BUS340 Exam 2

Query-by-example (QBE) tool

Helps users graphically design the answer to a question against a database

cybersecurity

Involves prevention, detection, and response to cyber attacks that can have wide-ranging effects on the individual, organizations, community, and at the national level

Real-time systems

Provide real-time information in response to requests.

downtime

Refers to a period of time when a system is unavailable

Data governance

Refers to the overall management of the availability, usability, integrity, and security of company data.

Data steward

Responsible for ensuring the policies and procedures are implemented across the organization and acts as a liaison between the MIS department and the business.

Integrity constraints

Rules that help ensure the quality of data.

Malware:

Software that is intended to damage or disable computers and computer systems.

Adware

Software that, although purporting to serve some useful function and often fulfilling that function, also allows Internet advertisers to display advertisements without the consent of the computer user.

Virus

Software written with malicious intent to cause annoyance or damage. Some hackers create and leave viruses, causing massive computer damage.

Worm:

Spreads itself not only from file to file but also from computer to computer.

Relational database model

Stores data in the form of logically related, two-dimensional tables.

National Risk Management Center (NRMC)

The NRMC is a planning, analysis, and col-laboration center that works in close coordination with the private sector and other key stakeholders to identify, analyze, prioritize, and manage the most strategic risks to the nation's critical infrastructure and functions.

Data redundancy

The duplication of data, or the storage of the same data in multiple places.

Data stewardship

The management and oversight of an organization's data assets to help provide business users with high-quality data that is easily accessible in a consistent manner.

Digital trust

The measure of consumer, partner, and employee confidence in an organization's ability to protect and secure data and the privacy of individuals

Vulnerability disclosure

When and how should researchers inform the public about vulnerabilities in widely used products? What steps should be taken before any such notification?

cyberattacks

malicious attempts to access or damage a computer system Has the following attributes: -Use computers, mobile phones, gaming systems, and other devices. -Include identity theft. -Block your access or delete your personal documents and pictures. -Target children. -Cause problems with business services, transportation, and power.

Attributes

(also called columns or fields): The data elements associated with an entity. In Figure 6.8 the attributes for the entity TRACKS are TrackNumber, TrackTitle, TrackLength, and RecordingID. Attributes for the entity MUSICIANS are MusicianID, MusicianName, MusicianPhoto, and MusicianNotes.

Entity

(also referred to as a table): Stores data about a person, place, thing, transaction, or event. The entities, or tables, of interest in Figure 6.8 are TRACKS, RECORDINGS, MUSICIANS, and CATEGORIES. Notice that each entity is stored in a different two-dimensional table (with rows and columns).

Some of the serious business consequences that occur due to using low-quality data to make decisions are:

-Inability to accurately track customers. -Difficulty identifying the organization's most valuable customers. -Inability to identify selling opportunities. -Lost revenue opportunities from marketing to nonexistent customers. -The cost of sending undeliverable mail. -Difficulty tracking revenue because of inaccurate invoices. -Inability to build strong relationships with customers.

The four primary reasons for low-quality data are

1. Online customers intentionally enter inaccurate data to protect their privacy. 2. Different systems have different data entry standards and formats. 3. Data-entry personnel enter abbreviated data to save time or erroneous data by accident. 4. Third-party and external data contain inconsistencies, inaccuracies, and errors.

Identity management

A broad administrative area that deals with identifying individuals in a system (such as a country, a network, or an enterprise) and controlling their access to resources within that system by associating user rights and restrictions with the established identity.

Record

A collection of related data elements (in the MUSICIANS table, these include "3, Lady Gaga, gaga.tiff, Do not bring young kids to live shows"). Each record in an entity occupies one row in its respective table.

Drive-by hacking:

A computer attack by which an attacker accesses a wireless computer network, intercepts data, uses network services, and/or sends attack instructions without entering the office or organization that owns the network. Figure 5.8 lists the various types of hackers organizations must protect themselves from.

Bug Bounty Program (Vulnerability Rewards Programs)

A crowdsourcing initiative that rewards individuals for discovering and reporting software bugs

Primary key

A field (or group of fields) that uniquely identifies a given record in a table. In the table RECORDINGS, the primary key is the field RecordingID, which uniquely identifies each record in the table.

Data integrity

A measure of the quality of data. Data integrity issues can cause managers to consider the system reports invalid and make decisions based on other sources.

Ethical hacker:

A person who hacks into a computer system to find vulnerabilities to help a company test its security. An ethical hacker hacks without malicious or criminal intent.

Foreign key

A primary key of one table that appears as an attribute in another table and acts to provide a logical relationship between the two tables.

Spyware:

A special class of adware that collects data about the user and transmits it over the Internet without the user's knowledge or permission.

Scareware

A type of malware designed to trick victims into giving up personal information to purchase or download useless and potentially dangerous software

Relational database management system

Allows users to create, read, update, and delete data in a relational database. The relationships in the relational database model help managers extract this data. Figure 6.8 illustrates the primary concepts of the relational database model—entities, attributes, keys, and relationships.

Structured query language (SQL)

Asks users to write lines of code to answer questions against a database.

Cybersecurity and Infrastructure Security Agency (CISA)

Builds the national capacity to defend against cyberattacks and works with the federal government to provide cybersecurity tools, incident response services, and assessment capabilities to safeguard the ".gov" networks that support the essential operations of partner departments and agencies.

Infrastructure resilience:

CISA coordinates security and resilience efforts using trusted part-nerships across the private and public sectors, and delivers training, technical assistance, and assessments to federal stakeholders as well as to infrastructure owners and operators nationwide. CISA provides consolidated all-hazards risk analysis for U.S. critical infrastruc-ture through the National Risk Management Center.

Emergency communications:

CISA enhances public safety interoperable communications at all levels of government, providing training, coordination, tools, and guidance to help part-ners across the country develop their emergency communications capabilities. Working with stakeholders across the country, CISA conducts extensive, nationwide outreach to sup-port and promote the ability of emergency response providers and relevant government officials to continue to communicate in the event of natural disasters, acts of terrorism, and other human-made disasters.

CISA duties

CISA is responsible for protecting the nation's critical infrastructure from physical and cyber threats. This mission requires effective coordination and collaboration among a broad spectrum of government and private-sector organizations.

Comprehensive cyberprotection:

CISA's National Cybersecurity and Communications Inte-gration Center (NCCIC) provides 24/7 cyber situational awareness, analysis, incident response, and cyber defense capabilities to the federal government; state, local, tribal, and territorial governments; the private sector; and international partners.

Database management system (DBMS)

Creates, reads, updates, and deletes data in a data-base while controlling access and security.

Physical view of data

Deals with the physical storage of data on a storage device.

Business rule

Defines how a company performs certain aspects of its business and typically results in either a yes/no or true/false answer

Analytical data

Encompasses all organizational data, and its primary purpose is to support the performing of managerial analysis tasks.

Hackers:

Experts in technology who use their knowledge to break into computers and com-puter networks, either for profit or simply for the challenge.

Logical view of data

Focuses on how individual users logically access data to meet their own particular business needs

cybersecurity incident response

How much time and energy should be spent investigating a breach? What is an appropriate level of incident detail to share with customers and other stakeholders? How thick is the line between satisfying organizational obligations and finding the complete truth behind an incident?

Research

How should researchers balance the use of potentially aggressive penetration testing techniques against the legal rights of the owners of systems they are researching? Does that balance change in cases in which those system owners are not implementing reasonably strong security methods?

Data validation

Includes the tests and evaluations used to determine compliance with data governance polices to ensure correctness of data.

Database

Maintains data about various types of objects (inventory), events (transactions), people (employees), and places (warehouses)

Botnets:

Malware that causes a collection of connected devices to be controlled by a hacker. Botnets perform distributed denial-of-service attacks, steal data, send spam, and allow the hacker to access devices without the owner's knowledge. Figure 5.9 shows how a virus is spread.

Real-time data

Means immediate, up-to-date data

Data gap analysis

Occurs when a company examines its data to determine if it can meet business expectations, while identifying possible data gaps or where data might be missing.

data inconsistency

Occurs when the same data element has different values. Take, for example, the amount of work that needs to occur to update a customer who had changed her last name due to marriage. Changing this data in only a few organizational systems will lead to data inconsistencies, causing customer 123456 to be associated with two last names.

Master data management (MDM)

The practice of gathering data and ensuring that it is uniform, accurate, consistent, and complete, including such entities as customers, suppliers, products, sales, employees, and other critical entities that are commonly integrated across organizational systems. MDM is commonly included in data governance.

Ethics

The principles and standards that guide our behavior toward other people. usually arise, in this area, not as simple, clear-cut situations but as clashes among competing goals, responsibilities, and loyalties.

Data latency

The time it takes for data to be stored or retrieved. is the time duration to make data ready for analysis (i.e., the time for extract-ing, transforming, and cleansing the data) and loading the data into the database. All this can take time depending on the state of the operational data to begin with.

Sale restrictions

What (if any) is the responsibility of cybersecurity professionals to try to prevent the sale of products they have developed to autocratic governments that would use them to harm their citizens?

Role of CSO:

What kinds of personal risk should a chief security officer or manager level security office accept on behalf of an organization? It is not uncommon for CSOs to be fired or forced out when a cybersecurity breech occurs; should organizations offer CSO's employment agreements that include provisions for relief from personal legal liability or other protections? How should organizational deficiencies (underinvestment, bad practices, ect.) factor into this analysis

Encryption

What should companies do in response to legal law enforcement requests for encrypted data? Should known vulnerabilities in systems be used to comply with requests that would otherwise be impossible? Should law enforcement agencies use such vulnerabilities themselves if they suspect a formal legal request will not bear fruit?

Information Security

a broad term encompassing the protection of information from accidental or intentional misuse by persons inside or outside an organization primary tool an organization can use to combat the threats associated with downtime

Ransomware

a form of malicious software that infects your computer and asks for money other names: cryptovirus, cryptorojan, cryptoworm

Data granularity

refers to the extent of detail within the data (fine and detailed or coarse and abstract)

biggest pitfall associated with real time data

continual change

Transactional data

encompassed all of the data contained within a single business process or unit of work, and its primary purpose is to support daily operational tasks

Automated security tools

is it ethical to release into the wild tools that can automate attacks on a broad array of systems?

Data mining

is the process of analyzing data to extract information not offered by the raw data alone. Data mining can also begin at a summary information level (coarse granularity) and progress through increasing levels of detail (drilling down) or the reverse (drilling up). Companies use data mining techniques to compile a complete picture of their operations, all within a single view, allowing them to identify trends and improve forecasts. The three elements of data mining include: 1. Data: Foundation for data-directed decision making. 2. Discovery: Process of identifying new patterns, trends, and insights. 3. Deployment: Process of implementing discoveries to drive success. uncovers patterns and trends for business analysis such as: ■ Analyzing customer buying patterns to predict future marketing and promotion campaigns. ■ Building budgets and other financial information. ■ Detecting fraud by identifying deceptive spending patterns. ■ Finding the best customers who spend the most money. ■ Keeping customers from leaving or migrating to competitors. ■ Promoting and hiring employees to ensure success for both the company and the individual.

Data profiling

is the process of collecting statistics and information about data in an existing source

Analysis latency

is the time from which data are made available to the time when analysis is complete. Its length depends on the time it takes a business to do analysis. Usually, we think of this as the time it takes a human to do the analysis, but this can be decreased by the use of automated analytics that have thresholds. When the thresholds are exceeded, alerts or alarms can be issued to appropriate personnel, or they can cause exception processes to be initiated with no human intervention needed.

Decision latency

is the time it takes a human to comprehend the analytic result and determine an appropriate action. This form of latency is very difficult to reduce. The ability to remove the decision-making process from the human and automate it will greatly reduce the overall decision latency. Many forward-thinking companies are doing just that. For example, rather than send a high-value customer a letter informing them of a bounced check (which takes days to get to the customer), an automated system can simply send an immediate email or voice message informing the customer of the problem.

Child Online Protection Act (COPA)

passed to protect minors from accessing inappropriate material on the internet

Ediscovery (electronic discovery)

refers to the ability of a company to identify, search, gather, seize, or export digital information in responding to a litigation, audit, investigation, or information inquiry As the importance of E-discovery grows, so do information governance and information compliance

Rule 41

the part of the United States Federal Rules of Criminal Procedure that covers the search and seizure of physical and digital evidence proposed amendment that allows a federal magistrate judge to issue a warrent that allows an investigator to gain remote access to a Digital device suspected in a crime, even if the device is located outside of the geographic jurisdiction of the judge issuing the warrant. (goal was to prevent criminals from hiding the location of a computing device with anonymization technology in order to make detection and prosecution more difficult

Data Scraping (web scraping)

the process of extracting large amounts of data from a website and saving it to a spreadsheet or computer Ethical issue arises from using data scraping without the individuals (whos data is being copied) knowledge

Two primary types of data are

transactional and analytical