IT Security, Risks and Controls

Question 1

Control plans

Answer 1

are policies and procedures that assist in accomplishing control goals.

Note - No control plan is 100% effective

Question 2

A combination of plans must be used to maximize effectiveness. What are those Three level of plans?

Answer 2

1) control environment (top level),
2) pervasive control Plans (mid-level)
3) application control (detail level) Plans

Question 3

Preventive vs Detective vs Corrective control plans

Answer 3

Preventive control plans stop problems from occurring.

Detective control plans discover problems that have already occurred.

Corrective control plans correct problems that have already occurred.

Question 4

What functions at a minimum should be separated

Answer 4

programming

operations

library

Question 5

Examples of confidential data

Answer 5

Transaction details 
engineering details of products 
business plans 
banking information 
legal documents 
inventory or other account information 
customer lists 
confidential details of operations

Question 6

It is more difficult to control access outside of a controlled MIS environment because

Answer 6

controls are less visible and more dependent on individual users

Question 7

Information System risks examples

Answer 7

Financial Risk
Information Risk
Strategy Risk

Question 8

Stragetic Risk

Answer 8

Poor Information Systems Decisions

Question 9

Information Risk

Answer 9

Risk of Data Loss