Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
115 Cards in this Set
- Front
- Back
IS Vulnerability |
More exposure than ever before Have to worry about internal and external risks |
|
Unintentional Threats |
Human Error Environmental Hazards Equipment Failures |
|
Human Error Threats |
-Design, programming, improper config (bugs and code defects) -Data Entry and Usage Errors -Lost cell phones, laziness, being tricked, careless downloading |
|
Environmental Hazards |
-Fire -Flood -Earthquakes -Radiation |
|
Equipment Failures |
-Poor Manufacturing |
|
Intentional Threats |
-Data Theft -Identify Theft -Equipment Theft -Service Theft |
|
What is the average cost of computer crime? |
Millions |
|
What are Common Methods of Technological Attack? |
-Malicious Software -Cookies -Hacking and Unauthorized Access -Denial of Service |
|
Malicious Software |
-Viruses (typically spread thru email) -Worms (can replicate independently) -Trojan Horses (disguised as something else) -Spyware (used for monitoring and advertising) -Keyloggers (record your movements) |
|
Hacking and Unauthorized Access |
-War Driving -Spoofing, phishing, pharming, evil twins -Sniffing -Cyber vandalism -Social Engineering -Employee Sabotage |
|
Is it hard to defend systems? |
YES |
|
IS Defense Strategies |
-Controls for Prevention and deterrence --properly designed controls -Detection --reduces damage -Limitation --minimize loss -Recovery --gets the system back quickly -Correction --prevents a repeat experience |
|
Technological Safeguards |
-Physical Controls -Physical Access Restrictions -Firewalls -Virus Monitoring and Prevention -Intrusion Detection Systems -Audit-Control Software -Unified Threat Management systems |
|
EX of Safeguards |
-Backups -CCTV / Monitoring -UPS -Water/Fire/Montion proofing |
|
EX Physical Access Restrictions |
-Brute force vs Authentication -Access Control Software -Virtual Private Networks (VPN) |
|
EX Firewalls |
-Barrier b/e internal and external networks -Implement in HW, SW, or both -All in/outbound messages must pass through; permit or block traffic based upon source -Can cost up to $500,000 |
|
Human Safeguards |
Pre-Hire Post Hire Termination |
|
What are the 3 components of User Interface Design?*** |
-Narrative Overview -Sample Design -Testing and Usability Assessment |
|
Narrative Overview |
So developers understand the purpose of each form / report and how it will be used |
|
Questions to be asked during the Narrative Overview? |
-Who will be using this form or report? -For which tasks? -When and Where? -On what tech platform will it be used? -Any other important environmental considerations? |
|
What is Testing and Usability assessment? |
Determine and assess specific criteria for rating user perceptions |
|
Prototyping Options |
-Storyboard (Paper Prototype) -HTML prototype -Language prototype |
|
What are the Design Guidelines for Forms and Reports?*** |
-Layout -Content Awareness -Aesthetics -User Experience -Consistency -Minimal User Effort |
|
What are the elements of a good Layout? |
-Use assigned screen/report regions for specific purposes -Balance the Layout -Make navigation as easy as possible -Must be culturally appropriate |
|
What are the elements of a good Content Awareness? |
-Make it clear where the user is in relation to the other screens/reports (use titles and menus) -Make it clear what data a field represents (phrase and position labels appropriately) -Deliver the type and amount of content the user expects -Provide info on the currency of the content |
|
What are 3 big contents of Content Awareness? |
-Meaningful Titles -Meaningful Info -The Navigation system can also provide content awareness |
|
What are the elements of good Aesthetics? |
-Includes various aspects of screen / report appearance -Use highlighting sparingly -Be careful with Color |
|
What are Good elements of Color? |
-Can be calming or attract attention -Can help direct the eye when display is complex -Emphasizes the logical organization of information -Draws attention to warnings |
|
What are Bad elements of Color? |
-Many people are colorblind -May appear differently with different resolution/screen -May cause problems when printing in black and white -Can be overdone |
|
What are the elements of a good User Experience? |
-Easy to Learn vs Easy to Use -Commonly used function should be easily accessible -Designing for frequent users vs new/occasional users |
|
What kind of technology needs Consistency? |
-Operating Systems -Systems used by an entire organization -Common websites with simliar features |
|
What is included in Consistency? |
-Navigation Controls (Icons, textual names, location) -Terminology -Color -Font -Form and Report appearance |
|
What is the rule generally associated with Minimal User Effort? |
The "Three Clicks Rule"
If it takes more than 3 clicks to get to a commonly used function, its problematic. |
|
What are some suggestions for Improving Ease of Use?
|
-Use List/combo boxes instead of text boxes -The less the user types, the better -Don't ask the user to memorize codes -Use meaningful labels -Provide onscreen instructions whenever possible |
|
What are some faux pas you need to watch out for when displaying text? |
-Case and Punctuation -Line Spacing -Justification -Hyphenation -Abbreviations and acronyms |
|
What are the key elements in designing lists and tables? |
-Use meaningful labels -Format columns, rows, and text -Format numeric, textual, and alphanumeric data |
|
What are the basic principles to keep in ming when considering Design Interaction? |
-Assume the users have not had any training, texts, or persons to help guide them -All controls should be clear and understandable and placed in intuitive locations -Limit choices (8 items, 3 clicks) -Be careful when using icons |
|
What are some examples of Interaction Devices? |
-Keyboard -Mouse -Joystick -Trackball -Touchscreen -Light Pen -Graphics Tablet -Voice Recognition |
|
What are the common Methods of Interacting with technology? |
-Command Line (keyboard shortcuts) -Menus -Forms -Object-based (icons) -Natural language (voice recognition) |
|
What are the Types of Input Validation Checks?*** |
-Completeness -Format -Range -Check Digit -Consistency -Database |
|
Completeness Check |
All required fields are entered |
|
Format Check |
Fields are formatted like the system expects |
|
Range Check |
Numbers are within an acceptable range |
|
Check Digit Check |
Checks whether numbers that have built in "self-checking digits" are valid |
|
Consistency Check |
Fields don't contradict each other |
|
Database Check |
An entered value matches a record in a database EX: password check |
|
What are different types of Interface Evaluation? |
-Heuristic -Walk Through -Interactive -Formal Usability Testing |
|
Heuristic Evaluation |
Evaluators examine the interface and judge it's compliance against Usability Principles |
|
Walk-Through Evaluation |
Like Heuristic but emphasizes the tasks. Identify the user goals and how they attempt to solve them via the interface. Then, after identifying the problems the user will have, fix them before they happen. |
|
Interactive Evaluation |
-Best used in parallel development -Asks an assessor many questions while using the system to determine what problems they are having |
|
Formal Usability Teating Evaluation |
Evaluating a product by testing it with representative users |
|
What is POT and why is it important?*** |
-People -Organizational Characteristics -Technology The ruling considerations when designing and securing a system. |
|
What is the 2nd most expensive and time-consuming phase of the SDLC? |
Implementation |
|
What is included in the Implementation Phase? |
Coding Testing Installation Documentation Training Support |
|
According to some textbooks, what do Systems Analysts do during the programming phase of the system construction?*** |
NOTHING (they wait) |
|
What does the Project Manager do during the Coding part of the Implementation process? |
-Assigning Programmers -Coordinating Activities -Managing the Schedule/Scope -Assessing and dealing with Risk |
|
What is the best (or ideal) size for a programming team?*** |
The smallest team possible More Programmers = Longer timeline |
|
According to some sources, the best programmers produce software 6 to 8 times faster than the least productive (and only cost 50 to 100% more). (T/F)*** |
True 6-8 50-100 |
|
When Coordinating Activities be sure to... |
-Hold regular meetings -Follow standards (naming, forms, programming guidelines) -Code control / change control -Coordinate traceability of the implementation requirements |
|
What is the +Pre-Development "Playground"? |
Development > Testing > Production |
|
How do you manage a Project Schedule? |
-Control scope creep -Manage schedule slippage -Create a risk assessment |
|
What are some Implementation Mistakes to Avoid? |
-Using 'Bleeding Edge' tools and techniques -Using low-cost personnel -Lack of code control -Inadequate testing |
|
What is the purpose of System Testing? |
To confirm that the system satisfies requirements. Must be planned |
|
What is the estimated cost of downtime in a large organization?*** |
$50,000 - $200,000 / hour or A programmer's annual salary |
|
Is correcting bad code relatively cheap? |
NO VERY VERY EXPENSIVE |
|
Elements of Manual Testing |
Inspections (static) Walk-throughs (dynamic) Desk Checking |
|
Elements of Automated Testing |
Syntax Checking (static) Unit Testing (dynamic) Integration Test System Test |
|
Types of System Tests |
-Unit -Integration -System -Acceptance |
|
What are Unit Tests? |
Focusses on: -Compiling to spot syntax errors -Walk-throughs to detect logic errors -Possibly a more formal code review by a team How??? -Test Ranges of values -Test random inputs/wrong data types |
|
What are Integration Tests? |
-User Interface Testing -Use-Case Testing -Interaction Testing -System Interface Testing |
|
What are System Tests? |
Involves testing the interfaces b/w programs in a system, rather than testing the interfaces b/w modules in a program Artificial / non-live data in an artificial / non-live environment (fake data in fake environment) |
|
What are Acceptance Tests? |
Alpha and Beta testing Alpha = Recovery, Security, Stress, and Performance |
|
What is STUB Testing? |
Programs that simulate the behaviors of software components (or modules) that a module undergoing tests depends on. Canned answers to calls made during a test, usually not responding to at all to anything outside what's programmed in for the test. |
|
Synonym for Instllation |
Conversion |
|
What are the 4 Installation Strategies? |
-Direct -Parallel -Single-Location -Phased |
|
Direct Installation |
"Direct Cutover" Converting by turning off the old system when the new system is turned on Risk = High Cost = Low Time= Short |
|
Parallel Installation |
Running the old system and the new one at the same time until management decides the old system can be turned off Risk = Low Cost = High Time = Long |
|
Single-Location Installation |
"Pilot Testing" Trying out an information system at one site and using the experience to decide if and how the new system should be deployed throughout the org Risk = Low Cost = Medium Time = Medium |
|
Phased Installation |
"Staged" or "Modular" Changing from the old system to the new one incrementally, starting with one or a few functional components and then gradually extending the installation to cover the whole new system Risk = Medium Cost = High Time = Long |
|
What are some important things to Consider during the Installation Process? |
-Data Conversion (Error correction and load time) -Planned system shutdown (shutting down in the middle of the workday would be bad) -Business Cycle of the Org (putting in a new system at tax time for an accounting firm is bad) |
|
Suppose you were installing a new accounting package in your small business? What conversion strategy would you use and why? |
Direct because: It is a small business so Single Location isn't an option Parallel could mess up the accounting data with double entries on accident It is a module of the system already so its already kinda Phased. Other Issues: Data Conversion = it's a small business. Money is money. Time of Day = should be after hours or on a weekend Time of year = a slow time, not right before the end of a quarter |
|
Suppose you are installing a new payroll system in a very large, multinational corporation. What conversion strategy would you use and why? |
Phased/Single Location because: Direct is too high of a risk for such a large company. Parallel is too expensive and takes too long. besides, the data conversion errors would be a nightmare Updating location by location is your best bet because then each location's specific needs can be met (currency, time, etc.) Other Issues: Data Conversion = Need to be careful of Dates and Currency Time of Day = Depends on the office but off hours are best Time of year = Depends on the location but not around holidays |
|
What is the biggest measure of success for a system? |
Will it be used? |
|
What are major factors influencing implementation success? |
-Management Support* -User Involvement* -Commitment to project -Commitment to change -Extent of project definition and planning |
|
What factors influence System Use? |
-Personal Stake of Users -System Characteristics -User Demographics -Organizational Support -Performance -Satisfaction |
|
Is what is good for the org always good for the individual? |
NO. |
|
What is the longest phase in SDLC? |
Maintenance |
|
What are the deliverables of the Maintenance phase of the SDLC? |
The development of a new version of the software plus new versions of all design documents created or modified during the maintenance effort. |
|
What is the Maintenance Process? |
1. Obtain maintenance requests 2. Transform requests into changes 3. Design changes 4. Implement changes |
|
Define Maintenance |
Changes made to a system to fix or enhance its functionality |
|
Types of System Maintenance |
Corrective Adaptive Perfective Preventive |
|
Corrective Maintenance |
Changes made to a system to repair flaws in its design coding or implementation. EX: |
|
Adaptive Maintenance |
Changes made to a system to evolve its functionality to changing business needs or techs
EX: |
|
Perfective Maintenance |
Changes made to a system to add new features or to improve performance EX: |
|
Preventive Maintenance |
Changes made to a system to avoid possible future problems EX: |
|
How much is a typical organization's IS budget going to spend on maintenance tasks?*** |
60 - 80% |
|
What factors influencing system maintainability? |
-Latent defects -Number of customers for a given system -Quality of system documentation -Maintenance personnel -Tools -Well-structured programs |
|
Poor documentation increases maintenance efforts by how much?*** |
400% |
|
High quality documentation decreases maintenance efforts by how much?*** |
80% |
|
Separate Maintenance Organization |
Advantages: Improved system and documentation quality Disadvantages: Ignorance of critical undocumented information |
|
Combined Maintenance Organization |
Advantages: Maintenance group knows all about the system Disadvantages: Less emphasis on good documentation |
|
Functional Maintenance Organization |
Advantages: Personnel have vested interest Disadvantages: Limited job mobility and human/technical resources |
|
What factors are considered to measure Maintenance Effectiveness? |
-Number of failures -Time b/w each failures -Type of failure |
|
What is Configuration Management? |
The process of ensuring that only authorized changes are made to the system |
|
UML |
|
|
Overview/Essential UCD |
High level non tech specific |
|
Detail/Essential UCD |
Detailed non tech specific |
|
Overview/Real UCD |
DOESN'T EXIST |
|
Detail/Real UCD |
In detail and tech specific |
|
Triggers: Temporal vs External |
Temporal is automatic/triggered by a date or something that involves no interaction. External requires intervention from a user. |
|
Subflows |
-Start with 'S-? number of the flow' -Always has a name -Its an 'if/then' statement |
|
Alt flows |
-Not guaranteed to happen b/c they are accidents -All it has is the # in the step where it occurs -If something goes wrong at 4, its just 4 -If 2 things go wrong at 4, its 4a and 4b -Never called |
|
Project Reflection: What worked well in the project? |
? |
|
Project Reflection: What suggestions would you give to future students to help them succeed in this project? |
?? |
|
Project Reflection: How could you apply what you learned in this project in RW projects? |
??? |