COBIT 2 Flashcards
Two categories of controls
General and Application
Application 3 types
Input, processing, output
IT Aministration over General Controls What’s Important
Separate function with own management and skill-set
Designate Chief information officer or Chief Technology Officer
Segregate the staff functions
Controls over system software - Operating system, utilities, dB mgt no change w.o. Authoria
Controls over application software - cost effective and stable
Hardware Controls built in: parity checks, echo checks, read after write
What’s a Device Authorization Table
Grants access only to those physical devices that should need it. No one should be accessing A/R from manufacturing.
What’s call back
access control where the computer calls the modem back
Physical Controls CONSIST OF
Access controls
Environmental Controls
What’s the difference between Authorization and Authentication
Authorization ensures that you only can access those programs and data you are approved to access
Authentication is making sure you are who you say you are, passwords and security questions
What’s the password and authorization controls bit, where do the fall under
General Controls, subset is logical controls
General Controls Types
Segregation of IT Duties
Hardware Controls
Access Controls - lots of these, much more than logical, Paswords and I’d numbers, system access log, encryptio, call back, biometric, auto-log off, security personnel
Environmental Controls
Logical Controls - like access but once you get in where can you go and what can you use, authorization and authentication, ironically auto-log off isn’t here, it’s under access
Firewalls - Hardware and software, network and application
PHYSICAL Access Controls
Paswords and I'd Device Authorization Table Systems Access Log Encryption Callback Controlled Destruction of Documents Biometrics Automatic Log off Having SEcurity personnel
Controlled Disposal of Documents
This is an physical access control - surprisingly
one way of enforcing access restrictions is destroying old data shred paper or erase magnetic media
General Controls Describe
Effect entire processing environment
Control Over data center and network operations
Systems software acquisition
Software change and maintenance
Access Security
Application system acquisition, development and maintenance
A QUESTION: Company invested in new machine that will generate revenues of $35,000 a year for seven years. Annual operating expense of $7,000 on the new machine. Depreciation expense, included in the operating expens is $4,000. The expected payback period for the machine is 5.2 years. How much did it cost.
The answer is $166,400. No excuse for me getting this wrong. I screwed up the math. The net expense was $3,000 not $4,000. Set up the equation X/5.2 =32,000 a year.
Don’t confuse payback, which is focused on cash flows so depreciation matters even though it’s not present valued, with accounting. Also salvage doesn’t matter in payback.
Department manager substituted a time cared for a terminated employee with a time card for a fake employee, what’s the best control to detect.
Hash total it says because hash total from personnel for the employee list could be compared with the total generated during the payroll run.
If you get an activity based costing question guess.
Just guess though some drivers are
different materials used
number of vendors supplying materials
units of materials used
pick the one that seems to make the most logical sense for another method in this case “cost of material used” was the one that wouldn’t be used as the base in abc
