BA 370 After Midterm/Final BIS Flashcards
All types of software
Operating Systems, Application Programs, Programming Languages, and Firmware
1st generation programming language (1GL)
machine level programming language. made of binary numbers, 0 and 1. This makes the language suitable to be understood by the machine/hardware but very much more difficult to be interpreted and learned by the human programmer
2 GL
it is still very difficult to read or write – the programmer specifies memory addresses and special codes to perform only simple functions like compare, add, or subtract.
3GL
high-level because they are closer to human languages and further from machine language. In contrast, assembly language is considered low-level because it is very close to machine language.
SQL
special purpose programming language for retrieving data from an RDBMS and is considered a 4GL. A fourth generation programming language (4GL) attempts to get closer than 3GLs to human languages in terms of thinking and conceptualization.
Declarative Programming Language
you just specify what you want without having to say how to do it. With a Procedural Programming Language, you have to specify exact steps to get the job done. For example, SQL is a declarative language because the queries don’t specify steps to produce the result.
Source Code
computer code as written by humans and that is understandable by humans. Code written in most programming languages discussed above (except 1 GL) is source code but that code is not directly executable on a computer. A special program translates source code into machine/binary code (series of 0s and 1s) that the computer hardware can execute.
Software in two broad categories
System Software and Application Software
Operating System (OS)
system software that provides a platform and services for running different types of application software.They manage input and output devices, CPUs, memory, storage, and networking. Examples include:
•Unix
•Linux – an open source OS that is very similar to Unix
•Windows (several versions including the newest desktop Windows 8 and 10)
•Windows Server (An operating system for Servers)
•OS X (Macs)
•iOS (for IPads and IPhones)
•Android (a mobile OS used on phones and tablets)
firmware
computer software that is installed into specific devices such as printers, print servers, and various data communication devices. It is usually stored in read only form (on a memory chip called ROM - Read Only Memory - in the device’s hardware.
application software
• ERP, CRM, and SCM are examples of large application software.
• Application software also includes:
o General purpose programs with broad horizontal markets like individually focused applications (e.g. MS Office (Word, Excel, Access, Power Point), Phone apps, Audio/Video players/editors …)
o Industry specific programs developed for a specific market (e.g. BlackBoard, EMR, Airline Reservation System) - a vertical-market application
o One of a kind software (Custom Software or Tailor-made software) for very unique needs of a specific client (e.g. a custom e-commerce program for a specific company to sell online or an application that coordinate traffic data for the state of Oregon)
open source software
Open Source means the human readable source code (as explained above) is available to the public. The software may be used, altered and distributed in a variety of ways depending on the license but no royalties are paid to the original authors. The Open Source movement is more about software freedom than it is about free software.
• Richard Stallman founded the open source movement in 1983 and developed the general public license agreement -still widely used today
• Linus Torvalds developed an open source operating system similar to Unix which he called Linux in 1991
• IBM has developed a wide range of enterprise applications that run on Linux. Neither they nor their customers have to pay a licensing fee to use Linux
examples of open source software
- Apache (a web server)
- Python (a programming language)
- OpenOffice (Personal productivity software)
- MySQL (an RDBMS)
- Audacity (music/sound editing software)
- 7Zip (file compression software)
- Linux (an open source operating system)
Q3: software installed on devices such as printers and communication devices, which is usually stored on ROM, is referred to as
firmware
Q3: Software that manages the resources of the computer is called
operating system software
Q3: Which type of software is created and updated by a worldwide community of programmers and (mostly) available for free
open source
Q3: Assembly programming language is an example of a
low level language
Q3: Which of the following includes only the names of operating system software
OS X, Windows, iOS, and Android
information security (infosec)
“is the practice of defending information from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction. It is a general term that can be used regardless of the form the data may take (e.g. electronic, physical).”
threat
person or organization seeks to obtain data or other assets illegally, without owner’s permission and often without owner’s knowledge
vulnerability
opportunity for threats to gain access to individual or organizational assets
safeguard
measure individuals or organizations take to block threat from obtaining an asset
target
asset desired by threat
ex of threat: pretexting
a nefarious agent pretends to be someone else and tries to get you to disclose valuable information
ex of threat: phishing
Essentially pretexting via emails which appear to be from a legitimate source to lure a user to click on a damaging link or provide private information.
ex of threat: sniffing
equipment is used to listen in on network traffic (wired or wireless)
ex of threat: hacking
by various means, a nefarious agent breaks into a network or computer to extract or damage information
Not all hackers are malicious
White hat hackers- legitimately probe systems for weaknesses to help with security.
Black hat hackers- attack systems for illegitimate reasons.
Grey hat hackers- are white hat hackers who skirt the edges of the law.
intrusion
into a computer system / network is an attempt by an “outsider” to illegally gain access to the system /network. An intruder is anyone who accesses equipment, electronic data, files, or any kind of privileged information without proper authorization.
There are three groups of individuals (“outsiders”) that could carry out an attack (intrusion) on an information system:
1. IT personnel- are often given a wide range of access privileges to sensitive data and programs, and those privileges can be misused.
2. Users- are given narrow access, but can still find ways to commit fraud.
3. Hackers- are given no access, but are highly capable.
technical safeguards
Identification, Authentication and Authorization
Encryption
Firewalls
Malware protection
identification
username or ID
Authentication
verifies the person
– Password or PIN (“what you know”)
– Smart cards with chip and PIN (“what you have”)
– Biometric authentication (“who you are”)
authorization
determines what a person can access
encryption
the process of transforming clear text into coded, unintelligible text for secure storage or communication.
firewall
simply a filter that prevents unauthorized network access. It can be a special-purpose computer or a program on a general-purpose computer or on a router.
malicious software (malware)
An antivirus program can help in protecting, detecting and/or removing malware from a computer system. ex: Viruses, Trojan horses, Worms, Spyware and Adware
symmetric encryption
Uses same key for encoding and decoding
asymmetric encryption
Uses two keys – one for encoding, the other for decoding
Asymmetric Encryption is a form of encryption where keys come in pairs. What one key encrypts, only the other can decrypt.
A type of asymmetric encryption is also known as Public Key Cryptography, since one key is made “public” (open) while the other is kept “private” (secret).
Two common models of intrusion detection mechanisms
- Signature-based detection
* Anomaly-based detection
Signature-based intrusion detection
method is very effective at detecting known threats but largely ineffective at detecting unknown threats because it compares observed events to existing threat signatures.
Anomaly-based intrusion detection
method compares observed activity against expected “normal” usage profiles. When measured activity is outside baseline parameters, the system triggers an alert. Anomaly-based detection can detect new types of attacks
Two common types of Intrusion Detection Systems (IDS)
- Host-based IDS
* Network-based IDS
Host-based IDS
monitors the characteristics of a single computer/host and the events occurring within that host, such as monitoring network traffic (only for that host), system logs, running processes, file access and modification, and system and application configuration changes.
Network-based IDS
analyzes network traffic to identify and stop suspicious activity. They are typically deployed like a network firewall.
RAID
Redundant Array of Inexpensive Disks
RAID mirroring
every bit of data is written on two disks to protect against data loss
RAID Striping
an individual file is spread out in “stripes” on multiple disks to improve access times (multiple read heads get parts of the file)
RAID 5
redundant data with less storage. Three disks store two disks worth of data but any one disk can fail without data loss.
cloud computing
“Elastic leasing of pooled computer resources over the Internet” Organizations pay for just the resources that they use. Many different organizations are able to share the same physical hardware through the use of virtualization.
Three variations of cloud computing
o SaaS – Software as a Service
o PaaS – Platform as a Service
o Iaas – Infrastructure as a Service
SaaS
allows users to run existing software applications by getting a subscription. Examples include:
Salesforce.com, iCloud, and Office 365.
PaaS
allows users to create their own cloud applications using supplier-specific tools and services
o Vendors provide hosted computers, an OS, and possibly a DBMS
o Organizations/Individualscan develop their own apps on top of the hosted computers using the vendor provided software tools. Examples include: Microsoft Azure and Oracle on Demand
IaaS
allows users to run any applications they prefer on cloud software of their own choice. Examples include: Amazon EC2 (Elastic Cloud Computing), Amazon S3 (Simple Storage Service)
Q4: BLANK refers to the process of transforming clear text into unintelligible text for secure storage or communication
encryption
Q4: When personal characteristics such as fingerprints or retinal scans are used to authenticate users, it is called
biometric authentication
Q4: Amazon.com allows organizations to use (or rent) over the Internet some of amazons computing resources in a “pay as you go” business model. This type of IT service delivery model is referred to as
cloud computing
Q4: Which of following statements not an advantage commonly associated with cloud computing?
works equally well with or without access to a network connection
Q4: Certain online CRM service providers let the orgs use their software remotely…
software as a service (Saas)
LAN (Local Area Network)
supports a “single location” (although there are many other more acceptable definitions of a LAN).
WAN (Wide Area Network)
supports different geographical locations.
The distinction is important because a WAN has to use others’ wires/cables to connect various devices
internets (lowercase i)
are networks of networks (e.g., LANs and/or WANs that have been connected)
The Internet (capital I)
is the biggest internet
Intranets
are organizational internets - organizations link their networks together but don’t allow others access - public shared cables might be used but transferred data is protected for internal use only
Extranet
are mostly used for business-to-business (B2B) data and information exchange
The application layer (communication function)
(a web browser like Chrome or Mozilla) connects users to the network - application layer protocols formulate user tasks with a network in mind o SMTP (Simple Mail Transfer Protocol ) manages email between clients and servers o HTTP (Hypertext Transfer Protocol) manages requests and responses for web pages o FTP (File Transfer Protocol) is used to transfer files from one computer to another
The transport and Internet layers (communication function)
break the message into packets, address them to the right target, and reassemble received packets into usable data
Ethernet
a data link layer protocol that allows computers connected to the same hub or connected by a shared cable to talk to each other whenever they are ready
802.11
wireless protocol used almost everywhere (although cellular data is different). Widely deployed versions include b, g, and n each of which is faster than the last
Transmission speeds are most often measured in
in bps (bits per second); they use similar prefixes to memory sizes but it is bits (lowercase b) for speed and Bytes (capital B) for memory, e.g. kbps (kbps = kilobits per second, mbps = megabits, gpbs = giga, tbps = tera).
Copper wires transmit at speeds up to
1 Gbps (Coaxial and twisted pair)
ISP (Internet Service Provider)
Connects subscribing organizations to the Internet for a fee
ICANN (Internet Corporation for Assigned Names and Numbers
coordinates IP addresses
DNS (Domain Name System)
manages a database of domain names and associated IP Addresses. ICANN is the final authority on names. Servers all over the world work together to provide DNS resolution (i.e., finding the IP address for a website, e.g. NBA.com)
W3C (World Wide Web Consortium)
Fosters standards such as HTTP (hypertext transfer protocol) and HTML (hypertext markup language)
HTML
Hypertext Markup Language
describing how a document should look
Everything is mixed together and Data items are not clearly marked
XML
Extensible Markup Language
allows us to create our own tags
lets organizations more easily share data across different platforms.
Structured, Clear, Understandable
XBRL
Extensible Business Reporting Language
Provides an XML-based framework that can be used to create, exchange, and analyze financial reporting information. An extension to XML.
