كورس UNIT 18 : CMA PART 1
MR:amr taison
MR:mohamed cma
MR:desoky kh.
MR:m.batayneh
2) Types of Controls
3) Control Activities
4) Segregation of Duties
5) Independent Checks and Verification
6) Safeguarding Controls
7) Pre numbered Forms
8) Specific Document Flow
9) Compensating Controls
MR:amr taison
MR:mohamed cma
MR:desoky kh.
video.1
video.2
MR:m.batayneh
2) Three Goals of Information Security
3) Steps in Creating an Information Security Plan
4) Threats to Information Systems
5) Systems Development Controls
6) Physical Controls
7) Logical Controls
8) Input, Processing, and Output Controls
9) Computer-Assisted Audit Techniques (CAATs)
10) Storage Controls
MR:amr taison
MR:mohamed cma
MR:desoky kh.
MR:m.batayneh
2) Use of Data Encryption
3) Firewalls
4) Routine Backup and Offsite Rotation
5) Business Continuity Planning
| G.2020 | G.2022 | mr.amro taison |
|---|---|---|
| 14.1 | 18.1 | lec. 26 |
| 14.2 | 18.2 | lec. 29 |
| 14.3 | 18.3 | lec. 29 |
1- What are the contents of control process?
1) Establishing standards for the operation to be controlled,
2) Measuring performance against the standards,
3) Examining and analyzing deviations,
4) Taking corrective action, and
5) Reappraising the standards based on experience.
2) Measuring performance against the standards,
3) Examining and analyzing deviations,
4) Taking corrective action, and
5) Reappraising the standards based on experience.
2- What are the types of Controls?
* Primary Controls
* Secondary Controls
* Time-Based Classification
* Financial vs. Operating Controls
* People-Based vs. System-Based Controls
* Broad Controls
* IT Administration Controls over Operations
* Controls over software acquisition, change, and maintenance
* Hardware controls
* Secondary Controls
* Time-Based Classification
* Financial vs. Operating Controls
* People-Based vs. System-Based Controls
* Broad Controls
* IT Administration Controls over Operations
* Controls over software acquisition, change, and maintenance
* Hardware controls
3- What are the contents of primary controls?
* Preventive controls
* Detective controls
* Corrective controls
* Directive controls
* Detective controls
* Corrective controls
* Directive controls
4- What are the contents of secondary controls?
* Compensatory (mitigative) controls
* Complementary controls
* Complementary controls
5- What are the types of time-Based classification?
* Feedback controls
* Concurrent controls
* Feed forward controls
* Concurrent controls
* Feed forward controls
6- What are the control activities?
Control activities are activities that designed and placed in operation to ensure that management directives are carried out.
7- What are the safeguarding controls?
The policies and procedures that provide reasonable assurance regarding prevention or timely detection of unauthorized acquisition by individuals who do not have the right to authorized access, use or disposition of the company's assets
8- What are the three goals of information security?
1) Availability
2) Confidentiality
3) Integrity
2) Confidentiality
3) Integrity
9- What are the steps of creating an information security plan?
1) Threats to the organization's information must be identified
2) The risks that the identified threats entail must be determined
3) Controls that will compensate for the identified risks should be designed.
4) The new controls should be incorporated into a coherent, enterprise-wide information security plan.
5) Policies for expectations of all persons, both employees and external users, with access to the organization’s systems must be established.
2) The risks that the identified threats entail must be determined
3) Controls that will compensate for the identified risks should be designed.
4) The new controls should be incorporated into a coherent, enterprise-wide information security plan.
5) Policies for expectations of all persons, both employees and external users, with access to the organization’s systems must be established.
10- What are the threats to Information Systems?
Input manipulation - Program alteration - Direct file alteration - Data theft - Sabotage - Malware - Logic bombs - Worms - Trojan horses - Back doors - Spyware - Ransomware - Theft – Phishing
11- What are the logical controls?
Logical controls: The controls that are put in place to limit access to the system (1) to authorized persons and (2) to authorized persons only to the extent necessary to perform their job duties.
12- What are the contents of concurrent auditing techniques?
1) Processing test data
2) Parallel simulation
3) Generalized audit software
4) Data extraction techniques
5) Creation of an integrated test facility
6) Programming embedded audit modules
2) Parallel simulation
3) Generalized audit software
4) Data extraction techniques
5) Creation of an integrated test facility
6) Programming embedded audit modules
13- What does spooling refer to?
The process of sending data to an intermediate storage, so that the peripheral device can access to it when any data stored in is needed.
14- What are the types of (inherent risks of the internet)?
1) Password Attacks
2) A man-in-the-middle attack
3) A denial-of-service (DoS) attack
2) A man-in-the-middle attack
3) A denial-of-service (DoS) attack
15- What is data encryption?
It is a technology that converts data into symbols (codes). However, unauthorized users may be able to access the data, but they will not be able to decode the data without the encryption key
16- What is Encryption technology based on?
1) Public-key
2) Private-key
2) Private-key
17- What is Firewall?
Firewall is a set of hardware and software, which separates an internal network from an external one, such as the Internet, and prevents the passage of suspicious data.
18- What are the two principal types of firewalls?
1) Network firewalls
2) application firewalls
2) application firewalls
19- What are the steps of business continuity planning?
1) Comprehensive computer security plan should be developed
2) Necessity of continuous planning
3) Two major types of disasters must be planned (Which data center is physically available, and which are not.)
4) Dealing with certain types of disasters
2) Necessity of continuous planning
3) Two major types of disasters must be planned (Which data center is physically available, and which are not.)
4) Dealing with certain types of disasters
20- What are the forms of recovery centers?
1) Hot site
2) Warm site
3) Cold site
2) Warm site
3) Cold site