Week 3

    avatar
    Created by
    Lucy McDowell

    Cards (66)

    • What are the main topics covered in Lecture 3 of ACC3043?
      Control concepts, COSO framework, information security
      View source
    • What is the purpose of control concepts in technology security?
      To prevent, detect, and correct issues
      View source
    • What does COSO stand for in the context of internal control?
      Committee of Sponsoring Organizations
      View source
    • What are the three types of internal controls mentioned?
      Preventative, detective, corrective
      View source
    • What are some threats faced by an AIS?
      Natural disasters, software errors, unintentional acts
      View source
    • What is an example of an unintentional act that can threaten an AIS?
      Accidental data loss due to human error
      View source
    • What is the principle of least privilege in access control?
      Grant minimum access necessary for tasks
      View source
    • What is the role of detective controls?
      To detect problems when they arise
      View source
    • What is the purpose of corrective controls?
      To identify and correct problems as they occur
      View source
    • What does the COSO Internal Control Framework consist of?
      Five components and 17 principles
      View source
    • What is included in the control environment component of COSO?
      Management philosophy and organizational structure
      View source
    • How is risk assessed according to COSO?
      By likelihood and impact of events
      View source
    • What is the purpose of segregation of duties?
      To prevent fraud and errors in processes
      View source
    • What are project development/acquisition controls?
      Controls for managing system development projects
      View source
    • What is the significance of change management controls?
      To manage resistance and ensure smooth transitions
      View source
    • What is the role of independent checks on performance?
      To verify accuracy and reliability of operations
      View source
    • Why is information security considered a management issue?
      Because senior management support is essential
      View source
    • What does the time-based model of information security emphasize?
      Balancing preventive, detective, and corrective controls
      View source
    • How does the equation P > D + C relate to information security?
      It measures effectiveness of security controls
      View source
    • What are the key components of the COSO Internal Control Framework?
      • Control environment
      • Risk assessment
      • Control activities
      • Information and communication
      • Monitoring
      View source
    • What are the types of internal controls and their functions?
      Types of internal controls:
      1. General controls
      • IT security
      • Software acquisition/development
      1. Application controls
      • Prevent, detect, and correct errors and fraud
      View source
    • What are the key AIS control activities?
      • Authorisation of transactions
      • Segregation of duties
      • Project development and acquisition controls
      • Change management controls
      • Safeguarding assets and records
      • Independent checks on performance
      View source
    • What are the main types of risks according to COSO?
      • Inherent risk
      • Residual risk
      View source
    • What are the principles of the information and communication process in COSO?
      1. Obtain relevant, high-quality information
      2. Internally communicate objectives and responsibilities
      3. Communicate internal control matters to external parties
      View source
    • What are the types of monitoring in COSO?
      • Internal control evaluations
      • Effective supervision
      • Responsibility accounting systems
      • Periodic audits
      • Fraud detection measures
      View source
    • What are the key aspects of safeguarding assets, records, and data?
      • Appropriate policies and procedures
      • Maintain records of IT assets
      • Restrict access to sensitive data
      • Protect data through off-site storage
      View source
    • What is the importance of continuous data auditing?
      • Verifies systems operate as expected
      • Detects anomalies in real-time
      View source
    • What is the role of threat intelligence in information security?
      • Enhances awareness of potential threats
      • Facilitates information sharing among organizations
      View source
    • What are the benefits of effective information security management?
      • Protects sensitive data
      • Reduces risk of data breaches
      • Enhances organizational reputation
      View source
    • What should be done with sensitive data?
      It should be encrypted
      View source
    • What must be maintained regarding computer/IT assets?
      Records of all computer/IT assets
      View source
    • Why is access to assets restricted?
      To protect data and maintain security
      View source
    • What are some methods to protect data?
      Off-site storage and fireproofing
      View source
    • What is the purpose of independent checks on performance?
      To ensure accuracy and reliability
      View source
    • What is a useful tool to check for oddities in accounts?
      The trial balance
      View source
    • What is a critical factor in information security?
      People can be the weakest link
      View source
    • What does the time-based model of information security involve?
      A combination of preventive, detective, and corrective controls
      View source
    • How is security considered effective in the time-based model?
      If P > D + C
      View source
    • What does log analysis help detect?
      Possible attacks on an AIS
      View source
    • What is the function of Intrusion Detection Systems (IDS)?
      To analyze network traffic for intrusions
      View source
    See similar decks