Chapter 8: Technology Management Flashcards
what is the role of the Head of IT?
- Known as The Chief Information Officer (CIO) or a Chief Technology Officer (CTO).
- sets the company’s technology strategy (in conjunction with the rest of the business)
what is the role of the Head of production support?
- usually responsible for the provision of all server and for the day-to-day running and support of the production (or live) systems.
- Database administrators (DBAs) and Help desk analysts report to this individual
what is the role of the Head of Development and Implementation?
responsible for the commissioning of new applications and ensures smooth operation of the firm’s technology systems
what is the role of the Head of Business Continuity?
responsible for managing the company’s business continuity
plans (BCPs) and disaster recovery plans (DRPs)
what are the building blocks of technology infrastructure?
client side interface, application, middleware/real-time messaging layer (software products that distribute and obtain real-time data to and from other parties)
the database that stores data
what are the 7 operational risk types identified by Basel
- Internal Fraud
- External Fraud
- damage to physical assets
- Employment practices and safety
- Clients and business practices
- Execution, delivery and process management
what two categories can the governance of the risk management be divided into?
maintaining business as usual
introducing business change
what are the technology implications of maintaining business as usual?
systems within the technology function, operational procedures need to be put in place
- Ensuring business applications and the configurations are able to cope with normal business volumes
- Recording deficiencies in the design or operation of systems
- Protecting the organisation from system security issues
- Ensuring system development keeps pace with rapidly evolving user requirements.
- Ensuring minimal manual intervention
what are the technology implications of managing business change?
- aligning technology strategy with the business strategy
- aligning the solution to the strategic business drivers
- managing and monitoring risks of introducing the change
- providing visibility of risks and issues to responsible stakeholders
- risk of over- (and under-) spend
- risk of duplicate systems
- Risk of delivering late, or not delivering what is required
- complexity risk
- scope expansion risk
- managing external parties
what does cyber security involve?
the methods and processes used to protect computer systems’ hardware, software and data from: Damage, theft, unauthorised use, and disruption
what is hacking?
Stealing personal information to pose as someone else, often for financial gain
what is cyber espionage?
Stealing valuable and confidential information about products, services, patents, designs, and intellectual property
what is Malware?
Software designed to gain unauthorized access to computer systems to disrupt operations or gather private information illegally
what is Spyware?
Software that collects information without the user’s knowledge and sends it to a third party. It can gather personal data, interfere with user control, and be challenging to detect
what is Phishing?
Cybercrime designed to trick users into disclosing personal financial details by creating fake websites resembling legitimate ones
what is Ransomware?
Blocking access to systems and threatening to publish or destroy data unless a ransom is paid
what are Viruses, Worms and trojans?
Viruses are programs that copy and infect multiple files, while worms replicate without infecting other files. Trojans appear legitimate but result in unauthorized access to computer files
what is Keylogging?
Recording keystrokes on a keyboard without the user’s knowledge, often used to capture personal details
what is Form Grabbing?
Intercepting and collecting data submitted to web browsers before it passes over the internet
what are Botnets?
Networks of computers controlled by cybercriminals through malware.
what are DDoS Attacks?
Distributed Denial of Service (DDoS) attacks aim to make a machine or network resource unavailable by overwhelming it with a high volume of requests. The motives can range from vandalism and political reasons to revenge or competitor sabotage
what are the functions of a help desk?
- Receive issues from users and prioritise them
- pass them to the appropriate individuals for action
- monitor whether the issue has been actioned, close the issues or escalate them to management
- provide a database of ‘FAQs that can be used by help desk
- provide statistical and trend reports to management
what is an SLA?
contract between a service provider and its customers, in which a
certain level of service is agreed upon
refers to both the quality of the service, the time deadlines, and specifies penalties to be paid by either party
what are Key Performance Indicators (KPIs)?
metrics used to measure the performance of a service or process
what is Service level management (SLM)?
management of SLAs to ensure that they are up to date and current
what is the Disaster Recovery Planning Process?
- Obtain Top Management Commitment
- Establish a Planning Committee
- Perform a Risk Assessment
- Establish Priorities for Processing and Operations
what is a BCP?
Business continuity plans (BCPs): concerned with ensuring that the
firm is able to recover from an emergency such as utility disruptions, software failures and hardware failures
what is DR?
Disaster recovery (DR): the process of regaining access to the data, hardware and software necessary to resume critical business operations after Loss of internal or external application, Physical damage events, Natural disaster
what is operational resilience?
firms are expected to proactively take ownership of their operational resilience and treat it as a priority activity
what are change control procedures?
processes designed to prevent software or hardware from being amended without control, auditability and review of the impact by all interested parties
what is technology risk?
the risk that technology configuration complexity creates a business risk because, the configuration is costly and complex to run and this
makes changes challenging
how can technology business risk be managed?
management of applications
implementing solid processes for DR and BCP
employing solid and rigorously reinforced change control process
implementing an organisation-wide business change process
