CHARACTERISTICS OF IT SYSTEMS Flashcards
Types of networks:
By geographical scope
By Ownership
By use of internet
Networks by geographical scope:
PAN
LAN
MAN
WAN
What is a network?
group of interconnected computers and terminals
PAN
personal area network
centered around the individual
and the devices he uses
wired or wireless
LAN
local area network
privately owned
within a single building or campus
up to few miles in size
MAN
metropolitan area network
larger than LAN
group within a city
WAN
wide area network
country or continent
Network by ownership
private
public
cloud computing/cloud services
Disadvantages of cloud computing
information security and privacy
continuity of services
migration
HTML
Hypertext Markup Language
XML
Extensible Markup Language
XML
language used to create and format documents
link documents to web pages/trading partners
communicate between web browsers
superior ability to tag
XBRL
Extensible Business Reporting Language
XML based
used in automation of business info requirements
used in filings with SEC (EDGAR)
sharing of reports, fs, audit schedules
electronic data gathering and retrieval
Internet
international collection of networks
made up of independent computers
operate as a large computing network
requires use of TCP and IP
HTTP
Hypertext Transfer Protocol
primary internet protocol
for data communication
in the www
URL
Uniform Resource Locator
typing the address
works like the postal department
WWW
world wide web
framework for accessing linked resources
WEB BROWSER
client software (mozilla, explorer)
provides user with ability
to locate and display web resources
Web servers
software
serves web resources to web clients
Firewall
protects computers and its information
from outsiders
has security algorithms and
router communications protocols
Router
communications interface device
connects 2 networks
determines the best way to move data
to its destination
Bridge
a device
divides the LAN into 2 segments
works like a switch
forwards traffic across network
Switch
a device channels incoming data from any multiple input ports to specific output port that will take data to its destination
Gateway
combination of hardware and software
links to different types of networks
Proxy server
saves and serves copies of web pages
increase efficiency of internet operations
help assure data security
Cache
reserve of web pages already sent or loaded
Web 2.0 and its tools
2nd generation of the web
blog
wiki
twitter
RSS/ATOM Feeds -really simple syndication
RSS/ATOM Feeds
an XML application
subscribe to share website content
TCP / IP
Transmission Control Protocol
Internet Protocol
the basic communication language/protocol in the internet
TCP
Transmission Control Protocol
the higher layer of internet protocol
assembles messages/files
into smaller packets
and transmitted to the internet
IP
lower layer of internet protocol
assigns IP addresses
ensures message delivery to computer
IP address
unique number identifier
ISP
Internet Service Provider
time warner
Types of Virus
Trojan Horse
Worm
Virus
a program/code that
requests the computer to
perform activities not authorized by the user
transmitted thru use of files containing macros
Macro
stored set of instructions and functions
organized to perform repetitive task
activated by keystroke combination
Worm
propagates over a network
Botnet
network of computers controlled by computer code designed to perform a repetitive task sending spam, spreading virus creating distributed denial of service attack
Bot
a computer code that sends spam
spreads virus
Intranet
local network within an organization
Extranet
intranet
includes external customers and suppliers
Database client server architecture
It is important to consider the architecture when considering a network
3 responsibilities important:
input
processing
storage
consider the Client-server relationship
Cient
the computer or workstation of an individual user
Server
high capacity computer containing the network software provides services by serving files to clients and performing analyses
Client server model
starts with a request message
from a client to the server
asking for service to be performed
Overall client-server systems
a networked computing model (LAN) in which a database software on a server's platform performs commands/requests from client computers
File server
Client Tier
subtype of client-server architecture
file server manages the file operations
shared by each of the client PCs
input,output and processing by client computer
all data manipulations done by client computer
file server stores data
Database servers
Service Database Tier
similar to file server
but server performs more of the processing
server contains database management system
Three Tier architecture
in addition to the file server and database servers
a 3rd tier is added for the application program
Other servers serving as 3rd layer:
print server
communications server
fax server
web server
Communications Server
act as gateway to the internet or intranet
Distributed Systems?
system that connects all company locations
to form a distributed network
each location has its own input/output,
processing and storage
computers pass data among themselves
pass data to server or host for further processing
Hardware components
workstations - microcomputers
peripherals
transmission data
network interface cards
peripherals
printer
attached storage
scanners
fax board
Transmission media
physical path
that connects components of LAN
wires, cables, optical fibers
WLAN or WIFI
wireless LANs
Network interface cards
connect workstation and transmission media
Control Implications
General controls are often weak
Controls rely on end users
Inadequate resources for troubleshooting
Good controls management, there is segregation of duties
LAN ordinarily does not have security features like larger scale environments
Important requirements when using small computers
Security
Verification of processing
Personnel
Security control process
Control access to software installation file
Make backup copies
Restrict access to hard drive
Segregate duties in data processing
Verification of processing control
Computers should not be used for personal projects
Perform period independent verification of applications used
Personnel control
Centralized authorization
to purchase hardware and software
Prohibit loading of unauthorized software and data
Sensitive data should not be downloaded on protable devices
EUC End User Computing
Use of microcomputers 3wsUse of end user applications End user responsible for development and execution of the application Risks involved
Control implications
Test applications before implementing Require adequate documentation Physical access controls Control access to authorized users only Control use of incorrect versions of data files Backup files Application controls Perform programmed reconciliations
Risks in E Commerce
security availability processing integrity online privacy confidentiality
How to assure data integrity?
WebTrust seal of assurance
Digital IDs /certificates
Encryption
Offsite mirrored web servers
Digital certificate?
digital signature required
to assure recipient of data validity
message is encrypted and recipient decrypts it
Encryption
original data is converted to cipher text
Decryption
Convert encrypted data back to original data
Use algorithms and keys
Only users control
Algorithm
detailed sequence of actions to perform a task
Key
a value that must be fed into the algorith used to decode an encrypted message
Private key system
encryption system
both sender and receiver have access
Encryption is important
any time two or more computers are communicating
keep private info on one computer
System overhead
machine instructions
necessary to encrypt and decrypt data
slows down processing
Electronic data interchange
electronic exchange of business transactions
from one entity’s computer to another
through an electronic communications network
Risks on EDI
audit trails for internal and external auditors
activity logs
sender/recipient acknowledgment of receipt of transactions
auditors should test controls on timely basis while records are available
Methods of communication between trading partners
Point to point
VAN - value added network
Public networks
Proprietary networks
Point to point
a direct computer to computer private network link
VAN
value added network
privately owned network
that routes EDI transactions
between trading partners
and provides storage, translation, processing
Advantages of VAN
reduces communication and data protocol problems bec VANs can deal with differing protocols
partners don’t have to establish point to point connections
reduces scheduling problems-receiver requests delivery of transactions anytime
VAN translates application to standard format
the partner doesn’t have to reformat
provides increased security
Disadvantages of VAN
costly
dependence upon VANs systems and controls
possible loss of data confidentiality
Public Networks advantages
Advantages
avoids cost of proprietary lines avoids cost of VAN directly communicates transactions to trading partners software allows communication between differing systems
Public network disadvantages
possible loss of data confidentiality
computer transmission disruption
prone to hacker an viruses
possible electronic frauds
EFT electronic fund transfer
making cash payments between two organizations electronically
Disadvantage of EFT
risk of unauthorized access
risk of fraudulent fund transfers
EFT Controls
Control physical access
to network facilities
Require electronic identification
for all network terminals
authorized to use EFT
Control access thru passwords
Encrypt stored and transmitted data
Advantages of Point to Point method
no reliance on 3rd parties for computer processing
organization controls access to network
organization enforces propriety to software
improved timeliness in delivery
Disadvantages of Point to Point Method
need to establish connection
with trading partner
high initial cost
computer scheduling issues
common protocols between partners needed
need hardware and software
compatibilty of both points
Proprietary Networks
private network of organizations
extremely reliable
needs proprietary lines
costly to develop and operate
Encryption and authentication controls are important in EDI because
absence of paper transactions
direct interrelationship with another organization’s computer
Authentication controls
controls from origin of transaction
submission and delivery of EDI communications
receiver must have proof of the origin of the message, proper submission and delivery
Packets
a block of data
transmitted from one computer to another
contains data and authentication info
Benefits of EDI
quick response and access to info cost efficient reduced paperwork reduced errors and correction costs better communications and cust service necessary to remain competitive
Principles of a reliable system - IT risks and internal control
SAPOC
security availability processing integrity online privacy confidentiality
Exposures of EDI
total dependence upon computer system
sensitive information exposure -lose confidentiality
audit trail - lost due to limited retention policies
unauthorized transactions and fraud
reliance on trading partners VAN who control EDI
errors -data processing, application and communication
legal liability due to errors
Telecommunications Systems
electronic transmission of information
voice, data, video, fax etc
using hardware and software
hardware:
computers -communications control and switching
radio, wire, fiber, optic, coaxial cable
microwave, laser, electromagnetic systems
modems - compatibility issues
software
controls and monitors the hardware formats information adds control information performs switching operations provides security supports the management of communications
Role of software in telecommunications system
controls and monitors the hardware formats information adds control information performs switching operations provides security supports the management of communications
Uses of telecommunications system
EDI DFT POS commercial databases airline reservations etc
Controls needed in telecommunications system
Controls on:
data entry central computer equipment security system integrity at remote sites dial in security transmission accuracy and completeness physical security of facilities regular test of controls
Computer service organizations`
record and process data for organizations
payroll checks
VAN - same as CSO but with broader role
provides network, storing, forwarding mailbox, services of companies using EDI
