P1.E.2 Systems Controls & Security Measures Flashcards
Information System Controls
P1.E.2 Systems Controls & Security Measures
- Software
- Hardware
- Data security
- Administrative
Threats to Information Systems
P1.E.2 Systems Controls & Security Measures
- Input manipulation
- Program alteration: trap-door
- Direct file alteration
- Data theft
- Hardware theft
- Sabotage
- Virus: replicates data
- Trojan Horse: appears useful but contains malicious code
- Phishing: social engineering
Threats to Information Systems
(Internet-Specific System Risks)
(P1.E.2 Systems Controls & Security Measures)
- Interception data
- User judgement
- Direct attacks
Application Controls
P1.E.2 Systems Controls & Security Measures
- Input controls: inputs are accurate, complete and valid.
- Processing controls: ensures the security, safety and validity of the data that has been input into the system. Ensures data is processed with no loss, deterioration or manipulation.
- Output controls: maintain completeness and accuracy of data as well as ensuring no unauthorized users accessed data.
Hot Site
P1.E.2 Systems Controls & Security Measures
Replication of company’s data center. Used as a back up to switch over in case of a regular system fail.
Warm Site
P1.E.2 Systems Controls & Security Measures
Site where hardware and software are kept.
Cold Site
P1.E.2 Systems Controls & Security Measures
Contains infrastructure to support company’s data processing equipment but doesn’t contain hardware.
How does segregation of duties enhance system security?
P1.E.2 Systems Controls & Security Measures
- Authorization: should be separate from recording transactions
- Recordkeeping: should be separate from authority to take custody of assets
- Custody: should be separate from reconcilement
4 Reconciliation: should be separate from other functions responsibilities
Firewalls
P1.E.2 Systems Controls & Security Measures
- Security system that restricts access between networks
- Deters unauthorized access to a network
- Used to limit traffic that is allowed on a network
Most appropriate control to verify user is authorized to execute a particular online transaction
(P1.E.2 Systems Controls & Security Measures)
Compatibility check. It verifies user access information, such as user ID, password and security profile is correct.