IT Security, Risks and Controls 3

Question 1

Operations process goals should ensure:

Answer 1

1) effectiveness of operations
2) efficient resources
3) security of resources

Question 2

effectiveness of operations

Answer 2

strives to ensure that an intended process is fulfilling its intended purpose (such as proper management authorization for overrides)

Question 3

efficient resources

Answer 3

to have enough resources to ensure benefits of controls exceed the costs of those controls

Question 4

security of resources

Answer 4

protect all tangible and intangible resources.

Question 5

Validity checks and input controls vs authentication

Answer 5

Validity checks and input controls - ensure only valid data are entered.

Authentication controls - ensure authorized use of applications.

Question 6

Methods to control access to appropriate users are

Answer 6

1) passwords and user IDs
2) menus for end-user computing access databases
3) independent review of transactions,
4) restricting user ability to load data,
5) requirement of appropriate validation
6) authorization
7) reporting control when the end user uploads data and recording access to company databases by the EUC application

Question 7

Methods to control Computer Operations access to programs and data include

Answer 7

1) Segregation controls
2) backup and recovery
3) contingency processing
4) file protection rings
5) internal and external labels

Question 8

Risks associated with End User Computing (EUC)

Answer 8

1) Management does not review results of applications appropriately
2) More personnel need to understand control concepts
3) End user applications are not always tested before implimented