Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
111 Cards in this Set
- Front
- Back
|
active threats |
computer fraud and computer sabotage. |
|
|
adware |
a type of spyware the displays advertisements, typically in pop-up windows. |
|
|
archive bit |
a bit used to determine whether or not a file has been altered. |
|
|
backdoor |
a method of covertly eluding normal authentication procedures while accessing a computer system. |
|
|
black hat hackers |
hackers tha t attack systems for illegitimate reasons. |
|
|
botnets |
collections of tens or hundreds of thousands of zombie computers that are often used to engage in malicious conduct, such as DoS attacks against Web sites, e-mail servers, and distributed name servers. |
|
|
business continuity plan |
a strategy to mitigate disruption to business operations in the event of a disaster. |
|
|
code injection |
a type of exploit that involves tricking a computer program to accept and run software supplied by a user. |
|
|
database shadowing |
a duplicate of all transactions is automatically recorded. |
|
|
denial-of-service (DoS) attacks |
involve flooding victims with such enormous amounts of illegitimate network traffic that the victims can no longer process legitimate traffic. |
|
|
distributed DoS attack |
a DoS attack that is distributed over many different nodes on the Internet or other network. The attack is typically coordinated through a botnet. |
|
|
dumpster diving |
sifting through garbage to find confidential information such as discarded bank statements, department store bills, utility bills, and tax returns. |
|
|
emergency response team |
individuals who direct the execution of a disaster recovery plan. |
|
|
exploit |
occurs when a hacker takes advantage of a bug, glitch, or other software or hardware vulnerability to obtain unauthorized access to computer resources. |
|
|
file-access controls |
prevent unauthorized access to both data and program files. |
|
|
flying-start site |
an alternate processing site that contains the necessary wiring and equipment, and also up-to-date backup data and software. |
|
|
full backup |
all files on a given disk are backed up. |
|
|
grid computing |
involves clusters of interlinked computers that share common workloads. Individual computers can be linked locally or across different locations within the Internet. |
|
|
hackers |
individuals who attack computer systems for fun, challenge, profit, revenge, or other nefarious motives. |
|
|
hypervisor |
in software environments involving virtualization, the master program that controls the individual instances of operating systems running in the virtual machine. |
|
|
information security |
protecting information to provide confidentiality, integrity, and availability. |
|
|
information security management system (ISMS) |
the subsystem of the organization that controls risks relating to information security. |
|
|
keyboard loggers |
secretly record and transmit to the hacker all the victim’s keystrokes. |
|
|
layered approach to access control |
erecting multiple layers of access control that separate a would-be perpetrator from potential targets. |
|
|
malware |
any type of malicious software. |
|
|
passive threats |
system faults and natural disasters. |
|
|
phishing |
a form of social engineering that is aimed at tricking its victims into giving information (e.g., passwords), money, or other valuable assets to the perpetrator. |
|
|
pretexting |
a form of social engineering in which the perpetrator impersonates another person, typically in a phone call or electronic communication. |
|
|
qualitative approach to risk assessment |
a system’s vulnerabilities and threats are listed and subjectively ranked in order of their contribution to the company’s total loss exposures. |
|
|
quantitative approach to risk assessment |
each loss exposure is computed as the product of the cost of an individual loss times the likelihood of its occurrence. |
|
|
risk management |
the process of assessing and controlling computer system risks. |
|
|
service bureau |
provides data processing services to companies who choose not to process their own data. |
|
|
shoulder surfing |
the surreptitious direct observation of confidential information. |
|
|
site-access controls |
controls that physically separate unauthorized individuals from information system resources. |
|
|
social engineering |
involves manipulating victims in order to trick them into divulging privileged information. |
|
|
software as a service (SaaS) |
IT-related capabilities provided as a service via the Internet. |
|
|
software piracy |
the copying and distributing of copyrighted software without permission. |
|
|
spyware |
Trojans that seek to gain the victim’s personal information or modify the victim’s interaction with his or her computer in a way that provides some financial or other gain to the perpetrator. |
|
|
system-access controls |
software-oriented controls designed to keep unauthorized users from using the system by such means as account numbers, passwords, and hardware devices. |
|
|
system faults |
system component failures, such as disk failures or power outages. |
|
|
threat |
a potential exploitation of a system vulnerability. |
|
|
Trojan horse |
a malicious program masquerading as a legitimate one or that appears to come from a legitimate source. |
|
|
virtualization |
involves running multiple operating systems or multiple copies of the same operating system, all on the same machine. |
|
|
virus |
malware that replicates itself and thus spread throughout a computer or a network. |
|
|
Vulnerability |
a weakness in a system. |
|
|
vulnerability scanner |
the same thing as a port scanner |
|
|
worm |
a type of malware program that spreads itself over a computer network. |
|
|
batch processing |
accumulating source documents into groups for processing on a periodic basis. |
|
|
check digit |
an extra digit added to a code number that is verified by applying mathematical calculations to the individual digits in the code number. |
|
|
continuous operations auditing |
the use of programmed edit tests to discriminate between acceptable and nonacceptable data values so that some items are either held in suspense of processing until audited or collected for audit after processing. |
|
|
input document control form |
documents batch control totals for batches of input data transmitted between user departments and the data processing department. |
|
|
key verification |
a control procedure to ensure the accuracy of key-transcribed input data. |
|
|
limit test |
an edit program checks the value of a numeric data field as being within a range of certain predefined limits. |
|
|
line coding |
assigning codes to items in the general ledger that indicate the item’s use and placement in financial statements. |
|
|
master file |
contains data that are permanent or of continuing interest. |
|
|
online, real-time systems (OLRS) |
computer systems that process input data immediately after they are input and can provide immediate output to users. |
|
|
output controls |
designed to check that processing results in valid output and that outputs are distributed properly to users. |
|
|
output distribution register |
a log maintained to control the disposition of output and reports. |
|
|
point-of-sale (POS) system |
technology that enhances the traditional cash register to allow it to function as a source data entry device for sales transactions. |
|
|
program data editing |
a software technique used to screen data for errors prior to computer processing. |
|
|
real-time processing |
immediate or fast-response processing. |
|
|
reference file |
contains data that are necessary to support data processing. |
|
|
son–father–grandfather retention |
retaining the old master (i.e., father) and the transaction file for backup over the new master file (i.e., son). |
|
|
source documents |
the physical evidence of inputs into the transaction processing system. |
|
|
table file |
synonym for reference file. |
|
|
table lookup |
an edit program compares the value of a field with the acceptable values contained in a table file. |
|
|
tagging |
audit-oriented information that is included with original transaction data when they are recorded. |
|
|
transaction file |
a collection of transaction input data. |
|
|
transaction processing system |
a system that collects and processes transactions and provides immediate output concerning processing. |
|
|
valid code check |
a table-lookup procedure in which the table file consists of valid data codes. |
|
|
approved vendor list |
a list of vendors approved for use by the purchasing function. |
|
|
attribute rating |
an approach to vendor selection that identifies, lists, and evaluates several different aspects concerning a vendor. |
|
|
blind count |
counters in receiving do not have access to quantities shown on purchase orders. |
|
|
built-up voucher system |
the accumulation of several invoices from the same vendor independent paymaster the person who distributes pay is independent of the payroll preparation process. |
|
|
invoice verification |
the review of purchasing documentation prior to authorizing payment to vendors. |
|
|
procurement |
the business process of selecting a source, ordering, and acquiring goods or services. |
|
|
purchase order |
document issued to a vendor to initiate a purchase. |
|
|
purchase requisition |
document used to request a purchase. |
|
|
receiving report |
prepared to document the receipt of deliveries from vendors. |
|
|
request for quotation |
documents used to request competitive bids from vendors. |
|
|
voucher package |
a collection of documents that are reviewed and approved to authorize a disbursement. |
|
|
voucher system |
a system in which every organizational expenditure must be documented with an approved voucher. |
|
|
activity-based costing (ABC) |
a system that calculates several overhead rates, one for each manufacturing activity, and uses these rates to build product costs from the costs of the specific activities undertaken during production. |
|
|
advanced integration technologies (AIT) |
consist of EDI and automatic identification. |
|
|
bill-of-materials |
lists the raw materials necessary to produce a product. |
|
|
computer-aided design and drafting (CADD) |
the use of computer software to perform engineering functions. |
|
|
computer-aided manufacturing (CAM) |
includes software for defining the manufacturing process, tools to improve process productivity, and decision-support systems to aid in the control and monitoring of the production process. |
|
|
computer-integrated manufacturing (CIM) |
system integrates the physical manufacturing system and the MRP II systems. |
|
|
cost driver |
an element that influences the total cost of an activity. |
|
|
economic order quantity (EOQ) |
the order quantity that minimizes total inventory cost. |
|
|
factor availability reports |
reports that communicate the availability of labor and machine resources. |
|
|
finite element analysis |
a mathematical method used to determine mechanical characteristics, such as stresses of structures under load. |
|
|
flexible manufacturing system (FMS) |
a CAM system that incorporates programmable production processes that can be reconfigured quickly to produce different types of products. |
|
|
industrial robot |
a device designed to move materials, parts, tools, or specialized devices through variable programmed motions for the performance of a variety of tasks. |
|
|
inventory status reports |
reports that detail the resources available in inventory. |
|
|
investment register |
a systematic list of investments maintained for control purposes. |
|
|
job costing production |
costs are assigned to production orders. |
|
|
lean production |
a system in which items are produced only as they are required in subsequent operations. |
|
|
manufacturing resource planning (MRP II) |
system comprises the MRP system and the related systems for sales, billing, and purchasing. |
|
|
master operations list |
identifies and specifies the sequencing of all labor operations and |
|
|
materials requirements planning (MRP) system |
the use of computers in production planning and control systems, particularly applications in materials control systems. |
|
|
materials requisitions |
documents that authorize the release of raw materials to the production departments. |
|
|
production status reports |
reports that detail the work completed on individual production orders as they move through the production process. |
|
|
process costing production |
costs are compiled by department rather than by job. |
|
|
production order |
document that authorizes the production departments to make certain products. |
|
|
quick-response manufacturing system a CIM |
system in which the physical manufacturing system and the MRP II systems are integrated with AIT. |
|
|
reorder point |
the level of inventory at which it is desirable to order or produce additional items to avoid an out-of-stock condition. |
|
|
routings (RTGs) |
documents that indicate the sequence of operations required to manufacture a product. |
|
|
solids modeling |
the mathematical representation of a part as a solid object in computer memory. |
|
|
statistical process |
control procedures used to determine whether a manufacturing process is under control, which involve comparing process outputs to engineering specifications. |
|
|
vendor-based coding |
having a purchaser (i.e., retailer) use a vendor’s product codes as its own product codes for the same products. |
