B6-M6 IT Risks and Responses Flashcards
what is risk control?
risk controls are preventive measures put in place so that risks can be averted or mitigated
what are three different types of risks account recognizes as threats to accuracy of reports?
- Strategic risk: chose inappropriate technology
- Financial risk: have financials recourses lost, wasted, or stolen
- Information risk: loss of data integrity, incomplete transactions, or hackers
what are components of general controls?
- IT infrastructure
- Security management
- Software acquisition
- Developments
- Operations
- Maintenance controls
what is the most effective control procedures?
General controls are designed to ensure that an organization’s control environment is stable and well managed. Integrating general and application control procedures into the components as part of the basic design
what are the 3 categories of controls in IT?
- Preventive: to prevent potential problems from occurring
- detective: to locate problems that have occurred
- corrective: to fixed problems that have occurred
what is a hash and batch total?
- A hash total: a detective control. it attempts to detect if numbers that are not normally added ( account numbers) have been processed incorrectly
- A batch total is used for numbers (dollars)
what is primary purpose of firewall?
to prevent unauthorized access to a network
what is validity check?
ensure that no errors exist and that data are valid and accurate
what is the difference between asymmetric encryption and data encryption?
- in asymmetric encryption: a public key is used to encrypt messages. a private key (which is never transmitted) is used to decrypt the message at the other end. Anyone can encrypt a message, but only the intended recipient can decrypt the message
- in data encryption: based on concept of keys. length of the key is extremely important. The longer the key is, the harder it is to crack the key
what is a smart card?
it is something that a department supervisor could carry on his or her person. It’s not easy for someone else to obtain
what is public key infrastructure PKI?
refers to system and processes used to issue and manage asymmetric keys and digital certificates
what is a digital signature?
It is a means of ensuring that the sender of a message is authentic
what is hashing?
hashing involves mapping large quantities of data into a smaller table for the purpose of recovering data more rapidly. It is also utilized in the encryption of advanced and digital signatures
what is data masking?
involves breaking the linkage between data and the individual to whom the data is associated through the removal of personal identifiers
what are system programmers?
- involve in selection, implementing, and maintaining of system software
- core responsibility is to write a program based on a predefined design