Exam 3 Flashcards
Identification
Users assigning a unique identifier to the user
Authentication
Process of associating user/name with other identifier (making sure is legit)
Authorization
Associating user with objects/data they’re allowed to access.
Methods for authentication and multifactor authentication
Something user should KNOW, HAS, and IS
Multifactor authentitication
When more than one unique identifier is required by system, to authenticate
Role-based authorization, why’s it used?
To restrict network access by assigning individual specific roles that have predefined criteria, for what can/can’t be accessed to.
Role
Predefined permission users are assigned
Permission
Right/privilege user has once assigned to a role
Administrator role
Highest role in the hierchary, has premission for all objects
Principle of leas privileged
Users should be assigned only necessary privileges to do their job
Provisioning
Process of assigning access to users
De-Provisioning
Process of removing access when user changes jobs/leaves organizations
Access Creep
Additional roles are assigned to users that are needed temporarily, but not removed
User access reviews
Compare user job responsibilties with a role assigined
dormant access review
Compare access logs to user permissions to identify permissions that have not been used, and may need to be removed
Dormant user review
Compare access logs to users, identify users that have not accessed the system and may need to be removed
Data Center
Physical location where servers, network appliances and other hardware to make core IT infrastructure is stored.
Importance of data center control
Important because it runs all of IT
SOC 2 Audit
Covers security, availability, processing integrity or privacy for the cloud provider is required. Used when data center is outsourced.
Outside environment
Near bottom floors of physical building, building will be on high ground
Inside environment
Own A/C to avoid overheating, non-water fire suppression system presents.
Physical security
only employees involved with operation allowed, single entry point.
Relationship between incident response, disaster recovery, business continuity.
Ensures business and process continue running smoothly.
Data Prioritization
Companies’ categories systems and data based on importance, they do this in case of disaster recovery and business continuity.
Hot backup site
immediately operational after disaster, runs continuously
Warm backup site
Equipped with certain servers/equipment need to ramp up operations and takes time to start,
Cold backup site
Almost empty room with no servers, equipment needs to be brought in, only has power, AC
Full backup startegy
Copying all existing data in its entirety every time
Differential backup strategy
Copying data created since most recent full backup everytime
Incremental
Copying only new and updated data with each backup.
Change Manegement
Process that changes implementation to a system
Types of enviorments
Test, Model, Production
Test
Developer writes the code user requested
Model
User reviews outcome of the code when it runs model environment.
Production
Production control employee implements code into production.
Purchase requsition
Document that initares purchase
Supplier selection
Suppliers identified, best is chosen
Purchase order
sent to supplier, specific goods ordered
Goods recipt
Goods/services are recieved
Purchase invoice
Bill identifying amount to pay and payment terms is received
Cash Payment
Supplier is paid
Recording (Accounting activites)
Information as transaction takes place
Processing (Acctg activties)
Processing inform to make it available in a useful format
Sorting (acctg activties)
Data is an organized way
Reporting (Acctg activties)
reporting information to decision making
Control actitvies
Proper authorization, segregation of duty, physical control
IT general control
Logical access control, data center control
Organization-wide control
Control environment, risk assessment monitoring.
Preventative
reducing chance of outcome will happen (Likelihood)
Detectove:
Abke to detect situation quickly (Impact)
Corrective
Reduce the effect of the outcome (Impact)
Steps in revenue process
Estimate
Sales Order
Delivery
Sales invoice
Cash Reciept
Bank deposit
Steps in revenue recognition
Identify- contract with customer
Identify- Performance obligations in contract
Determine- transaction price
Allocate- transaction price to performance obligations in contract
Recognize- revenue when satisfies performance obligations.
What Journal entries are a part of the revenue process
At sale: Recognize rvenue and cost
At collection: Record cash receipt and reduce A/R
General Journal
Book of original entry, all journal entires are recorded here.
Special Journal
Simplify recording process for frequent transactions, group similar entries.
Subsidiary Ledger
Detailed information on individual accounts for business, slows effect on accounts
General Ledger
Master record that holds all accounts for business, slows effect on account’s.
Process of recording and posting in manual system
-Analyze transactions
-Records in the Journal
-Post to GL
-Prepaid trial balance
-Adjust entries
-prepaid financial statements
-close temporary accounts
Special journals used in revenue process
Simply recording and speed posting by allowing posting of totals for all transactions to commonly used accounts, rather than posting individually.
Control account
General ledger account associated with a subsidiary Ledger, all transactions end up getting posted twice.
3 types of data
Configuration data, Master data, Transaction data
Configuration data
Data that makes system work. (Tax rate, G.L.)
Master data
Data about the people and resources including accounting transactions
Transaction data
Data about the activities in the business process (Journal entries)
Cost-Benefit constraints in implementing revenue system
Prepairing seperate estimate
Sales orders
Recieving recipts
Not able to connect raw materials and finished goods.
Bundle
I me composed of several other items
Bill of materials
Including items that are part of the bundle
Price (bundle)
Sum of the prices of its components
What changes are made to the subsidiary ledger data
Customers balanced increased and open balance means unpaid A/R balance
Payments to a deposit account
Is a cash account, used to record cash received, but not yet placed in the bank.
