- Shuffle
Toggle OnToggle Off
- Alphabetize
Toggle OnToggle Off
- Front First
Toggle OnToggle Off
- Both Sides
Toggle OnToggle Off
Front
How to study your flashcards.
Right/Left arrow keys: Navigate between flashcards.right arrow keyleft arrow key
Up/Down arrow keys: Flip the card between the front and back.down keyup key
H key: Show hint (3rd side).h key
PLAY BUTTON
PLAY BUTTON
46 Cards in this Set
- Front
- Back
|
What are the 4 responsibilities of the IT department?
|
1. PLAN for IS and IT infrastructure
2. DEVELOP and Adapt IS and IT infrastructure 3. MAINTAIN IS and operate and maintain IT infra. 4. PROTECT infrastructure and data. |
|
Agile Enterprise
|
an organization that can quickly adapt to changes in market, industry, product, law, or other factors
(Microsoft coined term) |
|
IT department is responsible for
|
-assessing new technology that can be used
-adapting infrastructure to new business goals |
|
"Tuned"
|
adjustment made to changes in the workload to maintain IS
|
|
The 3 sources from which threats to infrastructure and data arise from...
|
1. human error and mistakes
2. malicious human activity 3. natural events and disasters |
|
The title of the principle manager of the IT department is called...
|
CIO (Chief Information Officer)
|
|
Under CIO, the four main groups are...
|
-technology (CTO)
-operations -development -outsourcing relations |
|
Technology (purpose in IT department)
|
investigates new technologies and determines how they can be used.
|
|
Operations (purpose in IT department)
|
managing infrastructure. system and network administrators monitor and respond to used problems
|
|
Outsourcing Relations (IT department)
|
negotiated o.s. agreements w/ other companies to provide equipment, applications or other.
|
|
Tangible benefits (referring to deciding how much to spend on IT)
|
a dollar value can be computed
(reducing customer support costs by 10%) |
|
Intangible benefits
|
impossible to compute dollar value.
(the benefits of the email system) |
|
Human Error-
Unauthorized data disclosure |
accidental release of data. posting names and number, or releasing proprietary data to competitors.
|
|
Malicious Activity-
Unauthorized data disclosure |
includes
-pretexting -phishing -spoofing -sniffing -computer crime |
|
Pretexting
|
pretending to be someone else.
(telephone caller, credit card) |
|
Phishing
|
pretexting via Email.
pretends to be legit company requesting private information. |
|
Spoofing (IP an Email)
|
IP- when intruder uses another site's address as if it were that site.
Email- synonym for phishing |
|
Sniffing (drive-by)
|
intercepting computer communications. wired networks- physical connection. wireless networks- unprotected ones can be intercepted at will= Drive-By Sniffers.
|
|
Incorrect Data Modification-
Human Error |
human follow procedure incorrectly or procedure incorrectly designed
|
|
Incorrect Data Modification-
Malicious Activity |
person gains unauthorized access to system. obtain critical data or manipulate for financial gain. (hacking)
|
|
Usurpation
|
unauthorized programs invade a computer system and replace legit programs
|
|
Denial of Service-
Human Error |
ex- inadvertently shut down Web server by starting a computationally intensive application (OLAP)
|
|
Denial of Service (Attacks)
Malicious Activity |
hacker floods a web browser with millions of bogus request, and other requests can't go through.
|
|
Loss of Infrastructure-
Human Error |
ex- bulldozer cuts cables, floor buffer crashes into rack of web servers
|
|
What are the 3 elements of a Security Program?
|
1. Senior Management Involvement- establish policicy, then weigh cost and benefits
2. Safeguards 3. Incident Response |
|
Technical Safeguards
|
-protect Hardware and software components
--i.d. and authorization --encryption --firewalls --malware protection |
|
Malware
|
viruses, worms, Trojan horses, spyware, adware
|
|
Spyware
|
installed w/o permission. captures keystrokes to obtain personal information. also observes.
|
|
Adware
|
installed w/o permission. observes as well but usually just produces pop-ups and changes default window/ search results.
|
|
Data Safeguards
|
protects databases and other organizational data
|
|
Database Aministration
|
ensures procedure exist for multiuser processing, controls changes to structure, protects database
|
|
Key Escrow
|
data safety procedure- giving a trusted party a copy of the encryption key
|
|
Human safeguards
|
involve people and procedures
--position definition --hiring and screening --dissemination --termination |
|
Hardening (a technical safeguard)
|
taking extraordinary measures to reduce a systems vulnerability
-most important safeguard against public users |
|
3 System Procedure types
|
Normal Operation
Backup Recovery |
|
Incident Response
|
-have plan in place
-centralized reporting -specific responses -practice! |
|
IT and IS infrastructure. does these four things
|
Plan
Develop Maintain Protect |
|
Percentage of IT projects that fail..
|
50%
cost 70 billion in 2006 |
|
Business Requirements- (slide)
|
Identification
Definition Analysis Consensus |
|
Requirement Models (3)
|
Use Case model
Process model Data model |
|
Conceptual ERD (type of data model)
|
least detailed- boxes and relationships
|
|
Logical ERD (type of data model)
|
more detail. name, number, i.d. etc..
|
|
Physical ERD (type of data model)
|
most detailed. basically a picture of the database
|
|
Requirements and Planning of IS project. three that interact with one another.
|
Project Management <-->
Requirements Approach <--> Technical Architecture |
|
Project Management includes these elements (4)
|
resources,
activities and dependencies, costs, risks |
|
A few reasons for project failure include
|
-user involvement (lack of)
-executive support (lack of) - requirements process-incomplete or changing -formal methodology |
