• Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off

Card Range To Study



Play button


Play button




Click to flip

Use LEFT and RIGHT arrow keys to navigate between flashcards;

Use UP and DOWN arrow keys to flip the card;

H to show hint;

A reads text to speech;

40 Cards in this Set

  • Front
  • Back
facts collected, recorded, stored, and processed by an information system
data that has been organized and processed to provide meaning to a user
information overload
when limits to the amt of info the human mind can absorb and process are passed
6 components of an AIS
1. people
2. procedures and instructions
3. data
4. software
5. information technology infrastructure
6. internal controls/security measures
value chain: primary activities
1. inbound logistics
2. operations
3. outbound logistics
4. marketing and sales
5. service
value chain: support activities
1. firm infrastructure
2. human resources
3. technology
4. purchasing
supply chain
value chain is a part of this. raw materials > manufacturer > distributor > retailer > consumer
product differentiation strategy
adding features or services not provided by competitors to a product so you can charge customers a premium price
low-cost strategy
striving to be the most efficient producer of a product or service
relational data model
everything in the database is represented as being stored in the form of tables called relations
organizing data: logical view
how the user or programmer conceptually organizes and understands the data
organizing data: physical view
how and where the data are physically arranged and stored in the computer system
data definition language
used to build the data dictionary, internalize/create the database, describe the logical views for each user/programmer, and specify any limitations or constraints on security
data manipulation language
used for data maintenance, which includes operations such as updating, inserting, and deleting portions of the database
data query language
used to interrogate the database; retrieves, sorts, orders, and presents subsets of the database in response to user queries
gaining an unfair advantage over another person, legally must be a false statement, representation, or disclosure of a material fact, also intent to deceive, a justifiable reliance, and an injury or loss suffered
bit switching (data diddling)
changing data before, during, or after they are entered into the system
denial-of-service attacks
sending email bombs (hundreds of messages per second) from randomly generated false addresses to overload recipient's ISP causing it to shut down
making an email message look as if someone else sent it, usually from someone the recipient trusts
gaining control of someone else's computer to carry out illicit activities without the owner's knowledge
identity theft
assuming someone's identity, usually for economic gain, by illegally obtaining confidential information such as a SSN
logic time bombs
software that sits idle until a specified circumstance or time triggers it, destroying programs, data, or both
packet sniffing
using a computer to find confidential information as it travels the Internet and other networks
password cracking
penetrating system defenses, stealing valid passwords, and decrypting them so they can be used to access system programs, files, and data
sending emails requesting recipients to visit a Web page and verify data or fill in missing data, usually sites/emails will look legitimate
round-down technique
truncating interest calculations at two decimal places. the truncated fraction of a cent is placed in an account controlled by the perpetrator
using software to monitor computing habits and send that data to someone else, often without the computer user's permission
keystroke loggers
spyware that is used to record a user's keystrokes
trap doors
entering a system using a back door that bypasses normal system controls
Trojan horse
set of malicious and unauthorized computer instructions/code in an authorized and properly functioning program
control objectives for information and related technology
4 domains/phases of CObIT
1. plan and organize (PO)
2. acquire and implement (AI)
3. deliver and support (DS)
4. monitor and evaluate (ME)
preventive controls
objective is to prevent security incidents from happening in the first place: authentication, authorization, training, access controls, encryption, etc
detective controls
enhance security by monitoring the effectiveness of preventive controls and detecting incidents in which preventive controls could have been successfully circumvented
corrective controls
procedures to react to incidents and to take corrective action on a timely basis
focuses on verifying the identity of the person or device attempting to access the system-ensures only legit users can access
restricts access of authenticated users to specific portions of the system and specifies what actions they are permitted to perform
confidentiality vs privacy
privacy focuses on protecting personal information about customers, confidentiality protects organizational data
processing controls examples
ensure data is processed correctly: data matching, file labels, recalculation of batch totals, cross-footing, zero-balance tests
Gartner 5 eras of IT business value add
1. automation (inside-out)
2. augmentation (inside-out)
3. e-commerce/web 1.0 (inside-out)
4. externalizing the enterprise (outside-in)
5. business patterns (outside-in)