Information Technology Flashcards
Electronic Commerce (Value-Added Network) (VAN)
Network that allows one computer to initiate an action on another
Electronic Data Interchange (EDI) - E-Commerce
1) Extranets established as VANs to communicate between suppliers and customers
2) Can use internet instead o VANs
3) Special considerations:
- Strict standards for form of data
- Translation software needed to convert data between EDI stadard and internal processing (mapping is process of IDing which field on transmitted form to fields on internal form)
- Unauthorized access (encryption and firewall)
Advantages of EDI
1) No human intervention
2) More efficient
3) Eliminates gaps and shortens business cycles (ie. automatically ordering supplies)
4) Payments made/received authomatically
Risks of E-Commerce (Elements)
1) Confidentiality
2) Integrity - unauthorized alteration/deletion of data
3) Availability
4) Authentication and nonrepudiation - parties prove identities and confirmation of transaction
5) Power shift to customers
Risks of E-Commerce and Controls
1) Improper use of information
- Security architecture for e-commerce
- Firewalls
- Unique and positive ID process
2) Risk of improper distribution of transactions:
- Routing verification procedures
- Message acknowledgements
3) Spoofing:
- Echo transmissions
- Digital signatures
Networks and Control Risk
1) Limit network access:
- Read only & read/write
2) Viruses (worm, hoax virus, phishing)
- Antivirus
3) Unauthorized access:
- Firewalls (network and application)
Data Structure
1) Bits (binary digits)
2) Byte = 8 bits
3) Character - group of bytes
4) Field - group of characters
5) Record - group of fields
- Primary and secondary keys to ID record
6) File - group of records
7) Database - group of files
Database Management System (DBMS)
1) Software system that controls organization, storage, and retrieval of data in a database
2) Consists of software and database
- Should be independent of each other (don’t have to use same program and can restrict access)
Big Data
Set of data so large that can only be managed using numerous computers running parallel software simultaneously
Data Mining
Analysis of data in database to look for trends or anomalies
Data Normalization (DBMS)
Process of organizing database for minimum redundancy
Organizations of an IT Environment (Systems Development and Maintenance)
1) Systems analyst - designs information system using system flowcharts
2) Application programmer - writes, tests, and debugs system programs
3) Database admin - responsible for security and information classification of shared data
Systems Development Life Cycle (SDLC)
Used to plan, design, develop, test, and implement an application system or major modification
Operations of an IT Function
1) Data control clerk
2) Computer operator - operates computer in a datacenter and performs related activities
3) Librarians - responsible for safeguarding and maintenance of all program and data files
Controls (General)
Overall computer environment/Segregation of Duties
1) Personnel policies:
- Systems = Development & Maintenance (analysts, application programmer, database admins) AUTHORIZATION
- Operations = input (data entry/computer operator) RECORDING and output (control clerk/librarian) CUSTODY
2) File security:
- Backup/planned downtime controls (grandfather/father/son retention system, checkpoint backup)
- Lock out (timed and concurrent update control)
- Read-only
3) Contingency planning - business continuity/disaster recovery (hot/cold site/mirrored web server)
4) Computer facilities - fire/insurance
5) Access controls (passwords, cybersecurity)
Controls (Application)
- Specific Program Controls
- Preventative controls (fraud & error)
- Detective controls and automated controls
- User controls & corrective controls
1) Input:
- Check digit (inputted correctly)
- Validity check
- Edit test (i.e. #s not letters)
- Limit test
- Financial total (vs manual control totals)
- Record counts (vs manual control totals)
- Hash = meaningless total (adding record numbers) (vs manual control totals)
- Non financial totals (vs manual control totals)
2) Processing:
- System & software documentation
- Error-checking compiler
- Test data
- System testing (programs within system are interacting correctly)
- User Acceptance testing
3) Output - Accurate:
- Detect errors and output only to authorized persons
Extensible Business Reporting Language (XBRL)
1) Computer-readable identifying tags for each individual item of data
2) Eliminates costs of manual data comparison and reduces errors when generating reports
3) SEC mandated all public companies file F/S in XBRL
