IST 205 Exam 2
According to our Information Systems For Business and Beyond reading, the CIA Triad consists of the following information security concerns or objectives:
confidentiality, integrity, availability
According to our Module 8 reading, the product stream is best defined as:
Goods moving from sources through manufacturing processes and ultimately on to a customer, to include services such as customer returns
According to our reading, Globalization and the Digital Divide , the phrase "the integration of goods, services, and culture among the nations of the world" best describes what term?
Globalization
What is an important form of intellectual property protection that creates protection for someone who invents a new product or process?
Patent
According to our reading Information Systems for Business and Beyond privacy is defined as:
The ability to control information about oneself.
A parallel operation implementation methodology is best described as:
With this operation, the old and new systems are used simultaneously for a limited period of time. This method is the least risky because the old system is still being used while the new system is essentially being tested. However, this is by far the most expensive methodology since work is duplicated and support is needed for both systems in full.
According to the article, To Guard Against Cybercrime, Follow the Money, a spear phishing email is best defined as:
email that is targeted at a specific individual or organization of which the attacker has cultivated deep knowledge
Which of the following best describes the term supply chain?
A supply chain is a network of organizations and facilities that transforms raw materials into products delivered to customers.
According to our Information Systems For Business and Beyond reading, ____________________ are used to ensure that the person accessing the information is, indeed, who they present themselves to be.
Authentication tools
According to our Information Systems: A Manager's Guide to Harnessing Technology reading, social engineering (which is a technique hackers use to compromise networks and information systems) is defined as:______________________
Con games that trick employees into revealing information or performing other tasks that compromise a firm
According to our Information Systems: A Manager's Guide to Harnessing Technology reading, one of the most important steps a business must do to improve information security is:________________
Education (security education and training awareness)
___________________ is defined as "a set of moral principles" or "the principles of conduct governing an individual or a group."
Ethics
The ___________ is a US law that protects the privacy of student education records. In brief, this law specifies that parents have a right to their child's educational information until the child reaches either the age of eighteen or begins attending school beyond the high school level.
FERPA
According to our reading, The Untold Story of NotPetya, the Most Devastating Cyberattack in History, some of the companies who were hardest hit by the NotPetya worm included:____________________
Maersk, FedEx, Merck
According to our Information Systems: A Manager's Guide to Harnessing Technology reading, motivations for cyber attacks, data breaches, hacks into business computers/networks include the following:
stealing personal or financial data, extortion, espionage
According to our reading Information Systems for Business and Beyond one major advantage of creating a code of ethics is:
that it clarifies the acceptable standards of behavior for a professional group.
According to our reading, Globalization and the Digital Divide, the ACM Code of Ethics and Professional Conduct focusing on issues involving the Digital Divide, this Code of Ethics positions the use of computers as a fundamental ethical consideration: "In a fair society, all individuals would have equal opportunity to participate in, or benefit from, the use of computer resources regardless of race, sex, religion, age, disability, national origin, or other similar factors." . This code of ethics is addressing the concept of:___________?
the digital divide
A supplier relationship management system:
is a business process for managing all contacts between an organization and its suppliers. It can also be defined as the discipline of strategically planning for, and managing, all interactions with third party organizations that supply goods and/or services to an organization in order to maximize the value of those interactions.
According to our Information Systems For Business and Beyond reading, good personal security measures include the following:
keep software up-to-date/patched, use antivirus software, and backup your data
According to our reading, Sizing Up Your Cybersecurity Risks, it states: "Understanding what an adversary needs to pull off a cyberattack is vital to building your defenses. Your cybersecurity group and the operational staff involved in the critical activities can identify the specific requirements, but most fall into one of these three types:" What are these three types of attack requirements that an adversary must have?
knowledge, tools & equipment, position
According to our Module 8 reading, physical distribution involves:
moving products (or services) through the supply chain, ultimately reaching customers. The specific routing is referred to as a channel in marketing and can include a variety of transpor- tation media to move goods.
One project management concept involved with the development of information systems involves the Quality Triangle ---a tension between the priorities of information systems developers and management. The Quality Triangle is best described as:
For any product or service being developed, you can only address two of the following: time, cost, and quality.
The ___________ is the law the specifically singles out records related to health care as a special class of personally identifiable information. This law gives patients specific rights to control their medical records, requires health care providers and others who maintain this information to get specific permission in order to share it, and imposes penalties on the institutions that breach this trust. Since much of this information is now shared via electronic medical records, the protection of those systems becomes paramount.
HIPAA
According to our Risk Management Intro reading risk is best defined as:_______________
the potential harm that may arise from some current process or from some future event.
Which of the following best describes a phased implementation method?
In this implementation, different functions of the new application areused as functions from the old system are turned off. This approach allows an organization to slowly move from one system to another.
Within the Systems Development Life Cycle, the third stage is Systems Design, which is best defined as:
In this phase, a designer takes the system-requirements document created in the previous phase and develops the specific technical details required for the system. It is in this phase that the business requirements are translated into specific technical requirements. The design for the user interface, database, data inputs and outputs, and reporting are developed here.
Within the Systems Development Life Cycle, the second stage is Systems Analysis, which is best defined as:
In this phase, one or more system analysts work with different stakeholder groups to determine the specific requirements for the new system. No programming is done in this step. Instead, procedures are documented, key players are interviewed, and data requirements are developed.
According to our reading Examples of the Digital Divide in the Modern Day, the three types of digital divide are:
gender divide, social divide, universal access divide
According to our Information Systems For Business and Beyond reading, which of the following definitions defines a firewall?
A device that is connected to the network and filters the packets based on a set of rules. Or software that runs on the operating system and intercepts packets as they arrive to a computer. This protects all company servers and computers by stopping packets from outside the organization's network that do not meet a strict set of criteria.
According to our Risk Management Intro reading, vulnerability is best defined as:_______________
A flaw or weakness in system security procedures, design, implementation, or internal controls that could be exercised (accidentally triggered or intentionally exploited) and result in a security breach or a violation of the system's security policy
According to our reading Four Ethical Issues for the Information Age which of these ethical issues is related to literacy (e.g. information literacy, digital literacy, computer literacy)?
Accessibility
According to our reading, Examples of the Digital Divide in the Modern Day , it states a Pew Research Center study shows that among U.S. adults with household incomes below $30,000, 29% don't own a smartphone, 44% don't have home broadband services, 46% don't own a traditional computer, and 26% own a smartphone but don't have broadband internet at home. This best describes what concept_________________?
Digital divide
There are several different methodologies an organization can adopt to implement a new system. Four of the most popular are:
Direct cutover, pilot implementation, parallel operation, phased implementation
The concept of end-user computing involves using employees not specifically trained as developers/programmers or analysts to develop information systems. Advantages of end-user computing are:
It brings the development of applications closer to those who will use them. Because IT departments are sometimes quite backlogged, it also provides a means to have software created more quickly. Many organizations use end-user computing to reduce the strain on the IT department.
According to our reading, Globalization and the Digital Divide, what best describes the term empowerment divide?
It is concerned with how we use technology to empower ourselves. Very few users truly understand the power that digital technologies can give them.
A ____________________ is a person or organization who gains the rights to a patent but does not actually make the invention that the patent protects. Instead, the patent troll searches for those who are illegally using the invention in some way and sues them. In many cases, the infringement being alleged is questionable at best. For example, companies have been sued for using Wi-Fi or for scanning documents, technologies that have been on the market for many years.
Patent troll
_____________________ is a software- development (or systems-development) methodology that focuses on quickly building a working model of the software, getting feedback from users, and then using that feedback to update the working model. After several iterations of development, a final version is developed and implemented. This statement best describes which systems development methodology?
Rapid Application Development
Based on our Risk Management Intro reading, fill in the blank: " _____________ is a function of the likelihood of a given threat-source's exercising a particular potential vulnerability, and the resulting impact of that adverse event on the organization."
Risk
According to our reading, Globalization and the Digital Divide, the top three nations/areas/cities in terms of internet speeds are:
South Korea, Hong Kong, Japan
According to our reading Examples of the Digital Divide in the Modern Day, strategies to address the digital divide include the following:
Support of innovative policies targeting underserved and marginalized groups and that agencies ensure that initiatives take into consideration network coverage and infrastructure needs
How does integrated development environment (IDE) help information systems developer/programmer?
The IDE provides a set of tools for programmers to help them more efficiently develop code...it typically provides an editor, help documentation, a compiler, and a debugging/testing tool.
According to our reading, Globalization and the Digital Divide , benefits of globalization, the global firm include:
The ability to locate expertise and labor around the world and a larger market for their products
The CIA Triad is a security model that highlights core data security objectives and serves as a guide for organizations to keep their sensitive data protected from unauthorized access and data exfiltration. According to our Information Systems For Business and Beyond reading, Integrity is defined as:
The assurance that the information being accessed has not been altered and truly represents what is intended.
What does the COPPA protect?
The privacy of children while online
According to our Information Systems For Business and Beyond reading, which of the following definitions defines an Intrusion Detection System?
This device provides the functionality to identify if the network is being attacked. It can be configured to watch for specific types of activities and then alert security personnel if that activity occurs. It also can log various types of traffic on the network for analysis later
Which of the following paragraphs best defines the maintenance phase of the systems development life cycle?
This final phase takes place once the implementation phase is complete. In this phase, the system has a structured support process in place: reported bugs are fixed and requests for new features are evaluated and implemented; system updates and backups are performed on a regular basis.
The CIA Triad is a security model that highlights core data security objectives and serves as a guide for organizations to keep their sensitive data protected from unauthorized access and data exfiltration. According to our Information Systems For Business and Beyond reading, Confidentiality is defined as:
When protecting information, we want to be able to restrict access to those who are allowed to see it; everyone else should be disallowed from learning anything about its contents.
According to our Module 8 flow, supply chain information systems support information flows among supply chain networks and partners. Information flows are best described as:
allowing the various supply chain partners to coordinate their long-term plans, and to control the day-to-day flow of goods and materials up and down the supply chain.
According to our Risk Management Intro reading, costs of data breaches include the following:______________
conducting investigations and forensics, determining potential victims, forming the incident response team, and crisis management efforts
According to our reading, Examples of the Digital Divide in the Modern Day, costs of the digital divide include the following:
detrimental effects on research, education, online shopping, and social connections
According to our reading Examples of the Digital Divide in the Modern Day, the universal access divide, refers to individuals with physical disabilities not having access to or the ability to use hardware and software. The reasons for this type of divide can include: _________________________?
digital illiteracy, low education levels, and poor broadband infrastructure
According to the article, To Guard Against Cybercrime, Follow the Money, a phishing email is best defined as:
fraudulent emails purporting to be from a potentially relevant entity such as a shipping firm, major bank, or tax authority. The email attempts to trick recipients into revealing personal data, opening a malicious attachment, or clicking a link that installs malware.
According to our module 8 lecture, organizations within the same supply chain are linked together with the following:
physical and information flows
According to the diagram on page 382 of our Information Systems: A Manager's Guide to Harnessing Technology reading, weaknesses/vulnerabilities that can lead to a compromise of an organization's information systems include the following______________________
physical assess, weak passwords, OS (operating system holes)
According to our reading Four Ethical Issues for the Information Age , what are these four ethical issues?
privacy, accuracy, property, accessibility
Based on our Module 8 reading, key supply chain processes include:
product development, procurement, manufacturing, customer relationship management
A supply chain management stream can be divided into three main streams:______________
product, information, and finances
According to our Module 8 reading, customer relationship management is best defined as:
the management of the relationships between the providing organization and its customers. Customer service provides information from the customers and has the ability to give customers real-time infor- mation on product availability, price, and delivery.
According to our Information Systems: A Manager's Guide to Harnessing Technology reading, the goal of phishing is _________
to leverage the reputation of a trusted firm or friend to trick the victim into performing an action or revealing information.
According to our Module 8 lecture, supply chain information systems can help the supply chain of organizations in these ways:
tracking the status of orders, reducing inventory, transportation, and warehousing costs, track shipments
