Term
routers, firewalls, intrusion prevention systems |
|
Definition
TYPES OF PERIMETER DEFENSE |
|
|
Term
|
Definition
connects an organization's information system to the internet |
|
|
Term
|
Definition
behind the border router; a special purpose hardware device or software running on a general purpose computer |
|
|
Term
|
Definition
separate network that permits controlled access from the internet to selected resources, such as the organization's e commerce web server |
|
|
Term
border router and firewall |
|
Definition
act as filters to control which information is allowed to enter and leave the organization's information system |
|
|
Term
|
Definition
well defined rules and procedures that dictate how to perform all the packet activities |
|
|
Term
|
Definition
govern the process for transmitting information over the internet |
|
|
Term
transmission control protocol |
|
Definition
specifies the procedures for dividing files and documents into packets to e sent over the internet and the methods for reassembly of the original document or file at the destination |
|
|
Term
|
Definition
specifies the structure of those packets and how to route them to the proper destination |
|
|
Term
|
Definition
two parts of every IP packet |
|
|
Term
|
Definition
contains the packet's origin and destination addresses, as well as information about the type of data contained in the body of the packet |
|
|
Term
|
Definition
designed to read the destination address fields in IP packet headers to decide where to send (route) the packet next |
|
|
Term
border router of an organization |
|
Definition
checks the contents of the destination address filed of every packet it receives |
|
|
Term
access control list (ACL) |
|
Definition
a set of rules that determines which packets are allowed entry and which are dropped |
|
|
Term
|
Definition
screens individual IP packets based solely on the contents of the source and/or destination fields in the IP packet header (typically performed by border routers) |
|
|
Term
to quickly identify and drop certain types of packets and to pass all other packets to the firewall, where they will be subjected to more detailed testing before being allowed to enter the organization's internal network |
|
Definition
the function of the border router |
|
|
Term
|
Definition
designed to only permit packets that meet specific conditions to pass |
|
|
Term
stateful packet filtering |
|
Definition
type of filtering employed by firewalls |
|
|
Term
stateful packet filtering |
|
Definition
maintains a table that lists all established connections between the organization's computers and the internet |
|
|
Term
stateful packet filtering helps the firewall reject attack packets that are pretending to be a response to an internally initiated request |
|
Definition
|
|
Term
|
Definition
stateful packet filtering is limited to examining what information? |
|
|
Term
|
Definition
examines the data in the BODY of an IP packet (not just the header) |
|
|
Term
intrusion prevention systems (IPS) |
|
Definition
designed to identify and drop packets that are part of an attack; centered on deep packet inspection |
|
|
Term
no; they are just another layer of protection |
|
Definition
should IPS replace firewall? |
|
|
Term
remote authentication dial in user service (RADIUS) |
|
Definition
a standard method for verifying the identify of users attempting to obtain dial in access |
|
|
Term
dial in users connect to a remote access server and submit their log in credentials, then those credentials are passed to RADIUS which performs compatibility tests to authenticate identity |
|
Definition
|
|
Term
|
Definition
calls every telephone number assigned to the organization to identify those which are connected to modems |
|
|
Term
|
Definition
most efficient and effective way to checking for rogue modems |
|
|
Term
|
Definition
the devices that accept incoming wireless communications and permit the sending device to connect to the organization's network |
|
|
Term
|
Definition
where should all wireless access points be located? |
|
|
Term
|
Definition
enables wireless NICs to communicate directly with any other device that has a wireless NIC (a security threat) |
|
|
Term
SSID service set identifier |
|
Definition
|
|
Term
|
Definition
workstations, servers, printers, and other devices are collectively referred to as |
|
|
Term
|
Definition
every program running on a host represents a potential point of attack b/c it probably contains flaws called ___ |
|
|
Term
|
Definition
process of turning off unnecessary features |
|
|
Term
buffer overflows, sql injection, cross sit scripting |
|
Definition
common examples of attacks against software running on web sites; exploit poorly written software that doesn't check user supplied input prior to further processing |
|
|
Term
|
Definition
occurs when web application software that interfaces with a database server doesn't filter user input, permitting an attack to send SQL commands and execute them on the database server |
|
|
Term
cross site scripting attacks |
|
Definition
occur if web application software doesn't carefully filter user input before returning any of that data to the browser, in which case the victim's browser will execute any embedded malicious script |
|
|
Term
asymmetric encryption and hashing |
|
Definition
used to create digital signatures |
|
|
Term
|
Definition
information encrypted with the creator's private key |
|
|
Term
|
Definition
provides a means to verify that the contents of a m message haven't been altered |
|
|
Term
|
Definition
an electronic document, created and digitally signed by a trusted third party, that certifies the identity of the owner of a particular public key |
|
|
Term
|
Definition
provide an automated method for obtaining an organization's or individual's public key |
|
|
Term
public key infrastructure (PKI) |
|
Definition
refers to the system and processes used to issue and manage asymmetric keys and digital certificates |
|
|
Term
|
Definition
the organization that issues public and private keys and records the public key in digital certificate |
|
|
Term
public key infrastructure (PKI) |
|
Definition
refers to the system and processes used to issue and manage asymmetric keys and digital certificates |
|
|
Term
digital signatures use asymmetric encryption to create legally binding electronic documents |
|
Definition
|
|
Term
|
Definition
alternative mechanism for creating legally binding documents; cursive style imprint of a person's name that is applied to an electronic document |
|
|
Term
|
Definition
information about the attributes of an entity are stored where |
|
|
Term
|
Definition
all the fields containing data about one entity form _____ |
|
|
Term
|
Definition
|
|
Term
|
Definition
a set of interrelated centrally coordinated files |
|
|
Term
database management system (DBMS) |
|
Definition
acts as an interface between database and the varous application programs |
|
|
Term
|
Definition
the combination of the database, he DBMS, and the application programs that access the datbase through the DBMS |
|
|
Term
database adminstrator DBA |
|
Definition
the person resonbilbe for the database |
|
|
Term
|
Definition
|
|
Term
|
Definition
the process of analyzing data repositories for new knoledge about the company's data and business processes |
|
|
Term
|
Definition
combning master files into larger pols of data that many application nprograms can access |
|
|
Term
|
Definition
combning master files into larger pols of data that many application nprograms can access |
|
|
Term
phsyical view and logical view |
|
Definition
two spearte views of the data with the dataase approach |
|
|
Term
|
Definition
how the suer or programmer conceptually organizes and understands the data |
|
|
Term
|
Definition
refers to how and where the data are physically arrangedand stored in the computer ystem |
|
|
Term
|
Definition
describes the logical strucutre of the database |
|
|
Term
conceptual, external, internal |
|
Definition
|
|
Term
|
Definition
the organizationwide view of the entire database; lists all data elements and the relationships among them |
|
|
Term
|
Definition
consists of a set of individual user views of portions of the database |
|
|
Term
|
Definition
|
|
Term
|
Definition
low level view of the database; describes how the data are actually stored and accessed |
|
|
Term
|
Definition
contains information about the strcuture of the database |
|
|
Term
|
Definition
set of commands used to peform the function of creating the database |
|
|
Term
|
Definition
set of commands used to peform the function of changing the database |
|
|
Term
|
Definition
set of commands used to peform the function of querying the database |
|
|
Term
data definition language (DDL) |
|
Definition
used to build the data dictionary, intialize or creaete the database, dsecribe the logical views for each individual user or programmer, and specify any limitaion or contratins on security imposed on database recoreds or fields |
|
|
Term
data maniuplation language DML |
|
Definition
used for data maintenance (updating, inserting, and delting portions of the database) |
|
|
Term
data query language (DQL) |
|
Definition
used to interrogate the database |
|
|
Term
|
Definition
retrieves, sorts, orders, and presents subsets of the database in response to user queiries |
|
|
Term
|
Definition
a language that simplieifse ereport creation |
|
|
Term
those epmloyees with admintriative and programming responsbilites |
|
Definition
who should have access to the DDL and DML |
|
|
Term
|
Definition
an abstract representation of the contents of a database |
|
|
Term
|
Definition
represens everything in the database as being stored in the form of tables |
|
|
Term
|
Definition
each row in a relation that contains dta about a specific occurence of the type of entity representaed by that table |
|
|
Term
attributes are in columsn |
|
Definition
|
|
Term
|
Definition
the attribute, or cmobination of attributes, that uniquely identifies a specific row in a table |
|
|
Term
|
Definition
an atribute in a table that is a primary key in another table; used to link tables |
|
|
Term
|
Definition
occurs when storing all data in one uniform table; changes (u[pdates) to data values are no oorrectly recorded b/c it may overlok rows |
|
|
Term
|
Definition
when there is no way to stoore information about new rows |
|
|
Term
|
Definition
unitntened results occur when delting a row in the table |
|
|
Term
every column in a row must be single valued, primary keys cannot be null, foregign keys, if not null, must have values that correspond to the value of a primary key in another table, all nonkey attributes in a table should describe a charactersitic about the object identified by the primary key |
|
Definition
basic requireements of a relationsal database |
|
|
Term
|
Definition
ensures that every row in every relation must represent data about some specific object in the real world |
|
|
Term
|
Definition
used to link rows in one table to rows in another table |
|
|
Term
referential integrity rule |
|
Definition
ensues the consistency of the database |
|
|
Term
|
Definition
way to design relationshal database; starts with the assumption that everything is initially stored in one large table |
|
|
Term
normalization; semantic data modeling |
|
Definition
two ways to design well strcutured realtional databases |
|
|
Term
|
Definition
the relationsal data model protrays data as being stored in: |
|
|
Term
|
Definition
how a suer conveptually organizes and understands data is referred to as the: |
|
|
Term
|
Definition
shows how and where data are physically stored |
|
|
Term
|
Definition
also called a row in a relationshal databsetable |
|
|
Term
|
Definition
ech column in a relational database; describes soe characteristic of an entity about which data are stored |
|
|
Term
|
Definition
an individual uer's view of the database |
|
|
Term
|
Definition
the organizationwide view of the entire database |
|
|
Term
|
Definition
represents how the data are actually stored and accessed |
|
|
Term
|
Definition
used to retrieve information from a database |
|
|
Term
|
Definition
used to build the data dictionary, create a database, describe logical views, and specify any limitations or constraints on security |
|
|
Term
|
Definition
used for data maintenance |
|
|
Term
|
Definition
a software program that runs a database system; acts as an interface between a database and various application programs |
|
|
Term
|
Definition
the constraint that all primary keys must have non null data values |
|
|
Term
referential integrity rule |
|
Definition
the constrain that all foreign keys must have either null values or the value of a primary key in another table |
|
|
Term
systems analysis, conceptual design, physical design, implementation and conversion |
|
Definition
five basic steps in database design |
|
|
Term
|
Definition
consists of initial planning to determine the need for and feasibility of developing a new system |
|
|
Term
|
Definition
includes preliminary judgments about the proposal's technological and economic feasibility |
|
|
Term
|
Definition
involves identifying user information needs, defining the scope of the proposed new system, and using information about the expected number of users and transaction volumes to make preliminary decisions about hardware and software requirements |
|
|
Term
|
Definition
includes developing the different schemas for the new system at the conceptual, external, and internal levels |
|
|
Term
physical design/third stage |
|
Definition
consists of translating the internal level schema into the actual database structures that will be implemented in the new system |
|
|
Term
physical design/3rd stage |
|
Definition
stage when new applications are developed |
|
|
Term
fourth stage/implementation and conversion |
|
Definition
includes all the activities associated with transferring data from existing systems to the new database AIS, testing the new system,, and training employees how to use it |
|
|
Term
using and maintaining the new system |
|
Definition
|
|
Term
using and maintaining the new system |
|
Definition
includes carefully monitoring system performance and user satisfaction to determine the need for making system enhancements and modifications |
|
|
Term
|
Definition
the process of defining a database so that it faithfully represents all aspects of the organization, including its interactions with the external environment |
|
|
Term
systems analysis and conceptual design stages of database design |
|
Definition
during what stages does data modeling occur? |
|
|
Term
entity relationship diagramming and rea data model |
|
Definition
two important tools to perform data modeling |
|
|
Term
entity relationship ER diagram |
|
Definition
graphical technique for portraying a database schema |
|
|
Term
|
Definition
anything about which the organization wants to collect and store information |
|
|
Term
|
Definition
in an ER diagram, entities are depicted as: |
|
|
Term
|
Definition
useful for deciding which entities need to be modeled |
|
|
Term
|
Definition
developed specifically for use in designing AIS |
|
|
Term
|
Definition
focuses on the business semantics underlying an organization's value chain activities; provides guidance for database design by identifying what entities should be included in the ais DATABASE AND BY PRESCRIBING HOW TO STRUCTURE RELATIONSHIPS AMONG THE ENTITIES IN THAT DATABASE |
|
|
Term
resources, events (busines activities), agents |
|
Definition
|
|
Term
|
Definition
those things that have economic value to the organization |
|
|
Term
|
Definition
the various business activities about which management wants to collect information for planning or control purposes |
|
|
Term
|
Definition
the people and organizations that participate in events and about whom information is desired for planning, control, and evaluation purposes |
|
|
Term
1. each event is linked to at least one resource that it affects 2. each event is linked to at least on other event 3. each events is linked to at least two participating agents |
|
Definition
rea data model basic pattern |
|
|
Term
|
Definition
relationships that affect the quantity of a resource ; represent either an inflow or outflow of that resource |
|
|
Term
identify the events about which management wants to collect information identify the resources affected by each event and the agents who prticpate in those envents determine the cardinalties of each relationship |
|
Definition
developing an rea diagram for a specific transaction cycle (steps) |
|
|
Term
identify the events of interest to management |
|
Definition
the first step in developing an rea model of a transaction cycle |
|
|
Term
|
Definition
represents an activity which reduces the organization's stock of a resource that has economic value |
|
|
Term
|
Definition
represents an activity which increases the organization's stock of an economic resource |
|
|
Term
|
Definition
describe the nature of the relationship between two entities by indicating how many instances of one entity can be linked to each specific instance of another entity |
|
|
Term
|
Definition
can either be zero or one, depending upon whether the relationship between the two entities is optional or mandatory |
|
|
Term
|
Definition
can either be one or many, depending upon whether each instance of entity |
|
|
Term
|
Definition
can either be one or many, depending upon whether each instance of entity A can be linked to at most one instance or potentially many instances of entity B |
|
|
Term
accounts receivable is not a resource, event or agent so not on rea diagram; rather it represents the difference between two events |
|
Definition
|
|
Term
|
Definition
in most cases, the relationship between agent entities and event entities is: |
|
|
Term
system analysis and conceptual design |
|
Definition
data modeling occurs during which stages of database design |
|
|
Term
every event must be linked to at least two agents in rea data model |
|
Definition
|
|
Term
merging redundant resources does not affect any cardinatlites, but merging redundant events alters the minimum cardinalties associated with the other everns tat are reltaed to the merged event |
|
Definition
|
|
Term
create a table for each distinct entity in the diagram and for each many to many relationship assign attributes to approp. tables use foreign keys to implement one to one an done to many relationships |
|
Definition
three steps to implementing an rea diagram in a relational database |
|
|
Term
the primary key for M:N relationship tables consist of TWO attributes that represent the primary keys |
|
Definition
|
|
Term
|
Definition
multiple attribute primary keys |
|
|
Term
|
Definition
an attribute of one entity that is itself the primary key of another entity |
|
|
Term
|
Definition
provide a chronological listing of transactions |
|
|
Term
|
Definition
master files that contain cumulative information about specific accounts |
|
|
Term
|
Definition
must be implemented as separate table tables in a relationship database |
|
|
Term
|
Definition
can be used to implement 1:N AND 1:1 relationships |
|
|
Term
|
Definition
combining two rea diagrams by merging entities common to both will necessitate changes in cardinality airs associated with the merged entity if it is an: |
|
|
Term
|
Definition
information traditionally found in journals is store din which type of entity in an rea database |
|
|
Term
|
Definition
store information about transactions |
|
|
Term
every resource must be linked to at least one increment event and at least one decrement event |
|
Definition
ONLY TRUE about an INTEGRATED rea data model |
|
|
Term
to obtain info in a ledger: query not only resource tables but also event and agent tables |
|
Definition
|
|
Term
systems development life cycle |
|
Definition
the process that organizations follow to obtain and implement a new and well designed AIS |
|
|
Term
|
Definition
first step in systems development |
|
|
Term
|
Definition
information needed to purchase or develop a new system is gathered |
|
|
Term
information needs of system users and managers are identified and documented |
|
Definition
most important part of systems analysis |
|
|
Term
|
Definition
the company decides how to meet user needs in this step |
|
|
Term
identify and evaluate appropriate design alternatives |
|
Definition
first task in conceptual design step |
|
|
Term
|
Definition
the company translates the board, user oriented requirements of the conceptual design into detailed specifications that are used to code and test the computer programs |
|
|
Term
implementation and conversion |
|
Definition
constitutes the capstone phase ruing which all elements and activities of the system come together |
|
|
Term
information systems steering committee |
|
Definition
plan and oversee the information systems functions; sets policies that govern the AIS and ensures top mngmt participation, guidance, and control; facilitates the coordination and integration of information systems activities to increase goal congruence and reduce goal conflict |
|
|
Term
|
Definition
study existing systems, design new ones, and prepare specifications that are used by computer programmers |
|
|
Term
|
Definition
write programs using the specifications developed by the analysts; modify and maintain existing computer programs |
|
|
Term
individual project plans by project teams master plan by info systems steering committee |
|
Definition
two types of systems development plans needed |
|
|
Term
|
Definition
basic building block of information systems planning; contains cost-benefit analysis, developmental and operational requirements, and a schedule of the activities required to develop and operate the new application |
|
|
Term
|
Definition
long range planning document that specifies what the system will consists of, how it will be developed, who will develop it, how needed resoruces will be acquired, and where the AIS is headed |
|
|
Term
|
Definition
two techniques for scheduling and monitoring systems development activities |
|
|
Term
pert: program evaluation and review technique |
|
Definition
requires that all activities and the precedent and subsequent relationships among them be identified |
|
|
Term
|
Definition
consist of a network of arrows and nodes representing project activities that require an expenditure of time and resources and the completion and initiation of activities |
|
|
Term
|
Definition
the path requiring the greatest amount of time |
|
|
Term
|
Definition
a bar chart with project activities listed on the left hand side and units of time across the top |
|
|
Term
the capacity to show in graphical form the entire schedule for a large complex project |
|
Definition
primary advantage of gantt chart |
|
|
Term
|
Definition
prepared during systems analysis and updated as necessary during the remaining steps in the SDLC |
|
|
Term
economic feasibility, technical feasibility, legal feasibility, scheduling feasibility, operational feasibility |
|
Definition
five aspects to be considered in feasibility study |
|
|
Term
|
Definition
most important and frequently analyzed of the five feasibility study aspects |
|
|
Term
|
Definition
basic framework for feasibility analysis; benefits and costs are translated into dollar estimates |
|
|
Term
|
Definition
primary operation cost (65/75 percent) |
|
|
Term
payback period, NPV, internal rate of return |
|
Definition
three commonly used capital budgeting techniques |
|
|
Term
|
Definition
behavior that is usually intended to destroy, cripple, or weakens the systems effectiveness |
|
|
Term
aggression, projection, avoidance |
|
Definition
major resistance to AIS changes |
|
|
Term
|
Definition
involves blaming the new system for any and every unpleasant occurrence |
|
|
Term
initial investigation, systems survey, feasibility study, information needs and system requirements, systems analysis report |
|
Definition
steps in systems analysis phase (5) |
|
|
Term
|
Definition
conducted to screen projects |
|
|
Term
|
Definition
extensive study of the current AIS is undertaken; study the present system to gain a through understanding of how it works |
|
|
Term
|
Definition
investigate each development activity to define the problem to be solved; prepare a proposal to conduct systems analysis |
|
|
Term
interviews, questionnaires, observation, systems documentation |
|
Definition
|
|
Term
|
Definition
used when the amount of information to be gathered is small and well defined, is obtained from many ppl or from those who are physically removed, or is intended to verify data from other sources; take little time to administer |
|
|
Term
|
Definition
used to verify information gathered using other approaches and to determine how a system actually works, rather than how it should work |
|
|
Term
|
Definition
describes how the AIS is intended to work |
|
|
Term
|
Definition
illustrate how a system functions by describing the flow of documents, the computer processes preformed, and other physical elements of the system |
|
|
Term
|
Definition
illustrate what is being done, regardless of how the flow is actually accomplished |
|
|
Term
|
Definition
problems and alternatives are viewed from entire organization standpoint |
|
|
Term
|
Definition
summarize and document the analysis activities and serve as a repository of data from which systems designers can draw; shows the new system's goal and objectives, its scope and recommendatiosn for the new system |
|
|
Term
1. initial investigation-determine whether to conduct systems survey 2. feasibility study-determine whether to proceed to the information requirements phase 3. analysis phase-decide whether to proceed to the next phase |
|
Definition
go/no go decision making situations |
|
|
Term
gain a competitive advantage, increase productivity, keep up with company growth, downsize company operations |
|
Definition
reasons why companies make changes to AIS's |
|
|
Term
|
Definition
the planning technique that identifies implementation activities and their relationships, constructs a network of arrows and nodes, and then determines the critical path thru the network |
|
|
Term
|
Definition
basically a bar chart that displays dates and stages of completion for each project task |
|
|
Term
|
Definition
illustrates how a system functions by describing document flows, computer processes, equipment used, and other physical elements of the system |
|
|
Term
|
Definition
used to document a system with four basic symbols |
|
|
Term
initial investigation, system survey, feasibility study, determination of information needs and system requirements |
|
Definition
correct order of the steps in systems analysis |
|
|
Term
|
Definition
long range planning document that specifies what the system will consist of, how it will be developed, who will develop it, how needed resources will be acquired and its overall vision |
|
|
Term
|
Definition
used for individual projects and includes such items as cost benefit analysis, developmental and operational requirements, and a schedule of activities for developing and operating the new system |
|
|
Term
|
Definition
increased error rates, disruptions, and sabotage are examples of: |
|
|
Term
|
Definition
the most significant problem a company encounters in designing, developing, and implementing a system |
|
|
Term
|
Definition
determining whether the organization has access to ppl who can design, implement, and operate the proposed system |
|
|
Term
|
Definition
refers to whether the system can be developed and implemented with existing technology |
|
|
Term
|
Definition
refers to whether the system complies with all applicable laws and regulations |
|
|
Term
|
Definition
refers to whether the system can be analyzed, planned, designed, and implemented in the time allocated |
|
|
Term
|
Definition
refers to whether the system's benefits outweighs its costs |
|
|
Term
|
Definition
located at the beginning of each file and contains the file name, expiration date, and other identification data |
|
|
Term
header and trailer records |
|
Definition
two important types of internal lables |
|
|
Term
|
Definition
located at the end of the file and contains the batch totals calculated during input |
|
|
Term
data matching, file labels, recalculation of batch totals, cross footing and 0 balance tests, write protection, database processing integrity procedures |
|
Definition
important processing controls |
|
|
Term
|
Definition
error in which two adjacent digits were inadvertently reversed; indicated if evenly divisible by 9 |
|
|
Term
cross footing balance test |
|
Definition
compares the results produced by each method of calculating a total to verify accuracy |
|
|
Term
|
Definition
applies the logic of cross footing test to control accounts |
|
|
Term
|
Definition
ensures that data items are defined and used consistently |
|
|
Term
concurrent update controls |
|
Definition
protect resources from error that occur when two or more users attempt to update the same record simultaneously |
|
|
Term
user review of output, reconciliation procedures, external data reconciliation |
|
Definition
|
|
Term
parity checking, message acknowledgment |
|
Definition
two basic types of data transmission controls |
|
|
Term
|
Definition
an extra digit added to every character to detect errors in binary digit transmission |
|
|
Term
|
Definition
the partiy bit is set so that each character has an even numbr of bits with the value 1 |
|
|
Term
|
Definition
entails verifying that there are the proper number of bits set to the value 1 in each character received |
|
|
Term
echo check, trailer record, number batches |
|
Definition
message acknowledgment techniques |
|
|
Term
|
Definition
a recalculation of summary statistic of the number of bits in a message (checks if the counts agree) |
|
|
Term
change management controls |
|
Definition
need to ensure that modification to the organizational structure and the adoption of new software for performing business activities maintain adequate segregatino of duties |
|
|
Term
adequate monitoring and review by top management to ensure that proposed and implemented changes are consistent with organization's strategy |
|
Definition
most important change management control |
|
|