BEC 4 Types of Information Systems and Technology Risks and Appendix

Question 1

Strategic risk

Answer 1

• risk of choosing inappropriate technology

Question 2

Operating risk

Answer 2

• risk of doing the right things in the wrong way

Question 3

Financial risk

Answer 3

• risk of having financial resources lost, wasted or stolen

Question 4

Information risk

Answer 4

• risk of loss of data integrity, incomplete transactions, or hackers

Question 5

Specific risk

Answer 5

1. Error - carelessness, failure to follow directions or ignorance due to poor training
2. Intentional acts - sabotage, embezzlements, viruses, denial of service attacks
3. Disasters - fires, floods, earthquakes, high winds, terrorism and war

Question 6

Virus

Answer 6

• a piece of a computer program that inserts itself into some other program, including operating systems to propagate.
• It requires a host program to propagate and can’t run independently

Question 7

Worm

Answer 7

• a program that can run independently and normally propagates itself over a network
• it can’t detach itself to other programs

Question 8

Trojan horse

Answer 8

• a program that appears to have a useful function but contains a hidden and unintended function that presents a security risk

Question 9

Denial of Service attack

Answer 9

• one computer bombards another computer with a flood of information intended to keep legitimate users from accessing the target computer or network

Question 10

Phishing

Answer 10

• sending of phony emails to try to lure people to phony websites asking for financial information

Question 11

Spam

Answer 11

unsolicited email

Question 12

Risk assessment and control activities

Answer 12

1. Risk - possibility of harm or loss
2. Threat - any eventuality that represents a danger to an asset or a capability linked to hostile intent
3. Vulnerability - characteristic of a design, implementation or operation that renders the system susceptible to a threat
4. Safeguards and controls - policies and procedures that when effectively applied, reduce or minimize vulnerabilities

Question 13

Risk assessment

Answer 13

• identify risks
• evaluate the risks in terms of the probability of occurrence
• evaluate the exposure of potential loss
• identify controls
• evaluate the costs and benefits of implementing the controls
• implement the controls that are cost effective

Question 14

Evaluation and Types of controls

Answer 14

• evaluated on cost/benefit basis

Question 15

Access controls

Answer 15

1. Physical access
   a. User identification codes
   b. File attributes
2. Assignment and maintenance of security levels
3. Callback on dial up systems
4. File attributes
5. Firewalls
   a. firewalls deter
   b. network firewalls
   c. application firewalls
   d. firewalls methodologies
   - packet filtering - examines packets of data as they pass via the firewall according to the rules. Firewall configuration
   - circuit level gateways - allow data into a network that result from requests from computers inside the network
   - application level gateways - examine data coming into the gateway in a more sophisticated fashion

Question 16

Disaster recovery

Answer 16

consists of an entity’s plans for continuing operations in the event of the destruction of not only program and data files, but also processing capabilities.

Question 17

Major players in disaster recovery

Answer 17

• organization itself
• external service provider,
  the disaster recovery services provider

Question 18

Steps in disaster recovery

Answer 18

1. assess the risks
2. identify mission critical applications and data
3. develop a plan for handling applications
4. determine the responsibilities of the personnel involved
5. test the disaster recovery plan

Question 19

Advantages and disadvantages of disaster recovery and business continuity

Answer 19

• without the plan, the company may be out of business

Question 20

Split mirror backup

Answer 20

as the size of data needed to support many large companies grows. so does the time and resources that it takes those companies to back up and recover their data.

Question 21

Use of a disaster recovery services

Answer 21

different services like an empty room to providing facilities across the country to relocate end user personnel

Question 22

Internal disaster recovery

Answer 22

• some organizations with the requirement for instantaneous or almost instant resumption of processing in the event of a disaster provide their own duplicate facilities in separate locations.
• data might be mirrored and processing can be switched almost instant from one location to the other
• duplicate data center and data mirroring is very expensive

Question 23

Multiple data center backups

Answer 23

1. Full backup - exact copy of the entire database
2. Partial backup
   - an incremental backup - copying only the data items that have changed since the last back up
   - differential backup - all changes made since the last full backup, each new differential backup file contains the cumulative effects of all activity since the last full backup

Question 24

Types of off site locations

1. Cold site *
2. Hot site
3. Warm site

Answer 24

Cold site - off site location that has all the electrical connections and other physical requirements for data processing, but it does not have the actual equipment

Question 25

Types of off site locations 1. Cold site 2. Hot site * 3. Warm site

Answer 25

Hot site - an off site location that is equipped to take over the company’s data processing. Backup copies of essential data files and programs may also be maintained at the location or data storage facility. 1. Telecommunications network 2. Floor space and equipment determination 3. Personnel issues

Question 26

Types of off site locations 1. Cold site 2. Hot site 3. Warm site *

Answer 26

Warm site - a facility that is already stocked with all the hardware that it takes to create a reasonable facsimile of the primary data center

Question 27

Business information system risks

Answer 27

1. Strategic risk 2. Operating risk 3. Financial risk 4. Information risk

Question 28

Access controls

Answer 28

Access controls limit access to documentation, data files, programs, and computer hardware to authorized personnel. Examples include locks, passwords, user identification codes, assignment of security levels, callbacks on dial up systems, the setting of file attributes, and the use of firewalls.

Question 29

Firewall

Answer 29

a system often both hardware and software, of user identification and authentication that prevents unauthorized users from gaining access to network resources

Question 30

Disaster recovery

Answer 30

Plans for continuing operations in the event of destruction of not only programs and data but also processing capabilities.

Question 31

Hot site

Answer 31

off site location that is equipped to take over a company’s data processing

Question 32

Cold site

Answer 32

off site location that has all of the electrical connections and other physical requirements for data processing but does not have the actual equipment

Question 33

Types of backups

Answer 33

1. Full backup 2. Incremental backup 3. Differential backup

Question 34

Disaster recovery

Answer 34

1. Disaster recovery service 2. Internal disaster recovery 3. Multiple data center recovery

Question 35

Off site location

Answer 35

1. Cold site 2. Warm site 3. Hot site

Question 36

Disadvantage of a disaster recovery and business continuity plan

Answer 36

cost and effort required to implement the plan

Question 37

DBMS

Answer 37

1. Database development 2. Database query 3. Database maintenance 4. Application development

Question 38

LAN

Answer 38

1. Node 2. Workstation 3. Server 4. Network interface card 5. Transmission media 6. Network Operating System 7. Communications Device

Question 39

Value added network

Answer 39

- privately owned - communication network - provides additional services beyond standard data transmission - good security - uses periodic batch processing - may be expensive

Question 40

Internet based network

Answer 40

- uses Internet protocols - public communications channels - establishes network communication - transmits transactions immediately - is relatively affordable - increases the number of potential trading partners

Question 41

Intranet

Answer 41

connects geographically separate LANs within a company

Question 42

Extranet

Answer 42

permits specified external parties to access the company’s network

Question 43

Database

Answer 43

integrated collection of data records and data files

Question 44

Database management system

Answer 44

the software that allows an organization to create, use and maintain a database

Question 45

Data warehouse

Answer 45

collection of databases that store both operations and management data

Question 46

Data mining

Answer 46

processing of data in a data warehouse to attempt to identify trends and patterns of business activity

Question 47

Advantages of DBMS

Answer 47

1. Data redundancy and inconsistency are reduced 2. Data sharing exists 3. Data independence exists 4. Data standardization exists 5. Data security is improved 6. Data fields can be expanded without adverse effects on application programs

Question 48

Difference between WANs and LANs

Answer 48

WANs - longer distance | LANs - short distance