Flashcards in BEC 4 Types of Information Systems and Technology Risks and Appendix Deck (48)
Loading flashcards...
1
Strategic risk
- risk of choosing inappropriate technology
2
Operating risk
- risk of doing the right things in the wrong way
3
Financial risk
- risk of having financial resources lost, wasted or stolen
4
Information risk
- risk of loss of data integrity, incomplete transactions, or hackers
5
Specific risk
1. Error - carelessness, failure to follow directions or ignorance due to poor training
2. Intentional acts - sabotage, embezzlements, viruses, denial of service attacks
3. Disasters - fires, floods, earthquakes, high winds, terrorism and war
6
Virus
- a piece of a computer program that inserts itself into some other program, including operating systems to propagate.
- It requires a host program to propagate and can’t run independently
7
Worm
- a program that can run independently and normally propagates itself over a network
- it can’t detach itself to other programs
8
Trojan horse
- a program that appears to have a useful function but contains a hidden and unintended function that presents a security risk
9
Denial of Service attack
- one computer bombards another computer with a flood of information intended to keep legitimate users from accessing the target computer or network
10
Phishing
- sending of phony emails to try to lure people to phony websites asking for financial information
11
Spam
unsolicited email
12
Risk assessment and control activities
1. Risk - possibility of harm or loss
2. Threat - any eventuality that represents a danger to an asset or a capability linked to hostile intent
3. Vulnerability - characteristic of a design, implementation or operation that renders the system susceptible to a threat
4. Safeguards and controls - policies and procedures that when effectively applied, reduce or minimize vulnerabilities
13
Risk assessment
- identify risks
- evaluate the risks in terms of the probability of occurrence
- evaluate the exposure of potential loss
- identify controls
- evaluate the costs and benefits of implementing the controls
- implement the controls that are cost effective
14
Evaluation and Types of controls
- evaluated on cost/benefit basis
15
Access controls
1. Physical access
a. User identification codes
b. File attributes
3. Assignment and maintenance of security levels
4. Callback on dial up systems
5. File attributes
6. Firewalls
a. firewalls deter
b.network firewalls
c. application firewalls
d. firewalls methodologies
- packet filtering - examines packets of data as they pass via the firewall according to the rules. Firewall configuration
- circuit level gateways - allow data into a network that result from requests from computers inside the network
- application level gateways - examine data coming into the gateway in a more sophisticated fashion
16
Disaster recovery
consists of an entity’s plans for continuing operations in the event of the destruction of not only program and data files, but also processing capabilities.
17
Major players in disaster recovery
- organization itself
- external service provider,
the disaster recovery services provider
18
Steps in disaster recovery
1. assess the risks
2. identify mission critical applications and data
3. develop a plan for handling applications
4. determine the responsibilities of the personnel involved
5. test the disaster recovery plan
19
Advantages and disadvantages of disaster recovery and business continuity
- without the plan, the company may be out of business
20
Split mirror backup
as the size of data needed to support many large companies grows. so does the time and resources that it takes those companies to back up and recover their data.
21
Use of a disaster recovery services
different services like an empty room to providing facilities across the country to relocate end user personnel
22
Internal disaster recovery
- some organizations with the requirement for instantaneous or almost instant resumption of processing in the event of a disaster provide their own duplicate facilities in separate locations.
- data might be mirrored and processing can be switched almost instant from one location to the other
- duplicate data center and data mirroring is very expensive
23
Multiple data center backups
1. Full backup - exact copy of the entire database
2. Partial backup
- an incremental backup - copying only the data items that have changed since the last back up
- differential backup - all changes made since the last full backup, each new differential backup file contains the cumulative effects of all activity since the last full backup
24
Types of off site locations
1. Cold site *
2. Hot site
3. Warm site
Cold site - off site location that has all the electrical connections and other physical requirements for data processing, but it does not have the actual equipment
25
Types of off site locations
1. Cold site
2. Hot site *
3. Warm site
Hot site - an off site location that is equipped to take over the company’s data processing. Backup copies of essential data files and programs may also be maintained at the location or data storage facility.
1. Telecommunications network
2. Floor space and equipment determination
3. Personnel issues
26
Types of off site locations
1. Cold site
2. Hot site
3. Warm site *
Warm site - a facility that is already stocked with all the hardware that it takes to create a reasonable facsimile of the primary data center
27
Business information system risks
1. Strategic risk
2. Operating risk
3. Financial risk
4. Information risk
28
Access controls
Access controls limit access to documentation, data files, programs, and computer hardware to authorized personnel.
Examples include locks, passwords, user identification codes, assignment of security levels, callbacks on dial up systems, the setting of file attributes, and the use of firewalls.
29
Firewall
a system often both hardware and software, of user identification and authentication that prevents unauthorized users from gaining access to network resources
30
Disaster recovery
Plans for continuing operations in the event of destruction of not only programs and data but also processing capabilities.
31
Hot site
off site location that is equipped to take over a company’s data processing
32
Cold site
off site location that has all of the electrical connections and other physical requirements for data processing but does not have the actual equipment
33
Types of backups
1. Full backup
2. Incremental backup
3. Differential backup
34
Disaster recovery
1. Disaster recovery service
2. Internal disaster recovery
3. Multiple data center recovery
35
Off site location
1. Cold site
2. Warm site
3. Hot site
36
Disadvantage of a disaster recovery and business continuity plan
cost and effort required to implement the plan
37
DBMS
1. Database development
2. Database query
3. Database maintenance
4. Application development
38
LAN
1. Node
2. Workstation
3. Server
4. Network interface card
5. Transmission media
6. Network Operating System
7. Communications Device
39
Value added network
- privately owned
- communication network
- provides additional services beyond standard data transmission
- good security
- uses periodic batch processing
- may be expensive
40
Internet based network
- uses Internet protocols
- public communications channels
- establishes network communication
- transmits transactions immediately
- is relatively affordable
- increases the number of potential trading partners
41
Intranet
connects geographically separate LANs within a company
42
Extranet
permits specified external parties to access the company’s network
43
Database
integrated collection of data records and data files
44
Database management system
the software that allows an organization to create, use and maintain a database
45
Data warehouse
collection of databases that store both operations and management data
46
Data mining
processing of data in a data warehouse to attempt to identify trends and patterns of business activity
47
Advantages of DBMS
1. Data redundancy and inconsistency are reduced
2. Data sharing exists
3. Data independence exists
4. Data standardization exists
5. Data security is improved
6. Data fields can be expanded without adverse effects on application programs
48