Information Technology Flashcards
Electronic Commerce (Value-Added Network) (VAN)
Network that allows one computer to initiate an action on another
Electronic Data Interchange (EDI) - E-Commerce
1) Extranets established as VANs to communicate between suppliers and customers
2) Can use internet instead o VANs
3) Special considerations:
- Strict standards for form of data
- Translation software needed to convert data between EDI stadard and internal processing (mapping is process of IDing which field on transmitted form to fields on internal form)
- Unauthorized access (encryption and firewall)
Advantages of EDI
1) No human intervention
2) More efficient
3) Eliminates gaps and shortens business cycles (ie. automatically ordering supplies)
4) Payments made/received authomatically
Risks of E-Commerce (Elements)
1) Confidentiality
2) Integrity - unauthorized alteration/deletion of data
3) Availability
4) Authentication and nonrepudiation - parties prove identities and confirmation of transaction
5) Power shift to customers
Risks of E-Commerce and Controls
1) Improper use of information
- Security architecture for e-commerce
- Firewalls
- Unique and positive ID process
2) Risk of improper distribution of transactions:
- Routing verification procedures
- Message acknowledgements
3) Spoofing:
- Echo transmissions
- Digital signatures
Networks and Control Risk
1) Limit network access:
- Read only & read/write
2) Viruses (worm, hoax virus, phishing)
- Antivirus
3) Unauthorized access:
- Firewalls (network and application)
Data Structure
1) Bits (binary digits)
2) Byte = 8 bits
3) Character - group of bytes
4) Field - group of characters
5) Record - group of fields
- Primary and secondary keys to ID record
6) File - group of records
7) Database - group of files
Database Management System (DBMS)
1) Software system that controls organization, storage, and retrieval of data in a database
2) Consists of software and database
- Should be independent of each other (don’t have to use same program and can restrict access)
Big Data
Set of data so large that can only be managed using numerous computers running parallel software simultaneously
Data Mining
Analysis of data in database to look for trends or anomalies
Data Normalization (DBMS)
Process of organizing database for minimum redundancy
Organizations of an IT Environment (Systems Development and Maintenance)
1) Systems analyst - designs information system using system flowcharts
2) Application programmer - writes, tests, and debugs system programs
3) Database admin - responsible for security and information classification of shared data
Systems Development Life Cycle (SDLC)
Used to plan, design, develop, test, and implement an application system or major modification
Operations of an IT Function
1) Data control clerk
2) Computer operator - operates computer in a datacenter and performs related activities
3) Librarians - responsible for safeguarding and maintenance of all program and data files
Controls (General)
Overall computer environment/Segregation of Duties
1) Personnel policies:
- Systems = Development & Maintenance (analysts, application programmer, database admins) AUTHORIZATION
- Operations = input (data entry/computer operator) RECORDING and output (control clerk/librarian) CUSTODY
2) File security:
- Backup/planned downtime controls (grandfather/father/son retention system, checkpoint backup)
- Lock out (timed and concurrent update control)
- Read-only
3) Contingency planning - business continuity/disaster recovery (hot/cold site/mirrored web server)
4) Computer facilities - fire/insurance
5) Access controls (passwords, cybersecurity)
