Final It Review

1. What is the purpose of an IS audit? Describe the different types of audits and auditors.

An IS audit is an examination of information systems, their inputs, outputs, and processing.

There are two types of auditors:

a) An internal auditor is usually a corporate employee who is not a member of the Information System Department (ISD). They are also called corporate auditors

b) An external auditor is an outsider. This type of auditor reviews the findings of the internal audit.

There are two types of audits.

c) The operational audit determines whether the ISD is working properly.

d) The compliance audit determines whether controls have been implemented properly and are adequate.

2. What are the major objectives of a defense strategy?

1. Prevention and deterrence. Properly designed controls may prevent errors from occurring, deter criminals from attacking the system, and, better yet, deny access to unauthorized people.

2. Detection. Like a fire, the earlier an attack is detected, the easier it is to combat, and the less damage is done.

3. Containment (contain the damage). This objective is to minimize or limit losses once a malfunction has occurred. It is also called damage control.

4. Recovery. A recovery plan explains how to fix a damaged information system as quickly as possible.

5. Correction. Correcting the causes of damaged systems can prevent the problem from occurring again.

6. Awareness and compliance. All organization members must be educated about the hazards and must comply with the security rules and regulations.

3. What is involved in protecting data and business operations? Discuss any two of the controls to protect assets of Information Technology.

firewalls, encryption, antivirus, antispam, anti-spyware, anti-phishing, and so on

Access controls-Restriction of unauthorized user access to computer resources; Use biometrics and

Passwords controls for user identification.

1)...