Shared Flashcard Set

Details

Chapter 8
N/A
30
Accounting
Undergraduate 3
03/03/2012

Additional Accounting Flashcards

 


 

Cards

Term
3 things information management should be?
Definition
effective, available,integrity, reliable
Term
4 Steps for COBIT Framework
Definition
Plan and Organize
Acquire and Implement
Deliver and Support
Monitor and Evaluate
Term
Two foundations of Information Security Trust Services Framework
Definition
1. Security is a Management Issue, not a technology issue
2. Defense in depth
Term
Formula for Security
Definition
P> D + C
Term
Management's Role in IS Security
Definition
create security aware culture, assess and respond to risk, monitor and evaluate
Term
How to mitigate risk?
Definition
prevent, detect, correct
Term
Preventive Control
Definition
Training, User access controls (authorize/authenticate), physical access controls, network access (firewalls), hardening controls
Term
Authentication
Definition
verifies who person is
*use password, biometric, and physical access card; combination of 3 is best
Term
Authorization
Definition
determines what a person can access
Term
Border Router
Definition
connects an organization's information system to the internet
Term
Firewall
Definition
software or hardware used to filter information
Term
Demilitarized Zone
Definition
Separate network that permits controlled access from the internet to selected resources
Term
Intrusion Prevention Systems (IPS)
Definition
monitors patterns in the traffic flow, rather than only inspecting individual packets, to identify and automatically block attacks
Term
Transmission Control Protocol
Definition
specifies the procedures for dividing files and documents into packets to be sent over the Internet and the methods for reassembly of the original document or file at the destination
Term
Internet Protocol
Definition
specifies the structure of those packets and how to route them to the proper destination
Term
Routers
Definition
are designed to read the destination address fields in IP packet headers to decide where to send (route) the packet next
Term
Access Control List
Definition
which packets are allowed entry and which are dropped
Term
Static packet filtering
Definition
border router screens individual IP packets based solely on the contents of the source and destination fields in the IP packet header
Term
Stateful Packet Filtering
Definition
creates and maintains a table in memory that lists all established connections between the organization's computers and the Internet.
Term
Deep Packet Inspection
Definition
process of examining the data contents of a packet
Term
End-point configuration
Definition
disable unnecessary features that may be vulnerable to attack, i.e. servers, printers, workstations
Term
Examples of detective controls
Definition
log analysis, intrusion detection, managerial reports, security testing
Term
Securing remote access
Definition
RADIUS standard method, remote access server passes credentials to RADIUS server which performs compatibility test to authenticate the identity of user. Server has to be in DMZ

Don't let employee use own modem bc of back door hacking
Term
Hardening
Definition
eliminate unnecessary settings and servers
Term
Corrective Controls
Definition
CIRT, CISO, patch management
Term
Hashing
Definition
create digital signature
Term
Pharming
Definition
redirecting traffic to a spoofed web site to obtain confidential information
Term
Most efficient way to generate a digital signature
Definition
encrypting the hash with the sender's private key
Term
Evidence that helps an auditor understand how implemented controls function would be gathered as part of which audit activity?
Definition
Test of Controls
Term
which concurrent audit technique would be most effective and efficient in identifying data entry errors?
Definition
Integrated Test Facility
Supporting users have an ad free experience!