Chapter 8 solution manual accounting information
systems
Accounting Information Systems, 13e (Romney/Steinbart)
Chapter 8 Controls for Information Security
8.1 Explain how information security affects information systems reliability.
1) The Trust Services Framework reliability principle that states that users must be able to enter,
update, and retrieve data during agreed-upon times is known as
A) availability.
B) security.
C) maintainability.
D) integrity.
Answer: A
Objective: Learning Objective 1
Difficulty: Easy
AACSB: Analytic
2) According to the Trust Services Framework, the reliability principle of integrity is achieved
when the system produces data that
A) is available for operation and use at times set forth by agreement.
B) is protected against unauthorized physical and logical access.
C) can be maintained as required without affecting system availability, security, and integrity.
D) is complete, accurate, and valid.
Answer: D
Objective: Learning Objective 1
Difficulty: Easy
AACSB: Analytic
3) Kuzman Jovan called a meeting of the top management at Jovan Capital Management.
Number one on the agenda was computer system security. "The risk of security breach incidents
has become unacceptable," he said, and turned to the Chief Information Officer. "What do you
intend to do?" Which of the following is the best answer?
A) Evaluate and modify the system using COBOL.
B) Evaluate and modify the system using the CTC checklist.
C) Evaluate and modify the system using the Trust Services framework
D) Evaluate and modify the system using the COSO Internal Control Framework.
Answer: C
Objective: Learning Objective 1
Difficulty: Moderate
AACSB: Analytic
,4) Which of the following is not one of the three fundamental information security concepts?
A) Information security is a technology issue based on prevention.
B) Security is a management issue, not a technology issue.
C) The idea of defense-in-depth employs multiple layers of controls.
D) The time-based model of security focuses on the relationship between preventive, detective
and corrective controls.
Answer: A
Objective: Learning Objective 1
Difficulty: Easy
AACSB: Analytic
5) Which of the following is not one of the essential criteria for successfully implementing each
of the principles that contribute to systems reliability, as discussed in the Trust Services
Framework?
A) developing and documenting policies
B) effectively communicating policies to all outsiders
C) designing and employing appropriate control procedures to implement policies
D) monitoring the system and taking corrective action to maintain compliance with policies
Answer: B
Objective: Learning Objective 1
Difficulty: Easy
AACSB: Analytic
6) If the time an attacker takes to break through the organization's preventive controls is greater
than the sum of the time required to detect the attack and the time required to respond to the
attack, then security is
A) effective.
B) ineffective.
C) overdone.
D) undermanaged.
Answer: A
Objective: Learning Objective 1
Difficulty: Moderate
AACSB: Analytic
7) It was 8:03 A.M. when Jiao Jan, the Network Administrator for South Asian Technologies,
was informed that the intrusion detection system had identified an ongoing attempt to breach
network security. By the time that Jiao had identified and blocked the attack, the hacker had
accessed and downloaded several files from the company's server. Using the notation for the
time-based model of security, in this case
A) D > P
B) P > D
C) P > C
D) C > P
Answer: A
Objective: Learning Objective 1
Difficulty: Difficult
AACSB: Analytic
8) There are "white hat" hackers and "black hat" hackers. Cowboy451 was one of the "black hat"
hackers. He had researched an exploit and determined that he could penetrate the target system,
, download a file containing valuable data, and cover his tracks in eight minutes. Six minutes into
the attack he was locked out of the system. Using the notation of the time-based model of
security, which of the following must be true?
A) P < 6
B) D = 6
C) P = 6
D) P > 6
Answer: D
Objective: Learning Objective 1
Difficulty: Difficult
AACSB: Analytic
9) Identify a party below who was involved with developing the Trust Services Framework.
A) FASB
B) United States Congress
C) AICPA
D) IMA
Answer: C
Objective: Learning Objective 1
Difficulty: Moderate
AACSB: Analytic
10) Information security procedures protect information integrity by
A) preventing fictitious transactions.
B) reducing the system cost.
C) making the system more efficient.
D) making it impossible for unauthorized users to access the system.
Answer: A
Objective: Learning Objective 1
Difficulty: Moderate
AACSB: Analytic
systems
Accounting Information Systems, 13e (Romney/Steinbart)
Chapter 8 Controls for Information Security
8.1 Explain how information security affects information systems reliability.
1) The Trust Services Framework reliability principle that states that users must be able to enter,
update, and retrieve data during agreed-upon times is known as
A) availability.
B) security.
C) maintainability.
D) integrity.
Answer: A
Objective: Learning Objective 1
Difficulty: Easy
AACSB: Analytic
2) According to the Trust Services Framework, the reliability principle of integrity is achieved
when the system produces data that
A) is available for operation and use at times set forth by agreement.
B) is protected against unauthorized physical and logical access.
C) can be maintained as required without affecting system availability, security, and integrity.
D) is complete, accurate, and valid.
Answer: D
Objective: Learning Objective 1
Difficulty: Easy
AACSB: Analytic
3) Kuzman Jovan called a meeting of the top management at Jovan Capital Management.
Number one on the agenda was computer system security. "The risk of security breach incidents
has become unacceptable," he said, and turned to the Chief Information Officer. "What do you
intend to do?" Which of the following is the best answer?
A) Evaluate and modify the system using COBOL.
B) Evaluate and modify the system using the CTC checklist.
C) Evaluate and modify the system using the Trust Services framework
D) Evaluate and modify the system using the COSO Internal Control Framework.
Answer: C
Objective: Learning Objective 1
Difficulty: Moderate
AACSB: Analytic
,4) Which of the following is not one of the three fundamental information security concepts?
A) Information security is a technology issue based on prevention.
B) Security is a management issue, not a technology issue.
C) The idea of defense-in-depth employs multiple layers of controls.
D) The time-based model of security focuses on the relationship between preventive, detective
and corrective controls.
Answer: A
Objective: Learning Objective 1
Difficulty: Easy
AACSB: Analytic
5) Which of the following is not one of the essential criteria for successfully implementing each
of the principles that contribute to systems reliability, as discussed in the Trust Services
Framework?
A) developing and documenting policies
B) effectively communicating policies to all outsiders
C) designing and employing appropriate control procedures to implement policies
D) monitoring the system and taking corrective action to maintain compliance with policies
Answer: B
Objective: Learning Objective 1
Difficulty: Easy
AACSB: Analytic
6) If the time an attacker takes to break through the organization's preventive controls is greater
than the sum of the time required to detect the attack and the time required to respond to the
attack, then security is
A) effective.
B) ineffective.
C) overdone.
D) undermanaged.
Answer: A
Objective: Learning Objective 1
Difficulty: Moderate
AACSB: Analytic
7) It was 8:03 A.M. when Jiao Jan, the Network Administrator for South Asian Technologies,
was informed that the intrusion detection system had identified an ongoing attempt to breach
network security. By the time that Jiao had identified and blocked the attack, the hacker had
accessed and downloaded several files from the company's server. Using the notation for the
time-based model of security, in this case
A) D > P
B) P > D
C) P > C
D) C > P
Answer: A
Objective: Learning Objective 1
Difficulty: Difficult
AACSB: Analytic
8) There are "white hat" hackers and "black hat" hackers. Cowboy451 was one of the "black hat"
hackers. He had researched an exploit and determined that he could penetrate the target system,
, download a file containing valuable data, and cover his tracks in eight minutes. Six minutes into
the attack he was locked out of the system. Using the notation of the time-based model of
security, which of the following must be true?
A) P < 6
B) D = 6
C) P = 6
D) P > 6
Answer: D
Objective: Learning Objective 1
Difficulty: Difficult
AACSB: Analytic
9) Identify a party below who was involved with developing the Trust Services Framework.
A) FASB
B) United States Congress
C) AICPA
D) IMA
Answer: C
Objective: Learning Objective 1
Difficulty: Moderate
AACSB: Analytic
10) Information security procedures protect information integrity by
A) preventing fictitious transactions.
B) reducing the system cost.
C) making the system more efficient.
D) making it impossible for unauthorized users to access the system.
Answer: A
Objective: Learning Objective 1
Difficulty: Moderate
AACSB: Analytic
