Chapter 8- Exam 2
About this set
Created by:
sficken on March 9, 2009
Subjects:
accounting information systems
Log in to favorite or report as inappropriate.
Order by
91 terms
Terms | Definitions |
|---|---|
 reliable | when it and its data are protected from loss, compromise, and theft; when one can depend on the system and the information it produces |
| confidentiality, privacy, processing integrity, availability | five basic principles of system reliability |
| security | principle that states the system is protected against unauthorized access (both physical and logical) |
| security | principle that is the foundation of system reliability and upon which the other four principles are built |
| virtual private network (VPN) | encrypting information before sending it over the Internet |
| employee use of email and instant messaging | two greatest threats to protecting confidential or private data |
| confidentiality principle | protecting private information is most closely related to what other principle of system reliability |
| Heath Insurance Portability and Accountability Act (HIPAA) and Financial Services Modernization Act (Gramm-Leach-Biley Act) | US laws that require protection of customer's private data |
| management | the organization establishes a set of procedures and policies for protecting the privacy of personal information it collects and assigns responsibility and accountability for those policies to a specific person or group of employees |
| notice | the organization provides notice about its privacy policies and practices at or before the time it collects personal information from customers, or as soon as practicable thereafter |
| choice and consent | the organization describes the choices available to individuals and obtains their consent to the collection and use of their personal information |
| collection | the orgnization collects only that information needed to fulfill the purposes stated in its privacy policies |
| use and retention | the organization usesits customers' personal information only in the manner described in its stated privacy policies and retains that information only as long as it is needed. |
| access | the organization provides individuals with the ability to access, review, correct, and delete, the personal information stored about them |
| disclosure to third parties | the organization discloses customers' personal information to third parties only in the situations and manners described in its privacy policies and only to their parties who provide equivalent protection of that information |
| security | the organization takes reasonable steps to protect customers' personal info. from loss or unauthorized disclosure |
| quality | the organization maintains the integrity of its customers' personal info. |
| monitoring and enforcement | the organization assigns one or more employees to be responsible for assuring compliance with its stated privacy policies and periodically verifies compliance with those policies |
| cookie | a text file created by a web site and stored on a visitor's hard drive |
| Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act in 2003 | the sender's identity must be clearly displayed in the header of the message, the subject field in the header must clearly identify the message as an advertisement or solicitation; the body of the message must provide recipients with a working link that can be used to opt out of future email and must include the sender's valid postal address; organizations should not send commercial email to randomly generated addresses, nor should they set up web sites designed to "harvest" email addresses of potential customers |
| availability | concerned with minimizing risk |
| preventative maintenance | such as cleaning sik drives and properly storing magnetic and optical media, to reduce the risk of hardware and software failure |
| fault tolerance | the use of redundant components, such as dual processors and arraysof multiple hard drives; this concept enables a system to continue functioning in the event that a particular component fails |
| physical location and design of rooms housing computing resources | to minimize the risk associated with natural and man-made disasters |
| un-interruptible power supply (UPS) | provides protection in the event of a prolonged power outage, using battery power to enable the system to operate long enough to back up critical data and safely shut down |
| training | well-trained operators are less likely to make mistakes and will know how to recover with minimal damage from errors they do commit |
| disaster recovery and business continuity plan | the plan that prepares an entity to recover its operations and data processing capacities as smoothly and quickly as possible in response to any emergency that could disable the company and its AIS |
| backup | an exact copy of the most current version of a database, file, or software program; provides fault tolerance, being intended for use in the event of a hardware of software failure |
| restoration | process of installing the backup copy for use |
| full backup, incremental backup, differential backup | 3 type of data backup procedures |
| full backup | an exact copy of all information (files, data, software) on the computer system |
| differential backup | a copy of only the data that has changed since the last full backup |
| incremental backup | a copy of only the data that has changed since the last full, incremental, or differential backup |
| full backup | backup that's more time consuming |
| incremental backup | backup that's the least time consuming |
| recovery point objective (RPO) | the maximum length of time for which an entity is willing to risk the possible loss of transaction data; tells us how long you are willing to go without backing up |
| real-time mirroring | to eliminate the need for back-ups; process involves maintaining two copies of the database at two separate data centers at all times and updating both copies in real-time as each transaction occurs |
| back up media | where back ups should be stores |
| archive | a copy of a databse, master file, or software that is retained indefinitely as a historical record, unusually to satisfy legal and regulatory requirements |
| recovery time objective (RTO) | how long mgmt thinks the organization can function without access to its information |
| reciprocal agreements | agreements with an organization that uses similar equipment to have temporary access to and use of their IS resource |
| cold site | an empty building already wired for necessary telephone and computer systems and contracts with vendors to provide all necessary computer and office equipment |
| hot site | a facility containing all the telephones and computer systems a company would need to perform its essential business activities |
| processing integrity | concerned with producing information |
| garbage-in garbage-out (GIGO) | the belief that entering inaccurate or imcomplete data into a system will produce bad system output/information |
| forms design | an input control that states source documents and other forms hsould e designed to help ensure that errors and omissions are minimized |
| turnaround document | records of company data send to an external party and then returned to the system as input; example: utility bill |
| cancellation and storage of documents | an input control that states documents that have been entered into the system should be canceled so they cannot be inadvertently or fraudulently reentered into the system. |
| authorization and segregation of duties | an input control that states source documents should be prepared only by authorized personnel acting within their authority and authorized person should not be assigned other incompatible functions |
| visual scanning | an input control to help ensure that data entered into the system is valid, authorized, complete, and accurate |
| field check | a test that determines if all the characters in a field are of the proper type |
| sign check | a test that determines if the data in a field has the appropriate sign (positive or negative) |
| limit check | a test that determines if the data in a field does not exceed a predetermined amount |
| range check | a test that determines if the data in a field falls within a predetermined lower limit and upper limit |
| size check | a test that determines if the data to be placed into a field exceeds the number of characters allowed for the field |
| completeness check | a test that determines if all required data items for an input screen have been entered |
| validity check | a test that compares data entered into a field against the corresponding master file to determine if the data entered is a valid entity in the master file |
| reasonableness test | a test of the logical relationship between two data terms |
| check digit | a number in a code that is computed by all the other numbers in the code |
| check digit verification | a test of whether the check digit can be computed based on the other digits in the entry (whether the check digit is valid) |
| sequence check | a test of the order of records in a batch to determine if they are in the proper numerical or alphabetical order |
| error log | a listing of data input errors and data processing errors |
| batch totals | summarization of key values in a batch |
| financial total | a batch total that sums a field that contains dollar values |
| hash total | a batch total that sums a non financial numerical field |
| record count | a batch total that counts the number of records in the batch |
| prompting | data input process where the system requests each input item and waits for an acceptable response |
| preformatting | data input process where the system displays a document with highlighted blank spaces and waits for the data to be recorded |
| closed-loop verification | data input process where the system checks the accuracy of input data by using it to retrieve and display other related information; enter customer # and it retrieves info. from master file and displays it for verification |
| transaction log | a log that list all data entered into the system, the date and time entered, the terminal from which information was entered and who entered the data |
| processing controls | needed to ensure that data is processed correctly |
| data matching | a processing control that requires two or more items of data to be matched before an action can take place |
| file labels | a processing control to ensure that the correct and most current files are being updated |
| header record | a record located at the beginning of each file that contains the file name, expiration date, and other identification of the data in the file |
| trailer record | a record located at the end of a file that contains the batch totals for the data included in the file |
| recalculation of batch totals | a processing control that indicates the occurrence of a processing eror because the batch totals during processing do not equal the batch total included in the trailer record |
| cross-footing balance and zero-balance test | a processing control that assures amounts were correctly processed by total1ing |
| cross-footing | a procedure to assure that the grand total in a worksheet (or table) is correct by totaling both across then down and down then across |
| zero-balance test | a test to assure correctness by knowing the total of an account should be zero |
| write-protection mechanisms | a processing control that protects against the writing over or erasing of data stored on magnetic media (either accidentally or intentionally); example floppy disk and VCR tape (lock to make permanent or to save) |
| database processing integrity controls | a processing control to ensure that the sytem is updated/changed only in accordance with the procedures established by the database administrator |
| concurrent update controls | a system control that protects records from errors that occur when two ormore users attempt to update the same record simultaneously; accomplished by locking out one user until the system has finished processing the update entered by another user |
| user review of output | an output control where users should carefully examine system output for reasonableness, completeness, and that they are the intended recipient |
| reconciliation procedures | an output control that states system output should be reconciled to control reports, file status/update reports, or other control mechanisms |
| external data reconciliation | an output control that states database total should be periodically reconciled with data maintained outside the system |
| parity checking | an output control concerned with transmission of data received, that verifies the proper number of bits per character were received and the bits received equal the parity bit |
| parity bit | an extra digit added to each character of data transmitted and computed from the other digits in the character |
| message acknowledgment | an output control that let the sender of an electronic message know the message was received |
| echo check | a message acknowledgment technique where the receiving computer sends the received message back to the sending device so the sending device can verify that the receiving unit got the correct message |
| trailor record | a message acknowledgment technique where the sending computer stores control totals in here, and the receiving unit uses that information to verify the entire message was received |
| numbered batches | a message acknowledgement technuique where the batches being transmitted are numbered sequentially and the receiving unit uses those numbers to properly assemble the batches |
First Time Here?
Welcome to Quizlet, a fun, free place to study. Try these flashcards, find others to study, or make your own.