<< Пред.           стр. 16 (из 20)           След. >>

Список литературы по разделу

 +------+---------------------+--------+----------------+------------+--------------+---------------+
 ¦ 29 ¦Анализ имп. операций ¦ ПП ¦CCU ¦Отдел авт.¦Отдел авт. КЛР¦PC PENTIUM ¦
 ¦ ¦ ¦ ¦ ¦КЛР ¦ ¦ ¦
 +------+---------------------+--------+----------------+------------+--------------+---------------+
 ¦ 30 ¦Анализ экс. операций ¦ ПП ¦CCU ¦Отдел авт.¦Отдел авт. КЛР¦PC PENTIUM ¦
 ¦ ¦ ¦ ¦ ¦КЛР ¦ ¦ ¦
 +------+---------------------+--------+----------------+------------+--------------+---------------+
 ¦ 31 ¦Отчетность по счетам¦ ПП ¦Отд. ценных¦ИНИСТ ¦ИНИСТ ¦PC PENTIUM ¦
 ¦ ¦депо ¦ ¦бумаг ¦ ¦ ¦ ¦
 +------+---------------------+--------+----------------+------------+--------------+---------------+
 ¦ 32 ¦Система пров. сделок¦ ПП ¦Отд. ценных¦Смолл ¦Смолл Системз ¦PC PENTIUM ¦
 ¦ ¦по цен. бум. ¦ ¦бумаг ¦Системз ¦ ¦ ¦
 +------+---------------------+--------+----------------+------------+--------------+---------------+
 ¦ 33 ¦База данных анализа¦ ПП ¦Валютный отдел ¦Отдел авт.¦Отдел авт. КЛР¦PC PENTIUM ¦
 ¦ ¦сделок вал. отд. ¦ ¦ ¦КЛР ¦ ¦ ¦
 +------+---------------------+--------+----------------+------------+--------------+---------------+
 ¦ ¦ ¦ ¦ ¦ ¦ ¦ ¦
 +------+---------------------+--------+----------------+------------+--------------+---------------+
 ¦ ¦Информационно-справо-¦ ¦ ¦ ¦ ¦ ¦
 ¦ ¦чные базы данных ¦ ¦ ¦ ¦ ¦ ¦
 +------+---------------------+--------+----------------+------------+--------------+---------------+
 ¦ 34 ¦Гарант ¦ БД ¦Юр. отдел ¦Гарант-сер- ¦Гарант-сервис ¦PC PENTUIM ¦
 ¦ ¦ ¦ ¦ ¦вис ¦ ¦ ¦
 +------+---------------------+--------+----------------+------------+--------------+---------------+
 ¦ 35 ¦Кодест ¦ БД ¦Юр. отдел ¦Кодест ¦Кодест ¦PC PENTUIM ¦
 +------+---------------------+--------+----------------+------------+--------------+---------------+
 ¦ ¦ ¦ ¦ ¦ ¦ ¦ ¦
 +------+---------------------+--------+----------------+------------+--------------+---------------+
 ¦ ¦Программы ЦБ России¦ ¦ ¦ ¦ ¦ ¦
 ¦ ¦(Спб) ¦ ¦ ¦ ¦ ¦ ¦
 +------+---------------------+--------+----------------+------------+--------------+---------------+
 ¦ 36 ¦Справочник БИК ¦ ПП ¦Руб. отдел ¦ЦБ России ¦ЦБ России ¦PC PENTIUM ¦
 +------+---------------------+--------+----------------+------------+--------------+---------------+
 ¦ 37 ¦Ежемесячный баланс ¦ ПП ¦Бухгалтерия ¦ЦБ России ¦ЦБ России ¦PC PENTIUM ¦
 +------+---------------------+--------+----------------+------------+--------------+---------------+
 ¦ 38 ¦Общая финансовая¦ ПП ¦Бухгалтерия ¦ЦБ России ¦ЦБ России ¦PC PENTIUM ¦
 ¦ ¦отчетность ¦ ¦ ¦ ¦ ¦ ¦
 +------+---------------------+--------+----------------+------------+--------------+---------------+
 ¦ 39 ¦Обороты по ностро¦ ПП ¦Бухгалтерия ¦ЦБ России ¦ЦБ России ¦PC PENTIUM ¦
 ¦ ¦(лоро) счетам ¦ ¦ ¦ ¦ ¦ ¦
 +------+---------------------+--------+----------------+------------+--------------+---------------+
 ¦ 40 ¦Отчет по форме N 601 ¦ ПП ¦Бухгалтерия ¦ЦБ России ¦ЦБ России ¦PC PENTIUM ¦
 +------+---------------------+--------+----------------+------------+--------------+---------------+
 ¦ 41 ¦Ежегодный отчет ¦ ПП ¦Бухгалтерия ¦ЦБ России ¦ЦБ России ¦PC PENTIUM ¦
 +------+---------------------+--------+----------------+------------+--------------+---------------+
 ¦ 42 ¦Отчет по форме N 215 ¦ ПП ¦Бухгалтерия ¦ЦБ России ¦ЦБ России ¦PC PENTIUM ¦
 +------+---------------------+--------+----------------+------------+--------------+---------------+
 ¦ 43 ¦Отчет по форме N 301 ¦ ПП ¦Бухгалтерия ¦ЦБ России ¦ЦБ России ¦PC PENTIUM ¦
 +------+---------------------+--------+----------------+------------+--------------+---------------+
 ¦ 44 ¦Отчет по форме N 302 ¦ ПП ¦Бухгалтерия ¦ЦБ России ¦ЦБ России ¦PC PENTIUM ¦
 +------+---------------------+--------+----------------+------------+--------------+---------------+
 ¦ 45 ¦Отчет по форме N 401 ¦ ПП ¦Бухгалтерия ¦ЦБ России ¦ЦБ России ¦PC PENTIUM ¦
 +------+---------------------+--------+----------------+------------+--------------+---------------+
 ¦ 45 ¦Отчет по форме N 711 ¦ ПП ¦Бухгалтерия ¦ЦБ России ¦ЦБ России ¦PC PENTIUM ¦
 +------+---------------------+--------+----------------+------------+--------------+---------------+
 ¦ 46 ¦Программа контроля¦ ПП ¦Руб. отдел ¦ЦБ России ¦ЦБ России ¦PC PENTIUM ¦
 ¦ ¦руб. платежей ¦ ¦ ¦ ¦ ¦ ¦
 +------+---------------------+--------+----------------+------------+--------------+---------------+
 ¦ ¦Программы ЦБ России¦ ¦ ¦ ¦ ¦ ¦
 ¦ ¦(Москва) ¦ ¦ ¦ ¦ ¦ ¦
 +------+---------------------+--------+----------------+------------+--------------+---------------+
 ¦ 47 ¦Справочник БИК ¦ ПП ¦Руб. отдел ¦ЦБ России ¦ЦБ России ¦PC PENTIUM ¦
 +------+---------------------+--------+----------------+------------+--------------+---------------+
 ¦ 48 ¦Обороты по ностро¦ ПП ¦Бухгалтерия ¦ЦБ России ¦ЦБ России ¦PC PENTIUM ¦
 ¦ ¦(лоро) счетам ¦ ¦ ¦ ¦ ¦ ¦
 +------+---------------------+--------+----------------+------------+--------------+---------------+
 ¦ 49 ¦Ежемесячный баланс¦ ПП ¦Бухгалтерия ¦ЦБ России ¦ЦБ России ¦PC PENTIUM ¦
 ¦ ¦(филиал) ¦ ¦ ¦ ¦ ¦ ¦
 +------+---------------------+--------+----------------+------------+--------------+---------------+
 ¦ 50 ¦Генератор формы N 601¦ ПП ¦Бухгалтерия ¦ЦБ России ¦ЦБ России ¦PC PENTIUM ¦
 +------+---------------------+--------+----------------+------------+--------------+---------------+
 ¦ 51 ¦Отчетность для ММВБ ¦ ПП ¦Бухгалтерия ¦ЦБ России ¦ЦБ России ¦PC PENTIUM ¦
 +------+---------------------+--------+----------------+------------+--------------+---------------+
 ¦ 52 ¦Программа посылки¦ ПП ¦Бухгалтерия ¦ЦБ России ¦ЦБ России ¦PC PENTIUM ¦
 ¦ ¦руб. платежей ¦ ¦ ¦ ¦ ¦ ¦
 +------+---------------------+--------+----------------+------------+--------------+---------------+
 ¦ 53 ¦ ¦ ¦ ¦ ¦ ¦ ¦
 +------+---------------------+--------+----------------+------------+--------------+---------------+
 ¦ 54 ¦Генераторы внутр.¦ ¦ ¦ ¦ ¦ ¦
 ¦ ¦отчетов ¦ ¦ ¦ ¦ ¦ ¦
 +------+---------------------+--------+----------------+------------+--------------+---------------+
 ¦ 55 ¦Статистика по¦ ПП ¦Бэк-офис ¦Отдел авт.¦Отдел авт. КЛР¦PC PENTIUM ¦
 ¦ ¦бэк-офису ¦ ¦ ¦КЛР ¦ ¦ ¦
 +------+---------------------+--------+----------------+------------+--------------+---------------+
 ¦ 56 ¦Отчет по открытой¦ ПП ¦Бухгалтерия ¦Отдел авт.¦Отдел авт. КЛР¦PC PENTIUM ¦
 ¦ ¦вал. позиции ¦ ¦ ¦КЛР ¦ ¦ ¦
 +------+---------------------+--------+----------------+------------+--------------+---------------+
 ¦ 57 ¦Анализ контрактов по¦ ПП ¦Бухгалтерия ¦Отдел авт.¦Отдел авт. КЛР¦PC PENTIUM ¦
 ¦ ¦об. валюты ¦ ¦ ¦КЛР ¦ ¦ ¦
 +------+---------------------+--------+----------------+------------+--------------+---------------+
 ¦ 58 ¦Загрузка курсов валют¦ ПП ¦Бухгалтерия ¦Отдел авт.¦Отдел авт. КЛР¦PC PENTIUM ¦
 ¦ ¦ ¦ ¦ ¦КЛР ¦ ¦ ¦
 +------+---------------------+--------+----------------+------------+--------------+---------------+
 ¦ 59 ¦Программы эл. почты ¦ ¦ ¦ ¦ ¦ ¦
 +------+---------------------+--------+----------------+------------+--------------+---------------+
 ¦ 60 ¦S-MAIL (Почта ЦБ) ¦ ПП ¦Руб. плат.,¦ЦБ России ¦ЦБ России ¦PC 486 ¦
 ¦ ¦ ¦ ¦бухг. ¦ ¦ ¦ ¦
 +------+---------------------+--------+----------------+------------+--------------+---------------+
 ¦ 61 ¦Lotus Notes 4.6.1¦ ПП ¦Централизованно ¦Головной ¦Головной банк ¦PC PENTIUM ¦
 ¦ ¦(Корпоративная почта)¦ ¦ ¦банк ¦ ¦ ¦
 +------+---------------------+--------+----------------+------------+--------------+---------------+
 ¦ 62 ¦MS Exchange 5.0 ¦ ПП ¦Централизованно ¦Релком ¦IN-HOUSE ¦PC PENTIUM ¦
 +------+---------------------+--------+----------------+------------+--------------+---------------+
 ¦ ¦Программы доступа в¦ ¦ ¦ ¦ ¦ ¦
 ¦ ¦Интернет ¦ ¦ ¦ ¦ ¦ ¦
 +------+---------------------+--------+----------------+------------+--------------+---------------+
 ¦ 63 ¦MS Proxy 2.0 ¦ ПП ¦Централизованно ¦Майкрософт ¦Майкрософт ¦PC PENTIUM ¦
 L------+---------------------+--------+----------------+------------+--------------+----------------
 
 
  Условные сокращения:
  ОС - операционная система;
  ПП - прикладная программа;
  СП - сервисная программа;
  ИР - инструмент разработчика.
 
 Приложение 7. Пример экзаменационных вопросов для ИТ-аудиторов
 
  1. A database administrator is responsible for:
  A. maintaining the access security of data residing on the computers.
  В. implementing database definition controls.
  С. granting access rights to users.
  D. defining system's data structure.
  2. Which of the following would NOT be associated with well-written and concise job descriptions?
  A. They are an important means of discouraging fraudulent acts.
  В. They are often used as tools for use in performance evaluation.
  С. They provide little indication of the degree of separation of duties.
  D. They assist in defining the relationship between various job functions.
  3. The input/output control function is responsible for:
  A. pulling and returning all tape files.
  В. entering and key verifying data.
  С. logging batches and reconciling hash totals.
  D. executing both production and test jobs.
  4. Which of the following tools for controlling input/output of data are used to verify output results and control totals by matching them against the input data and control totals?
  A. Batch header forms
  В. Batch balancing
  С. Data conversion error corrections
  D. Access controls over print spools
  5. In Wide Area Networks (WANs):
  A. data flow can be half duplex or full duplex.
  В. communication lines must be dedicated.
  С. circuit structure can be operated only over a fixed distance.
  D. the selection of communication lines will affect reliability.
  6. A feature of a digital signature that ensures that the claimed sender cannot later deny generating and sending the message is:
  A. data integrity.
  В. authentication.
  С. non-repudiation.
  D. replay protection.
  7. Which of the following factors is LEAST likely to allow a perpetrator to discover a valid password?
  A. The number of characters in the password
  В. The power of the computer used to break the password code
  С. The number of incorrect access attempts allowed before disconnect
  D. The content of the character set from which the password is composed
  8. Passwords should be:
  A. assigned by the security administrator.
  В. changed every 30 days at the discretion of the user.
  С. reused often to ensure the user does not forget the password.
  D. displayed on the screen so that the user can ensure that it has been properly entered.
  9. Which of the following is a technique that could illegally capture network user passwords?
  A. Encryption
  В. Sniffing
  С. Spoofing
  D. Data destruction
  10. Which of the following is NOT an employee security responsibility?
  A. Keeping Logon-IDs and passwords secret
  В. Helping other employees create passwords
  С. Reading and understanding the security policy
  D. Questioning unfamiliar people who enter a secured area
  11. Which of the following would warranty a quick continuity of operations when the recovery time window is short?
  A. A duplicated back-up in an alternate site
  В. Duplicated data in a remote site
  С. Transfer of data the moment a contingency occurs
  D. A manual contingency procedure
  12. Which of the following BEST describes the difference between a disaster recovery plan and a business continuity plan?
  A. The disaster recovery plan works for natural disasters whereas the business continuity plan works for non-planned operating incidents such as technical failures.
  В. The disaster recovery plan works for business process recovery and information systems whereas the business continuity plan works only for information systems.
  С. The disaster recovery plan defines all needed actions to restore to normal operation after an un-planned incident whereas the business continuity plan only deals with critical operations needed to continue working after an un-planned incident.
  D. The disaster recovery plan is the awareness process for employees whereas the business continuity plan contains the procedures themselves to recover the operation.
  13. The use of fourth generation languages (4GLs) should be weighed carefully against using traditional languages because 4GLs:
  A. can lack lower level detail commands necessary to perform data intensive operations.
  В. cannot be implemented on both the mainframe processors and microcomputers.
  С. generally contain complex language subsets which must be used by skilled users.
  D. cannot access database records and produce complex Online outputs.
  14. Which of the following tools would NOT be used in program debugging during system development?
  A. Compiler
  В. Memory dump
  С. Output analyzer
  D. Logic path monitor
  15. Which of the following is a management technique that enables organizations to develop strategically important systems faster while reducing development costs and maintaining quality?
  A. Function point analysis
  В. Critical path methodology
  С. Rapid application development
  D. Program evaluation review technique
  16. Which of the following statements pertaining to program evaluation review technique (PERT) is FALSE?
  A. The initial step in designing a PERT network is to define project activities and their relative sequence.
  В. An analyst may prepare many diagrams before the PERT network is complete.
  С. PERT assumes a perfect knowledge of the times of individual activities.
  D. PERT assumes that activities can be started and stopped independently.
  17. A tax calculation program maintains several hundred tax rates. The BEST control to ensure that tax rates entered into the program are accurate is:
  A. independent review of the transaction listing.
  В. programmed edit check to prevent entry of invalid data.
  С. programmed reasonableness checks with 20% data entry range.
  D. visual verification of data entered by the processing department.
  18. Application controls ensure that when inaccurate data is entered into the system, the data is:
  A. accepted and processed.
  В. accepted and not processed.
  С. not accepted and not processed.
  D. not accepted and processed.
  19. Which of the following BEST describes the purpose or character of an audit charter?
  A. An audit charter should be dynamic and change often to coincide with the changing nature of technology and the audit profession.
  В. An audit charter should clearly state audit's objectives for the delegation of authority for the maintenance and review of internal controls.
  С. An audit charter should document the audit procedures designed to achieve the planned audit objectives.
  D. An audit charter should outline the overall authority, scope and responsibilities of the audit function.
  20. A manufacturing company has implemented a new client/ server system enterprise resource planning (ERP) system. Local branches transmit customer orders to a central manufacturing facility. Which of the following controls would BEST ensure that the orders are accurately entered and the corresponding products produced?
  A. Verifying production to customer orders
  В. Logging all customer orders in the ERP system
  С. Using hash totals in the order transmitting process
  D. Approving (production supervisor) orders prior to production
 
  1. A database administrator is responsible for:
  The correct answer is:
  B. implementing database definition controls.
  Explanation:
  Implementing database definition controls is one of the critical functions of the database administrator. Maintaining access security of data and granting access rights to users as defined by management is the responsibility of the security administrator. Defining system's data structure in the responsibility of the systems analyst.
  Area: Content Area 1
 
  2. Which of the following would NOT be associated with well-written and concise job descriptions?
  The correct answer is:
  C. They provide little indication of the degree of separation of duties.
  Explanation:
  Well written and concise job descriptions should provide an indication of the degree of separation of duties within the organization and, in fact, may assist in identifying possible conflicting duties. All other answers are aspects of well-written job descriptions.
  Area: Content Area 1
 
  3. The input/output control function is responsible for: The correct answer is:
  C. logging batches and reconciling hash totals.
  Explanation:
  The logging of batches provides input control while the reconciling of hash totals provides output controls.
  Area: Content Area 2
 
  4. Which of the following tools for controlling input/output of data are used to verify output results and control totals by matching them against the input data and control totals?
  The correct answer is:
  B. Batch balancing
  Explanation:
  Batch balancing is used to verify output results and control totals by matching them against the input data and control totals. This can be performed by the computer program where the control totals were input into the computer with the batch input. Batch header forms control data preparation; data conversion error corrections correct errors that occur due to duplication of transactions and inaccurate data entry; and access controls over print spools prevent reports from being accidentally deleted form print spools or directed to a different printer.
  Area: Content Area 2
 
  5. In Wide Area Networks (WANs): The correct answer is:
  D. the selection of communication lines will affect reliability.
  Explanation:
  The selection of communication lines, modems, software, etc. will have a great effect on network reliability. Data flow can be half duplex, full duplex or simplex; communication lines can be dedicated or switched; and the circuit structure can be operated over virtually any distance.
  Area: Content Area 2
 
  6. A feature of a digital signature that ensures that the claimed sender cannot later deny generating and sending the message is:
  The correct answer is: C. non-repudiation.
  Explanation:
  All of the above are features of a digital signature. Non-repudiation ensures that the claimed sender cannot later deny generating and sending the message. Data integrity refers to changes in the plaintext message that would result in the recipient failing to compute the same message hash. Authentication ensures that the message has been sent by the claimed sender since only the claimed sender has the key. Replay protection is a method that a recipient can use to check that the message was not intercepted and replayed.
  Area: Content Area 3
 
  7. Which of the following factors is LEAST likely to allow a perpetrator to discover a valid password?
  The correct answer is:
  B. The power of the computer used to break the password code
  Explanation:
  А, С and D all contribute to the complexity and difficulty of guessing a password.
  Area: Content Area 3
 
  8. Passwords should be: The correct answer is:
  A. assigned by the security administrator.
  Explanation:
  Initial password assignment should be done discretely by the security administrator. Passwords should be changed often (e.g. every 30 days).
  However, changing is not voluntary and should be forced by the system. Systems should not permit previous passwords(s) to be used again after they are changed. Old passwords may have been compromised and would thus permit unauthorized access. Passwords should not be displayed in any form.
  Area: Content Area 3
 
  9. Which of the following is a technique that could illegally capture network user passwords?
  The correct answer is: B. Sniffing
  Explanation:
  Sniffing is an attack that can be illegally used to capture sensitive pieces of information (password), passing through the network. Encryption is a method of scrambling information to prevent unauthorized individuals from understanding the transmission. Spoofing is forging an address and inserting it into a packet to disguise the origin of the communication. Data destruction is erasing information or removing it from their original location.
  Area: Content Area 3
 
  10. Which of the following is NOT an employee security responsibility?
  The correct answer is:
  B. Helping other employees create passwords
  Explanation:
  Helping other employees create their passwords may materially affect the integrity of the password. That is, the employee giving the advice may later be able to guess the password and gain access to the system. All the other options are employee security responsibilities.
  Area: Content Area 3
 
  11. Which of the following would warranty a quick continuity of operations when the recovery time window is short?
  The correct answer is:
  D. A manual contingency procedure
  Explanation:
  A quick continuity of operations could be accomplished when manual procedures for a contingency exist. Choices A, B and С are options for recovery.
  Area: Content Area 4
 
  12. Which of the following BEST describes the difference between a disaster recovery plan and a business continuity plan?
  The correct answer is:
  C. The disaster recovery plan defines all needed actions to restore to normal operation after an un-planned incident whereas the business continuity plan only deals with critical operations needed to continue working after an un-planned incident.
  Explanation:
  The difference pertains to the scope of each plan. A disaster recovery plan recovers all operations, whereas a business continuity plan retrieves business continuity (minimum requirements to provide services to the customers or clients). Choices А, В and D are incorrect because the type of plan (recovery or continuity) is independent from the sort of disaster or process and it includes both awareness campaigns and procedures.
  Area: Content Area 4
 
  13. The use of fourth generation languages (4GLs) should be weighed carefully against using traditional languages because 4GLs:

<< Пред.           стр. 16 (из 20)           След. >>

Список литературы по разделу