Search for notes by fellow students, in your own course and all over the country.
Browse our notes for titles which look like what you need, you can preview any of the notes via a sample of the contents. After you're happy these are the notes you're after simply pop them into your shopping cart.
Document Preview
Extracts from the notes are below, to see the PDF you'll receive please use the links above
Chapter 7
Compare and contrast the COBIT, COSO, and ERM control frameworks
...
- To improve the risk management process and help with uncertainty
Explain why the Foreign Corrupt Practices Act was important to accountants
...
- Influences how organizations establish strategies and objectives
...
- Communicate information through the audit trail which allows detailed
transactions to be traced
- Can monitor control processes by conducting periodic audits, install fraud
detection software, monitor system activities
Explain how to assess and respond to risk using the Enterprise Risk Management (ERM)
model
...
- Proper authorization of transactions and activities
- Segregation of duties
- Project development and acquisition controls
- Change management controls
- Design and use of documents and records
- Safeguarding assets, records, and data
- Independent checks on performance
Explain why management's philosophy and operating style are considered to be the most
important element of the internal environment
...
- Strategic objectives
o High level goals aligned with the company’s mission
- Operations objectives
o Effectiveness and efficiency of company operations,
- Reporting objectives
o Help ensure the accuracy, completeness, and reliability of company
reports, improve decision making
- Compliance objectives
o Laws and regulations are followed
Describe the events that affect uncertainty and the techniques used to identify them
...
- General- authorization given to employees to handle routine transactions without
special approval
- Specific- special approval an employee needs in order to be allowed to handle a
transaction
Explain how a company could be the victim of fraud, even if ideal segregation of duties
is enforced
...
- Preventive- stop problems before they arise
- Detective- discover problems that are not prevented
- Corrective- identify and correct problems as well as correct and recover from the
resulting errors
Identify three ways users can be authenticated and give an example of each
...
Something they know, ex
...
Something they have ex
...
Something they are ex
...
- At least 8 characters, mix of upper and lower characters, should be random,
changed frequently
Explain social engineering
...
- An authorized attempt to break into the organizations information system
- Often find weaknesses in systems that were believed to be secure
Describe the function of a computer incident response team (CIRT) and the steps that a
CIRT should perform following a security incident
...
- Require visitors to sign in and wear visitors badge
-
-
-
-
-
Require employees to wear photo id badges checked by security guards
Physical locks and keys
Storing documents and electronic media in a fireproof safe or cabinet
Attach and lock laptops to immobile objects
Set screen savers to start after a few minutes of inactivity
Describe what information security process the term hardening refers to
...
- Especially elaborate set of physical access controls
- Special designed rooms that typically contain two doors, each of which uses
multiple authentication methods to control access
- Once through one door the other closes if incorrect credentials are used the person
is stuck in between the doors till security arrives
Explain how information security affects information systems reliability
...
Yet they remain accountable for HIPAA violations
...
- Cell phones and social networking
o Cellphones- GPS capabilities that can be used to track a person’s
movement
o Social networking sites- personal information that people post on social
networking sites may lead to identity theft
What do you think an organization’s duty or responsibility should be to protect the
privacy of its customers’ personal information? Why?
- Managers have an ethical duty to “do no harm” and, therefore, should take
reasonable steps to protect the personal information their company collects from
customers
Assume you have interviewed for a job online and now receive an offer of employment
...
The company sends you a digital
signature along with the contract
...
- Shred all documents that contain personal information
- Never send personal information
- Do not carry your social security card with you
- Immediately cancel any stolen or lost credit cards
- Monitor credit cards regularly
Explain how the two basic types of encryption systems work
...
- Symmetric encryption- use the same key to encrypt and decrypt data
- Three limitations
o Sender and receiver need to know the shared secret key
o Different secret keys must be used with each different communication
party
o There is no way to prove who created a specific document
From the viewpoint of the customer, what are the advantages and disadvantages to the
opt-in versus the opt-out approaches to collecting personal information? From the
viewpoint of the organization desiring to collect such information?
- Viewpoint of customer
o Opt in advantage- you have to request for them to use your information for
3rd party purposes
o Opt out disadvantage- companies collect your info by a set of policies that
there going to conduct no matter what unless you opt out
- Viewpoint of organization
o Opt out advantage- the organization is free to collect all the information
they want until the customer tells them to stop
Chapter 10
What is the difference between using check digit verification and a validity check to test
the accuracy of an account number entered on a transaction record?
- Check digit verification- only ensures that the account number could exist
- Validity check –verifies that the account number actually exists by searching for it
in the master file
For each of the three basic options for replacing IT infrastructure (cold sites, hot sites,
and real-time mirroring) give an example of an organization that could use that approach
as part of its DRP
...
Use the numbers 10–19 to show why transposition errors are always divisible by 9
...
What are some business processes for which an organization might use batch processing?
- When master files do not need to be updated in real time
- Payroll and dividend payments that only happen periodically but affect virtually
every account in a master file
Why do you think that surveys continue to find that a sizable percentage of organizations
either do not have formal disaster recovery and business continuity plans or have not
tested and revised those plans for more than a year?
- Likely reasons include:
o Belief that “it won’t happen to us”
o Lack of time to develop plans
o Lack of money to develop plans
o Not important to senior management (no support for planning or testing)
o Risk attitude/appetite of senior management
Discuss how cloud computing could both positively and negatively affect system
availability
...
- Recovery point objective- the maximum amount of data that the organization is
willing to potentially lose
- Recovery time objective- the length of time that the organization is willing to
attempt to function without its information system
Authentication-identifying users
Authorization- granting access
Understand sensitive vs