Information Systems Part 2 Flashcards

1
Q

What is a staging environment?

A

It is an environment where a sample group of end users have the chance to evaluate changes to applications prior to going live for all users

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is full interpretation?

A

This happens when all tasks are performed at the alternate site

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is patch management?

A
  • It is the process of identifying, testing, and applying software updates (patches) to fix vulnerabilities and enhance performance
  • Patch management is vital for regularly applying updates and patches to the OS to protect against security vulnerabilities
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is software version control?

A
  • AKA source code management
  • Primarily concerned with managing changes to the source code of software applications
  • It’s more associated with software releases than software patches
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is a systems specification document?

A
  • It is a document that describes what the system will do and how it will operate
  • It addresses end-user requirements like:
    1) Functional user requirements
    2) Non-functional requirements
    3) Data elements
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Changes become available to all users in what environment?

A

Production environment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are the 3 types of application controls?

A

1) Input
2) Processing
3) Output

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are output controls?

A

They are controls that ensure that reports (AKA outputs) are made available only to authorized personnel

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

A lack of segregation of duties in the change management process exists when an employee:

A

Develops a code change and migrates it to the PRODUCTION environment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What are DATA INTERFACE CONTROLS?

A

They are communication rules that organization should implement to mitigate the risks of transmission errors

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Change requests do not affect inventory until:

A

Records are updated after implementation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Why would a cloud service provider provide customers with a SOC 2 report annually?

A

Because customers need to manage their own governance, risk, and compliance objectives

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What does inventory tracking do?

A
  • It supplies info about the location of inventory
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

How can a service auditor be sure that access to the development and production environment is segregated among the change management team members?

A
  • The auditor should test/inspect management’s quarterly review of permissions to validate that the developers and other team members are in different permission groups
  • This procedure ensures that access is properly segregated throughout the examination period as VALIDATED BY MANAGEMENT
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What do change controls do?

A

They prevent, detect, and correct unauthorized changes to systems, applications, and data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What are examples of INPUT application controls?

A
  • Validity checks
  • Range (limit) checks
  • Authorization checks
  • Hash amounts
  • Batch controls
17
Q

What are examples of PROCESSING application controls?

A
  • Data validation
  • Sequence checks
  • Completeness checks
  • Duplication checks
  • File identification checks
18
Q

What are examples of OUTPUT application controls?

A
  • Distribution lists
  • Printer security
  • Storage controls
  • Confidentiality controls
  • Data transmission controls
19
Q

What are system components?

A
  • They are identifiable hardware, software, and firmware (operating system) assets
  • Most frameworks recommend that organizations perform ongoing and periodic system component inventories to support asset, data, change, security, and business continuity management
20
Q

What do inventory reports list?

A

They list all components and their respective specifications, baseline configurations, locations