Module 3: System Interfaces and End-user Computing, Data Governance Flashcards
What is the difference between a system and system interface?
- A system is a set of elements (software and hardware) that work together to run one or more computers
- A systems interface is a way through which data is transferred from one application to another with little to no human interference.
What do you call interfaces that have human interaction?
User interfaces
What are the main characteristics of System Interfaces?
- It shares data
- It disregards programming language dependency
- It offers flexibility in application selection
Categories of System Interfaces: occur when data is transferred between two systems,
System to system interfaces
Categories of System Interfaces: system to system interfaces are made internally only (T or F)
False. It can be internally or externally
Categories of System Interfaces: Which category of system interfaces is closely related to data mining?
System to System interfaces
Categories of System Interfaces: two
partners are continuously transferring data back and forth across agreed-upon systems
Partner to Partner Interface
Categories of System Interfaces: What is the defining characteristic of partner to partner interface?
The transfer of data between individuals are done on a regular basis.
Categories of System Interfaces: What is the most unnoticed and unmanaged?
Person to person transfers
Risk associated with system interfaces: What is the current solution of organizations to the growth of system interfaces?
- Centralized methodology for tracking and managing
- Proper documentation and audit trail
Risk associated with system interfaces: What are the risks with unmanaged system interfaces?
- Data Privacy
- Data Security
- Error
Risk associated with system interfaces: What is the most critical consideration with regard to system interfaces and why?
Data Integrity. This is because the data is used to generate management reports and for decision making
Risk associated with system interfaces: Beyond an effect on business value, even a small error can invoke ___ ____ ___ ___
Potential legal compliance liability
Security Issues with System Interfaces: What are system interfaces’ primary and secondary objectives?
Primary: Maintain security of data being transferred through system interfaces
Secondary: To prevent unauthorized access to the data
Security Issues with System Interfaces: Unavailability of system interfaces can also affect the?
Reliability of data
Controls associated with System Interfaces: What should the IS auditor ensure with regards to System Interfaces?
That there is a program that tracks all system interfaces and transfers of data, both internal and external.
Controls associated with System Interfaces: What do you call programs that organizations use to track SIs
Managed File Transfer System
Controls associated with System Interfaces: What function should MFT have whether it is commercial or custom?
The ability to see all the transfers made, including ad hoc
Controls associated with System Interfaces:
* ___ ___ ___ transfer mechanisms.
* Use ___ ___.
* Automatically __ __ ___ __ __ __ data files.
* ___ ____ data files.
* Connect to __ __ __
* Send and retrieve files __ __ __ __ __ __
- Manage multiple files
- multiple protocols
- encrypt, decrypt and electronically sign
- Compress/decompress
- common database servers.
- via email and secure email
Controls associated with System Interfaces:
* Automatically schedule __ ___ __
* Analyze, track and report any ___ of the data being transferred.
* Ensure compliance with __ __ __ __ __.
* Offer a ___ __ __capability for interruptions.
* Integrate with ___ __ __ to automate data transfers as much
as feasible.
- regular data transfers.
- attributes
- appropriate regulatory laws and mandates
- checkpoint or restart
- back-office applications
Controls associated with System Interfaces: Example of manual controls for system interfaces?
Manual reconciliation done by a qualified person
Controls associated with System Interfaces: What should be used when industrial espionage, identity theft, etc. are likely to happen?
Encryption should be used when unauthorized access is relatively high
Controls associated with System Interfaces: What might be required in the transfer process and data files
Process: High access and authentication controls
Files: Password protected
Controls associated with System Interfaces: What information must be captured to ensure an audit trail?
( 2 Whos 2 Whens 1 What)
1. Who sent and received
2. When sent and received
3. What is the data structure
Controls associated with System Interfaces: automated logs must be especially assessed if?
It has gone to an external system
End-user computing: What are the characteristics of end user computing?
- From end users
- Created own application
- Made by non programmers
End-user computing: Who is the liaison between the IT department and end users?
End-user support manager
End-user computing: What are the advantages of end user computing?
- Lessens the stress on IT department
- rapidly addressing shifting marketplaces, regulations and consumer interests
End-user computing: What are the main disadvantages of end user computing?
- It does not go through an independent review
- It did not follow a formal development methodology
End-user computing: In what aspects does EUC lead to security risk?
- Authorization
- Authentication
- Audit Logging
- Encryption
End-user computing: management should define __ ___to determine the criticality of the application. These
applications should also be subject to ___ ___,
Risk Criteria; Data classification
End-user computing: More often than not, EUC applications post risks to organization (T or F)
False because they dont usually pose a great risk to the org
End-user computing: What should the organization do to EUC applications that are critical
Be subjected to the same controls as any other application
Data Governance: Data governance reflects the practice of ___ ___ and ___ ___ ___ ___ over data and information so that users have access to that data and can trust and rely on it.
evaluating requirements; bringing direction and control
Data governance: Data governance also involves __ __ __ __ __ __, specifically those areas that relate to data and its availability, integrity and confidentiality
monitoring the performance of IT operations
Data Management: What is the meaning of DMBOK
Data Management Body of Knowledge
Data Management: What is the key to data management?
Data Quality
Data Management: What are the three subdimensions of data quality?
- Intrinsic
- Contextual
- Security/Accessibility
Data Management: What should the IS auditor ensure?
- quality of data is able to meet the strategic objectives of the organization
- The applications is in line with organizational objectives