Exam 10: Computer Crime and Information Technology Security

According to ISACA, one of COBIT's enablers is required for keeping the organization running and well governed; that enabler is often the key product of the enterprise itself.It is therefore most closely related to which generic element of the accounting information system?

A private university maintains sensitive information about its donors in both a paper file and an electronic database.Using the three-part control taxonomy discussed in the chapter, identify and describe two controls in each category that should be implemented to prevent/detect/correct the risk that such information might be compromised.

COBIT comprises ___ principles and ___ enablers.

The chapter discussed the four elements of Carter's taxonomy of computer crime and eleven business risks/threats to information systems.Classify each item below using each of them.

According to ISACA, which COBIT enabler provides the vehicle for translating desired behavior into practical guidance for day-to-day management?

For each IT control listed below, indicate the group which most clearly applies: (a) physical security control, (b) technical security control or (c) administrative security control.1.Audible alarm when a computer detects a virus-infected e-mail attachment 2.Conflict of interest policy 3.Different passwords for each ERP module 4.Filing cabinets requiring keys 5.Fire suppression systems 6.Keystroke monitoring software 7.Locking compartments in desks 8.Log-ins requiring fingerprint identification 9.Mandatory password rotation 10.Periodic internal audits

According to COBIT 5, an organization's information technology governance and management should separate governance from management.In that context, examples of management include:

Consider the following examples of computer crime as you answer the question: i.Social Security numbers are stolen from a company's database.ii.A fraudster uses a computer to identify people over the age of 80 with annual incomes of $250,000 or more.iii.A supervisor receives threats from a worker via e-mail; the worker demands promotion as a condition of not exposing the supervisor's illegal acts.iv.An unhappy customer launches a denial-of-service attack.Which two items represent the same category of risk from the list discussed in the chapter?

Fill in the blanks below according to the principles and enablers of the COBIT framework. a.___, policies and frameworks. b.Applying a ___. c.Covering the enterprise ___. d.Culture, ___ and behavior. e.Enabling a ___ approach. f.Meeting ___ needs. g.Organizational ___. h.People, ___ and ___. i.Separating ___ from ___. j.Services, infrastructure and ___.

The COBIT framework comprises five principles and seven enablers.In your own words, explain the relationship between each principle and enabler paired below; the first one is done as an example. a.Meeting stakeholder needs/People, skills and competencies.People inside and outside the organization are stakeholders. b.Covering the enterprise end-to-end/Processes. c.Applying a single integrated framework/Principles, policies and frameworks. d.Enabling a holistic approach/Information. e.Separating governance from management/Culture, ethics and behavior. f.Meeting stakeholder needs/Processes.

According to COBIT's principles, information technology governance and management should meet ___ needs.

According to COBIT's principles, information technology governance and management should cover the enterprise: