Technology in Investment - Chapter 8 Flashcards
What is chapter 8
Technology Infrastructure
What are the key responsibilities of the CIO/CTO
Manages all the staff in the division and sets the companies technology strategty
Who is the head of information technology or systems?
Chief Information Officers (CIO) or sometimes a Chief Technology Officer (CTO)
Who does the head of production report to?
Reports to the CIO
What is the head of testing responsible for?
Testing new software releases and implementing change control procedures
What is the key responsibility of the head of production support?
Responsible for the provision of all server and desktop facilities for the day to day running.
What is the role of a Data Base Administrators
Develop and enforce database standards, guidelines, operational polices ad procedures
Who reports to the head of production support?
Database administrators
Help desk analysts
Who does the head of development and implementation report to?
The Chief Information Officer (CIO)/(CTO)
What is the difference between a CTO and a CIO
Same role, different name.
Chief Information Officer
Chief Technology Officer
Who reports into the head of development and implemtation?
Business Analysts
Application designers
Prgrammers/Developers
Who does the head of testing report into ?
Reports to the CIO
What is the head of development and implementation responsible for?
Commissioning of new applications
Who does the head of change report into?
CIO or occasionally the Chief Operating Officer (COO)
Who reports into the head of testing?
Test analysts
What is the responsibility of the of the Head of Change
Managing major change programmes and projects
Who reports to that head of change?
Programme managers and project managers
Who does the head of business continuity and recovery report to?
Reports to the CIO
What is the client component of the Technology infrastructure
Where the users input data or view enquiries
What is the main responsibility of the head of business continuity and recovery?
Managing the firms business recovery plans
Who does the head of information security report to?
This individual reports to the CIO (duh)
What is the main responsibility of the head of information security?
Overall direction of all security functions associated with applications & data
What is a thin client
A application running on a browser
What is a fat client
A PC on which an application is downloaded on and used.
What is the Middleware/Real-Time Messaging Layer component of the Technology infrastructure
Software that distributes and obtains real-time data to and from other systems.
What is the Database component of the Technology infrastructure
Consists of an organized collection of data
What is a relational database?
Contains a number of tables and relationships. Basically an AG grid.
How are mission-critical applications usually deployed?
As distributed systems
How is a relational database interfaced?
With Structured Query Language (SQL)
How do distributed systems connect with one another?
Transmission lines
What is a distributed system?
A distributed system is a configuration which contains a number of hardware elements that are connected by some transmission technology. Such systems consist of a number of executing programs which interact with each other via transmission lines.
What is Data Replication?
Is the process of sharing information as to ensure consistency between resources
What are the three reasons for implementing a system in a distributed fashion
To ensure processing power is as close to the users as possible
To ensure high degree of robustness, for example, via the use of data replication
To enable hardware to be easily added
What are three reasons not to implement a system in a distributed fashion?
Predictability of performance
Keeping all the clocks in the system synchronized
System malfunctions can have wider system effects
What are the two ways data replication can be implemented?
Storing the same data on multiple storage devices or by executing the same task on multiple devices
Measuring performance & Managing risk - What is external fraud?
Theft of information, hacking damage, third party theft and forgery.
Measuring performance & Managing risk - What is internal fraud?
Misappropriation of assets, tax evasion, intentional mismarking of postions and bribery
Measuring performance & Managing risk - What is Employment practices and workplace safety
discrimination, workers, compensation, employee health and safety
Measuring performance & Managing risk - What are Business disruption and systems failures
utility disruptions, software failures and hardware failures
Measuring performance & Managing risk - What are Damage to physical assets
natural disasters, terrorism and vandalism
Measuring performance & Managing risk - What are Clients, products, and business practice
market manipulation, anti-trust, improper trade, product defects, fiduciary breaches and account churning
Measuring performance & Managing risk - What are Execution, delivery, and process management
Data entry errors, accounting errors, failed mandatory reporting and negligent loss of client assets
Generally, the governance of risk management of information technology can be divided into two categories…
- maintaining ‘business as usual’ activity, and
- introducing business change
Who is responsible for the maintenance of ‘Business as usual’
The operations side
Who is responsible for the maintenance of ‘Business change’
Business side
What is cyber security
protect computer systems’ hardware, software and data from:
* damage
* theft
* unauthorized use, and
disruption.
What are the two main criminal purposes of hacking are to?
Facilitate identity fraud and cyber espionage
What is identity fraud
Stealing personal information to gain access to data or a system
What is phishing?
Attempt to trick users into disclosing information
What is cyber espionage
Stealing valuable information about rival products or intellectual property
What is Malware?
Malicious software used to get illegal access to systems
What is spyware?
Software that gathers information about a person or organization without them knowing and sells it to a third party.
What is Ransomware?
Criminals blocking a system and not reopening until a fee is paid
What is a computer virus?
A software program that can copy itself and infect multiple files and then spread to a new PC
What is a worm?
A virus that replicates, not infects, files and then spread to another computer
What is a Trojan virus
Appears to be legitimate but actually gains unauthorized access
What is a botnet?
Network of computers controlled by cyber criminals
What is Keystroke Logging
The secret monitoring of keyboard presses
What is form grabbng?
Interception of data submitted to web browsers, collects it before it passes over the internet and then sent to criminals
What does DDoS stand for?
Distributed Denial of Service
What is DDoS
Bombardment of requests t a system with the intention of immobilizing it
Prevention and Detection of DDoS attacks - What is impact analysis?
Spotting problems before they arrive
Prevention and Detection of DDoS attacks - Staff training?
Ensure staff are trained in recognizing attacks and password security
Prevention and Detection of DDoS attacks - Personal Devices and Portable Devices?
Encrypting data on personal devices
What is a firewall?
Systems that control the incoming and outgoing network traffic
What is a pen test?
Penetration test
What are the key components in the ‘Infrastructure’ Catalogue?
Users the help desk supports
Applications the help desk supports
Service level agreements
Hardware the help desk supports
What is follow the sun?
European support is based in Europe, then Asia in Asia and America in America. The support desk ‘follows the sun’
If ‘Round-The-Clock Support is required’ what 3 models are commonly used?
Follow-the-sun
Extended working hours
Partial outsourcing
What is extended working hours?
The single help desk is operated through shifts
What is partial outsourcing?
The overnight managing of the help desk is outsourced
What is the role of a KPI in a SLA
Key metrics for which limits are recorded against in a SLA.
How are KPIs presented?
Dashboard
Support Call Prioritization - Level one, what is it?
Help desk
What is the level 1 help desk responsible for (5)
- receiving, recording, prioritising and tracking service calls
- ensuring that SLA time targets are met
- monitoring and status-tracking of all incidents
- escalation and referral to other parts of the organisation
- first line support, and
- closing incidents with confirmation from the requestor
What happens during the level to of the Support call prioritization
Issues are analyzed and either sent back to level 1 or escalated to level 3
Support Call Prioritization - Level two, what is it?
Analyst
Support Call Prioritization - Level three, what is it?
Service Specialists
What is the relationships between service specialists and the user?
Service Specialists are kept hidden from the user.
Support Call Prioritization - Level four, what is it?
Management
What is a business Continuity Plan?
Ensuring a firm is able to recover from an emergency
What is Disaster Recover Plan (DRP)
The process of regaining access to the data to resume critical business operations
What is a Planning Committee?
A planning committee should be appointed to oversee the development, testing and implementation of the plan.
What is a warm site?
Transactions are written at two sites, the commincation is managed though ‘Log Shipping’
What is a cold site?
Spare server at a standby location. The data will be ‘cold’ so there will be some hours in getting the system up and running
What is a hot site?
An approach where transactions are written at many locations simultaneously. This means if one breaks the others can keep it going
What is ‘Log Shipping’
Used in warm site management to copy data from the primary to the secondary with a small latency. (5-15 mins)
How often should a testing procedure be executed?
Annually
Who is responsible for approving the disaster recovery plan?
Senior Management
What is a Version Control System (VCSs)
Version control systems (VCSs) are software applications that manage multiple revisions of the same unit of information
How often are change control meetings usually scheduled?
Weekly
What do Version Control System (VCSs) provide for a system?
An opportunity to ‘Roll back’ to a previous version
What is a change control meeting?
Meetings between all stakeholders to discuss business changes
For how long do firms not make changes before a release of their annual accounts
4 weeks
For how long do firms not make changes before the last week on any accounting month
1 week
