Ch. 12 Systems Support and Security: Managing Systems Support and Security
Kbps (kilobits per second)
A bandwidth or throughput measurement. (Not Gbps or Mbps)
Gbps (gigabits per second)
A bandwidth or throughput measurement. (not Kbps or Mbps)
Mbps (megabits per second)
A bandwidth or throughput measurement. Not Gbps or Kbps.
help desk
A centralized resource staffed by IT professionals that provides users with the support they need to do their jobs.
network interface
A combination of hardware and software that allows the computer to interact with the network.
public/private key encryption (PKE)
A common encryption method where a pair of keys, public and private, are used together; the public key encrypts and the private key decrypts the data.
full backup
A complete backup of every file on the system.
certification
A credential an individual earns by demonstrating a certain level of knowledge and skill on a standardized test.
private network
A dedicated connection, similar to a leased telephone line.
programmer/analyst
A designation for positions that require a combination of systems analysis and programming skills.
keystroke logger
A device that can be inserted between a keyboard and a computer to record keystrokes.
baseline
A formal reference point that measures system characteristics at a specific time.
maintenance release
A formal release of a new system version that contains a number of changes.
attack
A hostile act that targets an information system, or an organization itself.
enhancement
A new feature or capability.
database programmer
A person who focuses on creating and supporting large-scale database systems.
applications programmer
A person who works on new systems development and maintenance.
business continuity plan (BCP)
A plan that defines how critical business functions can continue in the event of a major disruption.
security policy
A policy that addresses the three main elements of system security: confidentiality, integrity, and availability.
port
A positive integer that is used for routing incoming traffic to the correct application on a computer.
change control (CC)
A process for controlling changes in system requirements during software development; also an important tool for managing system changes and costs after a system becomes operational.
configuration management (CM)
A process for controlling changes in system requirements during the development phases of the SDLC.
capacity planning
A process that monitors current activity and performance levels, anticipates future activity, and forecasts the resources needed to provide desired levels of service.
encryption
A process where data is coded (converted into unreadable characters) so that only those with the required authorization can access the data (usually via decoding software).
continuous backup
A real-time streaming backup method that records all system activity as it occurs.
IEEE 802.11i
A security standard for Wi-Fi wireless networks that uses the WPA2 protocol, currently the most secure encryption method for Wi-Fi networks.
hot site
A separate IT location, which might be in another state or even another country, that can support critical business systems in the event of a power outage, system crash, or physical catastrophe.
distributed denial of service (DDOS)
A service attack involving multiple attacking computers that can synchronize DOS attacks on a server.
maintenance release methodology
A system of numbered releases used by organizations (especially software vendors) that helps organize maintenance changes and updates.
fault tolerant
A system or application where the failure of one component does not disable the rest of the system or application.
administrator account
Account that allows essentially unrestricted access to the application.
exploit
An attack that takes advantage of a system vulnerability, often due to a combination of one or more improperly configured services.
port scan
An attempt to detect the services running on a computer by trying to connect to various ports and recording the ports on which a connection was accepted.
risk
An event that could affect the project negatively.
denial of service (DOS)
An online attack that occurs when an attacking computer makes repeated requests to a service or services running on certain ports.
Educational Testing Service (ETS)
An organization that provides assessment and certification of critical thinking skills using the ISkillsr test.
privilege escalation attack
An unauthorized attempt to increase permission levels.
differential backup
Backup that backs up only the files that have changed since the last full backup.
retention period
Backups are stored for a specific retention period after which they are either destroyed or the backup media is reused.
identity management
Controls and procedures necessary to identify legitimate users and system components.
security hole
Created by a combination of one or more improperly configured services.
backup media
Data storage options, including tape, hard drives, optical storage, and online storage.
plain text
Data that is not encrypted.
risk control
Develops safeguards that reduce the likelihood and impact of risks.
automatic update service
Enables an application to contact the vendor's server and check for a needed patch.
security
Hardware, software, and procedural controls that safeguard and protect a system and its data from internal or external threats.
asset
Hardware, software, data, networks, people, or procedures that provide tangible or intangible benefits to an organization.
risk identification
Listing each risk and assessing the likelihood that it could affect a project.
perfective maintenance
Maintenance that improves efficiency.
hardening
Making a system more secure by removing unnecessary accounts, services, and features.
malware
Malicious software that might jeopardize your security or privacy.
biometric scanning systems
Mapping an individual's facial features, handprint, or eye characteristics for identification purposes.
risk assessment
Measures the likelihood and impact of risks.
pretexting
Obtaining personal information under false pretenses.
acceptance
One of four risk control strategies. The risk is accepted and nothing is done.
avoidance
One of four risk control strategies. The risk is eliminated by adding protective safeguards.
mitigation
One of four risk control strategies. This reduces the impact of a risk by careful planning and preparation.
availability
One of the three main elements of system security: confidentiality, integrity, and this. (CIA) It ensures that authorized users have timely and reliable access to necessary information.
integrity
One of the three main elements of system security: confidentiality, this, and availability (CIA). It prevents unauthorized users from creating, modifying, or deleting information.
confidentiality
One of the three main elements of system security: this, integrity, and availability. (CIA) It protects information from unauthorized disclosure and safeguards privacy.
dumpster diving
Raiding desks or trash bins for valuable information
log
Record typically kept by operating systems and applications that documents all events, including dates, times, and other specific information. They can be important in understanding past attacks and preventing future intrusions.
patch
Replacement code that is applied to fix bugs or security holes in software.
remote control software
Software that allows IT staff to take over a user's workstation and provide support and troubleshooting.
network intrusion detection system (NIDS)
Software that monitors network traffic to detect attempted intrusions or suspicious network traffic patterns, and sends alerts to network administrators. Can be helpful in documenting the efforts of attackers and analyzing network performance.
critical thinking skills
The ability to compare, classify, evaluate, recognize patterns, analyze cause and effect, and apply logic.
bandwidth
The amount of data that the system can handle in a fixed time period. Its requirements are expressed in bits per second (bps).
firewall
The main line of defense between a local network, or intranet, and the Internet.
response time
The overall time between a request for system activity and the delivery of the response. In the typical online environment, this is measured from the instant the user presses the ENTER key or clicks a mouse button until the requested screen display appears or printed output is ready.
risk management
The process of identifying, evaluating, tracking, and controlling risks to minimize their impact.
recovery
The process of restoring data and restarting a system after an interruption.
backup
The process of saving a series of file or data copies to be retained for a specified period of time.
archived
The storage of previous version of a system when a new version is installed.
CIA triangle
The three main elements of system security: confidentiality, integrity, and availability.
fault management
The timely detection and resolution of operational problems. It includes monitoring a system for signs of trouble, logging all system failures, diagnosing the problem, and applying corrective action.
operational costs
These are incurred after a system is implemented and continue while the system is in use.
maintenance activities
These include changing programs, procedures, or documentation to ensure correct system performance; adapting the system to changing requirements; and making the system operate more efficiently.
credentials
These include formal degrees, diplomas, or certificates granted by learning institutions to show that a certain level of education has been achieved successfully.
maintenance expenses
These vary significantly during the system's operational life and include spending to support maintenance activities.
adaptive maintenance
This adds new capability and enhancements.
disaster recovery plan
This consists of an overall backup and recovery plan.
maintenance team
This consists of one or more systems analysts and programmers.
backup policy
This contains detailed instructions and procedures for all backups.
product baseline
This describes the system at the beginning of system operation. It incorporates any changes made since the allocated baseline and includes the results of performance and acceptance tests for the operational system.
allocated baseline
This documents the system at the end of the design phase and identifies any changes since the functional baseline. It includes testing and verification of all system requirements and features.
operational security
This is concerned with managerial policies and controls that ensure secure operations. Also called procedural security.
incremental backup
This is faster than a full backup because it backs up only the files that have changed since the last full backup.
corrective maintenance
This is performed to fix errors.
functional baseline
This is the configuration of the system documented at the beginning of the project. It consists of all the necessary system requirements and design constraints.
benchmark testing
This is used by companies to measure system performance.
RAID (redundant array of independent disks)
This may be part of an organization's backup and recovery plans. It mirrors the data while processing continues. They are fault-tolerant because a failure of any one disk does not disable the system.
data replication
This means that in normal operating conditions, any transaction that occurs on the primary system must automatically propagate to the hot site.
BIOS-level password
This must be entered before the computer can be started. It prevents an unauthorized person from booting a computer by using a USB device or a CD-ROM. Also called a power-on password or a boot-level password.
preventive maintenance
This reduces the possibility of future system failure.
offsiting
This refers to the practice of storing backup media away from the main business location, in order to mitigate the risk of a catastrophic disaster such as a flood, fire, or earthquake.
information center (IC)
This supports users by training them on application software. Specialists answer questions, troubleshoot problems, and serve as a clearinghouse for user problems and solutions.
network
Two or more devices that are connected for the purpose of sending, receiving, and sharing data.
permissions
User-specific privileges that determine the type of access a user has to a database, file, or directory. Also called user rights.
critical risk
When risks are categorized and prioritized, these (those with the highest vulnerability and impact ratings) head the list.
metrics
Workload measurements, also called metrics, include the number of lines printed, the number of records accessed, and the number of transactions processed in a given time period.
