BEC 4 Information System and communication 357
A Trojan horse
is an unauthorized program that attaches itself to another legitimate program but does not replicate itself like a virus
interfacing
is communication accross a common boundary, a connecting between two independent, offen different systems; requiring specialized programming
Security software
is computer software that restricts data access to authorized personnel. This access called--logical access because it interprets information (ID and Password)
disaster recovery plan What is the first step?
is designed to smoothly and quickly restore the data processing capability of the organization when there is a disaster; to create a set or responsibilities for the various participants and tasks that are to be included in the plan
Teleprocessing
is electronic movement of data for processing among remote computers or between a CPU and remote devices
Virtual private Network (VPN) 虚拟专用网;
uses the internet to provide secure remote access to an organization's network.
Process improvement methodologies
1. identify what the issue is 2. understand more about the issue 3. determine what is causing the issue 4. remediate the issue 5. put into place monitoring and control capabilities to either ensure the issue never occurs again, or to inform the organization if/when the issue does occur again
Management information system
1. management of data in an organized database 2.users do not have to be computer experts to realize benefits 3.not based on computers, consist of an organized federation of subsystems rather than a single, highly integrated system.
How to enhance the control structure of a computer opertions department
1. periodic rotation 2. mandatory vacations, 3. controlled access
disaster plans must include all of the following factors
1.a backup for programs and data 2.alternative processing site 3.off-site storage of backup 4. identification of critical applications 5.a method for testing the plan
Activity logging provides
1.cutoff controls=reduce recording transactions in wrong period 2.redundant hardware is control over hardware malfunction 3. transaction error logging control transactions rather than user terninal activity
integrated test facility
A company may process most of its business transactions through an electronic data processing (EDP) system. In such case, the controls over the processing must be adequate to safeguard assets and provide reliability in the output produced. One of the methods of testing the controls over the processing is with an
Repeaters
Strengthen signal strength
digital signatures
authenticate the ifentity of the other party sending a messafe and the validity of the electronic trasmission
internally encrypted passwords are
a form of access control designed to prevent unauthorizes access by use of a utility program to identity passwords,
The basis for user-to-data authorization technique:
access to data controlled by restricting specific files is a job-to-data authorization technique; access to data controlled by resticting specific terminals to specific application is a terminal-to-data authorization trchnique; the use of access software alone does not address all access security risks.
System software
act on the instruction provided in application programs=manipulateapplication programs
preventive control
aim to eliminate problems before they occur. --
EDI电子数据交换
allows exchanges between entities because they are based on a standard, EDI related to the data and not to hoe the data is programmed.
Electronic funds transfer (EFT)
allows transactions to take place more directly and with fewer interventing steps, there is less chance of human error. This can result in a reduction in frenquency of data-entry errors. EFT actually reduced the paper audit trail, although there are methods of monitoring and audit such transaction at the time they occur. EFT may actually requires stronger access controls due to the fact that fewer controls and reviewa take place during the eletronic processing of the transaction.
Hot site vs cold site
an alternative backup location for recovery of a company's data in the event of a disaster could be a facility designated as either a hot site or cold site. Cold site--having duplicate hardware delivered to the backup location Hot site--the duplicate hardward and configured software配置成软件 would already be onsite at the location.
A denial-of-sevice attack is
an attempt to make a machine or network resource unavaliable by saturating the target server with requests so it cannot respind to legitimate traffic because of server 拒绝服务攻击是企图使机器或网络资源饱和,目标服务器请求不应对合法的交通因为服务器过载不可用。
validity check
an edit test in which an identification number or transaction code is compares with a table of valid identification numbers or codes maintained in computer memory
the system development cycle consist of
analysis, conceptual design, detailed design, implementation and operation.
what risk that is condifered unique to end user computer system development
application that are difficult to integrate with other information systems
canned Service program
are applicatio programs that can be called in by the user;s programs to perform some common subordinate function.=canned programs.
service programs
are applications programs that can be called in by the user's programs to perform some common, subordinate function. they are somethings referred to as "canned" programs.
log-on password
are familiar passwords commonly used to gain inital access to a system or network
backup procedures
are intenfed to prevent the recovery process from introducing any erroneous changes into the system after computer failure
control totals
are used to assure that all transactions are processed
Sequence Checks
are used to ensure the completeness of input or update data by checking the use of preassigned document serial numbers
Passwords
are used to prevent unauthorized to an information system. If passwords are required, it minimizes the chance of an intruder accessing sensitive data since the firewall will prevent such access.
The best apporach to avoid having th dara center identified as a terririst's target is to establish _________________, by refrain from:
as low a profile as possible for the data center 1 ifentifying the building on the outside as a data center 2 showcasing the data center through glass windows 3 advertising the important role the data center plays in operations
The practice of asking personal questions (DOB, middle name or zip code) is a method of ________the identification of the person proposing to log on to the system
authenticating证明是真实的、可靠的或有效的( authenticate的现在分词 );鉴定,使生效;
Encryption is often used when wire transfers are made between
banks, confidential data are sent by satelite transmission , and financial data are sent over dedicated leased lines
Stakeholder股东; 利益相关者; 赌金保管者
broad term, encompassing all those with an interest in preparing or using the information,
exception report例行情况报告
can be used to control correctness and timeliness of updates , but nor minimize the impact of interruption
software monitor
collect data on the use of various hardware components during a computer run.
Gateways
connect internet computers of dissimilar networks
Bridges
connect physically separate LAN's
integrity ralted to the quality of a datavase, should be______
consistent and sata inputs should conform to a predetermined standard of elements, size, and content.
document =horizontal flowcharts
describe areas of responsibilities such as department arranged horizontally across the chart.
Transaction log
detailed history of the actions executed by a database managment system an da file of the updates made to that system; can use to determine if a change wad made to a previous payment and what wuthorization there was for the change
router
determine the best path for data
operation system =internal operation interface
drives the computer in the most efficient manner; the system supervises the operations of the CPU, I/O functions, translation of assembler and complier languages into machine language, and other support devices.
Key verification
ensures the accuracy of selected fields by requiring a different individual to re-key them.
transaction file
file of original entry, corresponds to manual journal
change management control policies elements are:
formalized channels-requireing and approving changes; proventing unauthorized changes from occurring; no impaire or negatively impact of the other functions ; viability of system as whole; appropriate testing needed before implementation to production environment occurs
a peer to peer network
has all processing done at the same leve with no dedicated file server or mainframe
Running open systmes
increase the number of vendors--decrease average purchase from any one vendor=>decrease discounts from vendors; org can scale their computing facilities to precise size=>no consistent with attempting to achieve economies of scale; reduce reliance on proprietary components专有组件
enterprise resource planning systems
integrate all aspects of a company's operations with its information system. By combing financial and nonfinancial information, the entity can be more flexible and responsive while having more information avaliable for decision making,
data file security
intended to prevent unauthorized changes to data files
Spoofing
involves e-mail with an incorrect address of the sender so as to fool the recipient into providing sensitive information either in a return e-mail or by a link to a web page designed to look like the legitimate page, but which provides information to the 欺骗涉及电子邮件的发送者地址不正确从而欺骗收件人提供敏感信息或在回复电子邮件或链接到一个网页设计看起来像合法的页面,但它提供的信息的人
data processing cycle (DPC)
is "input-processing-output." A listing of components of the DPC should include, as a minimum, these three components. The correct answer substitutes the term "collection" for "input." Refinement refers to classifying and/or batching. Maintenance refers to processing-related operations such as calculation and storage.
use of internal lables for all programs
is a control intended for program identification to preclude the use of the wrong program
Distributed data processing
is a network of interdependent computers where certain functions are centralized and other functions are decentralized and processing is shared among two or more computers. In a distributed data processing network, each computer can also process its own data. Distributed data processing is an alternative to both centralization and decentralization.
maintaining a duplication set of programs
is a procedure to insure against loss or destruction of original programs.
Change control
is a process of modifying application software, including requesting a change, reviewong the effectiveness of the change, approving the change, and implement application code.
password hierachy
is a system of passwords designed in such a manner as to allow differing degrees of access to file manipulation activities.
COBIT
is an intergrated framework for internal control for information technology systens. It assists with the design and implementation of control activities for 34 processes and four domains using information technology resources (such as applications and people) that help ensure business goals and requirements (such as confidentiality and reliability) are met.
Intranet
is an internal version of the internet, can be accessed using conventional hardward and software that are works with the World Wide Web (internet); separated from the internet by a firewall
Eavesdropping
is monitoring transmissions to acquire unauthorized information.
Tansmission Control Protocol/Internet Protocol
is the basic communication language or protocol of the internet that may also by used as communication protocol in private networks such as intranets; the messafe of a file are assembled into smaller packers that are sent over the internit and received by the TCP layer that reassembles the packets into the original message.
Transaction file
is the file of original entry and hence, corresponds to manual journal.
Piggybacking
is the interception of legitimate communications between a computer system and the user, then modifying them or substituting new messages.世界是一个计算机系统和用户之间的合法侦听,然后修改或替换新的消息。
Electronic data interchange
is used to electronically transfer information between and within organization computers. costly, standard service; convert data from the usual format to the acceptable to EDI system
decision table
is useful in building logical models; alternative logic conditiona and actions to be taken in a program
A risk that relateds to all computing environments
lack of adequate utility programs
examples of internal checks are as follows:
limit check--identifies if data have a value higher or lower than a predetermined amount; identification--data if valid sequence checks-check sequencing; error log--up to date log of all identified errors; transaction log-provides basic audit trail; arithmetic proof-calculation in order to validate the result
public-switched networka are open to the general public and offer the __________ level of security.
loewst
database management system
manages and controls data and the interface between data and the application programs. is designed to make it easier to develop new applications and allows users to change the way they view data without changing hoe the data are stored physically.
The implementation phase of an accounting software application would included
obtaining and installing hardware, documenting user procedures, training users, and entering and verifying test data.r
detective controls
occur after the fact. the goal-catch problems that cannot be eliminated by preventive controls.
system flowchart
overall view of the inputs, processes and outputs of an informantion system; designed to picture(portray) the path of data as it moves through an information system
Firewall
prevents outsiders and employees from gaining unauthorized access to a system while allowing permitted communications with other networks,.
Gantt Charts are used in
prodution scheduling
assemnly language
programming languae in which each machine language instruction is represented by mnemonic characters; it is a symbolic language
real time system is characterized by online files
prompt input from users, an extensive communication network, random access and immediate update. low-level language
The operating system and language translator programs are permanently stored in the
read only memory-prevent these important programs from being accidentally altered or deleted.
checkpoint-restart procedure
recover from hardward errors; periodic copying of the results of a program prior to its actual completion. the copy is written to secondary storage for use in restarting a program, should there be an interruption in the operation of the hardward devices. restart is initiated from the most current checkpoint, rather than at the begging of the program.
the primary purpose of database managment system
reduce data redundancy
Telecommuting
refers to the ability of a user to be in contract and communication with a central office from a remote location, usually with reference to " working ar home"
Establishing physical library controls is designed to
restrict access to offline programs
computer matching entails checking计算机匹配需要检查
selected fields of input data with information held in a suspense or master file.
implementation =installing computer system includes
selecting and installing the quipment, traning personnel, establishing operating polices, getting software onto the system and functioning proerly
Multiprocessing
simultaneous execution of 2 or more tasks, usually by using 2 or more processing units that are part of the same system (with a single central memory)
Multiprogramming
simultaneous execution of tow programs as a single processing unit switches back and forth between the programs.
A value-added network (VAN) provides
specialized hardware, software adn lont distance communication to private networks so that they can exchange date.--add value to the basic data communications process by handling the difficult task of interfacing with multiple types of hardware and software used by different parties.
E-cash
such as bitcoins, are annonymous and allow payment for purchases form websites
Linked list has a pointer field which displays _____
the address of the next record in the list
fail-soft protection故障软保护
the capability to continue processing at all sites except a nonfunctioning one
Security dependent upon
the comtrols over the issuance of user IDs and user authentication is the key to enforcing personal accountability在用户ID和用户认证的发行点是强化个人责任的关键
Application controls refer to
the transactions and data relating to each computer-based application system and are specific to each process
application control 应用控制
transactions and data relating to each computer-based application system, specific to each such application. objectives-ensure the completemness and accuracy of the records and the validity of the entires made therein consist--input controls, processing controls, and output controls.
Virtual private network
uses the internet to provide secure remote access to an org's network
simulation
used as an auditing tool in testing transaction processing systems
edit programs
used to examine selected fields of input data and to reject those transactions ( or other types of data input) whose data fields do not meet preestablished standards of data quality.
Online access controls are essetial in controlling access to and operation of modern computer systems, these controls include:
user code #--restrict access to only authorized users passwords--second barrier for access after user code # lists of files and programs along with lists of the type and extent of access a user is entitled to have to those files and programs.
Automatic log-off inactive users
would help to prevent unauthrized access to senstitive data displayed on an unattended terminal.
Cryptographic device
在通信线路上保护数据的加密装置。 protect data in transmission over communication lines.