Chapter 8: Technology Management

Question 1

what is the role of the Head of IT?

Answer 1

• Known as The Chief Information Officer (CIO) or a Chief Technology Officer (CTO).
• sets the company’s technology strategy (in conjunction with the rest of the business)

Question 2

what is the role of the Head of production support?

Answer 2

• usually responsible for the provision of all server and for the day-to-day running and support of the production (or live) systems.
• Database administrators (DBAs) and Help desk analysts report to this individual

Question 3

what is the role of the Head of Development and Implementation?

Answer 3

responsible for the commissioning of new applications and ensures smooth operation of the firm’s technology systems

Question 4

what is the role of the Head of Business Continuity?

Answer 4

responsible for managing the company’s business continuity
plans (BCPs) and disaster recovery plans (DRPs)

Question 5

what are the building blocks of technology infrastructure?

Answer 5

client side interface, application, middleware/real-time messaging layer (software products that distribute and obtain real-time data to and from other parties)

the database that stores data

Question 6

what are the 7 operational risk types identified by Basel

Answer 6

• Internal Fraud
• External Fraud
• damage to physical assets
• Employment practices and safety
• Clients and business practices
• Execution, delivery and process management

Question 7

what two categories can the governance of the risk management be divided into?

Answer 7

maintaining business as usual
introducing business change

Question 8

what are the technology implications of maintaining business as usual?

Answer 8

systems within the technology function, operational procedures need to be put in place

• Ensuring business applications and the configurations are able to cope with normal business volumes
• Recording deficiencies in the design or operation of systems
• Protecting the organisation from system security issues
• Ensuring system development keeps pace with rapidly evolving user requirements.
• Ensuring minimal manual intervention

Question 9

what are the technology implications of managing business change?

Answer 9

• aligning technology strategy with the business strategy
• aligning the solution to the strategic business drivers
• managing and monitoring risks of introducing the change
• providing visibility of risks and issues to responsible stakeholders
• risk of over- (and under-) spend
• risk of duplicate systems
• Risk of delivering late, or not delivering what is required
• complexity risk
• scope expansion risk
• managing external parties

Question 10

what does cyber security involve?

Answer 10

the methods and processes used to protect computer systems’ hardware, software and data from: Damage, theft, unauthorised use, and disruption

Question 11

what is hacking?

Answer 11

Stealing personal information to pose as someone else, often for financial gain

Question 12

what is cyber espionage?

Answer 12

Stealing valuable and confidential information about products, services, patents, designs, and intellectual property

Question 13

what is Malware?

Answer 13

Software designed to gain unauthorized access to computer systems to disrupt operations or gather private information illegally

Question 14

what is Spyware?

Answer 14

Software that collects information without the user’s knowledge and sends it to a third party. It can gather personal data, interfere with user control, and be challenging to detect

Question 15

what is Phishing?

Answer 15

Cybercrime designed to trick users into disclosing personal financial details by creating fake websites resembling legitimate ones

Question 16

what is Ransomware?

Answer 16

Blocking access to systems and threatening to publish or destroy data unless a ransom is paid

Question 17

what are Viruses, Worms and trojans?

Answer 17

Viruses are programs that copy and infect multiple files, while worms replicate without infecting other files. Trojans appear legitimate but result in unauthorized access to computer files

Question 18

what is Keylogging?

Answer 18

Recording keystrokes on a keyboard without the user’s knowledge, often used to capture personal details

Question 19

what is Form Grabbing?

Answer 19

Intercepting and collecting data submitted to web browsers before it passes over the internet

Question 20

what are Botnets?

Answer 20

Networks of computers controlled by cybercriminals through malware.

Question 21

what are DDoS Attacks?

Answer 21

Distributed Denial of Service (DDoS) attacks aim to make a machine or network resource unavailable by overwhelming it with a high volume of requests. The motives can range from vandalism and political reasons to revenge or competitor sabotage

Question 22

what are the functions of a help desk?

Answer 22

• Receive issues from users and prioritise them
• pass them to the appropriate individuals for action
• monitor whether the issue has been actioned, close the issues or escalate them to management
• provide a database of ‘FAQs that can be used by help desk
• provide statistical and trend reports to management

Question 23

what is an SLA?

Answer 23

contract between a service provider and its customers, in which a
certain level of service is agreed upon

refers to both the quality of the service, the time deadlines, and specifies penalties to be paid by either party

Question 24

what are Key Performance Indicators (KPIs)?

Answer 24

metrics used to measure the performance of a service or process

Question 25

what is Service level management (SLM)?

Answer 25

management of SLAs to ensure that they are up to date and current

Question 26

what is the Disaster Recovery Planning Process?

Answer 26

• Obtain Top Management Commitment
• Establish a Planning Committee
• Perform a Risk Assessment
• Establish Priorities for Processing and Operations

Question 27

what is a BCP?

Answer 27

Business continuity plans (BCPs): concerned with ensuring that the
firm is able to recover from an emergency such as utility disruptions, software failures and hardware failures

Question 28

what is DR?

Answer 28

Disaster recovery (DR): the process of regaining access to the data, hardware and software necessary to resume critical business operations after Loss of internal or external application, Physical damage events, Natural disaster

Question 29

what is operational resilience?

Answer 29

firms are expected to proactively take ownership of their operational resilience and treat it as a priority activity

Question 30

what are change control procedures?

Answer 30

processes designed to prevent software or hardware from being amended without control, auditability and review of the impact by all interested parties

Question 31

what is technology risk?

Answer 31

the risk that technology configuration complexity creates a business risk because, the configuration is costly and complex to run and this
makes changes challenging

Question 32

how can technology business risk be managed?

Answer 32

 management of applications
 implementing solid processes for DR and BCP
 employing solid and rigorously reinforced change control process
 implementing an organisation-wide business change process