IT Systems and Business Continuity Flashcards Preview

CIA PT 3 > IT Systems and Business Continuity > Flashcards

Flashcards in IT Systems and Business Continuity Deck (33)
Loading flashcards...
1
Q

Organizational controls concern the proper segregation of

A

Duties and responsibilities within the information systems department.

2
Q

The responsibilities of systems analysts, programmers, operators, file librarians, the control group, and others should be

A

Assigned to different individuals, and proper supervision should be provided.

3
Q

Traditional segregation of responsibilities for authorization, recording, and access to assets

A

May not be feasible in an IT environment

4
Q

IT personnel in an organization are

A

1) Systems analysts
2) Database Administrator (DBA)
3) Programmers
4) Operators

5
Q

Are specifically qualified to analyze and design computer information systems. They survey the existing system, analyze the organization’s information requirements, and design new systems to meet those needs. They should not have access to data center operations, production programs, or data files.

A

Systems analysts

6
Q

Is the individual who has overall responsibility for developing and maintaining the database and for establishing controls to protect its integrity.

A

Database administrator (DBA)

7
Q

Design, write, test, and document the specific programs according to specifications developed by the analysts. They should not have access to the data center operations or to production programs or data.

A

Programmers

8
Q

Are responsible for the day-to-day functioning of the data center, whether the organization runs a mainframe, servers, or anything in between. They load data, mount storage devices, and operate the equipment. Should not be assigned programming duties or responsibility for system design.

A

Operators

9
Q

Was an early attempt to create an integrated computer-based information system. It was designed to plan and control materials used in a production setting

A

Materials requirements planning (MRP)

10
Q

Is intended to integrated enterprise-wide information systems across the organization by creating one database linked to all the entity’s applications.

A

The Traditional ERP system

11
Q

Has added front-office functions. These connect the organization with customers, suppliers, shareholders or other owners, creditors, and strategic allies.

A

The current generation of ERP software (ERP II)

12
Q

Is a network of networks all over the world.

A

Internet

13
Q

The three main parts of the Internet are:

A

1) Servers - that hold information
2) The clients - that view the information
3) The Transmission Control Protocol/Internet Protocol (TCP/IP) - suite of protocols that connect the two

14
Q

Is generally a dedicated computer or device that manages specific resources.

A

Server

15
Q

Was later developed as an open standard usable with many programs and platforms

A

Extensible Markup Language (XML)

16
Q

For financial statements is the specification developed by an AICPA-led consortium for commercial and industrial entities that report in accordance with U.S. GAAP.

A

Extensible Business Reporting Language (XBRL)

17
Q

Performs the fundamental tasks needed to manage computer resources.

A

Systems software

18
Q

The most basic piece of systems software. Is an interface among users, application software, and the computer’s hardware.

A

Operating system

19
Q

Controls over operating systems include

A

(a) Segregation of duties
(b) Testing before use
(c) Marking back-out plans and implementing changes in off-hours, and
(d) Keeping detailed logs of all changes

20
Q

Consist of (1) the hardware devices being connected and (2) the medium through which the connection is made.

A

Networks

21
Q

Connects devices within a single office or home or among buildings in an office park. Is owned entirely by a single organization.

A

Local area network (LAN)

22
Q

Connects devices across an urban area, for instance, two or more office parks.

A

Metropolitan area network (MAN)

23
Q

Consists of a group of LANs operating over widely separated locations. Can be either publicly or privately owned.

A

Wide area network (WAN)

24
Q

Examples of privately owned WANs include:

A

1) Value-added networks (VANs)
2) Virtual private networks (VPNs)
3) Private branch exchange (PBX)

25
Q

Includes the activity of disaster recovery and business continuity

A

Contingency planning

26
Q

Is the process of resuming normal information processing operations after the occurrence of a major interruption.

A

Disaster recovery

27
Q

Should describe IT recovery strategies, including details about procedures, vendors, and systems.

A

Disaster recovery plan (DRP)

28
Q

Is the continuation of business by other means during the period in which computer processing is unavailable or less than normal.

A

Business continuity

29
Q

Is the most basic part of any disaster recovery or business continuity plan

A

Periodic backup and offsite rotation of computer files

30
Q

Is a physical location maintained by an outside contractor for the purpose of providing processing facilities for customers in case of disaster.

A

Alternative processing facility

31
Q

Recovery centers take two basic forms:

A

A hot site or a cold site

32
Q

Is a fully operational processing facility that is immediately available.

A

Hot site

33
Q

Is a shell facility with sufficient electrical power, environmental controls, and communications lines to permit the organization to install its own newly acquired equipment.

A

Cold site