4-3. Protection of Information

Question 1

Mobile device: What are examples? Benefits?

Answer 1

iPhones, androids, blackberries, tablet computers.

Benefits: Ubiquitous computing - universal data availability.

Question 2

Mobile device: risks?

Answer 2

• User-installed applications can create security risks (e.g. spyware)
• Loss or theft

Question 3

Mobile device: challenges?

Answer 3

• Redesigning displays, ensuring functionality across platforms, etc
• Emerging technologies: Siri, Movie her, voice recognition/input, biometric identification

Question 4

Mobile device: what is SDLC?

Answer 4

System development life cycle.

Question 5

Mobile device: what are end-user system development risks?

Answer 5

• No knowledge or application of SDLC
• Inadequate system testing and documentation
• Poor data controls
• Poor integration with existing systems
• Poor system design

Question 6

Mobile device: end-user system development risks: what is the responses?

Answer 6

Software and program development and implementation

• third-party review and testing of user-developed programs
• catalog and store programs in secure and off-site location

Segregation of duties

• third-party review of data entry (if any) and report production
• implement additional supervision and review as feasible

Question 7

What is SBE?

Answer 7

Small business environment.

Question 8

SBE: what are end-user computing risks?

Answer 8

• Hard to control

* Higher risk of errors, defalcation, system failure

Question 9

SBE: characteristics?

Answer 9

• Exclusively microcomputers
• No centralized info. Technology (IT) dept often outsourced
• Poor segregation of duties (incompatible functions often combined)

Question 10

SBE: computing risks and responses?

Answer 10

Risk: Unprotected computing sites
Response: Give > attention to locked doors and secure storage (e.g. CDs, DVDs, flash drives)

Risk: Logical (electronic) access
Response: Require usernames and strong passwords, automatic log out after unused period

Risk: Data backup
Response: Outsource, or establish and enforce policies (e.g. centralized and automate through network)

Question 11

SBE: what is a compensating control?

Answer 11

Close involvement of knowledgeable owner.

Question 12

Mobile device: what items should be included in mobile applications training?

Answer 12

• Organizational policies
• Password maintenance and protection
• When and how to use mobile devices
• Procedures for lost or stolen devices

Question 13

Mobile device: definition?

Answer 13

Transportable (ubiquitous) computing devices; that is, computing devices that can be carried from place to place.

Question 14

What are 3 approaches to consolidate data from multiple locations?

Answer 14

1. Centralized system: data and processing at central location, user access via telecommunications channel
2. Decentralized system: individual location processing and data, summarized data sent to central office, use is declining
3. Distributed (hybrid) database system: distribute to locations according to need, seeks the best of centralized and decentralized, increasingly common

Question 15

Centralized system: Advantages and disadvantages?

Answer 15

A: enables better data security, consistency in processing
D: high transmission costs, input/output bottlenecks at high traffic times (end of period), slow response to information requests

Question 16

Decentralized system: Advantages and disadvantages?

Answer 16

A: lower transmission cost, lower processing power/storage needs at central site, lower input/output bottlenecks, higher response to local needs
D: higher data redundancy and poor information integration, higher security issues, higher hardware costs

Question 17

Distributed database system: Advantages and disadvantages?

Answer 17

A: better communication between locations (all connected to distributed database), more current and complete info, reduce or eliminate need for expensive central processing center
B: similar to centralized systems, cost of communications among locations, access and update conflicts among locations

Question 18

What are computer networks?

Answer 18

2 or more computing devices; Connected by a communications channel

Question 19

What is node?

Answer 19

• Network access point

* A connected devices (computers, printers, headphones, etc) identified by type (linked to device protocols)

Question 20

What is critical about nodes and security?

Answer 20

Controlling

Question 21

What does node also could measure?

Answer 21

Measure of network complexity (e.g. 5 vs 30,000)

Question 22

What is assigned to node?

Answer 22

A DNS and IP (internet protocol) address.

Question 23

What is DNS?

Answer 23

Domain name system: translates network node into IP address.

Question 24

What does network monitors do in relation to node?

Answer 24

Network monitors display node activity - status, extent of traffic, alarms (e.g. prohibited traffic)

Question 25

Computer network: what are components?

Answer 25

• Switch (0,1) and/or router - router is increasingly common.
• Network Interface Card (NIC) or Network Adapter Card (NAC)
• Transmission media

Question 26

Computer network: Describe switch and/or router.

Answer 26

• Route traffic and may include security features.

* Routers are smarter, more complex and cost more than switches.

Question 27

Computer network: describe Network Interface Card (NIC) or Network Adapter Card (NAC).

Answer 27

• Circuit board and software on each node
• Translate between network and computer language
• Matches to transmission media
  e. g. in each computer

Question 28

Computer network: describe transmission media.

Answer 28

• Communication link between nodes (here a cable)

* May be wired or wireless

Question 29

Computer network: what are types of nodes?

Answer 29

• Client

* Server

Question 30

Computer network: describe client node.

Answer 30

• Usually an end user’s microcomputer

* Uses but does not provide network resources

Question 31

Computer network: describe server node.

Answer 31

*Provide services or resources to network
*End-users access server resources but generally don’t use directly
*Server may lack keyboard and video (access through network)
E.g. a file server maintains centralized application and data files.
A printer server provides access to high quality printers

Question 32

Computer network: What are types of networks?

Answer 32

• Local Area Networks (LANs)
• Wide Area Networks (WANs)
• Storage Area Networks (SANs)
• Personal Area Networks (PANs)

Question 33

Computer network: describe LANs.

Answer 33

• use dedicated communication lines (i.e. used only by the network)
• cover limited area

Question 34

Computer network: describe WANs.

Answer 34

*use public or shared communication lines (e.g. telephone lines, television cables)

Question 35

Computer network: describe SANs.

Answer 35

• type of LAN
• dedicated: connected storage devices to servers and other devices
• centralize data storage
• increasing use in cloud computing

Question 36

Computer network: describe PANs.

Answer 36

• create/used by individual person
• wireless: e.g. use Bluetooth (or IrDA) to connect a device (e.g. iPad) to keyboard, headset, mouse, another computer, etc
• wired: use fiber optics, twisted pair, coax or other cable (e.g. Apple) to connect

Question 37

Computer network: why necessary?

Answer 37

• File and data sharing/resources
• Email
• Printing
• Remote access
• Directories (locate services on the network)

Question 38

Computer network: what are types of communication media?

Answer 38

• Wired: twisted pair (copper), coaxial cable, fiber optic cable
• Wireless: microwave transmission, Wi-Fi or spread-spectrum radio transmission, Bluetooth, digital cellular

Question 39

Computer network: wired: what are twisted pair?

Answer 39

• Originally for phone connections
• Historically, slowest, least secure (e.g. easy to tap), lowest capacity, most interference of wired media (EMI=electromagnetic interference)
• Low cost and common in US buildings (rapidly being replaced)

Question 40

Computer network: wired: what is coaxial cable?

Answer 40

• Cable for your wired cable TV system
• Faster, more secure, moderate capacity, less subject to interference
• Slightly higher cost, common due to cable TV systems

Question 41

Computer network: wired: what are fiber optic cable?

Answer 41

• Fast and secure, high capacity
• Light pulses not electrical impulses; no electrical interference, no degradation over long distances
• More expensive and often not already in US buildings

Question 42

Computer network: wireless: what are microwave transmission?

Answer 42

• Use of terrestrial microwave and/or satellite microwave transmission
• Primarily used in WANs

Question 43

Computer network: wireless: what are Wi-Fi or spread-spectrum radio transmission?

Answer 43

• Used in both large commercial networks and small home networks
• Used in LAN and also to provide access to WANs
• Currently: Wi-Fi connections often slower than wired coaxial systems
• (Ethernet) or fiber optic cable

Question 44

Computer network: wireless: what are Bluetooth?

Answer 44

• A wireless communication protocol
• Same radio frequencies as Wi-Fi
• Lower power consumption and weaker connection; (10 meter range)
• Provide direct communication link between 2 devices (e.g. headset and cell phone)
• Used in personal area networks (PANs)
• E.g. cell phone receiving signal from GPS

Question 45

Computer network: what are advantages of wireless and wired network?

Answer 45

Wireless: Scalable, flexible, often lower cost, mobility
Wired: Reliable, security, speed, occasionally lower cost

Large LANs and WANs often include both

Question 46

Computer network: what are 3 types of ownerships?

Answer 46

Private, public, cloud computing/cloud services.

Question 47

Computer network: describe private ownership, pros/cons.

Answer 47

Small number of applications or restricted set of users.
A: Secure, flexible, performance exceeds that of public
D: Costly

Question 48

Computer network: describe public ownership, pros/cons.

Answer 48

*Owned by third-party companies and leased to users.
*Access is typically through dial-up circuits (e.g. what is used at Starbucks, McDonalds, etc).
*Exploding use
A and D: Opposite of private networks

Question 49

Computer network: what are management tools for control?

Answer 49

1. Response time reports
2. Downtime reports
3. Online monitors
4. Network monitors
5. Protocol analyzers
6. Simple network management protocol (SNMP)
7. Help desk reports

Question 50

What is Internet?

Answer 50

• A “network of networks”
• Global network of billions of interconnected computers and networks
• World’s largest client-server network

Question 51

Internet: what are 2 common protocols?

Answer 51

*TCP (transmission control protocol)
*IP (Internet Protocol): All nodes assigned an IP address for delivery of information
These are core protocol transmission on the Internet

Question 52

Internet: what is protocol?

Answer 52

Rules by which a network operates and controls flow and priority of messages.

Question 53

Internet: what is packet (or block)?

Answer 53

Meanings by which information is transmitted.

e.g. sent files are broken into packets.

Question 54

Internet: what does each packet contains?

Answer 54

• Header: routing info (address), length, protocol (maybe), originating info
• Data
• Trailer: used in some systems, error detection bits, end of message identifier

Question 55

Internet: what are most heavily used internet feature (in organizations)?

Answer 55

• Email

* TCP

Question 56

Internet: what are 2 components of email?

Answer 56

1. Mail servers: host that deliver, forward and store mail

2. Clients: link users to servers. Allow you to read, compose, send, and store email

Question 57

Internet: what does TCP do?

Answer 57

Breaks up sent messages into IP packets

*Sent to a router(s) (sort of an internet postman - delivers packets) and delivered

Question 58

Internet: what is url?

Answer 58

uniform resource locator.

Web address of a resource: e.g. the part after http://

Question 59

Internet: what does browser do?

Answer 59

*Translates the url to an ip address
*Sends request for URL via HTTP: e.g. “http://” says use the HTTP protocol, “https://” says use a protocol with great (SSL) security.
could use “telnet://” - use telnet protocol to remote connect

Question 60

Internet: what is HTTP?

Answer 60

Hypertext transfer protocol.

Question 61

Internet: what are protocols and services?

Answer 61

• Simple Mail Transfer Protocol (SMTP): for email services
• Internet Message Access Protocol (IMAP): permits access to remote mailboxes (e.g. on a server) as if they were local (e.g. on a client system)
• File Transfer Protocol (FTP): for uploading and downloading files
• Instant Messaging (IM): common for informal, internal corporate communications
• Voice over IP (VoIP): for internet-based phone communications

Question 62

Internet: what is Markup (or Tagging) languages?

Answer 62

Codes that indicate how parts of a file are to be processed or displayed.

Question 63

Internet: what is html?

Answer 63

Hypertext markup language: core makeup language (way of tagging text for display) for web pages and the basic building-block protocol for constructing webpages.

Question 64

Internet: what is XML?

Answer 64

Extensible markup language: for encoding (tagging) documents in machine-readable form.

Question 65

Internet: what is XBRL?

Answer 65

Extensible business reporting language: XML based - for encoding and tagging business information such as financial information.

• Used in fillings with SEC on EDGAR
• Some companies now report FS in both paper and XBRIL formats

Question 66

Internet: security: what monitoring employee use entails?

Answer 66

• Detect and/or prevent unauthorized uses: non-work tasks (shopping), legal issues (e.g. child pornography, gaming)
• National security/political control (China, Egypt, U.S.)
• Packet sniffers (view and capture sent info)
• Desktop surveillance (keystroke and website logging): e.g. Wavecrest

Question 67

Internet: what does ISP do?

Answer 67

Internet Service Providers provide access through;

• direct connections to Internet backbone (high speed, high capacity communications line)
• e.g. insight cable, Wind stream

Question 68

Internet: what are intranets and extranets?

Answer 68

Private (e.g. limited access) network built using Internet protocols

• Allows access to network resources through web browsers rather proprietary interface
• Reduces training and system development time
• Rapidly replacing traditional proprietary LANs and WANs
• Easier to use, greater security
• Internet portal - the entry site (URL) for an intranet

Question 69

Internet: Describe intranets.

Answer 69

Available only within an organization (business, school, association).
Often used to connect geographically separate LANs within a company.

Question 70

Internet: Describe extranets.

Answer 70

Extend intranet to associates.

E.g. suppliers, customers, business partners. Extended beyond the company “firewall”

Question 71

Internet: what is often used to extend an intranet to an extranet?

Answer 71

Use VPN (virtual private network) technology to secure communications.

Question 72

Internet: what is Web 2.0?

Answer 72

2nd generation, web-based collaboration and community-generated content.

Question 73

Internet: what are tools for Web 2.0?

Answer 73

• Blogs: focused discussion or (b)log led by a moderator (share ideas and opinions)
• Wiki: knowledge-sharing collaborative website
• Twitter: micro-variation of a blog with 140 character limit. Often “follow” friends and celebrities
• RSS (really simple syndication)/ATOM feeds: news and info source by (free) subscription

Question 74

What does repeaters do?

Answer 74

Strengthen the signal.

Question 75

What does Gateways do?

Answer 75

Gateways connect Internet computers of dissimilar networks.