Definition of Internal Control – the process implemented to provide reasonable assurance that the following control objectives are achieved: safeguard assets, maintain detailed records, provide accurance and reliable info, prepare financial reports in accordance w/established criteria, promote operational efficiency, encourage adherence to prescribed managerial policies, comply w/ applicable laws
Preventive controls – deter problems before they arise. Examples: hire qualified personnel, segregating employee duties, and controlling physical access to assets and info.
General controls – make sure an organization’s control environment is stable and well managed. Examples: security, IT infrastruction, software acquisition, development, …show more content…
Consists of three vantage points: business objectives – info must conform to seven categories of criteria that map into the objectives established by the COSO to satisfy business objectives. IT resources – includes people, application systems, technology, facilities, and data. IT Processes – broken into 4 domains: planning and organizing, acquisition and implementation, delivery and support, and monitoring and …show more content…
Encryption is the process of transforming normal content, called plaintext, into unreadable gibberish, called ciphertext.
Digital Signature – a hash of a document that is encrypted using the document creator’s private key.
Digital Certificate – an electronic document that contains an entity’s public key and certifies the identity of the owner of that particular public key
VPN – virtual private network – it provides the functionality of a privately owned secure network without the associate costs of leased telephone lines, satellites, and other communication equipment.
Chapter 10
Hot site-a facility that is not only prewired for telephone and internet access but also contains all the computing and office equipmen the organization needs to perform its essential business