Shared Flashcard Set

Details

AIS
Romney Ch 8-10
40
Accounting
Undergraduate 3
03/14/2013

Additional Accounting Flashcards

 


 

Cards

Term
IT Lifecycle
Definition
Plan and Organize
Acquire and Implement
Deliver and Support
Monitor and Evaluate
Term
Four pillars of Trust services Framework
Definition
confidentiality
privacy
process integrity
availabilty
Term
Top and bottom of Trust services framework
Definition
Top: systems reliability
bottom: security
Term
security
Definition
access is restricted
Term
confidentiality
Definition
sensitive info is protected
Term
privacy
Definition
personal info is collected and used only w/ regulatory requirements and is protected
Term
Processing Integrity
Definition
data is processed carefully, completely and in a timely manner
Term
availibity
Definition
info is available to meet operational and contractual obligations
Term
Three fundamental security concepts
Definition
1) security is a management issue not technological
2) Time based model of security P>C+D
3) Defense in Depth
Term
Preventative Controls
Definition
Training
Authenication
Authorization
Physical Controls
Network Access/ Perimeter controls
device and software hardening
Term
Border Router and firewall
Definition
connects IS to internet and controls what info goes in and out of the system
Term
DMZ
Definition
safezone for handling items before they pass into the companies system
Term
Types of Authentication
Definition
Access restrictions
passwords
devices- smart cards iD badges
bio metrics- fingerprints
multifactor- combination of 2 or more
Device specific authentication
Term
Types of Authorization
Definition
Restrict access within the system
Segregation of Duties
Term
Symmetric Encryption
Definition
uses same key to encrypt and decrypt
faster but both parties need to know the secret key
Term
Asymmetric Encryption
Definition
Public and Private key
both and encrypt but only private can decrypt
allows for open sharing of public key
Term
Certificate Authority
Definition
creates digital certificate which grants access to info
Term
Public Key Infastructure
Definition
system of issuing pairs of public and private keys and corresponding digital certificates
Term
Hashing
Definition
taking plain text and converting it into code
Term
digital certificates
Definition
electronic document created and digitally signed by trusted third party, certifies identity
Term
Three items sent in Bid Package
Definition
Bid w/ symmetric key
Hash of Bid w/ NW private key
Symmetric Key w/ US public key
Term
Hash creating software
Definition
SHA-256
Term
Types of Detective Controls
Definition
Log Analysis
Intrusion detection systems
reporting to management
security testing
Term
Log Analysis
Definition
monitor activity and take corrective actions
must be timely
Term
Types of Security testing
Definition
vulnerabilities scans
war dialing
penetration tests
Term
Vulnerabilities test
Definition
looks for weaknesses, identifies unused and unnecessary programming
Term
War dialing
Definition
calling thousands of modems and looking for an idle one to take over and gain access
Term
penetration tests
Definition
authorized attempt to break into system
Term
Types of Corrective controls
Definition
computer emergency response teams
CIO
Patch maangement
Term
Confidentiality
Definition
proprietary info of the company
internal policy protection
Term
Privacy
Definition
customer or 3rd party sensitive data
legal requirments to protect
Term
Ways to protect info and data
Definition
Policies and Procedures
Categorize all data
Authentication and Authorization
Encrypt stored and transmitted data
Remove/ Disguise private data
Make info confidential/ restricted
Data loss prevention software
Restrict Physical Access
Proper Disposal
Term
Additional Privacy Considerations
Definition
Understand legal requirements
choice and consent
disclosure of violations
restitution for damages
Term
Input controls
Definition
use as many checks and validations as possible
dont use paper
use real-time data entry
Term
Batch processing input controls
Definition
sequence check
batch totals
error logs
Term
Real time data entry controls
Definition
automatic entry data
prompting
preformatting
closed loop verification
transaction logs
error messages
Term
Processing Controls
Definition
Data matching
file labels
recalculate batch totals
crossfoot balance
write-protection mechanisms
concurrent update controls
Term
Output controls
Definition
user review
reconciliation procedures
external data reconciliation
Term
Threats to availability
Definition
hardware and software failures
disasters
human error
worms and viruses
DOS attacks and other sabotage
Term
Disaster Recovery Systems
Definition
data backup procedures
provisions for access to replacement infrastructure
thorough documentation
periodic testing and training
adequate insurance
Supporting users have an ad free experience!