Domain III – Information Technology – Section B: IT Infrastructure and IT Control Frameworks Flashcards
Types of Processing Facilities
The information processing facility may be organized in one of three ways: Centralized, Decentralized, and Distributed
Centralized Facility
establishes only one computer department in the whole company where all the processing takes place. Data entry and retrieval may occur either at the centralized facility or from terminals connected to the facility.
=> All departments send requests to the centralized facility describing their processing and information requirements. Information is processed and sent back to the user departments.
Decentralized Facility
establishes a separate computer facility to service the needs of each major department or unit in an organization. The department and its processing requirements dictate the size of each facility.
Distributed Computer Facility
In a distributed computer facility, both the centralized and decentralized facilities are combined
=> Users have their own computer equipment, but some computer terminals are connected to a bigger computer in a remote location.
Data Processing Methods
- Batch Method – data is initially input and grouped in temporary transaction files, before processing the data and updating the master file.
- Online Method – data is processed immediately after each input rather than being stored in a temporary file for later processing.
Data file
is a file that includes raw data for processing. They may be categorized as: transaction file, master file, report file, output file, history file, backup file.
Program file
is the file that includes the instructions required by the computer.
=> Program files may be: in‐house developed, custom‐made, ready‐made or off‐the‐shelf
Operating System
is a program consisting of a set of internal command instructions that allows the computer to utilize its own resources and direct its operations.
- It is the first program loaded to the system’s memory once started and remains active at all times.
=> The operating system acts as the interface between the physical hardware, the software applications, and the users.
Network
is a system of interconnected computers including the hardware and software needed to connect them.
Local Area Networks (LAN)
are networks that serve users within a specified geographical area (usually within one building, or more than one building in close proximity).
Wide Area Networks (WAN)
are networks that serve users across an extended geographical region using various transmission media for connectivity.
Types of WANs
- Integrated Services Digital Networks (ISDN)
- Virtual Networks (VNs)
- Wireless Networks
- Value‐Added Networks (VANs)
Metropolitan Area Networks (MAN)
are networks that fill that gap between LANs and WANs serving users within the same town or city dispersed over approximately 50 km.
Integrated Services Digital Networks (ISDN)
are WAN networks used for voice, data, and video communication through the use of digital switching and transmission technologies.
Virtual Networks (VNs)
are private secure networks working within a vulnerable network.
Wireless Networks
are WAN networks that allow users to access information instantly via wireless handheld devices such as mobile phones.
Value‐Added Networks (VANs)
are networks that provide other services such as storage, data translation, and error correction.
Mainframe
is the most powerful type of computers after the supercomputer. They are powerful computers that support the processing requirements of thousands of users (e.g., computers used by most banks and large corporations).
Gateways
are a combination of hardware and software packages that has its own processor and memory. A gateway is used to interconnect networks that use different protocols by performing protocol and bandwidth conversions.
Protocol
refers to the rules used by network operations to control the flow and priority of transmissions.
Electronic Funds Transfer (EFT)
is the exchange of money via telecommunications. Money is transferred from one account to another electronically without the actual exchange or dealing with cash.
Database Administrator
is generally responsible for the administration of the organizations’ database. The primary responsibility of a database administrator is to ensure that date is available, secured, and easily accessible as needed.
Librarian
records, issues, receives, and safeguards all program and data files that are owned/used by the organization.
Network Administrator
administers the technical and administrative functionality of the organization’s network.
Help desk function
is a unit within the organization that responds to users’
technical questions. The help desk staff usually respond directly when resolving minor problems, however, may refer to the IT department, or help desks of suppliers when resolving more complex problems.
Security Officer
ensures that the users are complying with the corporate security policy and that there are adequate controls to prevent unauthorized access to the system
including data, programs, and equipment.
Systems Analyst
is responsible for defining user requirements and designing the system accordingly. The detailed design prepared by the systems analyst is used by the
programmers for creating the related program.
Programmers
are responsible for developing and maintaining the software (both system and application software). Programmers convert the design prepared by the
system analyst into machine executable modules. They are also responsible for maintaining the software after it has been developed.
Change Control
ensures that changes to programs have a minimal impact on processing and result in minimal risk to the overall system.
COBIT
is a framework created by Information Systems Audit and Control Association (ISACA) for information technology (IT) governance and management. It is an IT governance framework and supporting toolset that allows managers to bridge the gap between control requirements, technical issues and business risks.
COBIT‐2019 Principles
- Principles for a Governance System: provide stakeholder value, holistic approach, dynamic governance system, governance distinct from management, tailored to enterprise needs, end‐to‐end governance system.
- Principles for a Governance Framework: based on a conceptual model, open and flexible, aligned to major standards.
COBIT‐2019 Objectives
COBIT‐2019 has developed 40 core governance and management objectives.
- Governance Objectives – are grouped in one domain, which is the Evaluate, Direct and Monitor
- Management Objectives – are grouped in four domains: (1) Align, Plan and Organize, (2) Build, Acquire and Implement, (3) Deliver, Service and Support, (4) Monitor, Evaluate and Assess
Electronic Systems Assurance and Control (eSAC)
The eSAC model published by the IIA sets the stage for effective technology risk management by giving companies a framework to guide an evaluation of the e‐business control environment.
- provides a framework to help management, corporate governance entities, and internal auditors understand evaluate, monitor, and mitigate technology risks.
- examines risks in all organizational components, including customers, competitors, regulators, community, and owners.
The eSAC model includes the following components:
Organization’s Mission and Outcomes – The organization typically pursues its mission through establishing strategies and objectives consistent with its values.
Control Context – A sound control environment helps the organization stay on its path as it moves from mission to results. The eSAC model adopts the broad control context from COSO
Assurance Objectives – The eSAC provides control attributes that are particularly pertinent for e‐business activities (i.e. Availability, Capability, Functionality, Protectability, Accountability)
