Shared Flashcard Set

Details

Chapter 16_Notes
General IT Controls Part 2: Security and Access
8
Accounting
Undergraduate 4
05/01/2017

Additional Accounting Flashcards

 


 

Cards

Term
What is an Operating System?
Definition
It is the computer's control program. It allows users and their applications to share and access common computer resources, such as processors, main memory, databases, and printers. Because the operating system is common to all users, the larger the computer facility, the greater the scale of potential damage.
Term
The Operating System performs 3 main tasks:
Definition
  1. It translates high-level languages, such as COBOL, C++, BASIC, and SQL, into the machine-level langauage that the computer can execute.
  2. The operating system allocates computer resources to users, workgroups, and applications. 
  3. The Operating System manages the tasks of job scheduling and multiprogramming. 
Term
What are the 5 fundamental Controls in an OS?
Definition
  1. To protect itself from users
  2. Protect users from each other
  3. Protect users from themselves 
  4. Be protected from itself.
  5. Be protected from its enviornment. 
Term
Operating System Security?
Definition
Involves policies, procedures, and controls that determine who can access the operating system, which resources (files, programs, printers) they can access, and hwat actions they can take.
Term
What security components are found in secure Operating Systems:
Definition
  1. Log-On Procedures
  2. Access Token
  3. Access Control List
  4. Discretionary Access Control
Term
What are 3 primary threats to an OS?
Definition
  1. Pivileged personnel who abuse their authority.
  2. Individuals, both internal and external to the organization, who browse the OS to identify and exploit security flaws.
  3. Individuals who intentionally (or accidentally) insert computer viruses or other forms of destructive programs into the OS. 
Term
What is the Audit Objective relating to Access Privileges?
Definition
The objective of the auditor is to verify that access privileges are granted in a manner that is consistent with the need to separate incompatible functions and is in accordance with the organization's policy.
Term
Audit Procedures for Access Privaleges
Definition
Review or Verify
  • Policies for separating incompatible functions 
  • a sample of user privileges, especially access to data and programs
  • security clearance checks of privileged employees
  • formal acknowledgements to maintain confidentiality of data
  • users' log-on times
Supporting users have an ad free experience!