Quiz 2

Accounting 454 with Normand at University of Wisconsin - Whitewater

About this deck

By: Andrea Virsnieks
Textbook:

Accounting Information Systems (11th Edition)
Created: 2010-11-09
Size: 65 flashcards
Views: 72

About StudyBlue

STUDYBLUE makes things that make you better at school. Things like online flashcards with photos and audio. Things like personalized quizzes and friendly reminders about when (and what) to study next. Think of it as a digital backpack™: access to all of your study materials online and on your phone. STUDYBLUE exists to make studying efficient and effective for every student, for free. Join us.

“Simply amazing. The flash cards are smooth, there are many different types of studying tools, and there is a great search engine. I praise you on the awesomeness.”
Dennis

Sign up (free) to study this.

Primary Keys

it the attribute, or combination of attributes, that uniquely identifies a specific row in a table.

Primary Key

It usually is a single attribute

Primary Key

But two or more attributes jointly form the primary key

primary keys

They must always be numbers, no text

Foreign Key

is an attribute in a table that is a primary key in another table.

Foreign Key

§ They are used to link tables

Master File

a permanent file of records that stores cumulative information about an organizations resources and the agents with whom it interacts. As transactions take place, individual records within a master file are updated to keep them current

Transaction File

contain records of individual business transactions that occur during a specific fiscal period. It is conceptually similar to a journal in a manual AIS

Random Fact

· Attributes that are text should be stored on only one table

example: address

Random Fact

· Ideally calculated numbers should not be stored as an attribute

example: amount received

Attribute

o characteristics of interest in a file or database; the different individual properties of an entity. Examples include: employee number, pay rate, name and address

Basic Requirements of a relational database

1. Every column in a row must be single valued

2. Primary keys cannot be null

3. Foreign keys, if not null, must have values that correspond to the value of a primary key in another table

4. All nonkey attributes in a table should describe a characteristic about the object identified by the primary key

1. Every column in a row must be single valued

· In a relational database there is one and only one value in any given cell

2. Primary keys cannot be null

· For this to be true, the primary key of any row in a relation cannot be null (blank), if it was there would be no way to uniquely identify that row and retrieve the data stored there

Entity Intergrite Rule

Entity intergrite rule

it ensures that every row in every relation must represent data about some specific object in the real world

Foreign keys, if not null, must have values that correspond to the value of a primary key in another table

· Foreign keys are used to link rows in one table to rows in another table

Referential integrity rule

Foreign keys can contain null values

All nonkey attributes in a table should describe a characteristic about the object identified by the primary key

· Most tables contain other attributes in addition to primary and foreign keys

o Specific transaction cycle consists of three steps

§ Identify the events about which management wants to collect information

§ Identify the resources affected by each event and the agents who participate in those events

§ Determine the cardinalities of each relationship

o Step One: identify relevant events

§ Every REA model must include the two events that represent the basic give-to-get economic exchange performed in that particular transaction cycle

§ Other events such as planning, controlling, and monitoring need to be included too

“give”

represents an activity which reduces the organizations stock of a resource that has economic value

“get”

event represents an activity which increases the organizations stock of an economic resources

Resources:

§ are those things that have economic value to the organization

Events:

are various business activities about which management wants to collect information for planning or control purposes

Agents

are the people and the organizations that participate in events about whom information is desired for planning, control, and evaluation purposes

§ Accountants would call them

resources=assets, events=transactions, and agents=people

o Rules for structuring relationships: The basic REA template

§ 1. Each event is linked to at least one resource that it affects

§ 2. Each event is linked to at least one other event

§ 3. Each event is linked to at least two participating agents

o Developing an REA Diagram

§ Step One: Identify Relevant Events

§ Step Two: Identify Resources and Agents

§ Step Three: Determine Cardinalities of Relationships

Cardinalities

describe the nature of the relationship between two entities by indicating how many instances of one entity can be linked to each specific instance of another entity

Minimum cardinality

can be either zero or one, depending upon whether the relationship between the two entities is optional or mandatory

Maximum cardinality

can be either one or many depending upon whether each instance of entity A can be linked to at most one instance or potentially many instances of entity B

One-to-one relationship:

exists when the maximum cardinality for each entity in that relationship is one

One-to-many

exists when the maximum cardinality of one entity in the relationship is one and the maximum cardinality for the other entity in that relationship is many

Many-to-many

: exists when the maximum cardinality for both entities in the relationship is many

· Implementing an REA diagram into a relational database

o 1. Create a table for each distinct entity in the diagram and for each many-to-many relationship

o 2. Assign attributes to appropriate tables

o 3. Use foreign keys to implement one-to-one and one-to-many relationships

5 reliability principles of the Trust Services framework

security, confidentiality, privacy, processing integrity, availability

Security

access to the system and its data is controlled and restricted to legitimate users

Confidentiality:

sensitive organizational information is protected from unauthorized disclosure

Privacy

personal information about customers is collected, used, disclosed and maintained only in compliance with internal policies and external regulatory requirements

Processing integrity:

data is processed accurately, completely, in a timely manner, and only with proper authorization

Availability

the system and its information is available to meet operational and contractual obligations

· The trust services framework is nested inside the COSO framework

o Policy development (Control environment and risk assessment)

o Effective communication of policies (information and communication)

o The design and employment of appropriate control procedures (activities)

o Monitoring and taking remedial action (monitoring)

o Policy development (Control environment and risk assessment)

§ The entity has defined and documented its policies relevant to the particular principle.

o Effective communication of policies (information and communication)

§ The entity has communicated its defined policies to authorized users.

o The design and employment of appropriate control procedures (activities)

§ The entity uses procedures to achieve its objectives in accordance with its defined policies.

o Monitoring and taking remedial action (monitoring)

§ The entity monitors the system and maintains compliance with its defined policies.

Definition of Defense in depth

to employ multiple layers of controls in order to avoid having a single point of failure

· Defense in depth

o Redundancy increases effectiveness because even if one procedure fails another may function as planned

types of preventive controls

o Authentication controls

o Authorization Controls

o Training

o Physical access controls

o Remote access controls

o Host and application hardening controls

o Encryption

definiton of preventive controls

o The object is to prevent security incidents from happening

o Authentication controls

§ It focuses on verifying the identity of the person or device attempting to access the system

Examples of

o Authentication controls

§ Examples: passwords, pins, smart cards, or id badges

o Authorization Controls

§ Restricts access of authenticated users to specific portions of the system and specifics what actions they are permitted to perform

examples of authorization controls

§ Examples: control matrix/compatibility test for employees, MAC address (media access control)

Training

§ The effectiveness of specific control procedures depends on how well employees understand and follow the organizations security policies

examples of Training

§ Examples: employees must understand and follow the organizations security policies; employees must understand social engineering

o Physical access controls

§ Is absolutely essential to achieve any degree of information security

examples of

o Physical access controls

§ Examples: only one main entry into the building, a receptionist or a security guard should be stationed at the main entrance to verify the identity of an employee, lock rooms housing computer equipment

examples of

o Remote access controls

§ Examples: Perimeter defenses (routers, firewalls, and intrusion prevention systems), dial up connection controlled, wireless access controlled

o examples of Host and application hardening controls

§ Examples: Host configuration, manage users accounts and privileges, software design

Encryption

§ The process of transforming normal text into unreadable gibberish

examples of Encryption

§ Examples: Be sure the strength of the encryption being used is appropriate for the sensitivity of the data being secured

· Detective controls

o Preventive controls are breached and the incident is not detected

examples of Detective controls

o Examples: log analysis; intrusion detection systems; managerial reports; security testing

· Corrective Controls

o A successful intrusion is detected by the method of the intrusion was not corrected

examples of

· Corrective Controls

o Examples: computer Emergency Response Team; Chief Security Officer; Patch Management

About this deck

By: Andrea Virsnieks
Textbook:

Accounting Information Systems (11th Edition)
Created: 2010-11-09
Size: 65 flashcards
Views: 72

About StudyBlue

“Simply amazing. The flash cards are smooth, there are many different types of studying tools, and there is a great search engine. I praise you on the awesomeness.”
Dennis