click below
click below
Normal Size Small Size show me how
BEC 41 Part 2
Information Technology
Term | Definition |
---|---|
Controls to detect and prevent equipment failures | parity check-a special bit is added to each character to detect if it is lost; echo check- receiving repeats back to sender and resends any characters received incorrectly 3) boundary protection control’s, 4) periodic mtce 5) diagnostic routines. |
Personal, Local, Metropolitan, Wide Area Networks | PAN-centered around an individual and their personal communication devices; LAN-privately owned within a single building or campus; MAN-larger version of LAN, WAN- span a large geographical area |
Private v. public network | Private- EDI systems, secure, flexible, performance better than Public, costly; Public-less secure |
Router | a communications interface device that connects two networks and determines the best way for data packets to move forward to their destinations |
Switch | a device that channels incoming data from any of multiple input ports to the specific output port that will take the data towards its intended destination |
Bridge | a device that divides LAN into two segments, selectively forwarding traffic across the network boundary it defines- similar to a switch |
Gateway | a combination of hardware and software that links to different types of networks. |
Proxy server | a server that saves and serves copies of web pages to those who request them. Can increase efficiency of Internet operations and help assure data security |
TCP/IP (transmission control protocol/internet protocol) | the basic communication language or protocol of the Internet; higher layer assembles messages into smaller packets to transmit; lower layer assigns IP addresses and insures messages are delivered to the appropriate IP address |
Virus | a program or code that requests the computer operating system to perform certiani acitivities not authorized by the user |
Trojan horse | a malicious security breaking program that is disguised as something benign |
Botnet | a network of computers controlled by computer called that is designed to perform a repetitive task such as sending span, spreading a virus, etc |
COBIT ( control objectives for information and related technology) | 1) meeting stakeholder’s needs 2) covering the enterprise end to end 3) applying a single integrated framework 4) enabling a holistic approach 5) separating governance from management |
AICPA Principles of a Reliable system | 1) Security 2) Availability 3) Processing Integrity 4) Online Privacy 5) Confidentiality |
Segregation contols | 1) btwn users & IS dept 2) IS dept should not initiate or authorize transactions; 3) segregate programming, data entry, operations, and the library function within the IS dept. |
Systems analyst | analyzes present user environment and requirements and may recommend 1) specific changes 2) purchase of new system 3) design a new IS system; is in constant contact with user depts.. |
Systems programmer | implements, modifies, debugs the software necessary for making the hardware work |
Applications programmer | writes, tests, and debugs application software from the specifications provided by the systems analyst |
Database administrator ( DBA) | maintaining the database and restricting access to DB to authorized personnel |
Data preparer | prepare and input by key of data into storage devices |
Operator | responsible for the daily operations of both the hardware and the software, supervises operations on the operator’s console, accepts any required input, , and distributes any output; HELP DESKS |
Data librarian | responsible for custody of the removable media an fro themaintenance of program and system documentation |
Data controllers | acts as a liason between users adnd the processing center. Records input data in a control log, follows the progress of processing, distributes output and ensures compliance with control totals |
Computer Control activities | control program development, program changes, computer operations, and access to programs and data |
Programmed Control activities | relate to specific computer applications and are embedded in the computer program |
Manual follow up of exception reports | employee follow up of exception reports |
User control activities to test the completeness and accuracy of computer processed transactions | manual checks of the computer output against source documents or other input |
Computer hardware controls | 1) parity check- special bit added to end of each character 2) echo check- receiving hardware repeats back to the sending hardware what it received 3) diagnostic routines 4) boundary protection 5) periodic maintenance |
Changing existing systems | 1)change request log 2)IS mgr review all changes 3)testing using test data 3)changes documented 4)code comparison program- to compare source and or object codes of a controlled copy of a program with the program currently being used to process data |
Physical access to computer facility controls | limited physical access ( guard, key card, manual key locks, finger print, visitor log) Hardware and software access controls |
Controlling computer operations | operators should have access to operations manual, but not detailed program documentation, control group should monitor the operators’s activities, jobs should be scheduled |
Other controls | back up and recovery, contingency processing, internal and external labels. Input validation ( edit) controls |
Processing controls | input controls, external labels should be used on removable media with internal head and trailer labels used to determine that all information on a file has been read. |
Application controls | follow up of exception reports |
Activities to test the completeness and accuracy | check computer output against source documents 2) review computer processing logs to determine that correct number of jobs executed properly 3) procedures and communication to authorized recipients of the output |