B6 - Process Management and Information Technology Flashcards
What is the purpose of the General IT controls?
They’re designed to ensure that the organization’s control environment (people, process and IT) is stable and well-managed. These are controls over the system as a whole.
What are types of the General IT controls?
- System development life-cycle standards and controls.
- Physical and logical controls over infrastructure
- Business resiliency management
- Change management procedures
- Software acquisition, development, operations, and maintenance controls.
What would be examples of general controls?
- Restricting access to a computer facility by use of biometrics devices
- Having backup file systems
- Performing background checks of personnel
- Segregation of duties of incompatible roles.
What does application controls include?
It includes input controls, processing controls, and output controls. They tend to be specific to the process or subsystem (e.g., “missing data check” on an input screen, reconciliation of totals and physical controls over inventory)
What is a preventive control?
Preventive controls stop problems before they occur (e.g., locked door, a security guard, segregation of duties). It relates to timing before an event occurs.
What is detective controls?
Detective controls call attention to errors that have already entered the system before an error causes a negative outcome or even worse, a disaster (e.g., reconciling account records to physical counts). It relates to timing after the event happened.
What are feedback controls?
Evaluate the results of a business process, and if the results are not good, management can adjust the process before disaster occurs. These are detective controls.
What are Feed Forward Controls?
Feed forward controls compare projected results (future) to a pre-determined standard and allow management to make a change to prevent an unwanted outcome, preventive controls. Used in a budget system (e.g., modern inventory ordering systems, sales are projected, current inventory levels are identified, and inventory is ordered)
What is a firewall?
Firewalls are designed to limit who is able to access a system (unauthorized users). Passwords are required to help minimize vulnerability.
What do firewalls do?
Firewalls screen data packets to determine if they are acceptable or unacceptable and block unacceptable packets from the system based on set parameters.
What is a multifactor authenticator?
Allows for a second authentication key from a second device (e.g., smartphone or other key generator needed at the time of log in)
How is asymmetric encryption used?
A public key is used to encrypt messages. A private key (which is never transmitted) is used to decrypt the message at the other end. Anyone can encrypt the message but only the intended recipient can decrypt it.
What is multimodal authentication?
Multimodal authentication uses multiple biometric data (e.g., fingerprints, facial scanning, eye scanning, etc.) to verify the identity of the individual accessing the data.
What is the purpose of a digital signature?
To ensure that the sender of the message is authentic. Digital signature uses asymmetric encryption.
What is a Public Key Infrastructure (PKI)?
Represents the mechanisms used to issue keys and digital certificates.
What is hashing?
It involves mapping large quantities of data into a smaller table for the purpose of recovering data more rapidly. It is also utilized in the encryption of advanced and digital signature.
What is data masking?
it involves breaking the linkage between data and the individual to whom the data is associated through the removal of personal identifier.
What is the role of the system analyst?
- The system analyst role falls under the application development team (yellow team)
- It analyzes and designs new applications and they lead teams of application (software) programmers who complete the actual coding.
- They talk to end users about their needs to develop the new application.
What is the role of the security administrator?
- the security administrator role falls in the system administrator and system programming team
(red team) - It ensures all components of the system are secure from threats both internal and external.
- Responsibility include security of software and system and granting appropriate access to systems via user authentication, password set up and maintenance.
What is the role of the Network Manager?
- Falls under the security administrator role (red team).
- Ensures all applicable devices link to the organization’s network and networks operate securely and continuously
- Manages remote access
What is the role of the web administrator?
- Falls under the security administrator role (red team).
- Operate and maintain the web server
What is the role of the Help Desk Personnel?
- Falls under the security administrator role (red team).
- Answer help-line calls and emails, resolve user problems, and obtain technical support and vendor support when necessary.
What is the role of the Database Administrator?
- Falls under the security administrator role (red team).
- System administrator that maintains and supports the database SOFTWARE.
- This include ensuring security and backup and recovery procedures.
What is the purpose of data security controls?
To ensure that storage media are only accessed, changed, or deleted after appropriate authorization. The objective is to protect information.