IT Chapter 3 Flashcards
Where is the greatest information security risk?
Accidental employee error.
What are the three control environment sub componenets?
Managerial philosophy
Org Structure
Steering committee
What is logical security concerned with?
Safeguarding software to protect software and data.
What is org security concerned with?
Segregating the functions of the IS department and the end user
Restricting documentation, hardware and data follows into what control?
Access control
What are output controls there for?
Procedures ensure the accuracy of output including reports, data updates.
What is SOX? What is the policy in Canada?
Requirement to have external auditors examine the internal controls. In Canada, does not have to be external auditors.
What is COBIT a governance model of?
IT Governance.
What is a disaster recovery plan?
Set of policies and procedures to protect and recover IT infrastructure in the even of disaster.
What is Infrastrcture-as-a-service?
Cloud-computing categary where an org oursoucres hardware, storage, servers and networking to a service prodiver.
What is the most common computer crime?
Input manipulation
What is program manipulation?
Involves changing or altering existing programs in the computer system or inserting new programs.
What is the salami technique?
Nearly unnoticeable thin slices of financial transactions are repeatedly removed and transferred to another account.
What is the focus of a financial audit?
Focused on providing reasonable assurance over financial records and documentattion of financial information.
What is an IT audit?
Evaluates if information systems are safeguarding assets, and maintaining data integrity.
What are the stages of a financial audit?
- Client acceptance
- Audit planning stage
- Control testing stage
- Substantive testing stage
- Opinion formulation stage
What are the auditing process for IT audits?
- Physical and environment review
- System admin review
- Network security review
- Business continuity review
- Data integrity review
What is substantive testing?
Focuses on finding direct evidence that certain activities are happening as they should.
What does CAAT stand for?
Computer assisted audit techniques
What are the functions of CAAT?
Can sift through records looking for patterns.
100% verification
Detect fraud.
Which two control procedures are classified as access,input, processing, output, procedural and documentation control procedures?
Physical and logical
What are three features of physical security?
Safeguarding hardware
Network authentication of users
Server room security
What is the subset goal of data input controls?
To protect data integrity
What are the two most common IT governance framework for SOX compliance?
COBIT and COSO
What has resulted in simplifying disaster recovery plans?
Virtualization
What is the formal term for the collected techniques of securing communications?
Cryptology
Three types of data processing fraud?
Input, program, output
What is the main focus of substantive testing?
Direct evidence that certain activities such as calculations are happening as they should.
What is the most common BI method deployed using CAAT?
Pattern recognition.
What is COSO
A model to ensure accurate financial reporting, efficient operations and law compliance.