Upgrade to remove ads
Only $35.99/year

AIS Ch15 Terms

Terms in this set (47)

operating system (OS)
Performs the tasks that enable a computer to operate; comprised of system utilities and programs.
operating system functions
ensure integrity of the system
control the flow of multiprogramming and tasks of scheduling in the computer
allocate computer resources to users and applications
manage the interfaces with the computer
operating system control objectives
protect itself from users
protect users from each other
protect users from themselves
protected from itself
protected from its environment
database
A shared collection of logically related data for various uses.
database system
A term typically used to encapsulate the constructs of a data model, database management system (DBMS), and database.
data warehouse
A collection of information gathered from an assortment of external and operational (i.e, internal) databases to facilitate reporting for decision making and business analysis.
operational database
Often includes data for the current fiscal year only.
data mining
A process of using sophisticated statistical techniques to extract and analyze data from large databases to discern patterns and trends that were not previously known.
drill-down, consolidation, time-series analysis, exception reports, what-if simulations
data governance
The convergence of data quality, data management, data policies, business process management, and risk management surrounding the handling of data in a firm.
local area network (LAN)
A group of computers, printers, and other devices connected to the same network that covers a limited geographic range such as a home, small office, or a campus building.
local area network (LAN)
hubs and switches; packets
hub
Contains multiple ports.
switches
An intelligent device that provides a path for each pair of connections on the switch by storing address information in its switching tables.
MAC (media access control) address
A designated address that is connected to each device via the network and only sees traffic. Related to switches. Each device cannot eavesdrop on network traffic intended for other recipients.
wide area network (WAN)
Links different sites together; transmits information across geographically dispersed LANs; and covers a broad geographic area such as a city, region, nation, or an international link.
wide area network (WAN) 3 main purposes
provide remote access to employees or customers
link two or more sites within the firm
provide corporate access to the internet
wide area network (WAN)
firewalls and routers
router
Software-based intelligent device that chooses the most efficient communication path through a network to the required destination.
firewall
A security system comprised of hardware and software that is built using routers, servers, and a variety of software.
virtual private network (VPN)
Securely connects a firm's WANs by sending/receiving encrypted packets via virtual connections over the public Internet to distant offices, salespeople, and business partners.
remote access
Connection to a data-processing system from a remote location—for example, through a virtual private network.
wireless network
Comprised of two fundamental architectural components: access points and stations.
access point
Logically connects stations to a firm's network.
station
A wireless endpoint device equipped with a wireless network interface card.
benefits of wireless technology
mobility, rapid deployment, flexibility/scalability
general security objectives for both wired and wireless LANs
confidentiality, integrity, availability, access control
eavesdropping
the attacker passively monitors wireless networks for data, including authentication credentials
man-in-the-middle
The attacker actively intercepts communications between wireless clients and access points to obtain authentication credentials and data.
masquerading
The attacker impersonates an authorized user and gains certain unauthorized privileges to the wireless network
message modification
The attacker alters a legitimate message sent via wireless networks by deleting, adding to, changing, or reordering it
message replay
the attacker passively monitors transmissions via wireless networks and retransmits messages, acting as if the attacker was a legitimate user
misappropriation
the attacker steals or makes unauthorized use of a service
traffic analysis
the attacker passively monitors transmissions via wireless networks to identify communication patterns and participants
rogue access points
the attacker sets up an unsecured wireless network near the enterprise with an identical name and intercepts any messages sent by unsuspecting users who log onto it
management, operational, technical
security controls for wireless networks - 3 groups
management controls
assigning roles and responsibilities, creating policies and procedures, conducting risk assessment on a regular basis
Ex - determining which parties are authorized and responsible for installing and configuring access points and other wireless network equipment; types of information that may or may not be sent over wireless networks; and how transmission over wireless networks should be protected, including requirements for the use of encryption and for cryptographic key management
operational controls
protecting a firm's premise and facilities, preventing and detecting physical security breaches, and providing security training to employees, contractors, or third party users
Ex - define and document security roles and responsibilities; terms and conditions of employment; awareness training and updates
technical controls
security controls that are primarily implemented and executed through mechanisms contained in computing-related equipment, including access point management and encryption setup. change default configuration of all access points (SSID, admin credentials, radio signal strength, remote web-based configuration, internet protocol)
computer-assisted audit techniques (CAATs)
Essential tools for auditors to conduct an audit in accordance with heightened auditing standards.
audit around the computer (or black-box approach)
Auditors test the reliability of computer-generated information by first calculating expected results from the transactions entered into the system. Then, the auditors compare these calculations to the processing or output results.
audit through the computer (or white-box approach)
Requires auditors to understand the internal logic of the system/application being tested.
test data technique
Uses a set of input data to validate system integrity.
parallel simulation
Attempts to simulate the firm's key features or processes.
integrated test facility (ITF)
An automated technique that enables test data to be continually evaluated during the normal operation of a system.
embedded audit module (EAM)
A programmed audit module that is added to the system under review.
generalized audit software (GAS)
Frequently used to perform substantive tests and used for testing of controls through transactional data analysis.
mathematical computations, stratification, statistical analysis, sequence checking, duplicate checking, recomputation
continuous audit
Performing audit-related activities on a continuous basis.
Other sets by this creator