Accounting Information Systems
11th Edition
ISBN: 9781337552127
Author: Ulric J. Gelinas, Richard B. Dull, Patrick Wheeler, Mary Callahan Hill
Publisher: Cengage Learning
expand_more
expand_more
format_list_bulleted
Question
Chapter 8, Problem 9DQ
Summary Introduction
“Preventing the unauthorized disclosure and loss of data has become almost impossible. Employees and others can use iPods, flash drives, cameras and PDA’s Product I to download data and remove it from an organization’s premises.”
To discuss: Whether you agree on the above statement and describe some controls that might reduce the risk of data disclosure and loss from these devices.
Expert Solution & Answer
Trending nowThis is a popular solution!
Students have asked these similar questions
3. Which of the following is not a computer facility control?
(a) Place the data processing center where unauthorized individuals cannot gain entry to the facility.
(b) Limit access to the data processing center all employees of the company.
(c) Buy insurance to protect against loss of equipment in the computer facility.
(d) Use advanced technology to identify individuals who are authorized access to the data processing center.
4.For internal control over computer program changes, a policy should be established requiring that:
(a) All proposed changes be approved by a responsible individual and logged.
(b) The programmer designing the change should be responsible for ensuring that the revised program is adequately tested.
(c) All program changes be supervised by the information system control group.
(d) To facilitate operational performance, superseded portions of programs should not be deleted from the program run manual.
3. Which of the following is not a computer facility control?
(a) Place the data processing center where unauthorized individuals cannot gain entry to the facility.
(b) Limit access to the data processing center all employees of the company.
(c) Buy insurance to protect against loss of equipment in the computer facility.
(d) Use advanced technology to identify individuals who are authorized access to the data processing center.
4.For internal control over computer program changes, a policy should be established requiring that:
(a) All proposed changes be approved by a responsible individual and logged.
(b) The programmer designing the change should be responsible for ensuring that the revised program is adequately tested.
(c) All program changes be supervised by the information system control group.
(d) To facilitate operational performance, superseded portions of programs should not be deleted from the program run manual.
5. Auditing "around the computer":
(a) Assumes that accurate…
Which preventive, detective, and/or corrective controls would best mitigate the following threat, and why?
(c) A criminal remotely accessed a sensitive database using the authentication credentials (user ID and strong password) of an IT manager. At the time the attack occurred, the IT manager was logged into the system at his workstation at company headquarters.
Chapter 8 Solutions
Accounting Information Systems
Ch. 8 - What are the four major categories of pervasive...Ch. 8 - What are the differences among a pervasive control...Ch. 8 - Prob. 3RQCh. 8 - Describe some compensating controls that can be...Ch. 8 - What are policy controls plans? How do policies...Ch. 8 - Why should an organization conduct monitoring...Ch. 8 - Prob. 8RQCh. 8 - Prob. 10RQCh. 8 - What are the major elements of the strategic IT...Ch. 8 - Prob. 12RQ
Ch. 8 - Prob. 13RQCh. 8 - What are the four stages through which a program...Ch. 8 - What steps are commonly included in a business...Ch. 8 - Prob. 16RQCh. 8 - Prob. 17RQCh. 8 - Prob. 18RQCh. 8 - Prob. 19RQCh. 8 - Prob. 20RQCh. 8 - Prob. 21RQCh. 8 - Prob. 22RQCh. 8 - Prob. 23RQCh. 8 - Prob. 24RQCh. 8 - Prob. 25RQCh. 8 - Prob. 26RQCh. 8 - Prob. 27RQCh. 8 - Prob. 28RQCh. 8 - Prob. 29RQCh. 8 - Prob. 30RQCh. 8 - Prob. 31RQCh. 8 - Prob. 1DQCh. 8 - Prob. 2DQCh. 8 - No matter how sophisticated a system of internal...Ch. 8 - Prob. 4DQCh. 8 - Prob. 5DQCh. 8 - Prob. 6DQCh. 8 - Prob. 7DQCh. 8 - Contracting for a hot site is too cost-prohibitive...Ch. 8 - Prob. 9DQCh. 8 - Prob. 10DQCh. 8 - Prob. 11DQCh. 8 - The following is a list of six control plans from...Ch. 8 - Prob. 2SPCh. 8 - Prob. 3SPCh. 8 - Prob. 2PCh. 8 - The following is a list of 13 control plans from...Ch. 8 - Prob. 4PCh. 8 - Prob. 5PCh. 8 - Prob. 6PCh. 8 - Examine the last column in Table 8.2 (p. 280) for...
Knowledge Booster
Similar questions
- Which preventive, detective, and/or corrective controls would best mitigate the following threat, and why? (i)To facilitate working from home, an employee installed a modem on his office workstation. An attacker successfully penetrated the company’s system by dialing into that modem.arrow_forwardControls over data management systems fall into two categories: access controls and backup controls. In the shared database environment, access control risks include corruption, theft, misuse, and destruction of data. These threats originate from both unauthorized intruders and authorized users who exceed their access privileges. Which of the following options is not part of controls over data management systems? a. Employees that sharing the same computers need restriction for access to specific directories, programs, and data files by using multilevel password control.b. To recover data from disaster, organizations must implement policies and procedures and routinely provide backup copies of critical files.c. Database Administrator works closely with users and systems designers has primary responsibility for user view design and works closely with users and systems designers.d. Access to confidential data must be properly managed. Inference controls prevent users from inferring,…arrow_forwardWhich of the following statements is NOT correct? a. EAMs capture transactions during processing without removing the application from service. b. EAMs support continuous monitoring of controls. c. EAMs have the potential to corrupt corporate databases d. EAMs decrease operational performance. e. All of the above are correct statements.arrow_forward
- Communication via the internet is fraught with major security problems. When it comes to Internet communications, which of these aspects poses the biggest security risk?arrow_forwardAs an added measure, a company has set up its network so that computers that currently log in through the central authentication system (CAS) can log in even if the network is unavailable (through a system of stored password information). This move would be most closely associated with which CIIA goals: Confidentiality and Integrity O Integrity and Availability Confidentiality and Accessibility O Confidentiality and Availabilityarrow_forwardWhich preventive, detective, and/or corrective controls would best mitigate the following threat, and why? (e)A company’s programming staff wrote custom code for the shopping cart feature on its website. The code contained a vulnerability that could be exploited when the customer typed in the ship-to address.arrow_forward
- STUDY QUESTIONS Why is human behavior considered one of the biggest potential threats to operating system integrity? What are the issues that need to be considered before implementing keystroke monitoring? Describe the three ways on how an audit trail can be used to support security objectives. Explain how poorly designed audit trail logs can actually be dysfunctional. Why would a systems programmer create a back door if he or she has access to the program in his or her day-to-day tasks? PROBLEMS Problem 1: Charles Hart, an accounts payable clerk, is an hourly employee. He never works a minute past 5 P.M. unless the overtime has been approved. Charles has recently found himself faced with some severe financial difficulties. He has been accessing the system from his home during the evening and setting up an embezzlement scheme. As his boss, what control technique(s) can be used to help detect this type of fraud? Problem 2: In 2002, Mr. Rollerball started Mighty Mouse,…arrow_forward14. Explain how to prevent and detect computer fraud and abuse.arrow_forwardA group of IT experts disclosed the “internet cookies” vulnerability of your organisation in a recent online security test. Describe to your management the security concerns that “internet cookies” portend?arrow_forward
- Alejandro reviewed the user access protocols for Ponder Products. Alejandro is concerned that the accounting system could be subject to malicious attacks on user accounts that are currently protected with a username and password. The system has the capability to send a message to a user's cell phone or email address. How could Alejandro use the messaging capabilities of the system to further protect it from attack? Enable two-factor authentication Enable fingerprint scanners Enable read-only access for all users Enable administrator access for all usersarrow_forwardManagement and auditor are concerned about segregation of duties in computer based systems? Why? How to mitigate this concern?arrow_forwardWhich preventive, detective, and/or corrective controls would best mitigate the following threat, and why? (f) A company purchased the leading “off-the-shelf” e-commerce software for linking its electronic storefront to its inventory database. A customer discovered a way to directly access the database by entering appropriate SQL code.arrow_forward
arrow_back_ios
SEE MORE QUESTIONS
arrow_forward_ios
Recommended textbooks for you
- Pkg Acc Infor Systems MS VISIO CDFinanceISBN:9781133935940Author:Ulric J. GelinasPublisher:CENGAGE LAccounting Information SystemsAccountingISBN:9781337619202Author:Hall, James A.Publisher:Cengage Learning,
- Auditing: A Risk Based-Approach (MindTap Course L...AccountingISBN:9781337619455Author:Karla M Johnstone, Audrey A. Gramling, Larry E. RittenbergPublisher:Cengage LearningBusiness/Professional Ethics Directors/Executives...AccountingISBN:9781337485913Author:BROOKSPublisher:CengageCornerstones of Financial AccountingAccountingISBN:9781337690881Author:Jay Rich, Jeff JonesPublisher:Cengage Learning
Pkg Acc Infor Systems MS VISIO CD
Finance
ISBN:9781133935940
Author:Ulric J. Gelinas
Publisher:CENGAGE L
Accounting Information Systems
Accounting
ISBN:9781337619202
Author:Hall, James A.
Publisher:Cengage Learning,
Auditing: A Risk Based-Approach (MindTap Course L...
Accounting
ISBN:9781337619455
Author:Karla M Johnstone, Audrey A. Gramling, Larry E. Rittenberg
Publisher:Cengage Learning
Business/Professional Ethics Directors/Executives...
Accounting
ISBN:9781337485913
Author:BROOKS
Publisher:Cengage
Cornerstones of Financial Accounting
Accounting
ISBN:9781337690881
Author:Jay Rich, Jeff Jones
Publisher:Cengage Learning