CIS Exam 3
Define a hacker and explain how hackers create security problems and damage systems.
A hacker is an individual who intends to gain unauthorized access to a computer system. Hackers often steal goods and information as well as system damage.
Define a supply chain and identify each of its components.
A supply chain is a network of organizations and business processes for producing raw materials, transforming these raw materials inter intermediate and finished products, and distributing the finished products to customers. It links suppliers, manufacturing plants, distribution centers, retail outlets, and customers to supply goods and services from source through consumption.
Explain how security and control provide value for businesses.
Although security and control does not contribute directly to sales revenue it is still very important. Putting money into these helps protect not only business information from people outside the business, but it also makes sure that customer information does not get exposed to outside users. If this information was not secure there may be a large lawsuit waiting to happen.
Define application controls and describe each type of application control.
Application controls are specific controls unique to each computerized application, such as payroll or order processing. Application controls can be described as input controls, processing controls, and output controls. Input controls check data for accuracy and completeness. Processing controls establish that data are complete and accurate. Output controls ensure that results of computer processing are accurate, complete, and properly distributed.
Define customer relationship management and explain why customer relationships are so important today.
Customer relationship management systems integrate and automate customer-facing processes in sales, marketing, and customer service, and providing and enterprise-wide view of customers. Companies can use this knowledge to interact with customers and to provide them with better service or sell them new products/services.
List and Describe the most common threats against contemporary information systems?
Digital data are vulnerable to destruction, misuse, error, fraud, and hardware or software failures. Because everything is online today it relies on the internet to work the way it should. If it is not working in the correct way, then information cannot be stored. Also, people using this software need to be trustworthy because the can often misuse the information and continue with fraud and benefit from their misuse of the data.
Explain how encryption protects information.
Encryption is the process of transforming plain text or data into cipher text that cannot be read by anyone other than the sender and the intended receiver. By transforming this information into a secret numerical code, it will stop people from being able to steal this information.
Describe the role of encryption and digital certificates in a public key infrastructure.
Encryption is the process of transforming plain text or data into cipher text that cannot be read by anyone other than the sender and the intended receiver. Digital certificated are data files used to establish the identity of users and electronic assets for protection of online transactions.
List and describe the challenges enterprise applications pose.
Enterprise applications are very difficult to implement successfully. They require extensive organizational change, expensive new software investments, and careful assessment of how these systems will enhance organizational performance. Enterprise applications require both deep-seated technological changes and fundamental changes in business operations. Employees must accept new job functions and responsibilities. They must learn new work activities and understand how data they enter the system can affect other parts of the company. Enterprise applications introduce switching costs that make it very expensive to switch vendors. Multiple organizations will share information and business processes. Management vision and foresight are required to take a firm- and industry-wide view of problems and to find solutions that realize strategic value from the investment.
Describe how enterprise systems provide value for a business.
Enterprise systems provide value by both increasing operational efficiency and providing firm wide information to help managers make better decision. Enterprise systems are often used by large companies to enforce a standard practice.
Define an enterprise system and explain how enterprise software works.
Enterprise systems support organizational centralization by enforcing uniform data standards and business processes throughout the company and a single unified technology platform. An enterprise systems have a centralized database that sales and marketing, finance and accounting, human resources, and manufacturing and production use to share data.
Describe the roles of firewalls, intrusion detection systems, and antivirus software in promoting security.
Firewalls prevent unauthorized user from accessing private networks. Intrusion detection systems feature full time monitoring tools place at the most vulnerable points or hot spots of corporate networks to detect intruders. Antivirus software prevents, detects and removes malware, including viruses, worms, Trojan horses, spyware, and adware.
Define general controls and describe each type of general control.
General controls govern the design, security, and use of computer programs The types of general controls consist of software controls, hardware controls, computer operations control, data security controls, implementation controls, and administrative controls. Software controls monitor the use of system software. Hardware controls ensure that the computer hardware is physically secure. Computer operations controls oversee the work of the computer departments. Data security controls ensure the valuable business data files maintained internally or by an external hosting service are tampered with. Implementation controls audit the systems development process at various points. Administrative controls ensure that the organization's general and application controls are properly executed and enforced.
Define Identity theft and phishing and explain why identity theft is such a big problem today.
Identity theft is a crime in which an imposter obtains key pieces of personal information, such as social security information, driver's license numbers, or credit card numbers. They then use this information to impersonate someone else. Phishing is setting up fake websites or sending email messages that look like those of legitimate businesses to ask users for confidential information. Since everything in todays' society is online it makes retrieving this information much easier. Thus, people should be careful with anytime they order anything online.
Distinguish between a push-based and a pull-based model of supply chain management and explain how contemporary supply chain management systems facilitate a pull-based model.
In a push based model, production master schedules are based on forecasts or best guesses of demand for products, and products are pushed to customers. In a pull based model, actual customer orders or purchases trigger events in the supply chain. In a contemporary supply chain the internet and internet technology make it possible to move from sequential supply chains.
Bullwhip effect
Information about the demand for a product gets distorted as it passes from one entity to the next across the supply chain.
Describe malware and distinguish among a virus, a worm, and a Trojan Horse.
Malware is a malicious software programs such as computer viruses, worms, and Trojan horses. A virus attaches itself to other software programs, usually without knowledge or permission. Worms copy themselves from one computer to another over a network. A Trojan horse appears to be benign but then does something other than expected.
Name and describe three authentication methods.
One method of authentication is using passwords. By entering these passwords, the end user can access this information while not allowing anyone else to get in. Another method is called a token. A token is a small gadget that typically fits on key rings and displays passcodes that change frequently. Finally, people also use biometric authentication. This system reads and interprets individual's human traits, such as fingerprints, irises, and voices.
Distinguish between operational and analytical CRM.
Operational CRM includes customer-facing applications such as tools for sales force automation, call center, and customer service support, and marketing automating. Analytical CRM includes applications that analyze customer data generated by operational CRM applications to provide information for improving business performance.
Explain how supply chain management systems help reduce the bullwhip effect and how they provide value for a business.
Supply chain management often helps with communication from one step to the next. Therefore, it makes it harder to distort information, allowing the bullwhip effect.