After Midterm (Ch. 9, 10, 11)

Question 1

1992 COSO Report

Answer 1

a committee established to develop a common definition for internal control and to provide guidance for judging the effectiveness, and improving it

Question 2

Antivirus software

Answer 2

Computer programs that end users typically install in their microcomputers to detect and remove virues’

Question 3

Applet

Answer 3

A small program stored in a web page and designed to run by web browser software; Good applets- allow users to play games and perform tasks. Bad applets- contain viruses

Question 4

Application controls

Answer 4

a major category of computer controls that are designed and implemented to prevent, detect and correct errors

Question 5

Audit Command Language (ACL)

Answer 5

a specialized software tool to help auditors preform auditing tasks that require analysis of financial data

Question 6

Batch control testing

Answer 6

a manual total that is compared to a computer total to determine whether data were processed correctly

Question 7

Biometric ID

Answer 7

a form of access control used to eliminate the hassles and security vulnerabilities associated with driven password management (fingerprints, eye scan)

Question 8

Boot- sector virus

Answer 8

a virus that hides in the boot sector of a disk, where the operating system.

Question 9

Business Continuity Plan (BCP)

Answer 9

Managements policies and procedures to continue to organization

Question 10

Cold Backup

Answer 10

a backup that is performed while the database is off-line and unavailable to its users

Question 11

Cold site

Answer 11

location where power and envrionmentally controlled space are available to install processing equipment on short notice

Question 12

Computer crime

Answer 12

the manipulation of a computer or computer data by whatever method, to dishonestly obtain money, property, or some other advantage of value

Question 13

Computer worm

Answer 13

computer virus that does not actually destroy data, but merely replicates itself repeatedly until the user runs out of the internal memory or disk space

Question 14

Consensus- based protocols

Answer 14

a fault tolerant systems that contain an odd number of processors

Question 15

Control environment

Answer 15

component of internal control that establishes the tone of a company, which influences the control awareness of the company’s employees

Question 16

Control Objectives for Information and Related Technology (COBIT)

Answer 16

framework and method undertaken by the IT Governance Institute to develop a standard for internal control evaluation relative to IT

Question 17

Cookie

Answer 17

a small text file that stores information on your computer about your browsing habits and interests

Question 18

Corporate governance

Answer 18

managing an organization in a fair transparent and accountable manner to protect the interests of the stakeholders

Question 19

Corrective controls

Answer 19

control procedures within a company’s internal control system that are designed to remedy problems discovered through detective controls

Question 20

Data Diddling

Answer 20

changing data before, during or after they are entered into a computer system

Question 21

Data encryption

Answer 21

scrambling the data in a message in a systematic way in order to prevent competitors from electronically monitoring data transmissions

Question 22

Demand draft

Answer 22

commonly used to pay monthly bills

Question 23

Denial-Of-Service (DOS) attack

Answer 23

an attack on an online company when hackers “flood” the company’s website with bogus traffic in order to take the site offline and make it unavailable to users

Question 24

Detective Controls

Answer 24

control procedures within a company’s internal control system that provide feedback to management regarding whether or not operational efficiency has been achieved

Question 25

Disaster recovery

Answer 25

part of contingency planning that describes the procedures to be followed in order to reinstate the mission-critical systems for a business to operate

Question 26

Disk mirroring

Answer 26

also known as disk shadowing; writing all data in parallel to two disks

Question 27

Disk Shadowing

Answer 27

also known as disk mirroring; writing all data in parallel to two disks

Question 28

Dumpster Diving

Answer 28

a method of stealing personal identity from garbage cans or from delivered or outgoing mail left in mailboxes.

Question 29

Edit Programs

Answer 29

also called “input validation routines”; programs or subroutines that check the validity and accuracy of input data after the data have been entered and recorded on a machine-readable file

Question 30

Edit Tests

Answer 30

tests that examines selected fields of inout data and reject those transactions whose data fields do not meet the pre-established standards of data quality

Question 31

Electronic eavesdropping

Answer 31

unauthorized access to a computer system and its data to observe transmissions intended for someone else

Question 32

Electronic Vaulting

Answer 32

backup copies of files that are electronically transmitted to a remote site rather than physically delivering these media to an off-site storage location

Question 33

Enterprise risk management (ERM)

Answer 33

helps an organization determine if their objectives are aligned with their strategy and that goals are consistent with the level of risk the organization is willing to take

Question 34

Ethical hacker

Answer 34

network and computer experts who purposefully attack a secured system to help its owners find any vulnerabilities that could be exploited.

Question 35

Expected loss

Answer 35

loss expectation based on estimates of risk and exposure

Question 36

Fault-tolerant system

Answer 36

systems designed to tolerate faults or errors that are often based on the concept of redundancy

Question 37

Firewall

Answer 37

a software program or hardware device designed to prevent unauthorized data communications between hackers and the information resources

Question 38

Hacker

Answer 38

a person who breaks into the computer files of others for fun or personal gain

Question 39

Hash total

Answer 39

a meaningless sum that is used to check for the completeness of data entry or processing

Question 40

Hot backup

Answer 40

backup performed while the database is online and available for read/write.

Question 41

Hot site

Answer 41

a disaster recovery location that includes a computer system configured similarity to the system currently in use by a company for its data processing activities

Question 42

Ideal control

Answer 42

a control procedure within a company’s internal control system that reduces to practically zero the risk of an undetected error or irregularity

Question 43

Identity theft

Answer 43

the intentional misuse of someone else’s personal information with the intent to deceive another

Question 44

Input controls

Answer 44

computer application controls that attempt to ensure the validity, accuracy, and completeness

Question 45

Input Validation routines

Answer 45

programs that check the validity and accuracy of inout data after the data have been entered and recorded

Question 46

Integrated Security

Answer 46

an approach to security involving managers combining a number of key security technologies to protect to organization

Question 47

Internal control

Answer 47

a process effected by an entities board of directors, management, and other personnel

Question 48

Internal control system

Answer 48

Various methods and measures designed into and implemented

Question 49

IT general controls

Answer 49

controls over data processing to provide reasonable assurance that development is authorized, tested and approved

Question 50

Logic Bomb

Answer 50

a computer program that remains dormant until some specific circumstance or date triggers the program to action

Question 51

Logical security

Answer 51

uses technology such as password controls to limit access

Question 52

Man trap

Answer 52

building facility control

Question 53

Message acknowledgement procedures

Answer 53

control for computer network systems that is useful in preventing the loss of part or all of a company’s transactions or messages

Question 54

Operational audit

Answer 54

an audit performed by a company’s internal audit staff that focuses on evaluating the efficiency

Question 55

Output controls

Answer 55

ensure the outputs validity

Question 56

Phishing

Answer 56

an email from someone who falsely claims to be an established legitimate company

Question 57

Physical Security

Answer 57

any measure that an organization uses to protect its facilities resources stored on physical media

Question 58

Preventative controls

Answer 58

control procedures that are designed and implemented within a companys control system to PREVENT a potential problem

Question 59

Risk assessment

Answer 59

a component of internal control that considers the risk factor when designing controls for a company

Question 60

Risk Matrix

Answer 60

a tool especially useful for prioritizing large risks

Question 61

Rollback processing

Answer 61

a fault tolerant system at the transaction level in which transactions are never written to disk until they are complete

Question 62

Routing verification procedures

Answer 62

a control for computer network systems that helps to ensure that no transactions or messages of a company are routed to the wrong computer network system

Question 63

Sarbanes- Oxley act 2002

Answer 63

sweeping financial legislation that emphasizes organizational internal controls and accountability

Question 64

Scenario planning

Answer 64

under event identification management identifies scenarios of minor concern to major disasters that could occur

Question 65

Security policy

Answer 65

a comprehensive plan that management must develop to help protect the enterprise from internal and external threats

Question 66

Separation of duties

Answer 66

an activity of an internal control system that focuses on structuring work assignments among employees so that one employees work activities serve as a check on those work activities of another employee

Question 67

Smishing

Answer 67

a scam using text messages on cell phones that claims to be legitimate but asks you to provide personal info

Question 68

Social engineering

Answer 68

a tactic hackers use to gain access to systems by exploiting human weaknesses

Question 69

Trojan horse program

Answer 69

a destructive or deceptive computer program hidden inside an accepted program

Question 70

Uninterruptible power system (UPS)

Answer 70

an auxiliary power supply that can smooth that flow of power to the computer, thereby preventing the loss of data due to momentary surges or dips in power

Question 71

Val IT

Answer 71

is a formal statement of principles and processes for IT management that helps organizations understand if they are making the right IT investments and optimizing the returns

Question 72

Validity test

Answer 72

evaluates the validity of a transaction by checking for the existence of matching records in a master file

Question 73

Virtual private network (VPN)

Answer 73

a security protocol that creates a private, encrypted means of communications through the internet

Question 74

Voice over Internet protocol (VoIP)

Answer 74

a technology that allows individuals to make telephone calls using a broadband internet connection

Question 75

Watchdog Processor

Answer 75

A fault tolerant system that uses two processors

Question 76

Worm Program

Answer 76

A program that disrupts normal data processing and is usually able to replicate itself onto other files, computer systems, or networks