DCIT 65 | Pre-Finals | Lecture Flashcards
(134 cards)
1
Q
an area in which IT workers may be tempted to violate laws and policies
A
software piracy
2
Q
in a corporate setting is sometimes directly traceable to IT staff members
A
software piracy
3
Q
are trade groups that represent the world’s largest software and hardware manufacturers
A
Software & Information Industry Association (SIIA) and the BSA | The Software Alliance (BSA)
4
Q
promotes the common interests of the software and digital content industry
A
Software & Information Industry Association (SIIA)
5
Q
informs the industry and the broader public by serving as a resource on trends, technologies, policies, and related issues that affect member firms and demonstrate the contribution of the industry to the broader economy
A
Software & Information Industry Association (SIIA)
6
Q
funded both through dues based on member companies’ software revenue and through settlements from companies that commit piracy
A
The Software Alliance (BSA)
7
Q
its membership includes about two dozen global members such as Adobe, Apple, Dell, IBM, Intuit, Microsoft, Oracle, and SAS Institute
A
The Software Alliance (BSA)
8
Q
an information, generally unknown to the public, that a company has taken strong measures to keep confidential. It represents something of economic value that has required effort or cost to develop and that has some degree of uniqueness or novelty
A
trade secret
9
Q
it can include the design of new software code, hardware designs, business plans, the design of a user interface to a computer program, and manufacturing processes.
A
trade secret
10
Q
is an effort by an employee to attract attention to a negligent, illegal, unethical, abusive, or dangerous act by a company that threatens the public interest
A
whistle-blowing
11
Q
they often have special information based on their expertise or position within the offending organization
A
whistle-blowers
12
Q
is the crime of obtaining goods, services, or property through deception or trickery
A
fraud
13
Q
the misstatement or incomplete statement of a material fact
A
misrepresentation
14
Q
occurs when one party fails to meet the terms of a contract
A
breach of contract
15
Q
occurs when a party fails to perform certain express or implied obligations, which impairs or destroys the essence of the contract
A
material breach of contract
16
Q
frequent causes of problems in IT projects include the following:
A
scope creep
poor communication
delivery of an obsolete solution
legacy systems
17
Q
Changes to the scope of the project or the system requirements can result in cost overruns, missed deadlines, and a project that fails to meet end-user expectations
A
scope creep
18
Q
Miscommunication or a lack of communication between customer and vendor can lead to a system whose performance does not meet expectations
A
poor communication
19
Q
The vendor delivers a system that meets customer requirements, but a competitor comes out with a system that offers more advanced and useful features
A
delivery of an obsolete solution
20
Q
If a customer fails to reveal information about legacy systems or databases that must connect with the new hardware or software at the start of a project, implementation can become extremely difficult.
A
legacy systems
21
Q
act of providing money, property, or favors to someone in business or government in order to obtain a business advantage
A
bribery
22
Q
process established by an organization’s board of directors, managers, and IT systems people to provide reasonable assurance for the effectiveness and efficiency of operations, the reliability of financial reporting, and compliance with applicable laws and regulations
A
internal control
23
Q
an organization’s internal control resources include all the
A
people
policies
processes
procedures
systems
24
Q
guidelines and standards by which the organization must abide
A
policies
25
drive processes and procedures
policies
26
a collection of tasks designed to accomplish a stated objective
processes
27
defines the exact instructions for completing each task in a process
procedure
28
responsible for ensuring that an adequate system of internal control is set up, documented with written procedures, and implemented
management
29
responsible for assessing whether the internal controls have been implemented correctly and are functioning as designed; they report its findings to management
internal audit organization
30
made in secret, as they are neither legally nor morally acceptable
bribes
31
made indirectly through a third party
bribes
32
encourage an obligation for the recipient to act favorably toward the donor
bribes
33
made openly and publicly, as a gesture of friendship or goodwill
gifts
34
made directly from donor to recipient
gifts
35
come with no expectation of a future favor for the donor
gifts
36
most frequent areas of résumé falsehood or exaggeration
overstated skill set
job title
academic degrees earned
embroidered responsibility
awards
37
refers to a person who uses a hardware or software product; the term distinguishes end users from the IT workers who develop, install, service, and support the product
IT user
38
one who possesses the skill, good judgment, and work habits expected from a person who has the training and experience to do a job well
professional
39
states the principles and core values that are essential to the work of a particular occupational group
professional code of ethics
40
ACM means?
Association for Computing Machinery (ACM)
41
SANS means?
SysAdmin, Audit, Network, Security (SANS) Institute
42
IEEE-CS means?
Institute of Electrical and Electronics Engineers Computer Society (IEEE-CS)
43
AITP means?
Association of Information Technology Professionals (AITP)
44
indicates that a professional possesses a particular set of skills, knowledge, or abilities, in the opinion of the certifying organization
certification
45
Apple Certified Technical Coordinator
MAC OS X
46
Cisco Certified Design Associate
Cisco Hardware
47
Cisco Certified Network Professionals
Cisco Networking
48
Cisco Certified Internetwork Expert
Cisco Networking
49
Microsoft Certified Professional
Microsoft Products
50
Citrix Certified Administrator (CCA)
Citrix Products
51
Oracle Database 12c: Certified Expert Performance Management and Tuning
Oracle Database
52
Salesforce.com Certified Administrator
Salesforce Software
53
government-issued permission to engage in an activity or to operate a business
government license
54
software engineers shall adhere to the following eight principles:
public
client and employer
product
judgement
management
profession
colleagues
self
55
defined as not doing something that a reasonable person would do or doing something that a reasonable person would not do.
negligence
56
the failure to act as a reasonable person would act
breach of the duty of care
57
Professionals who breach the duty of care are liable for injuries that their negligence causes. This liability is commonly referred to as
profession malpractice
58
a corporate setting can sometimes be directly traceable to IT professionals—they might allow it to happen, or they might actively engage in it.
software piracy
59
Some employees use their computers to surf popular websites that have nothing to do with their jobs, participate in chat rooms, view pornographic sites, and play computer games
Inappropriate Use of Computing Resources
60
Every organization stores vast amounts of information that can be classified as either private or confidential.
Inappropriate Sharing of Information
61
Common Ethical Issues for IT Users
Software Piracy
Inappropriate Use of Computing Resources
Inappropriate Sharing of Information
62
a document that stipulates restrictions and practices that a user must agree to in order to use organizational computing and network resources
acceptable use policy (AUP)
63
AUP's five key elements
purpose of the AUP
scope
policy
compliance
sanctions
64
their responsibilities include managing the processes, tools, and policies necessary to prevent, detect, document, and counter threats to digital and nondigital information, whether it is in transit, being processed, or at rest in storage
Information security (infosec) group
65
hardware or software (or a combination of both) that serves as the first line of defense between an organization’s network and the Internet; a firewall also limits access to the company’s network based on the organization’s Internet-usage policy
firewall
66
means to be in accordance with established policies, guidelines, specifications, or legislation
compliance
67
a set of computer programs made up of a sequence of short commands called instructions that tell the computer what to do
software
68
a sequence of short commands __ that tell the computer what to do
instructions
69
software is in two forms:
ROM (read-only memory)
RAM (random access memory)
70
computer’s more permanent memory
ROM (read-only memory)
71
loaded on demand at runtime in less permanent but more volatile memory
RAM (random access memory)
72
creates or develops a set of programs to meet the specifications of a user, if there is a contract, or of a specific problem if it is a general software
software producer or developer
73
they are either individuals working alone or companies such as Microsoft, which employs hundreds of software engineers including analysts and programmers
developers
74
they obtain the finished software from the developer to satisfy a need, basing their decision on developer claims
software buyers or customers
75
consists of a series of random tests on the software during the development stage
development testing
76
involves static formal mathematical techniques such as proof of correctness and dynamic techniques such as testing to show consistency between the code and the basic initial specifications
verification and validation (V&V)
77
Standards
reliability
security
safety
quality
quality of service
78
the probability that such a software does not encounter an input sequence that leads to failure
reliability of software
79
a computer system software is __ if it protects its programs and data—in other words, if it does not contain trapdoors through which unauthorized intruders can access the system
secure
80
a state or a condition of passing through many forms or stages
polymorphism
81
A software system is __ if a condition is created whereby there is a likelihood of an accident, a hazard, or a risk
unsafe
82
a technique that tries to improve software quality through a software development process known as the software quality function development (SQFD)
total quality management (TQM)
83
represents a movement from the traditional techniques of TQM to the software development environment by focusing on improving the development process through upgrades in the requirement solicitation phase
software quality function development (SQFD)
84
means providing consistent, predictable service delivery that will satisfy customer application requirements
quality of service (QoS)
85
human factors
Memory lapses and attentional failures
rush to finish
malice
complacency
86
For example, someone was supposed to have removed or added a line of code, tested, or verified but did not because of simple forgetfulness
Memory lapses and attentional failures
87
The result of pressure, most often from management, to get the product on the market either to cut development costs or to meet a client deadline, can cause problems.
Rush to finish
88
it has traditionally been used for vendetta, personal gain (especially monetary), and just irresponsible amusement.
malice
89
When either an individual or a software producer has significant experience in software development, it is easy to overlook certain testing and other error control measures in those parts of software that were tested previously in a similar or related product
complacency
90
Nature of Software: Complexity
complexity
difficult testing
ease of programming
91
a state or set of conditions of a system or an object that, together with other conditions in the environment of the system, or object, will lead inevitably to an accident
hazard
92
hazard has two components:
severity and likelihood of occurrence
93
a hazard level together with the likelihood of an accident to occur and the severity of the potential consequences
risk
94
it can also be defined in simpler terms as the potential or possibility of suffering harm or loss—danger, in short
risk
95
a process to estimate the impact of risk. It is an approach for system managers to measure the system’s assets and vulnerabilities, assessing the threat and monitoring security
risk management
96
This involves identifying the software’s security vulnerabilities and may consist of a variety of techniques including question and answer, qualitative assessment, or methodology and calculation
assessment
97
simple equation for calculating risk
Risk = Assets x Threats x Vulnerabilities
98
involves outlining the policies for security management
planning
99
may seek to match the security needs of the system with all available security tools
good implementation
100
helps to determine the necessary changes and new security applications to the system
monitoring
101
a general attitude and approach to safety consisting of overconfidence, complacency, placing low priority on safety, and accepting flawed resolutions of conflicting goals
humanware
102
in the maiden days of the “__,” risk and vulnerability of both the computer user and data were not a problem
Wonder Machine
103
a computer-controlled electronic-accelerator radiation-therapy system developed by Atomic Energy of Canada, Ltd. (AECL). Between 1985 and 1987, the system was involved in a number of accidents, some resulting in deaths because of radiation overdose
Therac–25
104
machine works by creating a high-energy beam of electrons targeted to the cancerous tumor, leaving the healthy tissue surrounding the tumor unaffected
Therac–25
105
The Union Carbide industrial accident in Bhopal, India, illustrates many of the elements of this safety culture. In December 1984, an accidental release of methyl isocyanate killed between 2,000 and 3,000 people and injured tens of thousands of others, many of them permanently. The accident was later blamed on human error
The Indian Bhopal Chemical Accident
106
Accident in northern Ukraine, then a republic of the USSR, was the worst nuclear accident that has ever occurred. For a number of days after the accident, the Soviet government kept the world guessing at what was happening.
The Chernobyl Nuclear Power Accident
107
a game of wits played between the buyer and the seller
asset purchasing
108
an official commitment that prevails between a service provider and a client. Particular aspects of the service— quality, availability, and responsibilities—are agreed between the service provider and the service user
service-level agreement (SLA)
109
An agreement with an individual customer group, covering all the services they use
Customer-based SLA
110
An agreement for all customers using the services being delivered by the service provider
Service-based SLA
111
The SLA is split into the different levels, each addressing different set of customers for the same services, in the same SLA
Multilevel SLA
112
Covering all the generic service-level management (often abbreviated as SLM) issues appropriate to every customer throughout the organization
Corporate-level SLA
113
covering all SLM issues relevant to the particular customer group, regardless of the services being used
Customer-level SLA
114
covering all SLM issue relevant to the specific services, in relation to this specific customer group
Service-level SLA
115
Clearly defined promises reduce the chances of disappointing a customer
Customer commitments
116
a meeting of the minds on issues such as the price bargained or agreed upon, the amount paid or promised to be paid, and any agreement enforceable by law
Mutual consent
117
are guarantees that the product or service will live up to its reasonable expectations
warranties
118
an affirmation of a fact, a promise, or a description of goods, a sample, or a model made by the seller to the buyer relating to the goods and as a basis for payment negotiations
express warranties
119
are enforced by law according to established and accepted public policy
implied warranties
120
If a software product injures a user other than the buyer, the user may sue the producer for benefits due to injuries or loss of income resulting from the product. They are not common because they are rarely found valid in courts.
Third-Party Beneficiary Contracts
121
Producers try to control their liability losses by putting limits on warranties via __. Producers preempt lawsuits from buyers by telling buyers in writing on the contracts the limits of what is guaranteed
disclaimers
122
means the buyer beware
caveat emptor
123
a wrong committed upon a person or property in the absence of a contract. it may include negligence, malpractice, strict liability, and misrepresentation. it falls into two categories: intentional and unintentional
tort
124
can be used by the buyer to obtain benefits from the producer if there is provable evidence that the product lacked a certain degree of care, skill, and competence in the workmanship
negligence
125
a type of negligence. It is also applicable in cases involving services
malpractice
126
a tort involving products
strict liability
127
may be intentionally done by the sales representative to induce the buyer to buy the product or it may be just a genuine mistake
misrepresentation
128
you need to prove that the vendor was aware the facts given were not true or that the vendor would have known the true facts but opted not to inform the buyer accordingly
fraudulent misrepresentation
129
intentional misrepresentation is called?
fraudulent misrepresentation
130
Presentation of the software product by a person more familiar with the product to others with competent knowledge of that product so they can critique the product and offer informed suggestions
Formal review
131
Involves checking the known specific errors from past products and establishing additional facilities that may be missing in the product to bring the product up to acceptable standards
inspection
132
Requires code inspection line-by-line by a team of reviewers to detect potential errors
walk-through
133
technique developed by Knight and Mayers. it is an enhanced method combining the previous three methods by putting emphasis on the limitations of those methods
phased inspection
134
they need to protect themselves against piracy, illegal copying, and fraudulent lawsuits
software producers
