Help
Options
Didn't know it?
click below
click below
Knew it?
click below
click below
Don't Know
Remaining cards (0)
Know
retry
shuffle
restart
0:00
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
INMT 540
Final Notes
| Question | Answer |
|---|---|
| Penetration testing (pen testing) | a security exercise where a cyber-security expert attempts to find and exploit vulnerabilities in a computer system |
| Change Management | a systematic approach to dealing with the transition or transformation of an organization's goals, processes or technologies. |
| Configuration Management | hardening, the process of maintaining systems, such as computer hardware and software, in a desired state |
| What is a router? | device that analyzes the contents of data transmitted within a network. (internal and external) knows where it is going. |
| What is a firewall? | something that can block certain data from certain places. Can still let relevant data pass through. |
| What is DMZ? | Demilitarized Zone. A host or network that acts as a secure and intermediate network or path between an organizations network. |
| What is the difference between architecture and infrastructure? | Architecture is the blueprint, infrastructure is the physical components. |
| What is blockchain? | a distributed ledger, chain of block of data with a bunch of transactions in it. |
| How do you tell if your hash has been messed with? | Take hash of previous block and put it in the new block and if the hash has changed at all you can tell it has been tampered with and can trace back to the block it came from. |
| What is hashing? | 1 way function that gives an output and any different input gives a different output. |
| What is encryption and how do keys factor in? | The process of translating data into a secret format so that only authorized parties can understand the information. A public key is used to encrypt data while a private key is used to decrypt data. |
| What does ACH stand for? | automated clearing house |
| What is the CIA? | Information security objectives. Stands for Confidentiality, Integrity, and Availability. |
| Minus CIA what are the information security objectives? | Authentication (ID and confirm individual) and nonrepudiation (ability not to deny) |
| Recovery point objective | the maximum acceptable amount of data loss measured in time. The age of the files or data in backup storage required to resume normal operations if a computer system or network failure occurs |
| what is a switch? | high speed device that receives incoming data packets and redirects them to their destination on a LAN |
| what is a modem? | network device that both modulates and demodulates analog carrier signals for encoding and decoding digital information for processing |
| what is a hub? | hardware device that relays communication data |
| What is a distributed network architecture? | spread over different networks |
| what is a decentralized network architecture? | a network configuration where there are multiple authorities that serve as a centralized hub for subsection of participants. |
| Recovery time objective | max desired length of time allowed between an unexpected failure or disaster and the resumption of normal operations and service levels. Defines the point in time after failure or disaster at which the consequences of the interruption become unacceptable |
| Atomicity | a feature of databases systems dictation where a transactions must be all-or-nothing. Either it fully happened or did not happen at all |
| Incremental Backup | backs up only the changed data but only backs up the data that has been changed since last backup whether it was a full backup or incremental backup. |
| Differential Backup | backs up only the files that changed since the last full backup |
| RFID | Radio frequency identification, technology transmits signals that identify the item to which it is affixed. |
| TCP/IP | Transmission control protocol enables 2 hosts to establish a connection and exchange streams of data. Guarantees delivery of data, IP protocol deals with packets |
| Schema on write | database storage that has given way to newer ideas applied to more sophisticated systems |
| What is CMMI? | Capability and maturity model integration |
| Schema on read | an innovative data analysis strategy in new data-handling tool, data is applied to a plan or schema as it is pulled out a stored location |
| Checkpoint | good point from which the SQL server database engine can start applying change contained in the log during recovery after an unexpected shutdown or crash |
| What is risk tolerance? | tolerable deviation from risk appetite. |
| What is Risk? | A measure of potential loss or damage when a threat exploits a vulnerability. |
| What are the components of risk? | Likelihood- probability. Impact-consequences that come if event happens (loss). Threat-a event/condition that has potential for causing loss or undesirable consequence. Vulnerability-weakness, flaw, or error that exposes entity to threats. |
| What is a risk appetite? | risk appetite: amt of risk client finds acceptable to absorb. |
| What are the risk response strategies? (risk disposition) | Risk avoidance: eliminate risk by eliminating cause. Risk reduction/mitigation: actions taken to reduce risk. Risk sharing/transfer: share/transfer w/ to someone else. has a cost. Risk acceptance (retention): no action taken loss accepted. |
| What is risk capacity | amount of risk client is able to absorb. |
| What are the key steps in risk management? | ID risks, assess risks, have system in place, document and report, implement measure to control, review procedures and processes. |
| What are the 3 types of controls? | detective, preventative, corrective |
| Internal controls has IT controls and what else? | General controls and application controls. |
| What are the layers called? What are they for? | Defense and depth. Protect computer system with a series of defensive mechanisms. |
| What is the difference between physical and logical access? | Physical is hands-on, on-site access in physical place. Logical is interactions with hardware through remote access. |
| What is access control and what are the 2 steps in it? | Limiting access to system or resource. Authentication and Authorization are the steps. |
| What is authentication? | Check that you are who you say you are. You can do so with something you have (phone), know (password), or are (thumbprint) and with your location. |
| What is authorization? | tell you what you can do in the system. This is things like read only, edit, etc. |
| What is Identity and Access management (IAM) and what are the 3 steps? | process to grant/deny employees and authorization to use system resources. critical building block of computer security. 1. Identify: who are you? 2. Authenticate 3. Authorize: comes last |
| What is the key component of identity management vs access management? | Identity management: authentication. Access management: authorization. |
| What is endpoint device? | Something that exists at the end of a network connection |
| Transmission protection protects what? | information as it travels from one destination to another. |
| What is a smart contract? | Contract that has code embedded into it, control what block chains do/what behaviors there are. |
| What is cloud-computing? What are the cloud deployment models? | service model that allows IT customers to obtain computing resources over internet. Public: access to authorized subs. Private: restrict access. Community: shared w/ 2 or more orgs. Hybrid: at least 2 cloud service providers. Ex. google drive, AWS |
| Machine learning vs natural language processing? | Machine Learning: subset of AI that builds algorithm to ID patterns and relationships in data. Natural Language Processing: Ability of a computer program to understand spoken and written human language. |
| What is edge computing? | distributed network architecture that processes data as closes to its source as possible (the edge) to decrease bandwidth and network latency. Ex. autonomous vehicles |
| What is IoT and what goes into? | everyday physical objects being connected to the internet and being able to ID themselves to other devices. send and receive data. Sensors (gather info and convert to data), actuators(take data and affect environment) |
| What is quantum computing? | area of R&D that focuses on how to use unique properties of quantum mechanics to perform math calculations faster and solve computer problems more efficiently than currently possible. Ex. AI, cybersecurity, drug development |
| What are the original 3 cloud service models? | SaaS PaaS IaaS |
| What is EDI? | Electronic data interchange, 1 computer talking to another computer. Supports B2B integration. More efficient, accurate and timely. |
| Referential integrity | relational data in database tables has to be universally configurable so that changes in one part of the system dont lead to unanticipated problems elsewhere |
| RAID | redundant array of independent disks, a storage device that uses multiple disks to provide fault tolerance, improve overall performance, and increase storage capacity |
| what is schema on read vs schema on write? | Schema on read: unstructured data, big data, collected and just let go for later. Schema on write: need to have data in a certain way so you can map it to a certain type. |
| OLAP (online analytical processing) | online analytical processing, a category of software for performing multidimensional analysis at high speeds on large volumes of business data from a data warehouse |
| OLTP (online transaction processing) | online transactional processing, a category of data processing that is focused on transaction-oriented tasks |
| ERP (enterprise resource planning) | collection of management software that integrates businesses in managing different functions like product planning, procurement, inventories, supplier, customer service, sales, marketing, accounting, and order tracking into a cohesive database |
| CRM (customer relationship management) | strives to enhance the relationship with customers-sales, service, and marketing |
| SCM (supply chain management) | strives to facilitate the collaboration between the organization and its suppliers, manufacturers, distributors, and other partner |
| SRM ( supplier relationship management) | strives to streamline and improve processes between a buyer and its suppliers |
| Risk exposure | potential loss from a vulnerability |
| Issues with siloed strategy: | lack of communication multiple plans address same risk teams may not be aware of risks relevant to them no easy way to prioritze risk |
| Decomposition | figure out what needs to be done and then breaking into smaller parts |
| Abstraction | process of representing the most important parts of something without including complex background info or details |
| Redundancy | condition created within a database or data storage tech where piece of data is stored in 2 separate places. |
| Object | programming constructs that have data, behavior, and identity |
| Property | an attribute to which coders assign a value |
| Method | a stored piece of code that contains an action that an object "knows" to perform |
| Class | template or blueprint for creating objects |
| Collection | way to refer to and use a group of objects |
| Events | actions that are triggered by the user, other objects, and operating systems |
| Limit check | data shouldnt exceed predetermined amount |
| Sequence check | control number follows sequentially and any sequence or duplicated control numbers are rejected or noted on an exception report for follow up purposes. |
| Range check | data should be within a predetermined range of values |
| Validity check | programmed checking of the data validity in accordance with predetermined criteria. |
| Reasonableness check | input data are matched to predetermined acceptable limits or “typical/expected” occurrence rates |
| Table lookups | input data comply with predetermined criteria maintained in computerized table of possible values |
| Key verification | the keying process is repeated by a separate individual using a machine that compares the original keystrokes to the repeated keyed input. |
| Duplicate check | new transactions are matched to those previously input to ensure that they have not already been entered. |
| Check digit | a numeric value that has been calculated mathematically is added to data to ensure that the original data have not been altered or an incorrect but valid value substituted. |
| Completeness check | checks if a field should always contain data rather than 0s and blanks. A check of each byte of that field should be performed to determine that some form of data |
| Existence check | data are entered and agree with valid predetermined criteria |
| Logical relationship check | determines the correctness of the logical relationship between data items. If a particular condition is true, then one or more additional conditions or data input relationships may be required to be true to consider the input valid. |
| Field (data type) check | use logic to determine if the characters in a field are of the proper data type or size based on field specifications. |
| Sign check | use logic to determine if the data in a field has the appropriate arithmetic sign. |
| Zero-balance test | use logic to verify that the balance fulfills a requirement that the account balance is zero after all entries have been posted. If balance on hand at end of data is not 0, further action is required. |
| SOC attestation reports include: | independent auditors opinion management assertion management representation letter |
| SOC 1 Type 1 | Report on controls at a service organization relevant to user entities’ internal control over financial reporting as of the time of the review (i.e., a point in time). |
| SOC 1 Type 2 | Report on controls at a service organization relevant to user entities’ internal control over financial reporting throughout a specified period of time (i.e., minimum of 9 months with partner discretion; normally 12 months, performed annually). |
| SOC 1 objectives | provide reasonable assurance that: payments processed are authorized, accurate, and timely data processing is resilient to failure policies and procedure established |
| SOC 2 Common Criteria | Security is the minimum baseline Control environment Communication and information Risk assessment Monitoring activities Control activities Logical and physical access System operations Change management Risk mitigation |
| Internal control layers | depth and defense |
| DAC | Discretionary access controls, you can control whatever you want |
| MAC | mandatory access control, most strict |
| RBAC | role based access control, user vs admin in a computer |
| ABAC | attribute based access control, dynamic user, environment or resource attributes |
| Static Packet Inspection | Look at the header |
| Stateful Packet Inspection | Looks at same as static but also looks to see if it is valid and if it going to the right place |
| Depacket Inspection | X-ray everything in the packet, most expensive |
| WLAN WAP | wireless local area network wireless access point |
| Configuration management | hardening, the process of maintaining systems in a desired state |
| Change management | a systematic approach to dealing with the transition or transformation of an organization's goals, processes or technologies. |
| For P2P, what data flows to the general ledger? | record liability, pay liability (cash disbursement), and if not for profit then purchase order due to encumbrance |
| For O2C, what data flows to the general ledger? | billing/invoicing, cash receipt |
| How would O2C change if you own accounts receivable? | we would have to manage it by managing all payments and manage the allowance for doubtful accounts. |
| How will system access alter if I have VMI? | vendor managed inventory, the vendor would have access |
| Should you give sales order access to fulfillment and why? | yes access but not authorization because it allows them to check that things are valid open sales orders |
| Difference between customer order and sales order? | -customer order: come from customer to vendor with what they want -sales order: from vendor and it means they agree to fulfill the order |
| Do we always have quotes? Why do we need them? | No but we use them to get an idea of costs?? [analytics] |
| When does an open request to purchase get closed? | When you send a customer order to the vendor when its filled by a purchase order |
| How does a quote get closed? | it times out or a order is created |
| When does sales order get closed? | when you ship and bill |
| What is ATP and why do we care? | available to purchase/promise. It tells us how much we have available to sell |
| What is the difference between general and specific credit check? | -general credit check: people under credit line with good credit -specific credit check/authorization: credit manager does the checks. Typically for people who want to extend their credit line, have past due balances, and/or new customers |
| What is a back order versus what is stockout? | -backorder: they do not currently have it but will get some soon -stockout: they are just out of stock |
| O2C Segregation of Duties? | Sales order: authorization, picking and packing (fulfillment): custody, billing/invoicing: recordkeeping, cash receipts: custody and recordkeeping |
| P2P segregation of duties? | Purchase order: authorization, receiving: custody, RECOGNIZE liability: recordkeeping, pay liability (cash disbursement): custody and recordkeeping |
| What is the difference between transaction data, master data, and reference data? | -transaction data: balance information, has to do with money -master data: person place or thing information, like employee and customer records -reference data: data that organizes other data |
| When does a sales invoice close? | when you receive money |
| When does a sales invoice open? | When you bill |
| Does data flow from fulfillment to the general ledger? | No it is not transactional data |
| What is the difference between the FOB shipping point and FOB destination? | Revenue recognition changes therefore changing the business processes. |
| What is a picking slip? | What we go get |
| What is a packing slip? | what is in the box, now it usually the receipt |
| What is a sales order? | what we should be picking |
| If you have shipping why do we need billing? Why are the 2 separate? | segregation of duties, shipping is custody while billing is recordkeeping. Billing also goes to the General ledger while shipping just ships. |
| What is cycle billing? | wait for one period and pay all the bills at once on that day |
| Explain the differences between balance forward and specific invoicing. | -balance forward: pays of any balance that they have -specific invoicing: they goes through the invoices and pay for each item and transaction that occurs. |
| What is a lockbox? | tells customer to send money to bank instead of to us, provides extra security without it we would need additional segregation of duties, deposit the money everyday and to bonded |
| What is ACH and what does it do? | automated clearing house and gets money from bank a to bank b |
| What information is a sales invoice based on? | What is shipped |
| When do purchase requests happen in businesses? | when authorization is required for purchases |
| What is a blanket P.O. and how is it difference from a purchase order? | blanket PO covers an extended period of time with a set start and end date while a purchase order covers a short period of time |
| When do purchase orders open? | after negotiating with vendor and send to vendor |
| When do purchase orders close? | when liability is received and RECOGNIZED |
| When does a liability close? | when items are received and the bill is paid |
| What is an SLA? | service level agreement, it is the fine print and agreed upon terms of the engagement |
| Explain what a 2 way recognition check requires? 3 way? | 2 way: purchase order and receipt 3 way: purchase order, receipt, and vendors invoice |
| What is an ERS system and why are they changing P2P? | Electronic receipt settlement system and it allows them to get their money faster |
| What transaction file is for accounts payable? | open liability |
| What transaction file is for accounts receivable? | open sales invoice and unapplied cash |
| What do we bill based on? | What was shipped |
| What do we pay based on? | what we received |
| Is the general ledger related to ERP, supply chain, or CRM? | ERP |
| What perspective is order to cash (O2C)? | Seller perspective |
| What perspective is procure to pay (P2P)? | Buyer perspective |
| what document goes with procure to pay? | purchase order |
| what document goes with order to cash? | sales order |
| what is a ticker file? | reminds them to pay |
| Social engineering? | manipulating, influencing, or deceiving people to gain control over your computer system. |
| Configuration | step in system design |
| Centralized network architecture | all users connect to a central server which is the acting agent for all communications |
| Bit | a binary digit 0 or 1 |
| Byte | a sequence of 8 bits |
| Software as a service | on demand hosted application software |
| Platform as a service | on demand access, read to use platform for developing, running, maintaining, and managing applications. |
| Infrastructure as a service | on demand access to cloud hosted physical and virtual servers, storage and networking |
| Sequence | a step in algorithm executed once |
| Decision | block of code, execution of line of code within decision block depends on testing a condition each line is performed 0 or 1 time. |
| Repetition | block of code, execution of line of code within decision block depends on testing a condition and placement of decision. each line is performed 0 to many or 1 to many times. |
| hardening | a process to eliminate a means of attack by patching vulnerabilities and turning off nonessential services. |
| Advanced persistent threat (APT) | a stealthy threat actor that gains unauthorized access to a computer network and remains undetected for an extended period of time |
| Warm site | facility org uses to recover tech infrastructure when its primary data center goes down. Important for business continuity and should be incorporated into orgs disaster recovery plan. |
| Principle of least privilege | only get enough access to be able to do your job not more than necessary |
| Data loss prevention | detects potential data breaches and prevents them by monitoring, detecting, and blocking sensitive data while in use, in motion, and at rest. |
| Nonrepudiation | sender is provided proof of delivery so that later they can not deny having processed the information |
| Patch management | process of applying updates to software, drivers, and firmware to protect against vulnerabilities. |
| Whitelisting | denies access to all resources and only the “owner” can allow access |
| Blacklisting | allow access to all with the provision that only certain items are denied. |
| Vulnerability scanning | the process of discovering, analyzing, and reporting on security flaws and vulnerabilities. |
| Endpoint protection | an approach to the protection of computer networks that are remotely bridged to client devices. |
| Rollback | returning a database to its previous state. |
Created by:
camrynhg
Popular Accounting sets