IS 220 Exam 2
web 3.0
"Executable" Web 3.0 is a semantic web which refers to the future. In Web 3.0, computers can interpret information like humans and intelligently generate and distribute useful content tailored to the needs of users.(Machine - based learning)
web 1.0
"Readable" Web 1.0 is simply an information portal where users passively receive information without being given the opportunity to post reviews, comments, and feedback. (Static text-based information websites)
web 2.0
"Writable" Unlike Web 1.0, Web 2.0 facilitates interaction between web users and sites, so it allows users to interact more freely with each other. (User-contributed Content)
smart card
A device that is around the same size as a credit card, containing embedded technologies that can store information and small amounts of software to perform some limited processing
multi tenancy
The cloud means that a single instance of a system serves multiple customers
bandwidth
The maximum amount of data that can pass from one point to another in a unit of time - usually measured in bits/sec - bps, Kpbs, Mpbs
authorization
The process of giving someone permission to do or have something (data)
channel bandwidth
The rate at which data is exchanged
network topology
The shape or structure of a network, including the arrangement of the communication links and hardware devices on the network - star network - bus network - mesh network
disadvantages to fiber optic cable
expensive to purchase and install
spoofing
gain unauthorized access to a user's system or information by pretending to be the user
business transaction executed electronically between public sector and business
government to business
business transaction executed electronically between public sector to citizens
government to citizen
business transaction executed electronically between public sector to public sector
government to government
encryption
if there is an information security breach and the information was encrypted, the person stealing the information would be unable to read it - public key encryption (PKE)
electronic commerce
includes any business transaction executed electronically between...
prevention
installing antivirus software - cans for specific sequence of bytes, known as a virus signature, that indicates the presence of a specific virus - if virus found: antivirus software informs the user and may clean, delete, or quarantine any files, directories, or disks affected by the malicious code - crucial that antiviries software be continually updated with the latest virus signature
detection
intrusion detection system (IDS) - software and/or hardware that monitors system and network resources and activites - notifies network security personnel when it detects network traffic that attempts to circumvent the security measures of a networked computer environment
examples of wireless media
radio, near field communication (NFC), bluetooth, wi-fi, microwave
incident follow up
response to breach - Determining how the organization's security was compromised - A review to determine exactly what happened and to evaluate how the organization responded - A detailed chronology of all events - An estimate of the monetary damage - A decision on how much effort should be put into capturing the perpetrator - A decision on whether it has an ethical or a legal duty to inform customers or clients of a cyber attack
eradication
response to breach BEFORE eradication the IT security group must - collect and log all posible criminal evidence from the system - verify that all necessary backups are current, complete, and free of any malware - create a forensic disk image of each compromised system AFTER eradication a new backup must be created - log should be kept of all actions taken - all backups should be created with enough frequency to enable a full and quick restoration of data - if an attack destroys the original
IP protocol
set of rules used to pass packets from one host to another
disadvantages to radio frequency range
signal is highly suscepible to interception
disadvantages to twisted-pair wire
slow (low bandwidth), subject to interference, easily tapped (low security)
tokens
small electronic devices that change user passwords automatically
decision making essentials
strategic, managerial, operational - decision making and problem solving occur at each level in an organization
advantages to radio frequency range
support mobile users, costs are dropping
prevention and resistance
technologies available to help prevent and build resistance to attacks: - content filtering - encryption - firewalls (downtime can cost an organization anywhere from 100 to 1 million dollars per hour)
second line of defense
technology - authentication and authorization (people) - prevention and resistace (data) - detection and response (attacks)
biometrics
the identification of a user based on a physical characteristic, such as a fingerprint, iris, face, voice, or handwriting
internet of things
the network of physical objects (things) embedded with sensors, processors, software, and network connectivity capability to enable them to exchange data with the manufacturer of the device, device operations, and other connected devices
tunneling
the process by which VPNs transfer information by encapsulating traffic in IP packets over the internet
crowdsourcing
the wisdom of the crowd - the practive of obtaining information or input into a task or project by enlisting the services of a large number of people, either paid or unpaid, typically via the internet
communications media
two broad categories - guided (wired) transmission media: signals are guided along a solid medium - wireless: the signal is broadcast over airwaves as a form of electromagnetic radiation
TCP
widely used transport layer protocol that most internet applications use with IP
B2B
- All the participants are organizations - Useful tool for connecting business partners in a virtual supply chain to cut resupply times and reduce costs - Many organizations use both: Buy-side e-commerce to purchase goods and services from suppliers and Sell-side e-commerce to sell products to their customers
Batch processing system
- Business transactions are accumulated over a period of time and prepared for processing as a single unit or batch - essential characteristic: the delay between an event and the processing of the related transaction to update the organization's records
E-government
- E government is the use of information and communications technology to: Simplify the sharing of information, Speed formerly paper-based processes, Improve the relationship between citizens and government - Forms of e-Government: Government-to-consumer (G2C), Government-to-business (G2B), Government-to-government (G2G)
enterprise systems
- ERP: enterprise resource planning - CRM: customer relationship management - PLM: product lifecycle managment
transaction processing system
- TPS: transaction processing system - OLTP: online transaction processing - batch processing system
guided transmission media types
- Twisted-pair wire: twisted pairs of copper vire, shielded or unshielded, used for telephone service - Coaxial cable: inner conductor wire surrounded by insulation - Fiber-optic cable: many extremely thin strands of glass bound together in a sheathing, uses light beams to transmit signals
worms
- a harmful program that resides in the active memory of the computer and duplicates itself - can propagate without human intervention (sending copies)
viruses
- a piece of programming code (usually disguised as something else) that causes a computer to behave in an unexpected and undesirable manner - spread to other machines when a computer user shares an infected file or sends an email with a virus infected attachment - cannot infect your computer unless you run or open the program
common B2C e-business models
- brick and mortar business: buisness that operates in a physical store without an internet presece (TJ Maxx) - click and mortar business: business that operates in a physical store and on the internet (barnes and noble) - pure play (virtual) business: business that operates on the internet only without a physical store (google)
How the web works
- hypertext transfer protocol (HTTP) - hypertext markup language (HTML) - extensible markup languages (XML) - cascading styple sheets (CSS)
types of wireless technologies
- radio frequency range: operates in the 3 KHZ - 300 MHz range - microwave terrestrial and satelite frequency range: higher frequency readio signal (300 MHz - 300 GHz) sent through the atmosphere and space (often involves communications satellities) - infrared frequency range: signals in the 300 GHz - 400 THz frequency range
trojan horse
- seemingly harmless program in which malicious code is hidden - a victim on the receiving end is usually tricked into opening it opening it because it appears source: harmful payload might be designed to enable the attacker to destroy hard dives, corrupt files, control the computer remotely, launch attacks against other computers, steal passwords or spy on users - often creates a "backdoor" on a computer that enables an attacker to gain future access
response
- should be deeloped well in advace of any incident: should be approved by the organization's legal department and senior management, helps keep an incident under technical and emotional control - primary goal: regain control and limit damage, not to attempt to monitor or catech an intruder - incident notification - protection of evidence and activity logs - incident containment
vishing and smishing
- smishing is a variation of phishing that involves the use of texting - vishing is similar to smishing except the victims receive a voice mail message telling them to call a phone number or access a web site
cloud computing
- stores, manages, and processes data and applications over the internet rather than on a personal computer or server - a computing environment in which software and storage are provided as an internet service and accessed with a web browser
phishing
- the act of fraudulently using email to try to get the recipient to reveal personal data - con artists send legitimate looking emails urging recipients to take action to avoid a negative consequence or to receive a reward
Advantages of twisted-pair wire
-inexpensive -widely available -easy to work with
the most secure of type of authentication involves
1. Something the user knows: such as a user ID and password (most ineffective form of authentication) 2. Something the user has: tokens and smart cards 3. Something that is part of the user: such as a fingerprint or voice signature (biometics)
botnet
A large group of computers controlled from one or more remote locations by hackers, without the knowledge or consent of their owners. - sometimes called zombies
LAN
A local area network (LAN) connects computer systems and devices within a small area (e.g., an office or a home)
Mesh Network Topology
A mesh network topology is a decentralized design in which each node on the network connects to at least two other nodes. - all connect to each other
authentication
A method for confirming users' identities (data)
MAN
A metropolitan area network (MAN) connects users and their devices in an area that spans a campus or city
broadband communications
A relative term but generally means a telecommunications system that can exchange data very quickly - compare to dial-up
protocol
A standard that specifies the format of data as well as the rules to be followed during transmission
WAN
A wide area network (WAN) connects large geographic regions - computer equipment owned by the user - data communications equipment and telecommunications links provided by various carriers and service providers
B2C
B2C e-commerce - Customers deal directly with an organization and avoid intermediaries - This is called disintermediation - Reasons for steady growth: Cheaper goods and services via the Web, Online shoppers can design a personalized product (NikeID), The use of social media networks to promote products and reach customers
CSS
Cascading Style Sheets - a file or portion of an html file that defines the visual appearance of content in a web page - uses special html tage to globally define characteristics for a variety of page elements as well as how those elements are laid out on the web page
CAD
Computer Aided Design - part of PLM - use of software to assist the creation, analysis, and modification of the design of a component or product
CAE
Computer Aided Engineering - part of PLM - use of software to analyze the robustness and performances of components and assemblies
CAM
Computer Aided Manufacturing - use of software to control machine tools and related machinery in the manufacture of components and products
DDos
Distributed Denial of Service Attack - an attack in which a malicious hacker takes over computers via the internet and causes them to flood a target site with demands for data and other small tasks - keeps target so busy responding to requests that legitimate users cannot get in - so many requests are made that the target system becomes overload and cannot respond to legitimate request for service - botnet
operational decision making
Employees develop, control, and maintain core business activities required to run the day-to-day operations - structured decisions: situations where established processes offer potential solutions
managerial decision making
Employees evaluate company operations to identify, adapt to, and leverage change - semistructed decisions: occur in situations in which a few established processes help to evaluate potention solutions, but not enough to lead to a definit recommended decision
ERP
Enterprise Resource Planning - a set of integrated programs that manage a company's vital business operations for an entire opanization - advantage: improved access to quality data for oper decision making, elimination of costly inflexible legacy systems, improvment of work processes, opportunity to upgrade and strandardize technology infrastructure
XML
Extensible Markup Language - a markup language designed to transport and store data on the web
HTML
Hypertext Markup Language - the standard page description language for web pages - tells the browser how to display font characteristics, paragraph formatting, page layout, image placement, hyperlinks, and the content of a web page - html tages tell the web browser how to format text and elements to be inserted
HTTP
Hypertext Transfer Protocol - to get a page from web server - http request and response - request response diglogue occurs for every file
detection and response
If prevention and resistance strategies fail and there is a security breach, an organization can use detection and response technologies to mitigate the damage
C2C
Involves business transactions between consumers are facilitated by a third party - ebay, craigslist, etsy, ubid
ransomware
Malware that stops you from using your computer or accessing your data until you meet certain demands such as paying a ransom or sending photos to the attacker
strategic decision making
Managers develop overall strategies, goals, and objectives - unstructured decisions: occurs in situations in which no procedures or rules exist to guide decision makers toward the correct choice
OLTP
Online Transaction Processing - Capturing of transaction and event information using technology to process, store, and update - data collection, editing, correction, manipulation, storage, and document production
content filtering
Prevents emails containing sensitive information from transmitting and stops spam and viruses from spreading
PLM
Product Lifecycle Management - an enterprise business strategy that creates a commong repository of product information and processes - supports the collaborative creation, managment, dissemination, and use of product and packaging definition information
PLM software
Provides a means for managing the data and processes associated with the various phases of the lifecycle of a product
TCP/IP
Provides the technical foundation for the public Internet as well as for large numbers of private networks - transmission control protocol/internet protocol
pharming
Reroutes requests for legitimate websites to false websites
TPS
Transaction Processing System- Basic business system that serves the operational level and assists in making structured decisions - create, read, update, delete - help improve customer service - produce timely user responses and reports
VPN
Virtual Private Network - an encrypted connection over the internet from a device to a network - prevents unauthorized people from eavesdropping on the traffic and allows the user to conduct work remotely - widely used in corporate environments
extranet
a network based on Web technologies that links selected resources of a company's intranet with its customers, suppliers, or other business partners
firewall
a system of software, hardward, or a combination of both that stands guard between an organizations internal network and the internet and limits network access based on the organization's access policy - one of the most common defenses for preventing a security breach
Star Network Topology
all devices on the network connect to a central device, and this central device creates a single point of failure on the network.
intranet
an internal corporate network built using internet and world wide web standards and tchnologies
ISP
any organization that provides internet access to people
advantages to microwave terrestrial and satellite frequency range
avoids cost and effort to lay cable or wires; capable of high-speed transmission
business transaction executed electronically between companies
business to business
business transaction executed electronically between companies and consumers
business to consumer
Advantages of Coaxial Cable
cleaner and faster data transmission than twisted pair wire
Bus network topology
computers in such a network are linked using a single cable called a trunk or backbone.
business transaction executed electronically between consumers and other consumers
consumers to consumers
CRM
customer relationship management - helps a company manage all aspect of customer encounters, including marketing, sales, distribution, accounting, and cutomer sevice - goal: understand and anticipat the needs of current and potential customers - customer suppor, marking automation, analysis, social networking, import contact data, access by smartphones
advantages to fiber-optic cable
diameter of cable is much smaller than coaxial cable, less distortion of signal, capable of high transmission rates
single tenancy
each customer or tenant must purchase and maintain an individual system
spear phishing
is a variation of phishing where fraudulent emails are sent to a certain organization's employees - much more precise and narrow - designed to look like they came from high level executives within organization
Types of Trojan Horses
keylogging trojans - logic bomb trojans: type of trojan horse that executes when it is triggered by a specific event
advantages to infrared frequency range
lets you move, remore, and install devices without expensive wiring
disadvantages to coaxial cable
more expensive than twisted pair wire
disadvantages to microwave terrestrial and satellite frequency range
must have unobstructed line of sight between sender and receiver, signal is highly susceptible to interception
disadvantages to infrared frequency range
must have unobstructed line of sight between sender and receiver, transmission is effective only for short distances
public cloud
part of cloud computing - service provider owns and manages the infrastructure with cloud user organizations (tenants) accessing slices of shared hardware resource via the internet - can be faster, cheaper, and more agile approach to building and managing your own IT infrastructure - data security is a key concern because you are relying on someone else to safeguard your data
private cloud environment
part of cloud computing - single tenant cloud - organization often implement due to concerns that their data will not be secure in a public cloud - divided by on premise private cloud or service provider managed private cloud
hybrid cloud
part of cloud computing - composed of both private and public clouds integrated through networking - organizations typically use the public cloud to run applications with less sensitive security requirements - runns more critical applications on the private portion of the hybrid cloud
first line of defense
people - establishing a secuirty policy: some have requirements for mobile devices - educating employees: prohibiting others from using their passwords, guarding their passwords, reporting all unusal activity to IT, ensure that portable computing and data storage devices are protected