Lecture 24 - IT Governance and Controls, IT Security Flashcards

1
Q

-What questions must Governance-in-general answer?

A

o How do we organize ourselves? (In order to ensure ownership, objectivity, efficient decision making and action at the appropriate “level”)
o How do we decide? (In order to ensure a common set of guiding principles and the Strategy is reflected in all key decisions)
o How do we operate? (In order to ensure participation, accountability, co-ordination, integration of initiatives, funding, resource allocation, sustainment, evolution, etc.)

Governance is about the… “Rules of the Game”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are three key responsibilities of IT Governance?

A
  • PLAN: IT’s alignment and use within all activities of the enterprise
  • CONTROL: Management of technology related business risks
  • MEASURE: Verification of the value delivered by the use of IT across the enterprise
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is IT Governance

A

IT governance (ITG) is defined as the processes that ensure the effective and efficient use of IT in enabling an organization to achieve its goals.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is COBIT?

And its domains:

A

COBIT (Control Objectives for Information & related Tech)
• Measures, Indicators, Processes, Practices:

  • Plan and Organize
  • Acquire and Implement
  • Deliver and Support
  • Monitor and Evaluate
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is SOX?

A

SOX (Sarbanes-Oxley Act in USA)

Prevent and detect fraud
Relies on independent auditors
Relies on correct (T-based) controls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Example of a Control: 3-Way Match

A

Check before further transactions are allowed: supplier-invoice, purchase order, packing slip

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Example of an Audit: 3-Way Match

A

A check after transactions have concluded

Sales revenue, cash receipts, invoice

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Information Security must protect:

A
o	Data (wherever data is physically stored for later retrieval)
o	Computer (physical access to computers / processors)
o	Network (connection / authority on network)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Information Security must ensure:

A
o	Confidentiality (no inappropriate disclosure)
o	Authenticity (data indeed comes from claimed source)
o	Integrity (no unauthorized modification)
o	Availability (may degrade confidentiality, authenticity and integrity)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Who/What are the Threats?

A
Automated threats (having no real-time human director)
o	Malware: Viruses, Bots, Spyware, Misleading E-mail, Denial-of-Service Attacks

Human-Directed threats: (having a real-time human director)
o Hackers, Crackers, social engineers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are the threats motivations? (2)

A

Financial Gain

Political Gain

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Stages of Digital Forensics (4)

A
Collection
o	Physical access is obtained
o	Image copy is made
Authentication & Preservation 
o	Read contents 
o	Document chain of custody 
Recovery
o	Files
o	Fragments of files 
Analysis & Interpretation
o	Build evidence 
o	Put information in context
o	History of disk activity
o	Live analysis
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

ANTI-Forensics

A

Anti-Forensics Industry: A new branch of digital forensics
Makes it difficult/impossible to track user activity or to access data

  1. Configuration Settings
  2. Third Party Tools
  3. Forensic Defeating Software
How well did you know this?
1
Not at all
2
3
4
5
Perfectly