B6-M6 IT Risks and Responses Flashcards

1
Q

what is risk control?

A

risk controls are preventive measures put in place so that risks can be averted or mitigated

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

what are three different types of risks account recognizes as threats to accuracy of reports?

A
  • Strategic risk: chose inappropriate technology
  • Financial risk: have financials recourses lost, wasted, or stolen
  • Information risk: loss of data integrity, incomplete transactions, or hackers
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

what are components of general controls?

A
  • IT infrastructure
  • Security management
  • Software acquisition
  • Developments
  • Operations
  • Maintenance controls
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

what is the most effective control procedures?

A

General controls are designed to ensure that an organization’s control environment is stable and well managed. Integrating general and application control procedures into the components as part of the basic design

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

what are the 3 categories of controls in IT?

A
  • Preventive: to prevent potential problems from occurring
  • detective: to locate problems that have occurred
  • corrective: to fixed problems that have occurred
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

what is a hash and batch total?

A
  • A hash total: a detective control. it attempts to detect if numbers that are not normally added ( account numbers) have been processed incorrectly
  • A batch total is used for numbers (dollars)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

what is primary purpose of firewall?

A

to prevent unauthorized access to a network

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

what is validity check?

A

ensure that no errors exist and that data are valid and accurate

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

what is the difference between asymmetric encryption and data encryption?

A
  • in asymmetric encryption: a public key is used to encrypt messages. a private key (which is never transmitted) is used to decrypt the message at the other end. Anyone can encrypt a message, but only the intended recipient can decrypt the message
  • in data encryption: based on concept of keys. length of the key is extremely important. The longer the key is, the harder it is to crack the key
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

what is a smart card?

A

it is something that a department supervisor could carry on his or her person. It’s not easy for someone else to obtain

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

what is public key infrastructure PKI?

A

refers to system and processes used to issue and manage asymmetric keys and digital certificates

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

what is a digital signature?

A

It is a means of ensuring that the sender of a message is authentic

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

what is hashing?

A

hashing involves mapping large quantities of data into a smaller table for the purpose of recovering data more rapidly. It is also utilized in the encryption of advanced and digital signatures

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

what is data masking?

A

involves breaking the linkage between data and the individual to whom the data is associated through the removal of personal identifiers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

what are system programmers?

A
  • involve in selection, implementing, and maintaining of system software
  • core responsibility is to write a program based on a predefined design
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

what are systems analysts?

A

they are responsible for designing systems, preparing specifications for programmers, and serving as an intermediary between users and programmers

17
Q

what is symmetric encryption?

A

both parties use the same key to encrypt and decrypt the message so that the key must be shared

18
Q

what are 4 types of control?

A
  1. physical control: monitor and control the environment of the workplace and computing facilities
  2. Logical control: use software and data to monitor and control access to information and computing systems
  3. General control: ensure that an organization’s control environment is stable and well-managed
  4. Application control: prevent, detect and correct transaction error and fraud and application specific, providing reasonable assurance as to system accuracy, completeness, and validity
19
Q

what are the 3 types of backups?

A
  1. Incremental backup: copy only the data items that have changed since the last backup
  2. differential backup: copy all changes made since the last full backup. Each new differential backup file contains the cumulative effects of all activity since the last full backup
  3. full backup: exact copy of the entire database
20
Q

what is a hot, cold, and warm site?

A
  • Hot: location that is equipped with the necessary hardware and possibly software for recovery process
  • Cold: off-site location that has all the electrical connections and other physical requirements for data processing, but does not have the actual equipment
  • warm: stock enough equipment to create a reasonable facsimile of the primary date center
21
Q

what is an off-site mirrored web server?

A

allows the off-site web server to take over almost immediately in the event of a disaster, thereby providing nearly uninterrupted service and allowing for business continuity

22
Q
A