Term
|
Definition
| Conceptualized organization of activities an organization performs to provide value to their customers. |
|
|
Term
|
Definition
| 1. Inbound Logistics 2. Operations Activities 3. Outbound logistics 4. Marketing and sales 5. Service |
|
|
Term
|
Definition
| Receiving, storing, and distributing the materials an organization uses to create the products and services it sells. |
|
|
Term
|
Definition
| Transform inputs into final products or services. |
|
|
Term
|
Definition
| Distribute finished product or service to customers |
|
|
Term
|
Definition
| Help customers buy the products or services the organization provides. |
|
|
Term
|
Definition
| Provide post-sale support to customers |
|
|
Term
|
Definition
| Allow the five primary activities (value chain parts) to be performed effectively and efficiently. |
|
|
Term
| Support Activities Outline |
|
Definition
| 1. Firm Infrastructure 2. Human Resources 3. Technology 4. Purchasing |
|
|
Term
| Firm Infrastructure Activities |
|
Definition
| Accounting, finance, legal and geneal administration activities that allow an organization to function. |
|
|
Term
| Human Resources Activities |
|
Definition
| Recruiting, hiring, training, and providing employee benefits and compensations. |
|
|
Term
|
Definition
| Improve a product or service. |
|
|
Term
|
Definition
| Procure raw materials, supplies, machinery, and the buildings used to carry out the primary activities. |
|
|
Term
|
Definition
| A manufacturing organization interacts with its suppliers and distributors. Value chain is a part of this. |
|
|
Term
| How an AIS can add value to an organization |
|
Definition
| 1. Improving quality & reducing costs 2. Improving efficiency 3. Sharing knowledge 4. improving the efficiency and effectiveness of its supply chain 5. Improving the internal control structure 6. Improving decision making |
|
|
Term
|
Definition
| repetitive, routine, understood well enough to be delegated |
|
|
Term
| semi-structured decisions |
|
Definition
| incomplete decisions need for subjective assessments; can be computer aided |
|
|
Term
|
Definition
| nonrecurring and non-routine, require judgment and intuition. |
|
|
Term
|
Definition
| effective efficient performance of tasks |
|
|
Term
|
Definition
| effective and efficient use or resources |
|
|
Term
|
Definition
| establishing objectives and policies to accomplish objectives. |
|
|
Term
|
Definition
| adding features or services not provided by competitors |
|
|
Term
|
Definition
| be the most efficient producer |
|
|
Term
| variety-based strategic position |
|
Definition
| providing a subset of the industry ex. Jiffy Lube only oil changes |
|
|
Term
| needs-based strategic position |
|
Definition
| trying to serve most or all of the needs of a particular group ex. AARP tries to get all retirees |
|
|
Term
| access-based strategic position |
|
Definition
| serving a subset of customers who are different ex. Edward Jones only operates in small towns |
|
|
Term
|
Definition
| the system is greater than the sum of its parts |
|
|
Term
|
Definition
| use data and algorithms to forecast future events |
|
|
Term
|
Definition
| benefit produced by the information minus the cost of producing it |
|
|
Term
| MAJOR BENEFITS OF INFORMATION: |
|
Definition
| 1. Reduction of uncertainty 2. Improved decisions 3. Better ability to plan activities |
|
|
Term
|
Definition
| required by a governmental entity |
|
|
Term
|
Definition
| required to conduct business with external parties |
|
|
Term
|
Definition
| an agreement between two entities to exchange goods or services |
|
|
Term
| business or transactional processing |
|
Definition
| system which captures transactions and outputs financial statements |
|
|
Term
| Transactional Processing Outline |
|
Definition
| 1. Revenue cycle 2. Expenditure cycle 3. Production cycle 4. Human resources/Payroll cycle 5. Financing cycle |
|
|
Term
|
Definition
| goods and services sold for cash or promise |
|
|
Term
|
Definition
| purchase inventory for resale or production of products for cash or promise |
|
|
Term
|
Definition
| raw materials transformed into finished goods |
|
|
Term
| human resources/ payroll cycle |
|
Definition
| employees are hired, trained, compensated, evaluated, promoted, and terminated. |
|
|
Term
|
Definition
| companies sell shares to investors, borrow money, investors are paid dividends, interests paid on loans |
|
|
Term
| General ledger and reporting system |
|
Definition
| show how transaction processes relate and interface and collects info from each for management and external parties |
|
|
Term
|
Definition
| operations performed on data to generate meaningful and relevant information |
|
|
Term
|
Definition
| records of company data sent to external party and returned as input |
|
|
Term
|
Definition
| devices that capture transaction data in machine-readable form at the time and place of origin |
|
|
Term
|
Definition
| summary-level data for every asset, liability, equity, revenue, and expense account |
|
|
Term
|
Definition
| all detailed data for any general ledger account that has many individual subaccounts |
|
|
Term
|
Definition
| general ledger account corresponding to a subsidiary ledger |
|
|
Term
|
Definition
| Systematic assignment of numbers or letters to items to classify and organize them |
|
|
Term
|
Definition
| items are numbered consecutively to ensure there will be no gaps in the sequence |
|
|
Term
|
Definition
| blocks of number within a numerical sequence are reserved for categories having meaning to the user |
|
|
Term
|
Definition
| Used in conjunction with block code - two or more subgroups of digits are used to code the item |
|
|
Term
|
Definition
| list of all general ledger accounts an organization uses |
|
|
Term
|
Definition
| used to record infrequent or non routine transactions |
|
|
Term
|
Definition
| used to record repetitive transitions: credit sales. cash receipts, etc |
|
|
Term
|
Definition
| the posting of reference and document numbers |
|
|
Term
|
Definition
| characteristics of interest |
|
|
Term
|
Definition
| something about which information is stored |
|
|
Term
|
Definition
| physical space a data value is stored |
|
|
Term
|
Definition
| set of fields containing data about various attributes of the same entity |
|
|
Term
|
Definition
|
|
Term
|
Definition
| related records are grouped |
|
|
Term
|
Definition
| store cumulative information about an origination's resources and the agents whom it interacts - permament |
|
|
Term
|
Definition
| contain records for individual business transactions that occur during a specific fiscal period |
|
|
Term
|
Definition
| set of interrelated, centrally coordinated files |
|
|
Term
|
Definition
| periodic updating of data |
|
|
Term
| online, real-time processing |
|
Definition
| update data as transaction occurs |
|
|
Term
| Enterprise resource planning (ERP) system |
|
Definition
| designed to overcome problems as they relate to aspects of a company's operations within its traditional AIS |
|
|
Term
|
Definition
| The narratives, flowcharts, diagrams, and other written materials that explain how a system works. |
|
|
Term
|
Definition
| A written step-by-step explanation of system components and interactions. |
|
|
Term
|
Definition
| A graphical description of the source and destination of data that shows data flow within an organization, the processes performed on the data, and how data are stored. |
|
|
Term
|
Definition
| A graphical description of the flow of documents and information between departments or areas of responsibility within an organization. |
|
|
Term
|
Definition
| A graphical description of the relationship among the input, processing, and output in an information system. |
|
|
Term
|
Definition
| A graphical description of the sequence of logical operations that a computer performs as it executes a program. |
|
|
Term
|
Definition
| Represents the flow of data between processes, data stores, and data sources and destinations. |
|
|
Term
|
Definition
| Represent the transformation of data. |
|
|
Term
|
Definition
| A temporary or permanent repository of data. |
|
|
Term
|
Definition
| Provides the reader with a summary-level view of a system. |
|
|
Term
|
Definition
| An Analytical technique used to describe some aspect of an information system in a clear, concise, and logical manner. |
|
|
Term
|
Definition
| Early flowchart supplies - hard plastic template (diecut) |
|
|
Term
| Internal Control Flowcharts |
|
Definition
| Document flowcharts that describe and evaluate internal controls. |
|
|
Term
|
Definition
| Devices or media that provide input to or record output from processing operations. |
|
|
Term
|
Definition
| Either shows what type of device is used to process data or indicate when processing is performed manually. |
|
|
Term
|
Definition
| Device used to store data that the system is not currently using. |
|
|
Term
|
Definition
| Indicate the flow of data and goods. May also include where data begins/ends, where decisions are made, and when to add explanatory flowcharts. |
|
|
Term
|
Definition
| Data that web sites store on your computer to identify their web sites to your computer and to identify you to the web site so you don't have to log on each time you visit the site. |
|
|
Term
|
Definition
| Intent to destroy or harm a system or some of its components. |
|
|
Term
|
Definition
| Gaining an unfair advantage over another person. |
|
|
Term
|
Definition
|
|
Term
| Misappropriation of Assets |
|
Definition
| Employee fraud, or the theft of company assets. |
|
|
Term
| Fraudulent Financial Reporting |
|
Definition
| Intentional or reckless conduct, whether by act or omission, that results in materially misleading financial statements. |
|
|
Term
|
Definition
| A person's incentive or motivation for committing fraud. |
|
|
Term
|
Definition
| The condition or situation that allows a person or organization to: commit fraud, conceal fraud, and convert the fraud to personal gain. |
|
|
Term
|
Definition
| When a perpetrator steals the cash or check that is sent in by one customer, then covers it with funds from the next payment received, etc. |
|
|
Term
|
Definition
| A perpetrator creates cash by taking advantage of the timing lag between depositing a check and the check clearing the bank. |
|
|
Term
|
Definition
| Any illegal act for which knowledge of computer technology is essential for its perpetration, investigation, or prosecution. |
|
|
Term
|
Definition
| Gaining control of someone else's computer to carry out illicit activities without the user's knowledge. |
|
|
Term
|
Definition
| When an attacker sends a recipient so many email bombs, or so many requests for a web page that the destination server crashes. |
|
|
Term
|
Definition
| E-mailing or text messaging the same unsolicited message to many people at the same time, often to try to sell something. |
|
|
Term
|
Definition
| Using special software to guess addresses. |
|
|
Term
|
Definition
| Making an email look as if someone else sent it. |
|
|
Term
|
Definition
| An attack between the time a new vulnerability is discovered and the software developers and security vendors release a patch. |
|
|
Term
|
Definition
| Penetrating a system's defenses, stealing the file containing valid passwords, dectypting them, and using them to gain access. |
|
|
Term
| Masquerading or Impersonation |
|
Definition
| Gaining access to the system by pretending to be an authorized user. |
|
|
Term
|
Definition
| Changing data before, during, or after it is entered into the system to delete, alter, add, or incorrectly update key system data. |
|
|
Term
|
Definition
| The unauthorized copying of company data. |
|
|
Term
|
Definition
| Stealing money a slice at a time from many accounts, which are deposited into a single dummy account. |
|
|
Term
|
Definition
| All interest calculations are truncated at two decimal places and excess decimals put into an account that the perpetrator controls. |
|
|
Term
|
Definition
| Attacking phone systems to obtain free phone line access. |
|
|
Term
|
Definition
| The theft of information, trade secrets, and intellectual property. |
|
|
Term
|
Definition
| Threatening to harm a company if it does not pay a specified amount of money. |
|
|
Term
|
Definition
| When hackers use the internet to disrupt electronic commerce and to destroy company and individual communications. |
|
|
Term
|
Definition
| Using the internet to spread false or misleading information about people or companies. |
|
|
Term
|
Definition
| Intentionally clicking on ads numerous times to inflate advertising bills. |
|
|
Term
|
Definition
| Copying software without the publisher's permission. |
|
|
Term
|
Definition
| Techniques used to obtain confidential information, often by tricking people. |
|
|
Term
|
Definition
| Assuming someone's identity, usually for economic gain, by illegally obtaining and using confidential information, such as a Social Security, bank account, or credit card number. |
|
|
Term
|
Definition
| Acting under false pretenses to gain confidential information. |
|
|
Term
|
Definition
| Creating a seemingly legitimate business, collecting personal information while making a sale, and never delivering a product. |
|
|
Term
|
Definition
| Sending an email, instant message, or text message pretending to be a legitimate company and requesting information. |
|
|
Term
|
Definition
| Voice phishing, or phishing involving calling a phone number. |
|
|
Term
|
Definition
| Stolen credit card numbers that are bought and sold. |
|
|
Term
|
Definition
| Redirecting a site's traffic to a bogus web site, usually to gain access to personal and confidential information. |
|
|
Term
|
Definition
| When a hacker sets up a wireless network witht he same name as the wireless access point at a local hot spot to monitor its traffic. |
|
|
Term
|
Definition
| URL hijacking - setting up web sites with names very similar to real web sites so that typos in URLs will result in reaching a different site - often with fraudulent intentions. |
|
|
Term
| Scavenging or Dumpster Diving |
|
Definition
| Gaining access to confidential information by searching corporate or personal records. |
|
|
Term
|
Definition
| Watching or listening to people give out confidential information. |
|
|
Term
|
Definition
| Double-swiping a credit card in a legitimate terminal or swiping a card in a small, hidden card reader that records credit card data for later use. |
|
|
Term
|
Definition
| Posing as a service engineer and planting a small chip in a legitimate credit card reader. |
|
|
Term
|
Definition
| Observing private communications or transmissions of data. |
|
|
Term
|
Definition
| Any software that can be used to do harm. |
|
|
Term
|
Definition
| Secretly collects personal information about users and sends it to someone else without the user's permission. |
|
|
Term
|
Definition
| A type of spyware that causes banner ads to pop up as a user surfs the net. |
|
|
Term
|
Definition
| Software that destroys competing malware. |
|
|
Term
|
Definition
| Records computer activity, such as a user's keystrokes, emails, sites visited, and chat session. |
|
|
Term
|
Definition
| A set of malicious computer instructions in an authorized and otherwise properly functioning program. |
|
|
Term
|
Definition
| Trojan horses that lie idle until triggered by a specified time or circumstance. |
|
|
Term
|
Definition
| A way into a system that bypasses normal system controls. |
|
|
Term
|
Definition
| Programs that capture data from information packets as they travel over the internet or company networks. |
|
|
Term
|
Definition
| Hides data from one file inside a host file. |
|
|
Term
|
Definition
| Software that conceals processes, files, network connections, memory addresses, systems utility programs, and system data from the operating system. |
|
|
Term
|
Definition
| The unauthorized use of special system programs to bypass regular system controls and perform illegal acts, all without leaving an audit trail. |
|
|
Term
|
Definition
| A segment of self-replicating, executable code that attaches itself to a file or program. |
|
|
Term
|
Definition
| Stealing contact lists, images, and other data from other devices using Bluetooth. |
|
|
Term
|
Definition
| Taking control of someone else's phone to make calls or send text messages, or to monitor communications. |
|
|
Term
|
Definition
| Self-replicating computer program similar to a virus except that it is stand-alone, doesn't require a user input to replicate, and it harms networks (usually by consuming bandwidth). |
|
|
Term
|
Definition
| Any potential adverse occurrence or unwanted event that could be injurious to either the AIS or the organization. |
|
|
Term
|
Definition
| The potential dollar loss should a particular threat become a reality. |
|
|
Term
|
Definition
| The probability that the threat will become a reality. |
|
|
Term
|
Definition
| The process implemented by the board of directors, management, and those under their direction to try to accomplish the following objectives: Safeguard assets, maintain records, provide accurate information, prepare statements in accordance with GAAP, operate efficiently, adhere to prescribed managerial policies, and comply with laws & regulations. |
|
|
Term
|
Definition
| Controls that deter problems before they arise. |
|
|
Term
|
Definition
| Controls that discover problems as soon as they arise. |
|
|
Term
|
Definition
| Controls that remedy control problems that have been discovered. |
|
|
Term
|
Definition
| Help make sure an organization's control environment is stable and well-managed. |
|
|
Term
|
Definition
| Prevent, detect, and correct transaction errors and fraud. |
|
|
Term
| Foreign Corrupt Practices Act |
|
Definition
| An act passed to prevent the bribery of foreign officials in order to obtain business. |
|
|
Term
|
Definition
| Applies to publicly held companies and their auditors and was intended to prevent financial statement fraud, make financial reports more transparent, provide protection to investors, strengthen the internal controls at public companies, and punish executives who perpetrate fraud. |
|
|
Term
|
Definition
| Helps employees act ethically by setting limits beyond which an employee must not pass. |
|
|
Term
| Diagnostic Control System |
|
Definition
| Measures company progress by comparing actual performance to planned performance. |
|
|
Term
| Interactive Control System |
|
Definition
| Helps top-level managers with high-level activities that demand frequent and regular attention. |
|
|
Term
| COBIT Framework (Control Objectives for Information and Related Technology) |
|
Definition
| A framework of generally applicable information systems security and control practices for IT control. |
|
|
Term
| COSO (Committee of Sponsoring Organizations) |
|
Definition
| A private-sector group consisting of the American Accounting Association, the AICPA, the Institute of Internal Auditors, the Institute of Management Accountants, and the Financial Executives Institute. |
|
|
Term
| Internal Control?ÇöIntegrated Framework |
|
Definition
| Defines internal controls and provides guidance for evaluating and enhancing internal control systems. |
|
|
Term
| Enterprise Risk Management?ÇöIntegrated Framework (ERM) |
|
Definition
| Expands on the elements of the internal control integrated framework and provides an all-encompassing focus on the broader subject of enterprise risk management. |
|
|
Term
|
Definition
| High-level goals that are aligned with and support the company's mission. |
|
|
Term
|
Definition
| Deal with the effectiveness and efficiency of company operations. |
|
|
Term
|
Definition
| Help ensure the accuracy, completeness, and reliability of internal and external company reports, of both a financial and nonfinancial nature. |
|
|
Term
|
Definition
| Help the company comply with all applicable laws and regulations. |
|
|
Term
|
Definition
| The most important component of the ERM and internal control frameworks - it influences how organizations establish strategies and objectives, structure business activities, and identify and respond to risk. |
|
|
Term
|
Definition
| The amount of risk a company is willing to accept in order to achieve its goals and objectives. |
|
|
Term
| Policy and Procedures Manual |
|
Definition
| Explains proper business practices, describes the knowledge and experience needed by key personnel, spells out management policy for handling specific transactions, and documents the systems and procedures employed to process those transactions. |
|
|
Term
|
Definition
| Includes verifying educational and work experience, talking to references, checking for a criminal record, and checking credit records. |
|
|
Term
|
Definition
| An incident or occurrence emanating from internal or external sources that affects implementation of strategy or achievement of objectives. |
|
|
Term
|
Definition
| The risk that exists before management takes any steps to control the likelihood or impact of risk. |
|
|
Term
|
Definition
| The risk that remains after management implements internal controls, or some other response to risk. |
|
|
Term
|
Definition
| Expected loss = Impact ?ù Likelihood |
|
|
Term
|
Definition
| Policies, procedures, and rules that provide reasonable assurance that management's control objectives are met and the risk responses are carried out. |
|
|
Term
|
Definition
| Empowerment to perform policies established by management. |
|
|
Term
|
Definition
| A means of signing a document with a piece of data that cannot (or, rather, can only with difficulty) be forged. |
|
|
Term
|
Definition
| Authorization to handle routine transactions without special approval. |
|
|
Term
|
Definition
| Authorization that requires special review and approval. |
|
|
Term
|
Definition
| Fraud where two or more people override the preventive aspect of the internal control system. |
|
|
Term
|
Definition
| Responsible for ensuring that the different parts of an information system operate smoothly and efficiently. |
|
|
Term
|
Definition
| Ensure that all applicable devices are linked to the organization's internal and external networks and that the networks operate continuously and properly. |
|
|
Term
|
Definition
| Ensures that all aspects of the system are secure and protected from all internal and external threats. |
|
|
Term
|
Definition
| Help users determine their information needs and then design an information system to meet those needs. |
|
|
Term
|
Definition
| Take the design provided by systems analysts and create an information system by writing the computer programs. |
|
|
Term
|
Definition
| Run the software on the company's computers. |
|
|
Term
| Information System Library |
|
Definition
| Corporate databases, files, and programs in a separate storage area. |
|
|
Term
|
Definition
| Ensures that source data have been properly approved, monitors the flow of work through the computer, reconciles input and output, maintains a record of input errors to ensure their correction and resubmission, and distributes systems throughout. |
|
|
Term
|
Definition
| Shows the projects that must be completed to achieve long-range company goals and addresses the company's hardware, software, personnel, and infrastructure requirements. |
|
|
Term
|
Definition
| Shows how a project will be compoleted, including the modules or tasks to be performed and who will perform them, the dates they should be completed, and project costs. |
|
|
Term
|
Definition
| Significant points when progess is reviewed and actual and estimated completion times are compared. |
|
|
Term
|
Definition
| Format for data processing tasks. |
|
|
Term
|
Definition
| Guides and oversees systems development and acquisition. |
|
|
Term
|
Definition
|
|
Term
|
Definition
| Percentage of time the system is being productively used. |
|
|
Term
|
Definition
| How long it takes the system to respond. |
|
|
Term
| Post-implementation review |
|
Definition
| Determines if the anticipated benefits were achieved. |
|
|
Term
|
Definition
| A vendor who uses common standards and manages a cooperative systems development effort involving its own development personnel and those of the client and other vendors. |
|
|
Term
|
Definition
| The process of making sure changes to not negatively affect systems reliability security, confidentiality, integrity, and availability. |
|
|
Term
|
Definition
| An examination of the relationships between different sets of data. |
|
|
Term
|
Definition
| When individual company transactions can be traced through the system from where they originate to where they end up on the financial statements. |
|
|
Term
| Company Security Officer (CSO) |
|
Definition
| In charge of AIS security and should be independent of the information system function and report to the chief operating officer or the CEO. |
|
|
Term
| Chief Compliance Officer (CCO) |
|
Definition
| Officer in charge of ensuring that a company meets SOX and other compliance. |
|
|
Term
|
Definition
| Specialize in fraud detection and investigation. |
|
|
Term
| Computer Forensic Specialists |
|
Definition
| Discover, safeguard, and document computer evidence such that its authenticity, accuracy, and integrity will not succumb to legal challenges. |
|
|
Term
|
Definition
| Programs that mimic the brain and have learning capabilities. |
|
|
Term
| Time-based model of security |
|
Definition
| relationship between preventive, detective, and corrective controls such that P > D + C |
|
|
Term
|
Definition
| employ multiple layers of controls in order to avoid having a single point of failure |
|
|
Term
|
Definition
| verify the identity of the individual |
|
|
Term
|
Definition
|
|
Term
| multifactor authentication |
|
Definition
| any combo of the three basic authentication methods (know, have, biometrics) |
|
|
Term
|
Definition
| restricts access of authenticated users to specific portions of system |
|
|
Term
|
Definition
| table specifying which portions of the system users are permitted to access |
|
|
Term
|
Definition
| matches the user's authentication credentials against the access control matrix |
|
|
Term
|
Definition
| deception to obtain unauthorized access to infomration resources |
|
|
Term
|
Definition
| connects information system to the internet - lets in all traffic that is not obviously false. |
|
|
Term
|
Definition
| filters which information is allowed to enter and leave the organizations information system - only lets in traffic that is explicitly valid. |
|
|
Term
|
Definition
| separate network that permits controlled access from the internet to selected resources. |
|
|
Term
| (TCP) Transmission control protocol |
|
Definition
| specifies the procedures for dividing files and documents into packets |
|
|
Term
|
Definition
| specifies the structure of those packets and how to route them to the proper destination |
|
|
Term
|
Definition
| reads destination address fields in IP packet headers and sends the packet on towards its destination |
|
|
Term
|
Definition
| determines which packets are allowed entry and which packets are not |
|
|
Term
|
Definition
| screens IP packets based on source/destination fields in IP packet header |
|
|
Term
|
Definition
| Packets are opened inspected internally instead of only being examined by header |
|
|
Term
| intrusion prevention systems (IPS) |
|
Definition
| System that drops packets that are part of an attack. Looks for signatures, patterns of attacks, normal traffic profiling, and packet standars to prevent unwanted packets from being routed to system. |
|
|
Term
| dial-in user service (RADIUS) |
|
Definition
| Dial-users connect to a Remote Access Server and enter in ther log-in credentials, this information is then passed to the RADIUS Server which perfoms tests to verify the identity of the user. |
|
|
Term
|
Definition
| dialing every number associated with the business to see if they are attached to a modem. |
|
|
Term
|
Definition
| Workstations, printers, mobile devices, ect... |
|
|
Term
|
Definition
| Errors or bugs in code that allow outside parties to gain a measure of control over the system. |
|
|
Term
|
Definition
| The process of turning off unnecessary features to reduce potential security threats |
|
|
Term
|
Definition
| The process of turning normal text into unreadable gibberish called cyphertext using an encryption key and an encryption algorythmn |
|
|
Term
|
Definition
|
|
Term
|
Definition
| Total gibberish created by encryption |
|
|
Term
|
Definition
| The process of turning cyphertext into plaintext using the encryption key and a decryption algorythmn |
|
|
Term
|
Definition
| process by which involves making copies of all encryption keys used by employees and storing them securely. less desirable because now the company has protect the real keys, and the copies of those keys. |
|
|
Term
| symmetic encryption systems |
|
Definition
| Same key is used to encrypt and decrypt |
|
|
Term
| asymmetric encryption systems |
|
Definition
| Public Key and Private Key are used. The public is made available to everyone and the private is kept secret and known only to the owner of the pair of keys. Either one can be used to encrypt but the only the other can decrypt the cyphertext |
|
|
Term
|
Definition
|
|
Term
|
Definition
| key that is kept secret and only known to the owner of the pair of keys. |
|
|
Term
|
Definition
| a process that takes plaintext of any length and transforms it into a short code called hash. Ex.. SHA 256 takes plaintext and turns it into a 256 bit hash, no matter how big the file is. No way to convert this back to plaintext. |
|
|
Term
|
Definition
| short code that is generated by hashing |
|
|
Term
|
Definition
| information encrypted by the creator's private key |
|
|
Term
|
Definition
| An electronic document created and digitally signed by a trusted third party that certifies the identity of the owner of a public key. |
|
|
Term
| (PKI) public key infastructure |
|
Definition
| the system and processes used to issue and manage asymmetric keys and digital certificates |
|
|
Term
|
Definition
| the organization that issues the keys and record the public key in a digital certificate |
|
|
Term
|
Definition
| cursive style imprint of a person's name that is applied to an electronic document. Provided by a third party company and is a valid legal signature. |
|
|
Term
|
Definition
| Process of examining logs to monitor security |
|
|
Term
| intrusion detection systems (IDS) |
|
Definition
| creates logs of network traffic and analyzes for signs of intrusion. |
|
|
Term
|
Definition
| use automated tools to identify whether a given system possesses any well-known vulnerabilities. |
|
|
Term
|
Definition
| an authorized attempt to break into an information system. |
|
|
Term
| computer emergency response team (CERT) |
|
Definition
| a team composed of IT professionals and senior management who deal with major incidents. |
|
|
Term
|
Definition
| a set of instructions for taking advantage of a vulnerability. |
|
|
Term
|
Definition
| code released by the software company that fixes a particular vulnerability. |
|
|
Term
|
Definition
| the process of regularly applying patches and updates to all software used by the organization. |
|
|
Term
| VPN (Virtual Private Network) |
|
Definition
| A connection that provides the functionality of a privately owned network while using the internet. |
|
|
Term
|
Definition
| A text file created by a web site and stored on a visitor's hard disk. |
|
|
Term
|
Definition
| Determines if the characters in a field are of the proper type. |
|
|
Term
|
Definition
| Determines if the data in a field have the appropriate arithmetic sign. |
|
|
Term
|
Definition
| Tests a numerical amount to ensure that it does not exceed a predetermined value. |
|
|
Term
|
Definition
| Similar to a limit check, but with both upper and lower limits. |
|
|
Term
|
Definition
| Ensures that the input data will fit into the assigned field. |
|
|
Term
|
Definition
| Determines if all required data items have been entered. |
|
|
Term
|
Definition
| Compares the ID code or account number in transaction data with similar data in the master file to verify that the account exists. |
|
|
Term
|
Definition
| Determines the correctness of the logical relationship between two data items. |
|
|
Term
|
Definition
| A digit computed from the other digits in a number (i.e. an ID number, or credit card number) |
|
|
Term
|
Definition
| Verifying that the check digit matches what it should. |
|
|
Term
|
Definition
| Tests if a batch of input data is in the proper numerical or alphabetical sequence. |
|
|
Term
|
Definition
| Summaries of key values for a batch of input records. |
|
|
Term
|
Definition
| Sums a field that contains dollar values, such as the dollar amount of all sales for a batch of sales transactions. |
|
|
Term
|
Definition
| Sums a nonfinancial numeric field, such as the total of the quantity ordered field in a batch of sales transactions. |
|
|
Term
|
Definition
| Sums the number of records in a batch. |
|
|
Term
|
Definition
| When the system requests each input data item and waits for an acceptable response. |
|
|
Term
|
Definition
| When the system displays a document with highlighted blank spaces and waits for the data to be entered. |
|
|
Term
|
Definition
| Checks the accuracy of input data by using it to retrieve and display other related information. |
|
|
Term
|
Definition
| A log that includes a detailed record of all transaction data. |
|
|
Term
|
Definition
| Contains the file name, expiration date, and other identification data at the beginning of a file. |
|
|
Term
|
Definition
| Contains the batch totals calculated during input, located at the end of a file. |
|
|
Term
|
Definition
| An error in which two adjacent digits were inadvertently reversed. |
|
|
Term
| Cross-footing Balance Test |
|
Definition
| Compares the results produced by both summing columns and rows. |
|
|
Term
|
Definition
| Checks that accounts that should be zeroed out are in fact zeroed out. |
|
|
Term
| Concurrent Update Controls |
|
Definition
| Protect records from errors that occur when two or more users attempt to update the same record simultaneously. |
|
|
Term
|
Definition
| An extra digit added to every character to help ensure the correct transmission of data. |
|
|
Term
|
Definition
| Verifying that there are the proper number of bits set to the value 1 in each character received. |
|
|
Term
|
Definition
| When the sending and receiving systems perform the same check and compare to verify accuracy. |
|
|
Term
|
Definition
| Enabling a system to continue functioning in the event that a particular component fails. |
|
|
Term
| Uninterruptible Power Supply (UPS) |
|
Definition
| Provides protection in the event of a prolonged power outage, using battery power to enable the system to operate lone enough to back up critical data and safely shut down. |
|
|
Term
|
Definition
| An exact copy of the most current version of a database, file, or software program. |
|
|
Term
|
Definition
| The process of installing the backup copy for use. |
|
|
Term
|
Definition
| Copying only the data items that have changed since the last backup. |
|
|
Term
|
Definition
| Copies all changes made since the last full backup. |
|
|
Term
| Recovery Point Objective (RPO) |
|
Definition
| Represents the maximum length of time for which a company is wiling to risk the possible loss of transaction details. |
|
|
Term
|
Definition
| Maintaining two copies of the database at two separate data centers at all times and updating both copies in real-time as each transaction occurs. |
|
|
Term
|
Definition
| A copy of the database at a point in time. |
|
|
Term
|
Definition
| A copy of a database, master file, or software that will be retained indefinitely as an historical record, usually to satisfy legal and regulatory requirements. |
|
|
Term
| Recovery Time Objective (RTO) |
|
Definition
| Represents the time following a disaster by which the organization's information system must be available again. |
|
|
Term
|
Definition
| An empty building that is prewired for necessary telephone and internet access, plus a contract with one or more vendors to provide all necessary computer and other office equipment within a specified period of time. |
|
|
Term
|
Definition
| A facility that is not only prewired for telephone and internet access but also contains all the computing and office equipment the organization needs to perform its essential business activities. |
|
|
Term
|
Definition
| A systematic process of objectively obtaining and evaluating evidence regarding assertions about economic actions to ascertain the degree of correspondence between those assertions and established criteria and communicating the results to interested users. |
|
|
Term
|
Definition
| Examines the reliability and integrity of accounting records and correlates with the first of the five scope standards. |
|
|
Term
| Information Systems/Internal Control Audit |
|
Definition
| Reviews the controls of an AIS to assess its compliance with internal control policies and procedures and its effectiveness in safeguarding assets. Its scope roughly corresponds to the IIA's second and third standards. |
|
|
Term
| Operational/Management Audit |
|
Definition
| Concerned with the economical and efficient use of resources and the accomplishment of established goals and objectives. Its scope corresponds to the fourth and fifth standards. |
|
|
Term
|
Definition
| The susceptibility to material risk in the absence of controls. |
|
|
Term
|
Definition
| The risk that a material misstatement will get through the internal control structure and into the financial statements. |
|
|
Term
|
Definition
| The risk that auditors and their audit procedures will not detect a material error or misstatement. |
|
|
Term
|
Definition
| What is and is not important in a given set of circumstances. |
|
|
Term
|
Definition
| A reasonable assurance that no material error exists in the information or process audited. |
|
|
Term
|
Definition
| Reviewing system documentation and interviewing appropriate personnel to determine if the necessary procedures are in place. |
|
|
Term
|
Definition
| Determine if procedures are satisfactorily followed. |
|
|
Term
|
Definition
| Procedures that compensate for a control deficiency. |
|
|
Term
|
Definition
| Using a verified copy of the source code to reprocess data and compare its output with the company's actual output. |
|
|
Term
|
Definition
| An auditor writes a program to compare with the company's results to verify the correctness of data. |
|
|
Term
| Test Data Generator Program |
|
Definition
| Automatically prepares test data based on program specifications. |
|
|
Term
| Concurrent Audit Techniques |
|
Definition
| Continually monitor the system and collect audit evidence while live data are processed during regular operating hours. |
|
|
Term
|
Definition
| Segments of program code that perform audit functions. |
|
|
Term
| Integrated Test Facility (ITF) |
|
Definition
| Places a small set of fictitious records in the master files. |
|
|
Term
|
Definition
| Examines the way transactions are processed. Audit modules track selected transactions and their master file records before and after processing. |
|
|
Term
| System Control Audit Review File (SCARF) |
|
Definition
| Uses embedded audit modules to continuously monitor transaction activity and collect data on transactions with special audit significance. |
|
|
Term
|
Definition
| A log containing transactions generated by SCARF, containing transactions with special audit significance. |
|
|
Term
|
Definition
| Audit routines that flag suspicious transactions. |
|
|
Term
|
Definition
| When audit hooks are used and auditors are informed of questionable transactions as they occur. |
|
|
Term
| Automated Flowcharting Programs |
|
Definition
| Interpret program source code and generate a corresponding program flowchart. |
|
|
Term
| Automated Decision Table Programs |
|
Definition
| Generate a decision table representing the program logic. |
|
|
Term
|
Definition
| Search a program for occurrences of a specified variable name or other character combinations. |
|
|
Term
|
Definition
| Identify unexecuted program code. |
|
|
Term
|
Definition
| Sequentialliy prints all application program steps executed during a program run. |
|
|
Term
|
Definition
| Documents the review of source data controls. It shows the control procedures applied to each field of an input record. |
|
|
Term
| Information Systems Audits Objectives |
|
Definition
| Overall security, Program development and acquisition, Program modification, Computer processing, Source data, Data files |
|
|
Term
| Computer Audit Software (CAS) / Generalized Audit Software (GAS) |
|
Definition
| Software written especially for auditors that generates programs that perform the audit functions. |
|
|
