MIST 2090: EXAM 3
57 Cards in this Set
| Front | Back |
|---|---|
|
Systems Analysis and Design
|
the process of completing an IS project4 Essential Ingredients:People, Methodology, Management, Tools
|
|
People
|
IS project team; Stakeholders
|
|
Methodology
|
provides a framework for both the management and technical processes of an IS project, Waterfall model, Evolutionary model, Agile model
|
|
Waterfall Model
|
sequential
|
|
Evolutionary Model
|
clear end and beginning (prototyping)
|
|
Agile Model
|
break into small chunks; burn through as quickly as possible
|
|
Project
|
temporary endeavor that has a defined start and end point and is undertaken to create a unique product, market or unit
|
|
Project Management in IS
|
Project scope, resources needed, time
|
|
Risk Management
|
recognize, address and eliminate sources of risk before they become a threat to the successful completion of the project
|
|
Responses to Risk
|
Risk Transfer, Risk Deferral, Risk Reduction, Risk Acceptance, Risk Avoidance
|
|
Risk Transfer
|
move risk to someone else; someone better able to deal
|
|
Risk Deferral
|
adjust schedule to move activity to a later date when the risk is less
|
|
Risk Reduction
|
reduce probability of risk
|
|
Risk Acceptance
|
accept the risk, but make sure contingency plans are in place
|
|
Risk Avoidance
|
eliminate risk entirely
|
|
Tools of Risk Management
|
1. Project Management Software2. Computer Aided Software Engineering Tools
|
|
Risk Assessment
|
Risk Identification, Risk Estimation, Risk Evaluation, Risk Mitigation
|
|
Risk Identification
|
identification of factors that can cause potential loss
|
|
Risk Estimation
|
estimation of the likelihood and impact of the risk
|
|
Risk Evaluation
|
comparison of potential risks to risk acceptance/tolerance criteria and prioritization
|
|
Risk Mitigation
|
determination of how to address high priority risk
|
|
Disaster Recovery
|
how do we rebuild our IS when they are destroyed or rendered incapable
|
|
Business Continuity Planning
|
how do we restore business operations when an event disrupts our ability to undertake business processes
|
|
Questions Asked Before Acquiring an IS
|
1. Is there a distinct need?2. Is it feasible?3. make, buy, lease?4. Do we develop In-House or Outsource?
|
|
Feasibility Analysis
|
Looking at the Technical, Financial and Operational factors to determine if an IS is feasible
|
|
Organizational
|
Stakeholder analysis
|
|
Financial
|
cost/benefit analysis (tangible and intangilble)
|
|
Development Choices
|
Acquisition, Leasing, Building
|
|
Acquisition
|
Advantages: faster, less costly than buildingDisadvantages: little or no competitive advantage, may need to compromise on features
|
|
Leasing
|
Advantages: lowest cost and fastest, vendors handle maintenance and updates, does not require IS staffDisadvantages: no competitive advantage, no control over features
|
|
Building
|
Advantages: provides competitive advantage, retain controlDisadvantage: longest time, highest cost
|
|
Open-Source
|
source code can be modified by anyone or a select group
|
|
Closed-Source
|
Proprietary software is computer software licensed under exclusive legal right of the copyright holder.
|
|
In-House
|
Advantage: firm retains controlDisadvantage: higher time and cost
|
|
Outsourcing
|
Advantage: higher level of skill and expertise w/ lower time and costDisadvantage: less control over project
|
|
Systems Development Life Cycle
|
Pre-Inception, Inception, Elaboration, Construction, Transition, Production, Retirement
|
|
Pre-Inception
|
the environment within the organization that fosters an idea for how US can be beneficial
|
|
Inception
|
organization has a concrete idea to build an IS. Focus is on understanding problem and planning project
|
|
Elaboration
|
systems team finalizes requirements for system and creates conceptual models of the systems
|
|
Construction
|
team build initial runny party
|
|
Transition
|
team finalizes system and puts it in place. Final training of users and management completion
|
|
Production
|
after system is up and running, it must be monitored, maintained and evaluated. System must be keep date
|
|
Retirement
|
system loses its value to company and must be replaced
|
|
Personally Identifiable Information
|
any information that can be used to uniquely or individually identify, contact, or locate a single person
|
|
PII in Use
|
Good:online payments, air travel, university gradingBad: identity theftcredit card fraud
|
|
Privacy Policies
|
3 Main Purposes:1. Provide assurance that info will be confidential2. Outline exactly what info will be shared3. Protect the organization from lawsuit
|
|
CIAs of Security
|
Confidentiality: deals with preventing disclosure of info to unauthorized individualsIntegrity: keeping data intact and retaining an audit trail of modifications to dataAvailability: the system is online and accessible to users
|
|
Security Breaches
|
Unintended disclosureHacking and malwarePayment Card FraudInsiderLoss of Asset
|
|
Unintended Disclosure
|
sensitive info is provided to unauthorized parties
|
|
Hacking/Malware
|
electronic entry by an outside parts
|
|
Payment Card Fraud
|
fraud involving debit/ credit cards not accomplished via hacking
|
|
Insider
|
individual with legitimate access intentionally breaches security
|
|
Social Engineering
|
involves manipulating people into performing actions or divulging information
|
|
Spoofing
|
websites pretending to be someone they are not
|
|
Phishing
|
"fishing" for PII which may use spoofish as a technizue
|
|
Prevention
|
automates, less expensive to maintaingAccess: who needs access to systemAuthorization: asking for permission before performing action
|
|
Detection
|
occurs after incident happens, more $ to maintain
|
MIST 2090: EXAM 3