BEC 4 Types of Information Systems and Technology Risks and Appendix Flashcards Preview

BEC > BEC 4 Types of Information Systems and Technology Risks and Appendix > Flashcards

Flashcards in BEC 4 Types of Information Systems and Technology Risks and Appendix Deck (48)
Loading flashcards...

Strategic risk

- risk of choosing inappropriate technology


Operating risk

- risk of doing the right things in the wrong way


Financial risk

- risk of having financial resources lost, wasted or stolen


Information risk

- risk of loss of data integrity, incomplete transactions, or hackers


Specific risk

1. Error - carelessness, failure to follow directions or ignorance due to poor training
2. Intentional acts - sabotage, embezzlements, viruses, denial of service attacks
3. Disasters - fires, floods, earthquakes, high winds, terrorism and war



- a piece of a computer program that inserts itself into some other program, including operating systems to propagate.
- It requires a host program to propagate and can’t run independently



- a program that can run independently and normally propagates itself over a network
- it can’t detach itself to other programs


Trojan horse

- a program that appears to have a useful function but contains a hidden and unintended function that presents a security risk


Denial of Service attack

- one computer bombards another computer with a flood of information intended to keep legitimate users from accessing the target computer or network



- sending of phony emails to try to lure people to phony websites asking for financial information



unsolicited email


Risk assessment and control activities

1. Risk - possibility of harm or loss
2. Threat - any eventuality that represents a danger to an asset or a capability linked to hostile intent
3. Vulnerability - characteristic of a design, implementation or operation that renders the system susceptible to a threat
4. Safeguards and controls - policies and procedures that when effectively applied, reduce or minimize vulnerabilities


Risk assessment

- identify risks
- evaluate the risks in terms of the probability of occurrence
- evaluate the exposure of potential loss
- identify controls
- evaluate the costs and benefits of implementing the controls
- implement the controls that are cost effective


Evaluation and Types of controls

- evaluated on cost/benefit basis


Access controls

1. Physical access
a. User identification codes
b. File attributes
3. Assignment and maintenance of security levels
4. Callback on dial up systems
5. File attributes
6. Firewalls
a. firewalls deter firewalls
c. application firewalls
d. firewalls methodologies
- packet filtering - examines packets of data as they pass via the firewall according to the rules. Firewall configuration
- circuit level gateways - allow data into a network that result from requests from computers inside the network
- application level gateways - examine data coming into the gateway in a more sophisticated fashion


Disaster recovery

consists of an entity’s plans for continuing operations in the event of the destruction of not only program and data files, but also processing capabilities.


Major players in disaster recovery

- organization itself
- external service provider,
the disaster recovery services provider


Steps in disaster recovery

1. assess the risks
2. identify mission critical applications and data
3. develop a plan for handling applications
4. determine the responsibilities of the personnel involved
5. test the disaster recovery plan


Advantages and disadvantages of disaster recovery and business continuity

- without the plan, the company may be out of business


Split mirror backup

as the size of data needed to support many large companies grows. so does the time and resources that it takes those companies to back up and recover their data.


Use of a disaster recovery services

different services like an empty room to providing facilities across the country to relocate end user personnel


Internal disaster recovery

- some organizations with the requirement for instantaneous or almost instant resumption of processing in the event of a disaster provide their own duplicate facilities in separate locations.
- data might be mirrored and processing can be switched almost instant from one location to the other
- duplicate data center and data mirroring is very expensive


Multiple data center backups

1. Full backup - exact copy of the entire database
2. Partial backup
- an incremental backup - copying only the data items that have changed since the last back up
- differential backup - all changes made since the last full backup, each new differential backup file contains the cumulative effects of all activity since the last full backup


Types of off site locations
1. Cold site *
2. Hot site
3. Warm site

Cold site - off site location that has all the electrical connections and other physical requirements for data processing, but it does not have the actual equipment


Types of off site locations
1. Cold site
2. Hot site *
3. Warm site

Hot site - an off site location that is equipped to take over the company’s data processing. Backup copies of essential data files and programs may also be maintained at the location or data storage facility.
1. Telecommunications network
2. Floor space and equipment determination
3. Personnel issues


Types of off site locations
1. Cold site
2. Hot site
3. Warm site *

Warm site - a facility that is already stocked with all the hardware that it takes to create a reasonable facsimile of the primary data center


Business information system risks

1. Strategic risk
2. Operating risk
3. Financial risk
4. Information risk


Access controls

Access controls limit access to documentation, data files, programs, and computer hardware to authorized personnel.
Examples include locks, passwords, user identification codes, assignment of security levels, callbacks on dial up systems, the setting of file attributes, and the use of firewalls.



a system often both hardware and software, of user identification and authentication that prevents unauthorized users from gaining access to network resources


Disaster recovery

Plans for continuing operations in the event of destruction of not only programs and data but also processing capabilities.


Hot site

off site location that is equipped to take over a company’s data processing


Cold site

off site location that has all of the electrical connections and other physical requirements for data processing but does not have the actual equipment


Types of backups

1. Full backup
2. Incremental backup
3. Differential backup


Disaster recovery

1. Disaster recovery service
2. Internal disaster recovery
3. Multiple data center recovery


Off site location

1. Cold site
2. Warm site
3. Hot site


Disadvantage of a disaster recovery and business continuity plan

cost and effort required to implement the plan



1. Database development
2. Database query
3. Database maintenance
4. Application development



1. Node
2. Workstation
3. Server
4. Network interface card
5. Transmission media
6. Network Operating System
7. Communications Device


Value added network

- privately owned
- communication network
- provides additional services beyond standard data transmission
- good security
- uses periodic batch processing
- may be expensive


Internet based network

- uses Internet protocols
- public communications channels
- establishes network communication
- transmits transactions immediately
- is relatively affordable
- increases the number of potential trading partners



connects geographically separate LANs within a company



permits specified external parties to access the company’s network



integrated collection of data records and data files


Database management system

the software that allows an organization to create, use and maintain a database


Data warehouse

collection of databases that store both operations and management data


Data mining

processing of data in a data warehouse to attempt to identify trends and patterns of business activity


Advantages of DBMS

1. Data redundancy and inconsistency are reduced
2. Data sharing exists
3. Data independence exists
4. Data standardization exists
5. Data security is improved
6. Data fields can be expanded without adverse effects on application programs


Difference between WANs and LANs

WANs - longer distance
LANs - short distance