Final

Question 1

What does SDLC stand for? What does it consist of?

Answer 1

Software Development Life Cycle. It consists of analysis, design, development, testing, and implementation phase.

Question 2

Why do systems fail?

Answer 2

1. Lack of clear goals and specifications
2. Poor management and communication among customers, designers, programmers etc.
3. Pressure for unrealistically low bids, budget, time.
4. Very new/unreliable technology.
5. Inflexible, expensive, and undocumented legacy systems
6. Refusal to take accountability
7. Lack of manual failsafes

Question 3

Therac-25

Answer 3

A machine that caused massive overdoses in radiation and death due to system errors.

The name comes from 25 MeV.

Company: AECL

Question 4

Why are error explanations important?

Answer 4

Ambiguous error codes are not only hard to interpret, but the nature of the error and why it happened/what the consequences are become impossible to pin down.

Question 5

Radioactive Products

Answer 5

In the early 20th century, radium was put on a cultural pedestal and products such as radioactive toothpaste, bread, etc became popular. They had extreme adverse effects.

Question 6

User Error

Answer 6

Sometimes, the WAY that a specific user interacts with a system can cause errors. Professional will handle the program in a different way.
Example: speed of input affects outcome

Question 7

Problems with Therac

Answer 7

One coder for 20,000 lines of code
Old/reused code
Unaware of bugs
Lack of testing
Reusing variables
Over-confident programmers
Hard to decipher error codes
Lack of mechanical locks/manual input

Question 8

Professional Techniques to increase Reliability and Safety

Answer 8

Certification for software engineers
Proper testing of user interfaces and human factors
Redundancy and self-checking
Real-world testing with real users
Management and communication
Organization principles: risk management and loose structure (employee can talk to management and CEO easily)

Question 9

User Interfaces and Human Factors to increase Reliability and Safety

Answer 9

Provide clear instructions and error messages - feedback
Be consistent with expected result
Input validation
Moderate workload (not boring)
Backup computers
Voting redundancy - same results from different environments

Question 10

Increasing Reliability and Safety - Testing

Answer 10

Small changes must be thoroughly tested system-wide
Independent verification and validation
Beta testing

Question 11

Intellectual Property

Answer 11

Intangible creative work.
Value from creativity, ideas, research, skills, labor, non-material efforts and attributes the creator provides.
Protected by copyright and patent law.

Question 12

Patent

Answer 12

Gives an inventor the right to exclusive use of their invention for 20 years.

Question 13

Trademark

Answer 13

Protects the unique name, design, logo, symbols, or colors used by a business to identify their products or services forever.

Question 14

Copyright

Answer 14

Protects creative and artistic expressions i.e. books, drawings, paintings, computer programs and music for life + 70 years.

Question 15

Does new technology make copyright infringement easier or harder?

Answer 15

Easier.
Compression tech allows for copying large files.
Search engines make finding material easier.
Peer-to-peer tech makes sharing files easier.
Video streaming/file transfer via broadband is easier.
Cameras etc. allow recording events.
Scanners can convert print, photos, and artwork to electronic form

Question 16

What does the constitution say about copyright?

Answer 16

It gives congress the power “To promote the progress of science and useful arts, by securing for limited time to authors and inventors the exclusive rights to their respective writings and discoveries.”
Article I Section 8

Question 17

Copyright holder’s exclusive rights

Answer 17

Make copies
Produce derivative works (translations, movies from books)
Distribute copies
Perform work in public (music, plays)
Display work in public (art, movies, computer games, video on web)

Question 18

Fair Use Doctrine

Answer 18

1. Purpose and nature of use (commercial and nonprofit)
2. Nature of the copyrighted work (creative or factual)
3. Amount and significance of portion used.
4. Effect of use on potential market or value of the copyright work (will it reduce sales of work?)

Question 19

Digital Rights Management

Answer 19

Techniques that control the uses of IP in digital formats.
Hardware and software schemes using encryption.
Producer of file may specify what a user may do with it.
Different DRM schemes used by Apple, Microsoft, and Sony.

Question 20

Banning, Suing, and Taxing

Answer 20

Banning/delaying tech via lawsuits i.e. CD-recording devices, DVD players, and portable MP3 players.
Require that new tech include copyright protections
Taxing digital media to compensate the industry for expected losses.

Question 21

DMCA

Answer 21

Digital Millennium Copyright Act:
Anti-circumvention and safe harbor

Question 22

Anti circumvention

Answer 22

Prohibit circumventing tech access controls and copy-prevention systems

Question 23

Safe harbor

Answer 23

Protect websites from lawsuits for copyright infringement by users. Take down notices by the industry require sites to comply in order to not violate copyright.

Question 24

DeCSS

Answer 24

A free computer program that could decrypt content on commercially produced DVDs.
Banned in the U.S.

Question 25

Copyright Clearance Center

Answer 25

Organization set up to collect and distribute royalty fees so users don't have to search out individual copyright holders.

Question 26

Revenue Sharing

Answer 26

A legal means for obtaining inexpensive music and generating revenue for the industry and artists. It allows content-sharing sites to enable the posting of content and share their ad revenues with content owners in compensation

Question 27

Free Software

Answer 27

Idea advocated and supported by a large, loose-knit group of computer programmers who allow people to copy, use, and modify their software. Free to use, not lack of cost

Question 28

Open Source

Answer 28

Software distributed or made public in readable and modifiable source code.

Question 29

Hacking - General

Answer 29

Intentional, unauthorized access to computer systems

Question 30

Hacking - Phase 1

Answer 30

60s - 70s "The joy of programming" Hacker = creative programmer who wrote elegant or clever code. Hack = clever piece of code.

Question 31

Hacking - Phase 2

Answer 31

70s - 90s Negative connotation Breaking into computers without authorized access. Spread computer worms, viruses, and 'phone phreaking'. Companies used hackers to analyze and improve security.

Question 32

Hacking - Phase 3

Answer 32

mid 90s - present Growth of the Web made viruses and worms fast and widespread. Hacktivism DoS attacks Large scale theft of personal/financial info

Question 33

Hacktivism

Answer 33

Political hacking that began in phase 3. Promotes a political cause. Sometimes considered a form of civil disobedience/gray area.

Question 34

DoS/DDoS attack

Answer 34

Denial-of-service attack used to shut down a Web site. Distributed-denial-of-service attack - a botnet floods a host with traffic simultaneously

Question 35

White hat hacker

Answer 35

Hackers who use their skills to demonstrate system vulnerabilities and improve security.

Question 36

Hacking as Foreign Policy

Answer 36

Hacking by governments has increased. The Pentagon has announced that it will treat some cyber attacks as acts of war/respond with military force.

Question 37

Stuxnet

Answer 37

An extremely sophisticated worm that targets a particular type of control system. Damaged equipment in a uranium enrichment plant in Iran.

Question 38

Factors that contribute to security weaknesses

Answer 38

1. History of the Internet and the Web 2. Inherent complexity of computer systems 3. Speed at which new applications develop 4. Economic and business factors 5. Human nature

Question 39

Firewalls

Answer 39

Used to monitor/filter out communication from untrusted sites that fit a profile of suspicious activity.

Question 40

CFAA

Answer 40

Computer Fraud and Abuse Act - Covers gov. computers, financial/medical systems, and activities that involve computers in more than one state (connected to Internet) It is illegal to access a computer without authorization. Expanded to include unauthorized data collection.

Question 41

PATRIOT act

Answer 41

Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism. Expanded the definition of loss to include the cost of responding to an attack, assessing damage and restoring systems.

Question 42

Catching and Punishing Hackers

Answer 42

1. Law enforcement agents read hacker newsletters/participate in chat rooms undercover. 2. Honey pot sites to attract, record and study hackers. 3. Computer forensics specialists can retrieve evidence from computers even after deletion/erasure. 4. Investigators trace viruses and hacking attacks by using ISP records and router logs

Question 43

Why do security breaches occur?

Answer 43

Poorly written software or poorly configured networks and applications.

Question 44

Identity Theft

Answer 44

Committing crime with someone else's personal information (credit/debit card, SSN) 18-29 year olds are vulnerable Made easier through E-commerce.

Question 45

Techniques used to steal personal and financial information

Answer 45

Phishing (email), smishing (text), vishing (voice) Pharming Publicly available data

Question 46

Phishing/smishing/vishing

Answer 46

Requests for personal and financial information disguised as legitimate business communication.

Question 47

Pharming

Answer 47

False Web sites that fish for personal and financial information by planting false URLs in Domain Name Servers.

Question 48

Responses to Identity Theft

Answer 48

1. Authentication of email, Web sites, and customers. 2. Encryption to securely store data. 3. Fraud alerts on credit reports. 4. Third party payment methods.

Question 49

Biometrics

Answer 49

Biological characteristics unique to an individual & can't be stolen. Used in high security settings (airport personnel). Difficult to fool.

Question 50

Multifactor Authentication

Answer 50

Something you know (password/pin), are (biometrics), or have (SMS or key fob).

Question 51

What happens when someone violates another country's laws?

Answer 51

They could be prosecuted in the other country. Websites that promote activity illegal in some countries may be sued.

Question 52

BC

Answer 52

Business Continuity - A plan of action to be taken before, during and after a disruption to ensure regular business. What, who, how and when of a recovery plan.

Question 53

DR

Answer 53

Disaster Recovery - a subset of BCP that involves restoring vital support systems (communications, hardware, IT assets). Minimize business downtime & focus on getting technical operations back to normal ASAP.

Question 54

What are the main components of Business Continuity?

Answer 54

Priority business processes Team contact info Staff/office requirements Continuity steps BCP documentation

Question 55

Essential Business Process

Answer 55

Primary mission statement, support other organization's EBP, must be recovered quickly, high value, high business impact, political ramifications, legal requirements.

Question 56

Computer Virus

Answer 56

Attached to an executable file & infects computers when a malicious program is ran or opened. Requires human action to spread from one computer to another via programs or files.

Question 57

Worm

Answer 57

Sub-class of a virus that can travel without human intervention using file or information transport features on a system. It copies itself en masse and sends itself anywhere it can. Causes Web servers, network servers, and computers to stop responding.

Question 58

Trojan horse

Answer 58

Not a virus but a destructive program that looks legitimate. Opens a backdoor to give malicious users and programs access and allow information theft.

Question 59

Social Engineering

Answer 59

Psychological manipulation of people to perform actions that lead to a leak of proprietary of confidential information or damages. One technique is to pretend to be a figure of authority.

Question 60

Spear Phishing

Answer 60

An email targeted at a specific individual or department.

Question 61

Botnet

Answer 61

A collection of compromised computers that can be controlled by remote perpetrators to perform attacks.

Question 62

Ransomware

Answer 62

Malware designed to deny access to a system or data until a ransom is paid. Spread via phishing or infected websites.

Question 63

Malware

Answer 63

Malicious software

Question 64

Spyware

Answer 64

Software that aims to gather information about a person or organization and send it to another entity without consent. Can record keystrokes, control webcam, etc.

Question 65

Failures due to design and development problems

Answer 65

Inadequate attention to safety risks Interaction with physical devices that do not work as expected Incompatible software/hardware or OS Not planning or designing for unexpected inputs or circumstances Confusing user interfaces Software bugs and reuse of software/code

Question 66

Failures due to management and use problems

Answer 66

Data-entry errors, inadequate training of users, errors in interpreting results or output, failure to keep information in databases up to date, overconfidence in software by users.

Question 67

Safety-critical applications to increase Reliability and Safety

Answer 67

Identify risks and protect against them Convincing case for safety Avoid complacency

Question 68

Specifications to increase Reliability and Safety

Answer 68

Learn the needs of the client Understand how the client will use the system

Question 69

Wikipedia

Answer 69

Written by volunteers and susceptible to bias. Writers are usually educated experts.

Question 70

Wisdom of the crowd

Answer 70

Rating systems are easy to manipulate. Unreliable information spreads easily, especially on the web.

Question 71

Vulnerable viewers

Answer 71

Less educated individuals & children

Question 72

Abdicating responsibility

Answer 72

People let computers do their thinking & may rely on them over human judgement.

Question 73

Evaluating models

Answer 73

Models necessarily involve assumptions and simplifications of reality. Results or predictions may not closely correspond with the real world.

Question 74

Why models may not be accurate?

Answer 74

Incomplete knowledge of the system being modeled. Incomplete or inaccurate data. Inadequate computing power. Difficult/impossible to quantify variables representing human values and choices.

Question 75

Criteria when evaluating information

Answer 75

Source/authority Purpose Currency (date) Accuracy

Question 76

Digital Divide

Answer 76

New tech only available to the wealthy, but the time it takes for it to become commonly available is decreasing. Cost & ease of use. Have vs have not or level of service?

Question 77

Digital Divide solutions

Answer 77

Entrepreneurs provide low cost options for people who cannot afford. Government funds tech in schools. Non-profits and computer companies spread access to developing countries. Requires both money and ingenuity for computers to work in extreme environments. Respecting existing culture.

Question 78

Criticisms of Computing Technologies

Answer 78

Massive unemployment and de-skilling of jobs. We use computers because we can, not because they satisfy real needs. They don't solve real problems. Social inequity and disintegration: weaken communities and isolate people. Separation from nature and destruction of the environment Benefits for big business & government Stunt child development, human values, and intellectual skills.

Question 79

Non-Luddites

Answer 79

Technology reduces the effort needed to produce goods and services. Tech means improvements in wealth and living standards.

Question 80

Luddites

Answer 80

Technology eliminates jobs and reduces the cost of production without improving our lives. Tech means massive unemployment, skewer profits, and poorer quality of life. Humans vs nature.

Question 81

Accomplishments of technology

Answer 81

Increased life expectancy, elimination or reduction of diseases, increased standard of living, assistance for the disabled.

Question 82

Singularity

Answer 82

A point at which AI or some human-machine intelligence advances so far that we cannot comprehend it. Cannot prepare for aftermath, only gradual developments. Decision making process should produce what people want.

Question 83

Definition of AI

Answer 83

Generally defined as technology that allows computers and machines to simulate human learning, comprehension, problem solving, decision making, creativity and autonomy. Also make predictions, recommendations, or decisions influencing real or virtual environments.

Question 84

Risks and threats of AI

Answer 84

1. Mass data collection can lead to misuse and/or breach of privacy 2. Biased and discriminatory decision-making 3. Job displacement 4. Too complex for us to analyze accountability and fairness. 5. Susceptible to cyberattacks that manipulate outputs. 6. Misinformation and manipulation on the public 7. Unintended negative outcomes 8. Data poisoning