Domain 3- Controls for IS Flashcards
migrating from a legacy system to an enterprise resource planning (ERP) system
correlation of semantic characteristics of the data migrated between the two systems (data schema)
live transactions in test data
Test data will be representative of live processing; however, it is important that all sensitive information in the live transaction file is sanitized to prevent improper data disclosure.
program logic definitions
Mapping identifies specific program logic that has not been tested and analyzes programs during execution to indicate whether program statements have been executed.
System Testing
System testing is undertaken by the development team to determine if the combined units of software work together and that the software meets user requirements per specifications. A failure here would be expensive but easier to fix than a failure found later in the testing process.
Integration testing
Integration testing examines the units/modules as one integrated system and unit testing examines the individual units or components of the software. A failure here would be expensive and require re-work of the modules, but would not be as expensive as a problem found just prior to implementation.
cryptographic hashing algorithm and checksum
data integrity
Error Reports
System Testing Phase
business process reengineering (BPR) project
inclusion of the key controls and verify that the controls are in place before implementing the new process.
stress testing
Stress testing is carried out to ensure that a system can cope with production workloads. Testing with production level workloads is important to ensure that the system will operate effectively when moved into production.
quality of data in a data warehouse?
Accuracy of source data
production data for testing
Senior IS and business management must approve use before production data can be utilized for testing.
object-oriented design and development techniques
one of the major benefits of object-oriented design and development is the ability to reuse modules.
sociability testing
KEY WORDS: can operate in its target environment without adversely impacting existing systems.
waterfall life cycle model
stable conditions and well-defined requirements.
availability and confidentiality of the web application in production
The most important control to test in this configuration is the server configuration hardening
bottom-up approach to software testing
testing of atomic units, such as programs and modules, and works upward until a complete system testing has taken place. The advantages of using a bottom-up approach to software testing are the fact that errors in critical modules are found earlier.
top down approach to software testing
interface errors are detected early and that testing of major functions is conducted early.
Atomicity vs. Durability
C. The principle of atomicity requires that a transaction be completed in its entirety or not at all. If an error or interruption occurs, all changes made up to that point are backed out.
D. Durability ensures that, when a transaction has been reported back to a user as complete, the resultant changes to the database will survive subsequent hardware or software failures.
Functionality
Functionality is the set of attributes that bears on the existence of a set of functions and their specified properties. The functionality of a system represents the tasks, operations and purpose of the system in achieving its objective.
portability.
The ability of the software to be transferred from one environment to another refers to portability.
Quality of the metadata
most important element in the design of a data warehouse
data warehouse
used for analysis and research,
advantage of prototyping
Prototype systems can provide significant time and cost savings through better user interaction and the ability to rapidly adapt to changing requirements; however, they also have several disadvantages, including loss of overall security focus, project oversight and implementation of a prototype that is not yet ready for production.
functional acknowledgments
main controls used in data mapping- Acting as an audit trail for electronic data interchange (EDI) transactions
electronic data interchange (EDI) environment
Because the interaction between parties is electronic, there is no inherent authentication occurring; therefore, transaction authorization is the greatest risk.
Check Digit
Transposition
checksum
A checksum calculated on an amount field and included in the electronic data interchange (EDI) communication can be used to identify unauthorized modifications.
EDI Authenticity
C. An electronic data interchange (EDI) system is subject not only to the usual risk exposures of computer systems but also to those arising from the potential ineffectiveness of controls on the part of the trading partner and the third-party service provider, making authentication of users and messages a major security concern.
RAD
The greatest advantage and core objective of RAD is a shorter time frame for the development of a system.
tracing and tagging
system testing:
buffer overflow.
Poorly written code, especially in web-based applications, is often exploited by hackers using buffer overflow techniques.
agile software development methodology
an iterative process where each iteration or “sprint” produces functional code. If a development team was producing code for demonstration purposes, this would be an issue because the following iterations of the project build on the code developed in the prior sprint.
online electronic funds transfer (EFT) reconciliation procedures
Tracing is a transaction reconciliation effort that involves following the transaction from the original source to its final destination. In electronic funds transfer (EFT) transactions, the direction on tracing may start from the customer-printed copy of the receipt, checking the system audit trails and logs, and finally checking the master file records for daily transactions.
Automated systems balancing
Automated systems balancing would be the best way to ensure that no transactions are lost as any imbalance between total inputs and total outputs would be reported for investigation and correction.
Program coding standards
are required for efficient program maintenance and modifications.
Integration testing
Integration testing evaluates the connection of two or more components that pass information from one area to another. The objective is to utilize unit-tested modules, thus building an integrated structure according to the design.
Systems Testing
System testing relates a series of tests by the test team or system maintenance staff to ensure that the modified program interacts correctly with other components. System testing references the functional requirements of the system.
