Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
60 Cards in this Set
- Front
- Back
|
Alternatives to in-house development
|
outsourcing, licensing, using ASP (SaaS)
|
|
|
Outsourcing
|
Allows for custom apps; costly. Advantages: improved financial planning, focus on core biz., shorter implementation cycles, reduced personnel/fixed costs
Disadvantages: loss of control , risk of losing competitive advantage, COST. |
|
|
Offshoring
|
Outsourcing to anywhere outside of the country
|
|
|
business process outsourcing
|
outsourcing routine processes (payroll, etc.)
|
|
|
service-level agreement
|
list of services vendor will provide when outsourcing
|
|
|
licensing
|
low cost, available immediately; risk of a loose fit, vendor difficulty/bankruptcy
|
|
|
ASP
|
application service provider
provide SaaS--may have crappy software, downtime. |
|
|
ssp
|
storage service provider
rents storage space, may have crappy uptime |
|
|
SaaS
|
software as a service
web apps |
|
|
user development
|
nonprogrammer users write own applications
Simple and limited in scope Develop small applications for immediate needs Maintained by end users Challenges of user-developed applications • Managing reaction of IT professionals • Providing support • Compatibility • Managing access |
|
|
custom-designed software
|
"tailored" software
applications from outsourcing |
|
|
beta versions
|
prerelease versions to be tested by companies that agree to use the app w/ actual data for several months...then they report problems and propose improvements
|
|
|
steps in licensing software
|
1. identifying the problem/opportunity
2. identifying potential vendors 3. soliciting vendor information - request for information (RFI) 4. defining requirements 5. requesting vendor proposals - request for proposal (RFP) 6. reviewing proposals & screening vendors 7. visiting sites 8. selecting the vendor 9. benchmarking - comparing performance against criteria 10. negotiating the contract 11. implementation 12. support |
|
|
RFI
|
Request for Information...step in licensing software
|
|
|
RFP
|
Request for Proposal...step in licensing software
|
|
|
benchmarking
|
comparing actual performance against specific quantifiable criteria
|
|
|
ranking the importance of product purchase factors
|
quality/reliability
product performance quality of after-sale svc/support trustworthiness of vendor price/performance ratio ease of doing biz w/ vendor vendor's support of industry standards openness of future strategies and plans vendor financial stability |
|
|
Downtime
|
time when IS is not available—extremely expensive
|
|
|
Blackout
|
total loss of electricity
|
|
|
Brownout:
|
partial loss of electricity
|
|
|
UPS
|
uninterruptible power supply
|
|
|
Keystroke logging:
|
record individual keystrokes
|
|
|
Social engineering:
|
con artists pretending to be service people
|
|
|
Identity theft
|
pretending to be another person
|
|
|
Honeytoken
|
bogus record in networked database
|
|
|
Honeypot
|
server containing mirrored copy of database...
Educates security officers of vulnerable points |
|
|
virus
|
spread from computer to computer
|
|
|
worm
|
spread in network w/o human interaction
|
|
|
antivirus software
|
protects against viruses
|
|
|
trojan horse
|
virus disguised as legit software
|
|
|
logic bomb
|
causes damage at a specific time, otherwise like a trojan
|
|
|
unintentional damage
|
Human error, Lack of adherence to backup procedures, Poor training; Unauthorized downloading may cause damage
|
|
|
backup
|
duplication of data
|
|
|
RAID
|
Redundant Array of Independent Disks
a set of disks programmed to replicate stored data (a more secure way of backing up data...the way it works is the disks overlap in the data that they store, providing REDUNDANT data, so if one drive fails the data is not lost.) |
|
|
DoS
|
Denial of Service (attack)
launch large number of information requests Slows down legitimate traffic to site |
|
|
DDoS
|
Distributed denial-of-service: launch DoS attack from multiple computers
|
|
|
hijacking
|
using some or all of the resources of a computer linked to a public network without the consent of its owner...
ok, the definition she gave in class was completely wrong, but whatever. |
|
|
hot sites
|
alternative sites - act as a backup to continue operation
|
|
|
controls
|
restraints on user or system
Can secure against risks Ensure nonsensical data is not entered Can reduce damage |
|
|
Access controls
|
require authorized access
Physical locks Software locks Three Types: what you know - userid/pw what you have - require special devices what you are - physical characteristics |
|
|
biometric
|
unique physical characteristic (retina/fingerprint/etc.) that is measurable and can be used to identify a person
|
|
|
Atomic transaction
|
set of indivisible transactions
- All steps need to be executed or none of them - Ensure only full entry occurs - Control against malfunction and fraud |
|
|
audit trail
|
documented facts that help detect who recorded transactions
|
|
|
information systems auditor
|
find and investigate fraudulent cases
|
|
|
DMZ
|
demilitarized zone
firewall approach one end of a network is connected to a trusted network (e.g. corporate intranet), the other end connected to a public network (typically the internet) |
|
|
Firewall
|
Blocks access to computing resources
|
|
|
proxy server
|
: represent another server - employs firewall
|
|
|
encryption
|
the conversion of plaintext to an unreadable stream of characters, especially to prevent a party that intercepts from reading the text.
|
|
|
symmetric encryption
|
sender and recipient use same key
|
|
|
asymmetric encryption
|
public and private key used
|
|
|
TLS
|
Transport Layer Security
protocol for transactions on the web; uses a combination of public and symmetric key encryption (ex: used by email servers for authentication) |
|
|
https
|
secure version of http
|
|
|
digital signature
|
way to authenticate online messages
|
|
|
CA
|
certificate authority
trusted third party (e.g. VeriSign) |
|
|
plaintext
|
text before encryption
|
|
|
ciphertext
|
text after encryption
|
|
|
message digest
|
akin to the unique fingerprint of a file
first phase of sending an encrypted message:the encryption software uses a hashing algorithm to create this from the file you wish to transmit |
|
|
SSO
|
single sign-on
requires users to identify themselves only once before accessing several different systems, as opposed to requiring different passwords for each system |
|
|
business recovery plan
|
disaster recovery plan/etc.
detail what should be done and by whom when systems go down |
|
|
mission-critical applications
|
those applications w/o which the business cannot conduct its operations
|
