Home / Summaries / AIS [Hall] / access-user-system

IT controls : Security and access

25 important questions on IT controls : Security and access

What are the three main tasks performed by the operating system?

-  Translating (by compilers and interpreters) high-level languages into the machine-level language that the PC can execute.
-  Allocating PC resources to users, workgroups, and applications (e.g. authorizing access).
-  Managing the tasks of job scheduling and multiprogramming.

What are the five fundamental control objectives the OS must achieve?

(1) Protect itself from users,
(2) protect users from each other,
(3) protect users from themselves,
(4) be protected from itself, and
(5) be protected from its environment.

What is the operating system security?

OS security involves policies, procedures, and controls that determine who can access the OS, which resources they can access, and what actions they can take.
  • Higher grades + faster learning
  • Never study anything twice
  • 100% sure, 100% understanding
Discover Study Smart
Testimonial person
Sophia
Law student
Quotes

For my 1st exam I got a C. Then, I started looking for ways to learn better and I came across Study Smart. Since then I have scored a A+, A, A- and another A. I highly recommend it to everyone who wants to hear it. I am so happy with it!!

Testimonial person
John
Economics Student
Quotes

I was struggling to finish all my first-year subjects for 3 years. Then I discovered Study Smart, which helped me to finish all of them within 3 months.

Testimonial person
Sara
Public Administration Student
Quotes

Because of StudySmart, things are going well in many ways. Before, I always had study stress and no time for anything. Now I feel calm and confident (because of the program). I used to score a B, now I usually score an A or A+.

Testimonial person
Mary
Business Student
Quotes

Hey Chris, I really want to thank you very much for developing the platform, I usually got around C for my exams, now I scored an A+, an A and a A- !!

Testimonial person
Melanie
Psychology Student
Quotes

Since using Study Smart, my average has increased significantly. I even completed a statistics course with a A+ while I'm bad at statistics. I took on extra courses this year, because of Study Smart. Thanks so much!

Testimonial person
Jane
Nursing Studies
Quotes

Ever since I started studying with StudySmart I passed all my exams !!! No more re-sits!! At first, I was happy with a pass and now I only get good grades. Many thanks!

Testimonial person
Rose
Political Science Student
Quotes

I aced all the courses I studied with Study Smart. For law, I first scored a D, and now an A! I’m 100% sure that I’ll pass all the courses I study with Study Smart.

Testimonial person
Tina
Medicine Student
Quotes

I always thought I studied well. My grades were fine. I could never have imagined that applying these study skills would have such a huge and direct impact on my grades, my speed and the pleasure I have in learning.

Testimonial person
Julie
Marketing Student
Quotes

For the first time, I finally feel totally confident about the way I learn. I have the perfect overview and make great progress in terms of speed and the grades I get. Thanks, Chris!

Testimonial person
Matt
Industrial Engineering Student
Quotes

I immediately started to enjoy learning again, and my grades soared. All of a sudden, everything went better. I highly recommend Study Smart to all students..

Testimonial person
Emma
Law Student
Quotes

Being able to create my materials online made the process of studying so much smoother and quicker. I no longer have to spend a huge amount of my time on creating my summaries.

Testimonial person
Michael
Psychology Student
Quotes

At first, my notes were a mess. Now I use Study Smart to take my notes in a perfectly structured way. It helps me to save a lot of time and do other things I enjoy.

Testimonial person
Emily
Teacher
Quotes

Students that study with Study Smart get better grades. The system applies all the learning methods in such a way that both well-performing students and students who struggle perform much better.

Testimonial person
Richard
Literature Student
Quotes

Hi Chris, I would like to thank you very much. Last year I scored C on a course, and this year I got an A+ thanks to your method! Thank you very much!

Testimonial person
Madison
Parent
Quotes

The largest effect is that my child is more enthusiastic about school! Every parent wants their children to be happy at school, Study Smart made it happen.

Testimonial person
Robert
Accountant Student
Quotes

In high school, I failed several exams, and that has really changed now. I actually needed this tool very much back then. Since I started studying with StudySmart, I haven't had any D's. My average score is now an A and those are results I would have never had in the past

Testimonial person
James
Business and Science Student
Quotes

With my old method, I passed only 3 out of 8 courses. Since I started taking my notes digitally in Study Smart, I have passed all my courses on the first try. For me, StudySmart takes away the stress of wondering if I will pass or not.

Testimonial person
Christopher
Veterinarian Student
Quotes

Thanks to StudySmart, I passed all my exams, and with better grades than before! On top of that, I have mastered a very good study method now, which I am confident will help me earn my degree.

What is the log-on procedure?

OS’s first line of defense against unauthorized access.   

What is the access token?

It is created by the OS after successful log-on and contains key information about the user. It is used to approve all actions the user attempts during the session.

What are the threats to operating system integrity?

OS control objectives may not be achieved because of accidental or intentionally threats.
-  Accidental threats include hardware failures and errors in user application programs, which can result in unintentional disclosure of confidential information.
-  Intentional threats include attempts to illegally access data or violate user privacy for financial gain.
-  A growing threat is destructive programs from which there is no apparent gain, which comes from three kind of resources: (1) Privileged personnel abusing their authority, (2) individuals (internal and external) identifying and exploiting security flaws, and (3) individuals inserting PC viruses or other destructive programs to the OS.

What are the user access privileges?

User access privileges are assigned to individuals and groups authorized to use the system. Privileges determine which resources they may access and what type of actions can be taken. Privileges should be carefully administered and closely monitored for compliance with organizational policy and principles of internal control.

What are the auditors objective and procedures with the user access privileges?

Auditor’s objective: Verify that access privileges are granted in a manner that is consistent with the need to separate incompatible functions and is in accordance with the organization’s policy.
Auditor’s procedures:
-  Review organization’s policies.
-  Review privileges of a selection of user groups and individuals (determining if their access
rights are appropriate for their job).
-  Review personnel records (determining whether privileged employees undergo a security
check).
-  Review employee records (determining whether users formally acknowledged their
responsibility)
-  Review users’ permitted log-on times (should be commensurate with the tasks being
performed).

What are the auditor's objectives and privileges with virus control?

Auditor’s objective: Verify that effective management policies and procedures are in place to prevent the introduction and spread of destructive programs.
Auditor’s procedures:
-  Determining if operations personnel have been educated about destructive programs and are aware of risky computing practices.
-  Verify that new software is tested prior to being implemented.
-  Verify that antiviral software is installed and upgraded regularly.

Which two types of audit logs are defined?

-  Keystroke monitoring: Records the user’s keystrokes and the system responses.
-  Event monitoring: Summarizes key activities related to system resources (e.g. recording the user IDs, time, and duration of a session; programs that are executed; and resources accessed)

What are the audit trail objectives?

Audit trails can be used to support security objectives in three ways:
(1) Detecting unauthorized access (real time or after the fact),
(2) reconstructing events (reconstruct the steps that led to events), and
(3) personal accountability (monitor user activity at the lowest level of detail, a preventive control that can influence behavior).
Audit logs are useful to accountants in measuring the potential damage and financial loss.

What are the auditor's objectives and auditor's procedures with the audit trail?

Auditor's objective: Ensure that the established system audit trail is adequate for preventing and detecting abuses, reconstructing key events that precede system failures, and planning resource allocation.
Auditor’s procedures:
-  Verify that the audit trail has been activated according to organization policy.
-  Evaluate security violation cases, reported by the organization’s security group, to assess the effectiveness of the security group.

What are access controls?

To prevent unauthorized individuals from viewing, retrieving, corrupting, or destroying the entity’s data, access controls are designed. But also for authorized users who exceed their access privileges.

What is the database authorization table?

Contains rules that limit the actions a user can take.   

What are the user defined procedures?

Allows the user to create a personal security program or routine to provide more positive user identification than a password can (e.g. personal questions).

What are biometric devices?

Measures personal characteristics (e.g. fingerprints, retina prints)   

What are back-up controls?

Back-up controls ensure that in the event of data loss due to unauthorized access, equipment failure, or physical disaster, the organization can recover its files and databases.

What are the four backup and recovery features in backup controls?

-  Database backup: Makes a periodic backup of the entire database (automatic once a day).
-  Transactions log: Provides an audit trail of all processed transactions and records the resulting changes to the database in a separate database change log.
-  Checkpoint feature: Suspends all data processing while the system reconciles the transaction log and the database change log against the database (automatically several times an hour).
-  Recovery module: Uses the logs and backup files to restart the system after a failure.

What are the auditor's objectives and auditor's procedures for back-up controls?

Auditor’s objective: Verify that database backup controls are adequate to facilitate the recovery of lost, destroyed, or corrupted data.
Auditor’s procedures:
-  Verify from system documentation that production databases are copied at regular intervals.
-  Verify through documentation and observation that backup copies of the database are stored off-site to support disaster recovery procedures.

What is a digital signature?

An electronic authentication that cannot be forged.   

What is a digital certificate?

Used in conjunction with a public key encryption system to authenticate the sender of a message.

What is message sequence numbering?

A sequence number inserted in each message, in order to protect for an intruder in the communication channel who attempts to delete, change the order or duplicate a message from a stream of messages.

What is a message transaction log?

Record of all incoming and outgoing messages, as well as attempted (failed) access.

What is a request-response technique?

A control message from the sender and a response from the receiver. The timing should follow a random pattern that will be difficult for the intruder to determine and circumvent.

What is a call-back device?

After a dial-in user is identified, the system breaks the connection and the call-back device dials the caller’s number. This restricts access to authorized terminals and telephone numbers and prevents an intruder masquerading as a legitimate user.

The question on the page originate from the summary of the following study material:

AIS [Hall]

View summary
  • A unique study and practice tool
  • Never study anything twice again
  • Get the grades you hope for
  • 100% sure, 100% understanding
Remember faster, study better. Scientifically proven.
Trustpilot Logo

Summaries related to The information system: an accountant's perspective