Shared Flashcard Set

Details

ACC 444 Ch 8
ACC 444 Exam 2, Ch 8
32
Accounting
Undergraduate 3
03/06/2012

Additional Accounting Flashcards

 


 

Cards

Term
Info for Mgmt must satisfy 7 Key Criteria:
Definition
EECIACR: Effective, Efficient, Confidential, Integrity, Available, Compliance, Reliance
Term
4 Domains of COBIT Framework
Definition
1. PO - Plan & Organize
2. AI - Acquire & Implement
3. DS - Deliver & Support
4. ME - Monitor & Evaluate
Term
The COBIT Cycle is an ______ process.
Definition
Ongoing - It constantly repeats
Term
5 Categories of the Trust Services Framework
Definition
1. Security
2. Confidentiality
3. Privacy
4. Processing Integrity
5. Availability

All --> Systems Reliability
Term
What is the foundation of the Trust Services Framework/Systems Reliability?
Definition
Security!
Term
Security is a _____ issue, not a _____ issue!
Definition
Management; technical
Term
Defense-In-Depth
Definition
Have multiple layers of controls to avoid having a single point of failure

Ex) Use firewalls and multiple authorization methods (PW, tokens, biometrics)

Involves a combo of P,D,C controls
Term
Time-Based Model of Security
Definition
Combo of D & C controls

P > D + C
Term
What is P in the Time-Based Model of Security?
Definition
P = time it takes an attacker to break through the org's preventive controls
Term
What is D in the Time-Based Model of Security?
Definition
D = time it takes to detect that an attack is in progress
Term
What is C in the Time-Based Model of Security?
Definition
C = time it takes to respond to the attack
Term
For an EFFECTIVE information security system,
Definition
P must be > D + C
Term
6 Steps in an IS System Attack
Definition
1. Conduct Reconnaissance
2. Attempt Social Engineering
3. Scan and map the target
4. Research
5. Execute the attack
6. Cover tracks

**I do not think we covered this in class!
Term
3 ways to mitigate risk of attack
Definition
P, D, and C Controls!
Term
5 Preventive Controls
Definition
1. Training
2. Physical Access
3. Remote Access
4. Hardening
5. Encryption
Term
Authentication
Definition
Verifies WHO a person is
Term
3 Things needed for Authorization
Definition
Something person knows: user name, pw, PIN

Something person has: smart card, badge, USB device

Biometric characteristic: fingerprint, palm voice, retina
Term
Authentication
Definition
WHAT a person can access
Term
Authentication is implemented by: ___ & ___
Definition
Access control matrix & Compatibility Test
Term
P Control, Network Access

What is a Border Router?
Definition
Connects an org's info system to the Internet
Term
P Control, Network Access

What is a Firewall?
Definition
SW or HW sued to filter info
Term
P Control, Network Access

What is a DMZ?
Definition
Demilitarized Zone

Separates network that permits controlled access from the internet to selected resources
Term
P Control, Network Access

What is a IPS?
Definition
Intrusion Prevention Systems

Monitors PATTERNS in the traffic flow, rather than only inspecting individual packets, to identify & automatically block attacks

**Issues an alert and automatically takes steps to stop a suspected attack (An IDS just issues a warning alert)
Term
D Control

What is Log Analysis?
Definition
An audit trail of system access

Process of examining logs to identify evidence of possible attacks

*Only beneficial is ROUTINELY examined
*Analyze logs of FAILED attempts b/c they could rep. an attempted attack by an ex. intruder
*Requires human judgment to interpret the reports & identify situations that are 'not normal'
Term
C Control

What is CIRT?
Definition
CIRT: Computer Incident Response Team

*Deals w major incidents

1. RECOGNIZE that a prob exists
2. CONTAIN the prob
3. RECOVERY
4. FOLLOW-UP
Term
C Control

What is CISO?
Definition
CISO: Chief Information System Officer

-Independent of other IS functions
-Reports to CEO
-Works closely w person in charge of physical security
-Responsible for info security
Term
What are the 3 corrective controls?
Definition
CIRT, CISO, Patch Management
Term
C Control

What is Patch Management?
Definition
Process for regularly applying patches and updates to all SW used by the org

Prob w/ patches: can create new probs b/c unanticipated side effects
Term
2 New Considerations:
Definition
Virtualization & Cloud Computing
Term
Virtualization
Definition
-Multiple systems are run on one computer

-Dec maintenance costs
-Dec utility costs
Term
Cloud Computing
Definition
-Remotely accessed resources (SW apps, data storage, HW)
Term
Cloud Computing -Risks & Opportunities
Definition
Risks - Inc risk of threats
Risk - Inc exposure if breach occurs
Risk - Reduced authentication standards

Opp - offer opp to improve overall security
Supporting users have an ad free experience!