Term
| routers, firewalls, intrusion prevention systems |
|
Definition
| TYPES OF PERIMETER DEFENSE |
|
|
Term
|
Definition
| connects an organization's information system to the internet |
|
|
Term
|
Definition
| behind the border router; a special purpose hardware device or software running on a general purpose computer |
|
|
Term
|
Definition
| separate network that permits controlled access from the internet to selected resources, such as the organization's e commerce web server |
|
|
Term
| border router and firewall |
|
Definition
| act as filters to control which information is allowed to enter and leave the organization's information system |
|
|
Term
|
Definition
| well defined rules and procedures that dictate how to perform all the packet activities |
|
|
Term
|
Definition
| govern the process for transmitting information over the internet |
|
|
Term
| transmission control protocol |
|
Definition
| specifies the procedures for dividing files and documents into packets to e sent over the internet and the methods for reassembly of the original document or file at the destination |
|
|
Term
|
Definition
| specifies the structure of those packets and how to route them to the proper destination |
|
|
Term
|
Definition
| two parts of every IP packet |
|
|
Term
|
Definition
| contains the packet's origin and destination addresses, as well as information about the type of data contained in the body of the packet |
|
|
Term
|
Definition
| designed to read the destination address fields in IP packet headers to decide where to send (route) the packet next |
|
|
Term
| border router of an organization |
|
Definition
| checks the contents of the destination address filed of every packet it receives |
|
|
Term
| access control list (ACL) |
|
Definition
| a set of rules that determines which packets are allowed entry and which are dropped |
|
|
Term
|
Definition
| screens individual IP packets based solely on the contents of the source and/or destination fields in the IP packet header (typically performed by border routers) |
|
|
Term
| to quickly identify and drop certain types of packets and to pass all other packets to the firewall, where they will be subjected to more detailed testing before being allowed to enter the organization's internal network |
|
Definition
| the function of the border router |
|
|
Term
|
Definition
| designed to only permit packets that meet specific conditions to pass |
|
|
Term
| stateful packet filtering |
|
Definition
| type of filtering employed by firewalls |
|
|
Term
| stateful packet filtering |
|
Definition
| maintains a table that lists all established connections between the organization's computers and the internet |
|
|
Term
| stateful packet filtering helps the firewall reject attack packets that are pretending to be a response to an internally initiated request |
|
Definition
|
|
Term
|
Definition
| stateful packet filtering is limited to examining what information? |
|
|
Term
|
Definition
| examines the data in the BODY of an IP packet (not just the header) |
|
|
Term
| intrusion prevention systems (IPS) |
|
Definition
| designed to identify and drop packets that are part of an attack; centered on deep packet inspection |
|
|
Term
| no; they are just another layer of protection |
|
Definition
| should IPS replace firewall? |
|
|
Term
| remote authentication dial in user service (RADIUS) |
|
Definition
| a standard method for verifying the identify of users attempting to obtain dial in access |
|
|
Term
| dial in users connect to a remote access server and submit their log in credentials, then those credentials are passed to RADIUS which performs compatibility tests to authenticate identity |
|
Definition
|
|
Term
|
Definition
| calls every telephone number assigned to the organization to identify those which are connected to modems |
|
|
Term
|
Definition
| most efficient and effective way to checking for rogue modems |
|
|
Term
|
Definition
| the devices that accept incoming wireless communications and permit the sending device to connect to the organization's network |
|
|
Term
|
Definition
| where should all wireless access points be located? |
|
|
Term
|
Definition
| enables wireless NICs to communicate directly with any other device that has a wireless NIC (a security threat) |
|
|
Term
| SSID service set identifier |
|
Definition
|
|
Term
|
Definition
| workstations, servers, printers, and other devices are collectively referred to as |
|
|
Term
|
Definition
| every program running on a host represents a potential point of attack b/c it probably contains flaws called ___ |
|
|
Term
|
Definition
| process of turning off unnecessary features |
|
|
Term
| buffer overflows, sql injection, cross sit scripting |
|
Definition
| common examples of attacks against software running on web sites; exploit poorly written software that doesn't check user supplied input prior to further processing |
|
|
Term
|
Definition
| occurs when web application software that interfaces with a database server doesn't filter user input, permitting an attack to send SQL commands and execute them on the database server |
|
|
Term
| cross site scripting attacks |
|
Definition
| occur if web application software doesn't carefully filter user input before returning any of that data to the browser, in which case the victim's browser will execute any embedded malicious script |
|
|
Term
| asymmetric encryption and hashing |
|
Definition
| used to create digital signatures |
|
|
Term
|
Definition
| information encrypted with the creator's private key |
|
|
Term
|
Definition
| provides a means to verify that the contents of a m message haven't been altered |
|
|
Term
|
Definition
| an electronic document, created and digitally signed by a trusted third party, that certifies the identity of the owner of a particular public key |
|
|
Term
|
Definition
| provide an automated method for obtaining an organization's or individual's public key |
|
|
Term
| public key infrastructure (PKI) |
|
Definition
| refers to the system and processes used to issue and manage asymmetric keys and digital certificates |
|
|
Term
|
Definition
| the organization that issues public and private keys and records the public key in digital certificate |
|
|
Term
| public key infrastructure (PKI) |
|
Definition
| refers to the system and processes used to issue and manage asymmetric keys and digital certificates |
|
|
Term
| digital signatures use asymmetric encryption to create legally binding electronic documents |
|
Definition
|
|
Term
|
Definition
| alternative mechanism for creating legally binding documents; cursive style imprint of a person's name that is applied to an electronic document |
|
|
Term
|
Definition
| information about the attributes of an entity are stored where |
|
|
Term
|
Definition
| all the fields containing data about one entity form _____ |
|
|
Term
|
Definition
|
|
Term
|
Definition
| a set of interrelated centrally coordinated files |
|
|
Term
| database management system (DBMS) |
|
Definition
| acts as an interface between database and the varous application programs |
|
|
Term
|
Definition
| the combination of the database, he DBMS, and the application programs that access the datbase through the DBMS |
|
|
Term
| database adminstrator DBA |
|
Definition
| the person resonbilbe for the database |
|
|
Term
|
Definition
|
|
Term
|
Definition
| the process of analyzing data repositories for new knoledge about the company's data and business processes |
|
|
Term
|
Definition
| combning master files into larger pols of data that many application nprograms can access |
|
|
Term
|
Definition
| combning master files into larger pols of data that many application nprograms can access |
|
|
Term
| phsyical view and logical view |
|
Definition
| two spearte views of the data with the dataase approach |
|
|
Term
|
Definition
| how the suer or programmer conceptually organizes and understands the data |
|
|
Term
|
Definition
| refers to how and where the data are physically arrangedand stored in the computer ystem |
|
|
Term
|
Definition
| describes the logical strucutre of the database |
|
|
Term
| conceptual, external, internal |
|
Definition
|
|
Term
|
Definition
| the organizationwide view of the entire database; lists all data elements and the relationships among them |
|
|
Term
|
Definition
| consists of a set of individual user views of portions of the database |
|
|
Term
|
Definition
|
|
Term
|
Definition
| low level view of the database; describes how the data are actually stored and accessed |
|
|
Term
|
Definition
| contains information about the strcuture of the database |
|
|
Term
|
Definition
| set of commands used to peform the function of creating the database |
|
|
Term
|
Definition
| set of commands used to peform the function of changing the database |
|
|
Term
|
Definition
| set of commands used to peform the function of querying the database |
|
|
Term
| data definition language (DDL) |
|
Definition
used to build the data dictionary, intialize or creaete the database,
dsecribe the logical views for each individual user or programmer, and
specify any limitaion or contratins on security imposed on database recoreds or fields |
|
|
Term
| data maniuplation language DML |
|
Definition
| used for data maintenance (updating, inserting, and delting portions of the database) |
|
|
Term
| data query language (DQL) |
|
Definition
| used to interrogate the database |
|
|
Term
|
Definition
| retrieves, sorts, orders, and presents subsets of the database in response to user queiries |
|
|
Term
|
Definition
| a language that simplieifse ereport creation |
|
|
Term
| those epmloyees with admintriative and programming responsbilites |
|
Definition
| who should have access to the DDL and DML |
|
|
Term
|
Definition
| an abstract representation of the contents of a database |
|
|
Term
|
Definition
| represens everything in the database as being stored in the form of tables |
|
|
Term
|
Definition
| each row in a relation that contains dta about a specific occurence of the type of entity representaed by that table |
|
|
Term
| attributes are in columsn |
|
Definition
|
|
Term
|
Definition
| the attribute, or cmobination of attributes, that uniquely identifies a specific row in a table |
|
|
Term
|
Definition
| an atribute in a table that is a primary key in another table; used to link tables |
|
|
Term
|
Definition
| occurs when storing all data in one uniform table; changes (u[pdates) to data values are no oorrectly recorded b/c it may overlok rows |
|
|
Term
|
Definition
| when there is no way to stoore information about new rows |
|
|
Term
|
Definition
| unitntened results occur when delting a row in the table |
|
|
Term
| every column in a row must be single valued, primary keys cannot be null, foregign keys, if not null, must have values that correspond to the value of a primary key in another table, all nonkey attributes in a table should describe a charactersitic about the object identified by the primary key |
|
Definition
| basic requireements of a relationsal database |
|
|
Term
|
Definition
| ensures that every row in every relation must represent data about some specific object in the real world |
|
|
Term
|
Definition
| used to link rows in one table to rows in another table |
|
|
Term
| referential integrity rule |
|
Definition
| ensues the consistency of the database |
|
|
Term
|
Definition
| way to design relationshal database; starts with the assumption that everything is initially stored in one large table |
|
|
Term
| normalization; semantic data modeling |
|
Definition
| two ways to design well strcutured realtional databases |
|
|
Term
|
Definition
| the relationsal data model protrays data as being stored in: |
|
|
Term
|
Definition
| how a suer conveptually organizes and understands data is referred to as the: |
|
|
Term
|
Definition
| shows how and where data are physically stored |
|
|
Term
|
Definition
| also called a row in a relationshal databsetable |
|
|
Term
|
Definition
| ech column in a relational database; describes soe characteristic of an entity about which data are stored |
|
|
Term
|
Definition
| an individual uer's view of the database |
|
|
Term
|
Definition
| the organizationwide view of the entire database |
|
|
Term
|
Definition
| represents how the data are actually stored and accessed |
|
|
Term
|
Definition
| used to retrieve information from a database |
|
|
Term
|
Definition
| used to build the data dictionary, create a database, describe logical views, and specify any limitations or constraints on security |
|
|
Term
|
Definition
| used for data maintenance |
|
|
Term
|
Definition
| a software program that runs a database system; acts as an interface between a database and various application programs |
|
|
Term
|
Definition
| the constraint that all primary keys must have non null data values |
|
|
Term
| referential integrity rule |
|
Definition
| the constrain that all foreign keys must have either null values or the value of a primary key in another table |
|
|
Term
| systems analysis, conceptual design, physical design, implementation and conversion |
|
Definition
| five basic steps in database design |
|
|
Term
|
Definition
| consists of initial planning to determine the need for and feasibility of developing a new system |
|
|
Term
|
Definition
| includes preliminary judgments about the proposal's technological and economic feasibility |
|
|
Term
|
Definition
| involves identifying user information needs, defining the scope of the proposed new system, and using information about the expected number of users and transaction volumes to make preliminary decisions about hardware and software requirements |
|
|
Term
|
Definition
| includes developing the different schemas for the new system at the conceptual, external, and internal levels |
|
|
Term
| physical design/third stage |
|
Definition
| consists of translating the internal level schema into the actual database structures that will be implemented in the new system |
|
|
Term
| physical design/3rd stage |
|
Definition
| stage when new applications are developed |
|
|
Term
| fourth stage/implementation and conversion |
|
Definition
| includes all the activities associated with transferring data from existing systems to the new database AIS, testing the new system,, and training employees how to use it |
|
|
Term
| using and maintaining the new system |
|
Definition
|
|
Term
| using and maintaining the new system |
|
Definition
| includes carefully monitoring system performance and user satisfaction to determine the need for making system enhancements and modifications |
|
|
Term
|
Definition
| the process of defining a database so that it faithfully represents all aspects of the organization, including its interactions with the external environment |
|
|
Term
| systems analysis and conceptual design stages of database design |
|
Definition
| during what stages does data modeling occur? |
|
|
Term
| entity relationship diagramming and rea data model |
|
Definition
| two important tools to perform data modeling |
|
|
Term
| entity relationship ER diagram |
|
Definition
| graphical technique for portraying a database schema |
|
|
Term
|
Definition
| anything about which the organization wants to collect and store information |
|
|
Term
|
Definition
| in an ER diagram, entities are depicted as: |
|
|
Term
|
Definition
| useful for deciding which entities need to be modeled |
|
|
Term
|
Definition
| developed specifically for use in designing AIS |
|
|
Term
|
Definition
| focuses on the business semantics underlying an organization's value chain activities; provides guidance for database design by identifying what entities should be included in the ais DATABASE AND BY PRESCRIBING HOW TO STRUCTURE RELATIONSHIPS AMONG THE ENTITIES IN THAT DATABASE |
|
|
Term
| resources, events (busines activities), agents |
|
Definition
|
|
Term
|
Definition
| those things that have economic value to the organization |
|
|
Term
|
Definition
| the various business activities about which management wants to collect information for planning or control purposes |
|
|
Term
|
Definition
| the people and organizations that participate in events and about whom information is desired for planning, control, and evaluation purposes |
|
|
Term
1. each event is linked to at least one resource that it affects
2. each event is linked to at least on other event
3. each events is linked to at least two participating agents |
|
Definition
| rea data model basic pattern |
|
|
Term
|
Definition
| relationships that affect the quantity of a resource ; represent either an inflow or outflow of that resource |
|
|
Term
identify the events about which management wants to collect information
identify the resources affected by each event and the agents who prticpate in those envents
determine the cardinalties of each relationship |
|
Definition
| developing an rea diagram for a specific transaction cycle (steps) |
|
|
Term
| identify the events of interest to management |
|
Definition
| the first step in developing an rea model of a transaction cycle |
|
|
Term
|
Definition
| represents an activity which reduces the organization's stock of a resource that has economic value |
|
|
Term
|
Definition
| represents an activity which increases the organization's stock of an economic resource |
|
|
Term
|
Definition
| describe the nature of the relationship between two entities by indicating how many instances of one entity can be linked to each specific instance of another entity |
|
|
Term
|
Definition
| can either be zero or one, depending upon whether the relationship between the two entities is optional or mandatory |
|
|
Term
|
Definition
| can either be one or many, depending upon whether each instance of entity |
|
|
Term
|
Definition
| can either be one or many, depending upon whether each instance of entity A can be linked to at most one instance or potentially many instances of entity B |
|
|
Term
| accounts receivable is not a resource, event or agent so not on rea diagram; rather it represents the difference between two events |
|
Definition
|
|
Term
|
Definition
| in most cases, the relationship between agent entities and event entities is: |
|
|
Term
| system analysis and conceptual design |
|
Definition
| data modeling occurs during which stages of database design |
|
|
Term
| every event must be linked to at least two agents in rea data model |
|
Definition
|
|
Term
| merging redundant resources does not affect any cardinatlites, but merging redundant events alters the minimum cardinalties associated with the other everns tat are reltaed to the merged event |
|
Definition
|
|
Term
create a table for each distinct entity in the diagram and for each many to many relationship
assign attributes to approp. tables
use foreign keys to implement one to one an done to many relationships |
|
Definition
| three steps to implementing an rea diagram in a relational database |
|
|
Term
| the primary key for M:N relationship tables consist of TWO attributes that represent the primary keys |
|
Definition
|
|
Term
|
Definition
| multiple attribute primary keys |
|
|
Term
|
Definition
| an attribute of one entity that is itself the primary key of another entity |
|
|
Term
|
Definition
| provide a chronological listing of transactions |
|
|
Term
|
Definition
| master files that contain cumulative information about specific accounts |
|
|
Term
|
Definition
| must be implemented as separate table tables in a relationship database |
|
|
Term
|
Definition
| can be used to implement 1:N AND 1:1 relationships |
|
|
Term
|
Definition
| combining two rea diagrams by merging entities common to both will necessitate changes in cardinality airs associated with the merged entity if it is an: |
|
|
Term
|
Definition
| information traditionally found in journals is store din which type of entity in an rea database |
|
|
Term
|
Definition
| store information about transactions |
|
|
Term
| every resource must be linked to at least one increment event and at least one decrement event |
|
Definition
| ONLY TRUE about an INTEGRATED rea data model |
|
|
Term
| to obtain info in a ledger: query not only resource tables but also event and agent tables |
|
Definition
|
|
Term
| systems development life cycle |
|
Definition
| the process that organizations follow to obtain and implement a new and well designed AIS |
|
|
Term
|
Definition
| first step in systems development |
|
|
Term
|
Definition
| information needed to purchase or develop a new system is gathered |
|
|
Term
| information needs of system users and managers are identified and documented |
|
Definition
| most important part of systems analysis |
|
|
Term
|
Definition
| the company decides how to meet user needs in this step |
|
|
Term
| identify and evaluate appropriate design alternatives |
|
Definition
| first task in conceptual design step |
|
|
Term
|
Definition
| the company translates the board, user oriented requirements of the conceptual design into detailed specifications that are used to code and test the computer programs |
|
|
Term
| implementation and conversion |
|
Definition
| constitutes the capstone phase ruing which all elements and activities of the system come together |
|
|
Term
| information systems steering committee |
|
Definition
| plan and oversee the information systems functions; sets policies that govern the AIS and ensures top mngmt participation, guidance, and control; facilitates the coordination and integration of information systems activities to increase goal congruence and reduce goal conflict |
|
|
Term
|
Definition
| study existing systems, design new ones, and prepare specifications that are used by computer programmers |
|
|
Term
|
Definition
| write programs using the specifications developed by the analysts; modify and maintain existing computer programs |
|
|
Term
individual project plans by project teams
master plan by info systems steering committee |
|
Definition
| two types of systems development plans needed |
|
|
Term
|
Definition
| basic building block of information systems planning; contains cost-benefit analysis, developmental and operational requirements, and a schedule of the activities required to develop and operate the new application |
|
|
Term
|
Definition
| long range planning document that specifies what the system will consists of, how it will be developed, who will develop it, how needed resoruces will be acquired, and where the AIS is headed |
|
|
Term
|
Definition
| two techniques for scheduling and monitoring systems development activities |
|
|
Term
| pert: program evaluation and review technique |
|
Definition
| requires that all activities and the precedent and subsequent relationships among them be identified |
|
|
Term
|
Definition
| consist of a network of arrows and nodes representing project activities that require an expenditure of time and resources and the completion and initiation of activities |
|
|
Term
|
Definition
| the path requiring the greatest amount of time |
|
|
Term
|
Definition
| a bar chart with project activities listed on the left hand side and units of time across the top |
|
|
Term
| the capacity to show in graphical form the entire schedule for a large complex project |
|
Definition
| primary advantage of gantt chart |
|
|
Term
|
Definition
| prepared during systems analysis and updated as necessary during the remaining steps in the SDLC |
|
|
Term
| economic feasibility, technical feasibility, legal feasibility, scheduling feasibility, operational feasibility |
|
Definition
| five aspects to be considered in feasibility study |
|
|
Term
|
Definition
| most important and frequently analyzed of the five feasibility study aspects |
|
|
Term
|
Definition
| basic framework for feasibility analysis; benefits and costs are translated into dollar estimates |
|
|
Term
|
Definition
| primary operation cost (65/75 percent) |
|
|
Term
| payback period, NPV, internal rate of return |
|
Definition
| three commonly used capital budgeting techniques |
|
|
Term
|
Definition
| behavior that is usually intended to destroy, cripple, or weakens the systems effectiveness |
|
|
Term
| aggression, projection, avoidance |
|
Definition
| major resistance to AIS changes |
|
|
Term
|
Definition
| involves blaming the new system for any and every unpleasant occurrence |
|
|
Term
| initial investigation, systems survey, feasibility study, information needs and system requirements, systems analysis report |
|
Definition
| steps in systems analysis phase (5) |
|
|
Term
|
Definition
| conducted to screen projects |
|
|
Term
|
Definition
| extensive study of the current AIS is undertaken; study the present system to gain a through understanding of how it works |
|
|
Term
|
Definition
| investigate each development activity to define the problem to be solved; prepare a proposal to conduct systems analysis |
|
|
Term
| interviews, questionnaires, observation, systems documentation |
|
Definition
|
|
Term
|
Definition
| used when the amount of information to be gathered is small and well defined, is obtained from many ppl or from those who are physically removed, or is intended to verify data from other sources; take little time to administer |
|
|
Term
|
Definition
| used to verify information gathered using other approaches and to determine how a system actually works, rather than how it should work |
|
|
Term
|
Definition
| describes how the AIS is intended to work |
|
|
Term
|
Definition
| illustrate how a system functions by describing the flow of documents, the computer processes preformed, and other physical elements of the system |
|
|
Term
|
Definition
| illustrate what is being done, regardless of how the flow is actually accomplished |
|
|
Term
|
Definition
| problems and alternatives are viewed from entire organization standpoint |
|
|
Term
|
Definition
| summarize and document the analysis activities and serve as a repository of data from which systems designers can draw; shows the new system's goal and objectives, its scope and recommendatiosn for the new system |
|
|
Term
1. initial investigation-determine whether to conduct systems survey
2. feasibility study-determine whether to proceed to the information requirements phase
3. analysis phase-decide whether to proceed to the next phase |
|
Definition
| go/no go decision making situations |
|
|
Term
| gain a competitive advantage, increase productivity, keep up with company growth, downsize company operations |
|
Definition
| reasons why companies make changes to AIS's |
|
|
Term
|
Definition
| the planning technique that identifies implementation activities and their relationships, constructs a network of arrows and nodes, and then determines the critical path thru the network |
|
|
Term
|
Definition
| basically a bar chart that displays dates and stages of completion for each project task |
|
|
Term
|
Definition
| illustrates how a system functions by describing document flows, computer processes, equipment used, and other physical elements of the system |
|
|
Term
|
Definition
| used to document a system with four basic symbols |
|
|
Term
| initial investigation, system survey, feasibility study, determination of information needs and system requirements |
|
Definition
| correct order of the steps in systems analysis |
|
|
Term
|
Definition
| long range planning document that specifies what the system will consist of, how it will be developed, who will develop it, how needed resources will be acquired and its overall vision |
|
|
Term
|
Definition
| used for individual projects and includes such items as cost benefit analysis, developmental and operational requirements, and a schedule of activities for developing and operating the new system |
|
|
Term
|
Definition
| increased error rates, disruptions, and sabotage are examples of: |
|
|
Term
|
Definition
| the most significant problem a company encounters in designing, developing, and implementing a system |
|
|
Term
|
Definition
| determining whether the organization has access to ppl who can design, implement, and operate the proposed system |
|
|
Term
|
Definition
| refers to whether the system can be developed and implemented with existing technology |
|
|
Term
|
Definition
| refers to whether the system complies with all applicable laws and regulations |
|
|
Term
|
Definition
| refers to whether the system can be analyzed, planned, designed, and implemented in the time allocated |
|
|
Term
|
Definition
| refers to whether the system's benefits outweighs its costs |
|
|
Term
|
Definition
| located at the beginning of each file and contains the file name, expiration date, and other identification data |
|
|
Term
| header and trailer records |
|
Definition
| two important types of internal lables |
|
|
Term
|
Definition
| located at the end of the file and contains the batch totals calculated during input |
|
|
Term
| data matching, file labels, recalculation of batch totals, cross footing and 0 balance tests, write protection, database processing integrity procedures |
|
Definition
| important processing controls |
|
|
Term
|
Definition
| error in which two adjacent digits were inadvertently reversed; indicated if evenly divisible by 9 |
|
|
Term
| cross footing balance test |
|
Definition
| compares the results produced by each method of calculating a total to verify accuracy |
|
|
Term
|
Definition
| applies the logic of cross footing test to control accounts |
|
|
Term
|
Definition
| ensures that data items are defined and used consistently |
|
|
Term
| concurrent update controls |
|
Definition
| protect resources from error that occur when two or more users attempt to update the same record simultaneously |
|
|
Term
| user review of output, reconciliation procedures, external data reconciliation |
|
Definition
|
|
Term
| parity checking, message acknowledgment |
|
Definition
| two basic types of data transmission controls |
|
|
Term
|
Definition
| an extra digit added to every character to detect errors in binary digit transmission |
|
|
Term
|
Definition
| the partiy bit is set so that each character has an even numbr of bits with the value 1 |
|
|
Term
|
Definition
| entails verifying that there are the proper number of bits set to the value 1 in each character received |
|
|
Term
| echo check, trailer record, number batches |
|
Definition
| message acknowledgment techniques |
|
|
Term
|
Definition
| a recalculation of summary statistic of the number of bits in a message (checks if the counts agree) |
|
|
Term
| change management controls |
|
Definition
| need to ensure that modification to the organizational structure and the adoption of new software for performing business activities maintain adequate segregatino of duties |
|
|
Term
| adequate monitoring and review by top management to ensure that proposed and implemented changes are consistent with organization's strategy |
|
Definition
| most important change management control |
|
|
