Study sets, textbooks, questions
Upgrade to remove ads
AIS Ch15 Terms
Terms in this set (47)
operating system (OS)
Performs the tasks that enable a computer to operate; comprised of system utilities and programs.
operating system functions
ensure integrity of the system
control the flow of multiprogramming and tasks of scheduling in the computer
allocate computer resources to users and applications
manage the interfaces with the computer
operating system control objectives
protect itself from users
protect users from each other
protect users from themselves
protected from itself
protected from its environment
A shared collection of logically related data for various uses.
A term typically used to encapsulate the constructs of a data model, database management system (DBMS), and database.
A collection of information gathered from an assortment of external and operational (i.e, internal) databases to facilitate reporting for decision making and business analysis.
Often includes data for the current fiscal year only.
A process of using sophisticated statistical techniques to extract and analyze data from large databases to discern patterns and trends that were not previously known.
drill-down, consolidation, time-series analysis, exception reports, what-if simulations
The convergence of data quality, data management, data policies, business process management, and risk management surrounding the handling of data in a firm.
local area network (LAN)
A group of computers, printers, and other devices connected to the same network that covers a limited geographic range such as a home, small office, or a campus building.
local area network (LAN)
hubs and switches; packets
Contains multiple ports.
An intelligent device that provides a path for each pair of connections on the switch by storing address information in its switching tables.
MAC (media access control) address
A designated address that is connected to each device via the network and only sees traffic. Related to switches. Each device cannot eavesdrop on network traffic intended for other recipients.
wide area network (WAN)
Links different sites together; transmits information across geographically dispersed LANs; and covers a broad geographic area such as a city, region, nation, or an international link.
wide area network (WAN) 3 main purposes
provide remote access to employees or customers
link two or more sites within the firm
provide corporate access to the internet
wide area network (WAN)
firewalls and routers
Software-based intelligent device that chooses the most efficient communication path through a network to the required destination.
A security system comprised of hardware and software that is built using routers, servers, and a variety of software.
virtual private network (VPN)
Securely connects a firm's WANs by sending/receiving encrypted packets via virtual connections over the public Internet to distant offices, salespeople, and business partners.
Connection to a data-processing system from a remote location—for example, through a virtual private network.
Comprised of two fundamental architectural components: access points and stations.
Logically connects stations to a firm's network.
A wireless endpoint device equipped with a wireless network interface card.
benefits of wireless technology
mobility, rapid deployment, flexibility/scalability
general security objectives for both wired and wireless LANs
confidentiality, integrity, availability, access control
the attacker passively monitors wireless networks for data, including authentication credentials
The attacker actively intercepts communications between wireless clients and access points to obtain authentication credentials and data.
The attacker impersonates an authorized user and gains certain unauthorized privileges to the wireless network
The attacker alters a legitimate message sent via wireless networks by deleting, adding to, changing, or reordering it
the attacker passively monitors transmissions via wireless networks and retransmits messages, acting as if the attacker was a legitimate user
the attacker steals or makes unauthorized use of a service
the attacker passively monitors transmissions via wireless networks to identify communication patterns and participants
rogue access points
the attacker sets up an unsecured wireless network near the enterprise with an identical name and intercepts any messages sent by unsuspecting users who log onto it
management, operational, technical
security controls for wireless networks - 3 groups
assigning roles and responsibilities, creating policies and procedures, conducting risk assessment on a regular basis
Ex - determining which parties are authorized and responsible for installing and configuring access points and other wireless network equipment; types of information that may or may not be sent over wireless networks; and how transmission over wireless networks should be protected, including requirements for the use of encryption and for cryptographic key management
protecting a firm's premise and facilities, preventing and detecting physical security breaches, and providing security training to employees, contractors, or third party users
Ex - define and document security roles and responsibilities; terms and conditions of employment; awareness training and updates
security controls that are primarily implemented and executed through mechanisms contained in computing-related equipment, including access point management and encryption setup. change default configuration of all access points (SSID, admin credentials, radio signal strength, remote web-based configuration, internet protocol)
computer-assisted audit techniques (CAATs)
Essential tools for auditors to conduct an audit in accordance with heightened auditing standards.
audit around the computer (or black-box approach)
Auditors test the reliability of computer-generated information by first calculating expected results from the transactions entered into the system. Then, the auditors compare these calculations to the processing or output results.
audit through the computer (or white-box approach)
Requires auditors to understand the internal logic of the system/application being tested.
test data technique
Uses a set of input data to validate system integrity.
Attempts to simulate the firm's key features or processes.
integrated test facility (ITF)
An automated technique that enables test data to be continually evaluated during the normal operation of a system.
embedded audit module (EAM)
A programmed audit module that is added to the system under review.
generalized audit software (GAS)
Frequently used to perform substantive tests and used for testing of controls through transactional data analysis.
mathematical computations, stratification, statistical analysis, sequence checking, duplicate checking, recomputation
Performing audit-related activities on a continuous basis.
Other sets by this creator
Inverse Trig Graphs and Hyperbolic Funct…
AIS Ch 13-15 Terms
AIS Ch14 Terms
AIS Ch 13 Terms
Other Quizlet sets
Midterm Brit Lit FALOCCO
U5L9: Legacies Review
Ch 2 Fund Accounting