Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
55 Cards in this Set
- Front
- Back
|
Database Management System
define example functions info is ____-dimension |
DBMS: software that creates and manipulates data by which users and application programs interact with a database – example: project management through Microsoft Access
• Functions 1. Manage stored data 2. Transform data into information 3. Provide security 4. Allow multiuser access 5. Programming and query language ability 6. data dictionary info is 2-dimensional EX: sales by location |
|
|
Data Dictionary
define & describe |
Data dictionary – a file that stores definitions of information types
identifies the primary and foreign keys and maintains the relationship among tables -Contains metadata (data about data) -DBMS controls data about the characteristics of databases -Storage area for the structure of a relational database -Info found here: 1)Definitions of the columns – make up each table 2)Integrity constraints placed on relations 3)Security info (users have the right to perform which operation of which table) |
|
|
Data Warehouse
define describe info located here fundamentals two philosophies info is ____-dimensional |
A data warehouse is a logical collection of information, gathered from many different operational databases, that supports business analysis activities and decision making tasks – extended form of DBMS;
DW is not a location for all a business’s information, but rather a location for information that is interesting, or information that will assist decision makers in making strategic decisions relative to the organization’s overall mission fundamentals 1. Data is historic/archival in nature – change is minimized 2. Gathered from many different operational databases 3. Data is integrated from varied sources 4. Supporting business analysis activities and decision-making tasks philosophies 1. Top down – build overall data warehouse and extract data marts for local purposes 2. Bottom up – build smaller data marts then interconnect them info is multi-dimensional 1. EX: sales by location by month 2. Cube representation - multidimensional information 3. Data-mining |
|
|
Data Mining
|
the process of analyzing data to extract info not offered by the raw data alone
|
|
|
Cube & Multidimensional Info
Benefits of MD info Symbolism -layers -rows -columns |
MD info
-contains many rows and columns -users can analyze info in a number of different ways and with any number of different dimensions layers = store information rows = product info columns = promotion info |
|
|
The basis of organizations' decision to buld data warehouses
|
Organizations decide to build data warehouses normally when
-they have grown to the point where they are no longer able to answer the business questions that they are interested in. -This usually happens because both the data volume and question complexity have grown beyond what the current systems can handle. -At that point the business becomes limited by the information that users can reasonably extract from the data system. -That being said, most decisions to build data warehouses are driven by non-human resources needs. |
|
|
Organizations responsible for the increase in data warehouse creation
|
-Over the past decade,
back office (supply chain) and front office (sales and marketing) organizations have led the creation of large corporate data warehouses. |
|
|
Technical Comparison - DW to DBMS
|
Technically, the DW is like an extended DBMS
|
|
|
How does data get from individual transaction DBMS to the data warehouse?
|
Extraction, transformation and loading (ETL)
ETL populates the data warehouse |
|
|
Major Differences between DBMS & Data Warehouse
|
-Features: plethora of data, accessibility, providing dynamic access, etc.
-The way data is placed in data warehouses – more summarized, referenced, de-normalized representation -DBMS 2-D vs. DW multi-D -DW is a step further, has the ability to provide multidimensional analysis that allows users to gain insights into their information |
|
|
Information Scrubbing
define results |
a process that weeds out and fixes or discards inconsistent, incorrect, or incomplete info
increases the quality of organizational info and thus the effectiveness of decision-making strategy to keep info clean |
|
|
Information Security
define |
a broad term encompassing the protection of information from accidental or intentional misuse by persons inside or outside an organization
|
|
|
Biggest issue surounding information security is ______
|
The biggest issue surrounding information security is not technical, but is a people issue.
|
|
|
Insiders
define cause example |
insiders - legitimate users who purposely or accidentally misuse their access to the environment and cause some kind of business-affecting incident
cause -results from people misusing an organization either advertently or inadvertently example: someone might freely give up their password or write them on sticky notes for anyone to see |
|
|
Social Engineering
|
when someone uses their social skills to trick people into revealing access credentials or other information valuable to the attacker
|
|
|
Information Security Plan
|
after an organization has armed its people with a detailed information security plan, it can focus their efforts on deploying the right types of information security technologies
|
|
|
Authentication and Authorization
-User ID & Password |
-Most ineffective way
-PW are nto secure; all it takes is time to crack a password -easily uncovered by a social engineer -sometimes cause identity theft |
|
|
Phishing
|
a technique to gain personal info for the purpose of identity theft, usually by means of fradulent email
|
|
|
Authentication and Authorization
-Smart Card -Tokens |
More effective than user ID & password
smart card: device that is around the same size as a credit card that contains embedded technologies that can store info and small amounts of software to perform some limited processing tokens: small electronic devices that change user passwords automatically; the user enters his/her ID & token displays the password to gain access to the network |
|
|
Authentication and Authorization
Something that is part of the User |
Most effective
Can be costly & intrusive Biometrics: the identification of a user based on a physical characteristic such as a fingerprint, iris, face, voice, or handwriting |
|
|
Prevention and Resistance
purpose |
-Stops intruders from accessing intellectual capital
|
|
|
Security threats to E-business
7 key terms |
1)Hackers
2)Viruses 3)Sniffer 4)Packet Tampering 5)Spyware 6)Spoofing 7)Logic Bomb |
|
|
Hackers
|
People very knowledgeable about computers who use their knowledge to invade other people's computers
|
|
|
Viruses
|
Software written with malicious intent to cause annoyance or damage
|
|
|
Sniffers
|
A program or device that can monitor data traveling over a network.
Sniffers can show all the data being transmitted over a network, including passwords and sensitive info. Sniffers are a hacker's favorite tool. |
|
|
Packet Tampering
|
Consists of altering the contents of packets as they travel over the internet of altering data on computer disks after penetrating a network
example: an attacker could tap onto a network line to intercept the packets and as they leave the computer he can eavesdrop or alter the info as it leaves the network |
|
|
Spyware
|
software that comes from hidden in free downloadable software and tracks online movements, mines the information stored on a computer, or uses a computer’s CPU and storage for some task the user knows nothing about; causes extremely slow performance, excessive pop-ups, or hijacked homepages
|
|
|
Spoofing
|
the forging of the return address on an email so that the email message appears to come from someone other than the actual sender
not a virus but rather a way by which virus authors conceal their identities as they send out viruses |
|
|
Logic Bomb
|
also called slag code
; programming code, inserted inadvertently or advertently that is designed to “explode” under circumstances such as being idle or the failure of a user to respond to a command delayed-action computer virus might be designed to display or print a false message, delete or corrupt data, etc. |
|
|
Prevention and Resistance software
3 key terms |
1)Content Filtering
2)Encryption 3)Firewalls |
|
|
Content Filtering
|
occurs when organizations use software that filters content to prevent the transmission of authorized information
is used in filtering for spam (form of unsolicited email) |
|
|
Encryption
define PKE - usage |
Encryption scrambles information into an alternative form that requires a key or password to decrypt the info
-if there is a security breach and the info is encrypted, the stealer will not be able to read the info PKE: Public Key Encryption - an encryption system that uses two keys -a public key that everyone can have and a private key for the recipient -the use of multiple keys provides the organization to distribute the public key to all of its customers, hence "public" -the customers use the public key to encrypt their information and send it along the internet -when it arrives at its destination, the organization woudl use the private key to unscramble the encrypted info |
|
|
Firewall
|
guards a private network by analyzing the info leaving and entering the network
one of the most common defenses detects computers communicating with the Internet who do not have approval |
|
|
Detection and Response
|
if the prevention and resistance strategies fail, and there is a security breach, an organization must use detection and response technologies to mitigate the damage
most common - antivirus software used to catch hackers and alleviate damage |
|
|
Biometrics
uses |
Banks at ATMS
Schools replacing ID cards with fingerpring biometric system - replaces library & meal cards using biometrics with passports - biometric test to enter the country |
|
|
Biometrics
difficulties |
Limited amount
-a person's biometric samples are limited, and if they are compromised it is impossible to replace the old ones -concern with secondary use of biometric data -ex: burnt hand, finger & handprints cannot be re-imprinted on the skin Danger -if someone is trying to gain access to secure properties, they might stalk and assault the property owner to gain access -damage could be irreversible & potentially cost more than the secured property Intrusive -many people feel uncomfortable participing in biometric authorizatio, such as iris scans Accuracy -fingerprinting is less expensive and costly, however is not 100 percent accurate Personal Info -concerns with personal information not being guarded enough, and misused, tampered with, or sold -criminals could potentially steal, rearrange, or copy someon's biometric data & then used in unauthorized ways |
|
|
Major Ethics Policies
3 organizations should have |
1)Ethical computer use policy
2)Information privacy policy 3)Acceptable use policy |
|
|
Ethical Computer Use Policy
define example principles |
ECUP contains general principles to guide computer use behavior
it is the starting point for any other policies that the organization might establish example: ECUP might explicitly state that users shohuld refrain from playing computer games during work hours principles: -ensures that the users know how to behave at work & provides discipline -if seeking appropriate computer use, informed consent is necessary -users should be informed of the rules and, by agreeing to use the system on that basis, consent to abide by the rules |
|
|
Information Privacy Policy
define & outline example |
IPP contains general principles regarding information privacy
a large majority of cases, the unethical use of information happens unintentionally it is then used "unintentionally" for new purposes example: Social Security Number - started out as a way to identify retirement benefits and is now used as a sort of universal personal ID |
|
|
Acceptable Use Policy
define outline |
AUP: a policy that a user must agree to follow in order to be provided access to a network or the internet
Nonrepudiation - a contractual stipulation to ensure that e-business participants do not deny (or repudiate) their online actions employees or students might have to sign an AUP before being granted a network ID |
|
|
Email Privacy Policy
|
details the extend to which email messages may be read by others
email - pervasive One main problem - users expect privacy *organizations that own email systems can operate the system as openly or privately as they wish* -it is up to them to decide how much of your email they will read -users must consent to this level of intrusion |
|
|
Internet Use Policy
unique aspects |
contains general principles to guide the proper use of the internet
unique aspects -large amounts of computing resources that internet users can expend, making it essential such use be legitimate -contains numerous materials that some might feel as offensive |
|
|
Anti-spam policy
|
states that email users will not send unsolicited emails
difficult to know what is spam -end users have to be involved in deciding what spam is; what is unwanted can very widely not just spread from one company to the next, but from one person to the next |
|
|
Information technology monitoring
|
tracks people's activities by such measures as number of keystrokes, error rate, and number of transactions processed
|
|
|
Reasons for employee monitoring
|
-Many employees use the internet to shop, browse & surf the web
-Most managers do not want their employees conducting personal business during working hours -Many organizations have increasingly monitored internet usage & even allows the boss to read employees’ email -If the organization doesn’t trust its employees, it should treat them accordingly |
|
|
Reasons against employee monitoring
|
-organizations that monitor their employees unwittingly undermind their relationships with them
-if an organization does not trust its employees, it should treat them accordingly -most management experts advocate that organizations whose corporate cultures are based on trust are more successful than those whose corporate cultures are based on distrust |
|
|
Appropriate situations for employee monitoring
|
-many times decided by legal precedents that are already holding businesses financially responsible for their employees' actions
-sometimes not a choice, but its risk-management obligation |
|
|
Inappropriate situations for employee monitoring
|
When it causes negative effects on their employees
-Employee absenteeism: employees are missing full days off work to take care of personal business instead of a few minutes or a few hours at work -Lowers job satisfaction - people start to believe that quantity is more important than quality -"Psycholoical reactance," or the ability to rebel against constraints |
|
|
Internet Use Policy
unique aspects |
contains general principles to guide the proper use of the internet
unique aspects -large amounts of computing resources that internet users can expend, making it essential such use be legitimate -contains numerous materials that some might feel as offensive |
|
|
Anti-spam policy
|
states that email users will not send unsolicited emails
difficult to know what is spam -end users have to be involved in deciding what spam is; what is unwanted can very widely not just spread from one company to the next, but from one person to the next |
|
|
Information technology monitoring
|
tracks people's activities by such measures as number of keystrokes, error rate, and number of transactions processed
|
|
|
Reasons for employee monitoring
|
-Many employees use the internet to shop, browse & surf the web
-Most managers do not want their employees conducting personal business during working hours -Many organizations have increasingly monitored internet usage & even allows the boss to read employees’ email -If the organization doesn’t trust its employees, it should treat them accordingly |
|
|
Reasons against employee monitoring
|
-organizations that monitor their employees unwittingly undermind their relationships with them
-if an organization does not trust its employees, it should treat them accordingly -most management experts advocate that organizations whose corporate cultures are based on trust are more successful than those whose corporate cultures are based on distrust |
|
|
Appropriate situations for employee monitoring
|
-many times decided by legal precedents that are already holding businesses financially responsible for their employees' actions
-sometimes not a choice, but its risk-management obligation |
|
|
Inappropriate situations for employee monitoring
|
When it causes negative effects on their employees
-Employee absenteeism: employees are missing full days off work to take care of personal business instead of a few minutes or a few hours at work -Lowers job satisfaction - people start to believe that quantity is more important than quality -"Psycholoical reactance," or the ability to rebel against constraints |
