoring?

A
  • May include internal audit staff
  • May be continuous or periodic
  • Analysis (monitoring) of IT help calls and operational reports provide evidence of policy noncompliance, use, and understanding
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is E-business?

A
  • Business process that relies on electronic dissemination of information or automated transaction processing
  • Uses Internet to improve business performance through connectivity.
  • Can be within or between organizations
  • Most via the Internet using web-based technologies
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is E-commerce?

A
  • Narrower - Transactions between organization and trading partners
  • Marketing, buying, and selling of products and services via the Internet
  • Relies on intermediaries or brokers to facilitate the sales transaction (e.g. eBay)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is the relationship between E-business and E-commerce?

A

E-commerce = subcategory of E-business.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is B2B?

A

Business-to-business: A type of e-commerce
e.g. e-processing of business transactions, electronic data interchange (EDI), supply chain management (SCM), and electronic funds transfer (EFT).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is B2C?

A

Business-to-consumer e-commerce: selling goods and services to consumers, usually on Internet and web-based technology.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is B2E?

A

Business-to-employees e-commerce: sharing information and interacting with employees often using intranet.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is B2G?

A

Business-to-government e-commerce: e.g. contract biding, property disposal, audit procurement.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

EC: What is a critical requisite?

A

Trust in trading partners, site or service provider

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

EC: risks?

A
  • Availability/downtime
  • Privacy, security and confidentiality
  • Authentication and nonrepudiation (after fact, one can’t claim that transaction never occurred)
  • Integrity
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

EC: risks of failing to implement EC?

A
  1. Customer go elsewhere
  2. Limited growth
  3. Limited markets
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

EC: what are business models?

A
  1. E-marketplaces and exchanges
  2. Viral marketing
  3. Online direct marketing
  4. E-tendering systems
  5. Social networking
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

E-commerce applications: what are common examples?

A
  • Customer Relationship Management (CRM)
  • Electronic Data Interchange (EDI)
  • Electronic Funds Transfer (EFT)
  • Supply Chain Management (SCM)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

E-commerce applications: what is CRM?

A

*Technologies for managing client relationships
E.g. Customer data, profitability, personalized marketing
*Database of customer data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

E-commerce applications: CRM: how is database for customers are used?

A
  • Salesforce automation: tracking contacts and follow-ups
  • Marketing automation: e.g. Kroger promoting grocery products only to interested customers)
  • Customer service automation: automating common customer interactions
  • Analytics: sales history and projections, marketing campaign success, trends, and performance indicators
22
Q

E-commerce applications: What is EDI? What does it facilitate?

A
  • Computer-to-computer exchange of business data
  • Structured data and processing protocols to reduce costs and speed processing
  • Facilitates JIT (just-in-time) inventory: e.g. Walmart and suppliers (direct EDI connections)
23
Q

E-commerce applications: EDI: what is the intermediaries used?

A

Value added network (VAN).

Most EDI transactions on VANs, which provide audit trails, controls, and security.

24
Q

E-commerce applications: EDI: What is needed to converts format between standardized EDI format and internal company format?

A

Translation software.

25
Q

E-commerce applications: EDI benefits?

A
  • Paperless (save storage, filing, processing costs)
  • 0 data entry
  • Reduce errors in information exchange
  • Required by some customers (e.g. Walmart)
  • Real-time data, no delays = faster invoicing and pmts
26
Q

E-commerce applications: EDI costs?

A
  • Business costs: search (locating e-partners and vendors), legal (new contracts)
  • People and procedure costs: internal policies (process reengineering), training, security, audit, and control procedures
  • Hardware, software, data costs: hardware (e.g. servers, communication and network devices), translation and other software, data transmission
27
Q

E-commerce applications: E-banking: what is required of management of e-banking?

A
  • Senior management and Board of Directors oversight
  • Technology under senior IT leadership
  • Operational management monitoring and measuring risk
28
Q

E-commerce applications: what is EFT?

A

Technology for electronically transferring money (no paper money or checks)

29
Q

E-commerce applications: EFT purpose?

A

Increase speed and reduce cost

30
Q

E-commerce applications: EFT examples?

A
  • Retail pmts (e.g. credit cards, often by POS point-of-sale terminals)
  • Direct deposits
  • Automated teller machine (ATM) transactions
  • Federal Reserve wire transfers
31
Q

E-commerce applications: EFT: who is usually intermediary between company and banking system?

A

Third-party vendor

32
Q

E-commerce applications: EFT: where are transactions processed through?

A

Automated Clearing House (ACH) network = transfer that connects all US (and most non-US) financial institutions.

33
Q

E-commerce applications: EFT: what is the security measure?

A
  • Data encryption for transmission = very important
  • Token-based pmts systems (similar to EFT but different rules): can be anonymous
  • Electronic wallets: programs for managing credit cards, user names, passwords and address info in easy-to-use, centralized location (e.g. RoboForm, integrated into browsers)
34
Q

E-commerce applications: what is SCM?

A
  • Process of transforming raw materials into finished product and delivering goods
  • Process of planning, implementing, and controlling supply chain operations (include activities from purchase and storage of raw materials, through the production process, into finished good through to the point of consumption).
35
Q

E-commerce applications: what does SCM often include?

A

EDI.

36
Q

What is CSP?

A

Cloud Service Provider.

37
Q

ERM for Cloud computing: why do many organization contract for cloud services without understanding the complexities and risks?

A

Because buying cloud services is easy.

38
Q

ERM for Cloud computing: it begins with what?

A

Clear objectives and a well-structured plan.

39
Q

ERM for Cloud computing: what should cloud computing plan include?

A
  • Strong cloud governance structure and reporting model
  • Assessment of internal IT skills
  • Well-defined, entity risk appetite
  • Consider legal, regulatory, and operational risks (Most organizations will include senior management and IT steering committee in this analysis = if risk is substantial, conduct board discussion)
40
Q

ERM for Cloud computing: when should risk assessment and analysis begin?

A

Before contracting for services.

41
Q

ERM for Cloud computing: Is cloud computing internal or external?

A

Except for internal, private cloud, it’s IT outsourcing.

  • Public clouds are >inherent risk than private clouds
  • Risk analysis considers inherent risk of outsourcing part of IT system
42
Q

ERM for Cloud computing: what do effective cloud solutions consider?

A
  • Relevant business processes: e.g. sales, product development, manufacturing, distribution, procurement, payroll, financing
  • Deployment model: e.g. public, hybrid, private
  • Service delivery model: SAAS (software as a service), PAAS (platform as a service), IAAS (infrastructure as a service)
43
Q

ERM for Cloud computing: what are 4 risks?

A
  1. Unauthorized cloud activity
  2. Lack of CSP transparency
  3. CSP reliability and performance
  4. Cyber-attack
44
Q

ERM for Cloud computing: what is the response to unauthorized cloud activity risk?

A

Preventive and detective controls to prevent unauthorized procurement of cloud services.

  • A cloud use policy: how, when, and for what users, cloud computing is allowed
  • A list of approved cloud vendors
  • Policy: who can contract for cloud services and under what conditions
45
Q

ERM for Cloud computing: what is the response to lack of CSP transparency?

A

Vendor selection and assessment of CSP controls.

46
Q

ERM for Cloud computing: lack of transparency: who should be on the approved vendor list?

A

Approved list of cloud vendors should include only those who provide sufficient info to enable informed risk assessments of the integrity of CSP operations.
*List of required info from CSP may depend on type of service provided (i.e. IAAS, SAAS, PAAS)

47
Q

ERM for Cloud computing: lack of transparency: what are potentially relevant vendor info?

A
  1. References
  2. Info about appropriate usage
  3. Performance data - description
  4. Network infrastructure - description
  5. Data center - description
  6. Security protocols, policies, and procedures
  7. Data segregation
  8. Compliance policies
48
Q

ERM for Cloud computing: what is the response to CSP reliability and performance?

A
  • Effective incident management plan and procedure
  • Contract with backup CSP in case of system failure with primary CSP
  • Implement CSP availability monitoring: compliance with contract
49
Q

ERM for Cloud computing: what is the response to cyber-attack?

A

Incident management plan that consider increased likelihood of attack on CSP

  • Store only nonessential, non-sensitive data on CSP platform
  • Deploy encryption on all cloud-hosted data
  • Contract with backup CSPs in the event of a hack on the primary CSP
50
Q

ERM for Cloud computing: define cloud computing.

A

Using a network of remote servers hosted on the Internet to store, manage, and process data, rather than a local server or in-house network.

51
Q

ERM for Cloud computing: define CSP.

A
  • Cloud service providers offer network service, infrastructure, or business applications in the cloud
  • Hosted in a data center than can be accessed by companies or individuals using network connectivity

BEC IV (12 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions