B6-M6 IT Risks and Responses Flashcards
what is risk control?
risk controls are preventive measures put in place so that risks can be averted or mitigated
what are three different types of risks account recognizes as threats to accuracy of reports?
- Strategic risk: chose inappropriate technology
- Financial risk: have financials recourses lost, wasted, or stolen
- Information risk: loss of data integrity, incomplete transactions, or hackers
what are components of general controls?
- IT infrastructure
- Security management
- Software acquisition
- Developments
- Operations
- Maintenance controls
what is the most effective control procedures?
General controls are designed to ensure that an organization’s control environment is stable and well managed. Integrating general and application control procedures into the components as part of the basic design
what are the 3 categories of controls in IT?
- Preventive: to prevent potential problems from occurring
- detective: to locate problems that have occurred
- corrective: to fixed problems that have occurred
what is a hash and batch total?
- A hash total: a detective control. it attempts to detect if numbers that are not normally added ( account numbers) have been processed incorrectly
- A batch total is used for numbers (dollars)
what is primary purpose of firewall?
to prevent unauthorized access to a network
what is validity check?
ensure that no errors exist and that data are valid and accurate
what is the difference between asymmetric encryption and data encryption?
- in asymmetric encryption: a public key is used to encrypt messages. a private key (which is never transmitted) is used to decrypt the message at the other end. Anyone can encrypt a message, but only the intended recipient can decrypt the message
- in data encryption: based on concept of keys. length of the key is extremely important. The longer the key is, the harder it is to crack the key
what is a smart card?
it is something that a department supervisor could carry on his or her person. It’s not easy for someone else to obtain
what is public key infrastructure PKI?
refers to system and processes used to issue and manage asymmetric keys and digital certificates
what is a digital signature?
It is a means of ensuring that the sender of a message is authentic
what is hashing?
hashing involves mapping large quantities of data into a smaller table for the purpose of recovering data more rapidly. It is also utilized in the encryption of advanced and digital signatures
what is data masking?
involves breaking the linkage between data and the individual to whom the data is associated through the removal of personal identifiers
what are system programmers?
- involve in selection, implementing, and maintaining of system software
- core responsibility is to write a program based on a predefined design
what are systems analysts?
they are responsible for designing systems, preparing specifications for programmers, and serving as an intermediary between users and programmers
what is symmetric encryption?
both parties use the same key to encrypt and decrypt the message so that the key must be shared
what are 4 types of control?
- physical control: monitor and control the environment of the workplace and computing facilities
- Logical control: use software and data to monitor and control access to information and computing systems
- General control: ensure that an organization’s control environment is stable and well-managed
- Application control: prevent, detect and correct transaction error and fraud and application specific, providing reasonable assurance as to system accuracy, completeness, and validity
what are the 3 types of backups?
- Incremental backup: copy only the data items that have changed since the last backup
- differential backup: copy all changes made since the last full backup. Each new differential backup file contains the cumulative effects of all activity since the last full backup
- full backup: exact copy of the entire database
what is a hot, cold, and warm site?
- Hot: location that is equipped with the necessary hardware and possibly software for recovery process
- Cold: off-site location that has all the electrical connections and other physical requirements for data processing, but does not have the actual equipment
- warm: stock enough equipment to create a reasonable facsimile of the primary date center
what is an off-site mirrored web server?
allows the off-site web server to take over almost immediately in the event of a disaster, thereby providing nearly uninterrupted service and allowing for business continuity