Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
81 Cards in this Set
- Front
- Back
use sophisticated statistical techniques, regression analysis, and decision tree analysis
used to discover hidden patterns and relationships market-basket analysis |
data-mining systems
|
|
create value by collecting and sharing human knowledge about products, products uses, best practices, other critical knowledge
used by employees, managers, customers, suppliers, others who need access to company knowledge |
knowledge management systems
|
|
encapsulates knowledge in form of "if/then" rules
can have thousands of rules can improve diagnostic and decision quality of nonexperts |
expert systems
|
|
popular bi tools
|
reporting tools
data-mining tools knowledge management tools |
|
raw data usually unsuitable for sophisticated reporting or data mining
dirty data values may be missing inconsistent data non-integrated data wrong granularity |
what problems do operational data pose for bi systems
|
|
mistakes in spelling or punctuation, incorrect data associated with a field, incomplete or outdated data or even data that is duplicated in the database
|
dirty data
|
|
curse of dimensionalty
1. problem caused by the exponential increase in volume associated with adding extra dimensions to a (mathematical) space 2. too many rows or data points |
too much data causes...
|
|
unintentional human errors and mistakes
malicious human activity natural events and disasters |
security threats
|
|
accidental problems-- deletions, copyovers, operating errors
poorly written programs poorly designed procedures physical accidents-- driving forklift through computer room wall |
unintentional human errors and mistakes
|
|
intentional destruction of programs, hardware, and data by employees
insider attacks from disgruntled employees hackers virus and worm writers criminals terrorists |
malicious human activity
|
|
fires, floods, hurricanes, earthquakes, tsunamis, avalanches, tornados
initial losses of capability (loss of sales and services, purchase and payment data, software and hardware) |
natural events and disasters
|
|
cost of replacing and recovering data, reconstructing facilities, lost customers, law suits/legal costs
|
secondary losses
|
|
unauthorized data disclosure
|
human error
malicious release |
|
posting private information in public place
placing restricted information of searchable web sites inadvertest disclosure during recovery |
human error
|
|
malicious release
|
pretexting
phishing spoofing sniffing/drive by sniffing network tap |
|
pretending to be someone else via phone call
|
pretexting
|
|
pretexting using email
|
phishing
|
|
disguising as a different IP address or different email sender
|
spoofing
|
|
searching for unprotected or WEP wireless networks
|
sniffing/drive by sniffing
|
|
breaking into networks
slicing into cables using a client network |
network tap
|
|
human errors (incorrect entries and information, procedural problems)
incorrect data modifications (systems errors) hacking faulty recovery actions |
incorrect data modifications
|
|
incorrect systems operations
incorrect data modification incorrectly sending wrong goods to customer or goods to wrong customer incorrect billing programming errors errors in hardware, software, program, data installation usurpation |
faulty service
|
|
unauthorized program or update replaces legitimate/approved program
|
usurpation
|
|
denial of service
|
human error
malicious denial of service attacks |
|
inadvertently shut down web server, gateway router with computationally intensive application
ie: OLAP application that uses operational DBMS blacks order-entry transaction |
human error
|
|
flood web server with millions of requests for web pages
computer worms natural disasters |
malicious denial of service attacks
|
|
accidental (bulldozer cutting fiber optic cable, floor buffer bangs web server, water line breaks damage hardware)
theft (disgruntled employee steals hardware) terrorist (bombs computer center) natural disasters (floods, tornadoes, hurricanes, fire, earthquakes) |
loss of infrastructure
|
|
senior management involvement
safeguards incident response |
elements of a security program
|
|
must establish security policy
manage risk (balancing costs and benefits of security program) |
senior management involvement
|
|
protections against security threats
|
safeguards
|
|
must plan for prior to security incidents
|
incident response
|
|
identification and authentication
encryption firewalls malware protection design for secure applications |
primary technical safeguards
|
|
1. what you know (password, pin)
2. what you have (smart card, ID card) 3. what you are (biometric) |
authentication methods
|
|
identification
|
user name
|
|
authentication
|
password
|
|
microchip embedded with identifying data
authentication by personal identification number |
smart card
|
|
fingerprints, facial scans, retina scans
|
biometric authentication
|
|
authenticate to network and other servers
|
single sign on for multiple systems
|
|
1. your computer obtains public key of web site
2. your computer generates key for symmetric encryption 3. your computer encrypts symmetric key using web site's public key 4. web site decodes your message using its private key. obtains key for symmetric encryption 5. all communications between and web site use symmetric encryption |
encryption
|
|
computer device that prevents unauthorized network access
may be special purpose computer or program on a general purpose computer |
firewalls
|
|
perimeter firewalls sit outside organizational network
internal firewalls are inside network packet filtering firewalls examine each part of a message before allowing message to pass may filter both incoming and outgoing messages |
organizations may have multiple firewalls
|
|
encodes rules stating which IP addresses are allowed into or prohibited from the network
|
access control list
|
|
types of malware
|
spyware programs
adware |
|
install without users knowledge
reside in background, monitor user actions, keystrokes, computer activity used for marketing analysis |
spyware programs
|
|
similar to spyware without malicious intent
watches users activity, produces pop up ads, changes window, modifies search results can slow computer performance remove with anti programs |
adware
|
|
install antivirus and anti spyware programs
set anti malware programs to scan frequently (scan hard drive and emaill) update malware definitions regularly open email attachments only from known sources (90% of all viruses spread by email attachments) install updates promptly and only from legitimate sources browse only reputable internet neighborhoos |
malware safeguards
|
|
be sure that your company designs and builds systems with security as a requirement
|
design for secure applications
|
|
how can data safeguards protect against security threats?
|
data administration
database administration |
|
organization wide function
develops data policies enforces data standards |
data administration
|
|
ensures procedures exist for orderly multi-user processing
controls changes to database structure protects the database |
database administration
|
|
define data policies
data rights and responsibilities rights enforced by user accounts authenticated by passwords protect sensitive data with encryption (key escrow-- copy of encryption key held by trust party) backup and recovery procedures physical security |
data safeguards
|
|
human safeguards for employees
hiring and screening employees dissemination and enforcement termination |
safeguards for employees
|
|
position definitions
define job tasks and responsibility separate duties and authorities grant least possible priveleges document security sensitivity |
human safeguards for employees
|
|
extensive interviews and background checks for high sensitivity positions for new hires and employees being promoted
|
hiring and screening employees
|
|
make employees aware of security policies and procedures
general training for new employees position specific training for promoted emplyees enforcement factors (responsibility, accountability, compliance) management attitude expressed in word and deed |
dissemination and enforecement
|
|
establish security policy and procedures
standard human resources policies for "friendly" terminations (remove accounts, passwords on last work day, recover all keys for encrypted data, recover all door keys and pass cards, ID badges) unfriendly terminations (remove accounts, passwords prior to notifying employee of termination, security officer cleans out person's desk or watches, accompany person off premises) |
termination
|
|
temporary personnel and vendors
public users protect partners and public that receive benefits from system from internal company security problems |
human safeguards for nonemployee personnel
|
|
screen personnel
training and compliance contract should include specific security provisions provide accounts and passwords with the least privileges |
temporary personnel and vendors
|
|
hardening web site and facility
take extraordinary measures to reduce system's vulnerability |
public users
|
|
account management procedures
password management help desk policies |
account administration
|
|
creation of new accounts, modification of existing accounts, removal of terminated accounts
users need to provide early, timely notification of account change needs users and business manager need to inform IT to remove accounts |
account management procedures
|
|
user-signed acknowledgment forms
change passwords frequently |
password management
|
|
authentication of users who have lost password
password should not be emailed |
help desk policies
|
|
information systems procedure types
|
normal operations
backup recovery |
|
each procedure type should be standardized
procedures exist for users and operations personnel (procedures vary by duties and responsibilities) systems analysts develop procedures for system recovery |
information systems safety procedures
|
|
activity log analyses
security testing investigation of incidents learn from incidents review and update security and safeguard policies |
security monitoring
|
|
firewall logs
dbms log in records web server logs |
activity log analyses
|
|
in house and external security professionals
|
security testing
|
|
how did the problem occur?
|
investigation of incidents
|
|
indication of potential vulnerability and needed corrective actions
|
learn from incidences
|
|
best safeguard is choose appropriate location for infrastructure
backup processing centers in geographically removed sites create backups for critical resources |
necessary for disaster preparedness
|
|
substantial loss of infrastructure caused by acts of nature, crime, or terrorism
|
disaster
|
|
avoid placing where prone to floods, earthquakes, tornadoes, hurricanes, avalanches, car accidents
do not place in unobtrusive buildings, basements, backrooms, physical perimeter fire-resistant buildings |
best safeguard is choose appropriate location for infrastructure
|
|
contract with hot site or cold site provider
a hot site provides all equipment needed to continue operations there a cold site provides space but you have set up and install equipment |
create backups
|
|
how should organizations respond to security incidents
|
have a plan in place
centralize reporting specific responses (speed, preparation pays, don't make problems worse) PRACTICE! |
|
SELECT
|
Here you list all the columns as well as all calculated values that you want to see in the query result. They need to be separated by commas. You may also use aggregate functions (e.g., SUM, COUNT), but if you have columns in addition to an aggregate function(s), all those columns should be listed in the GROUP BY.
|
|
FROM
|
Here you list all the tables that you need to use (separated by commas). Do not list any table that you don’t need, because that would slow down the performance. Make sure that you join all the tables in the WHERE clause appropriately.
|
|
WHERE
|
Here you list all conditions separated by either AND or OR. AND takes precedence over OR, but you can change that using parantheses. Table joins are conditions, so they need to be listed here. Typically, if you are joining x number of tables, you need x-1 joins. Conditions involving dates and other columns also go in here.
|
|
GROUP BY
|
Only needed if you have columns in addition to an aggregate function(s) in the SELECT, because in that case you need to group rows according to those columns to be able to do the aggregation. The list of columns in the SELECT should match those in GROUP BY.
|
|
having
|
Only needed if GROUP BY is used and you have a condition that involves an aggregate function (e.g., AVG(price) > 20). It is used to eliminate some of the groups as defined in the GROUP BY.
|
|
order by
|
Use this if you need to sort columns by a column or a set of columns. Default is ascending; use DESC for descending. If you need to sort by multiple columns, separate those columns with a comma and list them in the right order (e.g., “ORDER BY State, City” would sort the columns first by state and then by city, both in ascending order).
|