Contrast the black box approach to IT auditing and the white box approach. Which is preferred?
What will be an ideal response?
The black box approach is not concerned with the application's internal workings. The auditor examines documentation of the system, interviews personnel, and bases the evaluation on the logical consistency between input and output. This method is often referred to as "auditing-around-the-computer" because there is no examination of data as it is processed.
The white box approach, also called "auditing-through-the-computer," relies on knowledge of the internal workings of the systems and actually tests the application in action with test data having known results. Several white box techniques are available. These include the test data method, base case evaluation, tracing, the integrated test facility, and parallel simulation. This method makes the computer a tool of the audit as well as its target.
PTS: 1
You might also like to view...
The ________ is the number assigned to a patient to reference the care of that patient for all visits at one particular hospital
a. Medical record number b. Account number c. Master patient index d. None of the above
One way to secure the administration interface of a WAP is to turn it off when not in use
Indicate whether the statement is true or false
Match each item with an statement below:
A. UNIX-based command interface and protocol for securely accessing a remote computer. B. can provide intelligent traffic and bandwidth management based on the content of a session and not just on network connections. C. encrypts both the header and the data portion. D. "plain" HTTP sent over SSL/TLS. E. the end of the tunnel between VPN devices. F. handles setting up the connection with the remote VPN server and takes care of the special data handling required to send and receive data through the VPN tunnel. G. most widely deployed tunneling protocol. H. encrypts all files or selected directories and files on a Linux system. I. one of the ways to reduce the risk of FTP attack.
Where are directories created for removable media? What are their names?
What will be an ideal response?