itss 4370 FINALLLLLLLLL
AMI is an acronym for
"Amazon Machine Image"
Big Box Company
( Fill)
AWS Demo
(Fill)
Cloud Data Management
(Fill)
• iPremier
(Fill)
ISO 22301:2012 Societal security
- Business continuity management systems - Requirements • ISO 22301 formally specifies a Business Continuity Management System (BCMS) for any type or size of organization. • Organizations may choose to be certified compliant with the standard by accredited certification bodies, or simply use the standard to develop their BCMS. Clause 4: Context of the organization • Clause 5: Leadership • Clause 6: Planning • Clause 7: Support • Clause 8: Operation • Clause 9: Performance evaluation • Clause 10: Improvement
Bonus Question: What are nano-tubes and how are they used in infrastructure?
- Exhibit remarkable electrical conductivity - Electronics, optics, composite materials (replacing or complementing carbon fibers)
Types of Attacks
- Hoaxes: transmission of a virus hoax with a real virus attached; more devious form of attack • Back door: gaining access to system or network using known or previously unknown/newly discovered access mechanism • Password crack: attempting to reverse calculate a password • Brute force: trying every possible combination of options of a password • Dictionary: selects specific accounts to attack and uses commonly used passwords (i.e., the dictionary) to guide guesses
DRaaS
- Public cloud - typically uses customer-managed software for setting up and controlling cloud-based DR resources - Private cloud - typically uses customer-managed software for setting up and controlling cloud-based DR resources - Managed cloud services - cloud offering includes DRaaS as a part of a standard, hands-free offering
Identify and explain at least 4 of the business continuity/disaster recovery practices addressed in the DRI Professional Practices.
- Risk Assessment - Incident response - Business Impact Analysis - Awareness and Training Programs
Explain the purpose of change mgmt and productive acceptance?
- The procedures, processes and standards which are used to manage changes. - Productive acceptance directly involve departments outside the infrastructure group. ... In this case, executives from both the applications and infrastructure departments should concur on the choice of process owner.
DevOps and how can it impact IT infrastructure mgmt?
- Used for software features enhancement and bugs need fixing, enhancing along the way. It is a direct line of communication between developers and ops team. - Advocates automation and uses tools to manage application configuration and deployment, these tasks become more well-defined, consistent, repeatable, transparent, and hence, less risky.
Performance and Tuning
- a methodology to maximize throughput and minimize response times of batch jobs, online transactions, and Internet activities
Configuration Management-
- a process to ensure that the interrelationships of varying versions of infrastructure hardware and software are documented accurately and efficiently. cloud services • mainframes and servers • desktops and laptops • routers, hubs, and switches
First Platform Applications
- is primarily based on mainframes and terminals Applications are hosted centrally and accessed through terminals
Third Platform Applications
-based on cloud, Big Data analytics, mobile, and social technologies -Applications are massively scalable -Applications support anytime access from worldwide locations
Cloud Deployment Models
-provide basis for how cloud infrastructure is built, managed, and accessed Public Cloud: IT resources are made available to the general public or organizations and are owned by the cloud service provider. Private Cloud: Cloud infrastructure is operated solely for one organization and is not shared with other organizations. This cloud model offers the greatest level of security and control. Community Cloud: One or more participant organizations provide cloud services that are consumed by the community. IT resources are hosted on the premises of the external cloud service provider and not within the premises of any of the participant organizations Hybrid Cloud: IT resources are consumed from two or more distinct cloud infrastructures (private, community, or public)
Second Platform Applications
-uses a distributed application architecture Applications running on servers provide services to the applications running on clients Servers process requests from clients and respond to the requests (LAN/Internet/PC)
PC virtualization
1 computer running multiple operating systems
Server Virtualization
1 server running multiple operating systems
CIA
1) Confidentiality 2) Integrity 3) Availability
What are the 5 characteristics of the Cloud?
1) On-demand self-service 2) Broad network access 3) Resource pooling 4) Rapid elasticity 5) Measured service
ISO 27001
1) Plan 2) Do 3) Check 4) Act
Cloud deployment models
1) Private cloud 2) Community cloud 3) Public cloud 4) Hybrid cloud
The Seven Rs of Availability
1) Redundancy 2) Reputation 3) Reliability 4) Repairability 5) Recoverability 6) Responsiveness 7) Robustness
What are the 3 service models
1) Software as a Service (SaaS) 2) Platform as a Service (PaaS) 3) Infrastructure as a Service (IaaS)
change management process
1. A change request is raised, documented and logged 2. If standard change, go to step 5 3. The proposed changes are analyzed - This evaluates the impact of the change, feasibility of the change, and roughly how much it would cost, in both time and money, to make the change. 4. Change decision process - The change is implemented, rejected or deferred. - Change Control Board or Change Advisory Board - May be abbreviated for emergency changes 5. If approved, change is implemented 6. Status recorded, configuration control updated, and status communicated to requesters and relevant stakeholders
Major Components of Availability
1. Data center facility 2. Server hardware (processor, memory, channels) 3. Server system software (operating system, program products) 4. Application software (program, database management) 5. Disk hardware (controllers, arrays, disk volumes 6. Database software (data files, control files) 7. Network software 8. Network hardware (controllers, lines, hubs, switches, routers, repeaters, modems) 9. Desktop software (operating system, program products, applications) 10. Desktop hardware (processor, memory, disk, interface cards)
The Seven Rs of High Availability
1. Redundancy 2. Reputation 3. Reliability 4. Repairability 5. Recoverability 6. Responsiveness 7. Robustness
What is a broadcast storm?
A broadcast storm is an abnormally high number of broadcast packets within a short period of time. A broadcast storm can overwhelm switches and endpoints as they struggle to keep up with processing the flood of packets. When this happens, network performance degrades. (akin to an internal DDoS attack)
Planned change
A change scheduled 24 hours in advance
AMI
A cloud-based virtual machine stands for Amazon Machine Image
Hybrid Cloud
A composition of two or more distinct cloud infrastructures (private, community, or public) that remain unique entities, but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting for load balancing between clouds).
Zombie
A computer connected to the Internet that has been compromised by a hacker, computer virus or trojan horse program and can be used to perform malicious tasks of one sort or another under remote direction
On-demand self service
A consumer can unilaterally provision computing capabilities, such as server time and network storage, as needed automatically without requiring human interaction with each service provider.
Clones
A copy of an existing virtual machine.
Change Control Board (CCB)
A formal group of people responsible for approving or rejecting changes on a project • CCBs provide guidelines for preparing change requests, evaluate change requests, and manage the implementation of approved changes • May includes stakeholders from the entire organization or just from the IT organization
Templates
A master copy of a virtual machine that can be used to create many clones
Production acceptance
A methodology to consistently and successfully deploy application systems into a production environment, regardless of platform(s)
Configuration management
A process to ensure that the interrelationships of varying versions of infrastructure hardware and software are documented accurately and efficiently
Scrum
A process used to organize work into small, manageable pieces that can be completed within a prescribed time period
In cybersecurity, a Zombie is _______
A program that secretly takes over another internet-attached computer, typically controlled by a command and control bot
In cybersecurity, a Zombie is _______ (sounds dumb af)
A program that secretly takes over another internet-attached computer, typically controlled by a command and control bot
Regions and Availability Zones
A region is an actual geographic area. - Currently, you can choose the US or Europe as regions with Amazon • An availability zone is a distinct location within a region and is insulated from failures in any other zone. - By running multiple AMIs across several zones, you can protect your databases and applications from a single point of failure. Each zone has its own power sources and cooling and are designed to be insulated from floods and fires. - Amazon Machine Image (AMI) is a virtual machine with your chosen operating system and applications bundled together. • Availability Zones are logical identifiers and are unique to an account. That means that two people who map to the same zone name may not actually be running in the same physical location.
The Rule of Nines
A rule that establishes a diminishing amount of downtime in a system
What is a service level agreement? Please give 3 examples of terms you might find in a SLA for cloud services.
A service-level agreement is a commitment between a service provider and a client. • Uptime percentage • Amount of traffic at a given time (bandwidth) • Data rate or bandwidth limitations • Performance and capacity of resources • Schedule requirements for notifications (planned maintenance and outages) • Help desk response times, scope, limitations • Security • Privacy • Availability
TCP
A set of rules that governs the delivery of data over the internet or other network that uses the internet protocol, and sets up a connection between the sending and receiving computers. The Communication standard of the internet.
Matching: It should be clear who accessed or changed information and when they did
Accountability
Exposure
Actual harm or possible harm
1. Management advantages 2. Cost reduction 3. Risk reduction
Advantages of Outsourcing(3)
SO 22301 Clause 8 - Operation Business continuity strategy:
After requirements have been established through the BIA and the risk assessment, strategies can be developed to identify arrangements that will enable the organization to protect and recover critical activities based on organizational risk tolerance and within defined recovery time objectives. • Experience and good practice clearly indicate that the early provision of an overall organizational BCM strategy will ensure BCM activities are aligned with and support the organization's overall business strategy. • The business continuity strategy should be an integral component of an institution's corporate strategy
Service Level Agreement (SLA)
Agreement between customer and cloud provider where both parties agree on the level of service that is to be expected
Which following criteria maybe use to determine data tiering need?
All above
Which of the following steps is a recommended approach for successful cloud adoption? -Develop a business case and an enterprise cloud strategy -Select cloud deployment model(s) -Select cloud service model(s) -Identify and address security and privacy issues
All of emmm
Data tiering determines where and how data is stored. Which of the following criteria may be used in determining data tiering needs? -Performance -Cost -Availability -Recovery or retrieval requirements
All of the above stupid
Which of these are methods for measuring availability? Percent uptime = (Actual uptime) / (Scheduled uptime) Measure uptime in terms meaningful to users Quantify amount of downtime
All of the above stupid
erformance issues for networks that may need to be addressed include _____ Bandwidth Protocols Broadcast storms Speed or Performance
All of the above stupid
A key part of business continuity management is not just preparing the business continuity plans, but ensuring that they will be able to achieve their intended purposes. An effective organizational strategy for business continuity includes which of the following tasks?
All the above?
Virtualization: Select the correct answer: Allows a single physical resource to act as multiple resources Reduces hardware and power expenditures Facilitates hardware centralization Software-defined storage (SDS) All of the above
Allllllll of it bluh
VM
Allow multiple virtual machines to run on a single physical machine, a locally hosted virtual machine
Virtualization: Select the correct answer:
Allows a single physical resource to act as multiple resources Reduces hardware and power expenditures Facilitates hardware centralization Software-defined storage (SDS)
Data Tiering
Allows us to control where data is going to be stored based on performance, cost, availability, and recovery requirement.
Incident
An occurrence that actually or potentially results in adverse consequences to an information system or the information that the system stores, processes, or transmits, and that may require a response action to mitigate the consequences
Emergency change
An urgent change requiring manual intervention in less than 24 hours
Production change
Any activity, of either a planned or emergency nature, that could potentially impact the stability or responsiveness of the organization's IT production environment
The principal purpose of Business Impact Analysis is to ______________
Assess the impact that various risks or attacks can have on the organization's
Matching: Human originated penetration or penetration attempt
Attack
Matching: Information should be provided to users when they need it
Availability
There are several approaches that can be taken to maximize availability - the seven R's of high availability. Which of the following is NOT one of these seven approaches?
B) Recognition
Configuration Management Definitions
Baseline - One or more configuration items that have been formally reviewed and agreed upon and are controlled • Configuration Item - A collection of elements treated as a unit for the purposes of CM • Configuration - A collection of all the elements of a baseline and a description of how they fit together
1. Public IP address is conserved (1 per LAN) 2. Eliminates having to register with ICANN 3. Protects against direct attack
Benefits of Private IP addressing
Q12 Which of the following is NOT one of the three common service models in cloud computing? Software as a Service (SaaS) Platform as a Service (PaaS) Broadband as a Service (BaaS) Infrastructure as a Service (IaaS)
Broadband as a Service (BaaS)
Which of the following is NOT one of the three common service models in cloud computing?
Broadband as a Service (BaaS)
Benefits of Cloud Computing
Business agility Reduced IT costs High availability Flexible scaling Flexibility of access Simplified infrastructure management Increased collaboration Business continuity
Roles and Responsibility
CIO - Pro: Responsible for critical IT resources - Con: Not responsible for operational resources or for buildings and facilities - Usually places emphasis on the protection of technology based assets • Head of internal audit - Lacks credibility to make decisions about operational issues or nonfinancial risk management issues. • CFO - Chooses alternatives such as insurance - Judges the impact of an outage on the financial viability of the business, which is a key aspect of the Business Impact Analysis - Assesses regulatory issues and their affect on risk management - Assesses cost issues and recommending budget and cost guidelines
Broad network access
Capabilities are available over the network and accessed through standard mechanisms that promote use by heterogeneous thin or thick client platforms (e.g., mobile phones, tablets, laptops, and workstations).
Rapid elasticity
Capabilities can be elastically provisioned and released, in some cases automatically, to scale rapidly outward and inward commensurate with demand. To the consumer, the capabilities available for provisioning often appear to be unlimited and can be appropriated in any quantity at any time.
• Platform as a Service
Capability provided to the consumer to deploy consumer-created or acquired applications on the provider's infrastructure • Consumer has control over • Deployed applications • Possible application hosting environment configurations • Consumer is billed for platform software components • OS, Database, Middleware • Consumers deploy consumer-created or acquired applications onto provider's computing platform • Computing platform is offered as a service
Software as a Service
Capability provided to the consumer to use provider's applications running in a cloud infrastructure • Complete stack including application is provided as a service • Application is accessible from various client devices, for example, via a thin client interface such as a Web browser • Billing is based on the application usage • Consumers use provider's applications running on the cloud infrastructure • Applications are offered as a service • Service providers exclusively manage computing infrastructure and software to support services
Production Acceptance
Change is implemented when approved
Explain the purpose of change management and production acceptance.
Change management - concerned with the procedures, processes and standards which are used to manage changes Production Acceptance - Production acceptance is a methodology used to consistently and successfully deploy application systems into a production environment regardless of platform.
CIO
Chief Information Officer; manages IT department, communicates with executive staff on IT- and IS- related matters. Member of the executive group.
Elastic = flexible to demand; Pooled = Economies of scale
Cloud Advantages (2)
1. Dependency on Vendor 2. Loss of control over data location 3. Little visibility into security and disaster preparedness
Cloud Disadvantages (3)
Platform
Cloud based platforms, typically provided using virtualization, such as Amazon ECC, Sun Grid
Application
Cloud based software that eliminates the need for local installation such as Google Apps, Microsoft Online
Private cloud
Cloud computing implemented in a secure environment safeguarded by a firewall
**Essential Characteristic 5 Measured Service - Cloud
Cloud computing provides a metering system that continuously monitors resource consumption and generates reports • Helps to control and optimize resource use • Helps to generate billing and chargeback reports
Community cloud
Cloud computing provisioned for exclusive use by a specific community of consumers
Public cloud
Cloud computing provisioned for open use by the general public
Hybrid cloud
Cloud infrastructure comprised of two or more distinct cloud models
1. Identifying changes in purchasing patterns (certain life events cause customers to change what they buy) 2. BI for entertainment (netflix has data on watching, listening, and rental habits, however determines what people actually want, not what they say.) 3. Predictive Policing (analyze data on past crimes, including location, date, time, day of week, and related data to predict where crimes are likely to occur 4. Amazon = uses data on things you bought to suggest other things you should buy based on what other people who purchased what you did also purchased.
Common uses of Business Intelligence: (4)
What kind of cloud deployment model provides a cloud infrastructure that is provisioned for exclusive use by users from organizations that have shared concerns (e.g. purpose, mission, security requirements, policy, and compliance considerations.)
Community cloud
What kind of cloud deployment model provides a cloud infrastructure that is provisioned for exclusive use by users from organizations that have shared concerns (e.g. purpose, mission, security requirements, policy, and compliance considerations.) -Private cloud -Public cloud -Hybrid cloud -Community cloud
Community cloud
Services
Complete business services such as PayPal, OpenID, OAuth, Google Maps, Alexa
**Essential Characteristic 2 Broad Network Access - Cloud
Computing capabilities are available over the network • Computing capabilities are accessed from a broad range of client platforms such as: • Desktop computer • Laptop • Tablet • Mobile device
**Essential Characteristic 4 Rapid Elasticity - Cloud
Computing capabilities can be elastically provisioned and released • Computing capabilities are scaled rapidly, commensurate with consumer's demand • Provides a sense of unlimited scalability
Change Management
Concerned with the procedures, processes, and standards which are used to manage change - may cover execution, tools, or software for the change control process - due to changing market, technology, executive decisions, costs, etc.
Matching: Information should only be provided to those who need access to it
Confidentiality
CIAA
Confidentiality, Integrity, Availability and Accountability
Matching: Preventative measure
Control
Timelines/Relationships
Correlation of potential losses. Passive and active discovery. The more time it takes to identify something, then the greater exposure to risks involved.
Reputation
Credibility of Track Record
Metadata
Data about Data
Unsupervised Data Mining
Data mining in which: 1. Analyst Don't Start with a prior hypothesis or model 2. The hypothesized model is created based on analytical results to explain the patterns found. 3. Cluster Analysis:
Supervised data mining
Data mining in which: 1. Analyst use a prior hypothesis or model or algorithm to compute outcome of model 2. Prediction, such as regression analysis
Storage
Data storage or cloud based NAS such as CTERA, iDisk, CloudNAS
Tier 1
Data that is generated by major business applications, email, essential documents
Tier 0
Data that is mission-critical, frequently accessed, recently accessed or requires high degree of security
Tier 2
Data that is still important, but not necessary for daily business operations, such as financial or transactional data
Tier 3
Data that must be retained, such as long-term backup, old financial and historical records, compliance requirements, email historical retention for long periods of time
Tables + Relationships between rows in tables + Metadata
Database =
a collection of related tables
Database is...
Recoverability
Degree of Fault Tolerance
Which of the following is NOT a characteristic of cloud computing?
Demand pooling
Which of the following is NOT a characteristic of cloud computing? -On-demand self service -Rapid elasticity -Demand pooling -Broad network access
Demand pooling
Which of the following is not a characteristics of cloud computing?(Five critical characteristics)
Demand pooling(Should be Resource pooling)
Types of Attacks (cont'd.)
Denial-of-service (DoS): attacker sends large number of connection or information requests to a target - Target system cannot handle successfully along with other, legitimate service requests - May result in system crash or inability to perform ordinary functions • Distributed denial-of-service (DDoS): coordinated stream of requests is launched against target from many locations simultaneous -Sniffers: program or device that monitors data traveling over network; can be used both for legitimate purposes and for stealing information from a network • Spoofing: technique used to gain unauthorized access; intruder assumes a trusted IP address • Mail bombing: also a DoS; attacker routes large quantities of e-mail to target • Pharming: redirection of legitimate Web traffic (e.g., browser requests) to illegitimate site for the purpose of obtaining private information
Programmer
Design and write computer programs
he principal purpose of Business Impact Analysis is to ______________
Determine and evaluate the potential effects of an interruption to critical business operations as a result of a disaster, accident, or emergency
What is DevOps and how can it impact IT infrastructure management?
DevOps is the practice of operations and development engineers participating together in the entire service lifecycle, from design through the development process to production support. It supports the IT infrastructure by expediting the development and implementation of applications due to its agility.
Which of the following steps in a recommended approach for successful cloud adoption?
Develop a business case and an enterprise cloud strategy Select cloud deployment model(s) Select cloud service model(s) Identify and address security and privacy issues
What is DevOps?
Develops is the practice of operations and development engineers participating together in the entire service life cycle, from design through the development process to production support. It supports the IT infrastructure by expediting the development and implementation of applications due to its agility
1. Loss of control 2. Benefits outweighed by long-term costs 3. No easy exit
Disadvantages of Outsourcing(3)
Which following functions are not a key component in an organization's disaster recovery effort?
Disaster reaction
Which of the following functions is NOT a key component in an organization's disaster recovery efforts?
Disaster reaction
Which of the following functions is NOT a key component in an organization's disaster recovery efforts? Disaster recovery Continuity management Disaster recovery planning Disaster reaction
Disaster reaction
Awareness and Training Programs
Document plans to be used during an incident that will enable the entity to continue to function.
Law or standard industry practice require physical control or possession of the data
Don't use the cloud when:
Repairability
Duration of Outages
The Cloud
Elastic leasing of pooled computer resources via the internet
If availability focuses on reducing the frequency and duration of systems outages, then high availability focuses on _______
Eliminating system outages
Redundancy as a method for maximizing availability deals with ______
Eliminating, as much as possible, any single point of failure that could disrupt service availability
Redundancy
Elimination of Single Points of Failure
1. Never Give up 2. Take risks 3. Do what you like to do 4. Do something important 5. Focus on signal over noise 6. Look for Problem Solvers to join you team 7. Attract Great People
Elon Musk 10 rules for success (name at least 4)
The percentage of _______ to all changes can indicate the relative degree to which an organization is reactive or proactive.
Emergency changes
The percentage of ____________ to all changes can indicate the relative degree to which an organization is reactive or proactive
Emergency changes
The percentage of ____________ to all changes can indicate the relative degree to which an organization is reactive or proactive -Software changes -Emergency changes -Planned changes -Production changes
Emergency changes
** Essential Characteristic 1 On-demand Self-service - Cloud
Enables consumers to unilaterally provision computing capabilities (examples: server time and storage capacity) as needed automatically • Consumers view service catalogue via a Webbased user interface and use it to request for a service
Configuration Management
Ensures descriptions of IT Assets are correct and complete. Involves identifying and controlling the functional and physical design characteristics of products.
Defense in depth refers to _________
Establishing sufficient security controls and safeguards so that an intruder faces multiple layers of controls
Private Cloud
Exclusive use by a single organization comprising multiple consumers (e.g., business units). It may be owned, managed, and operated by the organization, a third party, or some combination of them, and it may exist on or off premises.
Community Cloud
Exclusive use by a specific community of consumers from organizations that have shared concerns (e.g., mission, security requirements, policy, and compliance considerations).
Matching: Actual harm or possible harm
Exposure
Network equipment is usually not included as part of the configuration management because there is little need to document network hardware and network configurations
False
Network equipment is usually not included as part of the configuration management because there is little need to document network hardware and network configurations True False
False
Vint Cerf
Father of the internet; is the co-designer of the TCP/IP protocols and the architecture of the internet. Vice-president and Chief Internet Evangelist for Google.
Design of Security Architecture (cont'd.
Firewall: device that selectively discriminates against information flowing in or out of organization • DMZs: no-man's land between inside and outside networks where some place Web servers or other publicly available computing resources • Proxy servers: performs actions on behalf of another system • Intrusion detection systems (IDSs): in effort to detect unauthorized activity within inner network, or on individual machines, organization may wish to implement an IDS
Differences Between Scrum and Kanban
Focus - Where Scrum limits the amount of time allowed to accomplish a particular amount of work (by means of sprints), Kanban limits the amount of work allowed in any one condition (only so many tasks can be ongoing, only so many can be on the to-do list.) • Managing flow - Scrum uses timeboxed sprints. Sprint backlog is a prioritized list of story points that need to be completed to deliver a shippable product. - Kanban has no required time boxes or iterations, but limitations in the work flow
Incident Response
Focuses on immediate response; if attack escalates or is disastrous, process changes to disaster recovery and BCP
relation
Formal term for table is
Reliability
Frequency of Outages
The greatest threat to an organization's information systems comes from?
From the insiders of the company or organization
1. Develop 2. Operate 3. Maintain the organization's computing infrastructure and applications. 5. Protect information 6. Manage outsourcing relationships 7. Plan the use of IS to accomplish organizational goals and strategy.
Function of the IS department are:
My IS rights
Have adequate Computer hardware and programs that allow you to perform your job proficiently A reliable network and internet connections A secure computing environment Protection from viruses, worms, and other threats Prompt attention to problems, concerns, and complaints
The ISO/IEC 27001: 2005 Plan-Do-Check-Act Cycle
Here is how you can recognize the PDCA cycle in the structure of ISO standards: • Clauses 4 Context of the organization, 5 Leadership, 6 Planning, and 7 Support - the Plan phase • Clause 8 Operations - the Do phase • Clause 9 Performance Evaluation - the Check phase, • Clause 10 Improvement - the Act phase
• Dedicated recovery site options
Hot sites - fully operational sites - Warm sites - fully operational hardware but software may not be present - Cold sites - rudimentary services and facilities Shared site options - Time-share - A hot, warm, or cold site that is leased in conjunction with a business partner or sister organization - Service Bureaus / Cloud Providers - An agency that provides a service for a fee - Mutual agreement - A contract between two or more organizations that specifies how each will assist the other in the event of a disaster.
Attack
Humans originated penetration or penetration attempt
Business Continuity
ISO 22301, business continuity management system standard
1. Provide Legitimate Internet Address 2. Provide Gateway to Internet 3. Pay access fees and other charges to telecoms
ISP's purpose? (3)
Private IP address
Identifies a device on a private network, usually a LAN. Assignment LAN controlled.
What are the key functions of the NIST Cybersecurity Framework?
Identify Protect Detect Respond Recover
Which of the following are key functions of the NIST Cybersecurity Framework?
Identify, protect, detect, respond and recover
Privacy Level Agreement
Identity of the Cloud Service Provider 2. Ways in which the data will be processed - Personal data location - Subcontractors - Installation of software on cloud customer's systems 3. Data Transfer 4. Data Security 5. Monitoring and/or auditing in order to ensure that appropriate privacy and security measures 6. Personal data breach notification 7. Data portability 8. Data retention 9. Accountability 10. Cooperation 11. Legally required disclosure
Matching: An occurrence that actually or potentially results in adverse consequences to an information system or the information that the system stores, processes, or transmits, and that may require a response action to mitigate the consequences
Incident
Which of the following is NOT a component of incident response?
Incident reaction
Continuity Strategies
Incident response plans (IRPs); disaster recovery plans (DRPs); business continuity plans (BCPs) • Primary functions of above plans - IRP focuses on immediate response; if attack escalates or is disastrous, process changes to disaster recovery and BCP - DRP typically focuses on restoring systems after disasters occur; as such, is closely associated with BCP - BCP occurs concurrently with DRP when damage is major or long term, requiring more than simple restoration of information and information resources
Security awareness, training, and education, is focused on __________
Increasing awareness of security topics by employees and other insiders
Security awareness, training, and education, is focused on __________ -Understanding Business Impact Analysis -Malware detection -Increasing awareness of security topics by employees and other insiders -Educating just the cybersecurity staff from the security operations center - All of the above
Increasing awareness of security topics by employees and other insiders
Availability
Information should be provided to users when they need it
Integrity
Information should not be altered or changed unexpectedly
Confidentiality
Information should only be provided to those who need access to it
The greatest threat to an organization's information systems come from
Insiders
The greatest threat to an organization's information systems come from -Phishing and social engineering -Cyber hackers -Insiders -Nation-state actors -Radical 90's teens with attitude
Insiders
Matching: Information should not be altered or changed unexpectedly
Integrity
SQL
International standard language for DBMS query coding
What is interoperability? How would you describe it to somebody not working in IT? What is an example of interoperability?
Interoperability is the property that allows for the unrestricted sharing of resources between different systems. This can refer to the ability to share data between different components or machines. Broadly speaking, interoperability is the ability of two or more components or systems to exchange information and to use the information that has been exchanged. It just means the exchange of information through different platforms. Some examples are: client servers, infrastructure, softwares.
Measured service
Is the process used by cloud systems to automatically control and optimize resource use by leveraging a metering capability Helps to control and optimize resource use Helps to generate billing and chargeback reports
Accountability
It should be clear who accessed or changed information and when they did it
Please describe your recommended solution for 1800-JUNK-VAN and explain why it best fits the needs of this firm.
LOOK INTO IT
Refer back to iPremier
LOOK INTO IT
Issues in adopting, deployment and testing cloud
Lack of institutionalized knowledge internally is problematic. There is software that we might want to put on the cloud because with software that is developed, we can't put it out there as a design and service. There is also SaaS that is being provided cannot take a lot of bandwidth(Availability).
MY IS responsitrilatrance
Learn basic computer skills Learn standard techniques and procedures for the applications you use Follow security and backup procedures Protect your passwords Install only authorized programs
Deliberate Software Attacks
Malicious software (malware) designed to damage, destroy, or deny service to target systems • Includes: - Viruses - a piece of code that is capable of copying itself and typically has a detrimental effect, such as corrupting the system or destroying data. - Worms - self-replicating program - Trojan horses - Logic bombs - Back door or trap door - Polymorphic threats - a self-encrypted virus designed to avoid detection by a scanner. Upon infection, the polymorphic virus duplicates itself by creating usable, albeit slightly modified, copies of itself. - Virus and worm hoaxes
DBMS
Manipulates and queries database in a swift and controlled manner. Can be open sourced(MySQL) or licensed (ORACLE/Access/IBM)
N:M
Many to Many; 1 department has many advisors; 1 advisor has many departments
Key characteristics of cloud-optimized storage solution are:
Massively scalable • Unified namespace • Metadata and policy-based information management • Secure multi-tenancy • Multiple access mechanisms (through REST and SOAP web service APIs and file-based access)
The rule of nines refers to -The nine service models for cloud computing -The nine R's of high availability -Measurement of availability as a percentage of uptime None of the above
Measurement of availability as a percentage of uptime
The rule of nines refers to
Measurement of availability as a percentage of uptime
Market Basket Analysis
Methodology of ________ _____ _____ 1. Uses statistical methods to identify sales patterns in large volumes of data. 2. Finds products customers tend to buy together. 3. Determines probabilities of customer purchases 4. Identifies cross-selling opportunities 5. Customers who bought fins also bought mask
Defense in Depth
Multiple layers in defense for intrusion. For logins, there's single sign on, within that there's 2 factor authentication, firewalls, tipping points.
Contingency planning team
Must decide which actions constitute disasters and which constitute incidents
1. Business Analyst 2. System Analyst 3. Programmer
Name 3 IS related Jobs roles and positions:
• Incident recovery
Once incident has been contained and control of systems regained, the next stage is recovery - First task is to identify human resources needed and launch them into action - Full extent of the damage must be assessed - Organization repairs vulnerabilities, addresses any shortcomings in safeguards, and restores data and services of the systems
The ISO 27000 Series
One of the most widely referenced and often discussed security models • Framework for information security that states organizational security policy is needed to provide management direction and support • Provides a common basis for developing organizational security
1:N
One to many; 1 department has many advisors; 1 advisor has only one department
Business Continuity Planning
Outlines reestablishment of critical business operations during a disaster that impacts operations• Development of BCP is somewhat simpler than IRP or DRP Consists primarily of - selecting a continuity strategy and - integrating off-site data storage and recovery functions into this strategy - Determining factors in selecting between options is usually cost and how fast do you need to be back up
Outsourcing vs. Offshoring
Outsourcing refers to an organization contracting work out to a third party. While offshoring refers to getting work done in a different country, usually to leverage costs. BIGGEST DIFFERENCE: WHILE outsourcing can be (and often is) off-shored, offshoring may not always involve outsourcing.
Robustness
Overall Quality of the System
Information Security Methods of Defense
Overlapping controls - Authentication - Encryption - Integrity control - Firewalls - Network configuration - Application configuration - Policy
Which of these are methods for measuring availability?
Percent uptime = (Actual uptime) / (Scheduled uptime) Measure uptime in terms meaningful to users Quantify amount of downtime
Data tiering determines where and how data is stored. Which of the following criteria may be used in determining data tiering needs?
Performance Cost Availability Recovery or retrieval requirements
Hosting
Physical data centers such as those run by IBM, HP, NavSite.
A key part of business continuity management is not just preparing the business continuity plans, but ensuring that they will be able to achieve their intended purposes. An effective organizational strategy for business continuity includes which of the following tasks?
Planning and executing regularly scheduled tests of the plan, as often as twice a year
Threat
Potential for exposure thats a fact cause its done with we safe
Control
Preventative measure
Data Tiering
Prioritizes data based on performance, cost, availability, and recovery requirements
1. Curse of dimensionality 2. Dirty Data (wrong) 3. Missing Values 4. Inconsistent Data 5. Data not integrated 6. Too fine granularity
Problems associated with the granularity of data include:
DevOps requires the following processes be in place:
Process standardization and automation • Version control • Release management • Configuration management • Cross-training and job rotation
Infrastructure as a Service
Provides capability to the consumer to hire infrastructure components such as servers, storage, and network • Enables consumers to deploy and run software, including OS and applications • Pays for infrastructure components usage, for example, Storage capacity, CPU usage, etc. • Consumers deploy their software, including OS and application on provider's infrastructure • Computing resources such as processing power, memory, storage, and networking components are offered as service • Consumers have control over the OSs and deployed applications
Platform as a Service (PaaS)
Provides you computing platforms which typically includes operating system, programming language execution environment, database, web server etc.
Infrastructure as a Service (IaaS)
Provides you the computing infrastructure, physical and virtualized machines, and other resources
Public Cloud
Provisioned for open use by the general public. It may be owned, managed, and operated by a business, academic, or government organization, or some combination of them. It exists on the premises of the cloud provider.
There are several approaches that can be taken to maximize availability - the seven R's of high availability. Which of the following is NOT one of these seven approaches? Robustness Recognition Reliability Redundancy
Recognition
The Seven Rs of Availability
Redundancy - Elimination of Single Points of Failure Reputation - Credibility of Track Record Reliability - Frequency of Outages Repairability - Duration of Outages Recoverability - Degree of Fault Tolerance Responsiveness - Urgency of Support Robustness - Overall Quality of the System
DevOps
Refers to a set of practices that emphasize the collaboration and communication of both software developers and information technology operations
Measured service
Resource usage can be monitored, controlled, and reported, providing transparency for both the provider and consumer of the utilized service.
Which of the following functions should NOT be a function of a change advisory board (CAB) or change control board (CCB)?
Review all logged changes
Which of the following functions should NOT be a function of a change advisory board (CAB) or change control board (CCB)? -Review and approve proposed changes -Review and approve emergency changes implemented -Serve as a barrier to making changes to the production environment -Review all logged changes
Review all logged changes
Purpose of Change Control System
Review all requested changes • Identify impact of change • Evaluate advantages and disadvantages of requested change • Install process so that individual with authority may accept or reject changes • Communicate change to concerned parties • Ensure changes implemented properly • Prepare reports that summarize changes made to date and their impact
Identify and explain at least 4 of the business continuity/disaster recovery practices addressed in the DRI Professional Practices.
Risk assessment: The goal of this requirement is to establish, implement, and maintain a formal documented risk assessment process that systematically identifies, analyzes, and evaluates the risk of disruptive incidents to the organization. Incident response: planning covers identification of, classification of, and response to an incident Business Impact Analysis: This activity enables an organization to identify the critical processes that support its key products and services, and the interdependencies between processes and the resources required to operate the processes at a minimally-acceptable level. Awareness and Training Programs: Document plans to be used during an incident that will enable the entity to continue to function.
IETF Security Architecture
Security Area Working Group acts as advisory board for protocols and areas developed and promoted by the Internet Society • RFC 2196: Site Security Handbook covers five basic areas of security with detailed discussions on development and implementation
Which of the following is NOT a component of incident response? -Selecting a continuing strategy -Incident detection -Incident recovery -Incident reaction
Selecting a continuing strategy
Corporate Information Security Policy (CISP)
Sets strategic direction, scope, and tone for all security efforts within the organization • Executive-level document, usually drafted by or with the CIO of the organization • Typically addresses - Establishes security program and responsibilities assigned to various organizational components - Specified penalties and disciplinary action for noncompliance
• Damage assessment
Several sources of information on damage, including system logs; intrusion detection logs; configuration logs and documents; documentation from incident response; and results of detailed assessment of systems and data storage - Computer evidence must be carefully collected, documented, and maintained to be acceptable in formal or informal proceedings - May need to involve law enforcement - Individuals who assess damage need special training
Which of these factors played a part in the Target breach that we discussed in class?
Social engineering
Development
Software development platforms used to build custom cloud based applications such as SalesForce
big box
Some changes I would suggest to Big Box Company for their program change control process areaddressing the lack of communication within the team working on change request. I would add astep to update the team through emails periodically through the process of the change request. Iwould also add a step to ensure that the production source is in sync with the change request. The production change administrator can acquire this task within the process. For incident reports to correspond with the PCCS I would add a step to the production control team to evaluate incidents and log them within the system. Some risk areas to be considered for this process include communication between the programmers, production change administrators, system owner, and production control team. This is an issue because of the "after-hours" change requests the other employees may not know if a change has been made so they should be updated in some form synchronously. Another risk area is changes made that are unauthorized. There should be documentation for each step in the change request and the status. Another high-risk area is that the incident reporting system for change requests need to synchronize with the PCCS. The production source should also be in sync with theexecutable code
DevOps Includes All Functions that Support the Software Development Life Cycle (SDLC)
Some specific practices that you need to include when you adopt DevOps: • Release planning • Continuous integration • Continuous delivery • Continuous testing • Continuous monitoring and feedback
One justification for choosing a hybrid cloud deployment model is the ability to support cloud bursting. What is cloud bursting?
Spilling over to the public cloud to deal with spikes in demand
One justification for choosing a hybrid cloud deployment model is the ability to support cloud bursting. What is cloud bursting? Breaking up an organization's cloud services across multiple cloud providers to minimize risk Spilling over to the public cloud to deal with spikes in demand Rainfall in the data center, invoking a disaster recovery plan (DRP) Rapid testing of cloud applications
Spilling over to the public cloud to deal with spikes in demand
Sprints
Sprints are planned to create a forecast or commitment • A constant duration leads to a better rhythm • Product is designed, coded, and tested during the sprint
Cluster Analysis
Statistical technique to identify groups of entities with similar characteristics; used to find groups of similar customers from customer order and demographic data. Form of Unsupervised data mining.
Systems-Specific Policy (SysSP)
SysSPs frequently function as standards and procedures used when configuring or maintaining systems • Systems-specific policies fall into two groups - Managerial guidance - Technical specifications ACLs can restrict access for a particular user, computer, time, duration—even a particular file • Configuration rule policies • Firewall policies
IT controls are the BEST detection method to limit fraud duration and loss
TRUE
Which of these factors played a part in the Target breach that we discussed in class? -Early, full disclosure of the full magnitude of the breach -Missed warnings from security systems -Target's early detection of the breach -Social engineering
Target's early detection of the breach
NIST Cybersecurity Framework
The Framework Core Establishes a Common Language • Describes desired outcomes • Understandable by everyone • Applies to any type of risk management • Defines the entire breadth of cybersecurity • Spans both prevention and reaction Function Identify Protect Detect Respond Recover
Issue-Specific Security Policy (ISSP)
The ISSP: - Addresses specific areas of technology - Requires frequent updates - Contains statement on organization's position on a specific issue (such as as ISSP for Cloud Services) Components of the policy - Statement of Policy - Authorized Access and Usage of Equipment - Prohibited Use of Equipment - Systems Management - Violations of Policy - Policy Review and Modification - Limitations of Liability
Virtualization
The act of creating a virtual version of something, including virtual computer hardware platforms, storage devices, and computer network resources
Software as a Service (SaaS)
The applications are accessible from various client devices through either a thin client interface, such as a web browser (e.g., web-based email), or a program interface. Consumer has limited user-specific application configuration settings.
Platform as a Service (PaaS)
The capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages, libraries, services, and tools supported by the provider.
Infrastructure as a Service(IaaS)
The capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer can deploy and run arbitrary software, which can include operating systems and applications.
Risk assessment
The goal of this requirement is to establish, implement, and maintain a formal documented risk assessment process that systematically identifies, analyzes, and evaluates the risk of disruptive incidents to the organization.
Scrum
The most popular agile method used today. Short iterations which mimic a project lifecycle on a small scale, having a distinct beginning and end for each iteration
Change management
The overall process to control and coordinate all changes to an IT production environment
IP addressing
These protocols manage traffic as it passes across the internet. Most important protocol in transport layer is TCP. Its like a home address
What should the relationship be between business continuity policies and corporate policies?
They should be strategically aligned
What should the relationship be between business continuity policies and corporate policies? They should be strategically aligned There is no need to link IT policies to corporate policies They should address similar issues in Section 7 - the Information Security section They should be the same
They should be strategically aligned
Business Impact Analysis
This activity enables an organization to identify the critical processes that support its key products and services, and the inter-dependencies between processes and the resources required to operate the processes at a minimally-acceptable level.
Resource pooling
This serves multiple consumers using a multi-tenant model, with different physical and virtual resources dynamically assigned and reassigned according to consumer demand. Customer generally has no control or knowledge over the exact location of the provided resources but may be able to specify location at a higher level of abstraction (e.g., country, state, or datacenter). Examples of resources include storage, processing, memory, and network bandwidth.
1. entities must contain all data users need 2. Must accurately reflect their view of the business 3. devote time
Thorough review of data model by users should involve: (3)
Matching: Potential for exposure
Threat
1. Acquire Data 2. Perform Analysis 3. Publish Results
Three primary activities of business intelligence:
• Off-Site disaster data storage
To get sites up and running quickly, an organization must have the ability to move data into new site's systems - Options for getting operations up and running include: • Electronic vaulting • Remote journaling • Database shadowing • Cloud storage
RFM
To produce and ___ score, a program sorts customer purchase records by date of most recent (R) purchase, divides sorts into quintiles, and gives customers a score of 1 - 5. Process is repeated for Frequently and Money. You want a LOW score = good customer.
AMI is an acronym for "Amazon Machine Image"
True
IT controls are the BEST detection method to limit fraud duration and loss True False
True
Disaster Recovery
Typically focuses on restoring systems after disasters occur; as such, is closely associated with BCP
Service Level Agreements
Uptime percentage • Amount of traffic at a given time (bandwidth) • Data rate or bandwidth limitations • Performance and capacity of resources • Schedule requirements for notifications (planned maintenance and outages) • Help desk response times, scope, limitations • Security • Privacy • Availability Penalties - Compensation, refunds or discounts • Exit conditions • Availability zones - Which do you have access to? - If your provider is reselling (buying from another provider), which of those do you have access to? • Disaster recovery provisions
Responsiveness
Urgency of Support
Final judges that review data model
Users role in database development?
Software as a Service (SaaS)
Uses the web to deliver applications that are managed by a third-party vendor and whose interface is accessed on the client's side
Virtualization
Virtual workspaces: - An abstraction of an execution environment that can be made dynamically available to authorized clients by using well-defined protocols, - Resource quota (e.g. CPU, memory share), - Software configuration (e.g. O/S, provided services). • Implement on Virtual Machines (VMs): - Abstraction of a physical host machine, - Hypervisor intercepts and emulates instructions from VMs, and allows management of VMs, - VMWare, Xen, etc. • Provide infrastructure API: - Plug-ins to hardware/support structure
Matching: Weakness that may be exploited
Vulnerability
Vulnerability
Weakness that may be exploited
Receives communications from your computer and passes them on to the internet and receives communications from the internet and passes them to you.
What do ISPs do?
Internet Service provider
What does ISP stand for?
Local Area Network
What does LAN stand for?
Personal Area Network
What does PAN stand for?
Recent Orders; Frequent Orders; Money (amount spent)
What does RFM stand for?
computers connected to a single physical site
What is LAN?
devices connected around a single person
What is PAN?
Computers connected between two or more separated sites
What is WAN? (wide area network)
IP version 6; because we are running out of IP addresses
What is the next evolution of IP addressing and why
Primary Key
What is unique to that table
Foreign Key
What ties different tables together
Kanban
Work items are visualized, and work is defined based on customer needs and expanded backwards
Business Analyst
Work with business leaders and planners to develop processes and systems that implement business strategy and goals
System Analyst
Work with users to determine system requirements, design and develop job descriptions and procedures, help determine system test plans.
Market Basket Analysis
a data-mining technique for determining sales patterns. Knowing what people buy together so you can cross-sell and up-sell.
DevOps
a practice of bringing development and operations teams together, focuses on constant testing and delivery.
IP
a set of rules governing the format of data sent over the internet or other network
data mart
a subset of a datawarehouse; addresses a particular component or functional area of the business.
Your organization is considering upgrading its IT posture. Pick 2 of these topics and explain to management why should be a part of their new plans.
a) Cyber security is a key factor in information technology nowadays. Without it, data could be easily stolen, manipulated, or used by anyone who is not authorized to do so. Therefore, a good cyber security department is needed. b) Cloud computing enables companies and applications, which are system infrastructure dependent, to be infrastructure-less. By using the Cloud infrastructure on "pay as used and on demand", all of us can save in capital and operational investment!
What is the primary focus of each of these: (a) incident response, (b) disaster recovery, and (c)business continuity?
a) Incident Response (IRP) - focuses on immediate response; if attack escalates or is disastrous, process changes to disaster recovery and BCP b) Disaster Recover (DRP) - typically focuses on restoring systems after disasters occur; as such, is closely associated with BCP c) Business Continuity (BCP) - occurs concurrently with DRP when damage is major or long term, requiring more than simple restoration of information and information resources
Kanban
allows software be developed in one large development cycle (also an agile methodology)
Production Environment -
any hardware, software or documentation (electronic or hardcopy) component that directly support a production application.
Maximum Cardinality
at least one entity --|----->
(why) Data visualization
because of the way human brains process information, using charts, or graphs to visualize large amounts of complex data is easier than pouring over spreadsheets or reports. _______ is a quick, easy, way to convey concepts in a universal manner - and you can experiment with different scenarios by making slight adjustments.
Change management
concerned with the procedures, processes and standards which are used to manage changes • Change management policies may cover: - The change request process and the information required to process each change request - Define how changes will be executed - The process used to analyze the impact and costs of change and the associated traceability information - The membership of the body which formally considers change requests - The tools or software support (if any) for the change control process
Incident Response
develop and assist with the implementation of an incident management system that defines organizational roles, line of authority and succession of authority.
Plan Development and Implementation
document plans to be used during an incident that will enable the entity to continue to function.
On-demand self service
enables consumers to unilaterally provision computing capabilities as needed (examples: server time and storage capacity)
Business Continuity Plan Exercise, Assessment, and Maintenance
establish an exercise, assessment and maintenance program to maintain a state of awareness.
Agile
focuses on adaptive, simultaneous workflows.
ISO 22301
formally specifies a Business Continuity Management System (BCMS) for any type or size of organization.
Public IP address
identifies a unique device on internet; Assigned by ICANN(Intenet corporation for assigned names and numbers).
Risk Assessment
identify the risks that can adversely affect an entity's resources or image.
What is Cloud Computing?
is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort or service provider interaction." (NIST) -Consumers pay only for the services that they use, either based on a subscription or based on resource consumption. -Cloud services are accessed from different types of client devices over wired and wireless network connections.
Kanban
is a process used to organize work for the sake of efficiency. • Kanban encourages work to be broken down into manageable chunks and uses a Kanban Board to visualize that work as it progresses through the work flow
Social engineering
is an attack vector that relies heavily on human interaction and often involves tricking people into breaking normal security procedures
Rapid elasticity
is the capability to quickly scale-out and rapidly release resources to quickly scale in.
(What is) Data Visualization
is the presentation of data in a pictorial or graphical format. It enables decision makers to see analytics presented visually, so that they can grasp difficult concepts r identify new patterns. With interactive _____, you an take the concept a step further by using tech to drill down into charts and graphs for more detail, interactively changing what data you see and how it's processed.
Resource pooling
is the process of combining a provider's computing resources to serve multiple consumers using a multi-tenant model. Consumers have no control or knowledge over the exact location of the provided resources
Bit Rot
is the slow deterioration in the performance and integrity of data stored on storage media. Basically as time goes on, we are less able to run or open past programs or applications because we are using new software.
Minimum Cardinality
minimum number of entities in a relationship. Small oval means entity is optional; relationship need not have entity of that type. -------o-->
iPremier's DoS attack
outdated disaster recovery plan also unprepared in missing their emergency procedure binder of resources -Premier was not trained to handle the DoS in a rapid enough response time that would have allowed them to both prevent the attack and assure the security and safety of valuable assets such as customer information, accounting information, and other sensitive information. ---lack of scalability within their network system, as it was entirely reliant on a single operating platform that disabled their ability to interact with their system. -Qdata's break of their operating level agreement. As part of their service level agreement (SLA), Qdata had ensured 24 hour surveillance to monitor any abnormalities in Ipremiers operations. We plan to move the platform from Qdata onto a more reliable and secure hybrid cloud environment, update the cyber security disaster recovery plan, and create the business contingency plan. -move to a reputable cloud provider that meets all of the service and operating level agreements required such as 24 hour network monitoring, executing risk management plans, and defense against hacking attempts. Due to current vendor-locked aspect of iPremier, massive changes will occur with the migration of data, services, or applications when iPremier switches cloud providers. switching to a preferred cloud provider will benefit iPremier in terms of a reduced IT cost, business agility, flexible scaling in the demand for computing resources easily, high availability, and device independence. This hybrid cloud would be a combination of a public and private cloud, where the public cloud can run applications and keep data in a secure, provider-protected public cloud, then use the private cloud for scaling purposes when there is a need for more space.
Incident response
planning covers identification, classification of, and response to an incident
Virtualization
process by which one computer hosts the appearance of many computers. One operating system, called the host operating system runs one or more operating systems as applications. Hosted operating systems are called virtual machines (vm)
Outsourcing
process of hiring another organization to perform services. Any value chain business activity can be _____. Outsourcing is done to save costs, gain expertise, reduce financial risk, and free up managment time.
Broad network access
provides capabilities that are available over the network and accessed through standard mechanisms Desktop computer Laptop Tablet Mobile device
Offshoring
refers to getting work done in a different country, usually to leverage costs.
Data Mining
the process of finding anomalies, patterns and correlations within large data sets to predict outcomes. Using a broad range of techniques, you can use this information to increase revenues, cut costs, improve customer relationships, reduce risks and more.
Availability
the process of optimizing the readiness of production systems by accurately measuring, analyzing, and reducing outages to those production systems
Controlling Change
the requesting, prioritizing and approving of any requested production change to the operations environment prior to the change coordination required for its implementation
Final Judges
users are the ____ ____ as to what data the database should contain and how the records in that database should be related to one another.
datacenters all over the country
where is the cloud?
Desktop Virtualization
you can access your hardware/desktop from any computer around the world
Business Continuity vs. Disaster Recovery
• Business continuity is about planning ways to keep the doors open while minimizing the impact of disruptions on customers and business operations. • Disaster Recovery is about the series of steps taken to restore the business once a problem occurs. Disaster Recovery is a subset of Business Continuity Planning
**Essential Characteristic 3 Resource Pooling - Cloud
• Provider's computing resources are pooled to serve multiple consumers using a multitenant model • Resources are assigned from the pool according to consumer demand • Consumers have no control or knowledge over the exact location of the provided resources