CSCI 4750 Final - Systems Analysis and Design (Ch. 8-12)
retention period
Backups are stored for a specific retention period after which they are either destroyed or the backup media is reused.
secondary key
Field or combination of fields that can be used to access or retrieve records
nonkey field
Field that is neither a primary key nor a candidate key
credentials
Formal qualifications that include degrees, diplomas, or certificates granted by learning insti- tutions to show that a certain level of education has been achieved.
network
Two or more devices that are connected for the purpose of sending, receiving, and sharing data.
cohesion
a measure of a module's scope and processing characteristics. A module that performs a single function or task has a high degree of cohesion, which is desirable
International Organization for Standardization (ISO)
a network of national standards
batch input
a process where data entry is performed on a specific
Unicode
a relatively decent coding method that represents characters as integers
design walkthrough
a session with users to review the interface with a cross-section of people who will work with the new system. This is a continuation of the modeling and prototyping effort that began early in the systems development process
methods
in a class diagram, methods represent program logic
control couple
in a structure chart, a _____ _____ shows a message, also called a flag, which one module sends to another
logic error
mistakes in the underlying logic that produce incorrect results
risk identification
Listing each risk and assessing the likelihood that it could affect a project.
internet operating system
Part of the Web 2.0 model, an online computing environment created by online communities and services, based on layers of shared information that can contain text, sound bytes, images, and video clips.
storyboard
Sketches used during prototyping to show the general screen layout and design.
First Normal Form
A record is said to be in 1nf if it does not contain a repeating group
vulnerability
A security weakness or soft spot.
tutorial
A series of online interactive lessons that present material and provide a dialog with users.
platform
A specific hardware and software configuration that supports IT business goals, such as hardware connectivity and easy integration of future applications. Also called an environment.
default value
A value that a system displays automatically.
wiki
A web-based repository of information that anyone can access, contribute to, or modify.
electronic health record (EHR)
An electronic record of a patient's health information generated as the patient encounters various health care providers and shared among multiple facilities and agencies.
portal
An entrance to a multifunction website. After entering a portal, a user can navigate to a destination, using various tools and features provided by the portal designer.
semantic web
An evolution of the web where the documents shared on the Internet have semantics (meaning) and not just syntax (HTML markup). Sometimes called Web 3.0.
Open Database Connectivity (ODBC)
An industry-standard protocol that makes it possible for software from different vendors to interact and exchange data.
remote control software
Applications that allow IT staff to take over a user's workstation and provide support and troubleshooting.
permissions
Associated with different users as means of establishing their levels of access
uninterruptible power supply (UPS)
Battery-powered backup power source that enables operations to continue during short-term power outages and surges.
switch
Central networking device in a star network, which manages the network and acts as a conduit for all network traffic.
foreign key
Common field that can be used to establish a relationship between two tables
soft skills
Communications, interpersonal skills, perceptive abilities, and critical thinking are soft skills. IT professionals must have soft skills as well as technical skills.
server
Computer in a client/server design that supplies data, processing, and services to client workstations.
procedural security
Concerned with managerial policies and controls that ensure secure operations. Also called operational security.
product baseline
Describes the system at the beginning of operation. The product baseline incorporates any changes made since the allocated baseline and includes the results of performance and acceptance tests for the operational system.
backup policy
Detailed instructions and procedures for all backups.
risk control
Develops safeguards that reduce the likelihood and impact of risks.
Action code
Indicates what action is to be taken with an associated item.
acceptance
One of four risk control strategies. In acceptance, the risk is accepted and nothing is done. Risk is usually accepted only if protection from risk is clearly not worth the expense.
avoidance
One of four risk control strategies. In avoidance, adding protective safeguards eliminates the risk.
clickstream storage
Records how users interact with a Web site
relational database
a database in which tables are related by a common field creating a unified data structure that improves data quality and access
flowchart
a diagram used to describe program logic that represents logical rules and interaction graphically using a series of symbols connected by arrows. flowcharts can be useful in visualizing modular program designs
ERD (Entity Relationship Diagram)
a graphical model of the information system
code review
a review of a project team member's work by other members of the team to spot logic errors. Generally, systems analysts review the work of other programmers, as a form of peer review the work of other systems analysts, and programmers review the work of other programmers, as a form of peer review. Structured walkthroughs should take place throughout the SDLC and are called requirements reviews, design reviews, code reviews, or testing reviews, depending on the phase in which they occur. Also known as a structured walkthrough
orphan
an unassociated or unrelated record or field
significant digit code
cipher that distinguishes items by using a series of subgroups of digits
file
each file or table contains data that interacts with the information system
coupling
measures relationships and interdependence among modules. the opposite of cohesion
tamper-evident case
A case designed to show any attempt to open or unlock the case.
blog
An online journal. the term is a contraction of "web log"
list box
An output mechanism that displays a list of choices that the user can select
privilege escalation attack
An unauthorized attempt to increase permission levels.
data processing center
A central location where physical data was delivered or transmitted in some manner and entered into the system. Users in the organization had no input or output capability, except for printed reports that were distributed by a corporate IT department.
access point
A central wireless device that provides network services to wireless clients.
automatic update service
Enables an application to contact the vendor's server and check for a needed patch.
detail report
A detail report produces one or more lines of output for each record processed.
control break report
A detail report that focuses on control breaks.
keystroke logger
A device that can be inserted between a keyboard and a computer to record keystrokes.
router
A device that connects network segments, determines the most efficient data path, and guides the flow of data.
basic Service Set (BSS)
A wireless network configuration in which a central wireless device called an access point is used to serve all wireless clients; also called infrastructure mode.
extended Service Set (eSS)
A wireless network configuration made up of two or more Basic Service Set (BSS) networks, which allows wireless clients to roam from BSS to BSS.
exception report
A document displaying only those records that meet a specific condition or conditions. Exception reports are useful when the user wants information only on records that might require action, but does not need to know the details.
disaster recovery plan
A documented procedure consisting of an overall backup and recovery plan.
simulation
A dress rehearsal for users and IT support staff. Organizations typically include all procedures, such as those that they execute only at the end of a month, quarter, or year, in their simulations.
802.11
A family of wireless network specifications developed by the IEEE.
source data
A popular online input method that combines online data entry and automated data capture using input devices such as magnetic data strips, or swipe scanners.
port
A positive integer that is used for routing incoming traffic to the correct application on a computer.
change control (CC)
A process for controlling changes in system requirements during software develop- ment; also an important tool for managing system changes and costs after a system becomes operational.
Authorization zone
Part of a form that contains any required signatures
module
Related program code organized into small units that are easy to understand and maintain. A complex program could have hundreds or even thousands of modules.
software engineering
A software development process that stresses solid design, effective structure, accurate documentation, and careful testing. status flag In structured application development, an indicator that allows one module to send a message to another module.
RAID (redundant array of independent disks)
A RAID system may be part of an organizations backup and recovery plans. A RAID system mirrors the data while processing continues. RAID systems are called fault tolerant, because a failure of any one disk does not disable the system.
differential backup
A backup that includes only the files that have changed since the last full backup.
Gbps (gigabits per second)
A bandwidth or throughput measurement.
full backup
A complete backup of every file on the system.
enhancement
A new feature or capability.
roaming
A process that allows wireless clients to move from one access point to another, automatically associating with the stronger access point and allowing for uninterrupted service.
market basket analysis
A type of analysis that can detect patterns and trends in large amounts of data.
adaptive maintenance
Adds new capability and enhancements to an existing system.
report header
Appears at the beginning of a report and identifies the report as well as the report title, date, and other necessary information.
Universal Security Slot (USS)
Can be fastened to a cable lock or laptop alarm.
Composite Key
Sometimes it is necessary for a primary key to consist of a combination of fields.
audit fields
Special fields within data records that provide additional security information
schema
The complete definition of a database
HttP/2
The second major version of the network protocol used by the web. Released as a standard in 2015.
iteration cycle
an agile development cycle that include planning, designing, coding, and testing one or more features based on user stories
customer
primary user of a system, service, or product
documentation
material that explains a system, helps people interact with it, and includes program documentation, system documentation, operations documentation, and user documentation
toolbar
A GUI element that contains icons or buttons that represent shortcuts for executing common commands.
toggle button
A GUI element used to represent on or off status. Clicking the toggle button switches to the other status.
Mbps (megabits per second)
A bandwidth or throughput measurement.
wireless access point (WAP)
A central wireless device that provides network services to wireless clients. Also called an access point.
help desk
A centralized resource staffed by IT professionals that provides users with the support they need to do their jobs. A help desk has three main objectives: to show people how to use system resources more effectively, to provide answers to technical or operational questions, and to make users more productive by teaching them how to meet their own information needs. Also called service desk or information center.
network interface
A combination of hardware and software that allows the computer to interact with the network.
public key encryption (PKE)
A common encryption technique. Each user on the network has a pair of keys: a public key and a private key. The public key encrypts data that can be decrypted with the pri- vate key.
private key encryption
A common encryption technology called public key encryption (PKE). The private key is one of a pair of keys, and it decrypts data that has been encrypted with the second part of the pair, the public key.
Wi-Fi Protected Access (WPA)
A common method used to secure a wireless network. This approach requires each wireless client be configured manually to use a special, pre-shared key, rather than key pairs. The most recent and more secure version is WPA2.
application server
A computer acting as "middlemen" between customers and an organization's databases and applications. Often used to facilitate complex business transactions.
bus network
A computer network where a single communication path connects the mainframe computer, server, workstations, and peripheral devices. Information is transmitted in either direction from any workstation to another workstation, and any message can be directed to a specific device.
control break
A control break usually causes specific actions to occur, such as printing subtotals for a group of records.
certification
A credential an individual earns by demonstrating a certain level of knowledge and skill on a standardized test.
online data entry
A data entry method used for most business activity. The online method offers major advantages, including the immediate validation and availability of data.
Data Manipulation Language (DML)
A data manipulation language controls database operations, including storing, retrieving, updating, and deleting data. Most commercial DBMSs, such as Oracle and IBM's DB2, use a DML.
private network
A dedicated connection, similar to a leased telephone line.
system documentation
A description of a system's functions and how they are implemented. The analyst prepares most of the system documentation during the systems analysis and systems design phases. System documentation includes data dictionary entries, data flow diagrams, object models, screen layouts, source documents, and the systems request that initiated the project.
human-computer interaction (HCI)
A description of the relationship between computers and the people who use them to perform business-related tasks. HCI concepts apply to everything from a PC desktop to the main menu for a global network.
top-down approach
A design approach, also called modular design, where the systems analyst defines the overall objectives of the system, and then breaks them down into subsystems and modules. This breaking-down process is also called partitioning.
programmer/analyst
A designation for positions that require a combination of systems analysis and pro- gramming skills.
net-centric computing
A distributed environment where applications and data are downloaded from servers and exchanged with peers across a network on an as-needed basis.
what-if analysis
A feature of business support systems that allows analysis to define and account for a wide variety of issues (including issues not completely defined).
context-sensitive
A feature that is sensitive to the current conditions when it is invoked. For example, context-sensitive help offers assistance for a task in progress.
candidate key
A field that could serve as a primary key
file-oriented system
A file-oriented system, also called a file processing system, stores and manages data in one or more separate files.
system testing
A form of testing involving an entire information system and includes all typical processing situations. During a system test, users enter data, including samples of actual, or live data, perform queries, and produce reports to simulate actual operating conditions. All processing options and out- puts are verified by users and the IT project development team to ensure that the system functions correctly.
benchmark testing
A form of testing used by companies to measure system performance.
stub testing
A form of testing where the programmer simulates each program outcome or result and displays a message to indicate whether or not the program is executed successfully. Each stub represents an entry or exit point that will be linked later to another program or data file.
bluetooth
A form of wireless transmission very popular for short-distance wireless communication that does not require high power.
source document
A form used to request and collect input data, trigger or authorize an input action, and provide a record of the original transaction. During the input design stage, you develop source documents that are easy to complete and inexpensive.
baseline
A formal reference point that measures system characteristics at a specific time. Systems analysts use baselines as yardsticks to document features and performance during the systems development process.
maintenance release
A formal release of a new system version that contains a number of changes.
binary storage format
A format that offers efficient storage of numeric data.
Batch
A group of data, usually inputted into an information system at the same time
attack
A hostile act that targets an information system, or an organization itself.
superuser account
A login account that allows essentially unrestricted access to the application.
subordinate module
A lower-level module in a structure chart.
service pack
A maintenance release supplied by commercial software suppliers.
turnaround time
A measure applied to centralized batch processing operations, such as customer billing or credit card statement processing. Turnaround time measures the time between submitting a request for information and the fulfillment of the request. Turnaround time can also be used to measure the quality of IT support or services by measuring the time from a user request for help to the resolution of the problem.
throughput
A measurement of actual system performance under specific circumstances and is affected by network loads and hardware efficiency. Throughput, like bandwidth, is expressed as a data transfer rate, such as Kbps, Mbps, or Gbps.
data validation rule
A mechanism to improve input quality by testing the data and rejecting any entry that fails to meet specified conditions.
Capability Maturity Model (CMM)
A model developed by SEI that integrates software and systems development into a process improvement framework
n-tier design
A multilevel design or architecture. For example, three-tier designs are also called n-tier designs, to indicate that some designs use more than one intermediate layer.
mesh network
A network design in which each node connects to every other node. While this design is very reliable, it is also expensive to install and maintain.
local area network (LAn)
A network design that allows the sharing of data and hardware, such as printers and scanners. Advances in data communication technology have made it possible to create powerful networks that use satellite links, high-speed fiber-optic lines, or the Internet to share data.
fat client
A network design that locates all or most of the application processing logic at the client. Also called a thick client design.
multipath design
A network design that relies on multiple data paths to increase bandwidth and range, using MIMO (multiple input/multiple output) technology.
hierarchical network
A network design where one computer (typically a mainframe) controls the entire network. Satellite computers or servers control lower levels of processing and network devices.
two-tier design
A network design where the user interface resides on the client, all data resides on the server, and the application logic can run either on the server or on the client, or be divided between the client and the server.
star network
A network design with a central device and one or more workstations connected to it in a way that forms a star pattern.
transparent
A network is transparent if a user sees the data as if it were stored on his or her own workstation.
ring network
A network resembling a circle of computers that communicate with each other. A ring network often is used when processing is performed at local sites rather than at a central location.
wide area network (WAn)
A network spanning long distances that can link users who are continents apart.
diskless workstation
A network terminal that supports a full-featured user interface, but limits the printing or copying of data, except to certain network resources that can be monitored and controlled more easily.
MAn (metropolitan area network)
A network that uses 802.16 standards, which are broadband wireless communications protocols.
proxy server
A networking device that provides Internet connectivity for internal LAN users.
Wi-Fi Alliance
A nonprofit international association formed in 1999 to certify interoperability of wireless network products based on IEEE 802.11 specifications.
webcast
A oneway transmission of information or training materials, such as a Webinar session, available on demand or for a specific period to online participants.
BIOS-level password
A password that must be entered before the computer can be started. It prevents an unauthorized person from booting a computer by using a USB device or a CD-ROM. Also called a power-on password or a boot-level password.
knee of the curve
A performance characteristic of a client/server computing environment. Client/server response times tend to increase gradually and then rise dramatically as the system nears its capacity. The point where response times increase dramatically.
systems programmer
A person who concentrates on operating system software and utilities.
database programmer
A person who focuses on creating and supporting large-scale database systems.
system administrator
A person who is responsible for the configuration management and maintenance of an organization's computer networks.
applications programmer
A person who works on new systems development and maintenance.
security token
A physical device that authenticates a legitimate user, such as a smart card or keychain device.
node
A physical device, wired or wireless, that can send, receive, or manage network data.
test plan
A plan designed by a systems analyst that includes test steps and test data for integration testing and system testing.
security policy
A plan that addresses the three main elements of system security: confidentiality, integrity, and availability.
business continuity plan (BCP)
A plan that defines how critical business functions can continue in the event of a major disruption.
pair programming
A practice in Extreme Programming in which two programmers work on the same task on the same computer; one drives (programs) while the other navigates (watches).
combination key
A primary key that is based on multiple non-unique fields
configuration management (CM)
A process for controlling changes in system requirements during the development phases of the SDLC. Configuration management also is an important tool for managing system changes and costs after a system becomes operational.
quality assurance (QA)
A process or procedure for minimizing errors and ensuring quality in products. Poor quality can result from inaccurate requirements, design problems, coding errors, faulty documentation, and ineffective testing. A quality assurance (QA) team reviews and tests all applications and systems changes to verify specifications and software quality standards.
capacity planning
A process that monitors current activity and performance levels, anticipates future activity, and forecasts the resources needed to provide desired levels of service.
institute of electrical and electronics engineers (ieee)
A professional organization that establishes standards for telecommunications.
continuous backup
A real-time streaming backup method that records all system activity as it occurs.
Audit trail
A record of the source of each data item and when it entered a system. In addition to recording the original source, an _____ ______ must show how and when data is accessed or changed, and by whom. All these actions must be logged in an _____ _____ file and monitored carefully
summary report
A report used by individuals at higher levels in the organization that includes less detail than reports used by lower-level employees.
standard notation format
A representation that makes designing tables easier as it clearly shows a table's structure, fields, and primary key.
structured walkthrough
A review of a project team member's work by other members of the team. Generally, systems analysts review the work of other systems analysts, and programmers review the work of other programmers, as a form of peer review. Structured walkthroughs should take place throughout the SDLC and are called requirements reviews, design reviews, code reviews, or testing reviews, depending on the phase in which they occur.
tunnel
A secure network connection established between the client and the access point of the local intranet.
IEEE 802.11i
A security standard for Wi-Fi wireless networks that uses the WPA2 protocol, currently the most secure encryption method for Wi-Fi networks.
hot site
A separate IT location, which might be in another state or even another country, that can support critical business systems in the event of a power outage, system crash, or physical catastrophe.
distributed denial of service (DDOS)
A service attack involving multiple attacking computers that can synchronize DOS attacks on a server.
ISO 9000-3:2014
A set of guidelines established and updated by the International Organization for Standardization (ISO) to provide a quality assurance framework for developing code for interactive modules.
menu bar
A set of user-selectable software application options, usually located across the top of the screen.
natural language
A software feature that allows users to type commands or requests in normal English (or other language) phrases.
web-centric
A strategy or approach that emphasizes a high degree of integration with other web-based components. A web-centric architecture follows Internet design protocols and enables a company to integrate the new application into its ecommerce strategy.
train-the-trainer
A strategy where one group of users has been trained and can assist others. Users often learn more quickly from coworkers who share common experience and job responsibilities.
training plan
A successful information system requires training for users, managers, and IT staff members. The entire systems development effort can depend on whether or not people understand the system and know how to use it effectively. The training plan is a document that details these requirements.
integrated development environment (IDE)
A suite of integrated tools to make it easier to plan, construct, and maintain a specific software product. An IDE is designed to allow the easy integration of system components with less time being spent on developing code for interactive modules
thick client
A system design that locates most or all of the application processing logic at the client. Also called a fat client design.
thin client
A system design that locates most or all of the processing logic at the server.
mainframe architecture
A system design where the server performs all the processing.
distributed database management system (DDbMS)
A system for managing data stored at more than one location. Using a DDBMS offers several advantages: Data stored closer to users can reduce network traffic; the system is scalable, so new data sites can be added without reworking the system design; and with data stored in various locations, the system is less likely to experience a catastrophic failure. A potential disadvantage of distributed data storage involves data security. It can be more difficult to maintain controls and standards when data is stored in various locations.
maintenance release methodology
A system of numbered releases used by organizations (especially soft- ware vendors) that helps organize maintenance changes and updates.
fault tolerant
A system or application is said to be fault tolerant if the failure of one component does not disable the rest of the system or application.
faxback
A system that allows a customer to request a fax using email, the company website, or a telephone. The response is transmitted in a matter of seconds back to the user's fax machine.
Automated fax
A system that allows a customer to request a fax using email, the company website, or a telephone. The response is transmitted in a matter of seconds back to the users fax machine
unnormalized
A table design that contains a repeating group
user-centered
A term that indicates the primary focus is upon the user. In a user-centered system, the distinction blurs between input, output, and the interface itself.
Batch control
A total used to verify batch input. _____ ________ might check data items such as record counts and numeric field totals. For example, before entering a batch of orders, a user might calculate the total number of orders and the sum of all the order quantities. When the batch of orders is entered, the order system also calculated the same two totals. If the system totals do not match the input totals, then a data entry error has occured
system architecture
A translation of the logical design of an information system into a physical structure that includes hardware, software, network support, and processing methods.
Crow's Foot notation
A type of cardinality notation. It is called crow's foot notation because of the shapes, which include circles, bars, and symbols, that indicate various possibilities. A single bar indicates one, a double bar indicates one and only one, a circle indicates zero, and a crow's foot indicates many.
reasonableness check
A type of data validation check that identifies values that are questionable, but not necessarily wrong. For example, input payment values of $0.05 and $5,000,000.00 both pass a simple limit check for a payment value greater than zero, and yet both values could be errors.
validity check
A type of data validation check that is used for data items that must have certain values. For example, if an inventory system has 20 valid item classes, then any input item that does not match one of the valid classes will fail the check.
existence check
A type of data validation check that is used for mandatory data items. For example, if an employee record requires a Social Security number, an existence check would not allow the user to save the record until he or she enters a suitable value in the SSN field
data type check
A type of data validation check that is used to ensure that a data item fits the required data type. For example, a numeric field must have only numbers or numeric symbols, and an alphabetic field can contain only the characters A through Z or the characters a through z.
sequence check
A type of data validation check that is used when the data must be in some predetermined sequence. If the user must enter work orders in numerical sequence, for example, then an out-of-sequence order number indicates an error. If the user must enter transactions chronologically, then a transaction with an out-of-sequence date indicates an error.
range check
A type of data validation check that tests data items to verify that they fall between a specified minimum and maximum value. The daily hours worked by an employee, for example, must fall within the range of 0 to 24.
transparent interface
A user interface that users don't really notice — a user-friendly interface that does not distract the user and calls no attention to itself.
form filling
A very effective method of online data entry where a blank form that duplicates or resembles the source document is completed on the screen. The user enters the data and then moves to the next field.
logical topology
A view of a network that describes the way the components interact, rather than the actual network cabling and connections.
podcast
A web-based broadcast that allows a user to receive audio or multimedia files using music player software such as iTunes, and listen to them on a PC or download them to a portable MP3 player or smartphone.
corporate portal
A website that provides various tools and features for an organization's customers, employees, suppliers, and the public.
infrastructure mode
A wireless network configuration in which a central wireless device called an access point is used to serve all wireless clients; also called Basic Service Set (BSS).
wireless local area network (WLAn)
A wireless network that is relatively inexpensive to install and is well-suited to workgroups and users who are not anchored to a specific desk or location.
multiple input/multiple output (MiMo)
A wireless networking technology incorporated in the IEEE 802.11n and 802.11ac standards that uses multiple data streams and multiple antennas to achieve higher transmission speeds and substantially increase wireless range over earlier standards.
WPA2
A wireless security standard based on 802.11i that provides a significant increase in protection over WEP and WPA.
mnemonic code
Abbreviation code that uses a combination of letters that are easy to remember
dialog box
Allows a user to enter information about a task that a system will perform.
query language
Allows a user to specify a task without specifying how it will be accomplished
abbreviation code
Alphabetic abbreviation. For example, standard state codes include NY for New York, ME for Maine, and MN for Minnesota.
test-driven development (TDD)
An Extreme Programming (XP) concept that unit tests are designed before code is written, focusing on end results and preventing programmers from straying from their goals.
802.11n
An IEEE wireless network specification adopted in 2009 that uses multiple input/multiple output (MIMO) technology to achieve speeds of 200+ Mbps while increasing the wireless range, and is backward-compatible with 802.11 a, b, and g.
802.11b
An IEEE wireless network specification introduced in 1999, based on a frequency of 2.4 GHz, and maximum bandwidth of 11 Mbps. Replaced by 802.11g.
801.11g
An IEEE wireless network specification introduced in 2003 based on a frequency of 2.4 GHz and maximum bandwidth of 54 Mbps; compatible with and replaced 802.11b, and has been superseded by the 802.11n standard.
802.11ac
An IEEE wireless network specification, approved in 2014, that uses expanded multiple input/multiple output (MIMO) technology to achieve theoretical speeds of nearly 7 Gbps while increasing the wireless range, and is backward-compatible with 802.11 a, b, g, and n.
webinar
An Internet-based training session that provides an interactive experience. The word webinar combines the words web and seminar .
Capability Maturity Model Integration (CMMI)
An SEI-developed process to improve quality, reduce development time, and cut costs. A CMM tracks an organization's software development goals and practices, using five maturity lebels, from Level 1 (relatively unstable, ineffective software) to Level 5 (software that is refined, efficient, and reliable)
administrator account
An account that allows essentially unrestricted access to the application.
third-party software
An application that is not developed in-house.
service
An application that monitors, or listens on, a particular port. service desk See help desk.
post-implementation evaluation
An assessment of the overall quality of the information system. The evaluation verifies that the new system meets specified requirements, complies with user objectives, and achieves the anticipated benefits. In addition, by providing feedback to the development team, the evaluation also helps improve IT development practices for future projects.
exploit
An attack that takes advantage of a system vulnerability, often due to a combination of one or more improperly configured services.
port scan
An attempt to detect the services running on a computer by trying to connect to various ports and recording the ports on which a connection was accepted.
associative entity
An entity that is the event or transaction linking two other entities
RFID tag
An input device used in source data automation.
social engineering
An intruder uses social interaction to gain access to a computer system.
denial of service (DOS)
An online attack that occurs when an attacking computer makes repeated requests to a service or services running on certain ports.
page footer
Appears at the bottom of the page and is used to display the name of the report and the page number.
report footer
Appears at the end of the report, can include grand totals for numeric fields and other end-of-report information.
page header
Appears at the top of the page and includes the column headings that identify the data.
common field
Attribute that appears in more than one entity
loosely coupled
module that are relatively independent. loosely coupled modules are easier to maintain and modify because the logic in one module does not affect other modules
online documentation
provides immediate help when users have questions or encounter problems
ascii
stands for American Standard Code for Information Interchange
defect tracking software
system developers use ______ ________ ________, sometimes called bug tracking software, to document and track program defects, code changes, and replacement code, called patches
bug tracking software
system developers use defect tracking software, sometimes called bug tracking software, to document and track program defects, code changes, and replacement code, called patches
direct cutover
the direct cutover approach causes the changeover from the old system to the new system to occur immediately when the new system becomes operational
economy of scale
the inherent efficiency of high-volume processing on larger computers
desk checking
the process of reviewing the program code to spot logic errors, which produce incorrect results
backup
the process of saving a series of file or data copies
object-oriented development (OOD)
the process of translating an object model directly into an object oriented programming language
coding
the process of turning program logic into specific instructions that a computer system can execute
bit
the smallest unit of data is one binary digit
integration testing
the testing of two or more programs that depend on each other
check box
used to select one or more choices from a group. A check mark, or an X, represents selected options
perfective maintenance
Changes to a system to improve efficiency.
preventive maintenance
Changes to a system to reduce the possibility of future failure.
corrective maintenance
Changes to the system to fix errors.
maintenance activities
Changing programs, procedures, or documentation to ensure correct system per - formance. Adapting the system to changing requirements; and making the system operate more effi- ciently. Those needs are met by corrective, adaptive, perfective, and preventive maintenance.
category code
Cipher that identifies a group of related items
block sequence code
Cipher that uses blocks of numbers for different classifications.
derivation code
Code that combines data from different item attributes or characteristics
cipher code
Code that uses a keyword to encode a number
distributed system
Company-wide systems that are connected by one or more LANs or WANs. The capabilities of a distributed system depend on the power and capacity of the underlying data communication network.
operational security
Concerned with managerial policies and controls that ensure secure operations. Also called procedural security.
operations documentation
Contains all the information needed for processing and distributing online and printed output.
table
Contains information about people, places, things, or events
identity management
Controls and procedures necessary to identify legitimate users and system components.
maintenance expenses
Costs that vary significantly during the system's operational life and include spend- ing to support maintenance activities.
security hole
Created by a combination of one or more improperly configured services.
normalization
Creates table designs by assigning specific fields or attributes to each table
design prototyping
Creating a prototype of user requirements, after which the prototype is discarded and implementation continues. Also called throwaway prototyping.
backup media
Data storage options, including tape, hard drives, optical storage, and online storage.
byte
Data storage that is comprised of 8 bits
logical storage
Data that a user can view, understand, and access regardless of how it is stored
usability metrics
Data that interface designers can obtain by using software that can record and measure user interactions with the system.
plain text
Data that is not encrypted.
unencrypted
Data that is not encrypted.
subschema
Defines portions of a database that a specific system or user needs to access
oSi (open Systems interconnection) model
Describes how data actually moves from an application on one computer to an application on another networked computer. The OSI consists of seven layers, and each layer performs a specific function.
allocated baseline
Documents the system at the end of the design phase and identifies any changes since the functional baseline. The allocated baseline includes testing and verification of all system require- ments and features.
operational costs
Expenses that are incurred after a system is implemented and continue while the system is in use. Examples include system maintenance, supplies, equipment rental, and annual software license fees.
Wi-Fi (wireless fidelity)
Family of popular IEEE local area network wireless networking standards, also known as 802.11, including 802.11a, b, g, and n. 802.11n is the most recent standard. 802.11ac and 802.11ad are proposed new standards.
data structure
Framework for organizing, storing, and managing data
functionally dependent
Functional dependence is an important concept for understanding the second normal form (2NF). The field X is said to be functionally dependent on the field Y if the value of X depends on the value of Y. For example, an order date is dependent on an order number; for a particular order number, there is only one value for the order date. In contrast, the product description is not dependent on the order number. For a particular order number, there might be several product descriptions, one for each item ordered.
client/server architecture
Generally refers to systems that divide processing between one or more networked clients and a central server. In a typical client/ server system, the client handles the entire user interface, including data entry, data query, and screen presentation logic. The server stores the data and provides data access and database management functions. Application logic is divided in some manner between the server and the clients.
online system
Handling transactions when and where they occur and providing output directly to users. Because it is interactive, online processing avoids delays and allows a constant dialog between the user and the system.
asset
Hardware, software, data, networks, people, or procedures that provide tangible or intangible ben- efit to an organization.
Wi-Max
IEEE 802.16 specifications, which are expected to enable wireless multimedia applications with a range of up to 30 miles. See also 802.16.
totals zone
If a form has data totals, they will appear in this section of the form.
tightly coupled
If modules are tightly coupled, one module refers to internal logic contained in another module.
risk
In IT security, the impact of an attack multiplied by the likelihood of a vulnerability being exploited.
three-tier design
In a _____ ___ ______, the user interface runs on the client and the data is stored on the server, just as in a two-tier design. A ______ ______ ______ also has a middle layer between the client and server that processes the client requests and translates them into data access commands that can be understood and carried out by the server.
control field order
In a control break report, the records are arranged or sorted in the same order as the control fields.
pilot site
In a pilot operation, the group that uses the new system first is called the pilot site.
release plan
In agile development, a plan that specifies when user stories will be implemented and the timing of the releases. Releases are relatively frequent, and each release is treated as a system prototype that can be tested and modified as needed.
user story
In agile development, a short, simple requirements definition provided by the customer. Programmers use user stories to determine a project's requirements, priorities, and scope.
data replication
In normal operating conditions, any transaction that occurs on the primary system must automatically propagate to the hot site.
threat
In risk management, an internal or external or external entity that could endanger an asset.
scroll bar
In user interface design, a scroll bar allows the user to move through the available choices for an input field.
database administrator
Individual who manages and supports a database management system
user documentation
Instructions and information to users who will interact with the system. Includes user manuals, help screens, and tutorials.
data warehouse
Integrated collection of data that can include seemingly unrelated information
relational model
Introduced in the 1970s and sometimes referred to as DBMS design
physical storage
Involves reading and writing binary data to physical media
data mining
Looks for meaningful data patterns and relationships among data
hardening
Making a system more secure by removing unnecessary accounts, services, and features.
malware
Malicious software that might jeopardize the system's security or privacy.
biometric scanning system
Mapping an individual's facial features, handprint, or eye characteristics for identification purposes.
risk assessment
Measures the likelihood and impact of risks.
output control
Methods to maintain output integrity and security. For example, every report should include an appropriate title, report number or code, printing date, and time period covered. Reports should have pages that are numbered consecutively, identified as Page xx of xx, and the end of the report should be labeled clearly.
port protector
Network-based security application that controls access to and from workstation interfaces.
hash total
Not meaningful numbers themselves, but are useful for comparison purposes. Also known as batch control totals.
pretexting
Obtaining personal information under false pretenses.
limit check
Occurs when a validation check involves a minimum or a maximum value, but not both. Checking that a payment amount is greater than zero, but not specifying a maximum value, is an example of a limit check.
transference
One of four risk control strategies. In transference, risk is shifted to another asset or party, such as an insurance company.
mitigation
One of four risk control strategies. Mitigation reduces the impact of a risk by careful planning and preparation. For example, a company can prepare a disaster recovery plan to mitigate the effects of a natural disaster should one occur.
Wired Equivalent Privacy (WEP)
One of the earliest methods used to secure a wireless network, super - seded by WPA and WPA2.
confidentiality
One of the three main elements of system security: confidentiality, integrity, and availabil- ity (CIA). Confidentiality protects information from unauthorized discloser and safeguards privacy.
availability
One of the three main elements of system security: confidentiality, integrity, and availability (CIA). Availability ensures that authorized users have timely and reliable access to necessary information.
integrity
One of the three main elements of system security: confidentiality, integrity, and availability (CIA). Integrity prevents unauthorized users from creating, modifying, or deleting information.
maintenance team
One or more systems analysts and programmers working on product maintenance issues together.
command button
Onscreen button that initiates an action such as printing a form or requesting Help.
turnaround document
Output document that is later entered back into the same or another information system. A telephone or utility bill, for example, might be a turnaround document printed by the company's billing system. When the bill is returned with payment, it is scanned into the company's accounts receivable system to record the payment accurately.
output security
Output security protects privacy rights and shields the organization's proprietary data from theft or unauthorized access.
application
Part of the information system, an application handles the input, manages the processing logic, and provides the required output.
program documentation
Preparation of program documentation starts in the systems analysis phase and continues during systems implementation. Systems analysts prepare overall documentation, such as process descriptions and report layouts, early in the SDLC. Programmers provide documentation by constructing modules that are well supported by internal and external comments and descriptions that can be understood and maintained easily.
system prototyping
Producing a full-featured, working model of the information system being developed.
syntax error
Programming language grammar error
data security
Protection of data from loss or damage and recovers data when it is lost or damaged.
option button
Radio buttons that represent groups of options. The user can select only one option at a time; a selected option contains a black dot. See also radio button.
dumpster diving
Raiding desks or trash bins for valuable information.
audit log files
Record details of all accesses and changes to a file or database
log
Record typically kept by operating systems and applications that documents all events, including dates, times, and other specific information. Logs can be important in understanding past attacks and preventing future intrusions.
extensibility
Refers to a system's ability to expand, change, or downsize easily to meet the changing needs of a business enterprise. Also known as scalability.
patch
Replacement code that is applied to fix bugs or security holes in software.
records retention policy
Rules designed to meet all legal requirements and business needs for keeping records.
incremental backup
Saving a copy of only the files that have changed since the last full backup.
computer output to microfilm (CoM)
Scanning and storing images of paper documents. Often used by large firms to provide high-quality records management and archiving.
logical record
Set of field values that describes a single person, place, thing, or event
sequence code
Set of letters or numbers assigned in a specific order
code
Set of letters or numbers that represents a data item
repeating group
Set of one or more fields that can occur any number of times in a single record
referential integrity
Set of rules that avoids data inconsistency and quality problems
glueware
Software that connects dissimilar applications and enables them to communicate and exchange data. For example, middleware can link a departmental database to a web server that can be accessed by client computers via the Internet or a company intranet. Also called middleware.
network intrusion detection system (NIDS)
Software that monitors network traffic to detect attempted intrusions or suspicious network traffic patterns, and sends alerts to network administrators. Can be helpful in documenting the efforts of attackers and analyzing network performance.
multivalued key
Sometimes it is necessary for a primary key to consist of a combination of fields.
802.16
Specifications developed by the IEEE for broadband wireless communications over MANs (metropolitan area networks). See also Wi-Max.
table design
Specifies fields and identifies the primary key in a particular table or file
EBCDIC
Stands for Extended Binary Coded Decimal Interchange Code, a coding method used on mainframe computers and some high-capacity servers.
input mask
Template or pattern that makes it easier for users to enter data. Often used in automated forms to guide an unfamiliar user.
tuple
Term that is also referred to as a record
acceptance test
Testing involves the entire information system, including all typical processing situations. During an acceptance test, users enter data, including samples of actual, or live data, perform queries, and produce reports to simulate actual operating conditions. All processing options and outputs are verified by users and the IT project development team to ensure that the system functions correctly. Sometimes known as a system test.
critical thinking skills
The ability to compare, classify, evaluate, recognize patterns, analyze cause and effect, and apply logic. Such skills are valued in the IT industry.
scaling on demand
The ability to match network resources to needs at any given time; a feature of cloud computing. For example, during peak loads, additional cloud servers might come on line automatically to support increased workloads.
bandwith
The amount of data that the system can handle in a fixed time period. Bandwidth requirements are expressed in bits per second (bps).
clicks to close
The average number of page views to accomplish a purchase or obtain desired information.
partitioning
The breaking down of overall objectives into subsystems and modules.
hub
The center of a star network. Switches in modern networks have largely replaced hubs.
garbage in, garbage out (GIGo)
The concept that the quality of the output is only as good as the quality of the input.
functional baseline
The configuration of the system documented at the beginning of the project. It con- sists of all the necessary system requirements and design constraints.
physical topology
The connection structure of an actual network's cabling.
supply chain management (SCM)
The coordination, integration, and management of materials, information, and finances as they move from suppliers to customers, both within and between companies. In a totally integrated supply chain, a customer order could cause a production planning system to schedule a work order, which in turn could trigger a call for certain parts from one or more suppliers.
legacy data
The data associated with an older, less technologically advanced legacy system.
test data
The data used in unit testing. Test data should contain both correct data and erroneous data and should test all possible situations that could occur.
production environment
The environment for the actual system operation. It includes hardware and software configurations, system utilities, and communications resources. Also called the operational environment.
operational environment
The environment for the actual system operation. It includes hardware and software configurations, system utilities, and communications resources. Also called the production environment.
test environment
The environment that analysts and programmers use to develop and maintain programs.
process improvement
The framework used to integrate software and systems development by a new SEI model, Capability Maturity Model Integration (CMMI).
systems design
The goal of systems design is to build a system that is effective, reliable, and maintainable.
firewall
The main line of defense between a local network, or intranet, and the Internet.
user training package
The main objective of a user training package is to show users how the system can help them perform their jobs.
prototyping
The method by which a prototype is developed. It involves a repetitive sequence of analysis, design, modeling, and testing. It is a common technique that can be used to design anything from a new home to a computer network.
input control
The necessary measures to ensure that input data is correct, complete, and secure. A systems analyst must focus on input control during every phase of input design, starting with source documents that promote data accuracy and quality.
response time
The overall time between a request for system activity and the delivery of the response. In the typical online environment, response time is measured from the instant the user presses the ENTER key or clicks a mouse button until the requested screen display appears or printed output is ready.
parallel operation
The parallel operation changeover method requires that both the old and the new information systems operate fully for a specified period. Data is input into both systems, and output generated by the new system is compared with the equivalent output from the old system.
point-of-sale (PoS)
The part of an information system that handles daily sales transactions and maintains the online inventory file.
phased operation
The phased operation method allows a new system to be implemented in stages, or modules.
form layout
The physical appearance and placement of data on a form. Form layout makes the form easy to complete and provides enough space, both vertically and horizontally, for users to enter the data.
pilot operation
The pilot operation changeover method involves implementing the complete new system at a selected location of the company.
offsiting
The practice of storing backup media away from the main business location, in order to mitigate the risk of a catastrophic disaster, such as a flood, fire, or earthquake.
Application development
The process of constructing the programs and code modules that are the building blocks of an information system. Application development is handled by an application development group within a traditional IT department that is composed of systems analysts and programmers who handle information system design, development, and implementation
system changeover
The process of putting the new information system online and retiring the old system. Changeover can be rapid or slow, depending on the method.
recovery
The process of restoring data and restarting a system after an interruption.
version control
The process of tracking system releases.
identity theft
The stealing of personally identifying information online.
archived
The storage of previous version of a system when a new version is installed.
unit testing
The testing of an individual program or module. The objective is to identify and eliminate execution errors that could cause the program to terminate abnormally, and logic errors that could have been missed during desk checking.
CIA triangle
The three main elements of system security: confidentiality, integrity, and availability.
fault management
The timely detection and resolution of operational problems. Fault management includes monitoring a system for signs of trouble, logging all system failures, diagnosing the problem, and applying corrective action.
absolute date
The total number of days from a specific base date
application logic
The underlying business rules or logic for an application
switchboard
The use of command buttons in a user interface to enable users to navigate a system and select from groups of related tasks.
graphical user interface (GUI)
The use of graphical objects and techniques allowing users to communicate with a system. A well-designed GUI can help users learn a new system rapidly and work with the system effectively.
network topology
The way a network is configured. LAN and WAN networks typically are arranged in one of four common patterns: hierarchical, bus, star, and ring.
data frames
Traffic on a computer network.
primary key
Uniquely and minimally identifies a particular member of an entity
key fields
Used during system design to organize, access, and maintain data structures
recovery procedures
Used to restore a file or database to its state at the time of its last backup
usability
User interface design includes user satisfaction, support for business functions, and system effectiveness.
user rights
User-specific privileges that determine the type of access a user has to a database, file, or direc- tory. Also called permissions.
virtual private network (VPN)
Uses a public network to connect remote users securely. Allows a remote client to use a special key exchange that must be authenticated by the VPN.
alphabetic code
Uses alphabet letters to distinguish one item from another based on a category, an abbreviation, or an easy-to-remember value, called a mnemonic code.
software reengineering
Uses analytical techniques to identify potential quality and performance improvements in an information system.
cardinality notation
Uses special symbols to represent the relationship between entities
mock-up
When designing a report, a sample report is prepared, which is a mock-up, or prototype, for users to review. The sample should include typical field values and contain enough records to show all the design features.
stand-alone
When personal computers first appeared in large numbers in the 1990, users found that they could run their own word processing, spreadsheet, and database applications, without assistance from the IT group, in a mode called stand-alone computing.
critical risk
When risks are categorized and prioritized, critical risks (those with the highest vulnerability and impact ratings) head the list.
metrics
Workload measurements, also called metrics, include the number of lines printed, the number of records accessed, and the number of transactions processed in a given time period.
client
Workstation that users interact with in a client/server design. These workstations, or computers, are supplied data, processing services, or other support from other computers, called servers.
calendar control
a calendar control allows the user to select a date that the system will display and store as a field value
Database Management System (DBMS)
a collection of tools, features, and interfaces that enables users to add, update, manage, access, and analyze data in a database
character
a group of eight bits, also called a byte
query by example
a language allows the user to provide an example of the data requested
character-based report
a report created using a single mono-spaced character set
data mart
a specialized database designed to serve the needs of a specific department
condition
a specified action or state ina structure chart
Java Database Connectivity (JDBC)
a standard that enables java apps to exchange data with any database that uses sql
combination check
a type of data validation check that is performed on two or more fields to ensure that they are consistent or reasonable when considered together. Even though all the fields involved in a combination check might pass their individual validation checks, the combination of the field values might be inconsistent or unreasonable.
data conversion
existing data is loaded into the new system, transformed as needed. Depending on the system, ____ __________ can be done before, during, or after the operational environment is complete
data couple
in a structure chart, a _____ ______ shows data that one module passes to another
control module
in a structure chart, a control moduleis a higher-level module that directs lower-level modules, called subordinate modules
library module
in a structure chart, a library module is a module that is reusable and can be invoked from more than one point in the chart.
loop
in a structure chart, a loop indicates that one or more modules are repeated
iteration planning meeting
in agile development, a meeting held at the beginning of each iteration cycle to break down user stories into specific tasks that are assigned to team members
