Flashcards in IT Deck (113):
According to the COBIT model, what are the seven desirable properties of info?
Accoridng to the COBIT model, what are the 4 IT domains
Planning and organizing
Acquisition and implementation
Delivery and support
what are the 3 major components of the COBIT model
Domains and processes
According to the COBIT model, what are the five physical resources that, together, comprise an IT system?
What are enterprise resource planning systems (ERPs) ?
These systems provide transaction processing, management support, and decision-making support in a single, integrated package. By integrating all data and processes of an organization into a unified system, ERPs attempt to eliminate many of the problems faced by organizations when they attempt to consolidate information from operations in multiple departments, regions, or divisions.
Define Infrastructure as a Service (IaaS).
Use of the cloud to access virtual hardware, such as computers and storage. Examples include Amazon Web Services and Carbonite.
Define Software as a Service (SaaS).
Remote access to software. Office 365, a suite of office productivity programs, is an example of SaaS.
Define online transaction processing system (OLTP).
ERP modules that comprise the core business functions: sales, production, purchasing, payroll, financial reporting, etc. These functions collect the operational data for the organization and provide the fundamental motivation for the purchase of an ERP.
Define Platform as a Service (PaaS).
Creating cloud-based software and programs Salesforce.com's Force.com is an example of PaaS.
What 3 functions in IT should be segregated?
Systems Admin and programming
The data control clerk is responsible for
managing the flow of documents and reports in and out of the Computer Operations department.
Office automation systems include
the software tools of daily work, including word processing programs, spreadsheets, email, and electronic calendars.
What are decision support systems (DSSs)?
These systems provide information to mid- and upper-level management to assist them in managing nonroutine problems and in long-range planning. Unlike MISs, DSSs frequently include external data in addition to summarized information from the TPS and include significant analytical and statistical capabilities.
What is a data warehouse?
A database for organizational decision making. Data from the live databases are copied to the warehouse so that data can be queried without reducing the performance (i.e., speed) or stability (i.e., reliability) of the live systems.
What is the purpose of executive support systems (ESS) and strategic support systems (SSS)?
A subset of decision support systems (DSS) especially designed for forecasting and making long-range, strategic decisions. As such, they have a greater emphasis on external data. Sometimes called "DSS for dummies."
What is data mining?
Searching data in a warehouse to discover patterns and relationships in historical data.
What are operational systems?
These systems support the day-to-day activities of the business (purchasing of goods and services, manufacturing activities, sales to customers, cash collections, payroll, etc.) Also known as transaction processing systems (TPS).
What is a knowledge work system?
facilitate the work activities of professional-level employees (engineers, accountants, attorneys, etc.) by providing information relevant to their day-to-day activities (e.g., how the company has handled specific types of audit exceptions) and/or by automating some of their routine functions (e.g., computer-aided systems engineering [CASE] packages used by programmers to automated some programming functions).
Define management information systems.
Systems designed to support routine management problems based primarily on data from transaction processing systems.
Describe the concept of knowledge management (KM).
Attempts to ensure that the right information is available at the right time to the right user. A variety of practices attempt to electronically capture and disseminate information throughout the organization. Knowledge management practices seek specific outcomes, including shared intelligence, improved performance, competitive advantage, and more innovation.
Describe a flat file system.
Early information technology systems used flat file technology. Flat files are characterized by independent programs and data sets, high degrees of data redundancy, and difficulty in achieving cross functional reporting. This is bad.
Define "data mart".
A specialized version of a data warehouse that contains data that is pre-configured to meet the needs of specific departments. Companies often support multiple data marts within their organization.
Define a "bit" (binary digit).
An individual zero or one; the smallest piece of information that can be represented.
A group of (usually) eight bits that are used to represent alphabetic and numeric characters and other symbols (3, g, X, ?, etc.). Several coding systems are used to assign specific bytes to characters. ASCII and EBCIDIC are the two most commonly used coding systems. Each system defines the sequence of zeros and ones that represent each character.
A group of characters (bytes) that identify a characteristic of an entity. A data value is a specific value found in a field. Fields can consist of a single character (Y, N) but usually consist of a group of characters. Each field is defined as a specific data type. Date, Text and Number are common data types.
A group of related fields (or attributes) that describe an individual instance of an entity (a specific invoice, a particular customer, an individual product).
A collection of records for one specific entity (an Invoice File, a Customer File, a Product File). In a relational database environment, files are also known as tables.
Software that performs a variety of general technical computer-controlling operations is a(n)
Operating system. controls the execution of computer programs and may provide various services.
What are magnetic disks?
These are random access devices. Data can be stored on, and retrieved from, the disk in any order. This is the most efficient way to store and retrieve individual records. Magnetic disks are the most commonly used form of secondary storage.
What is a "central processing unit (CPU)"?
The CPU is the control center of the computer system. It has three principal components: Control Unit, Arithmetic Unit, and Logic Unit
Define "batch processing."
Periodic transaction processing method in which transactions are processed in groups.
What are point-of-sale (POS) systems?
Combine on-line, real-time processing with automated data capture technology, resulting in a system that is highly accurate, reliable, and timely.
What are "time lags" in batch processing systems?
This is an inherent part of batch processing. There is always a time delay between the time the transaction occurs, the time that the transaction is recorded, and the time that the master file is updated.
What is the Internet of Things (IoT)?
The widespread connection of electronic devices, which monitor physical processes (e.g., humans, animals, production processes), to the Internet
Describe four necessities of an IT policy.
Linked to the entity's strategy and objectives
Has an owner who ensures operation and updating
Has a specified process for updates
Includes a title, purpose, scope and context, statement of responsibilities, and time for updating
Describe a values and service culture IT policy.
Specifies expectations of IT function personnel in their interactions with clients and others.
Describe four considerations in monitoring IT policies.
-monitoring for compliance and success
-monitoring by internal auditing staff
-continuous or periodic monitoring, or both, depending on policy importance and the risks of noncompliance
-monitoring of IT help calls and operational reports to provide evidence of noncompliance.
Describe an IT Contractors, Employees, and Sourcing policy
This policy addresses why, when, and how an entity selects IT human resources from among employees or outside contractors (i.e., the IT sourcing and outsourcing policy).
Describe an IT use and connection policy.
Policy that states the entity's position on the use of personal devices and applications in the workplace and connection to the entity's systems. May also specify allowable devices and uses of these devices on the entity's systems.
A key aspect of supply chain management is
the sharing of key information from the point of sale to the consumer back to the manufacturer, the manufacturer's suppliers, and the supplier's suppliers.
Define "supply chain management (SCM)."
The process of planning, implementing, and controlling the operations of the supply chain: the process of transforming raw materials into a finished product and delivering that product to the consumer. Supply chain management incorporates all activities from the purchase and storage of raw materials, through the production process, into finished goods through to the point-of-consumption.
Define "electronic data interchange (EDI)."
The system-to-system exchange of business data (e.g., purchase orders, confirmations, invoices, etc.) in structured formats that allow direct processing of the data by the receiving system.
What are customer relationship management (CRM) systems?
Technologies that facilitate managing e-relationships with clients. Both biographic and transaction information about existing and potential customers is collected and stored in a database. The CRM provides tools to analyze the information and develop personalized marketing plans for individual customers.
what is the primary advantage of using a value-added network (VAN)?
It provides increased security for data transmissions.
Describe three considerations in adopting cloud-based storage.
The supported business processes (e.g., sales, product development)
the deployment model, i.e., public, hybrid, private
the service delivery model (i.e., SAAS, PAAS, IAAS).
Explain why it is important to have a policy that identifies who is responsible for contracting for cloud computing services.
Because of the legal, privacy, and security risks of cloud computing, contracting for cloud computing must be only with approved cloud vendors, and according to an organization's cloud computing policies. For this reason, cloud computing should have an “owner” who is responsible for all cloud computing service contracts.
Give examples of the information that an organization is likely to require from a cloud service provider (CSP).
References for the CSP, information about appropriate usage, performance data, network infrastructure, data center, security, data segregation, and compliance policies
Explain why redundancy of storage is essential in cloud computing applications.
Any CSP can be breached (hacked). Accordingly, it is usually necessary to contract with multiple CSPs to provide adequate data backup.
Identify three characteristics of the small business computing environment.
1. Exclusive use of microcomputers and laptops (e.g., there may be no servers), 2. Outsourced IT, 3.poor segregation of duties.
is an approach to online analytical processing that combines data into a subject-oriented, integrated collection of data used to support management decision-making processes.
A distributed processing environment would be most beneficial in which of the following situations?
Large volumes of data are generated at many locations and fast access is required.
what are advantages of decentralized/distributed systems?
-more responsive to the needs of the end user
-data transmission costs are greatly reduced
-input/output bottlenecks assoc with high traffic periods are largely avoided
Local Area Networks (LANs)
were so named because they were originally confined to very limited geographic areas (a floor of a building, a building, or possibly several buildings in very close proximity to each other). With the advent of relatively inexpensive fiber optic cable, local area networks can extend for many miles. For example, many urban school districts have local area networks connecting all of the schools in the district.
Wide Area Networks (WANs)
Although WANs can vary dramatically in geographic area, most are national or international in scope.
Storage Area Networks (SANs)
A type of, or variation of, LANs that connect storage devices to servers
Personal Area Networks (PANs)
Often a home network that links devices used by an individual or family to one another and to the Internet.
What is a "server"?
Computer or other device on a network which only provides resources to the network and is not available (normally) to individual users; examples include print servers, file servers, and communications servers. Contrast with a workstation.
What is a "peer-to-peer network"?
A network system in which all nodes share in communications management. No central controller (server) is required. These systems are relatively simple and inexpensive to implement; used by LANs.
What is a "client/server system"?
A central machine (the server) mediates communication on the network and grants access to network resources. Client machines use of network resources and also perform data processing functions; used by LANs.
Define "internal labels" (header and trailer labels).
Descriptive information stored at the beginning and end of a file that identifies the file, the number of records in the file, and provides data enabling detection of processing errors.
What is a "client" on a computer network?
A node, usually a microcomputer, which is used by end users; uses but usually does not supply network resources.
What is a "local area networks (LAN)" ?
Originally confined to very limited geographic areas (a floor of a building, a building, or possibly a couple of buildings in very close proximity to each other). Inexpensive fiber optic cable now enables local area networks to extend many miles.
What is a "computer network"?
Two or more computing devices connected by a communication channel on which the devices exchange data.
What is a wide area network (WAN)?
These networks vary dramatically in geographic coverage. Most WANs are national or international in scope.
What is a "node"?
A device connected to a computer network.
Extensible Markup Language (XML)
Protocol for encoding (tagging) documents for use on the Internet.
Extensible Business Reporting Language (XBRL)
XML-based protocol for encoding and tagging business information. A means to consistently and efficiently identifying the content of business and accounting information in electronic form.
Hypertext Markup Language (HTML)
Core language for web pages. The basic building-block protocol for constructing web pages.
File Transfer Protocol (FTP)
Used for file transfer applications
Intranets that are opened up to permit associates (company suppliers, customers, business partners, etc.) to access data that is relevant to them.
what is the core protocol for internet communications
a set of rules for exchanging data between two computers is a
a webpage is most frequently created using...
html or xml
The data control protocol used to control transmissions on the Internet is
Which of the following technologies is specifically designed to exchange financial information over the World Wide Web?
Extensible business reporting language (XBRL).
data control language
is composed of commands used to control a database, including controlling which users have various privileges (e.g., who is able to read from and write to various portions of the database).
Define "social engineering."
A set of techniques used by attackers to fool employees into giving them access to information resources
Secure socket layer - Asymmetric encryption common for internet consumer purchases
Secure hypertext transport protocol - Asymmetric encryption common for internet consumer purchases
Secure Electronic Transactions (protocol) - Asymmetric encryption common for internet consumer purchases
what is a message called after it has been encrypted?
what algorihm converts ciphertext to plaintext?
In a ___ cipher, the same key is used by both the sender and the receiver
In a ____cipher, a pair of keys is used
asymmetric - key
in an asymmetric-key cipher, if the sender uses the private key, then the receiver uses the ___ key
what are the two internet protocols typically used for secure internet transmission protocols
The process of coding data so that it cannot be understood without the correct decryption algorithm
Describe asymmetric encryption (also called public/private-key encryption and private-key encryption).
Uses two paired encryption algorithms to encrypt and decrypt the text: if the public key encrypts, the private key decrypts. If the private key encrypts, the public key decrypts.
The CA registers the public key on its server and sends the private key to the user. Are responsible for issuing digital certificates and public/private key pairs.
An electronic means of identifying a person or entity.
Use public/private key pair technology to provide authentication of the sender and verification of the content of the message.
The authentication process is based on the private key.
Business (or organizational) continuity management
is the process of planning for such occurrences and embedding this plan in an organization's culture. Hence, BCM is one element of organizational risk management. It consists of identifying events that may threaten an organization's ability to deliver products and services, and creating a structure that ensures smooth and continuous operations in the event the identified risks occur.
Define cold site (empty shell).
An off-site location that has all the electrical connections and other physical requirements for data processing, but does not have the actual equipment or files. Cold sites often require one to three days to be made operational. A cold site is the least expensive type of alternative processing facility available to the organization.
Define warm site.
A location to which the business can relocate after a disaster. The location is already stocked with computer hardware similar to that of the original site, but does not contain backed up copies of data and information.
Define "hot site."
An off-site location that is completely equipped to immediately take over the company's data processing. All equipment plus backup copies of essential data files and programs are also usually maintained at this location. It enables the business to relocate with minimal losses to normal operations - typically within a few hours. A hot site is one of the most expensive facilities to maintain.
Describe the "rollback and recovery" backup and recovery system methodology.
A backup and recovery system method that is common to online, real-time processing. All transactions are written to a transaction log when they are processed. Periodic "snapshots" are taken of the master file. when a problem is detected, the recovery manager program starts with the snapshot of the master file and reprocesses all transactions that have occurred since the snapshot was taken.
Define "storage area networks (SANs)."
A method of backup that can be used to replicate data from multiple sites. Data stored on a SAN is immediately available without the need to recover it. This enables highly efficient disaster recovery.
Describe the checkpoint and restart backup and recovery system methodology.
Common to batch processing, a checkpoint is a point in data processing where the accuracy of the processing can be verified. Backups are maintained during the update process so that, if a problem is detected, it is only necessary to return to the backup at the previous checkpoint instead of returning to the beginning of transaction processing.
A method of backup consisting of the maintenance of an exact copy of a data set to provide multiple sources of the same information. Mirrored sites are most frequently used in e-commerce for load balancing - distributing excess demand from the primary site to the mirrored.
Define "grandfather-father-son file security control."
A technique used to maintain redundant backup copies (three "generations") of data files; backup files are used to recover from systems failures in which data files are damaged or destroyed.
Define "remote backup service."
A service that provides users with an online system for backing up and storing computer files. Remote backup has several advantages over traditional backup methodologies: the task of creating and maintaining backup files is removed from the IT department's responsibilities; the backups are maintained off site; some services can operate continuously, backing up each transaction as it occurs.
is an attempt to gain access to a computer facility or system.
is a technique frequently used to monitor network performance and capture data. has legitimate uses to monitor network performance or troubleshoot problems with network communications. However, it is often used by hackers to capture user names and passwords, IP addresses, and other information that can help the hacker break into the network. Packet sniffing a computer network is similar to wire tapping a phone line.
What is a logic bomb attack on a system?
An unauthorized program which is planted in the system. The logic bomb lies dormant until the occurrence of a specified event or time (e.g., a specific date, the elimination of an employee from "active employee" status, etc.).
Define "denial of service attacks."
An attack that attempts to prevent legitimate users from gaining access to the system. These attacks, called denial of service attacks, are perpetrated by flooding the server with incomplete access requests.
What is a back door attack on a system?
A software program that allows an unauthorized user to gain access to the system by side-stepping the normal logon procedures;. Back doors were once commonly used by programmers to facilitate access to systems under development.
Similar to viruses except that worms attempt to replicate themselves across multiple computer systems. They generally try to accomplish this by activating the system's email client and sending multiple emails.
Define session hijacking or masquerading
This occurs when an attacker identifies an IP address (usually through packet sniffing) and then attempts to use it to access a network. If successful, the hacker has "hijacked" the session, i.e., gained access to the session by pretending to be another user.
Define "Trojan horse".
A malicious program that is hidden inside a seemingly benign file.
Define "source program library management system (SPLMS)."
Its functions include storing, retrieving, and deleting programs, and, documenting by whom, when, where, and how programs are changed. One function of the SPLMS is to manage the migration of a program from development to production
Entity-Relationship (E-R) Diagrams
Model relationships between entities and data in accounting systems.
What is operator documentation (also called a "run manual")?
In large computer systems, operator documentation provides information necessary to execute the program including the required equipment, data files and computer supplies, execution commands, error messages, verification procedures and expected output. It is used by computer operators.
Closed loop verification
Helps ensure that a valid and correct account code has been entered; after the code is entered, this system looks up and displays additional information about the selected code. For example, the operator enters a customer code, and the system displays the customer's name and address. Available only in online real-time systems.