BUS-K 201: EXAM 1
22 Cards in this Set
Front | Back |
---|---|
system definition phase
|
cost and schedule feasibility are only an approximation or back of the envelope analysis
the purpose is to eliminate any obvious infeasible ideas as soon as possible
|
determining system
|
requirements is the most important phase in the systems development process
if the requirements are wrong the system will be wrong
if the requirements are determined completely and correctly, then design and implementation will be easier and more likely to result in success
|
system conversion
|
implies the process of converting business activity from the old system to the new
conversion can be to the new system only or it can be to the new system including new business
|
5 major challenges to systems development
|
The difficulty of determining requirements
one major purpose of the systems development process is to create an environment where difficult questions re asked and answered
Changes in requirements
aiming at a moving target
Difficulties involving scheduling and budgeting
how long to bu…
|
trade-off
|
is balancing 3 critical factors: requirements, cost and time
|
4 critical factors (Manage Development challenges):
|
Coordination
an accurate and complete WBS facilitates coordination, but no project ever proceeds exactly in accordance with the WBS
Diseconomies of scale
the number of possible interactions among team members rises exponentially wih the number of team members
Configuration control
Un…
|
configuration control
|
a set of management policies, practices and tools that developers use to maintain control over project resources such resources include documents, schedules, designs program code, test suites and any other shared resource needed to complete the project
|
unexpected event
|
critical people can change companies, hurricane may destroy an office, the company may have an bad quarter and freeze hiring just as the project is staffing up technology changes, competitors may do something that make sthe project may or less important or he company may be sold ad new ma…
|
information system security 4 elements
|
threat- a person or organization that seeks to obtain data or other assets illegally without the owners permission and often without the owners knowledge
vulnerability- an opportunity for threats to gain access to individual or organizational assests
ex. when you buy online you provide …
|
security threats and
loss
|
human errors and mistakes- accidental problems caused by both
computer crime- intentional or malicious violation against data, software or hardware
natural events and disasters- fires, floods, hurricanes, earthquakes, tsunamis, avalanches other acts of nature, initial loss of capability…
|
Unauthorized data disclosure by malicious activity
|
pretexting-the act of creating and using an invented scenario to trick a targeted victim into divulging information
phishing
spoofing- is a term for someone pretending to be someone else
sniffing
computer crime
|
denial of service
|
humans can inadvertently shut down a web server or corporate gateway router by starting a computationally intensive application
|
denial of service attacks
|
occur when a malicious hacker floods a web server ex. millions of bogus service requests
|
personal security safeguards
|
possible exception of cookie clearing all of them are low cost and easy to implement
take security seriously
create strong passwords/passphrases
use multiple passwords
do not send valuable data via email
use HTTPS as trusted
|
System specific security policy elements
|
A general statement of organization’s security program.
Issue-specific policy.
System-specific policy.
|
risk management
|
risk- threats and consequences we now about
uncertainty- things we do not know that we do not know
|
technical safeguards
|
identification and authentication
encryption
firewalls
malware protection
design for secure applications
|
malware
|
spyware and adware symptoms
slow system start up
sluggish system performance
many pop-up advertisements
suspicious changes to the taskbar and other system interfaces
unusual hard-disk activity
|
Key Escrow
|
Trusted party has a copy of encryption key
|
human safeguards
|
in house staff-position definition
separate duties and authorities
determine least privilege
document position sensitivity
Hiring and screening
dissemination and enforcement
Termination (friendly and unfriendly
non employee personnel
contract personnel
screening and security trai…
|
hot site
|
is a utility company that can take over another companies processing with no forewarning
they are expensive, organizations pay 250,000 or more per month for such services
|
cold site
|
provide computers and office spaces where customers install and manage systems themselves
train an rehearse cutover of operations from the primary center to the backup
|