CIA Part 3: Study Unit 5
1 kilobyte 1 megabyte 1 gigabyte 1 terabyte
1,024 (210) bytes 1,048,576 (220) bytes 1,073,741,824 (230) bytes 1,099,511,627,776 (240) bytes
Requirements Analysis and Definition
1.A formal proposal for a new system is submitted to the IT steering committee, describing the need for the application and the business function(s) that it will affect. 2.Feasibility studies are conducted to determine a.What technology the new system will require b.What economic resources must be committed to the new system c.How the new system will affect current operations 3.The steering committee gives its go-ahead for the project.
build and development
1.The actual program code and database structures that will be used in the new system are written. 2.Hardware is acquired and physical infrastructure is assembled.
tree or hierarchical
A ________ structure arranges data in a one-to-many relationship in which each record has one antecedent but may have an unlimited number of subsequent records.
database
is an organized collection of data in a computer system.
Non-relational databases
provide a mechanism for storage and retrieval of data other than the tabular relations used in relational databases. 1.The data structures used by NoSQL databases do not require joining tables, which allow operations to run faster. 2.They capture all kinds of data (e.g., structured, semi-structured, and unstructured data), which allows for a flexible database that can easily and quickly accommodate any new type of data and is not disrupted by content structure changes. 3.They provide better "horizontal" scaling to clusters of machines, which solves the problem when the number of concurrent users skyrockets for applications that are accessible via the Web and mobile devices. 4.Impedance mismatch between the object-oriented approach to write applications and the schema-based tables and rows of relational databases is eliminated. For instance, storing all information on one document, in contrast to joining multiple tables together, results in less code to write, debug, and maintain.
cardinality
refers to how close a given data element is to being unique. a. A data element that can only exist once in a given table has high ___________. b. A data element that is not unique in a given table but that has a restricted range of possible values is said to have normal ________. c. A data element that has a very small range of values is said to have low ________. A field that can contain only male/female or true/false is an example.
Unit testing
refers to tests that verify (1) the functionality of a specific section of code and (2) the handling of data passed between various units or subsystems components.
data control language
specifies the privileges and security rules governing database users.
White-box testing
tests internal structures or workings of a program, as opposed to the functionality exposed to the end-user.
Debugging
(the process of testing and resolving problems) is performed during system development with the intent of identifying errors or other defects.
organizational needs assessment
***The _________ is a detailed process of study and evaluation of how information systems can be deployed to help the organization meet its goals. The steps in the assessment are as follows: 1.Determine whether current systems support organizational goals 2.Determine needs unmet by current systems 3.Determine capacity of current systems to accommodate projected growth 4.Propose path for information systems deployment to achieve organizational goals within budgetary constraints
1. schema 2. subschema
1. The _______ is a description of the overall logical structure of the database using data-definition language, which is the connection between the logical and physical structures of the database. 2. A _______ describes a particular user's (application's) view of a part of the database using data definition language.
1. Users 2. Programmers
1. _________ (i.e., end users) should have the ability to update access for production data but not production programs. 2. _________ should not have the ability to update access for production data or production programs.
System Design
1.Logical design consists of mapping the flow and storage of the data elements that will be used by the new system and the new program modules that will constitute the new system. a.Data flow diagrams and structured flowcharts are commonly used in this step. b.Some data elements may already be stored in existing databases. Good logical design ensures that they are not duplicated. 2.Physical design involves planning the specific interactions of the new program code and data elements with the hardware platform (existing or planned for purchase) on which the new system will operate. a.Systems analysts are heavily involved in these two steps.
DBMS (Database Management System)
A _____ is an integrated set of computer programs that (1) create the database, (2) maintain the elements, (3) safeguard the data from loss or destruction, and (4) make the data available to applications programs and inquiries. 1. The ______ allows programmers and designers to work independently of the technical structure of the database. a. Before the development of ______, designing and coding programs that used databases was extremely time-consuming (and therefore expensive) because programmers had to know the exact contents and characteristics of the data in every database. b. ______ provide a common language for referring to databases, easing the design and coding of application programs. c. A ______ includes security features. Thus, a specified user's access may be limited to certain data fields or logical views depending on the individual's assigned duties. d. DB2 (IBM), Oracle (Oracle Corp.), SQL Server (Microsoft), and Access (Microsoft) are examples of _______.
business process
A _________ is a flow of actions performed on goods and/or information to accomplish a discrete objective. Examples include hiring a new employee, recruiting a new customer, and filling a customer order.
distributed database
A _________ is stored in two or more physical sites using either replication or partitioning.
deadly embrace (deadlock)
A _________ occurs when each of two transactions has a lock on a single data resource. a. When _______ occur, the database management system (DBMS) must have an algorithm for undoing the effects of one of the transactions and releasing the data resources it controls so that the other transaction can run to completion. Then, the other transaction is restarted and permitted to run to completion. b. If _______ are not resolved, response time worsens or the system eventually fails.
relational
A __________ structure organizes data in a conceptual arrangement. 1.An individual data item is called a field or column (e.g., name, date, amount). a.Related fields are brought together in a record or row (e.g., for a single sales transaction). b.Multiple records make up a file or table (e.g., sales). c.Tables can be joined or linked based on common fields rather than on high-overhead pointers or linked lists as in other database structures. d.Every record in a table has a field (or group of fields) designated as the key. The value (or combination of values) in the key uniquely identifies each record.
change management
A key characteristic of organizations with high-performing IT environments is effective __________.
1. strategic alignment 2. risk management 3. value delivery 4. performance measurement 5. resource management
A well-functioning governance program generally concentrates on the following: 1. ____________ between the organization's goals and IT's strategy for meeting those goals. 2. _________ involves identifying the controls in place to monitor, analyze, and address risks. 3. ________ is assessed by the organization to determine the benefits provided by and the worth of IT (i.e., return on investment, productivity, and implementation results). 4. _______ involves analysis of whether IT has accomplished set goals and comparison to industry standards. The IIA has categorized the key components of successful IT governance as follows: a. IT processes that are used to provide services to all areas within the organization b. Organizational structure (i.e., roles and relationships) that communicates the carrying out of IT services within the organization c. Mechanisms or courses of action that coordinate, evaluate, and measure IT performance 5. ________ involves ensuring that infrastructure is meeting short-term expectations and identifying IT enhancements and advancements that are necessary to meet long-term expectations.
online analytical processing (OLAP)
Advanced database systems provide for _____, also called multidimensional data analysis, which is the ability to analyze large amounts of data from numerous perspectives. 1. _______ is an integral part of the data warehouse concept. 2. Using _________, users can compare data in many dimensions, such as sales by product, sales by geography, and sales by salesperson.
object-oriented database
An _________ is a response to the need to store not only numbers and characters but also graphics and multimedia applications. Translating these data into tables and rows is difficult. However, in an __________, they can be stored, along with the procedures acting on them, within an object.
1. tone at the top 2. monitor 3. freeze and maintenance 4. change success rate 5. unplanned work
An organization can immediately improve its change management processes by implementing the following steps: 1.Create a _______ for a culture of change management across the entire organization. 2.Consistently _______ the number of unplanned outages because they are indicative of unauthorized change and ineffective change control. 3.Define and enforce change __________ windows to decrease the number of risky changes and unplanned outages. 4.Use a ________ as a change management performance indicator. 5.Use _______ as a key indicator of the effectiveness of change management processes and controls.
IT steering committee
Because IT pervades every aspect of operations in a modern organization, the ______ must study each request for a new process and either approve or deny it. 1. Typical members of the _______ include the chief information officer and the head of systems development from the IT function. Executive management from each division is also represented. 2. The committee members have an understanding of the interactions of the organization's current systems and how they will affect and be affected by new or redesigned business processes.
1. Identify the need for the change. 2. Prepare for the change. 3. Justify and obtain approval. 4. Authorize. 5. Schedule, coordinate, & implement. 6. Verify and review. 7. Back out. 8. Close. 9. Publish. 10. Change processes.
Changes must be managed in a repeatable, defined, and predictable manner. Accordingly, the change management process typically includes the following steps:
Query Management Facility (QMF)
Data from a relational database can be displayed in graphs and reports, changed, and otherwise controlled using a program called ________.
killer application
Extensive time and resources are devoted to the creation of a new application, and generally, the more important the business function being automated, the more complex the application is. Thus, having a well-governed methodology for overseeing the development process is vital and could lead to the development of a _______, which is one that is so useful that it may justify widespread adoption of a new technology.
phased
In some cases, _______ conversion is possible. Under this strategy, one function of the new system at a time is placed in operation. i.For instance, if the new system is an integrated accounting application, accounts receivable could be installed, then accounts payable, cash management, materials handling, etc. ii.The advantage of this strategy is allowing the users to learn one part of the system at a time.
Normalization
Note that in a relational structure, each data element is stored as few times as necessary. This is accomplished through the process of _____. _____ prevents inconsistent deletion, insertion, and updating of data items. The relational structure requires careful planning, but it is easy to maintain and processes queries efficiently.
1. Corporate-level strategy 2. Business-level strategy 3. Functional-level strategy
Organizations generally develop strategies at three different levels. 1. ________ is concerned with market definition (i.e., business and markets to focus resources). 2. _________ applies to organizations that have independent business units that each develop their own strategy. 3. _________ concentrates on a specific functional area of the organization such as treasury, information systems, human resources, and operations.
segregation of duties
Preventive controls include ________ (e.g., the separation of preparer, tester, implementer, and approver roles), change authorization, and limiting persons who may update access to production data and production programs.
key
Some field or combination of fields on each record is designated as the ____. The criterion for a ___ is that it contains enough information to uniquely identify each record; i.e., there can be no two records with the same _____.
1. systems strategy 2. Project initiation 3. In-house development 4. Commercial packages 5. Maintenance and support
The SDLC approach is the traditional methodology applied to the development of large, highly structured application systems. A major advantage of the life-cycle approach is enhanced management and control of the development process. SDLC consists of the following five steps: 1. _______, which requires understanding the organization's needs. 2. __________ is the process by which systems proposals are assessed. 3. _________ is generally chosen for unique information needs. 4. ________ are generally chosen for common needs rather than developing a new system from scratch. 5. _______ involves ensuring the system accommodates changing user needs.
Initiation, Feasibility, and Planning
The SDLC begins with recognizing there is a need for a new system, gaining an understanding of the situation to determine whether it is feasible to create a solution, and formulating a plan.
network structure
The _____ connects every record in the database with every other record. This was an attempt to make queries more efficient. However, the huge number of cross-references inherent in this structure makes maintenance far too complex.
replication or snapshot technique
The ______ makes duplicates to be stored at multiple locations. a. Changes are periodically copied and sent to each location. If a database is small, storing multiple copies may be cheaper than retrieving records from a central site.
flat files
The early mainframe computers used _____, meaning that all the records and all the data elements within each record followed one behind the other. Much of the early mainframe storage was on magnetic tape, which naturally stored data in this fashion.
a. In-memory analytics b. Search engine technology
The following technologies are replacing OLAP: a. _________ is an approach that queries data when it resides in a computer's random access memory (RAM), as opposed to querying data that is stored on physical disks. This results in shortened query response times and allows business intelligence and analytic applications to support faster business decisions. b. __________ stores data at a document/transaction level, and data is not pre-aggregated like it would be when contained in an OLAP or in-memory technology application. Users are able to have full access to their raw data and create the aggregations themselves.
1. Initiation, Feasibility, and Planning 2. Requirements Analysis and Definition 3. System Design 4. Build and Development 5. Testing and Quality Control 6. Acceptance, Installation, and Implementation 7. Operations and Maintenance
The phases and component steps of the traditional SDLC can be described as follows:
1.Unauthorized changes, 2.Unplanned outages, 3.Low change success rate, 4.High number of emergency changes, and 5.Delayed project implementation.
The risks resulting from ineffective change management include lost market opportunities, unsatisfactory product or service quality, and increased potential for fraud. The top risk indicators of ineffective change management are:
1. Selecting 2. Joining 3. Projecting
The three basic operations in the relational model are: 1. ___________ creates a subset of records that meet certain criteria. 2. _________ is the combining of relational tables based on a common field or combination of fields. 3. ________ results in the requested subset of columns from the table. This operation creates a new table containing only the required information.
data redundancy
The various files related to human resources in the conventional record systems of most organizations include payroll, work history, and permanent personnel data. An employee's name must appear in each of these files when they are stored and processed separately. The result is ________. When data are combined in a database, each data item is usually stored only once.
cardinality and referential integrity
Two features that make the relational data structure stand out are _______ and __________.
effective controls
Ultimately, effective change management depends on implementing ______, including adequate management supervision, over the change management process.
pilot
Under _______ conversion, one branch, department, or division at a time is fully converted to the new system. i.Experience gained from each installation is used to benefit the next one. One disadvantage of this strategy is the extension of the conversion time.
two-phase commit disk-writing protocol
Updating data in a distributed system may require special protocols. a. Thus, a _______ is used. If data are to be updated in two places, databases in both locations are cleared for updating before either one performs (commits) the update. b. In the first phase, both locations agree to the update. In the second phase, both perform the update.
parallel operation
With _______, the old and new systems both are run at full capacity for a given period. i.This strategy is the safest. The old system is still producing output because the new system may have major problems. But it is also the most expensive and time-consuming.
direct changeover (direct cutover)
With _________ conversion, the old system is shut down and the new one takes over processing at once. i.This is the least expensive and time-consuming strategy, but it is also the riskiest because the new system cannot be reverted to the original.
Data mining
______ is facilitated by a data warehouse. _______ is the process of analyzing data from different perspectives and summarizing it into useful information. ______ software ordinarily is used. a.For example, ______ software can help to find abnormal patterns and unforeseen correlations among the data. b.Internal auditors can use _____ techniques to detect fraud
Governance, Risk, and Compliance (GRC)
______ software enables organizations to manage the governance program strategy. 1. _______ systems assist management with monitoring, evaluating, and enforcing policies, standards, and procedures established to ensure compliance. 2. Characteristics associated with successful _____ systems implementation include but are not limited to a.Compliance with laws and regulations b.Increased efficiency and effectiveness of business operations while reducing costs c.Risk management, control monitoring, and an information sharing focus d.Identification of the roles of management and who owns each risk, controls risk content, and approves those risks e.Cascade of information throughout the organization improving various functions
field
also called a data item, is a group of bytes. The field contains a unit of data about some entity, e.g., a composer's name.
Computer-aided software engineering (CASE)
applies the computer to software design and development. 1. It provides the capacity to a. Maintain on the computer all of the system documentation, e.g., data flow diagrams, data dictionaries, and pseudocode (structured English); b. Develop executable input and output screens; and c. Generate program code in at least skeletal form. 2. Thus, __________ facilitates the creation, organization, and maintenance of documentation and permits some automation of the coding process.
End-users
are generally the drivers of a new or redesigned process.
Data command interpreter languages
are symbolic character strings used to control the current state of DBMS operations.
hypermedia database
blocks of data are organized into nodes that are linked in a pattern determined by the user so that an information search need not be restricted to the predefined organizational scheme. A node may contain text, graphics, audio, video, or programs.
data cleansing
cleans up data in a database that is incorrect, incomplete, or duplicated before loading it into the database. It improves the quality of data. The need for __________ increases when multiple data sources are integrated.
data warehouse
contains not only current operating data but also historical information from throughout the organization. Thus, data from all operational systems are integrated, consolidated, and standardized in an organization-wide database into which data are copied periodically. These data are maintained on one platform and can be read but not changed.
Data governance
encompasses information systems (IS) and information technology (IT). IS and IT are vital to ensure the successful implementation of an organization's strategy. IT strategy should be driven by the business needs and not by the functions of available technology when formulating a plan to achieve goals.
static testing
examines the program's code and its associated documentation through reviews, walkthroughs, or inspections but does not require the program to be executed.
Business process reengineering
involves a complete rethinking of how business functions are performed to provide value to customers, that is, radical innovation instead of mere improvement and a disregard for current jobs, hierarchies, and reporting relationships.
Dynamic testing
involves executing programmed code with a given set of test cases.
gray-box testing
involves having knowledge of internal data structures and algorithms for purposes of designing tests, while executing those tests at the user, or black-box, level.
End-user computing (EUC)
involves user-created or user-acquired systems that are maintained and operated outside of traditional information systems controls.
data dictionary
is a file that describes both the physical and logical characteristics of every data element in a database. 1. The ________ includes, for example, the name of the data element (e.g., employee name, part number), the amount of disk space required to store the data element (in bytes), and what kind of data is allowed in the data element (e.g., alphabetic, numeric). 2. Thus, the ______ contains the size, format, usage, meaning, and ownership of every data element. This greatly simplifies the programming process.
byte
is a group of bits, most commonly eight. A ____ can be used to signify a character (a number, letter of the alphabet, or symbol, such as a question mark or asterisk).
record
is a group of fields. All the fields contain information pertaining to an entity, e.g., a specific performance of an orchestral work.
file
is a group of records. All the records in the file contain the same pieces of information about different occurrences, e.g., performances of several orchestral works.
Electronic Funds Transfer (EFT)
is a service provided by financial institutions worldwide that is based on electronic data interchange (EDI) technology. 1. _____ transaction costs are lower than for manual systems because documents and human intervention are eliminated from the transaction process. Moreover, transfer customarily requires less than a day. 2. Common consumer applications of ____ are a.The direct deposit of payroll checks in employees' accounts and b.The automatic withdrawal of payments for cable and telephone bills, mortgages, etc.
Systems follow-up or post-audit evaluation
is a subsequent review of the efficiency and effectiveness of the system after it has operated for a substantial time (e.g., 1 year).
data mart
is a subset of a data warehouse.
CRM (Customer Relationship Management)
is a term that refers to practices, strategies, and technologies that companies use to manage and analyze customer interactions and data throughout the customer lifecycle. _________ a. Has a goal of improving business relationships with customers, assisting in customer retention, and driving sales growth. b. Is designed to compile information on customers across different channels or points of contact between the customer and the company. c. Should manage customer relationships on a long-term basis to add value.
database view
is a virtual database table that allows the user to query data. The view can be read-only or updatable. i.Insert, update, and delete commands can be executed on updatable views.
Prototyping
is an alternative approach to application development. ______ involves creating a working model of the system requested, demonstrating it for the user, obtaining feedback, and making changes to the underlying code. 1.This process repeats through several iterations until the user is satisfied with the system's functionality. 2.Formerly, this approach was derided as being wasteful of resources and tending to produce unstable systems, but with vastly increased processing power and high-productivity development tools, _______ can, in some cases, be an efficient means of systems development.
Integration testing
is any type of software testing that seeks to verify the interfaces between components against a software design. _______ works to expose defects in the interfaces and interaction between integrated components (modules).
acceptance testing
is conducted to determine whether the systems meets the organization's needs and is ready for release
Bit
is either 0 or 1 (off or on) in binary code. ____ can be strung together to form a binary (i.e., base 2) number.
database mapping facility
is software that is used to evaluate and document the structure of the database.
Electronic Data Interchange (EDI)
is the communication of electronic documents directly from a computer in one organization to a computer in another organization. Examples are ordering goods from a supplier and a transfer of funds. _____ was the first step in the evolution of e-business. _____ was developed to enhance JIT (just-in-time) inventory management.
User acceptance testing
is the final step before placing the system in live operation. a.IT must demonstrate to the users that submitted the original request that the system performs the desired functionality. b.Once the users are satisfied with the new system, they acknowledge formal acceptance and implementation begins.
Database Administrator (DBA)
is the individual who has overall responsibility for developing and maintaining the database and for establishing controls to protect its integrity. 1. Thus, only the _____ should be able to update data dictionaries. In small systems, the ____ may perform some functions of a DBMS. In larger applications, the _______ uses a DBMS as a primary tool. 2. The responsibility for creating, maintaining, securing, restricting access to, and redefining and restructuring the database belongs to the _________.
Change management
is the processes executed within an organization's IT environment designed to manage the changes to production systems (e.g., enhancements, updates, incremental fixes, and patches). Furthermore, such changes should result in minimal impact on, and risk to, production systems.
data definition language
is used to create and modify the structure of database objects in databases.
data manipulation language
is used to retrieve, store, modify, delete, insert, and update data in databases.
Referential integrity
means that for a record to be entered in a given table, there must already be a record in some other table(s).
system testing
or end-to-end testing, tests a completely integrated system to verify that the system meets its requirements.
Fragmentation or partitioning
stores specific records where they are most needed. a. For example, a financial institution may store a particular customer's data at the branch where (s)he usually transacts his or her business. If the customer executes a transaction at another branch, the pertinent data are retrieved via communication lines. b. One variation is the central index. A query to this index obtains the location in a remote database where the complete record is to be found. c. Still another variation is the ask-the-network distributed database. In this system, no central index exists. Instead, the remote databases are polled to locate the desired record.
black-box testing
treats the software as a "black box," examining functionality without any knowledge of the source code.
dual logging
use of two transaction logs written simultaneously on separate storage media.
