IT/Business Continuity Flashcards
A malicious program replicates itself at each node of access to a network and sends copies of itself to each location it can reach from that node without attaching itself to an existing program or code. The program eventually finds and exploits a hole in the network security prompting a security breach
WORM: It spreads by sending copies of itself to terminals throughout a network. Worms may act to open holes in network security.
Malicious programs that try to appear harmless by using social engineering (rhetorical techniques designed to make messages appear to be friendly, innocent, or sent by familiar contacts).
Trojan horses
Software-based controls that check amounts or validate access based on logical rules.
Logic controls.
What are the three processes involved in Identity and Access Management
- Provisioning 2. Identity Management 3. Enforcement
The need to maintain security and integrity of transmissions and the data they represent. One of the best means of managing the confidentiality of satellite transmissions would be.
Encryption: Encryption is the best means of managing the confidentiality of satellite transmissions because even if an unauthorized individual recorded the transmissions, they would not be intelligible.
To reduce security exposure when transmitting proprietary data over communication lines, a company should use?
Cryptographic devices protect data in transmission over communication lines.
List the steps in the SDLC ( Systems Development Life Cycle)
- Systems Planning 2. Systems Analysis 3. Systems design/system selection 4. Programming and customization/configuration 5. Conversion and implementation 6. Systems operation and refinement (feedback)
Give an example of a input control?
A validation check at data entry that verifies that a quantity field contains only numbers is an example of a programmatic means of ensuring the accuracy of the value in that no nonnumeric characters are permitted; this is an input control.
Which stage of the SDLC is most important for auditors to be involved in because they need to ensure specific controls are integrated?
Ensuring the system includes all of the necessary controls in the systems design stage is vital because such controls will be expensive if added later. For systems selection, auditors need to ensure specific controls are part of the selection criteria and should check that the controls actually exist once a package has been selected.
After implementation of a new software system, the project team should
determine if the development process was conducted in compliance with policy.
What is an Echo Check?
An echo check is a hardware control that checks for accuracy in data transmission;
What is a sign check?
A sign check looks for positive or negative field restrictions
Buy side, sell side, back office, and enterprise resources planning (ERP) are subcategories of which of the following layers of IT?
Applications are programs that perform specific tasks related to business processes. They may be transactional or support applications. Transactional applications perform buy side (e.g., procurement), sell side (e.g., order processing), back office (e.g., invoicing for payables, recording receivables), and enterprise resource planning (ERP), software that integrates some of the other functions.
A device used to connect dissimilar networks is a
gateway, often implemented via software, translates between two or more different protocol families and makes connections between dissimilar networks possible.
What are gateways, routers, bridges, and repeaters?
Gateways connect Internet computers of dissimilar networks. Routers determine the best path for data. Bridges connect physically separate LANs. Repeaters strengthen signal strength
