OS Etc
Ensure the integrity of the system
OS is the most important system software because it performs the tasks that enable a computer to operate.
Data warehouse
a centralized collection of firm-wide data for a relatively long period of time
local area network (LAN)
: a group of computers, printers, and other devices connected to the same network that covers a limited geographic range.
Eavesdropping
•The attacker passively monitors wireless networks for data, including authentication credentials.
Management Controls:
management of risk and information system security.
Operational databases
used for daily operations and often includes data for the current fiscal year only
Wide area networks
(WANs) link different sites together, transmit information across geographically, and cover a broad geographic area.
Rogue Access Points
•The attacker sets up an unsecured wireless network near the enterprise with an identical name and intercepts any messages sent by unsuspecting users that log onto it.
Technical Controls:
primarily implemented and executed through mechanisms contained in computing-related equipment.
Test data technique
uses a set of input data to validate system integrity.
Data mining
the process of searching for patterns in the data in a data warehouse and data analyzing these patterns for decision making
Routers:
connects different LANs software-based intelligent devices, examines the Internet Protocol (IP) address
Traffic Analysis
•The attacker passively monitors transmissions via wireless networks to identify communication patterns and participants.
Operational Controls:
protecting a firm’s premise and facilities, preventing and detecting physical security
Parallel simulation attempts
to simulate the firm’s key features or processes.
Data governance
the convergence of data quality, data management, data policies, business process management, and risk management surrounding the handling of data in a firm
Firewalls:
a security system comprised of hardware and software that is built using routers, servers, and a variety of software
Man-in-the-Middle
•The attacker actively intercepts communications between wireless clients and access points to obtain authentication credentials and data.
CAATs
imperative tools for auditors to conduct an audit in accordance with heightened auditing standards.
A continuous audit is
performing audit-related activities on a continuous basis.
Types of Networks
•Local area network, or LAN.
•Metropolitan area network, or MAN.
•Wide area network, or WAN.
•Personal area network, or PAN.
A Wireless Network is comprised of two fundamental architectural components
•access point
•station
Message Modification
•The attacker alters a legitimate message sent via wireless networks by deleting, adding to, changing, or reordering it.
Two CAAT approaches
•Auditing around the computer (the black-box approach)
•Auditing through the computer (the white-box approach)