Exam 1

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

What is the number one cause of data loss or breaches?

Hacking is the number one cause of data loss.

Explain fraud and occupational fraud.

-Fraud is nonviolent crime because fraudsters use deception, confidence, and trickery. -Occupational fraud refers to the deliberate misuse of the assets of one's employer for personal gain.

Explain why APT attacks are difficult to detect.

-APT is a stealth network attack in which an unauthorized person gains access to a network and remains undetected for a long time. -Skilled hackers launch APT attacks to steal data continuously (e.g., daily) over months or year—rather than to cause damage that would reveal their presence

What are bandwidth and broadband?

-Bandwidth is the communication capacity of a network. -Bandwidth is the amount of data that passes through a network connection over time as measured in bits per second (bps). -Broadband is short for broad bandwidth and means high capacity.

What is the difference between 3G and 4G?

-4G delivers average download rates of 3Mbps or higher. -In contrast, today's 3G networks typically deliver average download speeds about one-tenth of that rate

Describe a database and a database management system (DBMS).

-A database is a collection of data sets or records stored in a systematic way and stores data generated by business apps, sensors, and transaction processing systems. -Databases can provide access to all of the organization's data collected for a particular function or enterprise-wide, alleviating many of the problems associated with data file environments -A database management system (DBMS) is software used to manage the additions, updates, and deletions of data as transactions occur; and support data queries and reporting.

When is batch processing used?

-Batch processing is used when there are multiple transactions which can be accumulated and processed at one time. -These transactions are not as time sensitive as those that need to be processed in real time. The transactions may be collected for a day, a shift, or over another period of time, and then they are processed. -Batch processing often is used to process payroll in a weekly or bi-weekly manner and is less costly than real-time processing.

The four components of EA

-Business Architecture (the processes the business uses to meet its goals); -Application architecture (design of IS applications and their interactions); -Data architecture (organization and access of enterprise data); -Technical architecture (the hardware and software infrastructure that supports applications and their interactions)

Describe cloud computing.

-Cloud computing is the general term for infrastructures that use the Internet and private networks to access, share, and deliver computing resources.

How can cloud computing solve the problems of managing software licenses?

-Cloud computing makes it more affordable for companies to use services that in the past would have been packaged as software and required buying, installing and maintaining on any number of individual machines. -A major type of service available via the cloud is called software as a service, or SaaS.

What are the two categories of crime?

-Crime can be divided into two categories depending on the tactics used to carry out the crime: violent and nonviolent.

Explain how identity theft can occur.

-Criminals have always obtained information about other people—by stealing wallets or dumpster digging. But widespread electronic sharing and databases have made the crime worse. -A variety of cybercrime, including the use of botnets, have been used to steal identities.

What is a critical infrastructure? List three types of critical infrastructures.

-Critical infrastructure is defined as "systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters. -transportation systems -defense industrial base -commercial facilities

What is the function of data governance?

-Data governance is the process of creating and agreeing to standards and requirements for the collection, identification, storage, and use of data. -Data governance policies must address structured, semi-structured, and unstructured data to ensure that insights can be trusted. -Data governance allows managers to determine where their data originates, who owns them, and who is responsible for what—in order to know they can trust the available data when needed. -Data governance is an enterprise-wide project because data cross boundaries and are used by people throughout the enterprise.

Why are data in databases volatile?

-Data in databases are volatile because they can be updated millions of times every second, especially if they are transaction processing systems (TPS).

What are the risks caused by data tampering?

-Data tampering refers to an attack during which someone enters false or fraudulent data into a computer, or changes or deletes existing data. -Data tampering is extremely serious because it may not be detected. This introduces dirty data with all of its inherent issues.

Contrast data, information, and knowledge.

-Data, or raw data, refers to a basic description of products, customers, events, activities, and transactions that are recorded, classified, and stored. Data are the raw material from which information is produced and the quality, reliability, and integrity of the data must be maintained for the information to be useful. -Information is data that has been processed, organized, or put into context so that it has meaning and value to the person receiving it. -Knowledge consists of data and/or information that have been processed, organized, and put into context to be meaningful, and to convey understanding, experience, accumulated learning, and expertise as they apply to a current problem or activity.

Why are cybercriminals so successful?

-Defending yesterday -Bigger attack surface -Implementing before securing. -Not ready for next-generation cyberthreats.

What is the relationship between data quality and the value of analytics?

-Dirty data degrade the value of analytics. -The "cleanliness" of data is very important to data mining and analysis projects.

What are the business benefits of EA?

-EA cuts IT costs and increases productivity by giving decision-makers access to information, insights, and ideas where and when they need them. -EA determines an organization's competitiveness, flexibility, and IT economics for the next decade and beyond. -EA helps align IT capabilities with business strategy—to grow, innovate, and respond to market demands, supported by an IT practice that is 100 percent in accord with business objectives.

Explain why data on laptops and computers need to be encrypted.

-Encryption is a part of a defense-in-depth approach to information security. The basic principle is that when one defense layer fails, another layer provides protection.

What are the benefits of APIs?

-For programmers: The benefits of APIs are that they simplify the programmer's job and ensure that all programs using the same API use that resource in the same manner. -Business benefits: APIs are channels to new customers and markets and APIs promote innovation

Explain the differences between formal and informal processes.

-Formal processes are documented and have well-established steps. Order taking and credit approval processes are examples. -Informal processes are typically undocumented, have inputs that may not yet been identified, and are knowledge-intensive.

What three factors are driving collaboration and information sharing?

-Forrester (forrester.com) identified three factors driving the trend toward collaboration and information sharing technology. These are: -Global, mobile workforce (a growing number of employees telecommute) -Mobility-driven consumerization (cloud-based collaboration solutions are on the rise) -Principle of any (there is growing need to connect anybody anytime anywhere and on any device)

Why does BYOD raise serious and legitimate areas of concern?

-Hackers break into employees' mobile devices and leapfrog into employers' networks—stealing secrets without a trace. -New vulnerabilities are created when personal and business data and communications are mixed together. -All cybersecurity controls—authentication, access control, data confidentiality, and intrusion detection—implemented on corporate-owned resources can be rendered useless by an employee-owned device.

Why are human expertise and judgment important to data analytics?

-Human expertise and judgment are needed to interpret the output of analytics. -Data is worthless if you cannot analyze, interpret, understand, and apply the results in context.

What are the business benefits of information management?

-Improves decision quality (due to timely response using reliable data) -Improves the accuracy and reliability of management predictions ("what is going to happen" as opposed to financial reporting on "what has happened.") -Reduces the risk of noncompliance (due to improved compliance with regulation resulting from better information quality and governance), and -Reduces the time and cost of locating relevant information (due to savings in time and effort through integration and optimization of repositories)

Why are internal controls needed?

-Internal control (IC) is a process designed to achieve: ~Reliability of financial reporting, to protect investors ~Operational efficiency ~Compliance with laws ~Regulations and policies ~Safeguarding of assets

What are two red flags of internal fraud?

-Internal fraud may be indicated by anomalous patterns, such as excessive hours worked, deviations in patterns of behavior, copying huge amounts of data, attempts to override controls, unusual transactions, and inadequate documentation about a transaction.

What is the difference between an intranet and an extranet?

-Intranets are used within a company for data access, sharing, and collaboration. -An extranet is a private, company-owned network that can be accessed remotely via the Internet. It connects two or more companies, suppliers, vendors, partners, or customers, so they can securely share information.

What is machine-to-machine (M2M) technology? Give an example of a business process that could be automated with M2M.

-Machine-to-machine (M2M) technology enables sensor-embedded products to share reliable real-time data via radio signals. -M2M is also referred to as the Internet of Things (IoT) and is widely used to automate business processes in industries ranging from transportation to health care. -By adding sensors to trucks, turbines, roadways, utility meters, heart monitors, vending machines, and other equipment they sell, companies can track and manage their products remotely.

What are the objectives of cybersecurity?

-Make data and documents available and accessible 24/7 while simultaneously restricting access. -Implement and enforce procedures and acceptable use policies (AUPs) for data, networks, hardware, and software that are company- or employee-owned, as discussed in the opening case. -Promote secure and legal sharing of information among authorized persons and partners.

What are two applications of NFC?

-NFC enables two devices within close proximity to establish a communication channel and transfer data through radio waves. -NFC is location-aware technologies that are more secure than other wireless technologies like Bluetooth and Wi-Fi. Unlike RFID, NFC is a two-way communication tool.

What factors are contributing to mobility?

-New wireless technologies such as WiMAX-Wireless Broadband and standards such as 8.11n -High-speed wireless networks such as 4G -Multitasking mobile devices -More robust mobile OSs and their applications

Explain what an online transaction-processing (OLTP) system does.

-OLTP is a database design that breaks down complex information into simple data tables in order to be efficient for capturing transactional data, including additions, updates, or deletions. -OLTP databases are capable of processing millions of transactions every second.

What is the difference between business deliverables and objectives?

-Objectives define the desired benefits or expected performance improvements. -They do not and should not describe what you plan to do, how you plan to do it, or what you plan to produce, which is the function of processes. -This last item, what you plan to produce, are deliverables.

Why do organizations still have information deficiency problems?

-Over many decades, changes in technology and the information companies require, along with different management teams, changing priorities, and increases or decreases in IT investments as they compete with other demands on an organization's budget, have all contributed. -Other common reasons include: data silos (information trapped in departments' databases), data lost or bypassed during transit, poorly designed user interfaces requiring extra effort from users, non-standardized data formats, and fast-moving changes in the type of information desired, particularly unstructured content, requiring expensive investments.

How are phishing attacks done?

-Phishing is a deceptive method of stealing confidential information by pretending to be a legitimate organization, such as PayPal, a bank, credit card company, or other trusted source. -Phishing messages include a link to a fraudulent phish website that looks like the real one. When the user clicks the link to the phish site, he or she is asked for a credit card number, social security number, account number, or password. -Successful attacks depend on untrained or unaware users responding to phishing scams.

Explain IT consumerization.

-is the migration of consumer technology into enterprise IT environments. -This shift has occurred because personally owned IT is as capable and cost-effective as its enterprise equivalents.

What are the business costs or risks of poor data quality?

-Poor quality data cannot be trusted and may result in the inability to make intelligent business decisions. -Poor data may lead to lost business opportunities, increased time, and effort trying to prevent errors, increased time, and effort trying to correct errors, misallocation of resources, flawed strategies, incorrect orders, and customers becoming frustrated and driven away.

Describe the data life cycle

-Principle of diminishing data value -Principle of 90/90 data use -Principle of data in context

How do social networks and cloud computing increase vulnerability?

-Social networks and cloud computing increase vulnerabilities by providing a single point of failure and attack for organized criminal networks. -Critical, sensitive, and private information is at risk, and like previous IT trends, such as wireless networks, the goal is connectivity, often with little concern for security.

Explain spear phishing.

-Spear phishers often target select groups of people with something in common—they work at the same company etc. -Spear phish creators gather information about people's companies and jobs from social media or steal it from computers and mobile devices, and then use that same information to customize messages that trick users into opening an infected e-mail.

Explain the Internet of Things.

-The Internet of Things refers to a set of capabilities enabled when physical things are connected to the Internet via sensors. -Sensors allow for the sharing of real-time data as well as the tracking, monitoring, and management of products remotely.

Why do the SEC and FTC impose huge fines for data breaches?

-The SEC and FTC impose huge fines for data breaches to deter companies from underinvesting in data protection.

Describe the relationships in the SoMoClo model.

-The SoMoClo model refers to social, mobile, and cloud technologies and their relationships, creating the technical infrastructure for digital business. -At the core is the cloud, providing 24/7 access to storage, apps, and services. -Handhelds and wearables, such as Google Glass, Pebble, and Sony Smartwatch (Figure 1.8), and their users form the edge. Social channels connect the core and edge.

What causes or contributes to data breaches?

-The main cause of a data breach is hacking, but the reason hacking is so successful is negligence—management not doing enough to defend against cyber-threats. -Even high-tech companies and market leaders appear to be detached from the value of the confidential data they store and the threat that highly motivated hackers will try to steal them.

What defenses help prevent internal fraud?

-The single-most effective fraud prevention tactic is making employees know that fraud will be detected by IT monitoring systems and punished, with the fraudster possibly turned over to the police or FBI. -The fear of being caught and prosecuted is a strong deterrent. IT must play a visible and major role in detecting fraud.

Why have mobile devices given consumers more power in the marketplace?

-The social influences of a connected society impact advertising and marketing. -Positive, or negative, influences on social media can impact consumer buying. Being mobile, consumers can check endorsements and prices on the spot when contemplating a purchase. -Customer loyalty, and therefore revenue, increasingly is dependent upon a business exploiting mobile technology, such as location-aware services, apps, alerts, and social networks.

List and give examples of the three components of a business process.

-The three components of the business process are inputs, activities, and deliverables. -Inputs are those items needed to produce the deliverables. These may be raw materials, data, knowledge, or expertise. -Activities are the work that transforms inputs and acts upon data and knowledge in order to produce deliverables. -Deliverables are the products, services, plans, or actions that result from business processes.

What are two key components of corporate profitability?

-The two key components of corporate profitability are industry structure and competitive advantage. -Industry structure determines the range of profitability of an average competitor in that sector and can be very difficult to change.

Why are patches and service packs needed?

-They are needed to keep software up to date and protected as fully as possible. When new vulnerabilities are found in operating systems, applications, or wired and wireless networks, patches are released by the vendor or security organization. -Patches, sometimes called service packs, are software programs that users download and install to fix a vulnerability.

Explain the Net neutrality debate.

-Those in favor of Net neutrality. They want a one-tier system in which all Internet data packets are treated the same, regardless of their content, destination, or source. -In contrast, those who favor the two-tiered system argue that there have always been different levels of Internet service and that a two-tiered system would enable more freedom of choice and promote Internet-based commerce.

What are threats, vulnerabilities, and risk?

-Threat: Someone or something that can cause loss, damage, or destruction. -Vulnerability: Weakness or flaw in a system that allows an attack to be successful. -Risk: Probability of a threat exploiting a vulnerability and the resulting cost of the loss, damage, disruption, or destruction. Risk = f (Threat, Vulnerability, Cost of the impact)

How does a virtual private network (VPN) provide security?

-Virtual private networks (VPNs) encrypt the data packets before they are transferred over the network and decrypt at the receiving end.

List and define three types of malware.

-Viruses, worms, trojans, rootkits, backdoors, botnets, and keyloggers are types of malware. -Most viruses, trojans, and worms are activated when an attachment is opened or a link is clicked.

What are the benefits of cloud computing?

-With cloud computing, IT services are delivered via the Internet on-demand. -Some benefits are faster application deployment, no need for upfront hardware costs, a flexible capacity for changing computing requirements, and the ability to add, or reduce, server space on-demand.

What is the difference between data centers and cloud computing?

-a main difference between a cloud and data center is that a cloud is an off-premise form of computing that stores data on the Internet. -In contrast, a data center refers to on-premises hardware and equipment that store data within an organization's local network. -Cloud services are outsourced to a third-party cloud provider who manages the updates, security, and ongoing maintenance. -Data centers are typically run by an in-house IT department.

Explain authentication and two methods of authentication.

-also called user identification, is proving that the user is who he claims to be and is a part of access control. -Authentication methods include: ~Something only the user knows, such as a password ~Something only the user has, for example, a smart card or a token ~Something only the user is, such as a signature, voice, fingerprint, or retinal (eye) scan; implemented via biometric controls, which can be physical or behavioral

Why is social engineering a technique used by hackers to gain access to a network?

-also known as human hacking, is tricking users into revealing their credentials and then using those credentials to gain access to networks or accounts. -It is a hacker's clever use of deception or manipulation of people's tendency to trust, be helpful, or simply follow their curiosity.

What is an SLA? Why are SLAs important?

-an SLA is a negotiated agreement between a company and service provider that can be a legally binding contract or an informal contract. -serves "as a means of formally documenting the service(s), performance expectations, responsibilities, and limits between cloud service providers and their users.

Define TPS and give an example.

-are sales orders, payroll, accounting, financial, marketing, purchasing, inventory control, etc. Transactions are either: -Internal transactions: Transactions that originate from within the organization or that occur within the organization. -Examples are payroll, purchases, budget transfers, and payments (in accounting terms, they're referred to as accounts payable).

What is a data center?

-consists of a large number of network servers used for the storage, processing, management, distribution, and archiving of data, systems, Web traffic, services, and enterprise applications. -also refers to the building or facility that houses the servers and equipment.

What is the purpose of business process management (BPM)?

-consists of methods, tools, and technology to support and continuously improve business processes. -The purpose is to help enterprises become more agile and effective by enabling them to better understand, manage, and adapt their business processes.

What is an IP address?

-every device that communicates with a network must have a unique identifying IP address. -An IP address is comparable to a telephone number or home address.

What are the characteristics of an agile organization?

-has the ability to respond or adapt quickly. -Organizations depend on IT agility and responsiveness to be able to adapt to market conditions and gain a competitive edge. That competitive advantage is short-lived if competitors quickly duplicate it. -Responsiveness means that IT capacity can be easily scaled up or down as needed, which essentially requires cloud computing. Closely related to IT agility is flexibility. -Flexibility means having the ability to quickly integrate new business functions or to easily reconfigure software or apps.

Describe SWOT analysis.

-involves the evaluation of strengths and weaknesses, which are internal factors; and opportunities and threats, which are external factors. -Examples are: Strengths: Reliable processes; agility; motivated workforce Weaknesses: Lack of expertise; competitors with better IT infrastructure Opportunities: A developing market; ability to create a new market or product Threats: Price wars or other fierce reaction by competitors; obsolescence

Describe strategic planning.

-is a series of processes in which an organization selects and arranges its businesses or services to keep the organization healthy or able to function even when unexpected events disrupt one or more of its businesses, markets, products, or services. -involves environmental scanning and prediction, or SWOT analysis, for each business relative to competitors in that business' market or product line.

How does Wi-Fi work?

-is a technology that allows computers to share a network or internet connection wirelessly without the need to connect to a commercial network. -Wi-Fi networks beam packets over short distances using part of the radio spectrum, or they can extend over larger areas, such as municipal Wi-Fi networks.

What is consumerization of information technology (COIT)?

-is a trend where users are obtaining for personal use an increasing amount of information technology (e.g., personal mobile devices, such as smartphones and tablets, and powerful home PCs and laptops) which often is mobile, unsecured, and in some cases, better than that provided by their employer.

What is a WLAN (Wireless Local Area Network)?

-is a type of local area network that uses high-frequency radio waves to communicate between computers or devices such as printers, which are referred to as nodes on the network. -typically extends an existing wired LAN by attaching a wireless access point (AP) to a wired network.

What is a standard operating procedure (SOP)?

-is a well-defined and documented way of doing something. -An effective SOP documents who will perform the tasks; what materials to use; and where, how, and when the tasks are to be performed.

What is a data silo?

-is one of the data deficiencies that can be addressed. It refers to the situation where the databases belonging to different functional units (e.g., departments) in an organization are not shared between the units because of a lack of integration. -Support a single function and therefore do not support the cross-functional needs of an organization. -The lack of sharing and exchange of data between functional units raises issues regarding the reliability and currency of data, requiring extensive verification to be trusted. -Exist when there is no overall IT architecture to guide IS investments, data coordination, and communication.

Define competitive advantage.

-is the edge that enables a company to outperform its average competitor. -can be sustained only by continually pursuing new ways to compete. IT can be an enabler of competitive advantage. -is the difference between a company and its competitors on matters pertinent to customers—such as quality of service/product, and value for money.

When are real-time processing capabilities needed?

-is used when a system must be updated as each transaction occurs. The input device or website for entering transactions must be directly linked to the transaction processing system (TPS). -This type of entry is used for more time sensitive data, such as reservation systems in which the user must know how many seats or rooms are available.

Explain enterprise architecture.

-it is the way IT systems and processes are structured. EA is an ongoing process of creating, maintaining, and leveraging IT. -It helps to solve two critical challenges: where an organization is going and how it will get there. -EA helps or impedes, day-to-day operations and efforts to execute business strategy.

Explain information management.

-management is the use of IT tools and methods to collect, process, consolidate, store, and secure data from sources that are often fragmented and inconsistent. -A modern organization needs to manage a variety of information which goes beyond the structured types like numbers and texts to include semi-structured and unstructured contents such as video and sound. -Maintaining—updating, expanding, porting—an organization's digital library's contents on a variety of platforms is the task of Information Management. Specifically, it deals with how information is organized, stored, and secured, and the speed and ease with which it is captured, analyzed and reported.

Why is strategic planning of mobile networks important?

-organizations are moving away from ad hoc adoption of mobile devices and network infrastructure to a more strategic planning build-out of their mobile capabilities. -As technologies that make up the mobile infrastructure evolve, identifying strategic technologies and avoiding wasted investments require more extensive planning and forecasting.

Why is WiMAX important?

-transmits voice, data, and video over high-frequency radio signals to businesses, homes, and mobile devices. It was designed to bypass traditional telephone lines and is an alternative to cable and DSL. -WiMAX is based on the IEEE 802.16 set of standards and the metropolitan area network (MAN) access standard. Its range is 20 to 30 miles and it does not require a clear line of sight to function.

What factors should be considered when selecting a mobile network?

1. Simple: Easy to deploy, manage and use. 2. Connected: Always makes the best connection possible. 3. Intelligent: Works behind the scenes, easily integrating with other systems. 4. Trusted: Enables secure and reliable communications.

What is a business model?

A business model is the means by which a company expects to, and does, make money.

What is a digital business model?

A digital business model defines how a business makes money digitally.

What are the motives of hacktivists?

A hacktivist is someone who does hacking as a way to protest for a cause.

Briefly described the basic network functions.

Business networks support basic functions including: communication, mobility, collaboration, relationships, and search.

What is a business process? Give three examples.

Business processes are series of steps by which organizations coordinate and organize tasks to get work done. In the simplest terms, a process consists of activities that convert inputs into outputs by doing work. Answers may vary. Some examples of common business processes are: • Accounting: Invoicing; reconciling accounts; auditing • Finance: Credit card or loan approval; estimating credit risk and financing terms • Human resources (HR): Recruiting and hiring; assessing compliance with regulations; evaluating job performance • IT or information systems: Generating and distributing reports and data visualizations; data analytics; data archiving • Marketing: Sales; product promotion; design and implementation of sales campaigns; qualifying a lead • Production and operations: Shipping; receiving; quality control; inventory management • Cross-functional business processes: Involve two or more functions, for example, order fulfillment and product development

What are the differences between databases and data warehouses?.

Databases are: -Designed and optimized to ensure that every transaction gets recorded and stored immediately. -Volatile because data are constantly being updated, added, or edited. -OLTP systems. Data warehouses are: -Designed and optimized for analysis and quick response to queries. -Nonvolatile. This stability is important. -OLAP systems.

What federal law requires effective internal controls?

The Sarbanes-Oxley Act (SOX) requires companies to set up comprehensive internal controls.

Explain the cloud.

The cloud consists of huge data centers accessible via the Internet which provides 24/7 access to storage, apps, and services.


Ensembles d'études connexes

Legal Aspects of Real Estate Ch. 7; Relationship Agreements

View Set

Unit 2: One- and Two-Step Equations, Expressions, and Properties

View Set

sociology Inequality Summary Assessment

View Set

Chapter 9 Terminating Healthcare Employees

View Set