QUIZ /SEATWORK – Auditing in CIS Environment (ACC 37)

(RMCI, 1st Semester, S/Y 2019-2020)

Chapter 3
Security Part I: Auditing Operating Systems and Networks

1. What is event monitoring? What is keystroke monitoring?

2. What is a firewall?
3. Distinguish between network-level and application-level firewalls.
4. Why is human behavior considered one of the biggest potential threats to operating system integrity?
5. Discuss six ways in which threats from destructive programs can be substantially reduced through a combination of technology controls and
administrative procedures.
6. How can passwords actually circumvent security? What actions can be taken to minimize this?
7. Explain how the one-time password approach works.

Chapter 4
Security Part II: Auditing Database Systems

1. System Configuration
First State Bank provides full banking services to its customers through
 automatic teller machines.
 checking and saving accounts.
 certificates of deposits.
 loans.
 electronic payroll.
 electronic payment of customers’ bills.
The bank has eleven branch offices that cover a 30-mile radius. The main office maintains a mainframe computer that serves the branch
offices. The competitive nature of the banking industry requires that customer satisfaction be considered. Customers want prompt and
accurate servicing of transactions. Thus, accuracy and speed are crucial to the success of First State Bank. How would you suggest the
databases and data communications facilities be configured for First State Bank?

2. Database Authorization Table

The following information is stored in two relational database files.
Employee Master File Weekly Payroll File
Social Security number Social Security number
Name Hours worked
Address Deductions
Date hired Bonuses
Hourly wage rate
Marital status
Number of exemptions
Required:
a. Bogey works in personnel and Bacall works in payroll. Prepare a database authorization table that you believe is appropriate
for Bogey and Bacall.
b. Discuss any potential exposure if the right prevention devices are not in place or if
Bogey and Bacall collude.
Chapter 5
System Development and Program Change Activities

1. Problem Identifications
The need for a new information system may be manifest in various symptoms. In the early stages of a problem, these symptoms seem innocuous
and go unrecognized. As the underlying source of the problem grows in severity, so do its symptoms, until they are alarmingly apparent. Classify
each of the following as a problem or a symptom. If it is a symptom, give two examples of a possible underlying problem. If it is a problem, give
two examples of a possible symptom, which may be detected.
a. declining profits
b. defective production processes
c. low-quality raw materials
d. shortfall in cash balance
e. declining market share
f. shortage of employees in the accounts payable department
g. shortage of raw material due to a drought in the market
h. inadequately trained workers
i. decreasing customer satisfaction

2. Systems Development and Implementation

Kruger Designs hired a consulting firm three months ago to redesign the information system used by the architects. The architects will be
able to use state-of-the-art CAD programs to help in designing the products. Further, they will be able to store these designs on a network server
where they and other architects may be able to call them back up for future designs with similar components. The consulting firm has been
instructed to develop the system without disrupting the architects. In fact, top management believes that the best route is to develop the system
and then to “introduce” it to the architects during a training session.
Management does not want the architects to spend precious billable hours guessing about the new system or putting work off until the new
system is working. Thus, the consultants are operating in a back room under a shroud of secrecy.

Required:
a. Do you think that management is taking the best course of action for the announcement of the new system? Why?
b. Do you approve of the development process? Why?