CHARACTERISTICS OF IT SYSTEMS Flashcards
1
Q
Types of networks:
A
By geographical scope
By Ownership
By use of internet
2
Q
Networks by geographical scope:
A
PAN
LAN
MAN
WAN
3
Q
What is a network?
A
group of interconnected computers and terminals
4
Q
PAN
A
personal area network
centered around the individual
and the devices he uses
wired or wireless
5
Q
LAN
A
local area network
privately owned
within a single building or campus
up to few miles in size
6
Q
MAN
A
metropolitan area network
larger than LAN
group within a city
7
Q
WAN
A
wide area network
country or continent
8
Q
Network by ownership
A
private
public
cloud computing/cloud services
9
Q
Disadvantages of cloud computing
A
information security and privacy
continuity of services
migration
10
Q
HTML
A
Hypertext Markup Language
11
Q
XML
A
Extensible Markup Language
12
Q
XML
A
language used to create and format documents
link documents to web pages/trading partners
communicate between web browsers
superior ability to tag
13
Q
XBRL
A
Extensible Business Reporting Language
XML based
used in automation of business info requirements
used in filings with SEC (EDGAR)
sharing of reports, fs, audit schedules
electronic data gathering and retrieval
14
Q
Internet
A
international collection of networks
made up of independent computers
operate as a large computing network
requires use of TCP and IP
15
Q
HTTP
A
Hypertext Transfer Protocol
primary internet protocol
for data communication
in the www
16
Q
URL
A
Uniform Resource Locator
typing the address
works like the postal department
17
Q
WWW
A
world wide web
framework for accessing linked resources
18
Q
WEB BROWSER
A
client software (mozilla, explorer)
provides user with ability
to locate and display web resources
19
Q
Web servers
A
software
serves web resources to web clients
20
Q
Firewall
A
protects computers and its information
from outsiders
has security algorithms and
router communications protocols
21
Q
Router
A
communications interface device
connects 2 networks
determines the best way to move data
to its destination
22
Q
Bridge
A
a device
divides the LAN into 2 segments
works like a switch
forwards traffic across network
23
Q
Switch
A
a device channels incoming data from any multiple input ports to specific output port that will take data to its destination
24
Q
Gateway
A
combination of hardware and software
links to different types of networks
25
Proxy server
saves and serves copies of web pages
increase efficiency of internet operations
help assure data security
26
Cache
reserve of web pages already sent or loaded
27
Web 2.0 and its tools
2nd generation of the web
blog
wiki
twitter
RSS/ATOM Feeds -really simple syndication
28
RSS/ATOM Feeds
an XML application
| subscribe to share website content
29
TCP / IP
Transmission Control Protocol
Internet Protocol
the basic communication language/protocol in the internet
30
TCP
Transmission Control Protocol
the higher layer of internet protocol
assembles messages/files
into smaller packets
and transmitted to the internet
31
IP
lower layer of internet protocol
assigns IP addresses
ensures message delivery to computer
32
IP address
unique number identifier
33
ISP
Internet Service Provider
time warner
34
Types of Virus
Trojan Horse
| Worm
35
Virus
a program/code that
requests the computer to
perform activities not authorized by the user
transmitted thru use of files containing macros
36
Macro
stored set of instructions and functions
organized to perform repetitive task
activated by keystroke combination
37
Worm
propagates over a network
38
Botnet
```
network of computers
controlled by computer code
designed to perform a repetitive task
sending spam, spreading virus
creating distributed denial of service attack
```
39
Bot
a computer code that sends spam
| spreads virus
40
Intranet
local network within an organization
41
Extranet
intranet
| includes external customers and suppliers
42
Database client server architecture
It is important to consider the architecture when considering a network
3 responsibilities important:
input
processing
storage
consider the Client-server relationship
43
Cient
the computer or workstation of an individual user
44
Server
```
high capacity computer
containing the network software
provides services
by serving files to clients
and performing analyses
```
45
Client server model
starts with a request message
from a client to the server
asking for service to be performed
46
Overall client-server systems
```
a networked computing model (LAN)
in which a database software
on a server's platform
performs commands/requests
from client computers
```
47
File server
| Client Tier
subtype of client-server architecture
file server manages the file operations
shared by each of the client PCs
input,output and processing by client computer
all data manipulations done by client computer
file server stores data
48
Database servers
| Service Database Tier
similar to file server
but server performs more of the processing
server contains database management system
49
Three Tier architecture
in addition to the file server and database servers
a 3rd tier is added for the application program
Other servers serving as 3rd layer:
print server
communications server
fax server
web server
50
Communications Server
act as gateway to the internet or intranet
51
Distributed Systems?
system that connects all company locations
to form a distributed network
each location has its own input/output,
processing and storage
computers pass data among themselves
pass data to server or host for further processing
52
Hardware components
workstations - microcomputers
peripherals
transmission data
network interface cards
53
peripherals
printer
attached storage
scanners
fax board
54
Transmission media
physical path
that connects components of LAN
wires, cables, optical fibers
55
WLAN or WIFI
wireless LANs
56
Network interface cards
connect workstation and transmission media
57
Control Implications
General controls are often weak
Controls rely on end users
Inadequate resources for troubleshooting
Good controls management, there is segregation of duties
LAN ordinarily does not have security features like larger scale environments
58
Important requirements when using small computers
Security
Verification of processing
Personnel
59
Security control process
Control access to software installation file
Make backup copies
Restrict access to hard drive
Segregate duties in data processing
60
Verification of processing control
Computers should not be used for personal projects
| Perform period independent verification of applications used
61
Personnel control
Centralized authorization
to purchase hardware and software
Prohibit loading of unauthorized software and data
Sensitive data should not be downloaded on protable devices
62
EUC End User Computing
```
Use of microcomputers
3wsUse of end user applications
End user responsible for
development and execution of the application
Risks involved
```
63
Control implications
```
Test applications before implementing
Require adequate documentation
Physical access controls
Control access to authorized users only
Control use of incorrect versions of data files
Backup files
Application controls
Perform programmed reconciliations
```
64
Risks in E Commerce
```
security
availability
processing integrity
online privacy
confidentiality
```
65
How to assure data integrity?
WebTrust seal of assurance
Digital IDs /certificates
Encryption
Offsite mirrored web servers
66
Digital certificate?
digital signature required
to assure recipient of data validity
message is encrypted and recipient decrypts it
67
Encryption
original data is converted to cipher text
68
Decryption
Convert encrypted data back to original data
Use algorithms and keys
Only users control
69
Algorithm
detailed sequence of actions to perform a task
70
Key
a value that must be fed into the algorith used to decode an encrypted message
71
Private key system
encryption system
| both sender and receiver have access
72
Encryption is important
any time two or more computers are communicating
| keep private info on one computer
73
System overhead
machine instructions
necessary to encrypt and decrypt data
slows down processing
74
Electronic data interchange
electronic exchange of business transactions
from one entity's computer to another
through an electronic communications network
75
Risks on EDI
audit trails for internal and external auditors
activity logs
sender/recipient acknowledgment of receipt of transactions
auditors should test controls on timely basis while records are available
76
Methods of communication between trading partners
Point to point
VAN - value added network
Public networks
Proprietary networks
77
Point to point
a direct computer to computer private network link
78
VAN
value added network
privately owned network
that routes EDI transactions
between trading partners
and provides storage, translation, processing
79
Advantages of VAN
reduces communication and data protocol problems bec VANs can deal with differing protocols
partners don't have to establish point to point connections
reduces scheduling problems-receiver requests delivery of transactions anytime
VAN translates application to standard format
the partner doesn't have to reformat
provides increased security
80
Disadvantages of VAN
costly
dependence upon VANs systems and controls
possible loss of data confidentiality
81
Public Networks advantages
Advantages
```
avoids cost of proprietary lines
avoids cost of VAN
directly communicates transactions to trading partners
software allows communication
between differing systems
```
82
Public network disadvantages
possible loss of data confidentiality
computer transmission disruption
prone to hacker an viruses
possible electronic frauds
83
EFT electronic fund transfer
making cash payments between two organizations electronically
84
Disadvantage of EFT
risk of unauthorized access
| risk of fraudulent fund transfers
85
EFT Controls
Control physical access
to network facilities
Require electronic identification
for all network terminals
authorized to use EFT
Control access thru passwords
Encrypt stored and transmitted data
86
Advantages of Point to Point method
no reliance on 3rd parties for computer processing
organization controls access to network
organization enforces propriety to software
improved timeliness in delivery
87
Disadvantages of Point to Point Method
need to establish connection
with trading partner
high initial cost
computer scheduling issues
common protocols between partners needed
need hardware and software
compatibilty of both points
88
Proprietary Networks
private network of organizations
extremely reliable
needs proprietary lines
costly to develop and operate
89
Encryption and authentication controls are important in EDI because
absence of paper transactions
| direct interrelationship with another organization's computer
90
Authentication controls
controls from origin of transaction
submission and delivery of EDI communications
receiver must have proof of the origin of the message, proper submission and delivery
91
Packets
a block of data
transmitted from one computer to another
contains data and authentication info
92
Benefits of EDI
```
quick response and access to info
cost efficient
reduced paperwork
reduced errors and correction costs
better communications and cust service
necessary to remain competitive
```
93
Principles of a reliable system - IT risks and internal control
SAPOC
```
security
availability
processing integrity
online privacy
confidentiality
```
94
Exposures of EDI
total dependence upon computer system
sensitive information exposure -lose confidentiality
audit trail - lost due to limited retention policies
unauthorized transactions and fraud
reliance on trading partners VAN who control EDI
errors -data processing, application and communication
legal liability due to errors
95
Telecommunications Systems
electronic transmission of information
voice, data, video, fax etc
using hardware and software
hardware:
computers -communications control and switching
radio, wire, fiber, optic, coaxial cable
microwave, laser, electromagnetic systems
modems - compatibility issues
software
```
controls and monitors the hardware
formats information
adds control information
performs switching operations
provides security
supports the management of communications
```
96
Role of software in telecommunications system
```
controls and monitors the hardware
formats information
adds control information
performs switching operations
provides security
supports the management of communications
```
97
Uses of telecommunications system
```
EDI
DFT
POS
commercial databases
airline reservations etc
```
98
Controls needed in telecommunications system
Controls on:
```
data entry
central computer equipment security
system integrity at remote sites
dial in security
transmission accuracy and completeness
physical security of facilities
regular test of controls
```
99
Computer service organizations`
record and process data for organizations
payroll checks
VAN - same as CSO but with broader role
provides network, storing, forwarding mailbox, services of companies using EDI
