Chapter 12 - Managing Systems Support and Security Flashcards by Joshua Tharrington

One of four risk control strategies. In __________, the risk is accepted and nothing is done. Risk is usually accepted only if protection from risk is clearly not worth the expense.

acceptance

How well did you know this?

Not at all

Perfectly

Adds new capability and enhancements to an existing system.

adaptive maintenance

How well did you know this?

Not at all

Perfectly

An account that allows essentially unrestricted access to the application.

administrator account

How well did you know this?

Not at all

Perfectly

Documents the system at the end of the design phase and identifies any changes since the functional baseline. The ________________ includes testing and verification of all system requirements and features.

allocated baseline

How well did you know this?

Not at all

Perfectly

A person who works on new systems development and maintenance.

applications programmer

How well did you know this?

Not at all

Perfectly

The storage of previous version of a system when a new version is installed.

archived

How well did you know this?

Not at all

Perfectly

Hardware, software, data, networks, people, or procedures that provide tangible or intangible benefit to an organization.

asset

How well did you know this?

Not at all

Perfectly

A hostile act that targets an information system, or an organization itself.

attack

How well did you know this?

Not at all

Perfectly

Enables an application to contact the vendor’s server and check for a needed patch.

automatic update service

How well did you know this?

Not at all

Perfectly

One of the three main elements of system security: confidentiality, integrity, and _______________ (CIA). ______________ ensures that authorized users have timely and reliable access to necessary information.

availability

How well did you know this?

Not at all

Perfectly

One of four risk control strategies. In _____________, adding protective safeguards eliminates the risk.

avoidance

How well did you know this?

Not at all

Perfectly

Data storage options, including tape, hard drives, optical storage, and online storage.

backup media

How well did you know this?

Not at all

Perfectly

Detailed instructions and procedures for all backups.

backup policy

How well did you know this?

Not at all

Perfectly

A formal reference point that measures system characteristics at a specific time. Systems analysts use ______________ as yardsticks to document features and performance during the systems development process.

baseline

How well did you know this?

Not at all

Perfectly

A form of testing used by companies to measure system performance.

benchmark testing

How well did you know this?

Not at all

Perfectly

Mapping an individual’s facial features, handprint, or eye characteristics for identification purposes.

biometric scanning systems

How well did you know this?

Not at all

Perfectly

A password that must be entered before the computer can be started. It prevents an unauthorized person from booting a computer by using a secondary device.

BIOS-level password / Power-on Password / Boot-level password

How well did you know this?

Not at all

Perfectly

A plan that defines how critical business functions can continue in the event of a major disruption.

business continuity plan (BCP)

How well did you know this?

Not at all

Perfectly

A process that monitors current activity and performance levels, anticipates future activity, and forecasts the resources needed to provide desired levels of service.

capacity planning

How well did you know this?

Not at all

Perfectly

A process for controlling changes in system requirements during software development; also an important tool for managing system changes and costs after a system becomes operational.

change control (CC)

How well did you know this?

Not at all

Perfectly

The three main elements of system security: confidentiality, integrity, and availability.

CIA triangle

How well did you know this?

Not at all

Perfectly

One of the three main elements of system security: ______________, integrity, and availability (CIA). ______________ protects information from unauthorized discloser and safeguards privacy.

confidentiality

How well did you know this?

Not at all

Perfectly

A process for controlling changes in system requirements during the development phases of the SDLC. __ also is an important tool for managing system changes and costs after a system becomes operational.

configuration management (CM)

How well did you know this?

Not at all

Perfectly

A real-time streaming backup method that records all system activity as it occurs.

continuous backup

How well did you know this?

Not at all

Perfectly

Changes to the system to fix errors.

corrective maintenance

Formal qualifications that include degrees, diplomas, or certificates granted by learning institutions to show that a certain level of education has been achieved.

credentials

When risks are categorized and prioritized, ___________ (those with the highest vulnerability and impact ratings) head the list.

critical risks

In normal operating conditions, any transaction that occurs on the primary system must automatically propagate to the hot site.

data replication

A person who focuses on creating and supporting large-scale database systems.

database programmer

An online attack that occurs when an attacking computer makes repeated requests to a service or services running on certain ports.

denial of service (DOS)

A backup that includes only the files that have changed since the last full backup.

differential backup

A documented procedure consisting of an overall backup and recovery plan.

disaster recovery plan

A service attack involving multiple attacking computers that can synchronize DOS attacks on a server.

distributed denial of service (DDOS)

Raiding desks or trash bins for valuable information.

dumpster diving

A new feature or capability.

enhancement

An attack that takes advantage of a system vulnerability, often due to a combination of one or more improperly configured services.

exploit

The timely detection and resolution of operational problems. _____________________ includes monitoring a system for signs of trouble, logging all system failures, diagnosing the problem, and applying corrective action.

fault management

A system or application is said to be ________________ if the failure of one component does not disable the rest of the system or application.

fault tolerant

The main line of defense between a local network, or intranet, and the Internet.

firewall

A complete backup of every file on the system.

full backup

The configuration of the system documented at the beginning of the project. It consists of all the necessary system requirements and design constraints.

functional baseline

Making a system more secure by removing unnecessary accounts, services, and features.

hardening

A separate IT location, which might be in another state or even another country, that can support critical business systems in the event of a power outage, system crash, or physical catastrophe.

hot site

Controls and procedures necessary to identify legitimate users and system components.

identity management

The stealing of personally identifying information online.

identity theft

A security standard for Wi-Fi wireless networks that uses the WPA2 protocol, currently the most secure encryption method for Wi-Fi networks.

IEEE 802.11i

Saving a copy of only the files that have changed since the last full backup.

incremental backup

One of the three main elements of system security: confidentiality, __________, and availability (CIA). ____________ prevents unauthorized users from creating, modifying, or deleting information.

integrity

A bandwidth or throughput measurement.

kilobits per second (Kbps)

A device that can be inserted between a keyboard and a computer to record keystrokes

keystroke logger

Record typically kept by operating systems and applications that documents all events, including dates, times, and other specific information. ____ can be important in understanding past attacks and preventing future intrusions.

log

Changing programs, procedures, or documentation to ensure correct system performance. Adapting the system to changing requirements, and making the system operate more efficiently. Those needs are met by corrective, adaptive, perfective, and preventive maintenance.

maintenance activities

Costs that vary significantly during the system’s operational life and include spending to support maintenance activities.

maintenance expenses

A formal release of a new system version that contains a number of changes.

maintenance release

A system of numbered releases used by organizations (especially software vendors) that helps organize maintenance changes and updates.

maintenance release methodology

One or more systems analysts and programmers working on product maintenance issues together

maintenance team

Malicious software that might jeopardize the system’s security or privacy.

malware

Workload measurements, also called _________, include the number of lines printed, the number of records accessed, and the number of transactions processed in a given time period.

metrics

One of four risk control strategies. ___________ reduces the impact of a risk by careful planning and preparation. For example, a company can prepare a disaster recovery plan to mitigate the effects of a natural disaster should one occur.

mitigation

Two or more devices that are connected for the purpose of sending, receiving, and sharing data.

network

A combination of hardware and software that allows the computer to interact with the network.

network interface

Software that monitors network traffic to detect attempted intrusions or suspicious network traffic patterns and sends alerts to network administrators. Can be helpful in documenting the efforts of attackers and analyzing network performance.

network intrusion detection system (NIDS)

The practice of storing backup media away from the main business location, in order to mitigate the risk of a catastrophic disaster such as a flood, fire, or earthquake.

offsiting

Expenses that are incurred after a system is implemented and continue while the system is in use. Examples include system maintenance, supplies, equipment rental, and annual software license fees.

operational costs

Concerned with managerial policies and controls that ensure secure operations.

operational security / procedural security

Changes to a system to improve efficiency.

perfective maintenance

Data that is not encrypted.

plain text

A positive integer that is used for routing incoming traffic to the correct application on a computer.

port

An attempt to detect the services running on a computer by trying to connect to various ports and recording the ports on which a connection was accepted.

Port scans

Obtaining personal information under false pretenses.

pretexting

Changes to a system to reduce the possibility of future failure.

preventive maintenance

A common encryption technology called ___. The private key is one of a pair of keys, and it decrypts data that has been encrypted with the second part of the pair, the public key.

private key encryption

A dedicated connection, similar to a leased telephone line.

private network

An unauthorized attempt to increase permission levels.

privilege escalation attack

Describes the system at the beginning of operation. The ________________ incorporates any changes made since the allocated baseline and includes the results of performance and acceptance tests for the operational system.

product baseline

A designation for positions that require a combination of systems analysis and programming skills.

programmer/analyst

A common encryption technique. Each user on the network has a pair of keys: a public key and a private key. The public key encrypts data that can be decrypted with the private key.

public key encryption (PKE)

A _____ system may be part of an organization’s backup and recovery plans. A _____ system mirrors the data while processing continues. _____ systems are called fault-tolerant, because a failure of any one disk does not disable the system.

redundant array of independent disks (RAID)

The process of restoring data and restarting a system after an interruption.

recovery

Applications that allow IT staff to take over a user’s workstation and provide support and troubleshooting.

remote control software

The overall time between a request for system activity and the delivery of the response. In the typical online environment, ______________ is measured from the instant the user presses the ENTER key or clicks a mouse button until the requested screen display appears or printed output is ready.

response time

Backups are stored for a specific _________________ after which they are either destroyed or the backup media is reused.

retention period

Measures the likelihood and impact of risks.

risk assessment

Develops safeguards that reduce the likelihood and impact of risks.

risk control

Hardware, software, and procedural controls that safeguard and protect a system and its data from internal or external threats.

security

Created by a combination of one or more improperly configured services.

security hole

A plan that addresses the three main elements of system security: confidentiality, integrity, and availability.

security policy

A physical device that authenticates a legitimate user, such as a smart card or keychain device.

security token

An application that monitors, or listens on, a particular port.

service

A maintenance release supplied by commercial software suppliers.

service packs

An intruder uses social interaction to gain access to a computer system.

social engineering

Communications, interpersonal skills, perceptive abilities, and critical thinking are __________. IT professionals must have ____________ as well as technical skills.

soft skills

Uses analytical techniques to identify potential quality and performance improvements in an information system.

software reengineering

A login account that allows essentially unrestricted access to the application.

superuser account

A person who is responsible for the CM and maintenance of an organization’s computer networks.

system administrator

A person who concentrates on operating system software and utilities.

systems programmer

A case designed to show any attempt to open or unlock the case.

Tamper-evident cases

An application that is not developed in-house.

third-party software

In risk management, an internal or external or external entity that could endanger an asset.

threat

A measurement of actual system performance under specific circumstances and is affected by network loads and hardware efficiency.________________, like bandwidth, is expressed as a data transfer rate, such as Kbps, Mbps, or Gbps.

throughput

One of four risk control strategies. In ________________, risk is shifted to another asset or party, such as an insurance company.

transference

A secure network connection established between the client and the access point of the local intranet.

tunnel

A measure applied to centralized batch processing operations, such as customer billing or credit card statement processing. __________________ measures the time between submitting a request for information and the fulfillment of the request. ____________________ also can be used to measure the quality of IT support or services by measuring the time from a user request for help to the resolution of the problem.

turnaround time

Data that is not encrypted.

unencrypted

Battery-powered backup power source that enables operations to continue during short-term power outages and surges.

uninterruptible power supply (UPS)

Can be fastened to a cable lock or laptop alarm.

Universal Security Slot (USS)

User-specific privileges that determine the type of access a user has to a database, file, or directory.

user rights / permissions

The main objective of a _____________________ is to show users how the system can help them perform their jobs.

user training package

The process of tracking system releases.

version control

Uses a public network to connect remote users securely. Allows a remote client to use a special key exchange that must be authenticated by the ___.

virtual private network (VPN)

A security weakness or soft spot.

vulnerability

A feature of business support systems that allows analysis to define and account for a wide variety of issues (including issues not completely defined).

what-if analysis

A common method used to secure a wireless network. This approach requires each wireless client be configured manually to use a special, pre-shared key, rather than key pairs. The most recent and more secure version is WPA2.

Wi-Fi Protected Access (WPA)

One of the earliest methods used to secure a wireless network, superseded by WPA and WPA2.

Wired Equivalent Privacy (WEP)

A wireless security standard based on 802.11i that provides a significant increase in protection over WEP and WPA.

WPA2

Chapter 12 - Managing Systems Support and Security Flashcards

(115 cards)