Information Systems Part 2

Question 1

What is a staging environment?

Answer 1

It is an environment where a sample group of end users have the chance to evaluate changes to applications prior to going live for all users

Question 2

What is full interpretation?

Answer 2

This happens when all tasks are performed at the alternate site

Question 3

What is patch management?

Answer 3

• It is the process of identifying, testing, and applying software updates (patches) to fix vulnerabilities and enhance performance
• Patch management is vital for regularly applying updates and patches to the OS to protect against security vulnerabilities

Question 4

What is software version control?

Answer 4

• AKA source code management
• Primarily concerned with managing changes to the source code of software applications
• It’s more associated with software releases than software patches

Question 5

What is a systems specification document?

Answer 5

• It is a document that describes what the system will do and how it will operate
• It addresses end-user requirements like:
  1) Functional user requirements
  2) Non-functional requirements
  3) Data elements

Question 6

Changes become available to all users in what environment?

Answer 6

Production environment

Question 7

What are the 3 types of application controls?

Answer 7

1) Input
2) Processing
3) Output

Question 8

What are output controls?

Answer 8

They are controls that ensure that reports (AKA outputs) are made available only to authorized personnel

Question 9

A lack of segregation of duties in the change management process exists when an employee:

Answer 9

Develops a code change and migrates it to the PRODUCTION environment

Question 10

What are DATA INTERFACE CONTROLS?

Answer 10

They are communication rules that organization should implement to mitigate the risks of transmission errors

Question 11

Change requests do not affect inventory until:

Answer 11

Records are updated after implementation

Question 12

Why would a cloud service provider provide customers with a SOC 2 report annually?

Answer 12

Because customers need to manage their own governance, risk, and compliance objectives

Question 13

What does inventory tracking do?

Answer 13

• It supplies info about the location of inventory

Question 14

How can a service auditor be sure that access to the development and production environment is segregated among the change management team members?

Answer 14

• The auditor should test/inspect management’s quarterly review of permissions to validate that the developers and other team members are in different permission groups
• This procedure ensures that access is properly segregated throughout the examination period as VALIDATED BY MANAGEMENT

Question 15

What do change controls do?

Answer 15

They prevent, detect, and correct unauthorized changes to systems, applications, and data

Question 16

What are examples of INPUT application controls?

Answer 16

• Validity checks
• Range (limit) checks
• Authorization checks
• Hash amounts
• Batch controls

Question 17

What are examples of PROCESSING application controls?

Answer 17

• Data validation
• Sequence checks
• Completeness checks
• Duplication checks
• File identification checks

Question 18

What are examples of OUTPUT application controls?

Answer 18

• Distribution lists
• Printer security
• Storage controls
• Confidentiality controls
• Data transmission controls

Question 19

What are system components?

Answer 19

• They are identifiable hardware, software, and firmware (operating system) assets
• Most frameworks recommend that organizations perform ongoing and periodic system component inventories to support asset, data, change, security, and business continuity management

Question 20

What do inventory reports list?

Answer 20

They list all components and their respective specifications, baseline configurations, locations