ACC 3510 Chapter 15: Monitoring and Auditing AIS
access points and stations.
A wireless network is comprised of two fundamental architectural components: access points and stations.
audit evidence
Computer-assisted audit techniques enable auditors to gather and analyze audit evidence to test the adequacy and reliability of financial information and internal controls in a computerized environment.
technical controls.
Security controls for wireless networks can be categorized into three groups: management, operational, and technical controls.
White
To use the White-box approach to audit systems, auditors need to understand the internal logic of the system/application being tested.
continuous auditing
With continuous auditing, theoretically, an audit report/opinion can be issued simultaneously with, or shortly after, the occurrence of the events under review.
eavesdropping
A type of attack called eavesdropping could be described as the attacker passively monitors wireless networks for data, including authentication credentials.
False
True or false: A local area network is a group of computers, printers, and other devices connected to the same network and covers a large geographic range such as a city, a county, or a state.
True
True or false: Common benefits of using wireless technology include mobility, rapid deployment, and flexibility and scalability of a network.
Wide Area network
A Wide Area network (WAN) links different sites together; transmits information across geographically dispersed networks; and covers a broad geographic area such as a city, region, nation, or an international link.
Misappropriation
A common security threat, Misappropriation, is that the attacker steals or makes unauthorized use of a service.
Blank 1: continuous Blank 2: audit
A continuous audit occurs when audit-related activities are performed on a continuous basis.
data warehouse
A data warehouse is a centralized collection of firm-wide data for a relatively long period of time.
local Area Network
A local Area Network (LAN) is a group of computers, printers, and other devices connected to the same network and covers a limited geographic range such as a home, small office, or a campus building.
confidentiality Communication cannot be read by unauthorized parties. integrity Detect any intentional or unintentional changes to the data during transmission. availability Devices and individuals can access a network and its resources whenever needed. access control Restrict the rights of devices or individuals to access a network or resources within a network.
Common security objectives for both wired and wireless networks include: confidentiality, integrity, availability, and access control. Select the correct explanation for each term. Drag and drop application. confidentiality confidentiality drop zone empty. integrity integrity drop zone empty. availability availability drop zone empty. access control
test data technique uses a set of input data to validate system integrity parallel simulation attempts to simulate the firm's key features or processes integrated test facility enables test data to be continually evaluated during the normal operation of a system
Find proper definitions of techniques for white-box approach in auditing systems. Drag and drop application. test data technique test data technique drop zone empty. parallel simulation parallel simulation drop zone empty. integrated test facility
Blank 1: confidentiality Blank 2: integrity Blank 3: availability
General security objectives for both wired LANs and wireless LANs include: confidentiality, integrity, availability, and access control.
To provide corporate access to the Internet To link various sites within the firm To provide remote access to employees or customers
Identify the main purposes for a wide area network (WAN). To provide corporate access to the Internet To ensure secured access from each office in different cities To link various sites within the firm To provide remote access to employees or customers
parallel simulation
In auditing information systems, auditors use parallel simulation to verify the firm's key features or processes. Under this approach, the auditors write a computer program to reprocess the firm's actual data for a past period to generate simulated results.
a shared collection of logically related data that meets the information needs of a firm
In our electronic world, all or most accounting records are stored in a database. A database is: a centralized repository that collects data from the beginning of a company's operation until today a file with big data collected from various sources inside and outside a company a shared collection of logically related data that meets the information needs of a firm
database
In today's electronic world, most accounting records are stored in a database.
LAN hubs LAN switches VPN access points VPN stations WAN firewalls WAN routers
Match the devices used in each type of networks. Drag and drop application. LAN LAN drop zone empty. LAN LAN drop zone empty. VPN VPN drop zone empty. VPN VPN drop zone empty. WAN WAN drop zone empty. WAN
Convenient online access without a physical network using cables for connections Freely setting up or removing wireless networks at different locations
Select the benefits of using wireless technology. Convenient online access without a physical network using cables for connections Freely setting up or removing wireless networks at different locations Secured data transmission using a wireless network
It is also called auditing around the computer.
Select the correct statement regarding the black-box approach in auditing systems. It is also called auditing around the computer. Auditors must have detailed knowledge of the systems' internal logic. Reason: Auditors do not need to gain detailed knowledge of the systems' internal logic. The systems are often interrupted for auditing purposes. Reason: The systems are not interrupted for auditing purposes.
rogue
The attacker of a wireless network sometimes uses a rogue access point to set up an unsecured wireless network near the enterprise with an identical name and to intercepts any messages sent by unsuspecting users that who log onto it.
data warehouse
The data in a data warehouse are pulled periodically from each of the operational databases (ranging from a couple of times a day to once a year) and often maintained for 5 to 10 years.
Blank 1: embedded Blank 2: audit
The embedded audit module is a programmed audit module that is added to the system under review. Hence, the auditors can monitor and collect data over online transactions. The collected data are analyzed by auditors in evaluating control risks and effectiveness.
integrated test facility
The integrated test facility (ITF) approach is an automated technique that enables test data to be continually evaluated during the normal operation of a system. The auditor creates fictitious situations and performs a wide variety of tests over the system.
operating
The operating system is the most important system software because it performs the tasks that enable a computer to operate.
allocate computer resources to users and applications. control the flow of multiprogramming. ensure the integrity of the system.
The operating system performs the tasks that enable a computer to operate. It is comprised of system utilities and programs that: allocate computer resources to users and applications. control the flow of multiprogramming. ensure the integrity of the system. it is the main function in managing a database.
automated audit techniques
The term "computer-assisted audit techniques (CAATs)" refers to any automated audit techniques that can be used by an auditor to perform audits or achieve audit objectives.
test data
The test data technique uses a set of input data to validate system integrity in auditing a system. When creating the test data, auditors need to prepare both valid and invalid data to examine critical logics and controls of the system.
validate
To audit a system, auditors use the test data technique to validate system integrity. When creating the test data, auditors need to prepare both valid and invalid data to examine critical logics and controls of the system.
parallel
Under the parallel simulation approach, the auditors write a computer program to reprocess the firm's actual data for a past period to generate simulated results to audit the system.
Continuous auditing is to perform audit-related activities on a continuous basis. Testing in continuous audits often consists of continuous controls monitoring and continuous data assurance.
What is continuous auditing? Continuous auditing is to perform audit-related activities on a continuous basis. Testing in continuous audits often consists of continuous controls monitoring and continuous data assurance. Continuous auditing is to automate all audit-related activities.
It is adequate when automated systems applications are relatively simple. It is to audit around the computer. The advantage of this approach is that the systems will not be interrupted for auditing purposes.
What is the black-box approach in auditing systems? Select all statements that apply. It is adequate when automated systems applications are relatively simple. It is to audit around the computer. Auditors must gain detailed knowledge of the systems' internal logic. The advantage of this approach is that the systems will not be interrupted for auditing purposes.
Auditors need to create test cases to verify specific logic and controls in a system. It requires auditors to understand the internal logic of the system/application being tested.
What is the white-box approach in auditing systems? Select all statements that apply. Auditors need to create test cases to verify specific logic and controls in a system. The white-box approach is also called auditing around the computer. It requires auditors to understand the internal logic of the system/application being tested.
A programmed module added to the system so that the auditors can monitor and collect data over online transactions.
Which of the statements below best defines an embedded audit module? A module in which the auditors create fictitious situations and perform a wide variety of tests over the system. A test data technique that enables test data to be continually evaluated during the normal operation of a system. Reason: The integrated test facility (ITF) approach is an automated technique that enables test data to be continually evaluated during the normal operation of a system. The auditor creates fictitious situations and performs a wide variety of tests over the system. A parallel simulation module that uses a set of input data to validate system integrity. Reason: The test data technique uses a set of input data to validate system integrity. A programmed module added to the system so that the auditors can monitor and collect data over online transactions.
