DCIT 65 | Pre-Finals | Lecture Flashcards
an area in which IT workers may be tempted to violate laws and policies
software piracy
in a corporate setting is sometimes directly traceable to IT staff members
software piracy
are trade groups that represent the world’s largest software and hardware manufacturers
Software & Information Industry Association (SIIA) and the BSA | The Software Alliance (BSA)
promotes the common interests of the software and digital content industry
Software & Information Industry Association (SIIA)
informs the industry and the broader public by serving as a resource on trends, technologies, policies, and related issues that affect member firms and demonstrate the contribution of the industry to the broader economy
Software & Information Industry Association (SIIA)
funded both through dues based on member companies’ software revenue and through settlements from companies that commit piracy
The Software Alliance (BSA)
its membership includes about two dozen global members such as Adobe, Apple, Dell, IBM, Intuit, Microsoft, Oracle, and SAS Institute
The Software Alliance (BSA)
an information, generally unknown to the public, that a company has taken strong measures to keep confidential. It represents something of economic value that has required effort or cost to develop and that has some degree of uniqueness or novelty
trade secret
it can include the design of new software code, hardware designs, business plans, the design of a user interface to a computer program, and manufacturing processes.
trade secret
is an effort by an employee to attract attention to a negligent, illegal, unethical, abusive, or dangerous act by a company that threatens the public interest
whistle-blowing
they often have special information based on their expertise or position within the offending organization
whistle-blowers
is the crime of obtaining goods, services, or property through deception or trickery
fraud
the misstatement or incomplete statement of a material fact
misrepresentation
occurs when one party fails to meet the terms of a contract
breach of contract
occurs when a party fails to perform certain express or implied obligations, which impairs or destroys the essence of the contract
material breach of contract
frequent causes of problems in IT projects include the following:
scope creep
poor communication
delivery of an obsolete solution
legacy systems
Changes to the scope of the project or the system requirements can result in cost overruns, missed deadlines, and a project that fails to meet end-user expectations
scope creep
Miscommunication or a lack of communication between customer and vendor can lead to a system whose performance does not meet expectations
poor communication
The vendor delivers a system that meets customer requirements, but a competitor comes out with a system that offers more advanced and useful features
delivery of an obsolete solution
If a customer fails to reveal information about legacy systems or databases that must connect with the new hardware or software at the start of a project, implementation can become extremely difficult.
legacy systems
act of providing money, property, or favors to someone in business or government in order to obtain a business advantage
bribery
process established by an organization’s board of directors, managers, and IT systems people to provide reasonable assurance for the effectiveness and efficiency of operations, the reliability of financial reporting, and compliance with applicable laws and regulations
internal control
an organization’s internal control resources include all the
people
policies
processes
procedures
systems
guidelines and standards by which the organization must abide
policies
drive processes and procedures
policies
a collection of tasks designed to accomplish a stated objective
processes
defines the exact instructions for completing each task in a process
procedure
responsible for ensuring that an adequate system of internal control is set up, documented with written procedures, and implemented
management
responsible for assessing whether the internal controls have been implemented correctly and are functioning as designed; they report its findings to management
internal audit organization
made in secret, as they are neither legally nor morally acceptable
bribes
made indirectly through a third party
bribes
encourage an obligation for the recipient to act favorably toward the donor
bribes
made openly and publicly, as a gesture of friendship or goodwill
gifts
made directly from donor to recipient
gifts
come with no expectation of a future favor for the donor
gifts
most frequent areas of résumé falsehood or exaggeration
overstated skill set
job title
academic degrees earned
embroidered responsibility
awards
refers to a person who uses a hardware or software product; the term distinguishes end users from the IT workers who develop, install, service, and support the product
IT user
one who possesses the skill, good judgment, and work habits expected from a person who has the training and experience to do a job well
professional
states the principles and core values that are essential to the work of a particular occupational group
professional code of ethics
ACM means?
Association for Computing Machinery (ACM)
SANS means?
SysAdmin, Audit, Network, Security (SANS) Institute
IEEE-CS means?
Institute of Electrical and Electronics Engineers Computer Society (IEEE-CS)
AITP means?
Association of Information Technology Professionals (AITP)
indicates that a professional possesses a particular set of skills, knowledge, or abilities, in the opinion of the certifying organization
certification
Apple Certified Technical Coordinator
MAC OS X
Cisco Certified Design Associate
Cisco Hardware
Cisco Certified Network Professionals
Cisco Networking
Cisco Certified Internetwork Expert
Cisco Networking
Microsoft Certified Professional
Microsoft Products
Citrix Certified Administrator (CCA)
Citrix Products
Oracle Database 12c: Certified Expert Performance Management and Tuning
Oracle Database
Salesforce.com Certified Administrator
Salesforce Software
government-issued permission to engage in an activity or to operate a business
government license
software engineers shall adhere to the following eight principles:
public
client and employer
product
judgement
management
profession
colleagues
self
defined as not doing something that a reasonable person would do or doing something that a reasonable person would not do.
negligence
the failure to act as a reasonable person would act
breach of the duty of care
Professionals who breach the duty of care are liable for injuries that their negligence causes. This liability is commonly referred to as
profession malpractice
a corporate setting can sometimes be directly traceable to IT professionals—they might allow it to happen, or they might actively engage in it.
software piracy
Some employees use their computers to surf popular websites that have nothing to do with their jobs, participate in chat rooms, view pornographic sites, and play computer games
Inappropriate Use of Computing Resources
Every organization stores vast amounts of information that can be classified as either private or confidential.
Inappropriate Sharing of Information
Common Ethical Issues for IT Users
Software Piracy
Inappropriate Use of Computing Resources
Inappropriate Sharing of Information
a document that stipulates restrictions and practices that a user must agree to in order to use organizational computing and network resources
acceptable use policy (AUP)
AUP’s five key elements
purpose of the AUP
scope
policy
compliance
sanctions
their responsibilities include managing the processes, tools, and policies necessary to prevent, detect, document, and counter threats to digital and nondigital information, whether it is in transit, being processed, or at rest in storage
Information security (infosec) group
hardware or software (or a combination of both) that serves as the first line of defense between an organization’s network and the Internet; a firewall also limits access to the company’s network based on the organization’s Internet-usage policy
firewall
means to be in accordance with established policies, guidelines, specifications, or legislation
compliance
a set of computer programs made up of a sequence of short commands called instructions that tell the computer what to do
software
a sequence of short commands __ that tell the computer what to do
instructions
software is in two forms:
ROM (read-only memory)
RAM (random access memory)
computer’s more permanent memory
ROM (read-only memory)
loaded on demand at runtime in less permanent but more volatile memory
RAM (random access memory)
creates or develops a set of programs to meet the specifications of a user, if there is a contract, or of a specific problem if it is a general software
software producer or developer
they are either individuals working alone or companies such as Microsoft, which employs hundreds of software engineers including analysts and programmers
developers
they obtain the finished software from the developer to satisfy a need, basing their decision on developer claims
software buyers or customers
consists of a series of random tests on the software during the development stage
development testing
involves static formal mathematical techniques such as proof of correctness and dynamic techniques such as testing to show consistency between the code and the basic initial specifications
verification and validation (V&V)
Standards
reliability
security
safety
quality
quality of service
the probability that such a software does not encounter an input sequence that leads to failure
reliability of software
a computer system software is __ if it protects its programs and data—in other words, if it does not contain trapdoors through which unauthorized intruders can access the system
secure
a state or a condition of passing through many forms or stages
polymorphism
A software system is __ if a condition is created whereby there is a likelihood of an accident, a hazard, or a risk
unsafe
a technique that tries to improve software quality through a software development process known as the software quality function development (SQFD)
total quality management (TQM)
represents a movement from the traditional techniques of TQM to the software development environment by focusing on improving the development process through upgrades in the requirement solicitation phase
software quality function development (SQFD)
means providing consistent, predictable service delivery that will satisfy customer application requirements
quality of service (QoS)
human factors
Memory lapses and attentional failures
rush to finish
malice
complacency
For example, someone was supposed to have removed or added a line of code, tested, or verified but did not because of simple forgetfulness
Memory lapses and attentional failures
The result of pressure, most often from management, to get the product on the market either to cut development costs or to meet a client deadline, can cause problems.
Rush to finish
it has traditionally been used for vendetta, personal gain (especially monetary), and just irresponsible amusement.
malice
When either an individual or a software producer has significant experience in software development, it is easy to overlook certain testing and other error control measures in those parts of software that were tested previously in a similar or related product
complacency
Nature of Software: Complexity
complexity
difficult testing
ease of programming
a state or set of conditions of a system or an object that, together with other conditions in the environment of the system, or object, will lead inevitably to an accident
hazard
hazard has two components:
severity and likelihood of occurrence
a hazard level together with the likelihood of an accident to occur and the severity of the potential consequences
risk
it can also be defined in simpler terms as the potential or possibility of suffering harm or loss—danger, in short
risk
a process to estimate the impact of risk. It is an approach for system managers to measure the system’s assets and vulnerabilities, assessing the threat and monitoring security
risk management
This involves identifying the software’s security vulnerabilities and may consist of a variety of techniques including question and answer, qualitative assessment, or methodology and calculation
assessment
simple equation for calculating risk
Risk = Assets x Threats x Vulnerabilities
involves outlining the policies for security management
planning
may seek to match the security needs of the system with all available security tools
good implementation
helps to determine the necessary changes and new security applications to the system
monitoring
a general attitude and approach to safety consisting of overconfidence, complacency, placing low priority on safety, and accepting flawed resolutions of conflicting goals
humanware
in the maiden days of the “__,” risk and vulnerability of both the computer user and data were not a problem
Wonder Machine
a computer-controlled electronic-accelerator radiation-therapy system developed by Atomic Energy of Canada, Ltd. (AECL). Between 1985 and 1987, the system was involved in a number of accidents, some resulting in deaths because of radiation overdose
Therac–25
machine works by creating a high-energy beam of electrons targeted to the cancerous tumor, leaving the healthy tissue surrounding the tumor unaffected
Therac–25
The Union Carbide industrial accident in Bhopal, India, illustrates many of the elements of this safety culture. In December 1984, an accidental release of methyl isocyanate killed between 2,000 and 3,000 people and injured tens of thousands of others, many of them permanently. The accident was later blamed on human error
The Indian Bhopal Chemical Accident
Accident in northern Ukraine, then a republic of the USSR, was the worst nuclear accident that has ever occurred. For a number of days after the accident, the Soviet government kept the world guessing at what was happening.
The Chernobyl Nuclear Power Accident
a game of wits played between the buyer and the seller
asset purchasing
an official commitment that prevails between a service provider and a client. Particular aspects of the service— quality, availability, and responsibilities—are agreed between the service provider and the service user
service-level agreement (SLA)
An agreement with an individual customer group, covering all the services they use
Customer-based SLA
An agreement for all customers using the services being delivered by the service provider
Service-based SLA
The SLA is split into the different levels, each addressing different set of customers for the same services, in the same SLA
Multilevel SLA
Covering all the generic service-level management (often abbreviated as SLM) issues appropriate to every customer throughout the organization
Corporate-level SLA
covering all SLM issues relevant to the particular customer group, regardless of the services being used
Customer-level SLA
covering all SLM issue relevant to the specific services, in relation to this specific customer group
Service-level SLA
Clearly defined promises reduce the chances of disappointing a customer
Customer commitments
a meeting of the minds on issues such as the price bargained or agreed upon, the amount paid or promised to be paid, and any agreement enforceable by law
Mutual consent
are guarantees that the product or service will live up to its reasonable expectations
warranties
an affirmation of a fact, a promise, or a description of goods, a sample, or a model made by the seller to the buyer relating to the goods and as a basis for payment negotiations
express warranties
are enforced by law according to established and accepted public policy
implied warranties
If a software product injures a user other than the buyer, the user may sue the producer for benefits due to injuries or loss of income resulting from the product. They are not common because they are rarely found valid in courts.
Third-Party Beneficiary Contracts
Producers try to control their liability losses by putting limits on warranties via __. Producers preempt lawsuits from buyers by telling buyers in writing on the contracts the limits of what is guaranteed
disclaimers
means the buyer beware
caveat emptor
a wrong committed upon a person or property in the absence of a contract. it may include negligence, malpractice, strict liability, and misrepresentation. it falls into two categories: intentional and unintentional
tort
can be used by the buyer to obtain benefits from the producer if there is provable evidence that the product lacked a certain degree of care, skill, and competence in the workmanship
negligence
a type of negligence. It is also applicable in cases involving services
malpractice
a tort involving products
strict liability
may be intentionally done by the sales representative to induce the buyer to buy the product or it may be just a genuine mistake
misrepresentation
you need to prove that the vendor was aware the facts given were not true or that the vendor would have known the true facts but opted not to inform the buyer accordingly
fraudulent misrepresentation
intentional misrepresentation is called?
fraudulent misrepresentation
Presentation of the software product by a person more familiar with the product to others with competent knowledge of that product so they can critique the product and offer informed suggestions
Formal review
Involves checking the known specific errors from past products and establishing additional facilities that may be missing in the product to bring the product up to acceptable standards
inspection
Requires code inspection line-by-line by a team of reviewers to detect potential errors
walk-through
technique developed by Knight and Mayers. it is an enhanced method combining the previous three methods by putting emphasis on the limitations of those methods
phased inspection
they need to protect themselves against piracy, illegal copying, and fraudulent lawsuits
software producers
