B6-M6 IT Risks and Responses

Question 1

what is risk control?

Answer 1

risk controls are preventive measures put in place so that risks can be averted or mitigated

Question 2

what are three different types of risks account recognizes as threats to accuracy of reports?

Answer 2

• Strategic risk: chose inappropriate technology
• Financial risk: have financials recourses lost, wasted, or stolen
• Information risk: loss of data integrity, incomplete transactions, or hackers

Question 3

what are components of general controls?

Answer 3

• IT infrastructure
• Security management
• Software acquisition
• Developments
• Operations
• Maintenance controls

Question 4

what is the most effective control procedures?

Answer 4

General controls are designed to ensure that an organization’s control environment is stable and well managed. Integrating general and application control procedures into the components as part of the basic design

Question 5

what are the 3 categories of controls in IT?

Answer 5

• Preventive: to prevent potential problems from occurring
• detective: to locate problems that have occurred
• corrective: to fixed problems that have occurred

Question 6

what is a hash and batch total?

Answer 6

• A hash total: a detective control. it attempts to detect if numbers that are not normally added ( account numbers) have been processed incorrectly
• A batch total is used for numbers (dollars)

Question 7

what is primary purpose of firewall?

Answer 7

to prevent unauthorized access to a network

Question 8

what is validity check?

Answer 8

ensure that no errors exist and that data are valid and accurate

Question 9

what is the difference between asymmetric encryption and data encryption?

Answer 9

• in asymmetric encryption: a public key is used to encrypt messages. a private key (which is never transmitted) is used to decrypt the message at the other end. Anyone can encrypt a message, but only the intended recipient can decrypt the message
• in data encryption: based on concept of keys. length of the key is extremely important. The longer the key is, the harder it is to crack the key

Question 10

what is a smart card?

Answer 10

it is something that a department supervisor could carry on his or her person. It’s not easy for someone else to obtain

Question 11

what is public key infrastructure PKI?

Answer 11

refers to system and processes used to issue and manage asymmetric keys and digital certificates

Question 12

what is a digital signature?

Answer 12

It is a means of ensuring that the sender of a message is authentic

Question 13

what is hashing?

Answer 13

hashing involves mapping large quantities of data into a smaller table for the purpose of recovering data more rapidly. It is also utilized in the encryption of advanced and digital signatures

Question 14

what is data masking?

Answer 14

involves breaking the linkage between data and the individual to whom the data is associated through the removal of personal identifiers

Question 15

what are system programmers?

Answer 15

• involve in selection, implementing, and maintaining of system software
• core responsibility is to write a program based on a predefined design

Question 16

what are systems analysts?

Answer 16

they are responsible for designing systems, preparing specifications for programmers, and serving as an intermediary between users and programmers

Question 17

what is symmetric encryption?

Answer 17

both parties use the same key to encrypt and decrypt the message so that the key must be shared

Question 18

what are 4 types of control?

Answer 18

1. physical control: monitor and control the environment of the workplace and computing facilities
2. Logical control: use software and data to monitor and control access to information and computing systems
3. General control: ensure that an organization’s control environment is stable and well-managed
4. Application control: prevent, detect and correct transaction error and fraud and application specific, providing reasonable assurance as to system accuracy, completeness, and validity

Question 19

what are the 3 types of backups?

Answer 19

1. Incremental backup: copy only the data items that have changed since the last backup
2. differential backup: copy all changes made since the last full backup. Each new differential backup file contains the cumulative effects of all activity since the last full backup
3. full backup: exact copy of the entire database

Question 20

what is a hot, cold, and warm site?

Answer 20

• Hot: location that is equipped with the necessary hardware and possibly software for recovery process
• Cold: off-site location that has all the electrical connections and other physical requirements for data processing, but does not have the actual equipment
• warm: stock enough equipment to create a reasonable facsimile of the primary date center

Question 21

what is an off-site mirrored web server?

Answer 21

allows the off-site web server to take over almost immediately in the event of a disaster, thereby providing nearly uninterrupted service and allowing for business continuity