Unit 4 - Module 9 Flashcards
Caesar cipher
Earliest encryption method; Julius Caesar is said to have used it to send coded messages to his generals in the field.
key
Mathematical value that the sender selects for the purpose of encrypting or decoding data.
algorithm
Procedure of shifting each letter in the cleartext message by the number of positions that the key value indicates.
Advanced encryption standard (AES)
Also known as Rijndael, a private key (or symmetric key) encryption technique.
private key
Both the sender and the receiver use the same encryption key.
symmetric key
Single key used in an encryption algorithm to both code and decode a message.
public key encryption
Technique that uses two encryption keys: one for encoding the message, the other for decoding it.
Public Key Encryption
Rivest-Shamir-Adleman (RSA)
One of the most trusted public key encryption methods. This method, however, is computationally intensive and much slower than private key encryption.
digital envelope
.
digital signature
Electronic authentication technique that ensures the transmitted message originated with the authorized sender and that it was not tampered with after the signature was applied.
digital certificate
Sender’s public key that has been digitally signed by trusted third parties.
certification authorities (CAs)
A trusted third party that issues a digital certificate.
Public key infrastructure (PKI)
Constitutes the policies and procedures for administering this activity.
firewall
Software and hardware that provide a focal point for security by channeling all network connections through a control gateway.
network-level firewall
System that provides basic screening of low-security messages (e.g., e-mail) and routes them to their destinations based on the source and destination addresses attached.
application-level firewall
Provide high-level network security.
To qualify for the TRUSTe seal, an organization must:
- Agree to follow TRUSTe privacy policies and disclosure standards.
- Post a privacy statement on the website disclosing the type of information being collected, the purpose for collecting information, and with whom it is shared.
- Promptly respond to customer complaints.
- Agree to site compliance reviews by TRUSTe or an independent third party.
Verisign, Inc.
It provides assurance regarding the security of transmitted data. The organization does not verify security of stored data or address concerns related to business policies, business processes, or privacy.
International Computer Security Association
ICSA certification addresses data security and privacy concerns.
AICPA/CICA WebTrust
To display the AICPA/CICA WebTrust seal, the organization undergoes an examination according to the AICPA’s Standards for Attestation Engagements, No. 1, by a specially web-certified CPA or CA. The examination focuses on the areas of business practices (policies), transaction integrity (business process), and information protection (data security). The seal must be renewed every 90 days.
Safe Harbor Agreement
Two-way agreement between the United States and the European Union establishing standards for information transmittal.
intelligent control agents
Computer programs that embody auditor-defined heuristics that search electronic transactions for anomalies.
value-added network (VAN)
Hosted service offering that acts as an intermediary between business partners sharing standards-based or proprietary data via shared business processes.
Verisign is
- a for-profit organization that provides assurance regarding the security of transmitted data.
- a nonprofit organization dedicated to improving consumer privacy practices among Internet businesses and websites.
- an organization that established the Web Trust program.
- a way to verify the security of stored data.
a for-profit organization that provides assurance regarding the security of transmitted data.
The correct answer is “a for-profit organization that provides assurance regarding the security of transmitted data.” Verisign is a for-profit organization that provides assurance regarding the security of transmitted data. Its mission is to provide digital certificate solutions that enable trusted commerce and communications. Its products allow customers to transmit encrypted data and verify the source and destination of transmissions.
A VAN is
the same as a VPN. the same as a WAN. the same as a LAN. a network that is used for EDI.
a network that is used for EDI.
The correct answer is “a network that is used for EDI.” In an EDI environment, a client’s trading partner’s computer automatically generates electronic transactions, which are relayed across a value-added network (VAN), and the client’s computer processes the transactions without human intervention.
Encryption is
- a modern invention, exclusive to the 21st century.
- the conversion of data into a secret code for storage in databases and transmission over networks.
- a social engineering approach which involves manipulation and deceptive practices.
- another name for malware and ransomware.
the conversion of data into a secret code for storage in databases and transmission over networks.
The correct answer is “the conversion of data into a secret code for storage in databases and transmission over networks.” Encryption is the conversion of data into a secret code for storage in databases and transmission over networks. The sender uses an encryption algorithm to convert the original message (called cleartext) into a coded equivalent (called ciphertext). At the receiving end, the ciphertext is decoded (decrypted) back into cleartext.
A firewall is
- a system used to insulate an organization’s intranet from the Internet.
- turns the target victims’ computers into zombies that are unable to access the Internet.
- unnecessary in today’s technological environment.
- so named because its effects keep the hardware cool.
- a system used to insulate an organization’s intranet from the Internet.
The correct answer is “a system used to insulate an organization’s intranet from the Internet.” A firewall is a system used to insulate an organization’s intranet from the Internet. It can be used to authenticate an outside user of the network, verify his or her level of access authority, and then direct the user to the program, data, or service requested. In addition to insulating the organization’s network from external networks, firewalls can also be used to protect LANs from unauthorized internal access
Seals of assurance
- are evidence that a web-based business is trustworthy.
- are assigned by the ISP to internet users so they can transact business over the internet.
- is software used by malicious websites to sniff data from cookies stored on the user’s hard drive.
- have no requirements for an internet-based business.
are evidence that a web-based business is trustworthy.
The correct answer is “are evidence that a web-based business is trustworthy.” In response to consumer demand for evidence that a web-based business is trustworthy, a number of trusted third-party organizations are offering seals of assurance that businesses can display on their website home pages. To legitimately bear the seal, the company must show that it complies with certain business practices, capabilities, and controls. This best known six seal-granting organizations are - Better Business Bureau (BBB), TRUSTe, Verisign, Inc., International Computer Security Association (ICSA), AICPA/CICA WebTrust, and AICPA/CICA SysTrust.
A digital signature is
- a tool that allows digital messages to be sent over analog telephone lines.
- the computed digest of the sender’s digital certificate.
- derived from the digest of a document that has been encrypted with the sender’s private key.
- the encrypted mathematical value of the message sender’s name.
derived from the digest of a document that has been encrypted with the sender’s private key.
The correct answer is “derived from the digest of a document that has been encrypted with the sender’s private key.” A digital signature is derived from the digest of a document that has been encrypted with the sender’s private key. A digital signature is an electronic authentication technique that ensures the transmitted message originated with the authorized sender and that it was not tampered with after the signature was applied.
Which of the following statements about continuous auditing is true?
- Continuous auditing does not involve electronic audit trails.
- Continuous auditing is usually considered less effective than traditional auditing.
- Continuous auditing only pertains to access controls.
- Continuous auditing enables the auditor to review transactions at frequent intervals or as they occur.
Continuous auditing enables the auditor to review transactions at frequent intervals or as they occur.
The correct answer is “Continuous auditing enables the auditor to review transactions at frequent intervals or as they occur.” Continuous auditing enables the auditor to review transactions at frequent intervals or as they occur. The growth of electronic commerce requires the auditors to rethink their traditional practices. Using intelligent electronic agents, transactions can be continuously monitored, and alarms can sound when an anomaly occurs.
Authentication
- requires accountants to develop a new skill set in the electronic environment.
- is simpler in the electronic environment than the old paper-based environment.
- is paper intensive process.
- not subject to audit rules and processes.
requires accountants to develop a new skill set in the electronic environment.
The correct answer is “requires accountants to develop a new skill set in the electronic environment.” Authentication requires accountants to develop a new skill set in the electronic environment. In traditional systems, the business paper on which it was written determines the authenticity of a sales order from a trading partner or customer.
