Test 1 Vocab Flashcards
1
Q
source documents
A
documents to capture transaction data at its source - when the transaction takes place
2
Q
turnaround document
A
records of company data sent to an external party and then returned to the system as input
3
Q
block code
A
blocks of numbers reserved for specific categories of data. i.e. - 1000-1999 is reserved for electronic devices
4
Q
fraud
A
gaining an unfair advantage over another person - false statements, intent to deceive, injury or loss suffered by victim
5
Q
investment fraud
A
misrepresenting or leaving out facts in order to promote investment that promises fantastic profits with little risk
6
Q
misappropriation of assets
A
theft of company assets by employees
7
Q
Fraud Triangle: Pressure
A
a person’s incentive or motivation for committing fraud
8
Q
Fraud Triangle: Opportunity
A
the condition or situation that allows the perpetrator to COMMIT, CONCEAL, AND CONVERT
9
Q
lapping
A
concealing the theft of cash by means of a series of delays in posting collections to AR
10
Q
check kiting
A
creating cash using the lag between the time a check is deposited and the time it clears the bank
11
Q
Fraud Triangle: Rationalization
A
the excuse that fraud perpetrators use to justify their illegal behavior
12
Q
COBIT 5 Framework
A
- Meet stakeholder needs 2. Covering the enterprise end-to-end 3. Applying a single, integrated framework 4. Enabling a holistic approach 5. Separating governance from mgt
13
Q
COSO’s ERM Model
A
- Internal Environment 2. Objective Setting 3. Event Identification 4. Risk Assessment 5. Risk Response 6. Control Activities 7. Info & Communication 8. Monitoring
14
Q
risk appetite
A
amt of risk a company is willing to accept to achieve its goals and objectives
15
Q
Possible Responses to Risk
A
- Reduce - IC 2. Accept 3. Share - buy insurance, outsource an activity or enter into hedging transactions 4. Avoid - Don’t get involved in those risky activities.
16
Q
Excpected Loss
A
impact x likelihood
17
Q
Specific Authorization
A
special approval an employee needs in order to be allowed to handle a transaction
18
Q
Trust Services Framework (Systems Reliability)
A
- Security 2. Confidentiality 3. Privacy 4. Processing Integrity 5. Availability
19
Q
Confidentiality
A
sensitive organizational information is protected from unauthorized disclosure
20
Q
Privacy
A
personal information is protect from unauthorized disclosure
21
Q
Availability
A
system and its info are available to meet operation and contractual obligations
22
Q
Security Life Cylce
A
- Assess threats and select risk response 2. Develop and communicate policy 3. Acquire and implement solutions 4. Monitor performance
23
Q
defense-in-depth
A
employing multiple layers of controls to avoid a single point-of-failure
24
Q
Time-based Model of Security
A
P > D + C
25
Authentication
1. Something they know (PIN) 2. Something they have (ID Card) 3. Something they are (BIOMETRIC, fingerprint, typing patterns)
26
Multimodal Authentication
More than one of the same type of authentication credentials - IE username AND password
27
Multifactor Authentication
Using two or more types of authentication. IE - Fingerprint and Password
28
Compatibility Test
Matches user's authentication credentials against the access control matrix to determine if they should be allowed to do what they're trying to do
29
border router
what connects the organization to the internet - final thing
30
firewall
hardware or software running on a general-purpose computer that controls inboudn and outbound communication between the system and other networks
31
Demilitarized Zone (DMZ)
separate network outside the organization's internal IS that permits controlled access from the Internet
32
packet filtering
a process that uses packet headers to make decision
33
deep packet inspection
examines body and contents of packet (opening an envelope)
34
endpoints
devices, printers, servers, etc. that comprise an org's network
35
hardening
process of modifying the default configuration of endpoints to eliminate unnecessary settings and services
36
Log Analysis
Detective control - examine logs to ID evidence of possible attacks
37
Intrusion Detection System
Detective - logs all network traffic that passed the firewall and looks for signs of intrusion
38
Petetration Testing
Detective Control - AUTHORIZED attempt to break into the organizations info system
39
Exploit
a program designed to take advantage of a known vulnerability
40
Virtualization
running multiple systems simultaneously on one physical computer
41
Application Controls for Processing Integrity
1. Input Controls 2. Processing Controls 3. Output Controls
42
Input Controls
1. Forms Design 2.Cancellation and Storage of Source Docs 3.Data Entry Controls 4.Batch Processing Entry Ctrls 5.Online Entry Ctrls
43
Field Check
CORRECT TYPE OF CHARACTERS
44
Sign Chck
Correct sign - no negatives in inventory
45
Limit check
compares number against a fixed value -
46
Range Check
Whether number falls between specified lower and upper limits (marketing promotion targets only those with income between $50k and $100k)
47
Size Check
Correct number of Chars, Digits
48
Completeness Check
all required data items have been entered
49
Validity Check
Compares ID code to master file to verify the account exists
50
Reasonableness Test
logical correctness of relationships among data items. (overtime hours should be 0 for those who have not worked 40 hrs)
51
Check Digit(and verification)
digit computed by using the other digits in and id number to identify errors
52
Prompting
system requests each input data item and waits for an acceptable response, ensures that all data is entered (online completeness check)
53
Closed-loop Verification
check accuracy by bringing up account name to verify the account number
54
transposition error
when numbers in two adjacent columns are inadvertently exchanged (64 become 46)
55
Cross-footing balance test
sum a row of column totals and a column of row totals to make sure they come out to the same number
56
Zero-Balance Test
debits and credits - payroll clearning account should have a zero balance after both sets of entries have been made.
57
Write-Protection Mechanisms
Processing control - protect against overwriting or erasing of data files stored on magnetic media
58
Concurrent update controls
prevent errors of when two or more users try to update the same record simultaneously. locks the others out until the first one is finished
59
Processing Controls
Data Matching File Labels Recalc of Batch Totals Cross-footing and Zero-balance Write-protection mechanism Councurrent Update Controls
60
Output Controls
User review of Output Reconcil. Procedures External Data Reconcil. Data Transmission Controls (Checksums and Parity Bits)
61
Checksums
uses a hash of a file to verify accuracy
62
Parity bit
and extra bit added to every character - even parity bit = 1011010=0 Ones add up to an even number
63
Archive
Copy of a database, master file, oir software that is retained indefinitely as a historical record (legal)
64
documents to capture transaction data at its source - when the transaction takes place
source documents
65
records of company data sent to an external party and then returned to the system as input
turnaround document
66
blocks of numbers reserved for specific categories of data. i.e. - 1000-1999 is reserved for electronic devices
block code
67
gaining an unfair advantage over another person - false statements, intent to deceive, injury or loss suffered by victim
fraud
68
misrepresenting or leaving out facts in order to promote investment that promises fantastic profits with little risk
investment fraud
69
theft of company assets by employees
misappropriation of assets
70
a person's incentive or motivation for committing fraud
Fraud Triangle: Pressure
71
the condition or situation that allows the perpetrator to COMMIT, CONCEAL, AND CONVERT
Fraud Triangle: Opportunity
72
concealing the theft of cash by means of a series of delays in posting collections to AR
lapping
73
creating cash using the lag between the time a check is deposited and the time it clears the bank
check kiting
74
the excuse that fraud perpetrators use to justify their illegal behavior
Fraud Triangle: Rationalization
75
1. Meet stakeholder needs 2. Covering the enterprise end-to-end 3. Applying a single, integrated framework 4. Enabling a holistic approach 5. Separating governance from mgt
COBIT 5 Framework
76
1. Internal Environment 2. Objective Setting 3. Event Identification 4. Risk Assessment 5. Risk Response 6. Control Activities 7. Info & Communication 8. Monitoring
COSO's ERM Model
77
amt of risk a company is willing to accept to achieve its goals and objectives
risk appetite
78
1. Reduce - IC 2. Accept 3. Share - buy insurance, outsource an activity or enter into hedging transactions 4. Avoid - Don't get involved in those risky activities.
Possible Responses to Risk
79
impact x likelihood
Excpected Loss
80
special approval an employee needs in order to be allowed to handle a transaction
Specific Authorization
81
1. Security 2. Confidentiality 3. Privacy 4. Processing Integrity 5. Availability
Trust Services Framework (Systems Reliability)
82
sensitive organizational information is protected from unauthorized disclosure
Confidentiality
83
personal information is protect from unauthorized disclosure
Privacy
84
system and its info are available to meet operation and contractual obligations
Availability
85
1. Assess threats and select risk response 2. Develop and communicate policy 3. Acquire and implement solutions 4. Monitor performance
Security Life Cylce
86
employing multiple layers of controls to avoid a single point-of-failure
defense-in-depth
87
P \> D + C
Time-based Model of Security
88
1. Something they know (PIN) 2. Something they have (ID Card) 3. Something they are (BIOMETRIC, fingerprint, typing patterns)
Authentication
89
More than one of the same type of authentication credentials - IE username AND password
Multimodal Authentication
90
Using two or more types of authentication. IE - Fingerprint and Password
Multifactor Authentication
91
Matches user's authentication credentials against the access control matrix to determine if they should be allowed to do what they're trying to do
Compatibility Test
92
what connects the organization to the internet - final thing
border router
93
hardware or software running on a general-purpose computer that controls inboudn and outbound communication between the system and other networks
firewall
94
separate network outside the organization's internal IS that permits controlled access from the Internet
Demilitarized Zone (DMZ)
95
a process that uses packet headers to make decision
packet filtering
96
examines body and contents of packet (opening an envelope)
deep packet inspection
97
devices, printers, servers, etc. that comprise an org's network
endpoints
98
process of modifying the default configuration of endpoints to eliminate unnecessary settings and services
hardening
99
Detective control - examine logs to ID evidence of possible attacks
Log Analysis
100
Detective - logs all network traffic that passed the firewall and looks for signs of intrusion
Intrusion Detection System
100
Detective - logs all network traffic that passed the firewall and looks for signs of intrusion
Intrusion Detection System
101
Detective Control - AUTHORIZED attempt to break into the organizations info system
Petetration Testing
101
Detective Control - AUTHORIZED attempt to break into the organizations info system
Petetration Testing
102
a program designed to take advantage of a known vulnerability
Exploit
102
a program designed to take advantage of a known vulnerability
Exploit
103
running multiple systems simultaneously on one physical computer
Virtualization
103
running multiple systems simultaneously on one physical computer
Virtualization
104
1. Input Controls 2. Processing Controls 3. Output Controls
Application Controls for Processing Integrity
104
1. Input Controls 2. Processing Controls 3. Output Controls
Application Controls for Processing Integrity
105
1. Forms Design 2.Cancellation and Storage of Source Docs 3.Data Entry Controls 4.Batch Processing Entry Ctrls 5.Online Entry Ctrls
Input Controls
105
1. Forms Design 2.Cancellation and Storage of Source Docs 3.Data Entry Controls 4.Batch Processing Entry Ctrls 5.Online Entry Ctrls
Input Controls
106
CORRECT TYPE OF CHARACTERS
Field Check
106
CORRECT TYPE OF CHARACTERS
Field Check
107
Correct sign - no negatives in inventory
Sign Chck
107
Correct sign - no negatives in inventory
Sign Chck
108
compares number against a fixed value -
Limit check
108
compares number against a fixed value -
Limit check
109
Whether number falls between specified lower and upper limits (marketing promotion targets only those with income between $50k and $100k)
Range Check
109
Whether number falls between specified lower and upper limits (marketing promotion targets only those with income between $50k and $100k)
Range Check
110
Correct number of Chars, Digits
Size Check
111
all required data items have been entered
Completeness Check
111
all required data items have been entered
Completeness Check
112
Compares ID code to master file to verify the account exists
Validity Check
112
Compares ID code to master file to verify the account exists
Validity Check
113
logical correctness of relationships among data items. (overtime hours should be 0 for those who have not worked 40 hrs)
Reasonableness Test
113
logical correctness of relationships among data items. (overtime hours should be 0 for those who have not worked 40 hrs)
Reasonableness Test
114
digit computed by using the other digits in and id number to identify errors
Check Digit(and verification)
114
digit computed by using the other digits in and id number to identify errors
Check Digit(and verification)
115
system requests each input data item and waits for an acceptable response, ensures that all data is entered (online completeness check)
Prompting
115
system requests each input data item and waits for an acceptable response, ensures that all data is entered (online completeness check)
Prompting
116
check accuracy by bringing up account name to verify the account number
Closed-loop Verification
116
check accuracy by bringing up account name to verify the account number
Closed-loop Verification
117
when numbers in two adjacent columns are inadvertently exchanged (64 become 46)
transposition error
117
when numbers in two adjacent columns are inadvertently exchanged (64 become 46)
transposition error
118
sum a row of column totals and a column of row totals to make sure they come out to the same number
Cross-footing balance test
118
sum a row of column totals and a column of row totals to make sure they come out to the same number
Cross-footing balance test
119
debits and credits - payroll clearning account should have a zero balance after both sets of entries have been made.
Zero-Balance Test
119
debits and credits - payroll clearning account should have a zero balance after both sets of entries have been made.
Zero-Balance Test
120
Processing control - protect against overwriting or erasing of data files stored on magnetic media
Write-Protection Mechanisms
120
Processing control - protect against overwriting or erasing of data files stored on magnetic media
Write-Protection Mechanisms
121
prevent errors of when two or more users try to update the same record simultaneously. locks the others out until the first one is finished
Concurrent update controls
121
prevent errors of when two or more users try to update the same record simultaneously. locks the others out until the first one is finished
Concurrent update controls
122
Data Matching File Labels Recalc of Batch Totals Cross-footing and Zero-balance Write-protection mechanism Councurrent Update Controls
Processing Controls
122
Data Matching File Labels Recalc of Batch Totals Cross-footing and Zero-balance Write-protection mechanism Councurrent Update Controls
Processing Controls
123
User review of Output Reconcil. Procedures External Data Reconcil. Data Transmission Controls (Checksums and Parity Bits)
Output Controls
124
uses a hash of a file to verify accuracy
Checksums
124
uses a hash of a file to verify accuracy
Checksums
125
and extra bit added to every character - even parity bit = 1011010=0 Ones add up to an even number
Parity bit
125
and extra bit added to every character - even parity bit = 1011010=0 Ones add up to an even number
Parity bit
126
Copy of a database, master file, oir software that is retained indefinitely as a historical record (legal)
Archive
126
Copy of a database, master file, oir software that is retained indefinitely as a historical record (legal)
Archive
