Final Exam

Question 1

threat

Answer 1

a person or organization that seeks to obtain or alter data or other IS assets illegally, without the owners permission and often without the owners knowledge

Question 2

vulnerability

Answer 2

an opportunity for threats to gain access to individual or organizational assets. some exist because there are no safeguards or because the existing safeguards are ineffective

Question 3

safeguard

Answer 3

any action, device, procedure, technique or other measure that reduces a system’s vulnerability to a threat

Question 4

target

Answer 4

the asset that is desired by a security threat

Question 5

pretexting

Answer 5

deceiving someone over the internet by pretending to be another person or organization

Question 6

phishing

Answer 6

a technique for obtaining unauthorized data that uses pretexting via email. the person doing the deed pretends to be a legitimate company and sends an email requesting confidential data such as account numbers, social security, account passwords etc

Question 7

phisher

Answer 7

an individual or organization that spoofs legitimate companies in an attempt to illegally capture personal data such as credit card numbers email accounts and driver’s license numbers

Question 8

spoofing

Answer 8

when someone pretends to be someone else with the intent of obtaining unauthorized data.

Question 9

IP spoofing

Answer 9

a type of spoofing whereby an intruder uses another site’s IP address as if it were that other site

Question 10

email spoofing

Answer 10

a synonym for phising. a technique for obtaining unauthorized data that uses pretexting via email. fisheries direct traffic to their sites under the guise of a legitimate business

Question 11

sniffing

Answer 11

a technique for intercepting computer communications. with wired networks this action requires a physical connection to the network and with wireless networks no such connection is required

Question 12

wardriver

Answer 12

people who use computers with wireless connections to search for unprotected wireless networks

Question 13

hacking

Answer 13

a form of computer crime in which a person gains unauthorized access to a computer system. although some people do this for the sheer joy of it, others invade systems for the malicious purpose of stealing or modifying data

Question 14

usurpation

Answer 14

occurs when unauthorized programs invade a computer system and replace legitimate programs. such unauthorized programs typically shut down the legitimate systems and substitute their own processing to spy, steal and manipulate data or achieve other purposes

Question 15

denial of service (DoS)

Answer 15

security problem in which users are not able to access an information system; can caused by human errors, natural disaster, or malicious activity

Question 16

advanced persistent threat (APT)

Answer 16

a sophisticated possibly long running computer hack that is perpetrated by large well funded organizations like governments. as means to engage in cyber warfare

Question 17

intrusion detection system (IDS)

Answer 17

a computer program that senses when another computer is attempting to scan the disk or otherwise access a computer

Question 18

brute force attack

Answer 18

a password cracking program that tries every possible combination of characters

Question 19

cookies

Answer 19

a small file that is stored in the user’s computer by a browser. can be used for authentication, for storing shopping cart contents and user preferences and for other legitimate purposes. can also be used to implement spyware

Question 20

identification

Answer 20

the process whereby an information system identifies a user by requiring the user to sign on with a username and password

Question 21

authentification

Answer 21

the process whereby an information system verifies or validates a user

Question 22

Gramm Leach Bliley (GLB) Act

Answer 22

passed by congress in 1999, this act protects consumer financial data stored by financial institutions which are defined as banks security firms insurance companies and organizations that provide financial advice, prepare tax returns, and provide similar financial services

Question 23

privacy act of 1974

Answer 23

federal law that provides protections to individuals regarding records maintained by the US government

Question 24

health insurance portability and accountability act (HIPPA)

Answer 24

the privacy provisions of this 1996 act give individuals the right to access health data created by doctors and other healthcare providers. this also sets rules and limits on who can read and receive a person’s health information

Question 25

smart cards

Answer 25

plastic cards similar to credit cards that have microchips which holds much more data than a magnetic strip is loaded with identifying data and normally requires a pin

Question 26

personal identification number (PIN)

Answer 26

a form of authentication action whereby the user supplies a number that only he or she knows

Question 27

biometric authentication

Answer 27

the use of personal physical characteristics such as fingerprints facial features and retinal scans to authenticate users

Question 28

encryption

Answer 28

the process of transforming clear text into coded unintelligible text for secure storage of communication

Question 29

encryption algorithms

Answer 29

these are used to transform clear text into coded unintelligible text for a secure storage or communication

Question 30

key

Answer 30

1) a column or group of columns that identifies a unique row in a table. also referred to as a primary key 2) a number used to encrypt data. the encryption algorithm applies the key to the original message to produce a coded message. decoding or decrypting a message is similar; a key is applied to the coded message to recover the original text

Question 31

symmetric encryption

Answer 31

an encryption method whereby the same key is used to encode and to decode the message

Question 32

asymmetric encryption

Answer 32

an encryption method whereby different keys are used to encode and decode the message; one key encodes the message and the other decodes the message

Question 33

public key encryption

Answer 33

a special version of asymmetric encryption that is popular on the internet. with this method,each site has a public key for encoding messages and a private key for decoding them

Question 34

https

Answer 34

an indication that a web browser is using the ssl/tls protocol to provide secure communication

Question 35

secure sockets layer (SSL)

Answer 35

a protocol that uses both asymmetric and symmetric encryption. when this is in use, the browser dress will begin with https://

Question 36

transport layer security (TLS)

Answer 36

the new name for a later version of secure sockets layer

Question 37

firewall

Answer 37

computing devices located between public and private networks that prevent unauthorized access to or from the internal network. this can be a special purpose computer or it can be a program on a general purpose computer or router

Question 38

perimeter firewall

Answer 38

a firewall that sits outside the organizational network it is the first device that internet traffic encounters

Question 39

internal firewalls

Answer 39

firewalls that sit inside the organizational network

Question 40

packet filtering firewall

Answer 40

a firewall that examines each packet and determines whether to let the packet pass. to make this decision it examines the source address the destinations addresses and other data

Question 41

malware

Answer 41

viruses, worms, trojan horses, spyware and adware

Question 42

virus

Answer 42

a computer program that replicates itself

Question 43

payload

Answer 43

the program codes of a virus that causes unwanted or hurtful actions such as deleting programs or data or even worse modifying data in ways that are undetected by the user

Question 44

worm

Answer 44

a virus that irrigates itself using the internet or some other computer network. worm code is written specifically to infect another computer as quickly as possible

Question 45

spyware

Answer 45

programs installed on the user’s computer without the user’s knowledge or permission that reside in the background and unknown to the user, observe the user’s actions and keystrokes, modify computer activity and report the user’s activities to sponsoring organizations. maliciously captures keystrokes to obtain usernames passwords account numbers and other sensitive information. other types are used for marketing analyses, observing what users do, websites visited, products examined and purchased and so forth

Question 46

key logger

Answer 46

malicious spyware that captures keystrokes without the user’s knowledge. used to steal usernames passwords account numbers and other sensitive data

Question 47

adware

Answer 47

programs installed on the user’s computer without the user’s knowledge or permission that reside in the background and unknown to the user, observe the user’s actions and keystrokes, modify computer activity and report the user’s activities to sponsoring organizations benign in that id does not perform malicious acts or steal data but it does watch user activity and produce pop up ads

Question 48

malware definitions

Answer 48

patterns that exist in malware code. anti-malware vendors update these continuously and incorporate them into their products in order to better fight against malware

Question 49

SQL injection attack

Answer 49

the situation that occurs when user obtains unauthorized access to data by entering a SQL statement in a form in which one is supposed to enter a name or other data. if the or gram is improperly designed it will accept this statement and make it part of the SQL command that it issues to the DBMS

Question 50

data safeguards

Answer 50

measures used to protect databases and other data assets from threats. includes data rights and responsibilities, encryptions, backup and recovery and physical security

Question 51

data administration

Answer 51

an organization wide function that develops and enforces data policies and standards

Question 52

key escrow

Answer 52

a control procedure whereby a trusted party is given a copy of a key used to encrypt database data

Question 53

human safeguards

Answer 53

steps taken to protect against security threats by establishing appropriate procedures for users to follow during system use

Question 54

hardening

Answer 54

a term used to describe server operating systems that have been modified to make it especially difficult for them to be infiltrated by malware

Question 55

honeypots

Answer 55

false targets for computer criminals to attack. to an intruder, a honeypot looks like a particularly valuable resource, such as an unprotected web site, but in actuality the only site content is a program that determines the attackers IP address

Question 56

PRISM

Answer 56

codename for a secret global surveillance program run by the nation security agency

Question 57

freedom

Answer 57

the freedom from being observed by other people

Question 58

security

Answer 58

the state of being free from danger

Question 59

chief information officer (CIO)

Answer 59

the title of the principle manager of the IS department. over common titles are vice president of information services, director of information services and less commonly, director of computer services

Question 60

chief technology officer (CTO)

Answer 60

the title of the head of the tech group. they filter new ideas and products to identify those that are most relevant to the organization. their job requires deep knowledge of info tech and the ability to envision how new IT could affect an organization over time

Question 61

chief security officer (CSO)

Answer 61

the title of the person who manages security for all of the organization’s assets; physical plant and equipment, employees, intellectual property and digital

Question 62

chief information security officer (CISO)

Answer 62

the title of the person who manages security for the organization’s information systems and information

Question 63

steering committee

Answer 63

a group of senior managers from a company’s major business functions that works with the CIO tis et the IS priorities and decide among major IS projects and alternatives

Question 64

outsourcing

Answer 64

the process of hiring another organization to performa service. this is done to save costs to gain expertise and to free up management time

Question 65

green computing

Answer 65

environmentally conscious computing consisting of three major components; power management, virtualization and e-waste management

Question 66

application

Answer 66

synonym for application software

Question 67

business analyst

Answer 67

1) a person who understands business strategies, goals and objectives and who help businesses develop and manage business processes and information systems 2) someone who is well versed in porter’s models, organizational strategy, and systems alignment theory like COBIT and who also understands tech sufficiently well to communicate with developers

Question 68

system analyst

Answer 68

IS professionals who understand both business and technology. they are active throughout the systems development process and play a key role in moving the project from conception to conversion and ultimately maintenance. they integrate the work of the programmers, testers and users

Question 69

business process

Answer 69

1) a network of activities that generate value by transforming inputs into outputs (2) a network of activities, repositories, roles, resources and flows that interact to achieve some business function

Question 70

roles

Answer 70

in a business process, collections of activities

Question 71

resources

Answer 71

people or information system applications that are assigned to roles in business processes

Question 72

control flow

Answer 72

a BPMN symbol that documents the flow of activity in a business process

Question 73

data flow

Answer 73

a BPMN symbol that documents the movement of data among activities and repositories in a business process

Question 74

business process management (BPM)

Answer 74

a cyclical process for systematically creating, assessing and altering business processes

Question 75

as-is model

Answer 75

a model that represents the current situation and processes

Question 76

COBIT

Answer 76

a set of standard practices created by the information systems audit and control association that are used in the assessment stage of the BPM cycle to determine how well an information system complies with an organizations strategy

Question 77

object management group (OMG)

Answer 77

a software industry standards organization that created a standard set of terms and graphical notations for documenting business processes

Question 78

business processing modeling notation (BPMN)

Answer 78

standard set of terms and graphical notations for documenting business processes

Question 79

swim lane layout

Answer 79

a process diagram layout similar to swim lanes in a pool; each role in the process is shown in its own horizontal rectangle or lane; there are 5 roles hence 5 swim lanes

Question 80

systems development life cycle (SDLC)

Answer 80

the classical process used to develop information systems. the basic tasks of systems development are combined into the following phases; system definition, requirements analysis, component design, implementation and system maintenance (fix or enhance)

Question 81

requirements analysis

Answer 81

the second phase in the SDLC in which developers conduct user interviews, evaluate existing systems, determine new forms/reports/queries, identify new features and functions including security and create the data model

Question 82

cost feasibility

Answer 82

an assessment of the cost of information system development project that compares estimated costs to the available budget

Question 83

schedule feasibility

Answer 83

whether an information system can be developed within the time available

Question 84

technical feasibility

Answer 84

whether existing information technology will be able to meet the requirements of a new information system

Question 85

organizational feasibility

Answer 85

whether an information system fits within an organization’s customer culture and legal requirements

Question 86

implementation

Answer 86

in the context of the systems development life cycle, the phase following the design phase consisting of tasks to build, test and convert users to the new system

Question 87

test plan

Answer 87

groups of action and usage sequences for validation the capability of new using software

Question 88

system conversion

Answer 88

the process of converting business activity from the old system to the new

Question 89

pilot installation

Answer 89

a type of system conversion in which the organization implements the entire system on a limited portion of the business. the advantage of this is that if the system fails the failure is contained within a limited boundary. this reduces exposure of the business and also protects the new system from developing a negative reputation throughout the organizations

Question 90

phased installation

Answer 90

a type of system conversion in which the new system is installed in pieces across the organization. once a given piece works then the organization installs and tests another piece of the system until the entire system has been installed

Question 91

parallel installation

Answer 91

a type of system conversion in which the new system runs in parallel with the old one and the results of the two are reconciled for consistency. this is expensive because the organization incurs the costs of running both systems but is the safest form of installation

Question 92

plunge installation

Answer 92

a type of system cohesion in which the organization shuts off the old system and starts the new system. if the new system fails the organization is in trouble. nothing can be done until either the new system is fixed or the old system is reinstalled. because of the risk organizations should avoid this conversion style if possible. it is sometimes called direct installation

Question 93

maintenance

Answer 93

to fix the systems to do what it was supposed to do in the first place or to adapt the system to a change in requirements

Question 94

deliverables

Answer 94

work products that are the result of the completion of tasks in a development project

Question 95

work breakdown structure (WBS)

Answer 95

a hierarchy of the tasks required to complete a project for a large project, it might involve hundreds of thousands of tasks

Question 96

gantt chart

Answer 96

a timeline graphical chart that shows task dates dependencies and possibly resources

Question 97

critical path

Answer 97

the sequence of activities that determine the earliest date by which the project can be completed

Question 98

critical path analysis

Answer 98

the process by which project managers compress a schedule by moving resources typically people from non critical path tasks to critical path tasks

Question 99

trade off

Answer 99

in the project management, a balancing of three critical factors; requirements cost and time

Question 100

diseconomies of scale

Answer 100

a principle that states as development teams become larger, the average contribution per worker decreases

Question 101

brook’s law

Answer 101

the famous adage that states; adding more people to a late project makes the project later.

Question 102

work breakdown structure (WBS)

Answer 102

a hierarchy of the tasks required to complete a project; for a large project it might involve hundreds of thousands of tasks

Question 103

configuration control

Answer 103

a set of management policies practices and tools that developers se to maintain control over the project’s resources

Question 104

waterfall method

Answer 104

the assumption that one phase of the SDLC can be completed in its entirety and the project can progress without any backtracking to the next phase of the SDLC. projects seldom are that simple; backtracking is normally required

Question 105

agile development

Answer 105

an adaptive project management process that can be used for the management of many types of projects; it apples the development of information systems

Question 106

just in time design

Answer 106

data delivered tot he user at the time it is needed

Question 107

paired programming

Answer 107

the situation in which two computer programmers share the same computer and develop a computer program together

Question 108

stand up

Answer 108

15 minute meeting in which each team member states what they have done in the past day, what they will do in the coming day and any factors that are blocking his or her progress

Question 109

velocity

Answer 109

in scrum, the total number of points of work that a team can accomplish in each scrum period