| 1. | Define general controls and describe each type of general controls (Answer: see lecture 23, section 23.1) |
| 2. | Define application controls and describe each type of application control (Answer: see lecture 23, section 23.1) |
| 3. | Describe the function of risk assessment and explain how it is conducted for information systems (Answer: see lecture 23, section 23.2) |
| 4. | Define security policy, acceptable use policy, and authorization policy (Answer: see lecture 23, section 23.3) |
| 5. | Explain how MIS auditing promotes security and control (Answer: see lecture 23, section 23.5) |
| 6. | Differentiate between disaster recovery planning and business continuity planning (Answer: see lecture 23, section 23.4) |