Sunteți pe pagina 1din 3

access controls accounting record advisory services application controls attest service audit objective audit opinion audit

planning audit procedure audit risk auditing completeness Computer-Assisted Audit Tools and Techniques(CAATTs) control activities control environment computer fraud control risk corrective controls COSO(Committee of Sponsoring Organizations) detection risk detective controls existence or occurence Foreign Corrupt Practices Act of 1977 (FCPA) general controls independence information technology inherent risk internal auditing internal control system management assertion monitoring PDC control model presentation and disclosure preventive controls reasonable assurance rights and obligations risk assessment sarbanes-oxley Act 2002 segregation of duties statement on auditing standards no. 109 (SAS 109) substantive test supervision tests of controls transaction authorization valuation and allocation verification procedure centralized data processing computer operations core competency Commodity IT assets data conversion data library disaster recovery plan (DRP) distributed data processing (DDP) empty shell fault tolerance inadequate documentation information technology governance IT outsourcing mirrored data center

mutual aid act recovery operations center (ROC) redundant arrays of independent disks (RAID) specific assets transaction cost economics(TCE) access control risk access token advance encryption standard (AES) algorithm application-level firewall] botnets caesar cipher call-back device certification authority compiler data collision data encryption standard deep packet inspection(DPI) denial of service attacks(Dos) digest digital certificate digital envelope digital signature discretionary access privileges distributed denial of service (DDos) echo check EDE3 electronic data interchange(EDI) EEE3 encryption event monitoring firewall hierarchical topology internet relay chat (IRC) interpreter intranets intrusion prevention systems(IPS) IP broadcast address IP spoofing key key stroke monitoring line error log-on procedure message sequence numbering message transaction log multilevel password control network-level firewall network topology one-time password operating system operating system security parity check password ping polling private key public key encryption public key infrastructure (PKI) request-response technique reusable password

ring topology RSA (Rivest-Shamir-Adleman) screening router server smurf attack SYNchronize-ACKnowledge(SYN-ACK) SYN flood attack system audit trails token passing triple-DES encryption trojan horse virus worm zombie

S-ar putea să vă placă și