BEC 4 Security and Internet implications for business Flashcards

1
Q

Technologies and security management features

A
A. Safeguarding records and files
B. Back up files
1. Son-father-grandfather concept
2. Back up of systems that can be shut down
3. Backups of systems that do not shut down
4. Mirroring 
C. Uninterrupted power supply
D. Program modification controls
E. Data encryption
1. Digital certificates
2. Digital signatures vs E-signatures
F. Managing passwords
1. Password length
2. Password complexity 
3. Password age
4. Password reuse
G. User access 
1. Initial passwords and authorization for system access
2. Changes in position
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

A. Safeguarding records and files

A
  • inadequate protection may result in damage or loss

- data can be protected by the use of internal and external labels and file protection rings

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

B. Back up files

A

Back up files

  1. Son-father-grandfather concept - the most recent file is called the son and the back up process includes reading the previous file, recording transactions being processed and then creating a new updated master file.There are always at least two back ups.
  2. Back up of systems that can be shut down - updated when shut down
  3. Backups of systems that do not shut down - recovery includes applying a transaction log and reapplying those transactions to get back to the point immediately before the failure
  4. Mirroring - the use of a back up computer to duplicate all of the processes and transactions on the primary computer
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

C. Uninterrupted power supply

A

a device that maintains a continuous supply of electrical power to connected equipment. Called battery back up.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

D. Program modification controls

A

Program modification controls are controls over the modification of programs being used in production applications. They include controls designed to prevent changes by unauthorized personnel and also controls that track program changes

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

E. Data encryption

A

E. Data encryption - an essential foundation for electronic commerce. Encryption involves using a password or a digital key to scramble a readable message into an unreadable message. Then intended recipient of the message then uses the same or another digital key to decrypt or decipher the ciphertext message back into plaintext.

  1. Digital certificates - an electronic document, created and digitally signed by a trusted party, which certifies the identity of the owners of a particular public key.
    - The public key infrastructure - the system and processes used to issue and manage asymmetric keys and digital certificates.
    - Certificate authority - the organization that issues public and private keys and records the public key in a digital certificate.
  2. Digital signatures vs E-signatures - use asymmetric encryption to create legally-blinding electronic documents. Web-based e-signatures are an alternative mechanism for accomplishing the same objectives. An e-signature - a cursive style imprint of a person’s name that is applied to an electronic document
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

F. Managing passwords

A

F. Managing passwords - every account needs one

  1. Password length - 7-8 signs
  2. Password complexity - upper, lowercase, numeric, ASCII characters !@#$
  3. Password age - every 3 months
  4. Password reuse - should not be reused (24 passwords)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

G. User access

A

G. User access

  1. Initial passwords and authorization for system access
  2. Changes in position - Hr and IT communication
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Brute force attack

A

the attacker simply tries every possible key until the right one is found

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

A. Security Policy defined

A

A. Security Policy defined - a document that states how an org plans to protect the org’s info.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

B. Security Policy goal

A

B. Security Policy goal - requires people to protect info, which protects the org, its people, and customers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

C. States and Locations of information covered by security policies:

A
  1. The security policy should seek to secure info that exists in 3 distinct states:
    a. Stored information
    b. Processed information
    c. Transmitted information
  2. Information resides in locations:
    a. information technology systems
    b. paper
    c. human brain
  3. Relationship between states and locations of info (Examples):
    a. Info systems - stored hard drives - processed computers - transmitted via internet
    b. Paper - file cabinets - copy machine - fax
    c. Brain - memory - synapses - language
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Types of policies

A
  1. Program level policy - used for creating a management sponsored computer security program. A program level policy, at the highest level, might prescribe the need for information security and may delegate the creation and management of the program to a role within the IT department.
  2. Program-framework policy - establishes the overall approach to computer security
  3. Issue specific policy
  4. System specific policy
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Development and management of security policies

A
  1. Security objectives - series of statements to describe meaningful actions about specific resources.
  2. Operational security - defines the manner in which a specific data operation would remain secure
  3. Policy implementation - security is enforced by a combination of technical and traditional management methods.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Policy support documents

A
  1. Regulations - laws, rules, regulations represent governmentally imposed restrictions passed by regulators and lawmakers
  2. Standards and baselines - topic specific (Standards) and system specific (baseline) documents that describe overall requirements for security
  3. Guidelines - provide hints, tips, and best practices in implementation
  4. Procedures - step by step instructions on how to perform a specific security activity
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Decryption or decipherment

A

the intended recipient converts the cipher text into plain text

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Digital signature

A

is a means of ensuring that a message is not altered in transmission. It is a form of data encryption

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Electronic Commerce (E-Commerce)

A
  • the electronic consummation of exchange transactions,
  • can use a private network or the Internet as the communications provided
  • may involve communication between previously known parties or between parties that have had no prior contract or agreements
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Electronic Business (E-business)

A
  • general term
  • any use of information technology like networking and communications technology to perform business processes in an electronic form
  • may or may not relate to selling or buying
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Electronic Data Interchange (EDI)

A

the computer to computer exchange of business transaction documents

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

EDI -Reduced handling costs and increased processing speed

A

reduces transaction handling costs and speeds transaction processing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

EDI- Standard data format

A

Standard data format

a. Mapping - process of determining the correspondence between data elements in an organization’s terminology and data elements in standard EDU terminology.
b. Standards - several different standards
- XML - extensible markup language - technology that has been developed to transmit data in flexible formats instead of the standard formats of EDI.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

EDI - Communication

A

EDI can be implemented using direct links between the organizations exchanging information via communication intermediaries, VANs or networks of VANs, or over the Internet.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Features of EDI

A
  • allows the transmission of electronic documents between compeer systems in different organizations
  • reduces handling costs and speeds transaction processing compared to traditional paper based processing.
  • requires that all transactions be submitted in a standard data format
  • can be implemented using direct links between the trading partners, communication intermediaries, VANs or networks of VANs, or over the Internet.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Costs of EDI

A
  1. Costs of EDI
    a. Legal costs
    b. Hardware costs
    c. Costs of translation software
    d. Costs of data transmission
    e. Costs associated with security, monitoring and control procedures
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

EDI controls

A

Audit trails should include:

  • activity logs of failed transactions
  • network and sender/recipient acknowledgements
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

EDI Risks

A

unauthorized access to the organization’s system is the greatest risk

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Comparison of EDI and E-Commerce

A
Which has higher?
Cost - EDI
Security - EDI
Speed - E-Commerce
Network - EDI - VAN (private), E-Commerce - Internet (public)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Business process reengineering

A

the analysis and redesign of business processes and information systems to achieve significant performance improvements.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Challenges faced in business process reengineering

A
  1. Tradition - old ways of doing things do not die easily
  2. Resistance - people don’t like changes
  3. Time and cost requirements - takes 2 + years to complete
  4. Lack of management support
  5. Skepticism
  6. Retraining
  7. Controls
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Business to business (B2B)

A
  1. Business to Consumer (B2C) transaction - a business sells its products or services to the public
  2. Business to Business (B2B) transaction - a business sells products to another business
  3. Consumer to Consumer (C2C) transaction - consumers sell products to other consumers (eBay)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

B2B E-Commerce

A

a lot of business do that, especially in the wholesale markets

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

Electronic market

A

Internet transactions can occur between businesses where there is no pre existing relationship.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

Direct market

A

B2B transactions may occur electronically between businesses where there is a pre-existing relationship (EDI, corporate intranets and extranets)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

Importance of B2B

A
  1. Speed - the faster the better and the Internet is faster than phone, fax or mail.
  2. Timing - E-Commerce transactions do not have to occur during normal business hours (time zones)
  3. Personalization - after registering with a new business partner, the website can guide it to the most interesting areas.
  4. Security - private info is encrypted
  5. Reliability - transactions occur electronically from one computer directly to another computer, the transactions should be very precisely performed, no opportunity for human error
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

Factors to consider

A
  1. The selection of the business model
  2. Channel conflicts - the possibility of stealing business from existing sales or channels
  3. Legal issues - laws governing electronic commerce
  4. Security - outsiders can hack into your account
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

Components of B2B

A
  1. the customer connecting to the site through the Internet
  2. the seller’s site behind an enterprise firewall
  3. the seller’sInternet commerce center, considering of an order entry system and a catalog system containing product descriptions and other information on what is for sale and which acts as an interface to the customer’s browser.
  4. the seller’s back office system for inventory management, order processing, and order fulfillment, which could include a shipping or transportation system
  5. the seller’s back office accounting system
  6. the seller’s payment gateway communicating via the Internet to validate and authorize credit card transactions or other payment methods.
38
Q

B2B vs B2C

A

B2C - less complex, the payment mechanism is more problematic

39
Q

Enterprise Resource Planning System (ERP) defined

A
  • a cross functional enterprise system that integrates and automates the many business processes that must work together in the manufacturing, logistics, distribution, accounting, finance and HR of a business.
  • ERP software comprises a number of modules that can function independently or as an integrated system to allow data and information to be shared among all of the different departments and divisions of large businesses.
40
Q

ERP Functions

A
  1. ERP systems store information in a central repository so that data may be entered and accessed and used by the various departments.
  2. ERP systems act as the framework for integrating and improving an organization’s ability to monitor and track sales, expenses, customer service, distribution, and many other business functions.
  3. ERP systems can provide vital cross functional information quickly to managers across the organization in order to assist them in the decision making process.
41
Q

Supply chain management

A

concerned with four characteristics of every sale: what, when, where, how much

42
Q

Supply chain management functions

A
  1. Achieve flexibility and responsiveness
    - planning
    - sourcing
    - making
    - delivery
  2. Supply chain planning software
  3. Often termed an extension of ERP
43
Q

Customer relationship management systems defined

A

provide sales force automation and customer services in an attempt to manage customer relationships.

44
Q

Customer relationship management systems objectives

A
  • increase customer satisfaction and increase revenue and profitability.
  • CRM attempts to do this by appearing to market to each customer individually.
  • the assumptions are that 20% of customers generate 80% of sales and that it is 5-10 time more expensive to acquire a new customer that to obtain repeat business from an existing customer.
45
Q

Categories of CRM

A
  1. Analytical CRM - creates and exploits knowledge of a company’s current and future customers to drive business decisions
  2. Operational CRM - the automation of customer contracts or contact points
46
Q

Electronic Funds Transfer system

A
  • a form of electronic payment for banking and retailing industries.
  • the federal reserve fedwire system (automated clearing house network) is used very frequently in EFT to reduce the time and expense required to process checks and credit transactions
47
Q

Electronic Funds Transfer system

A
  1. Third party vendor - EFT service is often provided by a third party vendor who acts as the intermediary between the company and banking system
  2. Data encryption - EFT security is provided via various types of data encryption.
  3. Reduction in errors - EFT reduces the need for manual data entry, thus reducing the occurrence of data entry errors
48
Q

Application Service Providers (ASP)

A
  • provide access to application programs on a rental basis.
  • They allow small companies to avoid the extremely high cost of owning and maintaining today’s application systems by allowing them to pay only for what is used.
  • The ASPs own and host the software.
49
Q

Advantages of ASP

A
  • lower cost

- greater flexibility

50
Q

Disadvantages of ASP

A
  • possible risks to the security and privacy of the organization’s data
  • the financial viability or thereof lack of the ASP
  • possible poor support by the ASP
51
Q

Similar concepts to ASP

A
  • IBM offers a similar thing in its utility computing and E-Commerce on demand strategies
  • ASPs are similar to the timesharing providers or service bureaus of the past that rented raw computing power (time on computers) to customers, except that ASPs rent applications instead of just the computer processing
  • related to ASPs are present day service bureaus, which perform processing outside the organization
52
Q

Web 2.0

A
  1. Collaborative websites and social networking - collaborative website in which users not only brows content, but also ass and modify content
  2. Dynamic content - increase in web pages with dynamic content, linked to databases, price lists and catalog product lists.
53
Q

Mashups

A

Web pages that are collages of other web pages and other information (google maps)

54
Q

Web stores

A
  1. Stand alone web stores - many small companies have stand alone Web stores that are not integrated with large accounting systems (shopping cart software)
  2. Integrated web stores - many larger companies, and an increasing number of small companies, have turned to ERP systems that integrate all the major accounting functions, as well as the web stores into a single software system
55
Q

Cloud computing

A

virtual servers available over the Internet

56
Q

Cloud computing services

A
  1. Infrastructure as a service (IaaS) - outsources storage, hardware, services, and networking components to customers
  2. Platform as a service (PaaS) - allows customers to rent virtual servers and related services that can be used to develop and test new software applications
  3. Software as a service (SaaS) - method of software distribution in which applications are hosted by a vendor or service provider and made available to customers over the Internet
57
Q

Hypertext Markup Language (HTML)

A

a tag base formatting language used for web pages

58
Q

Hypertext Transfer Protocol (HTTP)

A
  • communications protocol used to transfer Web pages on the World Wide Web.
  • HTTP uses SSL (secure socket layer) for its security
59
Q

URL

A
  • a Web address is the uniform resource locator (URL) that directs the user to a specific location on the web
60
Q

Web addresses

A
  1. Transfer protocol http:// (Hypertext Transfer Protocol) or ftp:// (File Transfer Protocol)
  2. Server www (web server)
  3. Domain name - Becker - subdomain name, Becker.com - füll domain name
  4. Top-leve domain .com, .net, .edu (generic top level domains)
  5. Country .us, .de. pl (country code top level domains)
  6. http://www.becker.com.us (us not needed)
61
Q

TCP

A

Transport Control Protocol is the transmission protocol of the Internet protocol suite. TCP is a transport layer protocol.

62
Q

Domain name

A

includes one or more IP addresses

63
Q

Domain Name System (DNS)

A

system of domain names that is employed by the Internet

64
Q

Domain Name Warehousing

A

practice of obtaining control of domain names with the intent of warehousing (owning but not using)

65
Q

Web Server

A

a computer that delivers a Web page upon request

66
Q

Web Hosting Service

A

an organization that maintains a number of Web servers and provides fee paying customers with the space to maintain their websites

67
Q

WiFi

A
  1. WiFi Alliance - a global nonprofit org with the goal of driving the adoption of a single worldwide accepted standard for high speed wireless local area networks
68
Q

Potential errors in computerized system

A
  1. Opportunity for remote access increases the likelihood for unauthorized access.
  2. Concentration of information means that once security is breached, the potential for damage is higher.
  3. Decrease human involvement in processing results in a decreased opportunity for observation of errors.
  4. Errors or fraud might occur in the design or maintenance of application programs.
69
Q

Safeguard files and records

A

Safeguarding of files and records is important because inadequate protection may result in loss or damage that might drive an organization out of business. Hardware cab aways be replaced, but data often can’t be.

70
Q

Encryption

A

Encryption involves using a password or a digital key to scramble a readable message (plaintext) into an unreadable (cipher text). The intended recipient of the message then uses either the same or another digital key (depending on encryption method) to convert the cipher text message back into plaintext.

71
Q

Password management policy

A
  1. Password length - the longer the better. Passwords should be greater than seven characters, many organizations requires 8.
  2. Password complexity - complex passwords feature three of the following four characteristics: uppercase, lowercase, numeric characters and ASCII characters !@@#$$%
72
Q

Types of policy

A
  1. Program level policy
  2. Program framework policy
  3. Issue specific policy
  4. System specific policy
73
Q

Digital signatures

A

use asymmetric encryption to create legally binding electronic documents

74
Q

E-signatures

A

an alternative mechanism for accomplishing the same objective. An e-signature is a cursive style imprint of a person’s name that is applied to an electronic document.

75
Q

Information security policy

A

states how organization plans to protect its tangible and intangible information assets

76
Q

Internet

A

international network composed of servers around the world that communicate with each other

77
Q

Public Key Infrastructure

A

the system and processes used to issue and manage asymmetric keys and digital certificates

78
Q

Implementation of EDI

A
  1. Legal cost
  2. Hardware cost
  3. Costs of translation software
  4. Costs of data transmission
  5. Process reengineering and employee training costs for affected applications
  6. Costs associated with security, monitoring and control procedures
79
Q

B2B transactions

A

When business sells its products to another business

80
Q

B2B e-Commerce

A

many businesses buy, sell, or trade their products and services with other businesses

81
Q

Electronic market

A

very common for B2B transactions to occur electronically via the Internet

82
Q

Direct market

A

B2B transactions occur electronically between businesses when there is a preexisting relationship

83
Q

Advantages of B2B e-Commerce

A
  1. Speed
  2. Timing
  3. Personalization
  4. Security
  5. Reliability
84
Q

Electronic Funds Transfer EFT

A

Major form of electronic payment for banking and retailing industries.
EFT uses a variety of technologies to transact, process, and verify money transfers and credits between banks, businesses, and consumers. The Federal Reserve wire system is used very frequently in EFT to reduce the time and expense required to process checks and credit transactions.

85
Q

EDI

A

computer to computer exchange of business transaction documents

86
Q

EDI transactions are submitted

A

submitted in a standard data format

87
Q

EDI Mapping

A

the process of determining the correspondence between elements in a company’s terminology and elements in standard EDI terminology

88
Q

Characteristics of EDI

A
  1. EDI allows the transmission of electronic documents between systems in different organizations
  2. EDI reduces handling costs and speeds transaction processing
  3. EDI can be implemented using direct links, VANs, or over the Internet
  4. EDI can be implemented using direct links, VANs, or over the Internet.
89
Q

EDI controls

A
  1. Encryption of data
  2. Activity logs of failed transactions
  3. Network and sender/recipient acknowledgments
90
Q

e-Commerce

A

involves electronic consummation of exchange transactions. Uses the Internet