BIS Chapter 12
Five step systems development life cycle
* Business Planning Process * Define Systems * Determine Requirements * Design System Components * Implement System
Organizations are dynamic, and processes within organizations need to be adapted. The need for change arises from two sources
* The process does not consistently meet its objective. * Changes in business environment
Feasibility has four dimensions
* cost * schedule * technical * organizational feasibility
Systems Development Life Cycle The process of understanding how an information system can support business need, build it, and deliver it to users.
1. Define the system 2. Determine Requirements 3. Define System Components 4. Create, Test, Implement 5. Maintain the system
security safeguards
A fair information practices principle, it is the principle that personal data should be protected by reasonable security safeguards against such risks as loss or unauthorized access, destruction, use, modification or disclosure of data
Business Analyst
A person who understands business strategies, goals, and objectives and who helps businesses develop and manage business processes and information systems. (2) Someone who is well versed in Porter's models, organizational strategy, and systems alignment theory, like COBIT, and who also understands the proper role for technology.
Plunge Installation
A type of system conversion in which the organization shuts off the old system and starts the new system. If the new system fails, the organization is in trouble: Nothing can be done until either the new system is fixed or the old system is reinstalled. Because of the risk, organizations should avoid this conversion style if possible. Sometimes called direct installation.
phishing
An attack that sends an email or displays a Web announcement that falsely claims to be from a legitimate enterprise in an attempt to trick the user into surrendering private information
The Information Systems Audit and Control Association has created a set of standard practices called ________ that are often used in the assessment stage of the BPM cycle.
COBIT Control Objectives for Information and Related Technology
HTTPS
Hypertext Transfer Protocol Secure
Parallel Installation
New system/business processes run parallel with the old one until the new system is tested and fully operational
Maintenance
The extent to which the learner continues to perform the target behavior after a portion or all of the intervention has been terminated
Information Systems Security
The process of protecting information systems vulnerabilities from threats by creating appropriate safeguards
Spoofing
When someone pretends to be someone else with the intent of obtaining unauthorized data.
Business Process Management
a cyclical process for systematically monitoring, modeling, creating, and implementing business processes
Test Plan
a formal description of the system's response to use and misuse scenarios, is written.
Security Vulnerability
a potential challenge to the integrity of information systems from one of three sources: human error, malicious human activity, and natural events and disasters.
Security Program
a systematic plan by which an organization addresses security issues
as-is model
documents the current situation, then change the model to make adjustments to solve process problems
Hacking
gaining unauthorized access to a computer system.
System conversion
implies the process of converting business activity from the old system to the new
Computer Criminals
invade computer networks to obtain critical data or to manipulate the system for financial gain.
Threat
is a challenge to information systems.
Phased Installation
new system/business process is installed in phases across the organization
Pretexting
occurs when someone deceives by pretending to be someone else
Pilot Installation
organization implements the entire system/business processes on a limited portion of the business
Social Engineering
term that describes any attempt to penetrate the security of system by convincing people to disclose secret information.
Effectiveness
the degree to which a predetermined objective or target is met
System development
the process of creating and maintaining an information system.
SSL also known as TSL
Secure Sockets Layer ____ is a method of encrypting TCP/IP transmissions above the network layer.
Worm
Similar to a virus, but it has the capability to travel without any human action so it can infect many computers. It is able to replicate itself and can use the email address book to send itself to everyone listed. It consumes system memory to do this and slows down the computer or the network.