WEEK 11 FINALS Flashcards
This are facts, text, images, sound or video that may or may not be useful for a particular task for a particular organization.
Data
It can take various forms, such as numbers, text, images, or any other type of input that can be encoded for processing.
Data
Data values stored for an object should be the correct values. data reflects the true and reliable state
Accurate
It contains the complete set of mandatory data items. (invalid, missing, unknown)
Complete
It means information is readily available whenever it is needed.
Timely
It is a uniformity of data stored from different locations. Do note that consistent data can still be wrong
Consistent
Information is easy to obtain or gain access to
Accessible
information provided should be related/suited to the purpose it is required.
Relevant
information should be short and clear
Concise
when properly managed, it becomes information and then knowledge.
Data
is normally defined as data whose form and content are appropriate for a particular use.
Information
is a combination of instincts, experiences, ideas, rules and procedures that guide actions and decisions.
Knowledge
What are the methods in converting data to knowledge
Summarizing
Formatting
Filtering
is one of the important tasks for an IT department of any organization since IT applications cannot be done without having the right data.
Data Management
Managing data is increasingly difficult due to the following factors:
-Most organizations require past data to be kept, while new data
need to be
- Added rapidly. Thus, the amount of data required increases exponentially with time.
- Most organizations also require an ever-increasing amount of external data.
- Data in most organizations are not stored centrally. They are collected by many individuals and departments and stored at various locations.
- Some of the data are not even available in digital format.
It is a process of collecting data from the data source
Data Collection
What are the 3 different data source
Internal Data Source
External Data Source
Personal Data
It is located within the organization and normally captured by the organizations information systems and stored in the database or physical files.
Internal Data Source
This are data about other organizations, especially our competitors. This data can be obtained from the organizations websites, annual reports and published brochures
External Data Source
This are data that belong to individuals within an organization.
Personal Data
is a collection of data organized to serve one or more application systems
Data Storage
What is the management of data inside a database is done by a software called ?
Data Base Management System (DBMS)
It acts as an interface between application systems and the database
Data Base Management System (DBMS)
Most popular type of DBMS, data are stored by using two dimensional tables.
Relational DBMS
Data are organized into a tree-like structure. The data are stored as records which are connected to one another through links.
Heirarchical DBMS
Database that subscribes to a model with information represented by objects.
Object Oriented DBMS
It is a repository of all of the data needed by the an organization.
Data Warehouse
Data are stored by subjects
Data Warehouse
The Data are stored by using similar method of coding
Data Warehouse
Data are kept for a long time so that they can be used for forecasting and comparisons.
Data Warehouse
Data are stored in a multi-dimensional structure so that data can be viewed and analyzed from different perspectives.
Data Warehouse
The process of developing this is done by extracting data from all possible data sources
Data Warehouse
It is a subset of a Data Warehouse
Data Mart
Once the data are stored inside the data warehouse or data marts, they can be analyzed.
Data Analysis
It is one of the most important techniques for data analysis that focuses on modelling and knowledge discovery.
Data Mining
Data mining techniques can be used to:
Automatically predict trends and behaviors
Automatically discover previously unknown patterns.
Information is easier to understand if it is represented graphically.
Data Visualization
An example of data visualization tool is ________.
Graphical Information System (GIS)
It is basically a computer-based system for capturing, checking, integrating, manipulating and displaying digitized maps.
Graphical Information System (GIS)
Another type of this is the virtual reality (VR), which enables people to share and interact in the same artificial environment.
Data Visualization
It is a technique that can be used for developing a level of understanding of the interaction of a system.
Modelling and Simulation
It is a simplified representation of a system in order to promote understanding of the real system.
Model
It is the manipulation of a model in such a way that it enables one to perceive the behavior of the system.
Simulation
Business Intelligence includes:
Reporting (KPIs, Metrics)
Automated Monitoring
OLAP
Dashboards
Scorecards
Ad Hoc query
A broad category of applications and technologies for gathering, storing, analyzing, sharing and providing access to data to help enterprise users make better business decisions.
Business Intelligence
Refer to computer-based techniques used in spotting, digging-out and analyzing business data
Business Intelligence
It can generally answer the questions: what happened; how many; how often; where exactly is the problem; what actions are needed.
Business Intelligence
It enables data to be analyzed in order to produce reports, predictions and alerts.
Business Intelligence Software Tools
These tools can also display information in graphical presentations.
Business Intelligence
What are the components of DMS
Metadata
Capture
Storage
Indexing
Retrieval
Integrationm
Distribution
Security
The description of a document. It may, for example, include the date the document was stored and the identity of the user storing it. The DMS may extract _______ from the document automatically or prompt the user to add metadata.
Meta data
Images of documents are normally captured by using scanners. Scanner software normally comes together with Optical Character Recognition (OCR) software, in order to convert digital images into machine readable text.
Capture
_____ of the documents often includes management of those same documents; where they are stored, for how long, migration of the documents from a storage media to another.
Storage
is the process of extracting important words from the documents’ contents. ________ exists mainly to support retrieval.
Indexing
______ the electronic documents from the storage.
Retrieval
Many DMS attempt to integrate document management directly into other applications, so that users may retrieve existing documents directly from the document management system repository, make changes, and save the changed document back to the repository as a new version, all without leaving the application.
Integration
A published document for _________ has to be in a format that cannot be easily altered.
Distribution
It is is vital in many document management applications. Compliance requirements for certain documents can be quite complex depending on the type of documents.
Security
is a process of identifying, selecting, organizing, disseminating, transferring and applying important information, expertise and experience that are part of the organization
Knowledge Management
is a system to help in the process of knowledge management.
Knowledge Management System
What are the two types of knowledge
Tactic knowledge
Explicity knowledge
is a type of knowledge that is not documented, but exists in the form of experiential learning of the organization
Tactic Knowledge
is the type of knowledge that has been documented in the form that it can be distributed to others.
Explicit Knowledge
What is the Technology to support knowledge management is called?
Knowware
is an integrated knowledge management system that combines communication, collaboration and storage technologies into one complete system.
Knowledge management Suite
What are the 6 Important Function of KMS?
(a) To help in the process of knowledge creation;
(b) To capture new knowledge and to represent it properly;
(c) To capture human insights in order to refine available knowledge;
(d) To store knowledge in a knowledge repository so that it can be accessed by members of the organisation;
(e) To update the knowledge so that it remains relevant and current;
(f) To disseminate
knowledge so that it can be shared by everybody in the organisation.
What are the types of threats (Unintentional Threats)
Human Error
Environmental Hazards
Computer System Failure
Theft of Data/ Equipment
Software Attacks
Internet Fraud
This remain a vulnerable link in the security chain. Human error often plays a crucial role in falling victim to phishing attacks. Phishing relies on tricking individuals into revealing sensitive information such as usernames, passwords, or financial details.
Human Error
Lack of cybersecurity education and awareness can lead individuals to inadvertently engage in risky behavior. This includes clicking on suspicious links, downloading malicious files, or unknowingly sharing sensitive information.
Insufficient Training and Awareness
Events such as earthquakes, floods, hurricanes, tornadoes, or wildfires can cause physical damage to data centers, servers, and networking equipment. This damage may lead to service disruptions, data loss, and prolonged downtime.
Environmental hazards
Power disruptions, whether caused by natural disasters, accidents, or technical failures, can impact the availability and reliability of computer systems. Unexpected power outages may lead to data corruption, loss of transactions, and potential security vulnerabilities.
Power Outages
System failures, whether due to hardware malfunctions or software bugs, can lead to downtime and disrupt services. During these periods, organizations may be more susceptible to security threats, as normal security controls and monitoring may be compromised or unavailable.
Computer System Failure
Intruders may gain access to computer systems or networks to steal sensitive data. This could involve exploiting vulnerabilities, using stolen credentials, or conducting sophisticated cyber attacks.
Theft of Data/ Equipment
Devices such as laptops, smartphones, servers, or external storage devices can be physically stolen. This can result in the loss of both the device and any data stored on it.
Physical Theft
cyber attacks, are malicious activities carried out by individuals or groups with the intent to compromise the security, integrity, or availability of computer systems, networks, or data. These attacks exploit vulnerabilities in software applications, operating systems, or other digital components.
Software Attacks
Victims are asked to pay a fee upfront with the promise of a larger reward in the future. Common examples include lottery scams and inheritance scams.
Internet Fraud
Perpetrators build romantic relationships online and then exploit their victims emotionally and financially.
Romance Scams:
Cybercriminals steal and misuse personal information, such as Social Security numbers, credit card details, or bank account information, to commit fraud.
Stolen Personal Information
It can be defined as criminal activity involving an information technology infrastructure.
Computer Crimes
It can be carried out either by outsiders or insiders.
Computer Crimes
What is an an outsider who penetrates a computer system is called
Hacker
it is a term used to describe a malicious hacker, who penetrates a computer system in order to commit a crimes.
Cracker
What are the types of Attackers
Amatuers
Hackers
Organized Hackers
These people are sometimes called Script Kiddies. They are usually attackers with little or no skill, often using existing tools or instructions found on the Internet to launch attacks.
Amateurs
This group of attackers break into computers or networks to gain access. Depending on the intent of the break-in, these attackers are classified as white, gray, or black hats.
Hackers
These hackers include organizations of cyber criminals, hacktivists, terrorists, and state-sponsored hackers.
Organized Hackers
Some of them are just curious, while others are trying to demonstrate their skills and cause harm. They may be using basic tools, but the results can still be devastating. Script kiddies are individuals with limited technical skills who use pre-written scripts or tools to launch attacks. They often lack in-depth knowledge and may target systems opportunistically.
Amatuers
usually groups of professional criminals focused on control, power, and wealth. The criminals are highly sophisticated and organized, and they may even provide cybercrime as a service to other criminals.
Organized Hackers
make political statements to create awareness to issues that are important to them.
Hacktivist
attackers gather intelligence or commit sabotage on behalf of their government. These attackers are usually highly trained and well-funded, and their attacks are focused on specific goals that are beneficial to their government.
State Sponsored Hackers
They are also known as an ethical hacker, is an individual who uses their skills in computer security to identify and address vulnerabilities in computer systems, networks, and applications. White hat hackers work with the permission of the system owner to improve security and protect against potential cyber threats.
White Hat Hackers
hackers that exploit vulnerabilities in computer systems, networks, or applications for personal gain, financial motives, or to cause harm. Their activities are typically illegal and unethical, and they may be involved in various cybercrimes.
Black Hat Hackers
A gray hat hacker is someone who falls in between the categories of ethical “white hat” hackers and potentially malicious “black hat” hackers. Gray hat hackers may engage in activities that are not strictly authorized, but their intentions are not purely malicious. They might discover and exploit security vulnerabilities without permission, but their goal is often to raise awareness and prompt improvements in cybersecurity rather than causing harm or personal gain.
Grey Hat Hackers
Types of Organzied Hackers
Cyber Criminals
Hacktivits
State sponsored attackers
allows the attacker to take control over a device without the user’s knowledge. With that level of access, the attacker can intercept and capture user information before relaying it to its intended destination.
MitM (Man-in-the-middle)
This attacks are widely used to steal financial information.
MitM (Man-in-the-middle)
Many malware and techniques exist to provide attackers with ______ capabilities
MitM (Man-in-the-middle)
It is Short for Malicious Software
Malware
is any code that can be used to steal data, bypass access controls, or cause harm to, or compromise a system. designed to harm, exploit, or compromise computer systems, networks, or devices.
Malware
It can take various forms, and its objectives range from stealing sensitive information to disrupting the normal operation of a system
Malware
What are the symptoms of malware
Increase CPU Usage
Decrease CPU Speed
Email Sent w/o Consent
Unknown File Presence
Computer Freezes/ Crashes
Files Deleted/ Modified
Unknown Process Running
Network Connection Probem
Some types of malware, such as crypto-mining malware, may cause a significant increase in CPU usage. This occurs when the malware uses the infected system’s computational resources to mine cryptocurrency, resulting in higher CPU utilization and slower system performance
Increase CPU Usage
Malware or unwanted programs can negatively impact system performance, leading to a decrease in CPU speed. This can manifest as slower response times, delays in executing commands, and overall sluggishness.
Decrease CPU Speed
Emails being sent from your account that you did not initiate or are unaware of. Malware may access and manipulate your contacts, adding or modifying entries.
Email Sent w/o Consent
Determine where the file came from. Check recent downloads, email attachments, or any external storage devices you may have connected to your computer.
Unknown File Presence
is an access attack that attempts to manipulate individuals into performing actions or divulging confidential information.
Social engineering
They often rely on people’s willingness to be helpful but also prey on people’s weaknesses.
Social engineers
This is when an attacker calls an individual and lies to them in an attempt to gain access to privileged data. An example involves an attacker who pretends to need personal or financial data in order to confirm the identity of the recipient.
Pretexting
This is when an attacker quickly follows an authorized person into a secure location.
Tailgating
It also known as piggybacking.
Tailgating
This is when an attacker requests personal information from a party in exchange for something, like a free gift.
Something for Something (Quid pro quo)
Is the process of discovering the password used to protect a wireless network.
Wifi Password Cracking
A fraudulent email disguised as being from a legitimate trusted source
Phishing
An attack from this results in some sort of interruption of network service
Denial of Service (DoS)
Similar to a DoS attack but orginates from multiple, coordinated sources.
Disrupted DoS (DDoS)
Increase traffic to malicious sites that may host malware or perform social engineering.
SEO Poinsoning
Attacks that use multiple techniques to compromise a target.
Blended attack
Wifi passwords cracking can be achieved thru:
Social engineering
Brute-force attacks
Network sniffing
Wi-Fi password cracking
Phishing
Denial-of-Service (DoS)
SEO Poisoning
The attacker manipulates a person who knows the password into providing it.
Social engineering
The attacker tries several possible passwords in an attempt to guess the password. Brute-force attacks usually involve a word-list file
Brute-force attacks
By listening and capturing packets sent on the network, an attacker may be able to discover the password if the password is being sent unencrypted (in plain text).
Network sniffing
is the process of discovering the password used to protect a wireless network.
Wi-Fi password cracking
is when a malicious party sends a fraudulent email disguised as being from a legitimate, trusted source. The message intent is to trick the recipient into installing malware on their device, or into sharing personal or financial information.
Phishing
attacks are a type of network attack. A DoS attack results in some sort of interruption of network service to users, devices, or applications.
Denial-of-Service (DoS)
The most common goal of this is to increase traffic to malicious sites that may host malware or perform social engineering.
SEO Poisoning
To force a malicious site to rank higher in search results, attackers take advantage of popular search terms.
SEO Poisoning
SEO poisoning is also known as?
Search Engine Poisoning
It is a cyber attack technique that involves manipulating search engine results to drive traffic to malicious websites.
SEO Poisoning
is a process where a criminal poses as someone else
Identity Theft
Using another’s identity to obtain goods and services
Financial Identity Theft
Pretending to be another person when apprehended for a crime
Criminal Identity Theft
Using another’s information to assunme his/her identity in daily life
Identity Cloning
Using another’s business name to obtain credit.
Business Identity Theft
What are the ways to protect your computing device?
Keep Firewall On
Use Antivirus and Antispyware
Update and Install Patches
Encrypt Data
Authentication and Authorization
Back Up Data
Don’t Share much on Social Media
OAuth
acts as a barrier between your computer or network and the internet, monitoring and controlling incoming and outgoing network traffic based on predetermined security rules.
Firewall
software helps protect your computer from various types of malicious software, commonly known as malware. Malware includes viruses, worms, trojan horses, ransomware, spyware, adware, and other types of harmful software that can compromise the security and functionality of your computer.
Antivirus and Antispyware
fingerprint, palm print, as well as facial or voice recognition
Biometric scan
Two Factor Authentication - Physical object - credit card, ATM card, phone, or fob
Authentication and Authorization
It converts plain text into unreadable, encoded text, and the original data can only be restored with the proper decryption key.
Encryption
Software developers regularly release updates and patches to address vulnerabilities, enhance features, and improve overall performance.
Update and Install Patches
is an open standard protocol that allows an end user’s credentials to access third party applications without exposing the user’s password. OAuth acts as the middle man to decide whether to allow end users access to third party applications
Oauth - Open Authorization (OAuth)
Ways of protecting Information Resources
System Control
Data Control
Application Control
Physical protection of the computer hardware from being stolen;
System Control
Restriction of unauthorized access to computer system;
System Control
Establishment of firewall to protect the access to the local network; and
System Control
Installation of antivirus software.
System Control
Data safety and data security.
Data Control
Enforcement of regular backup;
Data Control
Plan for disaster recovery;
Data Control
Restriction of access to data center.
Data Control
are meant to protect specific applications from unauthorized or illegal access.
Application Control
