Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
61 Cards in this Set
- Front
- Back
- 3rd side (hint)
|
How can AIS add value to an organization? |
- Share Knowledge - Improve the internal control structure - Improve decision making |
|
|
|
What are the steps targeting planned attacks to information systems? |
1. Conduct reconnaissance 2. Attempt social engineering 3. Scan target 4. Research 5. Execute the attack 6. Cover tracks |
|
|
|
What is trust services framework? |
Provides guidance for assessing the reliability of information systems. It has 5 principals. 1. Security 2. Confidentiality 3. Privacy 4. Processing Integrity 5. Availability |
SCOPPA |
|
|
What is data diddling? |
Changing data before or during entry into a computer system in order to delete, alter, add or incorrectly update key system data. |
|
|
|
What is data management system (DBMS)? |
The program that manages & controls the data & the interfaces between the data and the application programs that used the data stored in the database. |
|
|
|
What is behavioral aspects of change? |
The positive and negative ways people react to change. Managing these behavioral reactions is crucial to successfully implementing a new system. |
|
|
|
What is the system development life cycle? |
A 5 step process used to design and implement a new system analysis. 1. System analysis 2. Conceptual design 3. Physical design 4. Implementation and conversion 5. Operations and maintenance |
|
|
|
What are the 5 steps of system analysis? |
1. Initial investigation 2. System survey 3. Feasabilty study 4. Information needs and requirements 5. System analysis report |
Analyze Bentley's Collar |
|
|
What is IP address spoofing? |
Creating internet protocol packets with a forged IP address to hide the sender's identity or to impersonate another computer system. |
|
|
|
What is a buffer overflow? |
When the ammount of data entered into a program is greater than the amount of the input buffer. |
|
|
|
What is implimentation and conversion? |
Where the company hires and trains employees, tests and modifies procedures, establishes standards and controls, completes documentation, moves to the new systems and detects and corrects design deficiencies. |
|
|
|
What are 3 ways people resist change? |
1. Agression 2. Projection 3. Avoidance |
|
|
|
What is physical design? |
Where broad user orientated conceptual design requirements are translated into the detailed specifications used to code and test software, design/ input/ output, create files, database, develop procedures and implement controls. |
|
|
|
What is conceptual design? |
Where analysts decide how to meet user needs, identify and evaluate design alternatives and develop detailed specifications for what the system is to accomplish and how to be controlled. |
Design a car for a family |
|
|
What is economic espionage? |
The theft of information, trade secrets and intellectual property. |
Theft of TII |
|
|
Why are the six components of AIS important? |
Enables AIS to fulfill 3 important business functions. 1. Collect and store data about organizational activities, resources and personnel 2. Transform data into information so management can plan, e secure, control and evaluate activities resources and personnel 3. Provide adequate controls to safeguard the organization |
CTC |
|
|
What is reliable? |
- free from error or bias - accurately represents organization events or activities |
|
|
|
Database systems advantages |
- data integration - data sharing - minimal data redundancy and data inconsistencies - data independence - cross functional analysis |
|
|
|
What is a database? |
- A set of interrelated data files that are stored with as little data redundancy as possible - A database consolidates records previously stored in separate files into a common pool and serves a variety of users and data processing applications |
|
|
|
Flowchart guidelines |
1. Understand the system 2. Clearly label all symbols 3. Draw a rough sketch of flowchart |
|
|
|
What is database system |
The combination of database, the database system and the application programs acess the database management system |
|
|
|
BPD Guidelines |
1. Understand the process 2. Decide how much detail to include 3. Organize diagram |
|
|
|
What are the different kinds of documentation? |
1. Data flow diagram (DFD) 2. Flowchart - Document FC - System FC - Program FC 3. Business Process Diagram (BPD) |
|
|
|
What is the importance of documentation tools? |
- must be able to read documentation to determine how system works - may need to evaluate docs to identify internal control strengths and weaknesses - skill is needed to prepare documentation - important for accountants - SOX requirements - auditors |
|
|
|
What is a Data Flow Diagram? |
Graphical description of data sources, data flows, transformation process, data storage and data destinations |
|
|
|
What are the disadvantages of ERP system? |
- cost - ammount of time required - changes to business process - complexity - resistance |
CRACC |
|
|
What are the advantages of ERP system? |
- integrated single view of an organization - data captured or keyed once - management gains greater visibility - organizations gain better acess control - procedures standardized across business - improved customer service |
|
|
|
What are the 4 data processing activities? |
1. Creating new data records 2. Reading, retrieving or viewing existing data 3. Updating previously stored data 4. Deleting Data |
|
|
|
What is a business process diagram? |
- graphical descriptions of the business processes used by a company - a visual way to describe the different steps or activities in a business process |
|
|
|
What is a fraud triangle |
3 conditions present when fraud occurs 1. Pressure; person's incentive or motivation to commit fraud. There are 3 types of pressures ( financial, emotional and lifestyle) 2. Opportunities; condition or situation including one's personal ability that allows one to commit the fraud, conceal the fraud, convert the theft to personal gain 3. Rationalize; allows one to justify their illegal behavior or make excuses for their actions. |
|
|
|
What is social engineering? |
Techniques or psychological tricks use to get people to comply with the perpetrator wishes in order to gain physical or logical access to buildings, computers, servers or networks, and to get the information needed to acess the system and obtain confidential data |
|
|
|
What is system analysis? |
Where the information needed to purchase, develop or modify a system is gathered |
Gathering all your information together |
|
|
What is a data(base) dictionary? |
Contains information about the structure of the database, including the description of each data element |
Elements!!!!!! |
|
|
Response to Information Security Approach |
- CIRT - CISO |
|
|
|
What are the different types of dbms language? |
- Data definition language (DDL) - Data manipulation language (DML) - Data query language (DQL) |
|
|
|
What is time based model of security? |
Implementing a combination of preventative detective and corrective controls that protect information assets long enough to enable an organisation to recognise that attack is occurring and take steps to prevent it before any information is lost or compromised |
|
|
|
What is DQL? |
Data query language - high level English like language - contains powerful, easy to use commands that enable users to retrieve, sort, order and display data |
|
|
|
What are the six components of AIS? |
1. The people who use the system 2. Procedures and instructions used to collect process and store data 3. The data about the organisation and it's business activities 4. Software used to process data 5. The I.T infrastructure including computers devices network communication use in the AIS 6. Internal controls and security measures that Safeguard AIS data |
|
|
|
Define data processing cycle |
The four operations (data input, data storage, data processing and information output) performed on data to generate meaningful and relevant information |
|
|
|
What is data input? |
1. Capture transaction data and enter them into the system 2. Make sure captured data is accurate and complete 3. Make sure company policies are followed |
|
|
|
What is ddl? |
Data definition language -Builds the data dictionary -creates the data base - describes logical views for each user - specifies record ot field security constraints |
|
|
|
What is the value chain? |
- linking together of all the primary and support activities in a business - value is added as a product passes through the chain - value chain is part of a larger system called supply chain |
|
|
|
Information security approach; what is protection? |
- creating security aware culture - user acess controls - penetration testing - change control and change management - firewalls - software hardening - physical security |
|
|
|
State information security approaches |
- protection - detection - response |
|
|
|
What is feasibility analysis? |
An investigation to determine whether it is practical to develop a new application or system 1. Economic feasibility 2. Technical feasibility 3. Legal feasibility 4. Scheduling feasibility 5. Operational feasibility |
Lost - e |
|
|
Why do behavioural problems occur? |
-Fear -top management support -experience with prior changes -communication - disruptive nature of change -manner in which change is introduced -bias and emotions -personal characteristics and background |
|
|
|
What is operational feasibility |
Determining if your organisation has access to people who can design implement and operate the proposed system and if employees will use the system |
|
|
|
What is data sharing |
Integrated data is more easily shared with authorised users |
|
|
|
What is DNS spoofing |
Sniffing the ID of a DNS request and replying before the real DNS server |
|
|
|
What are the different kinds of spoofing |
Email spoofing caller ID spoofing IP address spoofing address resolution protocol spoofing SMS spoofing DNS spoofing webpage spoofing |
|
|
|
What is data mining |
Using sophisticated analysis to discover unhypotisized relationships in the data |
|
|
|
What is OLAP |
Online analytical processing - using queries to investigate hypothesized among data |
|
|
|
What is business intelligence |
Analyzing large amounts of data for strategic decision making |
|
|
|
What is a program flow charts |
Shows the sequence of logical operations a computer performs as it executes a program |
|
|
|
What are the two main techniques used in business intelligence |
-OLAP -DATA MINING |
|
|
|
What is DML? |
Data manipulation language -Changes data base content |
|
|
|
What is a document flowchart |
Shows the flow of documents and information between departments or area of responsibility |
|
|
|
What is a system flowchart |
Shows the relationship among the input, processing and output in an information system |
|
|
|
What is web page spoofing |
Sending an electronic message pretending to be a legitimate company usually a financial institution and requesting information or verification of information and often warning a consequence if not provided. information gathered is used to commit identity theft or to steal funds from the victims account |
|
|
|
What is an ERP system |
A software that integrates all aspects of an organisation's activities such as accounting, finance, marketing, human resources, manufacturing inventory management into one system |
|
|
|
Information security approach - detection |
- log analysis - intrusion detection systems - continuous monitoring |
|
