Information Technology Flashcards
what is the data repository that stores unstructured data?
data lake.
what is Encryption?
Encryption is transforming data, called plaintext, into unreadable gibberish, called ciphertext. Both a key and an algorithm are used to encrypt and decrypt text. To encrypt a document, the data is divided into blocks the same length as the key. The length of a key is made of a string of binary digits. The longer the key, the less likely someone can break the encryption code.
Internally encrypted passwords
nternally encrypted passwords are a form of access control designed to prevent unauthorized access by use of a utility program to identify passwords.
Machine learning (ML)
Machine learning (ML) is a current application of artificial intelligence based around the idea that we should be able to give machines access to data and let them learn for themselves. The algorithms that have driven successful machine learning depend on an approach called deep learning, which uses neural networks.
five core information assurance principles
Security Availability Processing integrity Confidentiality Privacy
Cryptographic device
Cryptographic devices protect data in transmission over communication lines.
The “who” in data governance includes:
The “who” in data governance includes the data governance committee, the chief data officer (CDO), data stewards, and data owners as well as employees that create data while performing their job (not all of the employees).
fail-soft protection
The capability to continue processing at all sites except a nonfunctioning one
Executive support system
An executive information system provides executives with information to make strategic plans, control the company, monitor business conditions, and identify business problems and opportunities.
Public-switched networks
Public-switched networks are open to the general public and offer the lowest level of security.
attribute of a relational database
In a relational database:
a- primary key uniquely identifies a specific row in a table.
b- Other non-key attributes in each table store important information about that entity.
c- A foreign key is an attribute in one table and a primary key in another.
Electronic vaulting
Electronic vaulting is the process of electronically transmitting and storing backups of programs and data at a remote data storage facility.
Electronic data interchange, or EDI
EDI, is the use of computerized communication to exchange business data electronically in order to process transactions. Encryption is transforming data into unreadable gibberish to be sent electronically. This data is then decrypted and read at its destination.Software applications that encrypt data are more vulnerable to security risks than a hardware device performing the same function.
An integrated test facility
An integrated test facility allows an auditor to introduce test data (simulated files) into an actual processing run to test the processing of that data. This provides evidence about operating effectiveness of the software.
private key encryption
A private key, also known as a secret key, is a variable in cryptography that is used with an algorithm to encrypt and decrypt data.
cybersecurity VS cyber resilience
The main aim of cybersecurity is to protect information technology and systems, whereas cyber resilience focuses more on business delivery to keep business goals intact rather than the IT systems.
data lake
data lake is a large data repository that stores unstructured data
data repository,
also known as data library or data archive, can be defined as a place that holds data, makes data available for use, and organizes data in a logical manner to be mined for data reporting, sharing, and analysis.
Value-added network
is a private network that adds value to the data communications process by handling the difficult task of interfacing with the multiple types of hardware and software used by different companies.
Electronic data interchange, or EDI
Is the use of computerized communication to exchange business data electronically in order to process transactions. Encryption is transforming data into unreadable gibberish to be sent electronically. This data is then decrypted and read at its destination.
Range checking
involves checking a number in a transaction (such as the date) to determine whether that number falls within a specified range. For example, when March transactions were being processed, the date of each transaction would be checked and any transaction date falling outside the range March 1 through March 31 would not be processed.
Electronic vaulting
is the process of electronically transmitting and storing backups of programs and data at a remote data storage facility.
integrated test facility
An integrated test facility allows an auditor to introduce test data (simulated files) into an actual processing run to test the processing of that data. This provides evidence about operating effectiveness of the software.
What is the primary purpose of a disaster recovery? plan
The primary purpose of a disaster recovery plan is to specify the steps required to efficiently and effectively restore/resume data processing operations when there is a disaster.
decision table
A decision table is a chart used to guide people to make correct and consistent decisions. Decision tables may be especially useful when many alternative inputs and/or results are possible.
neural network
A neural network is a computer system designed to recognize images and classify them according to the elements they contain, which works on a system of probability—based on data fed to it, it is able to make statements, decisions, or predictions with a degree of certainty. The addition of a feedback loop enables “learning”; by sensing or being told whether its decisions are right or wrong, the computer system modifies the approach it takes in the future.
record count
A record count is the total number of input documents for a process or the number of records processed in a run. these records are reconciled to the number of output records. The total number of invoices processed is an example of a record count.
security software
the primary functions of security software is to Authenticates user identification and control access to computer rsources like data files, Program laibraries and software.
Edit Checks
Edit checks are a type of input (application or procedural) control. These checks are run by the computer (from programmed edit routines) to check the validity, accuracy, and reasonableness of the data which has been input from source documents.
Data mining
Data mining technology helps examine large amounts of data to discover patterns. This data analytics technique can be deployed to discover potential fraud by identifying anomalies and extracting other useful information within a data warehouse. Since millions of transactions need to be scanned, this would be the most efficient technique for examining potential fraudulent charges within the dataset. Data mining software enables companies to pinpoint what is relevant, use that information to assess likely outcomes, and then accelerate the pace of making informed decisions.
Direct changeover “ Big Bang”
Conversion by direct changeover (also known as “big bang” conversion) means that, on a specified date, users stop using the old system and the new system is put into use.
The five classifications of controls used to make systems more secure?
1- segregation of duties
2- physical access controls
3- logical access controls,
4- personal computers and client/server network protection
5-internet and telecommunications controls.
Data Extraction
Data extraction is the process of gathering and retrieving data captured within unstructured sources, such as email, social media, images, and barcodes.
Unstructured data
Unstructured data is qualitative data stored in its native form and processed only when required. Examples are pictures, email text, audio and video files, social media sites, blogs, survey responses, and online reviews.
Semi-Structured Data
emi-structured data is qualitative data loosely organized by categories. For example, an email application can search categories such as Inbox, Sent, and Drafts. However, the email content is unstructured data.
Structured data
Structured data is data organized neatly in a tabular format with clearly defined relationships between different rows and columns. It is stored in a relational database. Examples are spreadsheets (e.g., Microsoft Excel), point-of-sales data, and credit card numbers.
Database protection mechanisms
1- data dictionary to make sure that data is defined and used consistently
2- procedures for assessing and updating the database
3- concurrent update controls to prevent multiple-user issues.
Hardening a host devise means…
Hardening is the process of modifying the configuration of hosts and application software and deleting, or turning off, unused and unnecessary programs that represent potential security threats.
Histograms
summarize continuous data and display a large amount of data as well as the frequency of data values. This is done by showing the number of data points that fall within a specified range of values called “bins.” These bins are consecutive, non-overlapping intervals of a variable. The adjacent bins do not have any gaps; the rectangles of a histogram touch each other to indicate that the original value is continuous.
system and organization controls (SOC®) 1
A SOC® 1 report is based on Statement on Standards for Attestation Engagements and generated by auditors for other auditors. Use of these reports is restricted to the management of the service organization, user entities, and user auditors.
SOC® 2 and SOC® 3
SOC® 2 and SOC® 3 are reports on the controls at a service organization relevant to security, availability, processing integrity, confidentiality, or privacy.
classifications of controls
1- segregation of duties
2- physical access controls
3- Logical access controls
4- Personal computers and client/server network protection
5- internet and telecommunications controls
Examples of input validation or edit controls?
- Preprinted forms,
- check digits,
- control totals.,
- batch and proof totals,
- hash totals,
- record counts
- limit or reasonable tests
example of a user control activity?
- Checks of computer output against source documents, control totals, or other input
- Reviewing computer logs
- Policies and procedures that document authorized users and recipients of data
What are the risks associated with supply chain management internationally?
- failure of member firms to meet obligations
- cultural and communication challenges among member firms in different nations
- failure of member firms to timely share information.
