itss 4370 FINALLLLLLLLL

AMI is an acronym for

"Amazon Machine Image"

Big Box Company

( Fill)

AWS Demo

(Fill)

Cloud Data Management

(Fill)

• iPremier

(Fill)

ISO 22301:2012 Societal security

- Business continuity management systems - Requirements • ISO 22301 formally specifies a Business Continuity Management System (BCMS) for any type or size of organization. • Organizations may choose to be certified compliant with the standard by accredited certification bodies, or simply use the standard to develop their BCMS. Clause 4: Context of the organization • Clause 5: Leadership • Clause 6: Planning • Clause 7: Support • Clause 8: Operation • Clause 9: Performance evaluation • Clause 10: Improvement

Bonus Question: What are nano-tubes and how are they used in infrastructure?

- Exhibit remarkable electrical conductivity - Electronics, optics, composite materials (replacing or complementing carbon fibers)

Types of Attacks

- Hoaxes: transmission of a virus hoax with a real virus attached; more devious form of attack • Back door: gaining access to system or network using known or previously unknown/newly discovered access mechanism • Password crack: attempting to reverse calculate a password • Brute force: trying every possible combination of options of a password • Dictionary: selects specific accounts to attack and uses commonly used passwords (i.e., the dictionary) to guide guesses

DRaaS

- Public cloud - typically uses customer-managed software for setting up and controlling cloud-based DR resources - Private cloud - typically uses customer-managed software for setting up and controlling cloud-based DR resources - Managed cloud services - cloud offering includes DRaaS as a part of a standard, hands-free offering

Identify and explain at least 4 of the business continuity/disaster recovery practices addressed in the DRI Professional Practices.

- Risk Assessment - Incident response - Business Impact Analysis - Awareness and Training Programs

Explain the purpose of change mgmt and productive acceptance?

- The procedures, processes and standards which are used to manage changes. - Productive acceptance directly involve departments outside the infrastructure group. ... In this case, executives from both the applications and infrastructure departments should concur on the choice of process owner.

DevOps and how can it impact IT infrastructure mgmt?

- Used for software features enhancement and bugs need fixing, enhancing along the way. It is a direct line of communication between developers and ops team. - Advocates automation and uses tools to manage application configuration and deployment, these tasks become more well-defined, consistent, repeatable, transparent, and hence, less risky.

Performance and Tuning

- a methodology to maximize throughput and minimize response times of batch jobs, online transactions, and Internet activities

Configuration Management-

- a process to ensure that the interrelationships of varying versions of infrastructure hardware and software are documented accurately and efficiently. cloud services • mainframes and servers • desktops and laptops • routers, hubs, and switches

First Platform Applications

- is primarily based on mainframes and terminals Applications are hosted centrally and accessed through terminals

Third Platform Applications

-based on cloud, Big Data analytics, mobile, and social technologies -Applications are massively scalable -Applications support anytime access from worldwide locations

Cloud Deployment Models

-provide basis for how cloud infrastructure is built, managed, and accessed Public Cloud: IT resources are made available to the general public or organizations and are owned by the cloud service provider. Private Cloud: Cloud infrastructure is operated solely for one organization and is not shared with other organizations. This cloud model offers the greatest level of security and control. Community Cloud: One or more participant organizations provide cloud services that are consumed by the community. IT resources are hosted on the premises of the external cloud service provider and not within the premises of any of the participant organizations Hybrid Cloud: IT resources are consumed from two or more distinct cloud infrastructures (private, community, or public)

Second Platform Applications

-uses a distributed application architecture Applications running on servers provide services to the applications running on clients Servers process requests from clients and respond to the requests (LAN/Internet/PC)

PC virtualization

1 computer running multiple operating systems

Server Virtualization

1 server running multiple operating systems

CIA

1) Confidentiality 2) Integrity 3) Availability

What are the 5 characteristics of the Cloud?

1) On-demand self-service 2) Broad network access 3) Resource pooling 4) Rapid elasticity 5) Measured service

ISO 27001

1) Plan 2) Do 3) Check 4) Act

Cloud deployment models

1) Private cloud 2) Community cloud 3) Public cloud 4) Hybrid cloud

The Seven Rs of Availability

1) Redundancy 2) Reputation 3) Reliability 4) Repairability 5) Recoverability 6) Responsiveness 7) Robustness

What are the 3 service models

1) Software as a Service (SaaS) 2) Platform as a Service (PaaS) 3) Infrastructure as a Service (IaaS)

change management process

1. A change request is raised, documented and logged 2. If standard change, go to step 5 3. The proposed changes are analyzed - This evaluates the impact of the change, feasibility of the change, and roughly how much it would cost, in both time and money, to make the change. 4. Change decision process - The change is implemented, rejected or deferred. - Change Control Board or Change Advisory Board - May be abbreviated for emergency changes 5. If approved, change is implemented 6. Status recorded, configuration control updated, and status communicated to requesters and relevant stakeholders

Major Components of Availability

1. Data center facility 2. Server hardware (processor, memory, channels) 3. Server system software (operating system, program products) 4. Application software (program, database management) 5. Disk hardware (controllers, arrays, disk volumes 6. Database software (data files, control files) 7. Network software 8. Network hardware (controllers, lines, hubs, switches, routers, repeaters, modems) 9. Desktop software (operating system, program products, applications) 10. Desktop hardware (processor, memory, disk, interface cards)

The Seven Rs of High Availability

1. Redundancy 2. Reputation 3. Reliability 4. Repairability 5. Recoverability 6. Responsiveness 7. Robustness

What is a broadcast storm?

A broadcast storm is an abnormally high number of broadcast packets within a short period of time. A broadcast storm can overwhelm switches and endpoints as they struggle to keep up with processing the flood of packets. When this happens, network performance degrades. (akin to an internal DDoS attack)

Planned change

A change scheduled 24 hours in advance

AMI

A cloud-based virtual machine stands for Amazon Machine Image

Hybrid Cloud

A composition of two or more distinct cloud infrastructures (private, community, or public) that remain unique entities, but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting for load balancing between clouds).

Zombie

A computer connected to the Internet that has been compromised by a hacker, computer virus or trojan horse program and can be used to perform malicious tasks of one sort or another under remote direction

On-demand self service

A consumer can unilaterally provision computing capabilities, such as server time and network storage, as needed automatically without requiring human interaction with each service provider.

Clones

A copy of an existing virtual machine.

Change Control Board (CCB)

A formal group of people responsible for approving or rejecting changes on a project • CCBs provide guidelines for preparing change requests, evaluate change requests, and manage the implementation of approved changes • May includes stakeholders from the entire organization or just from the IT organization

Templates

A master copy of a virtual machine that can be used to create many clones

Production acceptance

A methodology to consistently and successfully deploy application systems into a production environment, regardless of platform(s)

Configuration management

A process to ensure that the interrelationships of varying versions of infrastructure hardware and software are documented accurately and efficiently

Scrum

A process used to organize work into small, manageable pieces that can be completed within a prescribed time period

In cybersecurity, a Zombie is _______

A program that secretly takes over another internet-attached computer, typically controlled by a command and control bot

In cybersecurity, a Zombie is _______ (sounds dumb af)

A program that secretly takes over another internet-attached computer, typically controlled by a command and control bot

Regions and Availability Zones

A region is an actual geographic area. - Currently, you can choose the US or Europe as regions with Amazon • An availability zone is a distinct location within a region and is insulated from failures in any other zone. - By running multiple AMIs across several zones, you can protect your databases and applications from a single point of failure. Each zone has its own power sources and cooling and are designed to be insulated from floods and fires. - Amazon Machine Image (AMI) is a virtual machine with your chosen operating system and applications bundled together. • Availability Zones are logical identifiers and are unique to an account. That means that two people who map to the same zone name may not actually be running in the same physical location.

The Rule of Nines

A rule that establishes a diminishing amount of downtime in a system

What is a service level agreement? Please give 3 examples of terms you might find in a SLA for cloud services.

A service-level agreement is a commitment between a service provider and a client. • Uptime percentage • Amount of traffic at a given time (bandwidth) • Data rate or bandwidth limitations • Performance and capacity of resources • Schedule requirements for notifications (planned maintenance and outages) • Help desk response times, scope, limitations • Security • Privacy • Availability

TCP

A set of rules that governs the delivery of data over the internet or other network that uses the internet protocol, and sets up a connection between the sending and receiving computers. The Communication standard of the internet.

Matching: It should be clear who accessed or changed information and when they did

Accountability

Exposure

Actual harm or possible harm

1. Management advantages 2. Cost reduction 3. Risk reduction

Advantages of Outsourcing(3)

SO 22301 Clause 8 - Operation Business continuity strategy:

After requirements have been established through the BIA and the risk assessment, strategies can be developed to identify arrangements that will enable the organization to protect and recover critical activities based on organizational risk tolerance and within defined recovery time objectives. • Experience and good practice clearly indicate that the early provision of an overall organizational BCM strategy will ensure BCM activities are aligned with and support the organization's overall business strategy. • The business continuity strategy should be an integral component of an institution's corporate strategy

Service Level Agreement (SLA)

Agreement between customer and cloud provider where both parties agree on the level of service that is to be expected

Which following criteria maybe use to determine data tiering need?

All above

Which of the following steps is a recommended approach for successful cloud adoption? -Develop a business case and an enterprise cloud strategy -Select cloud deployment model(s) -Select cloud service model(s) -Identify and address security and privacy issues

All of emmm

Data tiering determines where and how data is stored. Which of the following criteria may be used in determining data tiering needs? -Performance -Cost -Availability -Recovery or retrieval requirements

All of the above stupid

Which of these are methods for measuring availability? Percent uptime = (Actual uptime) / (Scheduled uptime) Measure uptime in terms meaningful to users Quantify amount of downtime

All of the above stupid

erformance issues for networks that may need to be addressed include _____ Bandwidth Protocols Broadcast storms Speed or Performance

All of the above stupid

A key part of business continuity management is not just preparing the business continuity plans, but ensuring that they will be able to achieve their intended purposes. An effective organizational strategy for business continuity includes which of the following tasks?

All the above?

Virtualization: Select the correct answer: Allows a single physical resource to act as multiple resources Reduces hardware and power expenditures Facilitates hardware centralization Software-defined storage (SDS) All of the above

Allllllll of it bluh

VM

Allow multiple virtual machines to run on a single physical machine, a locally hosted virtual machine

Virtualization: Select the correct answer:

Allows a single physical resource to act as multiple resources Reduces hardware and power expenditures Facilitates hardware centralization Software-defined storage (SDS)

Data Tiering

Allows us to control where data is going to be stored based on performance, cost, availability, and recovery requirement.

Incident

An occurrence that actually or potentially results in adverse consequences to an information system or the information that the system stores, processes, or transmits, and that may require a response action to mitigate the consequences

Emergency change

An urgent change requiring manual intervention in less than 24 hours

Production change

Any activity, of either a planned or emergency nature, that could potentially impact the stability or responsiveness of the organization's IT production environment

The principal purpose of Business Impact Analysis is to ______________

Assess the impact that various risks or attacks can have on the organization's

Matching: Human originated penetration or penetration attempt

Attack

Matching: Information should be provided to users when they need it

Availability

There are several approaches that can be taken to maximize availability - the seven R's of high availability. Which of the following is NOT one of these seven approaches?

B) Recognition

Configuration Management Definitions

Baseline - One or more configuration items that have been formally reviewed and agreed upon and are controlled • Configuration Item - A collection of elements treated as a unit for the purposes of CM • Configuration - A collection of all the elements of a baseline and a description of how they fit together

1. Public IP address is conserved (1 per LAN) 2. Eliminates having to register with ICANN 3. Protects against direct attack

Benefits of Private IP addressing

Q12 Which of the following is NOT one of the three common service models in cloud computing? Software as a Service (SaaS) Platform as a Service (PaaS) Broadband as a Service (BaaS) Infrastructure as a Service (IaaS)

Broadband as a Service (BaaS)

Which of the following is NOT one of the three common service models in cloud computing?

Broadband as a Service (BaaS)

Benefits of Cloud Computing

Business agility Reduced IT costs High availability Flexible scaling Flexibility of access Simplified infrastructure management Increased collaboration Business continuity

Roles and Responsibility

CIO - Pro: Responsible for critical IT resources - Con: Not responsible for operational resources or for buildings and facilities - Usually places emphasis on the protection of technology based assets • Head of internal audit - Lacks credibility to make decisions about operational issues or nonfinancial risk management issues. • CFO - Chooses alternatives such as insurance - Judges the impact of an outage on the financial viability of the business, which is a key aspect of the Business Impact Analysis - Assesses regulatory issues and their affect on risk management - Assesses cost issues and recommending budget and cost guidelines

Broad network access

Capabilities are available over the network and accessed through standard mechanisms that promote use by heterogeneous thin or thick client platforms (e.g., mobile phones, tablets, laptops, and workstations).

Rapid elasticity

Capabilities can be elastically provisioned and released, in some cases automatically, to scale rapidly outward and inward commensurate with demand. To the consumer, the capabilities available for provisioning often appear to be unlimited and can be appropriated in any quantity at any time.

• Platform as a Service

Capability provided to the consumer to deploy consumer-created or acquired applications on the provider's infrastructure • Consumer has control over • Deployed applications • Possible application hosting environment configurations • Consumer is billed for platform software components • OS, Database, Middleware • Consumers deploy consumer-created or acquired applications onto provider's computing platform • Computing platform is offered as a service

Software as a Service

Capability provided to the consumer to use provider's applications running in a cloud infrastructure • Complete stack including application is provided as a service • Application is accessible from various client devices, for example, via a thin client interface such as a Web browser • Billing is based on the application usage • Consumers use provider's applications running on the cloud infrastructure • Applications are offered as a service • Service providers exclusively manage computing infrastructure and software to support services

Production Acceptance

Change is implemented when approved

Explain the purpose of change management and production acceptance.

Change management - concerned with the procedures, processes and standards which are used to manage changes Production Acceptance - Production acceptance is a methodology used to consistently and successfully deploy application systems into a production environment regardless of platform.

CIO

Chief Information Officer; manages IT department, communicates with executive staff on IT- and IS- related matters. Member of the executive group.

Elastic = flexible to demand; Pooled = Economies of scale

Cloud Advantages (2)

1. Dependency on Vendor 2. Loss of control over data location 3. Little visibility into security and disaster preparedness

Cloud Disadvantages (3)

Platform

Cloud based platforms, typically provided using virtualization, such as Amazon ECC, Sun Grid

Application

Cloud based software that eliminates the need for local installation such as Google Apps, Microsoft Online

Private cloud

Cloud computing implemented in a secure environment safeguarded by a firewall

**Essential Characteristic 5 Measured Service - Cloud

Cloud computing provides a metering system that continuously monitors resource consumption and generates reports • Helps to control and optimize resource use • Helps to generate billing and chargeback reports

Community cloud

Cloud computing provisioned for exclusive use by a specific community of consumers

Public cloud

Cloud computing provisioned for open use by the general public

Hybrid cloud

Cloud infrastructure comprised of two or more distinct cloud models

1. Identifying changes in purchasing patterns (certain life events cause customers to change what they buy) 2. BI for entertainment (netflix has data on watching, listening, and rental habits, however determines what people actually want, not what they say.) 3. Predictive Policing (analyze data on past crimes, including location, date, time, day of week, and related data to predict where crimes are likely to occur 4. Amazon = uses data on things you bought to suggest other things you should buy based on what other people who purchased what you did also purchased.

Common uses of Business Intelligence: (4)

What kind of cloud deployment model provides a cloud infrastructure that is provisioned for exclusive use by users from organizations that have shared concerns (e.g. purpose, mission, security requirements, policy, and compliance considerations.)

Community cloud

What kind of cloud deployment model provides a cloud infrastructure that is provisioned for exclusive use by users from organizations that have shared concerns (e.g. purpose, mission, security requirements, policy, and compliance considerations.) -Private cloud -Public cloud -Hybrid cloud -Community cloud

Community cloud

Services

Complete business services such as PayPal, OpenID, OAuth, Google Maps, Alexa

**Essential Characteristic 2 Broad Network Access - Cloud

Computing capabilities are available over the network • Computing capabilities are accessed from a broad range of client platforms such as: • Desktop computer • Laptop • Tablet • Mobile device

**Essential Characteristic 4 Rapid Elasticity - Cloud

Computing capabilities can be elastically provisioned and released • Computing capabilities are scaled rapidly, commensurate with consumer's demand • Provides a sense of unlimited scalability

Change Management

Concerned with the procedures, processes, and standards which are used to manage change - may cover execution, tools, or software for the change control process - due to changing market, technology, executive decisions, costs, etc.

Matching: Information should only be provided to those who need access to it

Confidentiality

CIAA

Confidentiality, Integrity, Availability and Accountability

Matching: Preventative measure

Control

Timelines/Relationships

Correlation of potential losses. Passive and active discovery. The more time it takes to identify something, then the greater exposure to risks involved.

Reputation

Credibility of Track Record

Metadata

Data about Data

Unsupervised Data Mining

Data mining in which: 1. Analyst Don't Start with a prior hypothesis or model 2. The hypothesized model is created based on analytical results to explain the patterns found. 3. Cluster Analysis:

Supervised data mining

Data mining in which: 1. Analyst use a prior hypothesis or model or algorithm to compute outcome of model 2. Prediction, such as regression analysis

Storage

Data storage or cloud based NAS such as CTERA, iDisk, CloudNAS

Tier 1

Data that is generated by major business applications, email, essential documents

Tier 0

Data that is mission-critical, frequently accessed, recently accessed or requires high degree of security

Tier 2

Data that is still important, but not necessary for daily business operations, such as financial or transactional data

Tier 3

Data that must be retained, such as long-term backup, old financial and historical records, compliance requirements, email historical retention for long periods of time

Tables + Relationships between rows in tables + Metadata

Database =

a collection of related tables

Database is...

Recoverability

Degree of Fault Tolerance

Which of the following is NOT a characteristic of cloud computing?

Demand pooling

Which of the following is NOT a characteristic of cloud computing? -On-demand self service -Rapid elasticity -Demand pooling -Broad network access

Demand pooling

Which of the following is not a characteristics of cloud computing?(Five critical characteristics)

Demand pooling(Should be Resource pooling)

Types of Attacks (cont'd.)

Denial-of-service (DoS): attacker sends large number of connection or information requests to a target - Target system cannot handle successfully along with other, legitimate service requests - May result in system crash or inability to perform ordinary functions • Distributed denial-of-service (DDoS): coordinated stream of requests is launched against target from many locations simultaneous -Sniffers: program or device that monitors data traveling over network; can be used both for legitimate purposes and for stealing information from a network • Spoofing: technique used to gain unauthorized access; intruder assumes a trusted IP address • Mail bombing: also a DoS; attacker routes large quantities of e-mail to target • Pharming: redirection of legitimate Web traffic (e.g., browser requests) to illegitimate site for the purpose of obtaining private information

Programmer

Design and write computer programs

he principal purpose of Business Impact Analysis is to ______________

Determine and evaluate the potential effects of an interruption to critical business operations as a result of a disaster, accident, or emergency

What is DevOps and how can it impact IT infrastructure management?

DevOps is the practice of operations and development engineers participating together in the entire service lifecycle, from design through the development process to production support. It supports the IT infrastructure by expediting the development and implementation of applications due to its agility.

Which of the following steps in a recommended approach for successful cloud adoption?

Develop a business case and an enterprise cloud strategy Select cloud deployment model(s) Select cloud service model(s) Identify and address security and privacy issues

What is DevOps?

Develops is the practice of operations and development engineers participating together in the entire service life cycle, from design through the development process to production support. It supports the IT infrastructure by expediting the development and implementation of applications due to its agility

1. Loss of control 2. Benefits outweighed by long-term costs 3. No easy exit

Disadvantages of Outsourcing(3)

Which following functions are not a key component in an organization's disaster recovery effort?

Disaster reaction

Which of the following functions is NOT a key component in an organization's disaster recovery efforts?

Disaster reaction

Which of the following functions is NOT a key component in an organization's disaster recovery efforts? Disaster recovery Continuity management Disaster recovery planning Disaster reaction

Disaster reaction

Awareness and Training Programs

Document plans to be used during an incident that will enable the entity to continue to function.

Law or standard industry practice require physical control or possession of the data

Don't use the cloud when:

Repairability

Duration of Outages

The Cloud

Elastic leasing of pooled computer resources via the internet

If availability focuses on reducing the frequency and duration of systems outages, then high availability focuses on _______

Eliminating system outages

Redundancy as a method for maximizing availability deals with ______

Eliminating, as much as possible, any single point of failure that could disrupt service availability

Redundancy

Elimination of Single Points of Failure

1. Never Give up 2. Take risks 3. Do what you like to do 4. Do something important 5. Focus on signal over noise 6. Look for Problem Solvers to join you team 7. Attract Great People

Elon Musk 10 rules for success (name at least 4)

The percentage of _______ to all changes can indicate the relative degree to which an organization is reactive or proactive.

Emergency changes

The percentage of ____________ to all changes can indicate the relative degree to which an organization is reactive or proactive

Emergency changes

The percentage of ____________ to all changes can indicate the relative degree to which an organization is reactive or proactive -Software changes -Emergency changes -Planned changes -Production changes

Emergency changes

** Essential Characteristic 1 On-demand Self-service - Cloud

Enables consumers to unilaterally provision computing capabilities (examples: server time and storage capacity) as needed automatically • Consumers view service catalogue via a Webbased user interface and use it to request for a service

Configuration Management

Ensures descriptions of IT Assets are correct and complete. Involves identifying and controlling the functional and physical design characteristics of products.

Defense in depth refers to _________

Establishing sufficient security controls and safeguards so that an intruder faces multiple layers of controls

Private Cloud

Exclusive use by a single organization comprising multiple consumers (e.g., business units). It may be owned, managed, and operated by the organization, a third party, or some combination of them, and it may exist on or off premises.

Community Cloud

Exclusive use by a specific community of consumers from organizations that have shared concerns (e.g., mission, security requirements, policy, and compliance considerations).

Matching: Actual harm or possible harm

Exposure

Network equipment is usually not included as part of the configuration management because there is little need to document network hardware and network configurations

False

Network equipment is usually not included as part of the configuration management because there is little need to document network hardware and network configurations True False

False

Vint Cerf

Father of the internet; is the co-designer of the TCP/IP protocols and the architecture of the internet. Vice-president and Chief Internet Evangelist for Google.

Design of Security Architecture (cont'd.

Firewall: device that selectively discriminates against information flowing in or out of organization • DMZs: no-man's land between inside and outside networks where some place Web servers or other publicly available computing resources • Proxy servers: performs actions on behalf of another system • Intrusion detection systems (IDSs): in effort to detect unauthorized activity within inner network, or on individual machines, organization may wish to implement an IDS

Differences Between Scrum and Kanban

Focus - Where Scrum limits the amount of time allowed to accomplish a particular amount of work (by means of sprints), Kanban limits the amount of work allowed in any one condition (only so many tasks can be ongoing, only so many can be on the to-do list.) • Managing flow - Scrum uses timeboxed sprints. Sprint backlog is a prioritized list of story points that need to be completed to deliver a shippable product. - Kanban has no required time boxes or iterations, but limitations in the work flow

Incident Response

Focuses on immediate response; if attack escalates or is disastrous, process changes to disaster recovery and BCP

relation

Formal term for table is

Reliability

Frequency of Outages

The greatest threat to an organization's information systems comes from?

From the insiders of the company or organization

1. Develop 2. Operate 3. Maintain the organization's computing infrastructure and applications. 5. Protect information 6. Manage outsourcing relationships 7. Plan the use of IS to accomplish organizational goals and strategy.

Function of the IS department are:

My IS rights

Have adequate Computer hardware and programs that allow you to perform your job proficiently A reliable network and internet connections A secure computing environment Protection from viruses, worms, and other threats Prompt attention to problems, concerns, and complaints

The ISO/IEC 27001: 2005 Plan-Do-Check-Act Cycle

Here is how you can recognize the PDCA cycle in the structure of ISO standards: • Clauses 4 Context of the organization, 5 Leadership, 6 Planning, and 7 Support - the Plan phase • Clause 8 Operations - the Do phase • Clause 9 Performance Evaluation - the Check phase, • Clause 10 Improvement - the Act phase

• Dedicated recovery site options

Hot sites - fully operational sites - Warm sites - fully operational hardware but software may not be present - Cold sites - rudimentary services and facilities Shared site options - Time-share - A hot, warm, or cold site that is leased in conjunction with a business partner or sister organization - Service Bureaus / Cloud Providers - An agency that provides a service for a fee - Mutual agreement - A contract between two or more organizations that specifies how each will assist the other in the event of a disaster.

Attack

Humans originated penetration or penetration attempt

Business Continuity

ISO 22301, business continuity management system standard

1. Provide Legitimate Internet Address 2. Provide Gateway to Internet 3. Pay access fees and other charges to telecoms

ISP's purpose? (3)

Private IP address

Identifies a device on a private network, usually a LAN. Assignment LAN controlled.

What are the key functions of the NIST Cybersecurity Framework?

Identify Protect Detect Respond Recover

Which of the following are key functions of the NIST Cybersecurity Framework?

Identify, protect, detect, respond and recover

Privacy Level Agreement

Identity of the Cloud Service Provider 2. Ways in which the data will be processed - Personal data location - Subcontractors - Installation of software on cloud customer's systems 3. Data Transfer 4. Data Security 5. Monitoring and/or auditing in order to ensure that appropriate privacy and security measures 6. Personal data breach notification 7. Data portability 8. Data retention 9. Accountability 10. Cooperation 11. Legally required disclosure

Matching: An occurrence that actually or potentially results in adverse consequences to an information system or the information that the system stores, processes, or transmits, and that may require a response action to mitigate the consequences

Incident

Which of the following is NOT a component of incident response?

Incident reaction

Continuity Strategies

Incident response plans (IRPs); disaster recovery plans (DRPs); business continuity plans (BCPs) • Primary functions of above plans - IRP focuses on immediate response; if attack escalates or is disastrous, process changes to disaster recovery and BCP - DRP typically focuses on restoring systems after disasters occur; as such, is closely associated with BCP - BCP occurs concurrently with DRP when damage is major or long term, requiring more than simple restoration of information and information resources

Security awareness, training, and education, is focused on __________

Increasing awareness of security topics by employees and other insiders

Security awareness, training, and education, is focused on __________ -Understanding Business Impact Analysis -Malware detection -Increasing awareness of security topics by employees and other insiders -Educating just the cybersecurity staff from the security operations center - All of the above

Increasing awareness of security topics by employees and other insiders

Availability

Information should be provided to users when they need it

Integrity

Information should not be altered or changed unexpectedly

Confidentiality

Information should only be provided to those who need access to it

The greatest threat to an organization's information systems come from

Insiders

The greatest threat to an organization's information systems come from -Phishing and social engineering -Cyber hackers -Insiders -Nation-state actors -Radical 90's teens with attitude

Insiders

Matching: Information should not be altered or changed unexpectedly

Integrity

SQL

International standard language for DBMS query coding

What is interoperability? How would you describe it to somebody not working in IT? What is an example of interoperability?

Interoperability is the property that allows for the unrestricted sharing of resources between different systems. This can refer to the ability to share data between different components or machines. Broadly speaking, interoperability is the ability of two or more components or systems to exchange information and to use the information that has been exchanged. It just means the exchange of information through different platforms. Some examples are: client servers, infrastructure, softwares.

Measured service

Is the process used by cloud systems to automatically control and optimize resource use by leveraging a metering capability Helps to control and optimize resource use Helps to generate billing and chargeback reports

Accountability

It should be clear who accessed or changed information and when they did it

Please describe your recommended solution for 1800-JUNK-VAN and explain why it best fits the needs of this firm.

LOOK INTO IT

Refer back to iPremier

LOOK INTO IT

Issues in adopting, deployment and testing cloud

Lack of institutionalized knowledge internally is problematic. There is software that we might want to put on the cloud because with software that is developed, we can't put it out there as a design and service. There is also SaaS that is being provided cannot take a lot of bandwidth(Availability).

MY IS responsitrilatrance

Learn basic computer skills Learn standard techniques and procedures for the applications you use Follow security and backup procedures Protect your passwords Install only authorized programs

Deliberate Software Attacks

Malicious software (malware) designed to damage, destroy, or deny service to target systems • Includes: - Viruses - a piece of code that is capable of copying itself and typically has a detrimental effect, such as corrupting the system or destroying data. - Worms - self-replicating program - Trojan horses - Logic bombs - Back door or trap door - Polymorphic threats - a self-encrypted virus designed to avoid detection by a scanner. Upon infection, the polymorphic virus duplicates itself by creating usable, albeit slightly modified, copies of itself. - Virus and worm hoaxes

DBMS

Manipulates and queries database in a swift and controlled manner. Can be open sourced(MySQL) or licensed (ORACLE/Access/IBM)

N:M

Many to Many; 1 department has many advisors; 1 advisor has many departments

Key characteristics of cloud-optimized storage solution are:

Massively scalable • Unified namespace • Metadata and policy-based information management • Secure multi-tenancy • Multiple access mechanisms (through REST and SOAP web service APIs and file-based access)

The rule of nines refers to -The nine service models for cloud computing -The nine R's of high availability -Measurement of availability as a percentage of uptime None of the above

Measurement of availability as a percentage of uptime

The rule of nines refers to

Measurement of availability as a percentage of uptime

Market Basket Analysis

Methodology of ________ _____ _____ 1. Uses statistical methods to identify sales patterns in large volumes of data. 2. Finds products customers tend to buy together. 3. Determines probabilities of customer purchases 4. Identifies cross-selling opportunities 5. Customers who bought fins also bought mask

Defense in Depth

Multiple layers in defense for intrusion. For logins, there's single sign on, within that there's 2 factor authentication, firewalls, tipping points.

Contingency planning team

Must decide which actions constitute disasters and which constitute incidents

1. Business Analyst 2. System Analyst 3. Programmer

Name 3 IS related Jobs roles and positions:

• Incident recovery

Once incident has been contained and control of systems regained, the next stage is recovery - First task is to identify human resources needed and launch them into action - Full extent of the damage must be assessed - Organization repairs vulnerabilities, addresses any shortcomings in safeguards, and restores data and services of the systems

The ISO 27000 Series

One of the most widely referenced and often discussed security models • Framework for information security that states organizational security policy is needed to provide management direction and support • Provides a common basis for developing organizational security

1:N

One to many; 1 department has many advisors; 1 advisor has only one department

Business Continuity Planning

Outlines reestablishment of critical business operations during a disaster that impacts operations• Development of BCP is somewhat simpler than IRP or DRP Consists primarily of - selecting a continuity strategy and - integrating off-site data storage and recovery functions into this strategy - Determining factors in selecting between options is usually cost and how fast do you need to be back up

Outsourcing vs. Offshoring

Outsourcing refers to an organization contracting work out to a third party. While offshoring refers to getting work done in a different country, usually to leverage costs. BIGGEST DIFFERENCE: WHILE outsourcing can be (and often is) off-shored, offshoring may not always involve outsourcing.

Robustness

Overall Quality of the System

Information Security Methods of Defense

Overlapping controls - Authentication - Encryption - Integrity control - Firewalls - Network configuration - Application configuration - Policy

Which of these are methods for measuring availability?

Percent uptime = (Actual uptime) / (Scheduled uptime) Measure uptime in terms meaningful to users Quantify amount of downtime

Data tiering determines where and how data is stored. Which of the following criteria may be used in determining data tiering needs?

Performance Cost Availability Recovery or retrieval requirements

Hosting

Physical data centers such as those run by IBM, HP, NavSite.

A key part of business continuity management is not just preparing the business continuity plans, but ensuring that they will be able to achieve their intended purposes. An effective organizational strategy for business continuity includes which of the following tasks?

Planning and executing regularly scheduled tests of the plan, as often as twice a year

Threat

Potential for exposure thats a fact cause its done with we safe

Control

Preventative measure

Data Tiering

Prioritizes data based on performance, cost, availability, and recovery requirements

1. Curse of dimensionality 2. Dirty Data (wrong) 3. Missing Values 4. Inconsistent Data 5. Data not integrated 6. Too fine granularity

Problems associated with the granularity of data include:

DevOps requires the following processes be in place:

Process standardization and automation • Version control • Release management • Configuration management • Cross-training and job rotation

Infrastructure as a Service

Provides capability to the consumer to hire infrastructure components such as servers, storage, and network • Enables consumers to deploy and run software, including OS and applications • Pays for infrastructure components usage, for example, Storage capacity, CPU usage, etc. • Consumers deploy their software, including OS and application on provider's infrastructure • Computing resources such as processing power, memory, storage, and networking components are offered as service • Consumers have control over the OSs and deployed applications

Platform as a Service (PaaS)

Provides you computing platforms which typically includes operating system, programming language execution environment, database, web server etc.

Infrastructure as a Service (IaaS)

Provides you the computing infrastructure, physical and virtualized machines, and other resources

Public Cloud

Provisioned for open use by the general public. It may be owned, managed, and operated by a business, academic, or government organization, or some combination of them. It exists on the premises of the cloud provider.

There are several approaches that can be taken to maximize availability - the seven R's of high availability. Which of the following is NOT one of these seven approaches? Robustness Recognition Reliability Redundancy

Recognition

The Seven Rs of Availability

Redundancy - Elimination of Single Points of Failure Reputation - Credibility of Track Record Reliability - Frequency of Outages Repairability - Duration of Outages Recoverability - Degree of Fault Tolerance Responsiveness - Urgency of Support Robustness - Overall Quality of the System

DevOps

Refers to a set of practices that emphasize the collaboration and communication of both software developers and information technology operations

Measured service

Resource usage can be monitored, controlled, and reported, providing transparency for both the provider and consumer of the utilized service.

Which of the following functions should NOT be a function of a change advisory board (CAB) or change control board (CCB)?

Review all logged changes

Which of the following functions should NOT be a function of a change advisory board (CAB) or change control board (CCB)? -Review and approve proposed changes -Review and approve emergency changes implemented -Serve as a barrier to making changes to the production environment -Review all logged changes

Review all logged changes

Purpose of Change Control System

Review all requested changes • Identify impact of change • Evaluate advantages and disadvantages of requested change • Install process so that individual with authority may accept or reject changes • Communicate change to concerned parties • Ensure changes implemented properly • Prepare reports that summarize changes made to date and their impact

Identify and explain at least 4 of the business continuity/disaster recovery practices addressed in the DRI Professional Practices.

Risk assessment: The goal of this requirement is to establish, implement, and maintain a formal documented risk assessment process that systematically identifies, analyzes, and evaluates the risk of disruptive incidents to the organization. Incident response: planning covers identification of, classification of, and response to an incident Business Impact Analysis: This activity enables an organization to identify the critical processes that support its key products and services, and the interdependencies between processes and the resources required to operate the processes at a minimally-acceptable level. Awareness and Training Programs: Document plans to be used during an incident that will enable the entity to continue to function.

IETF Security Architecture

Security Area Working Group acts as advisory board for protocols and areas developed and promoted by the Internet Society • RFC 2196: Site Security Handbook covers five basic areas of security with detailed discussions on development and implementation

Which of the following is NOT a component of incident response? -Selecting a continuing strategy -Incident detection -Incident recovery -Incident reaction

Selecting a continuing strategy

Corporate Information Security Policy (CISP)

Sets strategic direction, scope, and tone for all security efforts within the organization • Executive-level document, usually drafted by or with the CIO of the organization • Typically addresses - Establishes security program and responsibilities assigned to various organizational components - Specified penalties and disciplinary action for noncompliance

• Damage assessment

Several sources of information on damage, including system logs; intrusion detection logs; configuration logs and documents; documentation from incident response; and results of detailed assessment of systems and data storage - Computer evidence must be carefully collected, documented, and maintained to be acceptable in formal or informal proceedings - May need to involve law enforcement - Individuals who assess damage need special training

Which of these factors played a part in the Target breach that we discussed in class?

Social engineering

Development

Software development platforms used to build custom cloud based applications such as SalesForce

big box

Some changes I would suggest to Big Box Company for their program change control process areaddressing the lack of communication within the team working on change request. I would add astep to update the team through emails periodically through the process of the change request. Iwould also add a step to ensure that the production source is in sync with the change request. The production change administrator can acquire this task within the process. For incident reports to correspond with the PCCS I would add a step to the production control team to evaluate incidents and log them within the system. Some risk areas to be considered for this process include communication between the programmers, production change administrators, system owner, and production control team. This is an issue because of the "after-hours" change requests the other employees may not know if a change has been made so they should be updated in some form synchronously. Another risk area is changes made that are unauthorized. There should be documentation for each step in the change request and the status. Another high-risk area is that the incident reporting system for change requests need to synchronize with the PCCS. The production source should also be in sync with theexecutable code

DevOps Includes All Functions that Support the Software Development Life Cycle (SDLC)

Some specific practices that you need to include when you adopt DevOps: • Release planning • Continuous integration • Continuous delivery • Continuous testing • Continuous monitoring and feedback

One justification for choosing a hybrid cloud deployment model is the ability to support cloud bursting. What is cloud bursting?

Spilling over to the public cloud to deal with spikes in demand

One justification for choosing a hybrid cloud deployment model is the ability to support cloud bursting. What is cloud bursting? Breaking up an organization's cloud services across multiple cloud providers to minimize risk Spilling over to the public cloud to deal with spikes in demand Rainfall in the data center, invoking a disaster recovery plan (DRP) Rapid testing of cloud applications

Spilling over to the public cloud to deal with spikes in demand

Sprints

Sprints are planned to create a forecast or commitment • A constant duration leads to a better rhythm • Product is designed, coded, and tested during the sprint

Cluster Analysis

Statistical technique to identify groups of entities with similar characteristics; used to find groups of similar customers from customer order and demographic data. Form of Unsupervised data mining.

Systems-Specific Policy (SysSP)

SysSPs frequently function as standards and procedures used when configuring or maintaining systems • Systems-specific policies fall into two groups - Managerial guidance - Technical specifications ACLs can restrict access for a particular user, computer, time, duration—even a particular file • Configuration rule policies • Firewall policies

IT controls are the BEST detection method to limit fraud duration and loss

TRUE

Which of these factors played a part in the Target breach that we discussed in class? -Early, full disclosure of the full magnitude of the breach -Missed warnings from security systems -Target's early detection of the breach -Social engineering

Target's early detection of the breach

NIST Cybersecurity Framework

The Framework Core Establishes a Common Language • Describes desired outcomes • Understandable by everyone • Applies to any type of risk management • Defines the entire breadth of cybersecurity • Spans both prevention and reaction Function Identify Protect Detect Respond Recover

Issue-Specific Security Policy (ISSP)

The ISSP: - Addresses specific areas of technology - Requires frequent updates - Contains statement on organization's position on a specific issue (such as as ISSP for Cloud Services) Components of the policy - Statement of Policy - Authorized Access and Usage of Equipment - Prohibited Use of Equipment - Systems Management - Violations of Policy - Policy Review and Modification - Limitations of Liability

Virtualization

The act of creating a virtual version of something, including virtual computer hardware platforms, storage devices, and computer network resources

Software as a Service (SaaS)

The applications are accessible from various client devices through either a thin client interface, such as a web browser (e.g., web-based email), or a program interface. Consumer has limited user-specific application configuration settings.

Platform as a Service (PaaS)

The capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages, libraries, services, and tools supported by the provider.

Infrastructure as a Service(IaaS)

The capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer can deploy and run arbitrary software, which can include operating systems and applications.

Risk assessment

The goal of this requirement is to establish, implement, and maintain a formal documented risk assessment process that systematically identifies, analyzes, and evaluates the risk of disruptive incidents to the organization.

Scrum

The most popular agile method used today. Short iterations which mimic a project lifecycle on a small scale, having a distinct beginning and end for each iteration

Change management

The overall process to control and coordinate all changes to an IT production environment

IP addressing

These protocols manage traffic as it passes across the internet. Most important protocol in transport layer is TCP. Its like a home address

What should the relationship be between business continuity policies and corporate policies?

They should be strategically aligned

What should the relationship be between business continuity policies and corporate policies? They should be strategically aligned There is no need to link IT policies to corporate policies They should address similar issues in Section 7 - the Information Security section They should be the same

They should be strategically aligned

Business Impact Analysis

This activity enables an organization to identify the critical processes that support its key products and services, and the inter-dependencies between processes and the resources required to operate the processes at a minimally-acceptable level.

Resource pooling

This serves multiple consumers using a multi-tenant model, with different physical and virtual resources dynamically assigned and reassigned according to consumer demand. Customer generally has no control or knowledge over the exact location of the provided resources but may be able to specify location at a higher level of abstraction (e.g., country, state, or datacenter). Examples of resources include storage, processing, memory, and network bandwidth.

1. entities must contain all data users need 2. Must accurately reflect their view of the business 3. devote time

Thorough review of data model by users should involve: (3)

Matching: Potential for exposure

Threat

1. Acquire Data 2. Perform Analysis 3. Publish Results

Three primary activities of business intelligence:

• Off-Site disaster data storage

To get sites up and running quickly, an organization must have the ability to move data into new site's systems - Options for getting operations up and running include: • Electronic vaulting • Remote journaling • Database shadowing • Cloud storage

RFM

To produce and ___ score, a program sorts customer purchase records by date of most recent (R) purchase, divides sorts into quintiles, and gives customers a score of 1 - 5. Process is repeated for Frequently and Money. You want a LOW score = good customer.

AMI is an acronym for "Amazon Machine Image"

True

IT controls are the BEST detection method to limit fraud duration and loss True False

True

Disaster Recovery

Typically focuses on restoring systems after disasters occur; as such, is closely associated with BCP

Service Level Agreements

Uptime percentage • Amount of traffic at a given time (bandwidth) • Data rate or bandwidth limitations • Performance and capacity of resources • Schedule requirements for notifications (planned maintenance and outages) • Help desk response times, scope, limitations • Security • Privacy • Availability Penalties - Compensation, refunds or discounts • Exit conditions • Availability zones - Which do you have access to? - If your provider is reselling (buying from another provider), which of those do you have access to? • Disaster recovery provisions

Responsiveness

Urgency of Support

Final judges that review data model

Users role in database development?

Software as a Service (SaaS)

Uses the web to deliver applications that are managed by a third-party vendor and whose interface is accessed on the client's side

Virtualization

Virtual workspaces: - An abstraction of an execution environment that can be made dynamically available to authorized clients by using well-defined protocols, - Resource quota (e.g. CPU, memory share), - Software configuration (e.g. O/S, provided services). • Implement on Virtual Machines (VMs): - Abstraction of a physical host machine, - Hypervisor intercepts and emulates instructions from VMs, and allows management of VMs, - VMWare, Xen, etc. • Provide infrastructure API: - Plug-ins to hardware/support structure

Matching: Weakness that may be exploited

Vulnerability

Vulnerability

Weakness that may be exploited

Receives communications from your computer and passes them on to the internet and receives communications from the internet and passes them to you.

What do ISPs do?

Internet Service provider

What does ISP stand for?

Local Area Network

What does LAN stand for?

Personal Area Network

What does PAN stand for?

Recent Orders; Frequent Orders; Money (amount spent)

What does RFM stand for?

computers connected to a single physical site

What is LAN?

devices connected around a single person

What is PAN?

Computers connected between two or more separated sites

What is WAN? (wide area network)

IP version 6; because we are running out of IP addresses

What is the next evolution of IP addressing and why

Primary Key

What is unique to that table

Foreign Key

What ties different tables together

Kanban

Work items are visualized, and work is defined based on customer needs and expanded backwards

Business Analyst

Work with business leaders and planners to develop processes and systems that implement business strategy and goals

System Analyst

Work with users to determine system requirements, design and develop job descriptions and procedures, help determine system test plans.

Market Basket Analysis

a data-mining technique for determining sales patterns. Knowing what people buy together so you can cross-sell and up-sell.

DevOps

a practice of bringing development and operations teams together, focuses on constant testing and delivery.

IP

a set of rules governing the format of data sent over the internet or other network

data mart

a subset of a datawarehouse; addresses a particular component or functional area of the business.

Your organization is considering upgrading its IT posture. Pick 2 of these topics and explain to management why should be a part of their new plans.

a) Cyber security is a key factor in information technology nowadays. Without it, data could be easily stolen, manipulated, or used by anyone who is not authorized to do so. Therefore, a good cyber security department is needed. b) Cloud computing enables companies and applications, which are system infrastructure dependent, to be infrastructure-less. By using the Cloud infrastructure on "pay as used and on demand", all of us can save in capital and operational investment!

What is the primary focus of each of these: (a) incident response, (b) disaster recovery, and (c)business continuity?

a) Incident Response (IRP) - focuses on immediate response; if attack escalates or is disastrous, process changes to disaster recovery and BCP b) Disaster Recover (DRP) - typically focuses on restoring systems after disasters occur; as such, is closely associated with BCP c) Business Continuity (BCP) - occurs concurrently with DRP when damage is major or long term, requiring more than simple restoration of information and information resources

Kanban

allows software be developed in one large development cycle (also an agile methodology)

Production Environment -

any hardware, software or documentation (electronic or hardcopy) component that directly support a production application.

Maximum Cardinality

at least one entity --|----->

(why) Data visualization

because of the way human brains process information, using charts, or graphs to visualize large amounts of complex data is easier than pouring over spreadsheets or reports. _______ is a quick, easy, way to convey concepts in a universal manner - and you can experiment with different scenarios by making slight adjustments.

Change management

concerned with the procedures, processes and standards which are used to manage changes • Change management policies may cover: - The change request process and the information required to process each change request - Define how changes will be executed - The process used to analyze the impact and costs of change and the associated traceability information - The membership of the body which formally considers change requests - The tools or software support (if any) for the change control process

Incident Response

develop and assist with the implementation of an incident management system that defines organizational roles, line of authority and succession of authority.

Plan Development and Implementation

document plans to be used during an incident that will enable the entity to continue to function.

On-demand self service

enables consumers to unilaterally provision computing capabilities as needed (examples: server time and storage capacity)

Business Continuity Plan Exercise, Assessment, and Maintenance

establish an exercise, assessment and maintenance program to maintain a state of awareness.

Agile

focuses on adaptive, simultaneous workflows.

ISO 22301

formally specifies a Business Continuity Management System (BCMS) for any type or size of organization.

Public IP address

identifies a unique device on internet; Assigned by ICANN(Intenet corporation for assigned names and numbers).

Risk Assessment

identify the risks that can adversely affect an entity's resources or image.

What is Cloud Computing?

is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort or service provider interaction." (NIST) -Consumers pay only for the services that they use, either based on a subscription or based on resource consumption. -Cloud services are accessed from different types of client devices over wired and wireless network connections.

Kanban

is a process used to organize work for the sake of efficiency. • Kanban encourages work to be broken down into manageable chunks and uses a Kanban Board to visualize that work as it progresses through the work flow

Social engineering

is an attack vector that relies heavily on human interaction and often involves tricking people into breaking normal security procedures

Rapid elasticity

is the capability to quickly scale-out and rapidly release resources to quickly scale in.

(What is) Data Visualization

is the presentation of data in a pictorial or graphical format. It enables decision makers to see analytics presented visually, so that they can grasp difficult concepts r identify new patterns. With interactive _____, you an take the concept a step further by using tech to drill down into charts and graphs for more detail, interactively changing what data you see and how it's processed.

Resource pooling

is the process of combining a provider's computing resources to serve multiple consumers using a multi-tenant model. Consumers have no control or knowledge over the exact location of the provided resources

Bit Rot

is the slow deterioration in the performance and integrity of data stored on storage media. Basically as time goes on, we are less able to run or open past programs or applications because we are using new software.

Minimum Cardinality

minimum number of entities in a relationship. Small oval means entity is optional; relationship need not have entity of that type. -------o-->

iPremier's DoS attack

outdated disaster recovery plan also unprepared in missing their emergency procedure binder of resources -Premier was not trained to handle the DoS in a rapid enough response time that would have allowed them to both prevent the attack and assure the security and safety of valuable assets such as customer information, accounting information, and other sensitive information. ---lack of scalability within their network system, as it was entirely reliant on a single operating platform that disabled their ability to interact with their system. -Qdata's break of their operating level agreement. As part of their service level agreement (SLA), Qdata had ensured 24 hour surveillance to monitor any abnormalities in Ipremiers operations. We plan to move the platform from Qdata onto a more reliable and secure hybrid cloud environment, update the cyber security disaster recovery plan, and create the business contingency plan. -move to a reputable cloud provider that meets all of the service and operating level agreements required such as 24 hour network monitoring, executing risk management plans, and defense against hacking attempts. Due to current vendor-locked aspect of iPremier, massive changes will occur with the migration of data, services, or applications when iPremier switches cloud providers. switching to a preferred cloud provider will benefit iPremier in terms of a reduced IT cost, business agility, flexible scaling in the demand for computing resources easily, high availability, and device independence. This hybrid cloud would be a combination of a public and private cloud, where the public cloud can run applications and keep data in a secure, provider-protected public cloud, then use the private cloud for scaling purposes when there is a need for more space.

Incident response

planning covers identification, classification of, and response to an incident

Virtualization

process by which one computer hosts the appearance of many computers. One operating system, called the host operating system runs one or more operating systems as applications. Hosted operating systems are called virtual machines (vm)

Outsourcing

process of hiring another organization to perform services. Any value chain business activity can be _____. Outsourcing is done to save costs, gain expertise, reduce financial risk, and free up managment time.

Broad network access

provides capabilities that are available over the network and accessed through standard mechanisms Desktop computer Laptop Tablet Mobile device

Offshoring

refers to getting work done in a different country, usually to leverage costs.

Data Mining

the process of finding anomalies, patterns and correlations within large data sets to predict outcomes. Using a broad range of techniques, you can use this information to increase revenues, cut costs, improve customer relationships, reduce risks and more.

Availability

the process of optimizing the readiness of production systems by accurately measuring, analyzing, and reducing outages to those production systems

Controlling Change

the requesting, prioritizing and approving of any requested production change to the operations environment prior to the change coordination required for its implementation

Final Judges

users are the ____ ____ as to what data the database should contain and how the records in that database should be related to one another.

datacenters all over the country

where is the cloud?

Desktop Virtualization

you can access your hardware/desktop from any computer around the world

Business Continuity vs. Disaster Recovery

• Business continuity is about planning ways to keep the doors open while minimizing the impact of disruptions on customers and business operations. • Disaster Recovery is about the series of steps taken to restore the business once a problem occurs. Disaster Recovery is a subset of Business Continuity Planning

**Essential Characteristic 3 Resource Pooling - Cloud

• Provider's computing resources are pooled to serve multiple consumers using a multitenant model • Resources are assigned from the pool according to consumer demand • Consumers have no control or knowledge over the exact location of the provided resources