New User Special Price Expires in

Let's log you in.

Sign in with Facebook


Don't have a StudySoup account? Create one here!


Create a StudySoup account

Be part of our community, it's free to join!

Sign up with Facebook


Create your account
By creating an account you agree to StudySoup's terms and conditions and privacy policy

Already have a StudySoup account? Login here

Chapter 6 Textbook Outline

by: Lauren95

Chapter 6 Textbook Outline ACC 375

Marketplace > Pace University > ACC 375 > Chapter 6 Textbook Outline

Preview These Notes for FREE

Get a free preview of these Notes, just enter your email below.

Unlock Preview
Unlock Preview

Preview these materials now for free

Why put in your email? Get access to more of this material and other relevant free materials for your school

View Preview

About this Document

This document has all the important vocabulary and information covered in chapter 6.
Accounting Information Systems
Dr. Farrell
Class Notes
Accounting Information Systems, Bodnar, Hopwood, Farrell
25 ?




Popular in Accounting Information Systems

Popular in Department

This 4 page Class Notes was uploaded by Lauren95 on Wednesday March 30, 2016. The Class Notes belongs to ACC 375 at Pace University taught by Dr. Farrell in Spring 2016. Since its upload, it has received 11 views.

Similar to ACC 375 at Pace

Popular in Subject


Reviews for Chapter 6 Textbook Outline


Report this Material


What is Karma?


Karma is the currency of StudySoup.

You can buy or earn more Karma at anytime and redeem it for class notes, study guides, flashcards, and more!

Date Created: 03/30/16
Chapter 6 – Information Security  Information security involves protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide: o Confidentiality: preserving authorized restrictions on access and disclosure, including means from protecting personal privacy and proprietary information. o Integrity: guarding against improper information modification or destruction, and ensuring information nonrepudiation and authenticity, o Availability: ensuring timely and reliable access to and use of information.  The term information security (computer security) is a broad concept that deals with the security of all information in the organization, regardless of whether it is computerized or not.  The information security management system (ISMS) is an organizational internal control process that controls the special risks associated with information within the organization. o Confidentiality o Integrity o Availability of information  ISMS typically has the basic elements of any information system: o Hardware o Databases o Procedures o Reports  Information security management system is part of the larger enterprise risk management (ERM) process. o ERM is the process by which management balances risk versus opportunities.  Information security systems are developed by applying the established methods of system analysis: o Design o Implementations o Operation, evaluation, and control  Life-Cycle Phase: o System analysis  Analyze system vulnerabilities in terms of relevant threats and their associated loss exposures. o System design  Design security measures and contingency plans to control the identified loss exposures. o Systems implementation  Implement the security measures as designed. o Systems operation, evaluation, and control  Operate the system and assess its effectiveness and efficiency. Make changes as circumstances require.  Security System o Phase 1: produce a vulnerability and threat analysis report. o Phase 2: design a comprehensive set of risk-control measures, including both security measures to prevent loss and contingency plans to deal with losses should they occur. o All phases are referred to as information system risk management.  Process of assessing and controlling information risk systems.  ISO 27001 uses the terms planning, doing, checking, and acting. o Planning corresponds to analysis and design. o Doing corresponds to implementation and operation o Checking and acting correspond to evaluation and control.  Information security system must be managed by a chief security office (CSO). o Report directly to the Board of Directors to maintain complete independence. o CSO should present reports to the Board of Directors for approval.  Life-Cycle Phases: o Systems analysis  A summary of all relevant loss exposures. o Systems design  Detailed plans for controlling and managing losses, including a complete security budget. o Systems implementation, systems operation, evaluation, and control  Specifies on security systems performance, including an itemization of losses and security breaches, an analysis of compliance, and costs of operating the security system  Quantitative approach to risk assessment – each loss exposure is computed as the product of the cost of an individual loss times the likelihood of its occurrence.  Qualitative approach to risk assessment – lists out the systems vulnerabilities and threats, subjectively ranking them in order of their contribution to the company’s total loss exposures. o Business interruption o Loss of software o Loss of data o Loss of hardware o Loss of facilities o Loss of reputation  Vulnerability is a weakness in a system.  Threat is a potential exploitation of a vulnerability. o Active vs Passive Threats  Active threats include information system fraud and computer sabotage.  Passive threats include system faults, as well as natural disasters.  System faults represent component equipment failures such as disk failures and power outages.  System personnel include computer maintenance persons, programmers, operators, information systems administrative personnel, and data control clerks.  Maintenance persons install hardware and software, repair hardware, and correct minor errors in software.  System programmers often write programs to modify and extend the network, network operating systems, workstations, and so on.  Network operators are individuals who oversee and monitor the immediate operation of the computer and communications network.  Information systems administrative personnel – the systems supervisor is in the position of trust. This person normally has access to security secrets, files, programs, etc.  Data control clerks are people responsible for the manual and automated inputting of data into the computer.  Users are composed of heterogeneous groups and people and can be distinguished from others because of their functional area does not lie in the data processing or information technology.  Intruder – anyone who accesses equipment, electronic data, files, or any kind of privileged information without proper authorization.  Hackers – intruders who use electronic and other means to break into or attack information systems for fun, challenge, profit, or other nefarious motives.  White hat hackers probe systems for weaknesses in order to help with security.  Black hat hackers attack systems for illegitimate reasons.  Pretexting is a form of social engineering in which the perpetrator impersonates another person, usually in a phone call or other electronic communication.  Phishing is another form of social engineering. o Aims to trick victims into giving passwords, money, or other valuable assets directly to the perpetrator.  Malware (malicious software) describes software that is malicious.  Trojan horse describes malware that either is contained within benign software or is masquerading as benign software.  Keyboard loggers secretly record and transmit to the hacker all the victims’ keystrokes.  Backdoor is a method of covertly eluding normal authentication procedures while accessing a computer system.  Botnet is a collection of computers that are infected with malware and controlled by a hacker.  Denial-of-service attacks involve flooding the victim with such enormous amounts of illegitimate network traffic that the victims become so overloaded they ca no longer process legitimate information.  Virus are designed to replicate themselves and thus spread throughout a computer or a network.  Spyware is covertly installed on a victim’s computer and then collects and relays to the perpetrator personal information about the victim.  Adware is software that displays advertisements.  Worm is malware that silently spreads from one computer to another over a network.  A distributed DoS attack is a DoS attack that is distributed over many different nodes on the internet or other network.  Shoulder surfing involves the surreptitious direct observation of confidential information.  Dumpster diving involves sifting through garbage to find confidential information such as discarded bank statements, department store bills, utility bills, and tax returns.  A cloned cell phone is an exact and illegitimate copy of another cell phone. o Intercept text messages sent to and from the counterpart phone. o Intercept voice calls also  An exploit occurs when a hacker takes advantage of a bug, glitch, or other software or hardware vulnerability to access the software or hardware, or related data or other resources in an unauthorized manor.  Code injection involves tricking a computer program into accepting and running software supplied to a user.  Vulnerability scanner remotely scan networked computers, searching for responses on open ports connected to software that has a known vulnerability.  Methods of Attach by information system personnel and users: o Input manipulation – least amount of technical skill. o Program alteration – requires programing skills that are only possessed by only a limited number of people. o Direct file alteration – individuals find ways to bypass the normal process for imputing data into computerized information, and by doing so directly access and pilfer information from or alter computer files. o Data theft o Sabotage – destruction of a computer or software. o Misappropriation or theft of information resources – use companies resources for their personal use or their own business.  Layered approach to access control involves erecting multiple layers of controls that spate the would-be perpetrator from his or her potential targets.  Site-access controls is to physically separate unauthorized individuals from information systems resources.  Software piracy is the illegal copying and distributing of copyrighted software.  System access controls is to authenticate users by using means such as user IDs, passwords, IP addresses, and hardware devices.  File-access controls prevent unauthorized access to data and program files.  Virtualization involves running multiple operating systems, or multiple copies of the same operating system, all on the same machine.  The individual operating system instances run under the control of a “master program” called a hypervisor  Grid computing involves clusters of interlinked computers that share common workloads.  Risk management concerns prevention and contingency planning.  A cold site is an alternate computing site that contains the wiring form computers but no equipment.  A hot site is an alternate site that contains the wiring and the equipment as well.  A business continuity plan is a strategy to mitigate disruption to business operations in the event of a disaster.


Buy Material

Are you sure you want to buy this material for

25 Karma

Buy Material

BOOM! Enjoy Your Free Notes!

We've added these Notes to your profile, click here to view them now.


You're already Subscribed!

Looks like you've already subscribed to StudySoup, you won't need to purchase another subscription to get this material. To access this material simply click 'View Full Document'

Why people love StudySoup

Jim McGreen Ohio University

"Knowing I can count on the Elite Notetaker in my class allows me to focus on what the professor is saying instead of just scribbling notes the whole time and falling behind."

Amaris Trozzo George Washington University

"I made $350 in just two days after posting my first study guide."

Bentley McCaw University of Florida

"I was shooting for a perfect 4.0 GPA this semester. Having StudySoup as a study aid was critical to helping me achieve my goal...and I nailed it!"


"Their 'Elite Notetakers' are making over $1,200/month in sales by creating high quality content that helps their classmates in a time of need."

Become an Elite Notetaker and start selling your notes online!

Refund Policy


All subscriptions to StudySoup are paid in full at the time of subscribing. To change your credit card information or to cancel your subscription, go to "Edit Settings". All credit card information will be available there. If you should decide to cancel your subscription, it will continue to be valid until the next payment period, as all payments for the current period were made in advance. For special circumstances, please email


StudySoup has more than 1 million course-specific study resources to help students study smarter. If you’re having trouble finding what you’re looking for, our customer support team can help you find what you need! Feel free to contact them here:

Recurring Subscriptions: If you have canceled your recurring subscription on the day of renewal and have not downloaded any documents, you may request a refund by submitting an email to

Satisfaction Guarantee: If you’re not satisfied with your subscription, you can contact us for further help. Contact must be made within 3 business days of your subscription purchase and your refund request will be subject for review.

Please Note: Refunds can never be provided more than 30 days after the initial purchase date regardless of your activity on the site.