BEC 4 Types of Information Systems and Technology Risks and Appendix Flashcards Preview

BEC > BEC 4 Types of Information Systems and Technology Risks and Appendix > Flashcards

Flashcards in BEC 4 Types of Information Systems and Technology Risks and Appendix Deck (48):
1

Strategic risk

- risk of choosing inappropriate technology

2

Operating risk

- risk of doing the right things in the wrong way

3

Financial risk

- risk of having financial resources lost, wasted or stolen

4

Information risk

- risk of loss of data integrity, incomplete transactions, or hackers

5

Specific risk

1. Error - carelessness, failure to follow directions or ignorance due to poor training
2. Intentional acts - sabotage, embezzlements, viruses, denial of service attacks
3. Disasters - fires, floods, earthquakes, high winds, terrorism and war

6

Virus

- a piece of a computer program that inserts itself into some other program, including operating systems to propagate.
- It requires a host program to propagate and can’t run independently

7

Worm

- a program that can run independently and normally propagates itself over a network
- it can’t detach itself to other programs

8

Trojan horse

- a program that appears to have a useful function but contains a hidden and unintended function that presents a security risk

9

Denial of Service attack

- one computer bombards another computer with a flood of information intended to keep legitimate users from accessing the target computer or network

10

Phishing

- sending of phony emails to try to lure people to phony websites asking for financial information

11

Spam

unsolicited email

12

Risk assessment and control activities

1. Risk - possibility of harm or loss
2. Threat - any eventuality that represents a danger to an asset or a capability linked to hostile intent
3. Vulnerability - characteristic of a design, implementation or operation that renders the system susceptible to a threat
4. Safeguards and controls - policies and procedures that when effectively applied, reduce or minimize vulnerabilities

13

Risk assessment

- identify risks
- evaluate the risks in terms of the probability of occurrence
- evaluate the exposure of potential loss
- identify controls
- evaluate the costs and benefits of implementing the controls
- implement the controls that are cost effective

14

Evaluation and Types of controls

- evaluated on cost/benefit basis

15

Access controls

1. Physical access
a. User identification codes
b. File attributes
3. Assignment and maintenance of security levels
4. Callback on dial up systems
5. File attributes
6. Firewalls
a. firewalls deter
b.network firewalls
c. application firewalls
d. firewalls methodologies
- packet filtering - examines packets of data as they pass via the firewall according to the rules. Firewall configuration
- circuit level gateways - allow data into a network that result from requests from computers inside the network
- application level gateways - examine data coming into the gateway in a more sophisticated fashion

16

Disaster recovery

consists of an entity’s plans for continuing operations in the event of the destruction of not only program and data files, but also processing capabilities.

17

Major players in disaster recovery

- organization itself
- external service provider,
the disaster recovery services provider

18

Steps in disaster recovery

1. assess the risks
2. identify mission critical applications and data
3. develop a plan for handling applications
4. determine the responsibilities of the personnel involved
5. test the disaster recovery plan

19

Advantages and disadvantages of disaster recovery and business continuity

- without the plan, the company may be out of business

20

Split mirror backup

as the size of data needed to support many large companies grows. so does the time and resources that it takes those companies to back up and recover their data.

21

Use of a disaster recovery services

different services like an empty room to providing facilities across the country to relocate end user personnel

22

Internal disaster recovery

- some organizations with the requirement for instantaneous or almost instant resumption of processing in the event of a disaster provide their own duplicate facilities in separate locations.
- data might be mirrored and processing can be switched almost instant from one location to the other
- duplicate data center and data mirroring is very expensive

23

Multiple data center backups

1. Full backup - exact copy of the entire database
2. Partial backup
- an incremental backup - copying only the data items that have changed since the last back up
- differential backup - all changes made since the last full backup, each new differential backup file contains the cumulative effects of all activity since the last full backup

24

Types of off site locations
1. Cold site *
2. Hot site
3. Warm site

Cold site - off site location that has all the electrical connections and other physical requirements for data processing, but it does not have the actual equipment

25

Types of off site locations
1. Cold site
2. Hot site *
3. Warm site

Hot site - an off site location that is equipped to take over the company’s data processing. Backup copies of essential data files and programs may also be maintained at the location or data storage facility.
1. Telecommunications network
2. Floor space and equipment determination
3. Personnel issues

26

Types of off site locations
1. Cold site
2. Hot site
3. Warm site *

Warm site - a facility that is already stocked with all the hardware that it takes to create a reasonable facsimile of the primary data center

27

Business information system risks

1. Strategic risk
2. Operating risk
3. Financial risk
4. Information risk

28

Access controls

Access controls limit access to documentation, data files, programs, and computer hardware to authorized personnel.
Examples include locks, passwords, user identification codes, assignment of security levels, callbacks on dial up systems, the setting of file attributes, and the use of firewalls.

29

Firewall

a system often both hardware and software, of user identification and authentication that prevents unauthorized users from gaining access to network resources

30

Disaster recovery

Plans for continuing operations in the event of destruction of not only programs and data but also processing capabilities.

31

Hot site

off site location that is equipped to take over a company’s data processing

32

Cold site

off site location that has all of the electrical connections and other physical requirements for data processing but does not have the actual equipment

33

Types of backups

1. Full backup
2. Incremental backup
3. Differential backup

34

Disaster recovery

1. Disaster recovery service
2. Internal disaster recovery
3. Multiple data center recovery

35

Off site location

1. Cold site
2. Warm site
3. Hot site

36

Disadvantage of a disaster recovery and business continuity plan

cost and effort required to implement the plan

37

DBMS

1. Database development
2. Database query
3. Database maintenance
4. Application development

38

LAN

1. Node
2. Workstation
3. Server
4. Network interface card
5. Transmission media
6. Network Operating System
7. Communications Device

39

Value added network

- privately owned
- communication network
- provides additional services beyond standard data transmission
- good security
- uses periodic batch processing
- may be expensive

40

Internet based network

- uses Internet protocols
- public communications channels
- establishes network communication
- transmits transactions immediately
- is relatively affordable
- increases the number of potential trading partners

41

Intranet

connects geographically separate LANs within a company

42

Extranet

permits specified external parties to access the company’s network

43

Database

integrated collection of data records and data files

44

Database management system

the software that allows an organization to create, use and maintain a database

45

Data warehouse

collection of databases that store both operations and management data

46

Data mining

processing of data in a data warehouse to attempt to identify trends and patterns of business activity

47

Advantages of DBMS

1. Data redundancy and inconsistency are reduced
2. Data sharing exists
3. Data independence exists
4. Data standardization exists
5. Data security is improved
6. Data fields can be expanded without adverse effects on application programs

48

Difference between WANs and LANs

WANs - longer distance
LANs - short distance