CPE Quiz #
72
Based on Information Systems Control Journal Volume 3, 2000
A passing score of 75 percent qualifies for one (1) hour of CISA/CISM/CGEIT Continuing Professional Education (CPE) Credit
Your results will appear in a new window.
Enter your name below so it displays on the quiz results page:
Name:
Ross Article1. Denial of service attacks were highly publicized during February 2000. These attacks temporarily shut down web sites for prominent organizations such as eBay, Yahoo, Amazon and CNN. The attacks were accomplished by jamming the web sites with useless messages that tied up the sites' computers.
2. The author recommends an architecture for e-enterprises that offers high availability. Characteristics of this high availability architecture include: nearby mirrored copies of every critical file, a single point of entry so that transactions can be received and processed quickly and intelligent middleware that detects the state of all interconnected systems and directs message traffic away from downed systems toward alternate(s).
Tyler Article3. COBIT® was integrated into the New South Wales Health (NSWH) IS audit model with a single goal of complying with local regulatory requirements. Many other benefits were achieved in addition to regulatory compliance.
4. The first stage of the NSWH systems audit life cycle was the acquisition and preliminary planning audit. This stage included such things as project feasibility, business case, user requirements, budgets, offers and contracts.
5. Another stage of the NSWH systems audit life cycle was the implementation audit. During this stage, the IS auditors evaluated data conversion, unit and system testing, and project management controls.
6. Positive results were achieved by integrating the COBIT model into the NSWH IS audit model, as evidenced by the IS department project manager's satisfaction with the comprehensiveness of the examinations and the high level of comfort that the audit project has provided.
Nelson Article7. The author describes software that can be used to aid in audits of any ERP system that runs on an Oracle database. The tool used is Tickmark Setup Reporter, and was used in the project the author describes to monitor controls over changes to Oracle Accounts Payable.
8. Features of the tool include: tracking of changes to application settings, identification of who made the changes, and fast, simple reporting via HTML or Microsoft Office.
9. The biggest drawback is that the tool requires update access to production database tables, which can sometimes be difficult for auditors to obtain from the application project manager(s).
10. The tool can be used across multiple database instances to compare differences in Oracle Application setups. This can be a valuable tool during migration of code between database instances.
Landreth and Ledman Article11. The Health Insurance Portability and Accountability Act (HIPAA) is compared by the author to Y2K, in that many health care organizations will need to have broad reaching projects to implement HIPAA standards that may cost as much as 2.5 times more than their Y2K projects.
12. HIPAA mandates certain patient privacy rules in addition to its standardization of certain electronic patient information (e.g. claims, payments, remittances, enrollment in plans). These patient privacy rules will require policies for using and disclosing patient health information.
13. HIPAA is a major change for the internal control profession, in that the United States Federal Government is expected to mandate requirements for security and control of health information. Logical access controls, encryption, audit trails and physical access controls are expected to be mandated.
14. HIPAA is already causing major changes to health organizations, as evidenced by a recent survey sponsored by Phoenix Health Systems. This survey reported that senior and middle management have a very high awareness of HIPAA rules, and that most healthcare organizations have begun working on risk assessments and action plans.
Bigler Article15. The author identifies controls that should be implemented by user organizations' Internet Service Providers (ISPs) to help prevent denial of service (DoS) attacks. These controls include: ingress filtering, rate limiting, reverse address lookup and network traffic monitoring.
16. Network traffic monitoring is an effective preventive control against DoS attacks.
|