IT 4

Electronic waste

(e-waste, e-scrap) - describes discarded electrical or electronic devices As performance/cost ratio keeps mproving, time window between technology upgrades shrinks Toxic Substances: 1.Lead-monitor glass 2.Mercury - Flat screen monitors 3.BFRs - brominated flame retardants - reduce flammability in plastics used in electronics 4.Cadmium - batteries 5. Beryllium - filler in some thermal interface materials (e.g., thermal grease on heatsinks for CPUs) **encourage recycling, campaigns, manufactures supportrecycling, legislative framework of banning ewaste where Europe banned exports and China banned imports, adopt green IT

- Multi-tenancy model

(multiple users sharing one resource or infrastructure) - different physical and virtual resources dynamically assigned and reassigned according to consumer demand through virtualization. software development and maintence costs shared since people share same code.

WHERE

- Indicate the cOnditions under which a row will be included in the result. conditions set under where can apply to fields that are not returned. Boolean Operations used in WHERE clause: AND(returns when all conditions are true) OR(when any condition is true) NOT(negates what follows considering records where expression is violated). Order of these goes NOT, AND, OR but use parantheses to change default order where parantheses get evaluated first.

SELECT

- List the columns (and expressions) that should be returned from the query. To use aggregate functions AGGREGATE_FUNCTION ( [DISTINCT] Column_name) for example how many employees work in certain dpt then SELECT Count(Emp_id) or just use * if no colomn in mind and if it satisfies condition then counts. COUNT Counts the number of entries in a column that are not NULL AVG Computes the average for the entries in a column - argument must be numeric MAX Computes maximum value of a column (NULL values ignored) MIN Computes minimum value of a column (NULL values ignored) SUM Returns the sum of the numeric values in a column

Requirements of Relation

- The table must have a unique name - Every attribute(colomn) value must be atomic (not multivalued) - Every record (row) must be unique (can't have two rows with exactly the same values for all their attributes) - Attributes (columns) in tables must have unique names (preferably indicative of the stored content!) - The order of the columns must be irrelevant - The order of the rows must be irrelevant

Source code

- Underlying code (written in a specific programming language) under "the hood" of a software package. Difference between open and closed is how source code conducted. - Built by the programmers involved with the development of the application - Usually unseen by regular users of the software When a user installs a software suite like Microsoft Office, for example, the source code is proprietary, and Microsoft only gives the customer access to the software's compiled executables and the associated library files that various executable files require to call program functions. By comparison, when a user installs Apache OpenOffice, its open source software code can be downloaded and modified.

IS Security Threats

- software/hardware security vulnerabilities - negligence - access permission granting - malicious code - deceitful communication

Activities of Relational Database

1. Input information into the database 2. Retrieve information from the database - run a query on the database

Internal Threats

1. Intentional Malicious Behavior by employees -without approval shares information on consumers to outside the company(algorithms or software) 2. Careless Behavior by ignorance or disinterest in security problems misplacing storage hardware or leaving passwords on sticky notes.

Responding to External Security Threats

1. Intrusion-using passwords, firewalls to manage traffic going in and out, encryption to scramble content so it is unreadable, intrusion detection software, and defense in depth by using multiple tools to guard system 2. Malware- install antivirus detection software, training and policies 3. Denial-of-Service Attacks-prevention is difficult since attack is from multiple machines. a user or organization is deprived of the services of a resource they would normally expect to have. In a distributed denial-of-service, large numbers of compromised systems (sometimes called a botnet) attack a single target. costs company or person time and money. increase traffic of info.

Cloud Computing Essential Characteristics

1. On-demand self-service - A consumer can unilaterally work computing capabilities (server time, network storage, applications, etc.) as needed automatically without requiring human interaction with each service provider. 2.Broad network access 3.Resource pooling - resources are pooled to serve multiple consumers Ex. Multi tenancy model, location independence 4.Measured Service - Resource usage can be monitored, measured (according to various metrics), controlled / optimized (sometimes automatically), and reported providing transparency for both the provider and consumer 5.Rapid elasticity (scalability) - Resources can be rapidly and elastically provisioned, (sometimes automatically) to quickly scale out (expand) when needed. also rapidly released to quickly scale in. to the consumer any resource can be accessed rapidly at any time.

OSS Development and Monetization

1. Open community-volunteer developers with no commercial interest,most OSS under this way like SourceForge developing many projects. 2.Backed by firms/corporations- Some entities provide substantial development and maintenance resources for the OSS (sometimes tight control)Ex. Firefox open software operated by Mozilla and MySQL by Oracle -Proprietary add-ons / proprietary commercial versions / services may be sold for some of the OSS products Ex. Red Hat Inc.- Linux based operating system distributed selling premium services by subscription • MySQL - open source code / paid editions with additional functionality

Cloud Computing Deployment Models

1. Public clouds: - The cloud infrastructure is made available to the general public or a large industry group and is owned by an organization selling cloud services. - Examples: Amazon EC2, Rackspace, etc. 2. Private clouds: - The cloud infrastructure is operated solely for an organization. It may be managed by the organization or a third party and may exist on premise or off premise.

Responding to Internal Security Threats

1. Security Policies- behaviors employees should follow to minimize security risk, password standards, user rights and responsibilities, and uses of portable devices. 2. periodic policy audits

Barriers to Cloud Computing Adoption

1. Security- Concerns about data confidentiality in the cloud. Can the cloud computing service provider offer better security than the firm?--->Opportunity for cloud brokers (e.g., Dell Cloud Manager) 2.Availability-Dependence on Internet connection - higher risks in zones with weaker telecom infrastructure. Risk of crash of cloud infrastructure at the provider's site--->Cloud brokers are starting to provide cross-cloud failover /disaster recovery services (e.g., Dell Cloud Manager) 3. Lock-in- Interoperability among clouds is not yet at a mature stage-->Several cloud brokers offer various cross-cloud services (e.g., Dell Cloud Manager). Large amounts of data can be hard to move very efficiently out of the cloud or between cloud vendors. Software may be platform-specific Ex. until 2011, Google's App Engine only worked with proprietary BigTable non-relational databases (support for SQL added in Oct 2011) 4. IT Strategy- A firm may simply not need a cloud service and Government policies may not allow data to be stored abroad.

External Threats

1. Social Engineering-lying to and deceiving users by tricking them to divulge restricted information -Phishing- automated social engineering scams by exposing individuals to official sounding scam to confirm private data. Example: Bank accounts(Smishing via the smart phones) If link does not connect back to same website then it is a scam. 2. Bugs/Flaws in the code- freeze or cause a temporary malfunction to weaken defenses or cause exploits. -SQL Injection Attack-SQL statements inserted like a username to dump info to attacker, it is an unsanitized query, one of most common techniques. can bypass username and password by certain coding. Ex. Heartbleed Blug which the vulnerability in OSS puts risk to security and privacy over the internet like Facebook, Yahoo, Pinterest, etc. 3. Backdoors- code into software that allows to circumvent password, sometimes made to make high end accounts inaccessible. 5. Malicious Code(Malware)-code designed to cause damage to IT assets or steal information. -Virus-attaches itself to files that are part of legitamate installed programs, needs human action to replicate and spread. called a payload after machine infected with damage that varies for a virus. -Worms-self replicating code that exploits security holes in network software to spread accross a network. do not attach to a file, standalone and self replicate without human interaction. may or may not have a payload due to possibly only wanting to generate enough traffic to slow down or stop network communication or may install backdoors on computers, compromise files, or facilitate download of malicious code. Ex. ILOVEYOU worm, Code Red worm -Trojan-program that appears to provide useful function but delivers a melicous payload usually backdoors. when installed. do not self replicate, do not infect other files. hacker gets access of machine through backdoor to manipulate machine as part of botnet, data theft, download or delete files, keystroke logging, or creepware or monitor screen. Ex Spyware. 7. Denial of Service Attack(DoS) or - DDoS - Distributed DoS - multiple (compromised) systems attack a target system- use botnets to overwhelm online service to slow it down or force shut down used to divert attention to exploit other vulnerabilities

Benefits of Cloud Computing

1. Subscription or Pay-per-use models for firms (may be free for personal use) 2. Increased Efficiency • Reduce firm's assets that can stay idle and depreciate over time (reduced Capital Investment) • Reduce IT maintenance and upgrade costs • Free firm's IT resources for core competency tasks 3. Rapid access to resources / rapid deployment on platforms 4. Scalability - adjust resource consumption on a per-need basis 5. Greener Computing - provider pools resources to serve multiple customers - more efficient use of energy resources

Green IT

1.Extended useful life of IT products/parts o modular design that allows for upgradability o cross-product use of similar parts - even if a product is decommissioned, some of its parts can be used to service other products o Secondary markets for salvaged components 2. Environmentally responsible manufacturing(Apple-BFR free computer, more compact packaging) 3. Energy-efficient Data Center Designs o data centers are heavy consumers of energy 4.Software optimization and efficient resource allocation o software can be made more efficient - this would allow it to run on older machines o certain applications can be accessed and run on remote servers - not every computer needs to be powerful

Advantages of OSS

1.Reliability: some OSS applications are more reliable than proprietary applications (more eyeballs to detect flaws) 2.Creativity: OSS development harnesses the creativity of thousands of developers around the globe 3.Limited lock-in (more agility and better time to market): Switching costs are lower than those with proprietary software and code can be modified by the customer or third parties to fit specific needs of a firm fast - less reliance on vendors 4. Simplified licensing: no complex legal constraints 5.Lower License Cost: OSS can in many cases be licensed for free (some exceptions where paid licenses are needed)

Disadvantages of OSS

1.Unpredictable Cost: Total Cost of Ownership not apparent upfront 2.Support Varies Widely 3.Security: • Downside of OSS: Open source code may give an advantage to those who want to break its security since the code is available • Upside of OSS: more vulnerabilities may be identified and corrected since the code is open 4. Compatibility and market fragmentation (multiple versions): There is no guarantee about compatibility with other software (however additional code can be written by outside parties to mitigate the problem) 5. Legal Risks: hard to prevent copyrighted code/methodology from entering OSS - exposure to patent infringement lawsuits

Available source code:

: the code is published and obtainable freely or for a negligible reproduction fee - users are free to use and study the code

RDBMS

A database management system that manages data as a collection of tables in which all relationships are represented by common values in related tables Ex. Oracle, Microsoft, MySQL (open)

FB Beacon Fiasco

Allow external vendors to send user activity data to their Facebook news feeds • Privacy issue - initially Opt-out rather than Opt-in (switched to opt-in later) shut down later on

One-to-many

An entity on one side of the relationship can have many related entities, but an entity on the other side will have a maximum of one related entity • Example: one customer - multiple orders Each order can be attributed to a single customer but any customer can place multiple orders

pHpMyAdmin

An open source tool written in PHP intended to handle the administration of MySQL with the use of a Web browser. It can perform various tasks such as creating, modifying or deleting databases, tables, fields or rows; executing SQL statements; or managing users and permissions.

IT/IS Risk Assessment

Audit the current resources-basis of risk analysis to expose the vulnerabilities by mapping current securities. IT Risk Analysis: quantifying the risks identified in the audit (hypothetical monetary loss in case an IS vulnerability is exploited successfully, if credit cards exposed for example) Ex. Target By of Dec 2015 over $200 million lost (over $290m but $90m covered by insurance) for Target and could still go higher (the impact of lost business and litigation spans multiple years) -

Databases

Benefits: 1.Eliminate data redundancy - necessary repetition of data that slows data processing 2.Preserve data integrity - assurance that data is consistent, correct, and accessible - especially when data is edited. 3. Better management of data access/edit rights for multiple individuals 4.Limit data view (query, report) so that users only see what they need to see 5.Ability to have complex queries based on relations 6.Can work with very large data sets 7.More suited for integration with other systems and applications Purpose: keep track of more than one thing of related information.

Mapping many-to-many relationships

Break into three resulting relations Step 1 - Create two relations that store info on each of the "many" sides (each of the entity types) Step 2 - Create a linking relation (also called associative entity) that captures the relationship between sides - can also capture attributes of the relationship (e.g., date of completion of a course) - composite primary key contains the primary keys of the two entity relations (but may contain some more attributes) OR - simple primary key - unique identifier for the relationship if any is given (e.g. order number, transaction ID, etc.) - foreign keys - the primary keys of the two main entities Ex.Training course for employees has entities of employees and courses where one employee can take multiple courses and multiple courses can be taken by multiple employees. Link employee Id from employee table to employee ID of training table and use primary key of training course to training course primary key of course table.

Advertising in Social Networks

Challenges: 1. Content Adjacency -Ads might run near offensive or embarrassing pieces of content -Many advertisers consider UGC (user-generated content) as "lowquality, brand-unsafe inventory" 2. User Attention -Hunt (Google) vs. Hike (FB - users engage in leisure activities) -Average click-through rate (CTR): Google's average CTR considerably higher than Facebook's

Management of Security Vulnerabilities

Disclosure in responsible way: Developer notified first but for OSS softweare the patch can be repaired by entities. public disclosure delayed NVD(national vulnerability database)- Security Flaws by US gov standards

Many-to-many

Entities on both sides of the relationship can have many related entities on the other side • Example: employees vs. training courses / students vs. courses One employee can take multiple training courses Multiple employees can take the same course

Facebook as a Platform

Facebook published APIs (application programming interfaces) - specify how programs could be written to run within and interact with Facebook • Allow any developer to write their own Facebook applications. • Facebook let developers keep what they made (except for some services such as Facebook Credits payment service - revenue sharing) • Facebook facilitated the formation of a 2-sided market - FB users and app developers/publishers • Feeds spreading word about apps - viral distribution Example: Zynga (developer of MafiaWars, FarmVille, CityVille) - grew on Facebook - freemium model • At one point estimated second most valuable firm in video gaming industry

Sequential Ordering

If ORDER BY clause has multiple sorting fields, ordering is executed in the order of the sorting fields, starting with the first For two consecutive fields FIELD1 and FIELD2 in ORDER BY clause: - If FIELD1 value is unique among returned fields, subsequent sorting by FIELD2 is redundant - If multiple returned records have a common value in FIELD1, then those records will be sorted by FIELD2

Cardinality

If the minimum instances of one side that can or must be associated with each entity on the other side is: - 0 - former side is optional - 1 or more - former side is mandatory he number of elements in a set or other grouping, as a property of that grouping. Examples: • country vs. capital - both sides are mandatory • unit_no vs. renter (current info at a moment in time) - renter is optional, unit_no is mandatory (some units can be vacant)

FROM

Indicate the table(s) from which data will be obtained (including data necessary for optional conditional clauses)

FB Open Graph

Initiative to link webpages and app usage into the social graph by: 1. A developer/business could add a Facebook "Like" (more verbs added later - e.g. "Follow", "Share") button to their site -A user clicking the "Like" button automatically sends a link to that page to his/her news feed, where it has the potential to be seen by his/her friends (conditional on the user being logged into Facebook) -Viral propagation of information about firms 2. Firms can provide better tailored offers (recommendations) - access to some of the user data 3. Website operators can choose to accept Facebook credentials for login 4. Websites can embed some Facebook functionality on their pages - e.g., firms can show if friends of visitors liked certain items **Enhances the potential of online engagement marketing campaigns **Concerns: Privacy and Security

Derived works (modifications)

OSS license allows users to modify SW for internal use. However, different licenses impose different levels of restrictions on distribution of the derivative work. Ex. Copyleft licenses,Permissive Free Software Licenses - less restrictive on redistribution

Insertion anomalies

Insert Anomaly occurs when certain attributes cannot be inserted into the database without the presence of other attributes. For example this is the converse of delete anomaly - we can't add a new course unless we have at least one student enrolled on the course. occur when not well structured relations and excessive relations lead to complex multi attribute primary keys.**primary key cannot have null fields so need both the new course and a student in course if both of those are the primary keys.

Cloud storage

Many classify cloud storage as Software-as-a-Service - resources can be accessible via a thin client (browser or mobile app) without restrictions, it is scalable (consumers can request more space), etc but still some debate. Ex. Google Drive, ICloud

Black Market Price List

Name and Password for your online bank account $1000 Mag-stripe data from a "secure" premium-level credit card $80 Your Mother's Maiden Name $6 Your Social Security Number $3

Zynga

Online social games - tens of millions of users - Mafia Wars, Farmville, etc • Initially exhibited fast growth of subscriber base with fluctuations in daily login • Significant unpredictability - need for scalable models • Zynga games run on top of Amazon EC2

Benefit of Social Advertising

Opportunity for Precise Targeting Social Engagement. Ex. Photography targeting those saying they are engaged. Social Engagement: - 80-90% of consumers trust peer recommendations (14% trust advertisers) -Emergence of engagement ads which are Ads that invite consumers to engage with the ad and the brand (like, share, follow, be a fan of, expand, click on a "Buy Now" or "Watch Video" button within the ad, etc.) and can sometimes billed using CPE (cost-per-engagement) model -Relatively new approach - unclear yet how effective it is in terms of attracting and retaining customers Opportunity to play big in mobile ads market Ex. Facebook mobile app is mostly accessed by users now and now has earned most ad revenue from mobile

BETWEEN

Order is important,Lower bound comes first,Upper bound comes last

Closed Source Software - CSS

Proprietary software - development controlled by the firm - source code owned by the firm and not released to the public User license - prevents users from accessing and modifying the source code - usually restricts re-distribution of the software and installation on multiple machines Firm may choose to offer the product or part of it for free (freeware - source code is still proprietary) or charge for it. Examples: MS Windows, Adobe Reader vs. Adobe Acrobat

Brokers/ Added Value Service Providers

Provide support and tools for deploying/running apps in the cloud • The brokers do not own the cc infrastructure/platform but intermediate the access of the customer to the infrastructure /platform • The consumer does not manage the underlying cloud infrastructure but may gain (through the broker) control over which provider is used, how usage is balanced between resources, security, etc. Dell Cloud Manager

Brokers / Value-added Service Providers

Provide support tools to manage deployment and operation in the cloud. They do not own the infrastructure.. dell cloud manager

Benefits of a Standardized Relational Language

Reduced training costs and increased productivity • Application portability and cross-system communication • Application longevity • Reduced dependence on a single vendor

SQL statement structure

SELECT [DISTINCT] column_list FROM table_list [WHERE conditional expression] [GROUP BY column_list] [HAVING conditional expression] [ORDER BY column_list] ;

SQL statements

SQL statements are not case sensitive in general (but some casesensitivity options can be set with various RDBMS) • SQL statements can be on one or more lines o Sometime splitting a statement across multiple lines (different clauses on different lines) enhances readability • Keywords cannot be split across lines • Tabs and spaces are allowed to enhance readability • SQL statements (not lines of the same statement) usually end with a semicolon (;) o in pHpMyAdmin queries will run even without it

ORDER BY

Sort the result according to specified criteria.Returns data sorted by certain fields.default is ascending order. ordering of query set for ORDER BY can be made by results that are not returned. - increasing order for numeric values - from oldest to most recent record for date values - alphabetic order for character values *- DESC - descending - in the list of sorting fields, it must be placed immediately after the field by which sorting is done in decreasing order

ILOVEYOU worm

Spread by sending email to all addresses stored • Worm replica as attachment with hidden extension • Apart from infecting other machines on the network, additional payload: modified registry keys so that worm is initialized on system boot hid certain image/media files, replacing them with a copy of the worm downloaded additional malicious code that would scan for passwords and send them to the originators of the attack

Mapping one-to-many relationships

Step 1 - Start with the "one" side - storing all info (attributes) for the "one" side in one relation. Step 2 - create another relation for the "many" side • Store all attributes of the "many" side • Link - primary key on the "one" side gets added as a foreign key on the "many" side relation Ex. Entities are customers and orders and one customer can place multiple orders but the single order only belongs to one customer. So link customer ID to customer id in order ID table.

Mapping one-to-one relationships

Step 1 - store info on mandatory side in one relation (pick any if both sides are mandatory) Step 2 - create another relation for the optional side (or the other mandatory side if both are mandatory) • Store all info pertaining to this second side • Link - primary key on the mandatory side gets added as a foreign key on the optional side (or the other mandatoryside if both are mandatory). This latter relation contains also the associative attributes for the two entities. Ex. Each office can have at most one occupant. Several level offices with windows in some. Each office has printer and computer. Every employee gets office but more offices than employees.Entities= employees and offices so link office number in office table to office number of employee table to get employee ID.

IaaS

The capability provided to the consumer is to rent processing, storage, networks, and other fundamental computing resources from the provider where the consumer is able to deploy and run arbitrary software (which can include operating systems and applications) or in other words way of delivering Cloud Computing infrastructure - servers, storage, network and operating systems - as an on-demand service. Rather than purchasing servers, software, datacenter space or network equipment, clients instead buy those resources as a fully outsourced service on demand. • Think about the example of NY Times in prev. lecture and the need for raw computational/processing power • The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, deployed applications, and possibly limited control of select networking components (e.g., host firewalls). Dell public cloud services, HP public cloud services, Amazon web services, Google Cloud Platform

SaaS

The capability provided to the consumer is to use the provider's applications running on a cloud infrastructure (not necessarily maintained by the provider of the application) or in other words software is licensed on a subscription basis and is centrally hosted. It is sometimes referred to as "on-demand software". SaaS is typically accessed by users using a thin client via a web browser. • The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user-specific application configuration settings(colors, background). gmail, outlook, netflix, linked in, microsoft office, pandora, Provider:targets END users

Social Graph

The global mapping of users, organizations, and other objects/products/events and how they are connected (via actions) - Users in general identify themselves with real names -Incredible amount of trust (reveal personal information) -Strong network effect -High switching cost (cost to move to a different social network and rebuild profile and network connections) 1. (News) Feeds: Each time a user performs an activity in Facebook, the feed blasts this information to all of his/her friends (some controls/filters added lately to reduce the amount of unwanted notifications) which will strengthen and deliver user value from the social graph 2. Graph Search -Search your network (friends, posts, etc) - Keyword and semantic search added E.g. "friends who are professors", "friends who live in Spain" • Rolled out in 2014 to all FB users

IT Risk Management

The process of identifying and measuring information systems security risks, and devising the optimal risk mitigation strategy

IT Security

The set of defenses put in place to counter threats to technology infrastructure and data resources. • IS security risks are hard to assess in the absence of an attack Security is a NEGATIVE DELIVERABLE Produces no direct ROI, revenues, or efficiencies Firms invest in security in order to reduce the likelihood of a negative /harmful event The trade off: higher security vs. higher risks Difficulties in funding: -- Forward looking investment with hypothetical benefits -- Recurring investment --- IT departments have limited budgets and may not be able to fully fund comprehensive security solutions --strategic initiatives - help ensuring customer trust and smoother operations in the future - Security should be a management priority, not an IT funding problem

SQL - Structured Query Language

The standard for relational database management systems (RDBMS) - supported by most database vendors.

Animoto

Tools to create videos combining music, photos, video clips. • Facebook App - Grew from 25K users to 750K users in 1 week (Apr 2008) o Running on Amazon Elastic Compute Cloud (EC2) infrastructure • Scaled out from 50 server instances to 3500+ server instances in that week. o 1 server instance - one virtual server - started and managed on the provider's infrastructure • Scaled back to 100 servers 2 weeks later

XAMPP

a free and easy to install Apache distribution containing MySQL, PHP, and phpMyAdmin.

Code Red

Worm that attacked web servers running IIS o Installed back door and propagated 100 times over per infection o Patch issued by Microsoft on June 18, 2001 o Worm struck on July 19, 2001(a month after patch was made available)

Ransomeware

a type of malware that restricts access to computer system in some way and requests user to pay ransom in bitcoins to have it removed, usually in form of trojan or worm-like. Ex. Cryptolocker, Cryptowall on windows, KeRanger

MySQL

ading open source RDBMS • free community edition (Development supported by Oracle) • 100+ million copies downloaded or distributed • Used by Google, Facebook, Twitter, Flickr, etc • Multiple OS support • Supports large databases (tables can have millions of rows) • It includes the SQL server and client programs for accessing the server • Widely used by web application developers • Technical support is available (free online and via various forums, paid support offered by Oracle via MySQL Enterprise products)

Permissive Free Software Licenses - less restrictive on redistribution Ex. of derived works

allow (original or) modified versions of the software/code to be distributed under different terms than the original software/code (including proprietary, non-free) Examples: o Apache License - Apache HTTP server, part of Android mobile OS code o BSD License - Google released a portion of Chrome's source code as OS project. Chromium (allow outside contributions). Google-authored part of the code released under BSD license.

Virtualization

allow resources on one computer to be broken into multiple "virtual" minicomputers (many boxes in a box) inside which applications can be run separately. virtualization is software that separates physical infrastructures to create various dedicated resources. It is the fundamental technology that powers cloud computing. Cloud computing is what results from the service of manipulating the hardware or the process of virualization. Makes workstations, storage, and servers independent of physical hardware layer.

The Heartbleed bug

allows anyone on the Internet to read from the working memory of OSS software by picking tons of data at random. compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users. **have to update OSS then update passwords

One-to-one

each entity on either side is related to at most one entity on the other side • Example: city X is the capital to country Y

IT/IS Risk Mitigation

appropriate response to security threats identified, manage trade-off between degree of desired security and investment needed to achieve it. Tradeoffs: confidential if unauthorized cannot see and if they can see then it is available, integrity to ensure trustworthiness and accuracy of data.

• Zero-day (zero-hour, day-zero) attacks

attacks that exploit a vulnerability that a developer did not have time to address and patch and occured on day 0 of development. developer may not have noticed vulnerability or have been attacked between window of released software and patch. Ex. Facebook hacked by Java

Unary relationships

between same types of entities, one entity is invloved in the relationship,A woman who can be someone's mother

Ternary (n-ary) relationships

between three (or more) different types of entities, classes and a schedule, teacher/book/class

Binary relationships:

between two different types of entities, journalist writes an article

IN

checks for set/list inclusion is the field identical to one of the items in the set/list

DCL (Data Control Language)

commands that control a database, including administering privileges and committing data configure security access to relational databases GRANT REVOKE DENY

DDL (Data Definition Language)

commands that define a database, including creating, altering, and dropping tables and establishing constraints

DML (Data Manipulation Language)

commands that maintain and query a database, . Use these statements to create, alter, or drop data structures in an instance of SQL Server.

Relational Database

consists of one or more (possibly interconnected) relations. stored by characteristics of relationships between entities like consumers products and firms.

Well-Structured Relations

contains minimal redundancies and it allows users to delete, insert or modify records (rows) without any errors or inconsistencies (anomalies). Relational Database with one table, NOT a normalized database.

Normalization

contains minimal redundancies in information stored in its relations (tables) and it is free of insertion, deletion, and modification anomalies. **Need Normalized well structurd relations properly linked by foreign key: 1. Identify the entities 2. Determine the relationships between the entities(unary, binary, ternary) which may also have attributes like date of completeion of a course or date of an order. 3. Pick a (remaining) relationship and map it into (towards) well-structured linked relations (tables) 4. Reiterate step 3 as long as there are still anomalies and redundancies that can be removed

Location independence

customers generally have little or no control or knowledge over the exact location of the hardware supporting the provided resources (think about Gmail)

Open Source Software - OSS

enabling users to gain access to the source code and modify it. US government adopted OSS 1.Available source code, 2.Free (re)distribution 3.Derived works (modifications) 4.No discrimination: license available to any entity and any endeavor field 5.Technology neutrality: license is free of technology or interface restrictions 6.License must not be product-specific and must not restrict other software

Free (re)distribution

freedom to redistribute the code (sometimes entire SW) for free or (depending on license) sell it as part of a more complex suite

Spyware

hidden software that monitors behavior, collects info, transfers info to third party, performs unwanted operations which diverts resources and slows down computer.

Costs assessment

if data breach, 1. Investigation and remediation on breach and put in patches/safeguards to protect from future vulnerability. 2. Notify customers 3. Subsidize for identity theft and credit monitering 4. Lost Buisness for affected customers/ disruptions in normal buisness 5. Lawsuits

Facebook Mobile App Install program

install ads - very profitable for FB - clients are willing to pay high CPM, CPC, or (cost per install) targeting big spenders in other apps. **FB started its own advertising network (Facebook Audience Network) where make money even if ads are not accessed on FB sites or FB app (remember the similar approach by Google) - e.g., ads served within other mobile apps. Focus in the beginning exclusively on mobile space - app install ads and engagement ads.

Relation

is a named, two-dimensional table of data which consists of: - rows, also called records. - named columns, also called attributes or fields.

entity

is a person, place, object, event, concept about whom/which the organization/user wishes to maintain data. attribute is NOT an entity but a feature of an entity. Example: employees and training courses are entities. An employee name or a training course number are attributes.

foreign key

is an attribute or set of attributes in a relation of a database that serves as the primary key of a different relation in the same database. creates a relationship between the two tables of primary key and foreign key. a link between data in two tables. It acts as a cross-reference between tables because it references the primary key of another table. -Will link a row in one table with a row in another relational database with same attributes and values. Notation: dashed underlined attribute name(s) -- attributes in primary and foreign keys do not need to be disjoint sets, all or part of its primary key can be composed of foreign keys -as long as the combination of those attributes is unique in the given table. Ex. linking customers, to orders, to order line, to products.

Primary Key

is an attribute or set of attributes that uniquely identifies each row of the relation in question. Examples include student ID number, e-mail address, social security number with birthdate, etc. • Existence of a primary key ensures that all rows are unique • Fields in the primary key cannot be empty (NULL) • Notation: underlined attribute name(s) and can be simple with one attribute or composite with many attributes.

Copyleft licenses Ex. of Derived Works

modified (or unmodified) versions of the software/code can only be distributed under the same terms as the original software/code. Example: GPL (GNU General Public License) - users must keep all modifications free and available if they intend to redistribute derived work based on open source code like MySQL

Deletion anomalies

occur when a value for one attribute that users wish to keep is unexpectedly removed when a value for another attribute is deleted. Ex. If delete an employee number as one of primary key, then lose also the training course 207 so all info on 207 is gone.

Modification anomalies

occur when changes to multiple instances of an entity (rows of a table) are needed to effect an update to a single value of an attribute. Modification anomalies are so named because they are generated by the addition of, change to, or deletion of data from a database table. Ex. if want to update salary of employee with certain ID number and there are 2 rows then need to do multiple changes in records.

Platform as a Service PaaS

provides a platform (an environment with pre-installed software) allowing customers to develop, run and manage Web applications without the complexity of building and maintaining their own infrastructure typically associated with developing and launching an app google app engine supports python and java

Infrastructure as a Service IaaS

raw processing power - ability to rent server instances(collection of databases run by single databases)- users get a lot of control over the environment Amazon Web Services, IBM

Cloud Computing

set of infrastructures accessible from the internet. is a model for enabling ubiquitous(present, found everywhere), convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services)That can be rapidly provisioned and released with minimal management effort or service provider interaction. model of renting rather than buying resources through a perpetual license or subscription based(provided on several machines).

Software as a Service SaaS

software applications (e.g., email) accessed by a user via a thin client interface (e.g., web browser, mobile app). Microsoft Office, Google doc, gmail

Moore's Law

that performance/price curve for many technologies is exponential (i.e. for the same amount of money, performance doubles every X months/years - X does not need to be 18 months) with the general idea that the rate of improvement of technology increases at a constant rate over a period of time. is the observation that the number of transistors in a dense integrated circuit doubles approximately every two years with more transistors(device to amplify or switch electric signals) and transistors getting faster. informally used to calculate rate of change of technology for decrease in cost and increase in performance. Different Versions of Interpretation: • Chip performance per dollar doubles every 18 months; • The speed of a computer chip doubles every 18 months; • Price/performance ratio of computers reduces by half every 18 months; • Computers are getting smaller; • Computers are getting faster; • Computers are getting cheaper;

Information

use for transactional purposes - day-to-day operations and analytical purposes like trend analyses, forecasts, and input generation for strategies that improve profit or long-term. store info in databases. sustainability - compete on analytics

PaaS

• The capability provided to the consumer is to deploy onto the provider's (owned or contracted) cloud infrastructure consumer-created or acquired applications built using programming languages and tools supported by the provider. or in other words provides a platform allowing customers to develop, run, and manage applications without the complexity of building and maintaining the infrastructure typically associated with developing and launching an app. • The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, or storage but has control over the deployed applications and possibly application hosting environment configurations. Google App Engine, Windows Azure Provider: targets DEVELOPERS OF APPLICATIONS who -want the app deployed on a particular platform -do not want to invest in hardware and software stack and maintenance and upgrades -may want to ensure scalability of access in case there are occasional spikes in demand for their app (imagine 1 mil. folks wanting to access an online game or website at a given moment in time and then the demand drops to 100K) **the developer of the app may offer it as SaaS to end consumers and drafts a contract with the PaaS provider that may depend on the demand volume for that app (demand will be served by the PaaS provider on the behalf of the developer)