BEC 4 Information System and communication 357

A Trojan horse

is an unauthorized program that attaches itself to another legitimate program but does not replicate itself like a virus

interfacing

is communication accross a common boundary, a connecting between two independent, offen different systems; requiring specialized programming

Security software

is computer software that restricts data access to authorized personnel. This access called--logical access because it interprets information (ID and Password)

disaster recovery plan What is the first step?

is designed to smoothly and quickly restore the data processing capability of the organization when there is a disaster; to create a set or responsibilities for the various participants and tasks that are to be included in the plan

Teleprocessing

is electronic movement of data for processing among remote computers or between a CPU and remote devices

Virtual private Network (VPN) 虚拟专用网；

uses the internet to provide secure remote access to an organization's network.

Process improvement methodologies

1. identify what the issue is 2. understand more about the issue 3. determine what is causing the issue 4. remediate the issue 5. put into place monitoring and control capabilities to either ensure the issue never occurs again, or to inform the organization if/when the issue does occur again

Management information system

1. management of data in an organized database 2.users do not have to be computer experts to realize benefits 3.not based on computers, consist of an organized federation of subsystems rather than a single, highly integrated system.

How to enhance the control structure of a computer opertions department

1. periodic rotation 2. mandatory vacations, 3. controlled access

disaster plans must include all of the following factors

1.a backup for programs and data 2.alternative processing site 3.off-site storage of backup 4. identification of critical applications 5.a method for testing the plan

Activity logging provides

1.cutoff controls=reduce recording transactions in wrong period 2.redundant hardware is control over hardware malfunction 3. transaction error logging control transactions rather than user terninal activity

integrated test facility

A company may process most of its business transactions through an electronic data processing (EDP) system. In such case, the controls over the processing must be adequate to safeguard assets and provide reliability in the output produced. One of the methods of testing the controls over the processing is with an

Repeaters

Strengthen signal strength

digital signatures

authenticate the ifentity of the other party sending a messafe and the validity of the electronic trasmission

internally encrypted passwords are

a form of access control designed to prevent unauthorizes access by use of a utility program to identity passwords,

The basis for user-to-data authorization technique:

access to data controlled by restricting specific files is a job-to-data authorization technique; access to data controlled by resticting specific terminals to specific application is a terminal-to-data authorization trchnique; the use of access software alone does not address all access security risks.

System software

act on the instruction provided in application programs=manipulateapplication programs

preventive control

aim to eliminate problems before they occur. --

EDI电子数据交换

allows exchanges between entities because they are based on a standard, EDI related to the data and not to hoe the data is programmed.

Electronic funds transfer (EFT)

allows transactions to take place more directly and with fewer interventing steps, there is less chance of human error. This can result in a reduction in frenquency of data-entry errors. EFT actually reduced the paper audit trail, although there are methods of monitoring and audit such transaction at the time they occur. EFT may actually requires stronger access controls due to the fact that fewer controls and reviewa take place during the eletronic processing of the transaction.

Hot site vs cold site

an alternative backup location for recovery of a company's data in the event of a disaster could be a facility designated as either a hot site or cold site. Cold site--having duplicate hardware delivered to the backup location Hot site--the duplicate hardward and configured software配置成软件 would already be onsite at the location.

A denial-of-sevice attack is

an attempt to make a machine or network resource unavaliable by saturating the target server with requests so it cannot respind to legitimate traffic because of server 拒绝服务攻击是企图使机器或网络资源饱和，目标服务器请求不应对合法的交通因为服务器过载不可用。

validity check

an edit test in which an identification number or transaction code is compares with a table of valid identification numbers or codes maintained in computer memory

the system development cycle consist of

analysis, conceptual design, detailed design, implementation and operation.

what risk that is condifered unique to end user computer system development

application that are difficult to integrate with other information systems

canned Service program

are applicatio programs that can be called in by the user;s programs to perform some common subordinate function.=canned programs.

service programs

are applications programs that can be called in by the user's programs to perform some common, subordinate function. they are somethings referred to as "canned" programs.

log-on password

are familiar passwords commonly used to gain inital access to a system or network

backup procedures

are intenfed to prevent the recovery process from introducing any erroneous changes into the system after computer failure

control totals

are used to assure that all transactions are processed

Sequence Checks

are used to ensure the completeness of input or update data by checking the use of preassigned document serial numbers

Passwords

are used to prevent unauthorized to an information system. If passwords are required, it minimizes the chance of an intruder accessing sensitive data since the firewall will prevent such access.

The best apporach to avoid having th dara center identified as a terririst's target is to establish _________________, by refrain from:

as low a profile as possible for the data center 1 ifentifying the building on the outside as a data center 2 showcasing the data center through glass windows 3 advertising the important role the data center plays in operations

The practice of asking personal questions (DOB, middle name or zip code) is a method of ________the identification of the person proposing to log on to the system

authenticating证明是真实的、可靠的或有效的（ authenticate的现在分词 ）；鉴定，使生效；

Encryption is often used when wire transfers are made between

banks, confidential data are sent by satelite transmission , and financial data are sent over dedicated leased lines

Stakeholder股东; 利益相关者; 赌金保管者

broad term, encompassing all those with an interest in preparing or using the information,

exception report例行情况报告

can be used to control correctness and timeliness of updates , but nor minimize the impact of interruption

software monitor

collect data on the use of various hardware components during a computer run.

Gateways

connect internet computers of dissimilar networks

Bridges

connect physically separate LAN's

integrity ralted to the quality of a datavase, should be______

consistent and sata inputs should conform to a predetermined standard of elements, size, and content.

document =horizontal flowcharts

describe areas of responsibilities such as department arranged horizontally across the chart.

Transaction log

detailed history of the actions executed by a database managment system an da file of the updates made to that system; can use to determine if a change wad made to a previous payment and what wuthorization there was for the change

router

determine the best path for data

operation system =internal operation interface

drives the computer in the most efficient manner; the system supervises the operations of the CPU, I/O functions, translation of assembler and complier languages into machine language, and other support devices.

Key verification

ensures the accuracy of selected fields by requiring a different individual to re-key them.

transaction file

file of original entry, corresponds to manual journal

change management control policies elements are:

formalized channels-requireing and approving changes; proventing unauthorized changes from occurring; no impaire or negatively impact of the other functions ; viability of system as whole; appropriate testing needed before implementation to production environment occurs

a peer to peer network

has all processing done at the same leve with no dedicated file server or mainframe

Running open systmes

increase the number of vendors--decrease average purchase from any one vendor=>decrease discounts from vendors; org can scale their computing facilities to precise size=>no consistent with attempting to achieve economies of scale; reduce reliance on proprietary components专有组件

enterprise resource planning systems

integrate all aspects of a company's operations with its information system. By combing financial and nonfinancial information, the entity can be more flexible and responsive while having more information avaliable for decision making,

data file security

intended to prevent unauthorized changes to data files

Spoofing

involves e-mail with an incorrect address of the sender so as to fool the recipient into providing sensitive information either in a return e-mail or by a link to a web page designed to look like the legitimate page, but which provides information to the 欺骗涉及电子邮件的发送者地址不正确从而欺骗收件人提供敏感信息或在回复电子邮件或链接到一个网页设计看起来像合法的页面，但它提供的信息的人

data processing cycle (DPC)

is "input-processing-output." A listing of components of the DPC should include, as a minimum, these three components. The correct answer substitutes the term "collection" for "input." Refinement refers to classifying and/or batching. Maintenance refers to processing-related operations such as calculation and storage.

use of internal lables for all programs

is a control intended for program identification to preclude the use of the wrong program

Distributed data processing

is a network of interdependent computers where certain functions are centralized and other functions are decentralized and processing is shared among two or more computers. In a distributed data processing network, each computer can also process its own data. Distributed data processing is an alternative to both centralization and decentralization.

maintaining a duplication set of programs

is a procedure to insure against loss or destruction of original programs.

Change control

is a process of modifying application software, including requesting a change, reviewong the effectiveness of the change, approving the change, and implement application code.

password hierachy

is a system of passwords designed in such a manner as to allow differing degrees of access to file manipulation activities.

COBIT

is an intergrated framework for internal control for information technology systens. It assists with the design and implementation of control activities for 34 processes and four domains using information technology resources (such as applications and people) that help ensure business goals and requirements (such as confidentiality and reliability) are met.

Intranet

is an internal version of the internet, can be accessed using conventional hardward and software that are works with the World Wide Web (internet); separated from the internet by a firewall

Eavesdropping

is monitoring transmissions to acquire unauthorized information.

Tansmission Control Protocol/Internet Protocol

is the basic communication language or protocol of the internet that may also by used as communication protocol in private networks such as intranets; the messafe of a file are assembled into smaller packers that are sent over the internit and received by the TCP layer that reassembles the packets into the original message.

Transaction file

is the file of original entry and hence, corresponds to manual journal.

Piggybacking

is the interception of legitimate communications between a computer system and the user, then modifying them or substituting new messages.世界是一个计算机系统和用户之间的合法侦听，然后修改或替换新的消息。

Electronic data interchange

is used to electronically transfer information between and within organization computers. costly, standard service; convert data from the usual format to the acceptable to EDI system

decision table

is useful in building logical models; alternative logic conditiona and actions to be taken in a program

A risk that relateds to all computing environments

lack of adequate utility programs

examples of internal checks are as follows:

limit check--identifies if data have a value higher or lower than a predetermined amount; identification--data if valid sequence checks-check sequencing; error log--up to date log of all identified errors; transaction log-provides basic audit trail; arithmetic proof-calculation in order to validate the result

public-switched networka are open to the general public and offer the __________ level of security.

loewst

database management system

manages and controls data and the interface between data and the application programs. is designed to make it easier to develop new applications and allows users to change the way they view data without changing hoe the data are stored physically.

The implementation phase of an accounting software application would included

obtaining and installing hardware, documenting user procedures, training users, and entering and verifying test data.r

detective controls

occur after the fact. the goal-catch problems that cannot be eliminated by preventive controls.

system flowchart

overall view of the inputs, processes and outputs of an informantion system; designed to picture(portray) the path of data as it moves through an information system

Firewall

prevents outsiders and employees from gaining unauthorized access to a system while allowing permitted communications with other networks,.

Gantt Charts are used in

prodution scheduling

assemnly language

programming languae in which each machine language instruction is represented by mnemonic characters; it is a symbolic language

real time system is characterized by online files

prompt input from users, an extensive communication network, random access and immediate update. low-level language

The operating system and language translator programs are permanently stored in the

read only memory-prevent these important programs from being accidentally altered or deleted.

checkpoint-restart procedure

recover from hardward errors; periodic copying of the results of a program prior to its actual completion. the copy is written to secondary storage for use in restarting a program, should there be an interruption in the operation of the hardward devices. restart is initiated from the most current checkpoint, rather than at the begging of the program.

the primary purpose of database managment system

reduce data redundancy

Telecommuting

refers to the ability of a user to be in contract and communication with a central office from a remote location, usually with reference to " working ar home"

Establishing physical library controls is designed to

restrict access to offline programs

computer matching entails checking计算机匹配需要检查

selected fields of input data with information held in a suspense or master file.

implementation =installing computer system includes

selecting and installing the quipment, traning personnel, establishing operating polices, getting software onto the system and functioning proerly

Multiprocessing

simultaneous execution of 2 or more tasks, usually by using 2 or more processing units that are part of the same system (with a single central memory)

Multiprogramming

simultaneous execution of tow programs as a single processing unit switches back and forth between the programs.

A value-added network (VAN) provides

specialized hardware, software adn lont distance communication to private networks so that they can exchange date.--add value to the basic data communications process by handling the difficult task of interfacing with multiple types of hardware and software used by different parties.

E-cash

such as bitcoins, are annonymous and allow payment for purchases form websites

Linked list has a pointer field which displays _____

the address of the next record in the list

fail-soft protection故障软保护

the capability to continue processing at all sites except a nonfunctioning one

Security dependent upon

the comtrols over the issuance of user IDs and user authentication is the key to enforcing personal accountability在用户ID和用户认证的发行点是强化个人责任的关键

Application controls refer to

the transactions and data relating to each computer-based application system and are specific to each process

application control 应用控制

transactions and data relating to each computer-based application system, specific to each such application. objectives-ensure the completemness and accuracy of the records and the validity of the entires made therein consist--input controls, processing controls, and output controls.

Virtual private network

uses the internet to provide secure remote access to an org's network

simulation

used as an auditing tool in testing transaction processing systems

edit programs

used to examine selected fields of input data and to reject those transactions ( or other types of data input) whose data fields do not meet preestablished standards of data quality.

Online access controls are essetial in controlling access to and operation of modern computer systems, these controls include:

user code #--restrict access to only authorized users passwords--second barrier for access after user code # lists of files and programs along with lists of the type and extent of access a user is entitled to have to those files and programs.

Automatic log-off inactive users

would help to prevent unauthrized access to senstitive data displayed on an unattended terminal.

Cryptographic device

在通信线路上保护数据的加密装置。 protect data in transmission over communication lines.