IS 220 Exam 2

web 3.0

"Executable" Web 3.0 is a semantic web which refers to the future. In Web 3.0, computers can interpret information like humans and intelligently generate and distribute useful content tailored to the needs of users.(Machine - based learning)

web 1.0

"Readable" Web 1.0 is simply an information portal where users passively receive information without being given the opportunity to post reviews, comments, and feedback. (Static text-based information websites)

web 2.0

"Writable" Unlike Web 1.0, Web 2.0 facilitates interaction between web users and sites, so it allows users to interact more freely with each other. (User-contributed Content)

smart card

A device that is around the same size as a credit card, containing embedded technologies that can store information and small amounts of software to perform some limited processing

multi tenancy

The cloud means that a single instance of a system serves multiple customers

bandwidth

The maximum amount of data that can pass from one point to another in a unit of time - usually measured in bits/sec - bps, Kpbs, Mpbs

authorization

The process of giving someone permission to do or have something (data)

channel bandwidth

The rate at which data is exchanged

network topology

The shape or structure of a network, including the arrangement of the communication links and hardware devices on the network - star network - bus network - mesh network

disadvantages to fiber optic cable

expensive to purchase and install

spoofing

gain unauthorized access to a user's system or information by pretending to be the user

business transaction executed electronically between public sector and business

government to business

business transaction executed electronically between public sector to citizens

government to citizen

business transaction executed electronically between public sector to public sector

government to government

encryption

if there is an information security breach and the information was encrypted, the person stealing the information would be unable to read it - public key encryption (PKE)

electronic commerce

includes any business transaction executed electronically between...

prevention

installing antivirus software - cans for specific sequence of bytes, known as a virus signature, that indicates the presence of a specific virus - if virus found: antivirus software informs the user and may clean, delete, or quarantine any files, directories, or disks affected by the malicious code - crucial that antiviries software be continually updated with the latest virus signature

detection

intrusion detection system (IDS) - software and/or hardware that monitors system and network resources and activites - notifies network security personnel when it detects network traffic that attempts to circumvent the security measures of a networked computer environment

examples of wireless media

radio, near field communication (NFC), bluetooth, wi-fi, microwave

incident follow up

response to breach - Determining how the organization's security was compromised - A review to determine exactly what happened and to evaluate how the organization responded - A detailed chronology of all events - An estimate of the monetary damage - A decision on how much effort should be put into capturing the perpetrator - A decision on whether it has an ethical or a legal duty to inform customers or clients of a cyber attack

eradication

response to breach BEFORE eradication the IT security group must - collect and log all posible criminal evidence from the system - verify that all necessary backups are current, complete, and free of any malware - create a forensic disk image of each compromised system AFTER eradication a new backup must be created - log should be kept of all actions taken - all backups should be created with enough frequency to enable a full and quick restoration of data - if an attack destroys the original

IP protocol

set of rules used to pass packets from one host to another

disadvantages to radio frequency range

signal is highly suscepible to interception

disadvantages to twisted-pair wire

slow (low bandwidth), subject to interference, easily tapped (low security)

tokens

small electronic devices that change user passwords automatically

decision making essentials

strategic, managerial, operational - decision making and problem solving occur at each level in an organization

advantages to radio frequency range

support mobile users, costs are dropping

prevention and resistance

technologies available to help prevent and build resistance to attacks: - content filtering - encryption - firewalls (downtime can cost an organization anywhere from 100 to 1 million dollars per hour)

second line of defense

technology - authentication and authorization (people) - prevention and resistace (data) - detection and response (attacks)

biometrics

the identification of a user based on a physical characteristic, such as a fingerprint, iris, face, voice, or handwriting

internet of things

the network of physical objects (things) embedded with sensors, processors, software, and network connectivity capability to enable them to exchange data with the manufacturer of the device, device operations, and other connected devices

tunneling

the process by which VPNs transfer information by encapsulating traffic in IP packets over the internet

crowdsourcing

the wisdom of the crowd - the practive of obtaining information or input into a task or project by enlisting the services of a large number of people, either paid or unpaid, typically via the internet

communications media

two broad categories - guided (wired) transmission media: signals are guided along a solid medium - wireless: the signal is broadcast over airwaves as a form of electromagnetic radiation

TCP

widely used transport layer protocol that most internet applications use with IP

B2B

- All the participants are organizations - Useful tool for connecting business partners in a virtual supply chain to cut resupply times and reduce costs - Many organizations use both: Buy-side e-commerce to purchase goods and services from suppliers and Sell-side e-commerce to sell products to their customers

Batch processing system

- Business transactions are accumulated over a period of time and prepared for processing as a single unit or batch - essential characteristic: the delay between an event and the processing of the related transaction to update the organization's records

E-government

- E government is the use of information and communications technology to: Simplify the sharing of information, Speed formerly paper-based processes, Improve the relationship between citizens and government - Forms of e-Government: Government-to-consumer (G2C), Government-to-business (G2B), Government-to-government (G2G)

enterprise systems

- ERP: enterprise resource planning - CRM: customer relationship management - PLM: product lifecycle managment

transaction processing system

- TPS: transaction processing system - OLTP: online transaction processing - batch processing system

guided transmission media types

- Twisted-pair wire: twisted pairs of copper vire, shielded or unshielded, used for telephone service - Coaxial cable: inner conductor wire surrounded by insulation - Fiber-optic cable: many extremely thin strands of glass bound together in a sheathing, uses light beams to transmit signals

worms

- a harmful program that resides in the active memory of the computer and duplicates itself - can propagate without human intervention (sending copies)

viruses

- a piece of programming code (usually disguised as something else) that causes a computer to behave in an unexpected and undesirable manner - spread to other machines when a computer user shares an infected file or sends an email with a virus infected attachment - cannot infect your computer unless you run or open the program

common B2C e-business models

- brick and mortar business: buisness that operates in a physical store without an internet presece (TJ Maxx) - click and mortar business: business that operates in a physical store and on the internet (barnes and noble) - pure play (virtual) business: business that operates on the internet only without a physical store (google)

How the web works

- hypertext transfer protocol (HTTP) - hypertext markup language (HTML) - extensible markup languages (XML) - cascading styple sheets (CSS)

types of wireless technologies

- radio frequency range: operates in the 3 KHZ - 300 MHz range - microwave terrestrial and satelite frequency range: higher frequency readio signal (300 MHz - 300 GHz) sent through the atmosphere and space (often involves communications satellities) - infrared frequency range: signals in the 300 GHz - 400 THz frequency range

trojan horse

- seemingly harmless program in which malicious code is hidden - a victim on the receiving end is usually tricked into opening it opening it because it appears source: harmful payload might be designed to enable the attacker to destroy hard dives, corrupt files, control the computer remotely, launch attacks against other computers, steal passwords or spy on users - often creates a "backdoor" on a computer that enables an attacker to gain future access

response

- should be deeloped well in advace of any incident: should be approved by the organization's legal department and senior management, helps keep an incident under technical and emotional control - primary goal: regain control and limit damage, not to attempt to monitor or catech an intruder - incident notification - protection of evidence and activity logs - incident containment

vishing and smishing

- smishing is a variation of phishing that involves the use of texting - vishing is similar to smishing except the victims receive a voice mail message telling them to call a phone number or access a web site

cloud computing

- stores, manages, and processes data and applications over the internet rather than on a personal computer or server - a computing environment in which software and storage are provided as an internet service and accessed with a web browser

phishing

- the act of fraudulently using email to try to get the recipient to reveal personal data - con artists send legitimate looking emails urging recipients to take action to avoid a negative consequence or to receive a reward

Advantages of twisted-pair wire

-inexpensive -widely available -easy to work with

the most secure of type of authentication involves

1. Something the user knows: such as a user ID and password (most ineffective form of authentication) 2. Something the user has: tokens and smart cards 3. Something that is part of the user: such as a fingerprint or voice signature (biometics)

botnet

A large group of computers controlled from one or more remote locations by hackers, without the knowledge or consent of their owners. - sometimes called zombies

LAN

A local area network (LAN) connects computer systems and devices within a small area (e.g., an office or a home)

Mesh Network Topology

A mesh network topology is a decentralized design in which each node on the network connects to at least two other nodes. - all connect to each other

authentication

A method for confirming users' identities (data)

MAN

A metropolitan area network (MAN) connects users and their devices in an area that spans a campus or city

broadband communications

A relative term but generally means a telecommunications system that can exchange data very quickly - compare to dial-up

protocol

A standard that specifies the format of data as well as the rules to be followed during transmission

WAN

A wide area network (WAN) connects large geographic regions - computer equipment owned by the user - data communications equipment and telecommunications links provided by various carriers and service providers

B2C

B2C e-commerce - Customers deal directly with an organization and avoid intermediaries - This is called disintermediation - Reasons for steady growth: Cheaper goods and services via the Web, Online shoppers can design a personalized product (NikeID), The use of social media networks to promote products and reach customers

CSS

Cascading Style Sheets - a file or portion of an html file that defines the visual appearance of content in a web page - uses special html tage to globally define characteristics for a variety of page elements as well as how those elements are laid out on the web page

CAD

Computer Aided Design - part of PLM - use of software to assist the creation, analysis, and modification of the design of a component or product

CAE

Computer Aided Engineering - part of PLM - use of software to analyze the robustness and performances of components and assemblies

CAM

Computer Aided Manufacturing - use of software to control machine tools and related machinery in the manufacture of components and products

DDos

Distributed Denial of Service Attack - an attack in which a malicious hacker takes over computers via the internet and causes them to flood a target site with demands for data and other small tasks - keeps target so busy responding to requests that legitimate users cannot get in - so many requests are made that the target system becomes overload and cannot respond to legitimate request for service - botnet

operational decision making

Employees develop, control, and maintain core business activities required to run the day-to-day operations - structured decisions: situations where established processes offer potential solutions

managerial decision making

Employees evaluate company operations to identify, adapt to, and leverage change - semistructed decisions: occur in situations in which a few established processes help to evaluate potention solutions, but not enough to lead to a definit recommended decision

ERP

Enterprise Resource Planning - a set of integrated programs that manage a company's vital business operations for an entire opanization - advantage: improved access to quality data for oper decision making, elimination of costly inflexible legacy systems, improvment of work processes, opportunity to upgrade and strandardize technology infrastructure

XML

Extensible Markup Language - a markup language designed to transport and store data on the web

HTML

Hypertext Markup Language - the standard page description language for web pages - tells the browser how to display font characteristics, paragraph formatting, page layout, image placement, hyperlinks, and the content of a web page - html tages tell the web browser how to format text and elements to be inserted

HTTP

Hypertext Transfer Protocol - to get a page from web server - http request and response - request response diglogue occurs for every file

detection and response

If prevention and resistance strategies fail and there is a security breach, an organization can use detection and response technologies to mitigate the damage

C2C

Involves business transactions between consumers are facilitated by a third party - ebay, craigslist, etsy, ubid

ransomware

Malware that stops you from using your computer or accessing your data until you meet certain demands such as paying a ransom or sending photos to the attacker

strategic decision making

Managers develop overall strategies, goals, and objectives - unstructured decisions: occurs in situations in which no procedures or rules exist to guide decision makers toward the correct choice

OLTP

Online Transaction Processing - Capturing of transaction and event information using technology to process, store, and update - data collection, editing, correction, manipulation, storage, and document production

content filtering

Prevents emails containing sensitive information from transmitting and stops spam and viruses from spreading

PLM

Product Lifecycle Management - an enterprise business strategy that creates a commong repository of product information and processes - supports the collaborative creation, managment, dissemination, and use of product and packaging definition information

PLM software

Provides a means for managing the data and processes associated with the various phases of the lifecycle of a product

TCP/IP

Provides the technical foundation for the public Internet as well as for large numbers of private networks - transmission control protocol/internet protocol

pharming

Reroutes requests for legitimate websites to false websites

TPS

Transaction Processing System- Basic business system that serves the operational level and assists in making structured decisions - create, read, update, delete - help improve customer service - produce timely user responses and reports

VPN

Virtual Private Network - an encrypted connection over the internet from a device to a network - prevents unauthorized people from eavesdropping on the traffic and allows the user to conduct work remotely - widely used in corporate environments

extranet

a network based on Web technologies that links selected resources of a company's intranet with its customers, suppliers, or other business partners

firewall

a system of software, hardward, or a combination of both that stands guard between an organizations internal network and the internet and limits network access based on the organization's access policy - one of the most common defenses for preventing a security breach

Star Network Topology

all devices on the network connect to a central device, and this central device creates a single point of failure on the network.

intranet

an internal corporate network built using internet and world wide web standards and tchnologies

ISP

any organization that provides internet access to people

advantages to microwave terrestrial and satellite frequency range

avoids cost and effort to lay cable or wires; capable of high-speed transmission

business transaction executed electronically between companies

business to business

business transaction executed electronically between companies and consumers

business to consumer

Advantages of Coaxial Cable

cleaner and faster data transmission than twisted pair wire

Bus network topology

computers in such a network are linked using a single cable called a trunk or backbone.

business transaction executed electronically between consumers and other consumers

consumers to consumers

CRM

customer relationship management - helps a company manage all aspect of customer encounters, including marketing, sales, distribution, accounting, and cutomer sevice - goal: understand and anticipat the needs of current and potential customers - customer suppor, marking automation, analysis, social networking, import contact data, access by smartphones

advantages to fiber-optic cable

diameter of cable is much smaller than coaxial cable, less distortion of signal, capable of high transmission rates

single tenancy

each customer or tenant must purchase and maintain an individual system

spear phishing

is a variation of phishing where fraudulent emails are sent to a certain organization's employees - much more precise and narrow - designed to look like they came from high level executives within organization

Types of Trojan Horses

keylogging trojans - logic bomb trojans: type of trojan horse that executes when it is triggered by a specific event

advantages to infrared frequency range

lets you move, remore, and install devices without expensive wiring

disadvantages to coaxial cable

more expensive than twisted pair wire

disadvantages to microwave terrestrial and satellite frequency range

must have unobstructed line of sight between sender and receiver, signal is highly susceptible to interception

disadvantages to infrared frequency range

must have unobstructed line of sight between sender and receiver, transmission is effective only for short distances

public cloud

part of cloud computing - service provider owns and manages the infrastructure with cloud user organizations (tenants) accessing slices of shared hardware resource via the internet - can be faster, cheaper, and more agile approach to building and managing your own IT infrastructure - data security is a key concern because you are relying on someone else to safeguard your data

private cloud environment

part of cloud computing - single tenant cloud - organization often implement due to concerns that their data will not be secure in a public cloud - divided by on premise private cloud or service provider managed private cloud

hybrid cloud

part of cloud computing - composed of both private and public clouds integrated through networking - organizations typically use the public cloud to run applications with less sensitive security requirements - runns more critical applications on the private portion of the hybrid cloud

first line of defense

people - establishing a secuirty policy: some have requirements for mobile devices - educating employees: prohibiting others from using their passwords, guarding their passwords, reporting all unusal activity to IT, ensure that portable computing and data storage devices are protected