Article Directory
2.3 Information system integration and service management
2.3.1 ITIL and IT Service Management
2.3.2 ITSS and Information Technology Services
ITSS
-
Component elements - (people, flow, technology, capital)
IT services are composed of人
personnel,流
process,技
technology and资
resources, referred to as PPTR. -
Life cycle - (Ministry of Regulation, Services and Supervision)
The IT service life cycle规划设计、部署实施、服务运营、持续改进、监督管理
consists of 5 stages, referred to as PIOIS.
example:
【18】Information Technology Service Standard (ITSS) defines the core elements of IT services consisting of people, process, technology and resources. The ( ) element focuses on "doing things right".
A. Personnel
B.过程
c. Technology
D. Resources
【18】Information Technology Service Standard (ITSS) is a complete system and a comprehensive standard library, used to guide the implementation of standardized and reliable IT services, ITSS defined services ( ) 生命周期不包括
.
A.战略部署
B. Planning and Design
C. Deployment and implementation
D. Service operation
【19】In the IT service life cycle model of the Information Technology Service Standard (ITSS) ( ) is to 规划设计基础上
establish a management system and provide service solutions based on ITSS.
A. Service strategy
B.部署实施
C. Service operation
D. Supervision and management
[19 below] In the Information Technology Service Standard (ITSS), the core elements of IT services refer to ().
A. TOOLS, TECHNOLOGIES, PROCESSES, SERVICES
B. 人员、流程、技术、资源
C. Plan, Execute, Check, Correct
D. Quality, cost, schedule, risk
2.3.3 Information system audit
-
Concern - (can be guaranteed)
- availability
- confidentiality
- integrity
-
main component
- Management, planning and organization of information systems
- Information Systems Technology Infrastructure and Operations Affairs
- asset protection
- Disaster Recovery and Business Continuity Planning
- Application system development, acquisition, implementation and maintenance
- Business Process Evaluation and Risk Management
-
ISAS
- include
职业准则、ISACA公告和职业道德规范
.
- include
-
audit steps
- (1)
编制
List and classify the information systems used by the organization. - (2)
决定
Which systems affect critical functions and assets. - (3)
评估
What risks affect these systems and the impact on business operations. - (4) In
评估的基础上
grading the system above, determine the audit priority, resources, schedule and frequency. Auditors can make an annual audit plan and list the audit items to be carried out during the year.
- (1)
[16 below] The purpose of an information system audit is to evaluate and provide feedback, assurance and recommendations. Its concerns can be divided into three categories, namely ( ).
A. Confidentiality, Timeliness, Integrity
B. Availability, Timeliness, Accuracy
C. Confidentiality, Accuracy, Completeness
D.可用性、保密性、完整性
[17 below] () does not belong to the main content of the information system audit.
A.信息化战略
B. Protection of Assets
C. Disaster Recovery and Business Continuity Planning
D. Management, planning and organization of information systems
【18】Generally recognized information system audit principles do not include ().
A. ISACA Notice
B. ISACA Proclamation Professional Code
C. ISACA Code of Ethics
D.COBIT框架
[18 below] For the information system audit process, after understanding the internal control structure, evaluating control risks, and transmitting internal controls, the next step should be ( ).
A. Limited substantive testing
B. External Control Testing
C内部控制测试
D. Expanded substantive testing
[19 above] The steps to conduct an information system audit based on a risk approach are (D).
①Determine which systems affect key functions and assets
②Evaluate which risks affect these systems and the impact of business operations ③Compile and classify the
information systems used by the organization
A.①②③④
B.①③②④
C.③①④
D.③①②④
【21上】( ) is not the focus of information system audit.
A. Integrity
B. Availability
C. Confidentiality
D. 可扩展性
【广22上】( ) Collect and evaluate evidence to determine computer system 是否有效做到保护
assets, maintain data integrity, accomplish organizational goals, and use resources most economically.
A. System multiplexing
B.系统审计
c. System integration
D. System maintenance
[Analysis] P127, Ron Weber, an authoritative expert on information system auditing in the United States, defines it as "collecting and evaluating evidence to determine whether a computer system (information system) is effective in protecting assets, maintaining data integrity, accomplishing organizational goals, and using resources most economically".