All Matches

Solution Library

Expert Answer

Textbooks

Search Textbook questions, tutors and Books

Oops, something went wrong!

Change your search query and then try again

Result Not Found

Books FREE
Tutors
Study Help
Hire a Tutor
AI Study Help New

Search
Sign In
Register

study help
business
auditing assurance services

Questions and Answers of Auditing Assurance Services

Give three examples of tools that DAs and DBAs need to perform their functions but which can also be used to override database integrity.
There are two types of remedial measures that can be used to increase control over the DA and the DBA:(a) administrative controls, and(b) technical controls. Explain the nature of each set of
Briefly explain how separation of duties can be used to increase control over the DA and the DBA.
What types of logs should be kept on activities relating to the functions of the data administrator and the database administrator?
How can auditors use logs to evaluate the propriety of work carried out by the data administrator and the database administrator?
Kiwi Kapers Limited (KKL) is a New Zealand-based manufacturer and retailer of sports clothing with headquarters in Dunedin. Although its manufacturing facilities are all located in Dunedin, its
When is an information systems asset secure?
Security administrators are least likely to have responsibility for:a. Malicious threats to physical assetsb. Nonmalicious threats to logical assetsc. Malicious threats to logical assetsd.
You are a security consultant who has been employed by First Singaporean, a large bank based in Singapore, to examine the adequacy of security controls over a new site that it established nine months
In the context of information systems assets, briefly explain the difference between physical security and logical security.
An information systems security program is:a. A one-shot investigation to determine the state of logical and physical securityb. A specialized piece of software used to monitor and control access to
Assemblit, Inc., is a medium-sized parts manufacturing company based in London with distribution outlets in the major cities throughout Great Britain. It has a mainframe computer in its London
Briefly define what is meant by a security program. What are the eight major steps that must be undertaken during the conduct of a security program?
For the following steps in a security program, what is the most likely sequence in which they will be conducted?I Controls identification II Exposures analysis III Assets valuation IV Threats
Orchard Enterprises Limited (OEL) is a medium-sized Miami-based distributor of leisureware fashion garments. It has a mainframe computer in its Miami headquarters to process its major application
Why is it important that a project plan be prepared for a security program? Who should be responsible for preparing the plan? Who should be responsible for approving the plan?
Which of the following is least likely to be a component of a security evaluation project plan?a. Organization of the project teamb. Risk-analysis method to be usedc. Resources budgetd. Schedule for
Money Mover (MM) is a public electronic funds transfer network with its head office and major computer switch based in Melbourne. The company has computer switches in each capital city throughout
Briefly explain the nature of the "aggregation" problem during the assets identification phase of a security program. What basis can be used to choose the "right" level of aggregation?
When valuing an information systems asset for security evaluation purposes, which of the following statements is most likely to be false?a. Accidental loss of an asset will be more serious than a
Read the description for Case 7-5. The following details apply to the review you are conducting on the state of controls within the company.As part of your review of the Melbourne switch site, you
Why might the value of an asset differ depending on who is undertaking the valuation? If different values are assigned to the same asset, which value should security administrators use when valuing
The primary objective of the asset-valuation phase in a security evaluation is to:a. Develop users' sensitivity to the possible consequences of a threatb. Determine an accurate monetary value for all
Briefly describe two techniques that can be used to value assets. What are the relative strengths and limitations of the techniques you identify?
A threat from which of the following sources is most likely to affect the logi\(\mathrm{cal}\) security of information systems assets?a. Hardware suppliersb. Utility suppliersc. Environmentalistsd.
What is meant by a threat? In the context of information systems assets, identify two sources of threats that are external to an organization and two sources of threats that are internal to an
Which of the following is most likely to be able to provide information on the likelihood of a fire destroying a mainframe computer facility?a. The facility's operations managerb. Users of the
Give two techniques that security administrators can use to estimate the likelihood of the occurrence of a threat. Under what situations would one of these techniques be used in preference to the
An exposure is:a. Any threat that may eventuateb. Any threat for which no controls have been implementedc. The expected loss that will occur over some time period, given the reliability of the
Briefly describe the four major tasks that must be undertaken during the exposures analysis phase of a security program.
Which of the following activities is not a task during the exposures-analysis phase of a security program?a. Identifying the source of threats to the assetsb. Assessing the losses that will result if
How are internal control questionnaires useful during the exposures analysis phase of a security program?
During a security evaluation, an internal control questionnaire is most useful in undertaking which of the following tasks?a. Assessing the reliability of the controls that are in placeb. Identifying
Which of the following tasks is most facilitated by scenario analyses?a. Identifying controls and their associated level of reliabilityb. Identifying how threats can circumvent controlsc. Determining
Briefly explain how scenarios analysis might be used in the exposures analysis phase of a security program. Under what circumstance is scenarios analysis likely to be most useful?
Reducing exposures to an acceptable level means:a. All controls implemented are reliableb. Residual losses have been eliminatedc. Threats for which no control exists have a low probability of
Using probability theory, briefly explain how security administrators calculate the expected losses from an exposure.
Which of the following should not be used as a basis for determining new controls that might be implemented over information systems assets?a. Choose controls that emphasize design secrecyb. Examine
What activities are undertaken during the controls adjustment phase of a security program?
Which of the following is not a component of the final security report presented to management?a. Recommendations on existing safeguards that should be changedb. A recommendation on the single
Briefly describe the contents of the security report prepared at the conclusion of a security program. From the viewpoint of having recommendations accepted, what is the most critical aspect of the
Which of the following statements about halon gas as a fire suppressant is false?a. It is relatively safe for humansb. It has detrimental effects on the earth's ozone layerc. It is chemically
List the major points that should be covered during an audit of security controls over the information systems function to assess the adequacy of handheld fire extinguishers.
Which of the following controls is least likely to reduce the likelihood of losses to information systems assets arising from water damage that occurs as the result of a cyclone or hurricane?a. Have
What is the purpose of covering hardware with a protective fabric when it is not in use?
The purpose of a voltage regulator is to:a. Protect hardware against temporary increases in powerb. Protect hardware against sustained power surgesc. Compensate when brownouts occurd. Protect the
Briefly discuss the responsibilities of security administrators with respect to maintenance of the supply of energy to the information systems function.
Which of the following controls is likely to be most effective at preventing losses that result from structural damage to the building in which a mainframe computer facility is housed?a. Voltage
Outline the steps you might undertake as an auditor to determine whether a mainframe computer facility could withstand structural damage.
Which of the following is not a control to prevent pollution?a. Prohibition of food in the computer roomb. Filters on air conditioningc. Confining decollation to the computer room onlyd. Placing
Briefly describe two problems that can be caused by the presence of dust within a computer facility. What controls can be exercised to limit the effects of pollutants in(a) a mainframe computer room,
The unchecked emission of electromagnetic signals is a concern because:a. The signals can be picked up and printed on a remote deviceb. The signals interfere with the correct functioning of the
From a security viewpoint, what advantages accrue from having no windows in a computer facility, providing only one entrance to the facility, and placing the facility on an upper floor of a building?
Which of the following is the most likely source of a worm program?a. Another computer connected to the same communications network as the infected computerb. Public domain software obtained by a
Briefly describe two ways in which data integrity can be violated using an electronic bug. Where in a computer facility are bugs most likely to be placed?
Which of the following controls is most likely to protect an organization's investment in developing and maintaining a proprietary database?a. Copyright lawsb. A registered trademarkc. Clauses in the
What are the most vulnerable points in a data communications network with respect to wiretapping? What actions can security administrators take to prevent or inhibit wiretapping?
Which of the following controls is most likely to protect an organization's information systems from computer hackers?a. Card-key locksb. A virus detection programc. Encryption of programsd.
Briefly distinguish between viruses and worms. List two controls over viruses and worms (one for viruses and one for worms) that security administrators might implement to reduce exposures.
Which of the following is not a component of the emergency plan?a. Personnel to be notified upon the occurrence of a disasterb. Evacuation proceduresc. Restart prioritiesd. Equipment shutdown
For each of the following threats, give a control that might reduce exposures:a. Pirated softwareb. Violation of the licensing conditions pertaining to a proprietary databasec. Employee use of an
Which of the following is not a component of the backup plan?a. Site where resources can be assembled and operations restartedb. Procedures for periodically testing that recovery can be effectedc.
Give one preventive control and one detective control over the activities of computer hackers.
The primary purpose of the recovery plan is to:a. Specify precisely how recovery will be effectedb. Identify which applications are to be recovered immediatelyc. Identify a recovery committee that
What are the controls of last resort? Briefly explain the nature of each.
Which of the following types of backup facilities rely most heavily on an organization's hardware vendor to effect recovery?a. Reciprocal agreementb. Warm sitec. Cold sited. Hot site
Briefly describe the major components of an emergency plan.
Business interruption insurance covers:a. Additional costs incurred because the organization is not operating from its normal facilitiesb. Costs involved in reconstructing the computer facilityc.
Briefly describe the major components of a backup plan.
If an organization has its own information systems staff but insufficient security work exists to justify a separate security administration position, responsibility for security matters might be
What considerations affect the choice of a backup site?
Briefly describe the major components of a recovery plan. Why are the responsibilities of the recovery committee an important component of the plan?
What are the purposes of the test-plan component of a disaster recovery plan? How does a "phased approach" facilitate testing of disaster recovery procedures?
Briefly explain the difference between a hot-site and cold-site backup and recovery facility.
Identify nine major aspects of the information systems function that must be covered by an insurance policy. What are the security administrator's responsibilities after the insurance policy has been
For the following types of organizations, who is likely to perform the role of the security administrator?a. A medium-sized organization that has its own data processing facilityb. A small
Which of the following is not a function of operations management?a. Performance monitoringb. Application system post-auditsc. File libraryd. Production work flow control
Savers-Surety is a large, Brisbane-based credit union. Twelve months ago it purchased and implemented an automated operations facility (AOF) to control its mainframe operations. Prior to the purchase
What is the primary role of operations management?
In organizations where microcomputers are used extensively, the functions of operations management relating to the microcomputers should be:a. Still performed by the operations manager responsible
Meridian Manufacturing Ltd. is a large, multidivisional Singapore-based manufacturer of electronic components and products. Over the past few years, Meridian has progressively implemented local area
Briefly describe two changes that have occurred in recent years that have had an impact on how the operations function is audited. Outline the nature of the effect that has occurred.
One function of an automated operations facility is to:a. Alert users automatically about possible application system errorsb. Remove the need for job control filesc. Stop and start programs
You are the chief internal auditor for a large public utility that has used computer systems for many years in most areas of its operations. One day you are called to a meeting with the general
What is an AOF? Briefly explain the relationship between an AOF and a lights-out facility.
Which of the following statements about controls over computer operators is true?a. A malicious operator can undermine recovery from a disaster by corrupting backup files progressively over timeb.
In Australia, many financial institutions participate in a clearinghouse system for direct credit and direct debit transactions. For example, the employees of an organization can request that their
Briefly describe three controls that should be exercised over computer operators.
Which of the following statements about automated operations facility parameters is false?a. Any inaccuracy will be identified by the operating systemb. They should be maintained in a secure filec.
You are an information systems auditor in a firm of external auditors that has just been appointed to undertake the audit of Second Sunstate, a mediumsized bank located in Orlando, Florida. As part
Briefly explain why it is undesirable to allow operators to authorize reruns of application systems.
Which of the following is not a reason for the operations function undertaking job scheduling on a mainframe machine?a. To balance workloads on the machineb. To reduce the likelihood of losses
Briefly describe three control concerns that auditors should have with automated operations facilities.
Machine maintenance engineers pose some difficult control programs because:a. They often have a high level of programming skillsb. They have available special hardware/software tools that enable them
Briefly describe two implications that use of microcomputers and decentralization of the information systems function have on the reliability of controls over computer operations.
What is the purpose of computer operations scheduling controls?
Which of the following functions cannot be performed using a communications network control terminal?a. Resetting message queue lengthsb. Closing down a terminalc. Correcting a hardware error in a
For the following activities, briefly indicate who should be responsible for authorizing the availability of machine resources to undertake them and why:a. Regular execution of a production
Briefly explain the difference between preventive and repair maintenance. Why might an operations manager decide to increase the amount of preventive maintenance undertaken on a machine?
Which of the following activities should not be permitted when operators use a communications network control terminal?a. Renaming a communications lineb. Downline loading a programc. Altering the

Showing 1100 - 1200 of 2689

First
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
Last

Services

Sitemap
Fun
Definitions
Become Tutor
Study Help Categories
Recent Questions
Expert Questions

Company Info

Security
Copyrights
Privacy Policy
Terms & Conditions
SolutionInn Fee
Scholarship

Get In Touch

About Us
Contact Us
Career
Jobs
FAQ
Campus Ambassador

Secure Payment

Download Our App

© 2024 SolutionInn. All Rights Reserved