• Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off

Card Range To Study



Play button


Play button




Click to flip

Use LEFT and RIGHT arrow keys to navigate between flashcards;

Use UP and DOWN arrow keys to flip the card;

H to show hint;

A reads text to speech;

111 Cards in this Set

  • Front
  • Back

active threats

computer fraud and computer sabotage.


a type of spyware the displays advertisements, typically in pop-up windows.

archive bit

a bit used to determine whether or not a file has been altered.


a method of covertly eluding normal authentication procedures while accessing a computer system.

black hat hackers

hackers tha t attack systems for illegitimate reasons.


collections of tens or hundreds of thousands of zombie computers that are often used to engage in malicious conduct, such as DoS attacks against Web sites, e-mail servers, and distributed name servers.

business continuity plan

a strategy to mitigate disruption to business operations in the event of a disaster.

code injection

a type of exploit that involves tricking a computer program to accept and run software supplied by a user.

database shadowing

a duplicate of all transactions is automatically recorded.

denial-of-service (DoS) attacks

involve flooding victims with such enormous amounts of illegitimate network traffic that the victims can no longer process legitimate traffic.

distributed DoS attack

a DoS attack that is distributed over many different nodes on the Internet or other network. The attack is typically coordinated through a botnet.

dumpster diving

sifting through garbage to find confidential information such as discarded bank statements, department store bills, utility bills, and tax returns.

emergency response team

individuals who direct the execution of a disaster recovery plan.


occurs when a hacker takes advantage of a bug, glitch, or other software or hardware vulnerability to obtain unauthorized access to computer resources.

file-access controls

prevent unauthorized access to both data and program files.

flying-start site

an alternate processing site that contains the necessary wiring and equipment, and also up-to-date backup data and software.

full backup

all files on a given disk are backed up.

grid computing

involves clusters of interlinked computers that share common workloads. Individual computers can be linked locally or across different locations within the Internet.


individuals who attack computer systems for fun, challenge, profit, revenge, or other nefarious motives.


in software environments involving virtualization, the master program that controls the individual instances of operating systems running in the virtual machine.

information security

protecting information to provide confidentiality, integrity, and availability.

information security management system (ISMS)

the subsystem of the organization that controls risks relating to information security.

keyboard loggers

secretly record and transmit to the hacker all the victim’s keystrokes.

layered approach to access control

erecting multiple layers of access control that separate a would-be perpetrator from potential targets.


any type of malicious software.

passive threats

system faults and natural disasters.


a form of social engineering that is aimed at tricking its victims into giving information (e.g., passwords), money, or other valuable assets to the perpetrator.


a form of social engineering in which the perpetrator impersonates another person, typically in a phone call or electronic communication.

qualitative approach to risk assessment

a system’s vulnerabilities and threats are listed and subjectively ranked in order of their contribution to the company’s total loss exposures.

quantitative approach to risk assessment

each loss exposure is computed as the product of the cost of an individual loss times the likelihood of its occurrence.

risk management

the process of assessing and controlling computer system risks.

service bureau

provides data processing services to companies who choose not to process their own data.

shoulder surfing

the surreptitious direct observation of confidential information.

site-access controls

controls that physically separate unauthorized individuals from information system resources.

social engineering

involves manipulating victims in order to trick them into divulging privileged information.

software as a service (SaaS)

IT-related capabilities provided as a service via the Internet.

software piracy

the copying and distributing of copyrighted software without permission.


Trojans that seek to gain the victim’s personal information or modify the victim’s interaction with his or her computer in a way that provides some financial or other gain to the perpetrator.

system-access controls

software-oriented controls designed to keep unauthorized users from using the system by such means as account numbers, passwords, and hardware devices.

system faults

system component failures, such as disk failures or power outages.


a potential exploitation of a system vulnerability.

Trojan horse

a malicious program masquerading as a legitimate one or that appears to come from a legitimate source.


involves running multiple operating systems or multiple copies of the same operating system, all on the same machine.


malware that replicates itself and thus spread throughout a computer or a network.


a weakness in a system.

vulnerability scanner

the same thing as a port scanner


a type of malware program that spreads itself over a computer network.

batch processing

accumulating source documents into groups for processing on a periodic basis.

check digit

an extra digit added to a code number that is verified by applying mathematical calculations to the individual digits in the code number.

continuous operations auditing

the use of programmed edit tests to discriminate between acceptable and nonacceptable data values so that some items are either held in suspense of processing until audited or collected for audit after processing.

input document control form

documents batch control totals for batches of input data transmitted between user departments and the data processing department.

key verification

a control procedure to ensure the accuracy of key-transcribed input data.

limit test

an edit program checks the value of a numeric data field as being within a range of certain predefined limits.

line coding

assigning codes to items in the general ledger that indicate the item’s use and placement in financial statements.

master file

contains data that are permanent or of continuing interest.

online, real-time systems (OLRS)

computer systems that process input data immediately after they are input and can provide immediate output to users.

output controls

designed to check that processing results in valid output and that outputs are distributed properly to users.

output distribution register

a log maintained to control the disposition of output and reports.

point-of-sale (POS) system

technology that enhances the traditional cash register to allow it to function as a source data entry device for sales transactions.

program data editing

a software technique used to screen data for errors prior to computer processing.

real-time processing

immediate or fast-response processing.

reference file

contains data that are necessary to support data processing.

son–father–grandfather retention

retaining the old master (i.e., father) and the transaction file for backup over the new master file (i.e., son).

source documents

the physical evidence of inputs into the transaction processing system.

table file

synonym for reference file.

table lookup

an edit program compares the value of a field with the acceptable values contained in a table file.


audit-oriented information that is included with original transaction data when they are recorded.

transaction file

a collection of transaction input data.

transaction processing system

a system that collects and processes transactions and provides immediate output concerning processing.

valid code check

a table-lookup procedure in which the table file consists of valid data codes.

approved vendor list

a list of vendors approved for use by the purchasing function.

attribute rating

an approach to vendor selection that identifies, lists, and evaluates several different aspects concerning a vendor.

blind count

counters in receiving do not have access to quantities shown on purchase orders.

built-up voucher system

the accumulation of several invoices from the same vendor independent paymaster the person who distributes pay is independent of the payroll preparation process.

invoice verification

the review of purchasing documentation prior to authorizing payment to vendors.


the business process of selecting a source, ordering, and acquiring goods or services.

purchase order

document issued to a vendor to initiate a purchase.

purchase requisition

document used to request a purchase.

receiving report

prepared to document the receipt of deliveries from vendors.

request for quotation

documents used to request competitive bids from vendors.

voucher package

a collection of documents that are reviewed and approved to authorize a disbursement.

voucher system

a system in which every organizational expenditure must be documented with an approved voucher.

activity-based costing (ABC)

a system that calculates several overhead rates, one for each manufacturing activity, and uses these rates to build product costs from the costs of the specific activities undertaken during production.

advanced integration technologies (AIT)

consist of EDI and automatic identification.


lists the raw materials necessary to produce a product.

computer-aided design and drafting (CADD)

the use of computer software to perform engineering functions.

computer-aided manufacturing (CAM)

includes software for defining the manufacturing process, tools to improve process productivity, and decision-support systems to aid in the control and monitoring of the production process.

computer-integrated manufacturing (CIM)

system integrates the physical manufacturing system and the MRP II systems.

cost driver

an element that influences the total cost of an activity.

economic order quantity (EOQ)

the order quantity that minimizes total inventory cost.

factor availability reports

reports that communicate the availability of labor and machine resources.

finite element analysis

a mathematical method used to determine mechanical characteristics, such as stresses of structures under load.

flexible manufacturing system (FMS)

a CAM system that incorporates programmable production processes that can be reconfigured quickly to produce different types of products.

industrial robot

a device designed to move materials, parts, tools, or specialized devices through variable programmed motions for the performance of a variety of tasks.

inventory status reports

reports that detail the resources available in inventory.

investment register

a systematic list of investments maintained for control purposes.

job costing production

costs are assigned to production orders.

lean production

a system in which items are produced only as they are required in subsequent operations.

manufacturing resource planning (MRP II)

system comprises the MRP system and the related systems for sales, billing, and purchasing.

master operations list

identifies and specifies the sequencing of all labor operations and

materials requirements planning (MRP) system

the use of computers in production planning and control systems, particularly applications in materials control systems.

materials requisitions

documents that authorize the release of raw materials to the production departments.

production status reports

reports that detail the work completed on individual production orders as they move through the production process.

process costing production

costs are compiled by department rather than by job.

production order

document that authorizes the production departments to make certain products.

quick-response manufacturing system a CIM

system in which the physical manufacturing system and the MRP II systems are integrated with AIT.

reorder point

the level of inventory at which it is desirable to order or produce additional items to avoid an out-of-stock condition.

routings (RTGs)

documents that indicate the sequence of operations required to manufacture a product.

solids modeling

the mathematical representation of a part as a solid object in computer memory.

statistical process

control procedures used to determine whether a manufacturing process is under control, which involve comparing process outputs to engineering specifications.

vendor-based coding

having a purchaser (i.e., retailer) use a vendor’s product codes as its own product codes for the same products.