Information Systems and Data Management

Question 1

What is in the IT Infrastructure

Answer 1

Operating systems
Servers
Network Infrastructure
End-user devices

Question 2

Operating Systems (OS)

Answer 2

A software that manages computer
hardware and provides services for computer programs. It
acts as an intermediary between the computer hardware and
the computer user, making it possible for software applications to function.

Question 3

Examples of Operating Systems (OS)

Answer 3

● Windows 10
● macOS Big Sur
● Linux distributions such as Ubuntu
● Mobile OSs like Android and iOS

Question 4

Servers

Answer 4

Are computers designed to process requests and deliver data to another computer over the internet or a local network. They’re the backbone of any IT infrastructure, providing centralized data storage, processing, and management.

Question 5

Examples of Servers

Answer 5

● Web Servers: Host websites. E.g., Apache or Nginx.
● Database Servers: Store and manage databases. E.g.,
MySQL, PostgreSQL.
● File Servers: Store and manage files within a network.
E.g., Network Attached Storage (NAS) devices.
● Mail Servers: Manage and store emails. E.g., Microsoft
Exchange.

Question 6

Network Infrastructure

Answer 6

Consists of the hardware and software
components used to connect computers and devices to communicate and share resources. It ensures the integrity and security of data transmission.

Question 7

Examples of Network Infrastructure

Answer 7

Switches: Devices that connect devices within a network, operating at the data link layer. E.g., Cisco Catalyst switches.
● Routers: Devices that connect different networks together, directing data traffic. E.g., Netgear routers.
● Firewalls: Devices or software that monitor and control incoming and outgoing network traffic, establishing a barrier between a trusted and an untrusted network. E.g., Fortinet firewalls.
● Wireless Access Points: Devices that allow wireless devices to connect to the wired network. E.g., Ubiquiti UniFi APs.

Question 8

End-user Devices

Answer 8

Are the devices that end-users employ to access, input, and interact with data. They’re the primary interface between users and the IT infrastructure.

Question 9

Examples of End-user Devices

Answer 9

● Desktops: Workstation computers like the Dell OptiPlex series.
● Laptops: Portable computers like Apple’s MacBook Pro or Lenovo’s ThinkPad.
● Tablets: Touchscreen devices such as the Apple iPad or Samsung Galaxy Tab.
● Smartphones: Mobile phones with advanced capabilities like the iPhone or Google Pixel.
● Thin clients: Lightweight computers that rely on a server for the heavy lifting, often used in centralized IT environments.

Question 10

Cloud Computing

Answer 10

Refers to the on-demand delivery of computing resources over the internet, often on a pay-as-you-go basis. Instead of owning and maintaining physical servers, businesses
can rent access to a range of services from a cloud service provider. This can lead to cost savings, increased scalability, and flexibility.

Question 11

List the Cloud Computing Models

Answer 11

Infrastructure as a Service (IaaS)
Platform as a Service (PaaS)
Software as a Service (SaaS)

Question 12

Infrastructure as a Service (IaaS)

Answer 12

Provides users with virtualized computing
resources over the internet. IaaS is like renting space on a physical server or renting that server itself. Users get the raw infrastructure and have to manage the OS, applications, and data.

Question 13

Examples of Infrastructure as a Service (IaaS)

Answer 13

● Amazon EC2 (Elastic Compute Cloud)
● Google Compute Engine
● Microsoft Azure VMs

Question 14

Platform as a Service (PaaS)

Answer 14

Provides users with a platform and environment to directly develop, run, and manage applications without dealing with the complexity of building and maintaining the infrastructure.

Question 15

Examples of Platform as a Service (PaaS)

Answer 15

● Google App Engine
● Microsoft Azure App Service
● Heroku

Question 16

Software as a Service (SaaS)

Answer 16

Delivers software applications over the internet, on-demand, and typically on a subscription basis. Users access the software through a web browser.

Question 17

Examples of Software as a Service (SaaS)

Answer 17

● Google Workspace (formerly G Suite)
● Microsoft 365
● Salesforce
● Dropbox

Question 18

Deployment Models

Answer 18

Public Cloud
Private Cloud
Hybrid Cloud

Question 19

Public Cloud

Answer 19

Owned and managed by third-party cloud
service providers, which deliver computing resources such as servers and storage over the internet. Multiple users or tenants share the same infrastructure pool.

Question 20

Benefits of a Public Cloud

Answer 20

Economies of scale
reduced costs
easy scalability

Question 21

Examples of a Public Cloud

Answer 21

Amazon Web Services (AWS)
Google
Cloud Platform (GCP)
Microsoft Azure.

Question 22

Private Cloud

Answer 22

Used exclusively by a single organization.
It can be hosted on-premises or by a third party, but the infrastructure is not shared.

Question 23

Benefits of a Private Cloud

Answer 23

Greater control and security
data sovereignty
customization

Question 24

Examples of a Private Cloud

Answer 24

VMware vCloud
OpenStack.

Question 25

Hybrid Cloud

Answer 25

Combines public and private clouds,
allowing data and applications to be shared between them. Organizations can move workloads as needs and costs change, harnessing greater flexibility and more
deployment options.

Question 26

Benefits of a Hybrid Cloud

Answer 26

Flexibility
scalability
security
cost-efficiency

Question 27

Examples of a Hybrid Cloud

Answer 27

Using AWS and on-premises data centers
together, or Azure with a private cloud setup.

Question 28

What is the availability formula?

Answer 28

(Agreed Service Time- Downtime/Agreed Service Time) x 100

Question 29

What are the backup types?

Answer 29

Full Backup
Incremental Backup
Differential Backup

Question 30

Steps to Detect Deficiencies

Answer 30

1. Review Documentation
2. Conduct Interviews
3. Test Controls
4. Monitor System Performance Metrics
5. Examine Incident Logs
6. Compare Against Benchmarks

Question 31

What is the role of Cloud Service Providers? (CSPs)

Answer 31

CSPs offer cloud computing services that allow businesses to access and use computing resources over the internet on a pay-as-you-go or subscription basis.

Question 32

What are the key responsibilities of CSPs?
Remember IPSSSSTII “I Put So So So So Much Transparency In Integration”

Answer 32

Infrastructure Maintenance
Platform & Software Updates
Security & Compliance
Service Availability & Reliability
Scalability & Performance Optimization
Support & Customer Service
Transparent Billing & Cost Management
Integration & Compatibility
Innovation & Feature Development

Question 33

What is COSO Internal Control - Integrated Framework (ICIF)?

Answer 33

The ICIF emphasizes effective internal controls within an organization. With the shift towards cloud computing, businesses need to ensure that their internal controls extend to the cloud environment.

Question 34

How does COSO Internal Control-Integrated Framework apply? (ICIF)

Answer 34

1. Control Environment: This relates to the organization’s stance on governance and risk management.
2. Risk Assessment: Cloud computing introduces new risks, like potential data breaches or loss of data.
3. Control Activities: With cloud computing, control activities could involve ensuring the proper configuration of cloud services.
4. Information & Communication: Communication is vital when using cloud services.
5. Monitoring: Organizations must continuously monitor cloud services to ensure they adhere to the set internal controls.

Question 35

What is the COSO Enterprise Risk Management (ERM) Framework?

Answer 35

The ERM framework deals more with identifying and responding to risks in a strategic context.

In terms of cloud computing:
1. Governance and Culture
2. Strategy and Objective-Setting
3. Performance
4. Review and Revision
5. Information, Communication, and Reporting.

Question 36

Sections in Availability

Answer 36

1. Business Reiliency, Distaster Recovery ,Business Continuity Plan
2. Objective of mirroring & Replication
3. Steps in a business impact analysis
4. Measures of sytems availabilty
5. Appropiatness of organizations data backup
6. Detecting deficencies in controls related to availability using the TSC

Question 37

Business Resiliency

Answer 37

Strategies to ensure a organization can continue operations during & after a disruptive event

Purpose- Make possible to rebound quickly or continue operations during challenges.

Sets up measures to be proactive, reactive, and adaptive