IT Flashcards
Describe the implementation step of the systems development lifecycle (SDCLC) process.
Stage 6 of the systems development lifecycle (SDLC) process. Before the new system is moved into production, existing data must be often be converted to the new system format and users must be trained on the new system; implementation of the new system may occur in one of four ways.
Describe the phased implementation method for new systems.
Implementation of a new system where the system is divided into modules that are brought online one or two at a time.
Describe the design step of the systems development lifecycle (SDCLC) process.
Stage 3 of the systems development lifecycle (SDLC) process. In the design phase, the technical specifications of the system are established; the design specification has two primary components: Technical architecture specification, creation of a systems model.
Define “application programmers”.
The team of programmers who, under direction of the lead analyst are responsible for writing and testing the program.
Describe the pilot implementation method for new systems.
Implementation of a new system similar to phased implementation, except rather than dividing the system into modules, the users are divided into smaller groups and are trained on the new system one group at a time.
Define “end user”.
In relation to systems development, the employees who will use the program to accomplish their tasks. Responsible for identifying the problem to be addressed and approving the proposed solution to the problem.
Describe the testing step of the systems development lifecycle (SDCLC) process.
Stage 5 of the systems development lifecycle (SDLC) process. The system is evaluated to determine whether it meets the specifications identified in the requirements definition.
Describe the composition of the information technology steering committee.
Members of the committee are selected from functional areas across the organization, including the IT department; the committee’s principal duty is to approve and prioritize systems proposals for development.
Define “lead systems analyst”.
The manager of the programming team: Usually responsible for all direct contact with the end user; Often responsible for developing the overall programming logic and functionality.
Describe the “cold turkey” (also called the “plunge” or “big bang”) implementation method for new systems.
Implementation of a new system where the old system is dropped and the new system put in place all at once.
Describe the development step of the systems development lifecycle (SDCLC) process.
Stage 4 of the systems development lifecycle (SDLC) process. During this phase, programmers use the systems design specifications to develop the program and data files.
Describe the parallel implementation method for new systems.
Implementation of a new systems where the new system and the old system are run concurrently until it is clear that the new system is working properly.
Describe the planning and feasibility study step of the systems development lifecycle (SDCLC) process.
Stage 1 of the systems development lifecycle (SDLC) process. When an application proposal is submitted for consideration, it is evaluated from three respects: Technical, Economic, and Operational feasibility.
Describe the analysis step of the systems development lifecycle (SDCLC) process.
Stage 2 of the systems development lifecycle (SDLC) process. During this phase the systems analysts work with end users to understand the business process and document the requirements of the system; the collaboration of IT personnel and end users to define the system is known as joint application development (JAD).
Describe the maintenance step of the systems development lifecycle (SDCLC) process.
Stage 7 of the systems development lifecycle (SDLC) process. Monitoring the system to ensure that it is working properly and updating the programs and/or procedures to reflect changing needs and requirements.
What are three important goals of input controls?
Validity, completeness, accuracy.
What purpose do check digit tests serve in accounting systems?
Ensures that validity of a number. Created by applying an arithmetic algorithm to the digits of a number, for example, a customer’s account number. The algorithm yields a single digit that is appended to the end of the code.
How does a reasonableness check (also called a logic test) improve data input?
Checks to see that data in two or more fields is consistent. For example, a Rate of Pay value of “$3,500” and a Pay Period value of “Hourly” may both be valid values for the fields when the fields are viewed independently. However, the combination (an hourly pay rate of $3,500) is not valid
How does closed loop verification improve data input?
This helps ensure that a valid and correct entry has been made. For example, after a customer’s account code is entered, the system looks up and displays additional information about the selected customer. For example, the system might display the customer’s name and address.
How do preprinted forms and preformatted screens improve data input?
They reduce the likelihood of data entry errors by organizing input data in a logical manner. When the position and alignment of data fields on an entry screens matches the organization of the fields on a source document, data entry is faster andmore accurate.
Why are input controls more important than processing and output controls?
Garbage in, garbage out (GIGO), if bad data enters the systems nothing good will come out of it.
Define “automated data capture.”
Use of automated equipment, such as bar code scanners, to reduce the amount of manual data entry . Reducing human involvement reduces the number of errors in the system.
How does a sequence check improve data input?
Verifies that all items in a numerical sequence (check numbers, invoice numbers, etc.) are present. It is a common control for assessing record completeness.
Define “default values.”
Pre-supplied data values for a field when that value can be reasonably predicted. For example, when entering sales data, the sales order date is usually the current date;. Fields using default values generate fewer errors than other fields.
Describe “spooling (print queue) controls.”
Jobs sent to a printer that cannot be printed immediately are spooled—stored temporarily on disk—while waiting to be printed. Access to this temporary storage is controlled to prevent unauthorized access to printed files.
What purpose do run-to-run controls serve?
These counts to monitor the number of units in a batch as it moves from one programmed procedure (run) to another. Totals of processed transactions are reconciled to batch totals - a difference indicates an error.
Define “hardware controls.”
Controls built into the computer equipment to ensure that data is transmitted and processed accurately.
Define “parity check (parity bit).”
An example of a check digit. A 0 or 1 included in a byte of information which makes the sum of bits either odd or even.
What are processing controls?
Controls to ensure that master file updates are completed accurately and completely and to detect unauthorized transactions entered into the system and maintain processing integrity.
What is boundary protection in an accounting system?
When multiple programs and/or users are running simultaneously and sharing the same resource (usually the primary memory of a CPU), boundary protection protects program instructions and data from one program from being overwritten by program instructions and/or data from another program.
What purpose do output controls serve?
These controls ensure that computer reports are accurate and distributed as authorized.
What is an electronic audit trail?
Transactions are written to a transaction log as they are processed. The transaction logs are an electronic audit trail.
Define “diagnostic routines.”
Program utilities that check the internal operations of hardware components.
Define “supply chain management (SCM).”
The process of planning, implementing, and controlling the operations of the supply chain: the process of transforming raw materials into a finished product and delivering that product to the consumer. Supply chain management incorporates all activities from the purchase and storage of raw materials, through the production process, into finished goods through to the point-of-consumption.
What are customer relationship management (CRM) systems?
Technologies that facilitate managing e-relationships with clients. Both biographic and transaction information about existing and potential customers is collected and stored in a database. The CRM provides tools to analyze the information and develop personalized marketing plans for individual customers.
Define “electronic wallets.”
Software programs that allow the user to manage credit cards, user names, passwords, and address information in an easy-to-use, centralized location (e.g., RoboForm).
Define “electronic funds transfer (EFT).”
A technology for transferring money from one bank account directly to another without the use of paper money or checks. Reduces the time and expense required to process checks and credit transactions.
Define “electronic data interchange (EDI).”
The system-to-system exchange of business data (e.g., purchase orders, confirmations, invoices, etc.) in structured formats that allow direct processing of the data by the receiving system.
Define “token-based payment systems.”
Electronic cash, smart cards (cash cards), and online payment systems (e.g., PayPal); similar to electronic fund transfer (EFT), but governed by different laws.
Define “knowledge base (or knowledgebase)”.
A component of a knowledge management system. A special type of database designed for retrieval of knowledge. It provides the means to collect and organize the information and develop relationships among information components.
Describe a flat file system.
Early information technology systems used flat file technology. Flat files are characterized by independent programs and data sets, high degrees of data redundancy, and difficulty in achieving cross functional reporting.
Define “data mart”.
A specialized version of a data warehouse that contains data that is pre-configured to meet the needs of specific departments. Companies often support multiple data marts within their organization.
Define “expert system (knowledge-based system)”.
A computer program that contains subject-specific knowledge derived from experts. The system consists of a set of rules that are used to analyze information provided by the user of the system. Based on the information provided, the system recommends a course of action.
Describe the concept of knowledge management (KM)
Attempts to ensure that the right information is available at the right time to the right user. A variety of practices attempt to electronically capture and disseminate information throughout the organization. Knowledge management practices seek specific outcomes, including shared intelligence, improved performance, competitive advantage, and more innovation.
Define “slicing and dicing” as it relates to data warehouses.
The ability to view a single data item in multiple dimensions; for example, the sale of VCRs might be viewed by product, by region, by time period, by company, etc.
Identify five risks of user-developed systems.
- Not integrated with existing systems, 2. Inadequate testing and documentation, 3. Poor data input controls, 4. Poor system design, 5. Management may rely on these systems without knowing their risks.
Identify three characteristics of the small business computing environment.
- Exclusive use of microcomputers and laptops (e.g., there may be no servers), 2. Outsourced IT, 3.poor segregation of duties.
Identify items that should be included in user training in mobile applications.
Organizational policies, password maintenance and protection, when and how to use mobile devices, procedures for lost or stolen devices.
Define “operating system.”
The interface between the user and the computer hardware.
Define “file.”
A collection of records for one specific entity (an Invoice File, a Customer File, a Product File). In a relational database environment, files are also known as tables.
Define “systems software.”
The programs that run the computer and support system management operations.
Define “byte.”
A group of (usually) eight bits that are used to represent alphabetic and numeric characters and other symbols (3, g, X, ?, etc.). Several coding systems are used to assign specific bytes to characters. ASCII and EBCIDIC are the two most commonly used coding systems. Each system defines the sequence of zeros and ones that represent each character.
Define “field.”
A group of characters (bytes) that identify a characteristic of an entity. A data value is a specific value found in a field. Fields can consist of a single character (Y, N) but usually consist of a group of characters. Each field is defined as a specific data type. Date, Text and Number are common data types.
Define a “bit” (binary digit).
An individual zero or one; the smallest piece of information that can be represented.
Define “application software.”
The diverse group of end-user programs that accomplish specific user objectives. Can be general purpose (word processors, spreadsheets, databases) or custom-developed for a specific application (ex.: a marketing information system for a clothing designer). May be purchased “off the shelf” or developed internally.
Define “record.”
A group of related fields (or attributes) that describe an individual instance of an entity (a specific invoice, a particular customer, an individual product).
Define “programming languages.”
All software is created using programming languages. They consist of sets of instructions and a syntax that determine how the instructions can be put together.
Define “transaction files.”
Computerized data files equivalent to the journals found in a manual accounting system.
Define “master files.”
Computerized data files equivalent to the ledgers found in manual accounting system.
What are “time lags” in batch processing systems?
This is an inherent part of batch processing. There is always a time delay between the time the transaction occurs, the time that the transaction is recorded, and the time that the master file is updated.
What are subsidiary ledgers (sub-ledgers)?
These ledgers classify transactions by alternative accounts (e.g., customer accounts, vendor accounts, product accounts).
What are distributed database systems?
Database is distributed across locations according to their needs (note the subtle reference to Karl Marx here. . .)
What are centralized systems?
Maintain all data and perform all data processing at a central location; remote users may access the centralized data files via a telecommunications channel, but all processing is centralized.
Define “Bluetooth.”
Wireless transmission medium. It uses the same radio frequencies as Wi-Fi, but with lower power consumption resulting in a weaker connection. It is used to provide a direct communications link between two devices (e.g., a cell phone and ear piece, computer and a printer).
What is a wide area network (WAN)?
These networks vary dramatically in geographic coverage. Most WANs are national or international in scope.
What is a “client” on a computer network?
A node, usually a microcomputer, which is used by end users; uses but usually does not supply network resources.
What is a “node”?
A device connected to a computer network.
Whant is a “peer-to-peer network”?
A network system in which all nodes share in communications management. No central controller (server) is required. These systems are relatively simple and inexpensive to implement; used by LANs.
What is a “local area networks (LAN)” ?
Originally confined to very limited geographic areas (a floor of a building, a building, or possibly a couple of buildings in very close proximity to each other). Inexpensive fiber optic cable now enables local area networks to extend many miles.
What is a “server”?
Computer or other device on a network which only provides resources to the network and is not available (normally) to individual users; examples include print servers, file servers, and communications servers. Contrast with a workstation
What is a “computer network”?
Two or more computing devices connected by a communication channel on which the devices exchange data.
What is a “client/server system”?
A central machine (the server) mediates communication on the network and grants access to network resources. Client machines use of network resources and also perform data processing functions; used by LANs.
Define “file server.”
In a local area network, a computer that provides centralized access to program and data files.
What is “File Transfer Protocol (FTP)”?
A protocol used for file transfer applications.
What is extensible business reporting language (XBRL)?
XML-based protocol for encoding and tagging business information. A means to consistently and efficiently identify the content of business and accounting information in electronic form.
Define “internet”.
A “network of networks:” a global network of millions of interconnected computers and computer networks.
Describe extranets.
Open to an organization’s associates (company suppliers, customers, business partners, etc.) to access data that is relevant to them.
Define “Transmission Control Protocol / Internet Protocol (TCP/IP)”.
The core protocol transmission of the internet.
What makes a computer language extensible?
Users can create taxonomies for specific environments, for example for the purpose of taxation reporting, environmental regulation reporting, or automobile manufacturing.
Describe intranets.
Available only to members of the organization (business, school, association); often used to connect geographically separate LANs within a company.
What is “instant messaging (IM)”?
A protocol for instant messaging.
What is extensible markup language (XML)?
Protocol for encoding (tagging) documents in machine-readable form.
Define “hypertext markup language (HTML)”.
Core “markup” language (a way of tagging text) for web pages. The basic building-block protocol for constructing webpages.
Define “remote backup service.”
A service that provides users with an online system for backing up and storing computer files. Remote backup has several advantages over traditional backup methodologies: the task of creating and maintaining backup files is removed from the IT department’s responsibilities; the backups are maintained off site; some services can operate continuously, backing up each transaction as it occurs.
Describe the checkpoint and restart backup and recovery system methodology.
Common to batch processing, a checkpoint is a point in data processing where the accuracy of the processing can be verified. Backups are maintained during the update process so that, if a problem is detected, it is only necessary to return to the backup at the previous checkpoint instead of returning to the beginning of transaction processing.
Define “grandfather-father-son file security control.”
A technique used to maintain redundant backup copies (three “generations”) of data files; backup files are used to recover from systems failures in which data files are damaged or destroyed.
Describe the rollback and recovery backup and recovery system methodology.
A backup and recovery system method that is common to online, real-time processing. All transactions are written to a transaction log when they are processed. Periodic “snapshots” are taken of the master file. when a problem is detected, the recovery manager program starts with the snapshot of the master file and reprocesses all transactions that have occurred since the snapshot was taken.
Define “storage area networks (SANs).”
A method of backup that can be used to replicate data from multiple sites. Data stored on a SAN is immediately available without the need to recover it. This enables highly efficient disaster recovery.
Define “mirroring.”
A method of backup consisting of the maintenance of an exact copy of a data set to provide multiple sources of the same information. Mirrored sites are most frequently used in e-commerce for load balancing - distributing excess demand from the primary site to the mirrored.
What are logical access controls?
Control electronic access to systems via internal and external networks.
Why does multi-factor authentication increase control?
All authentication techniques may fail. Requiring multi-factor authentication procedures—the use of several separate authentication procedures at one time (e.g., user name, password, one-time password and fingerprint) enhances the authentication process.
What is a firewall?
A firewall consists of hardware, or software, or both, that help detect security problems and enforce security policies on a computer system. Like a door with a lock for a computer system. There are multiple types, and levels, of firewalls.
Describe asymmetric encryption (also called public/private-key encryption and private-key encryption).
Uses two paired encryption algorithms to encrypt and decrypt the text: if the public key encrypts, the private key decrypts. If the private key encrypts, the public key decrypts.
Describe how digital certificates work.
Provides legally recognized electronic identification of the sender and verifies the integrity of message content. Based on public/private key technology (like the digital signature).
Describe symmetric encryption (also called single-key encryption or private-key encryption).
Uses a single algorithm to encrypt and decrypt. Sender uses the encryption algorithm to create the ciphertext and sends the encrypted text to the recipient. Sender tells recipient which algorithm was used to encrypt. The recipient uses the algorithm to decrypt. Common in data storage applications
Identify the two internet protocols that are typically used for secure Internet transmission protocols.
Sensitive data sent via the internet is usually secured by one of two encryption protocols: SSL (Secure Sockets Layer) or S-HTTP (Secure Hypertext Transport Protocol).
Define “ciphertext.”
Text that has been mathematically scrambled so that its meaning cannot be determined without the use of an algorithm and key.
Describe how digital signatures work.
Uses public/private key pair technology to provide authentication of the sender and verification of the content of the message.
Describe the use of secure electronic transactions (SET) protocols.
A protocol that is often used in credit card payments. Used by the merchant to securely transmit payment information and authenticate trading partner identity.
Define “packet sniffers”.
Programs called packet sniffers capture packets of data as they move across a computer network. Packet sniffing has legitimate uses to monitor network performance or troubleshoot problems with network communications. However, it is often used by hackers to capture user names and passwords, IP addresses, and other information that can help the hacker break into the network. Packet sniffing a computer network is similar to wire tapping a phone line.
Define “worm.”
Similar to viruses except that worms attempt to replicate themselves across multiple computer systems. They generally try to accomplish this by activating the system’s email client and sending multiple emails.
Define session hijacking or masquerading
This occurs when an attacker identifies an IP address (usually through packet sniffing) and then attempts to use it to access a network. If successful, the hacker has “hijacked” the session, i.e., gained access to the session by pretending to be another user.
What is a back door attack on a system?
A software program that allows an unauthorized user to gain access to the system by side-stepping the normal logon procedures;. Back doors were once commonly used by programmers to facilitate access to systems under development.
Define “denial of service attacks.”
An attack that attempts to prevent legitimate users from gaining access to the system. These attacks, called denial of service attacks, are perpetrated by flooding the server with incomplete access requests.
Define the four types of computer crime.
- Computer as target, 2. Computer as subject, 3. Computer as tool, 4. Computer as symbol.
What is a logic bomb attack on a system?
An unauthorized program which is planted in the system. The logic bomb lies dormant until the occurrence of a specified event or time (e.g., a specific date, the elimination of an employee from “active employee” status, etc.).
Define “Trojan horse”.
A malicious program that is hidden inside a seemingly benign file.
Define “virus.”
An unauthorized program, usually introduced through an email attachment, which copies itself to files in the users system. These programs may actively damage data, or they may be benign.
Define “password crackers.”
Password cracking software generates and tests a large number of potential passwords to try to access a system.
Define “malicious software (malware).”
Programs that exploit system and user vulnerabilities to gain access to the computer. There are many types of malware.
