A mesh network topology provides a point-to-point link between every network host. If each host is configured to route and forward communication, this topology provides the greatest redundancy of routes and the greatest network fault tolerance.
Layering perimeter network protection by configuring the firewall as a screened host in a screened subnet behind the bastion host provides a higher level of protection from external attack than a firewall alone.
An IS auditor usually places more reliance on evidence directly collected, such as through personal observation.
The directory system of a database-management system describes the location of data and the access method.
The transport layer of the TCP/IP protocol suite provides for connection-oriented protocols, to ensure reliable communication.
Improper file access becomes a greater risk when implementing a database system.
Electronic data interface (EDI) supports intervendor communication while decreasing the time necessary for review because it is usually configured to readily identify errors requiring follow-up.
To properly protect against unauthorized disclosure of sensitive data, hard disks should be demagnetized prior to disposal or release.
An IS auditor can expect to find system errors to be detailed in the console log.
When reviewing print systems spooling, an IS auditor is most concerned with the potential for unauthorized printing of report copies.
Atomicity enforces data integrity by ensuring that a transaction is either completed in its entirety or not at all. Atomicity is part of the ACID test reference for transaction processing.
Functioning as a protocol-conversion gateway for wireless WTLS to Internet SSL, the WAP gateway is a component that warrants critical concern and review for the IS auditor when auditing and testing controls that enforce message confidentiality. During protocol conversion, WTLS is decrypted and then re-encrypted with SSL. Therefore, the traffic is in plain text for a brief moment at the WAP gateway.
When trying to determine the existence of unauthorized access to data by a user or program, the IS auditor often reviews the system logs.
Proper segregation of duties prevents a computer operator (user) from performing security administration duties.
A graphical map of the network topology is essential for the IS auditor to obtain a clear understanding of network management.
Modems (modulation/demodulation) convert analog transmissions to digital, and digital transmissions to analog, and are required for analog transmissions to enter a digital network.
If users have direct access to a database at the system level, risk of unauthorized and untraceable changes to the database increases.
Neural networks are effective in detecting fraud because they have the capability to consider a large number of variables when trying to resolve a problem.