Help
Options
Didn't know it?
click below
click below
Knew it?
click below
click below
Don't Know
Remaining cards (0)
Know
retry
shuffle
restart
0:00
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
BAIS 309 Test 4
Chapter 10,11,12 definitions
| Term | Definition |
|---|---|
| Intrusion Detection System | a computer program that senses when another computer is attempting to scan or access a computer or network |
| Security policies | specifics of a policy depend on whether the organization is governmental or nongovernmental, publicly held or private, organization’s industry, relationship of management to employees, and other factors |
| Encryption | process of transforming clear text into coded, unintelligible text for secure storage or communication |
| Key | strings of bits used to encrypt data |
| Firewalls | computing device that prevents unauthorized access |
| Packet-filtering firewall | examines each part of a message and determines whether to let that part pass. To make this decision, it examines source address, destination address(es), and other data |
| Payload | program code that causes unwanted activity. It can delete programs or data, or modify data in undetected ways |
| Spyware | programs are installed on the user’s computer without the user’s knowledge or permission. It resides in the background and, unknown to the user, observes user’s actions and keystrokes |
| SQL injection attack | user enters SQL statement into a form instead of a name or other data |
| PCIDSS | protects credit card data |
| GLB | protects consumer financial data |
| HIPAA | protects health information |
| FERPA | protects student information |
| Data safeguards | protect databases and other organizational data. Two organizations units are responsible for data safeguards |
| Data administration | refers to an organization-wide function that is in charge of developing data policies and enforcing data standards |
| Hardening | a site means to take extraordinary measure to reduce a system’s vulnerability |
| Security Monitoring | who is looking at logs?- list of people trying to access the system, who could potentially attack |
| Honeypots | fake asset to attract hacker, makes them jump through more hoops, good way to monitor and catch people trying to access the system |
| Centralized reporting | if there is a breach, should only go to one person in an organization so problem doesn't spread throughout company |
| Systems Analyst | work with users to determine system requirements, design and develop job descriptions and procedures, and help determine system test plans |
| Programmer | design and write computer programs |
| Business Intelligence Analyst | collaborate with cross-functional teams on projects and analyze organizational data |
| Business Analyst, IT | work with business leaders and planners to develop processes and systems that implement business strategy and goals |
| Outsourcing | process of hiring another organization to perform services |
| Threat | person or organization seeks to obtain data or other assets illegally, without owner’s permission and often without owner’s knowledge |
| Vulnerability | opportunity for threats to gain access to individual or organizational assets; for example, when you buy online, you provide your credit card data, and as data is transmitted over internet, it is vulnerable to threats |
| Safeguard | measure individuals or organizations take to block threat from obtaining an asset; not always effective, some threats achieve their goal in spite of safeguards |
| Target | asset desired by threat |
| Faulty Service | problems caused by incorrect system operation |
| Usurpation | occurs when computer criminals invade a computer system and replace legitimate programs with their own unauthorized ones that shut down legitimate applications and substitute their own processing to spy, steal, and manipulate data, or for other purposes |
| Application | a combination of hardware, software, and data components that accomplishes a set of requirements |
| Business Process | a network of activities, repositories, roles, resources, and flows that interact to accomplish a business function |
| Activities | collections of related tasks that receive inputs and produce outputs |
| Repository | a collection of something |
| Inventory | a physical repository |
| Database | a data repository |
| Roles | collections of activities |
| Resources | people or computer applications that are assigned to roles |
| Control Flow | directs the order of activities |
| Data Flow | shows the movement of data among activities and repositories |
| Business Process Management (BPM) | a cyclical process for systematically creating, assessing, and altering business processes |
| Systems Development Life Cycle (SDLC) | the traditional process used to develop information systems and applications |
| Swim Lane | each role in the business process is shown its own lane |
| Cost Feasibility | assess whether benefits justify the estimated development and operational costs |
| Schedule Feasibility | assess whether the project can be completed in a given time |
| Technical Feasibility | assess whether existing technology is able to meet the needs of the new system |
| Organizational Feasibility | assess whether new system fits within current organizations culture |
| Test Plan | a formal description of the system’s response to use and misuse scenarios, is written |
| Pilot | implement entire system in limited portion of business; limits exposure to business if system fails |
| Phased | system installed in phases or modules; each piece is installed and tested |
| Parallel | complete new and old systems run simultaneously; very safe, but expensive |
| Plunge | high risk if new system fails; only used if new system not vital to company operations |
| Work breakdown structure (WBS) | a hierarchy of the tasks required to complete a project |
| Gantt chart | shows tasks, dates, and dependencies |
| Critical path | the sequence of activities that determine the earliest date by which the project can be completed |
| Brooks’ Law | adding more people to a late project makes the project later |
| Diseconomies of Scale | occurs when adding more resources creates inefficiencies |
| Configuration Control | a set of management policies, practices, and tools that developers use to maintain control over the project's resources |
| Scrum | an agile technique |
| Paired Programming | where two team members share the same computer and write a computer program together |
| Velocity | the total number of points of work the team can accomplish each scrum period |
Created by:
user-2003465