ACC444 Chapter 7
Home > Flashcards > Print Preview
The flashcards below were created by user
on FreezingBlue Flashcards. What would you like to do?
Five basic principles that contribute to systems reliability
- - Security
- - Confidentiality
- - Online privacy
- - Processing integrity
- - Availability
Restrict system access to only authorized users and protect:
- a.) The confidentiality of sensitive organizational data
- b.) The privacy of personal identifying information collected from customers
security procedures provide for processing integrity by preventing:
- a.) Submission of unauthorized or fictitious transactions
- b.) unauthorized changes to stored data or programs
SOX section 302 and 906 requires that:
The CEO and CFO certify the accuracy of the financial statements
SOX section 404 requires that:
the annual report include a report on the company's internal controls.
The trust services framework identifies four essential criteria for successfully implementing the five principles of systems reliability:
- 1. Develop and document policies
- 2. Effectively communicate those policies to all authorized users
- 3. Design and employ appropriate control procedures to implement those policies
- 4. Monitor the system, and take corrective action to maintain compliance with the policies
time-based model of security focuses on:
preventive, detective, corrective controls
limit actions to those in accord with the organization's security policy and disallow all others.
identify when preventive controls have been breached
repair damage from problems that have occurred and improve preventive and detective controls to reduce likelihood of similar incidents.
time-based model measures and compares the relationship among three variables:
- P = Time it takes an attacker to break through the organization's preventive controls
- D = Time it takes to detect that an attack is in progress
- C = Time to respond to the attack
Based on the time-based model's three variables, security procedures are effective when:
P > (D + C)
Defense in depth
Having multiple layers of controls to avoid having a single point of failure
Redundancy applies to what type of controls?
detective and corrective
Computer security involves using a combination of:
firewalls, passwords, and other preventative procedures to restrict access
Preventive controls involves two related functions:
Authentication and authorization
the use of two or three basic authentication methods in conjunction
Access control matrix
specifies what part of the IS a user can access
matches the user's authentication credentials against the access control matrix to determine if the action should be allowed.
connects an organization's information system to the internet
behind the border router is:
the main firewall
demilitarized zone (DMZ)
web servers and emails servers that are placed in a separate network - not accessible from the internet.
access control list (ACL)
determines which packets are allowed in and which are dropped
static packet filtering
screens individual packets based only on the contents of the source and/or destination fields in the packet header
stateful packet filtering
uses ACLs to determine what to do with each packet
deep packet inspection
examines the data in the body of an IP packet
the process of turning off unnecessary features
process of transforming plaintext into ciphertext
symmetric encryption system
use the same key to encrypt and decrypt
advantages of symmetric encryption
it is much faster than asymmetric encryption
disadvantages of symmetric encryption
- - both parties need to know the secret key
- - A different key needs to be created for each party
- - since both sides are using the same key, there is no way to prove which of the two parties created a document.
asymmetric encryption systems:
- - use two keys (public and private)
- - either key can be used to encrypt
takes plaintext of any length and transforms it into a short code called hash
information encrypted with the creator's private key
electronic document, created and digitally signed by a trusted third party.
organization that issues public and private keys and records the public key in a digital certificate.
Two of the trust services framework criteria for effective security are the existence of procedures to:
- - react to system security breaches and other incidents
- - take corrective action on a timely basis
three key components that satisfy criteria for effective security:
- 1. Establishment of a computer emergency response team
- 2. Designation of a specific individual with organization-wide responsibility for security
- 3. an organized patch management system
fixing known vulnerabilities and installing latest updates for system security
What would you like to do?
Home > Flashcards > Print Preview