Chapt 15 IT Controls and Security Flashcards
The increased use of database processing systems makes managing data and information a major information service function. Because the databases of an organization are used for many different applications, they are coordinated and controlled by a database administrator. The functions of a database administrator are
Database design, database operation, and database security.
This answer is correct.
A database administrator (DBA) is the person who has overall responsibility for developing, designing, controlling, and maintaining the database. The DBA manages all database functions including design and maintenance of the schema that describes the structure of the database. The DBA also assigns user passwords and establishes other security measures. Control of changes in data items and in the programs that use the database is another responsibility of the DBA.
Which of the following statements is true concerning the COBIT 5 framework?
Information and organizational structures are among the enablers identified in COBIT 5.
This answer is correct.
COBIT 5 describes seven categories of enablers that support comprehensive IT governance and management, among them information and organizational structures.
Which of the following types of control plans is particular to a specific process or subsystem, rather than related to the timing of its occurrence?
Application.
This answer is correct.
Application controls are built into each computer application. They are designed to ensure that only correct, authorized data enter the system, and that the data are processed properly
What is the role of the systems analyst in an IT environment
Designing systems, preparing specifications for programmers, and serving as intermediary between users and programmers.
This answer is correct.
Users within the organization constantly request new systems and applications. Systems analysts are responsible for designing, building, and maintaining these applications. Because analysts and programmers should never be able to make changes directly to programs that are used in “live” production and should never have access to live production data, analysts serve as intermediaries between users and programmers.
A computer operator responsible for a particular job needed to know whether the job had already been run that day. The computer operator examined the
Console log.
This answer is correct.
During processing, the operating system records in the console log the activities of the computer system and the actions taken by the computer operator. It should therefore contain entries for the work performed and provide a control over operator intervention.
Matthews Corp. has changed from a system of recording time worked on clock cards to a computerized payroll system in which employees record time in and out with magnetic cards. The computer system automatically updates all payroll records. Because of this change,
Part of the audit trail is altered.
This answer is correct.
In a manual payroll system, a paper trail of documents is created to provide audit evidence that controls over each step in processing are in place and functioning. One element of a computer system that differentiates it from a manual system is that a transaction trail useful for auditing purposes might exist only for a brief time or only in computer-readable form.
A retail store uses batch processing to process sales transactions. The store has batch control total and other control checks embedded in the information processing system of the sales subsystem. While comparing reports, an employee notices that information sent to the subsystem was not fully processed. Which of the following types of controls is being exercised by the employee?
Detective.
This answer is correct.
Detective controls call attention to errors that have already entered the system before an error causes a negative outcome. An employee exercises detective controls when (s)he notices an error already in the system.
Which of the following risks can be minimized by requiring all employees accessing the information system to use passwords?
Firewall vulnerability.
This answer is correct.
A firewall separates an internal network from an external network (e.g., the Internet) and prevents passage of specific types of traffic. Authentication measures verify the identity of the user, thus ensuring that only the intended and authorized users gain access to the system. Most firewall systems provide authentication procedures. Access controls are the most common authentication procedures
Which of the following activities would most likely be performed in the computer processing department?
Conversion of information to machine-readable form.
This answer is correct.
Conversion of information from source documents to computer-readable form is an activity likely to be performed using computer equipment. Conversion is a necessary part of the input process, and effective control should be maintained over data handling during input as well as all other phases of information processing.
General controls in an information system include each of the following except
Logic tests.
This answer is correct.
General controls are the umbrella under which the IT function operates. They affect the organization’s entire processing environment and include controls over (1) data center and network operations; (2) systems software acquisition, change, and maintenance; (3) access security; and (4) application system acquisition, development, and maintenance. General controls sustain the conditions under which application controls can function properly. A logic test is a type of application control that confirms that the input value is appropriate (e.g., a letter cannot appear in a field that should be a number).
A customer notified a company that the customer’s account did not reflect the most recent monthly payment. The company investigated the issue and determined that a clerk had mistakenly applied the customer’s payments to a different customer’s account. Which of the following controls would help to prevent such an error?
Closed-loop verification.
This answer is correct.
Closed-loop verification involves inputs by a user that are transmitted to the computer, processed, and displayed back to the user for verification.