INFOS SUMMARY Flashcards

Question 1

Q

what is data?

Answer

A

facts collected, recorded and stored in the system

Question 2

Q

what is information?

Answer

A

meaningful and organized data

Question 3

Q

uses for IT?

Answer

A

helps decision makers more effectively filter and condense info

Question 4

Q

when is info valuable?

Answer

A

when benefits exceed costs of gathering, storing, maintaining

Question 5

Q

what makes info useful?

Answer

A

relevant
reliable
complete
timely
understandable
verifiable
accessible

Question 6

Q

what are business processes?

Answer

A

activities and tasks performed to achieve specific organisational goals

Question 7

Q

what is a business transaction?

Answer

A

an agreement between two entities to exchange g/s/other that can be measured in economic terms by the entity

Question 8

Q

what is transaction processing?

Answer

A

when transactional data is used to create FS

Question 9

Q

what is a basic bus process?

Answer

A

transactions betw the bus and third parties:

revenue cycle (give g/s = get cash)
expenditure cycle (get g/s = give cash)

Question 10

Q

what is an AIS?

Answer

A

a system that collects, records, stores and processes data to produce info for decision makers

Question 11

Q

components of an AIS?

Answer

A

people who use it
processes
technology
controls to safeguard info

Question 12

Q

how does an AIS add value to an org?

Answer

A

improving quality and reduce service costs
improves efficiency
improves decision making

Question 13

Q

what is a strategy?

Answer

A

the overall goal the org hopes to acheive

Question 14

Q

what does a value chain do?

Answer

A

it links together diff activities within an org that provide value to the customer

Question 15

Q

primary value chain activities?

Answer

A

provide direct value to the customer

Question 16

Q

value chain support activities?

Answer

A

enable primary activities to be efficient and effective

Question 17

Q

what is a data processing cycle?

Answer

A

demonstrates the operations performed on data to make the info meaningful for decisions

Question 18

Q

what triggers data processing?

Answer

A

a business activity

Question 19

Q

four components of data processing cycle

Answer

A

storage
^
input > processing > info output

Question 20

Q

what forms part of (1) data input?

Answer

A

data collection/preparation

Question 21

Q

what forms part of (2) data processing?

Answer

A

editing
correction
manipulation

Question 22

Q

what data must be collected when a bus activity is initiated?

Answer

A

activity type
resources affected by the activity
people who took part in it

Question 23

Q

what is data collection?

Answer

A

process which ensures that data are both defined and accurate so that decisions can be valid

Question 24

Q

what is data preparation?

Answer

A

manipulation of data into a form more suitable for analysis

Question 25

Q

what happens during data input?

Answer

A

verified data is conv into machine-readable form so that it can be processed. time consuming and requires speed and accuracy.

Question 26

Q

what is a turnaround document?

Answer

A

(source document)

takes output to an external party who returns the output back to the company as an input (after adding things)

Question 27

Q

what is a transaction processing system?

Answer

A

IS that processes data generated from bus transactions

Question 28

Q

what are the objectives of a TPS?

Answer

A

carries out day-to-day transactions
supplies necessary info to orgs that enables business functions
supplies data to other IS

Question 29

Q

what is a transaction?

Answer

A

a business event that modifies/generates data stored in an IS

Question 30

Q

TPS characteristics?

Answer

A

rapid processing (info available when needed speedily)
processing reliability
controlled access
must be efficient and meet ACID requirements

Question 31

Q

what are the ACID requirements?

Answer

A

Atomicity (complete)
Consistency (valid according to rules)
Isolation
Durability (can’t be undone)

Question 32

Q

what is the design of a TPS based on?

Answer

A

data content and format
execution details of transactions
rules to be enforced

Question 33

Q

what are TPSs capable of?

Answer

A

enforcing rules and work procedures
detecting errors/missing data
automating certain dec-mak functions

Question 34

Q

what are the four types of data processing?

Answer

A

C reating new records
R eading existing data
U pdating previous records / data
D eleting data

Question 35

Q

methods of data processing?

Answer

A

batch processing
online real-time processing
online batch processing

Question 36

Q

adv of batch processing?

Answer

A

cheaper
can manage large repeated work easily
sharing of batch system for multiple users

Question 37

Q

disadv of batch processing?

Answer

A

time delays (you can’t do anything while it’s processing)

- difficult to debug

Question 38

Q

how does real-time processing work?

Answer

A

comp sys processes data immediately after capture and provides updated info to users on a timely basis

Question 39

Q

adv of real-time processing?

Answer

A

accessible
cost savings
service improves dramatically

Question 40

Q

disadv of real-time processing?

Answer

A

servers must always be online (expensive bc of resources and processing time)

Question 41

Q

what is data storage?

Answer

A

an important stage in the cycle where data are held for future usage. allows for quicker access to processed info so that it can be passed on to the next stage.

Question 42

Q

what is CBS?

Answer

A

computer-based storage

Question 43

Q

what are attributes (CBS)?

Answer

A

facts/properties about an entity

Question 44

Q

what are data values (CBS)?

Answer

A

actual value stored in a field, describing a particular attribute of an entity

Question 45

Q

what are records (CBS)?

Answer

A

a group of fields whose data values describe entity attributes

Question 46

Q

what are fields (CBS)?

Answer

A

this is where attributes of an entity are stored

Question 47

Q

what is the info output stage?

Answer

A

the stage where processed info is transmitted to the user (can be viewed online) to be interpreted and given meaning to guide decisons

Question 48

Q

what do IS produce output for?

Answer

A

planning
recording/processing transactions
monitoring performance
controlling
dec-mak

Question 49

Q

what is a file?

Answer

A

a group of media records of an entity

Question 50

Q

what is a masterfile?

Answer

A

what stores all accumulated info about an org

Question 51

Q

what does the transaction file consist of?

Answer

A

all bus transactions that occurred during a specific time

Question 52

Q

what does an enterprise resource planning system do?

Answer

A

integrates activities from the entire org (revenue, exp, production)

Question 53

Q

adv of ERPSs?

Answer

A

(help MONITOR, CONTROL, AUTOMATE)

greater monitoring capabilities for mgmt
improved access of control of data
increases productivity thru automation

Question 54

Q

disadv of ERPSs?

Answer

A

costly
complex
lots of time to implement

Question 55

Q

what are some threats to an AIS?

Answer

A

natural/political disasters
software errors/malfunctions of equ
un/intentional acts

Question 56

Q

what is fraud?

Answer

A

any means a person uses to gain an unfair advantage over another
- false statement, material facts which induces victim to act, intends to deceive

Question 57

Q

what are the two main categories of fraud?

Answer

A

misappropriation of assets (theft of comp assets)

- fraudulent financial reporting

Question 58

Q

elements of misappropriation of assets?

Answer

A

an org’s assets taken through trickery/deceit not force

- the act of asset theft, concealment and conversion must be present

Question 59

Q

when can misappropriation of assets occur?

Answer

A

before they are recorded in the books (skimming)
while A are being held by the org (larcency)
during purchasing process

Question 60

Q

examples of misappropriation of assets?

Answer

A

skimming, larcency, misuse of equ/inv/cash

Question 61

Q

what are the three conditions for fraud?

Answer

A

pressure
opportunity
rationalization

Question 62

Q

how to prevent and detect fraud?

Answer

A

make it less likely to occur
make it harder to commit
improve detection
reduce fraud losses

Question 63

Q

how to make fraud less likely to occur?

Answer

A

create a culture of integrity
develop and communicate the security policy
assign authority for bus obj and hold them accountable for achieving those goals

Question 64

Q

how to make fraud difficult to commit?

Answer

A

strong int controls
require independent checks
restrict access
use encryption / sys authentification

Answer 65

A

ext/int audits
audit trails of sys transactions
install fraud detection software

Answer 66

A

insurance
monitor sys activity
store backup copies of data files in secure location

Answer 67

A

increased no. of IS = more people accessing info
decentralized networks are harder to control than cen
wide area networks give cust and supp access to each other’s sys and data

Answer 68

A

erroneous bookkeeping
fraud, cybercrime
excessive costs
loss of resources

Answer 69

A

a digital/virtual currency that is secured by cryptography so it cannot be counterfeited. many are decentral networks based on blockchain tech. are immune to gov intervention.

Answer 70

A

ensuring the integrity of transactional data

Answer 71

A

prevent fraud
verify transaction correctness
ensure security

Answer 72

A

at type of database that stores data in blocks that are chained together in chronological order. new data entered into a fresh block when it comes in and is chained to previous block.

Answer 73

A

not backed by a central party and their value is determined by what market participants place on them. loss in confidence = collapse of trading activities = drop in value

Answer 74

A

criminals can break into exchanges and drain crypto wallets and infect computers with malware that steals cc
cc is highly reliant on unregulated companies that may lack proper int control – more susceptible to fraud and theft
can’t recover keys if lost/stolen

Answer 75

A

access to money in account cannot be restored if keys are lost / stolen

Answer 76

A

some countries do not allow the use of cc

Answer 77

A

there are liquidity concerns and market may be easily manipulated

Answer 78

A

not cash/backed by a gov and are thus volatile and have a significant risk of changes in value
do not give owners a contractual right/obl to receive cash / financial asset (cannot be considered a financial instrument)

Answer 79

A

to provide assurance that the goals of each bus process are being achieved
to mitigate the risk that the entity is exposed to
to provide assurance that the comp is in compliance with gov regulations

Answer 80

A

input / output
processing
standard
sensor
comparator
effector
feedback/forward
ctrl objectives

Answer 81

A

they gather info on the past performance from the output of a system which is then used to govern future performance by adjusting the input

Answer 82

A

attempt to change the direction of the actual movement of the system to bring it back in line with the plan

Answer 83

A

will cause a system to repeat or amplify a certain action

Answer 84

A

if forecast costs start to rise above budget then action may be prompted on a feedforward principle to prevent such a deviation from ever actually occurring

Answer 85

A

provide reasonable assurance of:

efficient, effective operations
reliable FR
compliance with laws

Answer 86

A

what is to be attained

- the means to attain those goals

Answer 87

A

to safeguard assets
to check accuracy & reliability of accounting data
promote operation efficiency

Answer 88

A

to control the org so that it can achieve its objectives

Answer 89

A

prevent
detect
correct

Answer 90

A

these are designed to ensure an org’s control environment is stable and well-managed

security mgmt
IS mgmt
IT infrastructure controls

Answer 91

A

pdc transactions with errors and fraud. concerned with data VAC and authorization.

Answer 92

A

org level
personnel
file security
computer facility
… controls

Answer 93

A

1) control environment
2) risk assessment
3) control activities
4) info and communication
5) monitoring

Answer 94

A

IT’s value delivery to the business

- mitigating IT risks

Answer 95

A

strategic IT alignment
value delivery
risk, resource, performance mgmt

Answer 96

A

five key principles:

1) customize bus processes to make an IS that adds value
2) integrates IT and processes
3) applying a single integrated framework
4) applies an approach that results in effective gov and mgmt of IT functions
5) separates governance and management

Answer 97

A

a private sector group that issued the framework which defines internal controls and provides guidance for evaluating and enhancing control systems

Answer 98

A

enterprise risk management

Answer 99

A

to set strategy
identify events that may effect the entity
manage risk
provide assurance the comp achieves its objectives

Answer 100

A

comps are formed to create value for owners
mgmt must decide how much uncertainty it will accept
uncertainty = risk = negatively effects ability to create value or opportunity = positive effects
ERM manages uncertainty = can create/preserve value

Answer 101

A

strategic
operational
reporting
compliance

Answer 102

A

should provide assurance that the board is informed of the progress on the achievement of bus goals

Answer 103

A

provide a guide for org to reach operational goals = effective use of resources

Answer 104

A

ensures continued flow of capital to meet strategic obj

Answer 105

A

mgmt philosophy, operating style, risk appetite
commitment to integrity, ethical values
organizing structure
methods of assigning authority
HR standards

Answer 106

A

it ensures there is a plan in place to formulate objectives that support the comp mission and consistent with their risk tolerance

Answer 107

A

identify risks or factors that prevent an org from achieving goals

Answer 108

A

risk prob x risk impact

Answer 109

A

in terms of potential impact and probability

Answer 110

A

can recommend any changes to the ERM

aims to ensure ERM program functions as designed

Answer 111

A

gov and culture
strategy/obj setting
performance
review and revision
info, comm, reporting

Answer 112

A

forms basis of other components by providing on board oversight resp, operating structure, leadership tone

Answer 113

A

focuses on strategic planning and how the org can assess risk. provides guidance on risk appetite and forming obj

Answer 114

A

guides org identifies and assesses risk after developing a strategy and how to respond to risk

Answer 115

A

opportunity to see how the ERM can be improved

Answer 116

A

sharing info from int/ext sources throughout the org. systems are used to process, capture and report business risk, culture and performance

Answer 117

A

risk appetite/ tolerance
resp and accountability for IT risk mgmt
awareness and comm
risk culture

Answer 118

A

provides policies, controls and op guidelines that enable IT leaders to manage risk and weigh bus value

Answer 119

A

capacity (amount able to take)
universe (all possible risks)
tolerance (capacity minus appetite)
appetite (willing to take)

Answer 120

A

something that will outline the number/type of risks and the effects thereof. allows the org to anticipate additional costs and disruptions to ops.

Answer 121

A

sys reliability
confidentiality
privacy
processing integrity
availability
security

Answer 122

A

access to system and data is controlled and restricted to legit users

Answer 123

A

implies a relationship between two or more persons in which the info com betw them is kept in confidence. sensitive org data is protected

Answer 124

A

privacy of data/info is necessity to preserve and protect personal info from the org from being accessed by a third party

Answer 125

A

data are processed accurately, completely, timely and with proper auth

Answer 126

A

1) assess threats, select risk response
2) develop and comm policy
3) acquire and implement systems
4) monitor performance
repeat
risks can change and threats can inc so policy may need to be revisited

Answer 127

A

multiple layers of control (prevent and detect) to avoid a single point of failure?

Answer 128

A

P > D + C
(time it takes hacker to break through Prev ctrls)
(time it takes to Detect)
(time it takes to respond to the attack and Correct)

Answer 129

A

reconnaissance
attempting social engineering (spear fishing)
scan and map target
research
execute attack
cover tracks (back doors)

Answer 130

A

implies a relationship between persons in which the info comm betw them is to be kept in confidence
(org intellectual property, plans, secrets)

Answer 131

A

the necessity to protect any personal info collected by an org from being accessed by a third party
(personal info of employees, vendors, cust)

Answer 132

A

identify/classify the info to protect (location, access)
encrypt the info by protecting it in transit/storage (only accessed by auth people)
add access controls
training users of the info

Answer 133

A

concealing/encrypting selected info (such as when third parties access reports but aren’t authorized to see certain info)

Answer 134

A

when malware carries out an unauth transfer from a computer (data theft)

Answer 135

A

(sets out how users may collect, store, use and disclose personal info)

mgmt (policies with assigned with resp)
notice (tell people about policies)
choice and consent (opt-in/out)
collection (only needed info)
quality
use and retention (for bus purposes)
disclosure to third parties
access (cust should be able to access/review data)
security (protect from loss, unauth access)
monitoring and enforcement (compliance)

Answer 136

A

key length
algorithm
mgmt policy

Answer 137

A

a random string of bits created explicitly for scrambling and unscrambling data. reverses encryption process to make info readable.

Answer 138

A

encrypted text

Answer 139

A

multiple people access the public key (encodes messages)

one or a few people access the private key which decodes messages

Answer 140

A

a hashing algorithm

Answer 141

A

the science of de/coding messages to keep them secure

Answer 142

A

a number generated from a string of text, in a way that a similar hash with the same value cannot be produced. fixed length.

Answer 143

A

used to validate content integrity, by detecting mods, and changes to a hash output. reflects every bit in a doc.

Answer 144

A

encodes data for the primary purpose of maintaining data conf and security

Answer 145

A

encryption is two way function that incl encryption and decryption (reversible). hashing is a one way function that changes plain text to a unique irreversible digest.

Answer 146

A

both ideal in handling data, messages, info

- both change data into a diff format

Answer 147

A

is a cryptographic hash

Answer 148

A

with the private key of the person who created it

Answer 149

A

sender encrypts using receiver’s public key, receiver decrypts using their private key

Answer 150

A

created by encrypting the hash using sender’s private key. it is decrypted with the sender’s public key

Answer 151

A

a data security measure in which a cryptographic key is entrusted to a third party

Answer 152

A

encrypts and decrypts data

Answer 153

A

same key encrypts and decrypts
vs
encrypt with public key, decrypt with private

Answer 154

A

the attacker can access any info encrypted with

Answer 155

A

public key is widely distributed. private key stored securely. if private key is compromised, the attacker can decrypt all info sent to you that was encrypted with your public key, but can also impersonate you with you private key (create dig signatures)

Answer 156

A

a way to ensure that an electronic doc is authentic (not modified, who created it). relies on encryption.

Answer 157

A

verifying that info is coming from a trusted source

Answer 158

A

the document creator creates a hash (algorithm) of the og document
they use their private key to encrypt the hash, which becomes a legally-binding DS

Answer 159

A

the assurance that someone cannot deny the validity of something. provides proof of date origin and integrity. digital signatures (combined w other stuff) can offer this.

Answer 160

A

that someone cannot enter into a digital transaction and deny that they have done so and refuse to fulfil their side of the contract

Answer 161

A

docs are identical

Answer 162

A

it must have been enc with their private key

Answer 163

A

one key to dec and enc
both parties need to know the key and need to securely comm it. cannot be shared w multiple parties. they each get their own key (same one) from the org
encrypting large amts of info

Answer 164

A

speed
requires sep key for everyone who wishes to comm
must find a secure way to share keys

Answer 165

A

protecting shared key from loss / theft

Answer 166

A

everyone can use ur public key to comm w u

- no need to store keys for each party

Answer 167

A

slow

- requires PKI to validate ownership of public keys

Answer 168

A

creating digital signatures

- secure exchanges of sym keys via email

Answer 169

A

(public key infrastructure)
a set of roles, policies, procedures needed to create, manage, distribute, store, revoke DS and manage public key encryption

Answer 170

A

extends a private network across a public network and allows users to send and receive data across public networks as if their devices were directly connected in a private network
securely transmits encrypted data between two individuals with the appropriate enc/dec keys

Answer 171

A

a numeric value of fixed length that uniquely identifies data. represents large amounts of data. used as DS.

Brainscape's Knowledge GenomeTM

INFOS SUMMARY Flashcards

Brainscape's Knowledge Genome^TM