QUIZ1 Flashcards
(150 cards)
1
Q
are facts collected, recorded, and stored in the system
A
data
2
Q
organize the data within a context
A
information
3
Q
is used to help decision makers more effectively filter and condense information.
A
Information Technology (IT)
4
Q
limit access to authorized parties
A
Access restricted
5
Q
accurate, correct, and free of error
A
Accurate
6
Q
available to users when needed
A
Available
7
Q
perceived as true and credible
A
Reputable
8
Q
does not omit important aspects of events or
activities
A
Complete
9
Q
clear, succinct, brief, but comprehensive
A
Concise
10
Q
presented in the same format over time
A
Consistent
11
Q
up to the present data and time
A
Current
12
Q
unbiased, unprejudiced, and impartial
A
Objective
13
Q
reduces uncertainty and improves decision
A
Relevant
14
Q
provided in time for decision maker to make
decisions
A
Timely
15
Q
easy to use for different task
A
Useable
16
Q
easily comprehended and interpreted
A
Understandable
17
Q
two independent people can produce the same information
A
Verifiable
18
Q
Data is most useful when it is in a _______ format that can be read and processed by a computer.
A
machine-readable
19
Q
is a set of related, coordinated, and structured activities and tasks performed by people, machines, or both to achieve a specific organizational goal.
A
business process
20
Q
The Components of an
Information System
A
PEOPLE/ORGANIZATION/TECHNOLOGY
21
Q
agreement between two entities to exchange goods, services, or any other event that can be measured in economic terms by an organization.
A
transactions
22
Q
Transaction data is used to create financial statements and is called
A
transaction processing.
23
Q
is a system that collects, records, stores, and processes data to produce information for decision makers.
A
AIS
24
Q
collects and stores data, transforms that data
into information, and provides adequate controls.
A
AIS
25
is the use of computer systems to simulate human intelligence processes such as learning, reasoning, and self-improvement.
Artificial intelligence (AI)
26
is the use of software and algorithms to find and solve problems and improve business performance.
Data analytics
27
displays important data points in easily understood line ( bar charts, tables)
Data Dashboard
28
represents individual digital records, called blocks, linked together using cryptography in a single list,
called a chain.
Blockchain
29
is the use of a browser to remotely access software, data storage, hardware, and applications.
Cloud computing
30
is the running of multiple systems simultaneously on one physical computer.
Virtualization
31
refers to the embedding of sensors in a multitude of devices (lights, heating and air conditioning, appliances, etc.) so that those devices can now connect to the Internet.
Internet of Things (IoT)
32
overall goal the organization hopes to
achieve
strategy
33
links together the different activities within an organization that provide value to the customer.
value chain
34
provide direct value to the customer.
Primary activities
35
enable primary activities to be efficient and effective.
Support activities
36
is an extended system that includes the organization’s value chain as well as its suppliers, distributors, and customers.
supply chain
37
list of numbers assigned to general ledger; allows transaction data to be coded;
facilitiate preparation of FS
Chart of accounts
38
well thought out to anticipate management needs are most efficient and effective
Coding schemas
39
items numbered consecutively to account for all items (i.e., prenumbered forms)
Sequence codes
40
blocks of numbers reserved for specific categories of data (i.e., product numbers that start with a 2 are refrigerators)
Block code
41
two or more subgroups of digits used to code items (i.e., car VIN #’s)
Group codes
42
letters and numbers interspersed to identify an item (i.e. Dry300W05 is low end (300), white (W) dryer (DRY) made by Sears (05))
Mnemonic codes
43
Four types of processing
Creating new records (e.g., adding a customer)
Reading existing data - VIEW ONLY MODE
Updating previous record or data - MODIFY / CORRECT A DATA
Deleting data
44
Integrates activities from the entire organization
Enterprise Resource Planning (ERP) Systems
45
requires management to assess internal controls and auditors to evaluate the
assessment
Sarbanes-Oxley Act (SOX)
46
Is a visual way to represent the activities in a business process.
Business Process Diagrams
47
shows the flow of documents and data for a process, useful in evaluating internal controls
document
48
depicts the data processing cycle for a process
system
49
illustrates the sequence of logic in the system process
program
50
are visually simple and can be used to represent the same process at a high abstract (summary) or detailed level.
Data Flow Diagrams (DFD)
51
• Natural and political disasters
• Software errors and equipment malfunctions
• Unintentional acts
• Intentional acts
Threats to AIS
52
Any means a person uses to gain an unfair advantage over another person
Fraud
53
[TWO CATEGORIES OF FRAUD]
Theft of company assets which can include physical assets (e.g., cash, inventory) and digital assets (e.g., intellectual property such as protected trade secrets, customer data)
Misappropriation of assets
54
[TWO CATEGORIES OF FRAUD]
cooking the books” (e.g., booking fictitious revenue,
overstating assets, etc.)
Fraudulent financial reporting
55
requires auditors to:
• Understand fraud
• Discuss the risks of material fraudulent misstatements
• Obtain information
• Identify, assess, and respond to risks
• Evaluate the results of their audit tests
• Document and communicate findings
• Incorporate a technology focus
SAS No. 99 (AU-C Section 240)
56
three conditions must be present for fraud to occur:
PRESSURE
OPPORTUNITY
RATIONALIZE
57
If a computer is used to commit fraud, it is called
Computer Fraud
58
six steps that many criminals use to attack information systems:
– Conduct reconnaissance
– Attempt social engineering
– Scan and map the target
– Research
– Execute the attack
– Cover tracks
59
Unauthorized access, modification, or use of an electronic device or some element of a computer system
Hacking
60
Techniques or tricks on people to gain physical or
logical access to confidential information
Social Engineering
61
Software used to do harm
Malware
62
Gaining control of a computer to carry out illicit activities
Hijacking
63
Uses vulnerability of Web application that allows the Web site to get injected with malicious code. When a user visits the Web site, that malicious code is able to collect data from the user.
Cross-site scripting (XSS)
64
Large amount of data sent to overflow the input memory (buffer) of a program, causing it to crash and replacing it with attacker’s program instructions.
Buffer overflow attack
65
Malicious code inserted in place of a query to get to the
database information
SQL injection (insertion) attack
66
Hacker is placed in between a client (user) and a host
(server) to read, modify, or steal data.
Man in the middle (MITM)
67
Taking small amounts at a time
Salami technique:
68
Theft of information, intellectual property, and trade secrets
Economic espionage
69
Threats to a person or business online through e-mail
or text messages unless money is paid
Cyber-extortion
70
Assuming someone else’s identity
Identity theft
71
Using a scenario to trick
victims to divulge information or to gain access
Pretexting
72
Creating a fake business to
get sensitive information
Posing
73
Sending an e-mail asking the victim to respond to a link that appears legitimate that requests sensitive data
Phishing
74
Redirects website to a
spoofed website
Pharming
75
Takes advantage of typographical errors entered in for websites and user gets invalid or wrong website
URL hijacking
76
Searching trash for confidential information
Scavenging
77
Snooping (either close behind
the person) or using technology to snoop and get confidential information
Shoulder surfing
78
Double swiping credit card
Skimming
79
Secretly monitors and collects
information
– Can hijack browser, search
requests
– Adware, scareware
Spyware
80
Threatening to harm a
company or a person if a specified amount of money is not paid
Cyber-extortion
81
Software that records user
keystrokes
Keylogger
82
Malicious computer instructions in an authorized and properly functioning program
Trojan Horse
83
Set of instructions that allow the
user to bypass normal system
controls
Trap door
84
Captures data as it travels over the Internet
Packet sniffer
85
A section of self-replicating code
that attaches to a program or file requiring a human to do something so it can replicate itself
Virus
86
Stand-alone self replicating
program
Worm
87
Stealing contact lists, data, pictures on Bluetooth
compatible smartphones
Bluesnarfing
88
Taking control of a phone to make or listen to calls, send or read text messages
Bluebugging
89
Any potential adverse occurrence or unwanted event that could be injurious to either the accounting information system or the organization is referred to as a _____ or an event.
threat
90
The potential dollar loss should a particular threat become a reality is referred to as the _____ or impact of the threat.
exposure
91
The probability that the threat will happen is the ______ associated with the threat.
likelihood
92
Processes implemented to provide assurance that the following objectives are achieved
Internal Controls
93
Deter problems from occurring
Preventive controls
94
– Discover problems that are not prevented
Detective controls
95
Identify and correct problems; correct and recover from
the problems
Corrective controls
96
To prevent companies from bribing foreign officials to obtain
business
– Requires all publicly owned corporations to maintain a system of internal accounting controls
FCPA is legislation passed (1977)
97
- Prevent financial statement fraud
– Make financial reports transparent
– Protect investors
– Strengthen internal controls
– Punish executives who perpetrate fraud
SOX is legislation passed (2002)
98
Framework for IT control
COBIT
99
Framework for enterprise internal controls (control-
based approach)
COSO
100
Expands COSO framework taking a risk-based approach
COSO-ERM
101
five components of the COSO Internal Control
– Control environment
– Risk assessment
– Control activities
– Information and communication
– Monitoring
102
Probability that the event will occur
Likelihood
103
Estimate potential loss if event occurs
Impact
104
Risk that exists before plans are made to control it
Inherent
105
Risk that is left over after you control it
Residual
106
Access to the system and data is controlled and
restricted to legitimate users.
Security
107
Sensitive organizational data is protected.
Confidentiality
108
Personal information about trading partners, investors, and employees is protected.
Privacy
109
Data are processed accurately, completely, in a timely
manner, and only with proper authorization.
Processing integrity
110
System and information are available.
Availability
111
It is the implementation of a combination of preventive, detective, and corrective controls that protect information assets long enough to enable an organization to recognize that an attack is occurring and take steps to thwart it before any information is lost or compromised.
time-based model of information security
112
examining logs to identify evidence of possible attacks
Log Analysis
113
system that creates logs of network traffic that was permitted to pass the firewall and then analyzes those logs for signs of attempted or successful intrusions
Intrusion Detection Systems (IDSs)
114
A decoy system used to provide early warning that an insider or outsider is attempting to search for confidential information
Honeypots
115
employee compliance with organization’s information security policies and overall performance of business processes
Continuous Monitoring
116
An authorized attempt to break into the organization’s information system
Penetration Test
117
the formal process used to ensure that modifications to hardware, software, or processes do not reduce systems reliability
Change Control and Change Management
118
Procedures and policies with assigned responsibility and accountability
Management
119
Provide notice of privacy policies and practices prior to collecting data
Notice
120
Opt-in versus opt-out approaches
Choice and consent
121
Only collect needed information
Collection
122
Use information only for stated business purpose. When no longer useful, dispose in a secure manner.
Use, retention, and disposal
123
Customer should be able to review, correct, or delete information collected on them
Access
124
Protect from loss or unauthorized access
Security
125
– Procedures in responding to complaints
– Compliance
Monitoring and enforcement
126
[TYPE OF ENCRYPTION]
• Uses one key to encrypt and decrypt
• Both parties need to know the key
– Need to securely communicate the shared key
– Cannot share key with multiple parties, they get their own (different) key from the organization
Symmetric
127
[TYPE OF ENCRYPTION]
Uses two keys
– Public—everyone has
access
– Private—used to decrypt (only known by you)
– Public key can be used by all your trading partners
• Can create digital signatures
Asymmetric
128
Securely transmits encrypted data between sender and receiver
Virtual Private Network (VPN)
129
is a process that takes plaintext of any length and creates a short code called a message digest
Hashing
130
Used to create legally binding agreements (two steps to create)
Digital Signatures
131
technology was originally developed to support the crypto-currency Bitcoin to prevent “double- spending” the same coin, but it has since been adopted for use in a variety of industries to create reliable audit trails for any business process.
Blockchain
132
Characters in a field are
proper type
Fieldcheck
133
Data in a field is appropriate sign (positive/negative)
Sign check
134
Tests numerical amount
against a fixed value
Limit check
135
Tests numerical amount against lower and upper limits
Range check
136
Input data fits into the field
Size check
137
Verifies that all required data is
entered
Completeness check
138
Compares data from transaction file to that of master file to verify existence
Validity check
139
Correctness of logical relationship between two data items
Reasonableness test
140
Recalculating check digit to verify data entry error has not been made
Check digit verification
141
Test of batch data in proper numerical or alphabetical sequence
Batchprocessing
142
Summarize numeric values for a batch of input records
Batch totals
143
System prompts you for input
(online completeness check)
Prompting
144
Checks accuracy of input data by using it to retrieve and display other related information (e.g., customer account # retrieves the customer name)
Closed-loop verification
145
Two or more items must be matched before an action takes place
Data matching
146
Ensures correct and most
updated file is used
File labels
147
Verifies accuracy by comparing two alternative ways of calculating the same total
Cross-footing
148
For control accounts (e.g.,
payroll clearing)
Zero-balance tests
149
Protect against overwriting or erasing data
Write-protection mechanisms
150
Prevent error of two or more users updating the same record at the same time
Concurrent update controls
