Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
40 Cards in this Set
- Front
- Back
|
Data
|
facts collected, recorded, stored, and processed by an information system
|
|
|
Information
|
data that has been organized and processed to provide meaning to a user
|
|
|
information overload
|
when limits to the amt of info the human mind can absorb and process are passed
|
|
|
6 components of an AIS
|
1. people
2. procedures and instructions 3. data 4. software 5. information technology infrastructure 6. internal controls/security measures |
|
|
value chain: primary activities
|
1. inbound logistics
2. operations 3. outbound logistics 4. marketing and sales 5. service |
|
|
value chain: support activities
|
1. firm infrastructure
2. human resources 3. technology 4. purchasing |
|
|
supply chain
|
value chain is a part of this. raw materials > manufacturer > distributor > retailer > consumer
|
|
|
product differentiation strategy
|
adding features or services not provided by competitors to a product so you can charge customers a premium price
|
|
|
low-cost strategy
|
striving to be the most efficient producer of a product or service
|
|
|
relational data model
|
everything in the database is represented as being stored in the form of tables called relations
|
|
|
organizing data: logical view
|
how the user or programmer conceptually organizes and understands the data
|
|
|
organizing data: physical view
|
how and where the data are physically arranged and stored in the computer system
|
|
|
data definition language
|
used to build the data dictionary, internalize/create the database, describe the logical views for each user/programmer, and specify any limitations or constraints on security
|
|
|
data manipulation language
|
used for data maintenance, which includes operations such as updating, inserting, and deleting portions of the database
|
|
|
data query language
|
used to interrogate the database; retrieves, sorts, orders, and presents subsets of the database in response to user queries
|
|
|
fraud
|
gaining an unfair advantage over another person, legally must be a false statement, representation, or disclosure of a material fact, also intent to deceive, a justifiable reliance, and an injury or loss suffered
|
|
|
bit switching (data diddling)
|
changing data before, during, or after they are entered into the system
|
|
|
denial-of-service attacks
|
sending email bombs (hundreds of messages per second) from randomly generated false addresses to overload recipient's ISP causing it to shut down
|
|
|
spoofing
|
making an email message look as if someone else sent it, usually from someone the recipient trusts
|
|
|
hijacking
|
gaining control of someone else's computer to carry out illicit activities without the owner's knowledge
|
|
|
identity theft
|
assuming someone's identity, usually for economic gain, by illegally obtaining confidential information such as a SSN
|
|
|
logic time bombs
|
software that sits idle until a specified circumstance or time triggers it, destroying programs, data, or both
|
|
|
packet sniffing
|
using a computer to find confidential information as it travels the Internet and other networks
|
|
|
password cracking
|
penetrating system defenses, stealing valid passwords, and decrypting them so they can be used to access system programs, files, and data
|
|
|
phishing
|
sending emails requesting recipients to visit a Web page and verify data or fill in missing data, usually sites/emails will look legitimate
|
|
|
round-down technique
|
truncating interest calculations at two decimal places. the truncated fraction of a cent is placed in an account controlled by the perpetrator
|
|
|
spyware
|
using software to monitor computing habits and send that data to someone else, often without the computer user's permission
|
|
|
keystroke loggers
|
spyware that is used to record a user's keystrokes
|
|
|
trap doors
|
entering a system using a back door that bypasses normal system controls
|
|
|
Trojan horse
|
set of malicious and unauthorized computer instructions/code in an authorized and properly functioning program
|
|
|
CObIT
|
control objectives for information and related technology
|
|
|
4 domains/phases of CObIT
|
1. plan and organize (PO)
2. acquire and implement (AI) 3. deliver and support (DS) 4. monitor and evaluate (ME) |
|
|
preventive controls
|
objective is to prevent security incidents from happening in the first place: authentication, authorization, training, access controls, encryption, etc
|
|
|
detective controls
|
enhance security by monitoring the effectiveness of preventive controls and detecting incidents in which preventive controls could have been successfully circumvented
|
|
|
corrective controls
|
procedures to react to incidents and to take corrective action on a timely basis
|
|
|
authentication
|
focuses on verifying the identity of the person or device attempting to access the system-ensures only legit users can access
|
|
|
authorization
|
restricts access of authenticated users to specific portions of the system and specifies what actions they are permitted to perform
|
|
|
confidentiality vs privacy
|
privacy focuses on protecting personal information about customers, confidentiality protects organizational data
|
|
|
processing controls examples
|
ensure data is processed correctly: data matching, file labels, recalculation of batch totals, cross-footing, zero-balance tests
|
|
|
Gartner 5 eras of IT business value add
|
1. automation (inside-out)
2. augmentation (inside-out) 3. e-commerce/web 1.0 (inside-out) 4. externalizing the enterprise (outside-in) 5. business patterns (outside-in) |
