S2 Flashcards
Cloud Service Providers (CSP)
Offer virtual computing power and expertise to other companies on managing IT infrastructure. CSPs may also offer other complementary services such as primary business functions in addition to computing services such as accounting, payroll or digital marketing.
Cloud computing: uses shared resources over the internet to rent storage space, access to applications and services on a real-time basis.
Business process improvements:
- robotic process automation (designed to perform simple, repetitive tasks that require little to no judgement)
- Natural language processing software (type of tech that focuses on human interacting with a device, through the use of spoken natural language).
- Neutral networks (a form of AI modeled after human neurons that are built for complex decision making)
- Shared services
- offshore operations
- outsourcing
Outsourcing risks:
1. potential decrease in quality
2. service quality
3. productivity
4. language skills
5. security
6. missing or insufficient qualifications of those being outsourced.
COSO enterprise risk management framework
-provides guidance for cloud service provider transitions.
More risk with less control. risk increases when going public from private.
Accounting information systems (AIS):
- solution that consists of transaction processing system (TPS), a financial reporting system (FRS), and a management reporting system (MRS).
TPS/FRS is a subsystem of an AIS.
The recording of transactions in an AIS through the TPS follows an order sequence of events that begins with entering data from source documents and ends with generating financial reports.
Transaction cycles:
- revenue and cash collection cycle (selling to a customer) – bill of lading, sales invoice
- treasury cycle (facilitates the movement of capital that is generated and spent in the other cycles so that cash is managed effectively).
- Purchasing and disbursement cycle (the process in the AIS that handles purchase requisitions, purchase orders, order receipts and accounts payable). – receiving report
- general ledger and reporting cycles (involves updating the general ledger using journal entries when economic events occur in the other cycles).
5 Production and fixed asset cycles (involves using goods procured to create a product and track its related costs, but it does not involve the process of purchasing or paying for those goods. bill of materials
Blockchain:
- developed to prevent Bitcoin from being replicated and to limit its initial creation so that there only a finite number of Bitcoins.
No centralized management overseeing its activity (decentralized) poses a potential threat since it could lead to a decreased level of accountability.
The immutability of blockchain can promote processing integrity.
To process high volume transactions on a blockchain: focus on preventative controls due to the volume and speed of transactions. reduces the need for manual review by a human. Combined with detective controls helps to minimize the likelihood of errors or failures.
Switch, server, router, firewall
Switch: Connects devices within a company’s network, does not protect a company’s IT resources.
Server: A machine that coordinates computers and applications within a network and execute commands in response to requests from those devices.
Router: like a switch, connects devices in a company’s network, but it performs higher functions such as assigning IP addresses.
Firewall: prevents unauthorized access as well as prevents employees from downloading malicious content. Filters network traffic security protocols.
Multi-tenant cloud service:
serve cloud customers using virtual common resources, so that multiple orgs share the same virtual infrastructure.
Business Continuity Plan (outlines the steps to return to partial/and/or full ops)
- Assess the key risks (Business Impact Analysis)
- identify mission-critical applications and data
- Develop a plan for handling these applications
- determine responsibilities for parties involved
- Test recovery plan
Disaster recovery plan (DRP)
- assessing risks
- identifying critical applications and data
- developing a plan to handle those applications and data
- Assigning personnel
- Testing the DRP
Storing duplicate files in an off-site location is a key component of DRP.
Change management
Updating, fixing or installing new/existing IT.
System and information access controls:
- Physical access control – restrict access through tangible methods such as locks, barricades, fences, badge, surveillance.
- Data encryption– secure transmission of information through channels or applications that convert readable text into unreadable text during transit. related to human intervention.
- Logical access–user-authentication control that verifies identity to approve access.
- System availability control — ensures equipment are not damaged by natural disasters
off-site locations
Hot sites have the essential hardware, data files and programs.
Warm sites have the necessary hardware, but backups must be delivered.
cold sites have all the electrical connections and other physical requirements but does not have the actual equipment.
Change management methodology:
Agile: To address shortfalls of the waterfall method. Has a more flexible approach that is distinguished by its used of functional teams that are dedicated to different functions and improvement initiatives focused on prioritizing customer’s needs.
Kaizen: Auto manufacturer method. It focuses more on continuous improvement through small improvements over time rather than short sprints.
Waterfall: no customer input and change can be difficult to manage. Meetings and testing are not frequent.
Critical path: project management that identifies the longest sequence of dependent events to determine the earliest TBD completion.
Patch Management
part of minimizing security threats and works in conjunction with vulnerability management solutions
to ensure updates are installed timely.
Conversion Methods:
Phased system: also called gradual or molecular system. Gradually adds volume to the new system while using the old one.
Pilot approach: company runs a test, within a non-production environment, on a small scale to test its feasibility prior to full implementation.
Direct changeover: when one system is turned off or abandoned, and the new system is turned on immediately after.
a parallel system: there the new and old system, are both fully operational simultaneously for a period of time.
Backups:
Incremental backup: only backup data that has changed since the last backup. New data and not historical data. Faster and consume less storage space then full back up.
Full backup: copy all newly generated data and all historical data.
Differential backup: captures new data each day and copy all previously generated data. Recovery is slower than full but faster than incremental
Data Life cycle:
- Preparation
- Publication (data is released to users v=for various purposes)
- Storage
- Archival (data is moved from active systems to passive systems to free up storage resources for active systems, enhance active systems performance and reduce security risks.)
- purging (te final stage where data is removed form the company’s storage systems )
- Definition (the first step of the data life cycle, where orgs define what data is needed and where to capture or retrieve such data.
- Synthesis ( bridging preparation and usage through the creation of calculated fields to prepare such data for quicker usage and analysis.)
Database design technique:
normalization: reduces data redundancy and eliminates undesirable characteristics like insertion, update, and deletion anomalies.
Normalization rules divide larger tables into smaller tables and link them using relationships . purpose is to eliminate repetition and reasonably assure data is stored logically.
Normalize data:
1. determine whether the data conforms to the 1NF, which will make sorting and filtering data easier. Each field must contain only one piece of info and each record in every table must be uniquely identified. None of the non-key attributes should depend on other non-key attributes, per 3NF.
2nd step: Conforming data by requiring all non-key attributes in the table to depend on the entire primary key. Conform the data to the 2NF
3rd step: determine whether each column in the table describes only the primary key, establishing that none of the non-key attributes depend on the other non-key attributes.
data storage:
- data lake: contains both structured and unstructured data.
data warehouse: large repository that is centralized and used for reporting and analysis. Can be sued for reporting, to create mats, etc.
Data marts: contain specific, focused data as a subset of a data warehouse, Data that is relevant to specific groups or departments.
operational data store (ODS): Repository of transactional from multiple sources and is often an interim area between a data source and a data warehouse. data sets are smaller and are frequently overwritten as transactions are modified, processed and reported.
Inner Join
uses only the matching (common) records.
Third Normal Form (3NF))
3NF: eliminate any attributes that depend on both the primary key and other non-key attributes. Meaning, attributes should not have transitive dependencies, where they rely on other non-key attributes in addition to the primary key. Eliminating transitive dependencies.
database schema
snowflake schema: dimension tables are broken down into multiple related tables rather than single table. More complex than the star schema since it requires more complex keys to link tables together. can be more flexible, as it allows for more detailed info to be stored about the dimensions.
flat model: generally considered the simplest type of database schema where the data is held in an individual table.
Star schema: most common schema for dimensional modeling , the simplest schema used for dimensional modeling. organized into a central fact table. Requires fewer keys to link tables together when compared to the snowflake schema.
hierarchical model: set of data with relationships whereas one piece of data may be considered a parent of numerous offspring pieces of data.
4 Benefits of relational databases:
- completeness
- No redundancy
- Business rule enforcement
- communication and Integration of business processes
