Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
150 Cards in this Set
- Front
- Back
- 3rd side (hint)
Shodan has become a critical tool for security researchers, law enforcement officials, and hackers searching for devices that should not be on the Internet or that are vulnerable to being hacked. |
True |
Ch: 7 Information Security Sec: Intro Information Security Overview & Opening Case |
|
Information security is only important to large businesses. |
False |
Ch: 7 Information Security Sec: Intro Information Security Overview & Opening Case |
|
A security breach is inexpensive for a corporation. |
False |
Ch: 7 Information Security Sec: Intro Information Security Overview & Opening Case |
|
What was the problem in the opening case : Shodan: Good Tool of Bad Tool? |
Jim Smith's baby monitor was hacked and someone was able to see his child through the baby monitor screen and tell the baby to wake up through the monitor's speakers because the monitor allows for the user to remotely control the device via internet and all the hacker need was the username "admin" to do this. |
Ch: 7 Information Security Sec: Intro Information Security Overview & Opening Case Hint: "Wake up" |
|
What is Shodan and what does it do? |
A search engine that crawls the internet searching for devices, many of which are programmed to answer. |
Ch: 7 Information SecuritySec: Intro Information Security Overview & Opening Case |
|
What is a major problem with security? |
Software tools that are valuable to defenders are just as valuable to attackers. |
Ch: 7 Information Security Sec: Intro Information Security Overview & Opening Case Hint: In terms of software tools. |
|
Define Security. |
The degree of protection against criminal activity, danger, damage, and/or loss. |
Ch: 7 Information Security Sec: .7.1 Introduction to Information Security Hint: the _____ of protection against ____ ______, _____, ____, and/or ___. |
|
Define Information Security. |
Protecting an organization's information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction. |
Ch: 7 Information Security Sec: .7.1 Introduction to Information Security Hint: Protecting a(n) organization's ______ and ______ from _____, ____, ____, ____, ____, or ____. |
|
Define Threat. |
Any danger to which a system may be exposed. |
Ch: 7 Information Security Sec: .7.1 Introduction to Information Security Hint: Any ____to which a ____may be _______. |
|
Define Exposure. |
The harm, loss, or damage that can result if a threat compromises an information resource. |
Ch: 7 Information Security Sec: .7.1 Introduction to Information Security Hint: The ___, ___, or ___that can result if a ____compromises an information resource. |
|
Define Vulnerability. |
The possibility that the information resource will be harmed by a threat. |
Ch: 7 Information Security Sec: .7.1 Introduction to Information Security Hint: The _____that the ____ will be ____by a ___. |
|
What are 5 key factors that contribute to the increasing vulnerability of organizational information resources? |
1. Today's interconnected, interdependent, wirelessly networked business environment. 2. Smaller, faster, cheaper computers & storage devices 3. Decreasing skills necessary to be a computer hacker. 4. International organized crime taking over cybercrime. 5. Lack of management support. |
Ch: 7 Information Security Sec: .7.1 Introduction to Information Security Hint: 1) What kind of environment? 2) What kind of storage devices? 3) How do you need to know in order to be hacker now-a-days? 4) Who's taking over what (a specific internet-based crime)? 5) Lack of what? |
|
Define Cybercrime. |
Illegal activities executed on the internet. |
Ch: 7 Information Security Sec: .7.1 Introduction to Information Security Hint: _____ ______executed on the ____. |
|
Who is iDefense and what do they do and what have they said about well-organized criminal organizations? |
iDefense is a company that specializes in providing security information to governments & Fortune 500 companies. They said that groups of well-organized criminal organizations have taken control of a global billion-dollar crime network. |
Ch: 7 Information Security Sec: .7.1 Introduction to Information Security Hint: 1) what kind of group are THEY? 2) What is their specialty? 3) How big of a network has been taken over by certain kinds of groups? |
|
The computing skills necessary to be a hacker are becoming more sophisticated due to the enhanced security features installed on computers. |
False |
Ch: 7 Information Security Sec: .7.1 Introduction to Information Security |
|
Cybercrime losses tend to be smaller than white-collar crime losses because white-collar employees often have access to an organization’s cash. |
False |
Ch: 7 Information Security Sec: .7.1 Introduction to Information Security |
|
An information system exposure is ______________________. A) any danger to an information resource B) the possibility that an information resource will be lost or damaged C) the potential loss or damage to an information resource D) none of the choices are correct |
C) the potential loss or damage to an information resource |
Ch: 7 Information Security Sec: .7.1 Introduction to Information Security |
|
The higher the level of employee, the greater the threat the employee poses to information security. |
True |
Ch: 7 Information Security Sec: .7.2 Unintentional Threats to Information Systems |
|
Human mistakes that can lead to information security threats include all of the following EXCEPT ___________. A) opening questionable e-mails B) All of these choices can lead to information security threats. C) carelessness with discarded equipment D) poor password selection |
B) All of these choices can lead to information security threats. |
Ch: 7 Information Security Sec: .7.2 Unintentional Threats to Information Systems |
|
Social engineering refers to an attack where the perpetrator uses social skills to trick or manipulate a legitimate employee into providing confidential company information such as passwords. |
True |
Ch: 7 Information Security Sec: .7.2 Unintentional Threats to Information Systems |
|
Social engineering is an attack on information security that is perpetrated by ____________. A) someone impersonating a manager or an IT employee to gather information or passwords over the phone B) someone who uses social media, e.g., Facebook or LinkedIn, to gather private information about a company in a social conversation C) all of the choices are social engineering D) someone who poses as a technician to gain access to offices and gather information about people or activities |
C) all of the choices are social engineering |
Ch: 7 Information Security Sec: .7.2 Unintentional Threats to Information Systems |
|
What is considered an unintentional threat? |
An act performed without malicious intent that nevertheless represent serious threat to information security. |
Ch: 7 Information Security Sec: .7.2 Unintentional Threats to Information Systemsy |
|
Human Error is NOT a major category of unintentional threats. |
False |
Ch: 7 Information Security Sec: .7.2 Unintentional Threats to Information Systems |
|
Employee in what two areas of an organization pose especially significant threats to information security? Why? |
Human resources area poses a threat because they generally have access to sensitive personal information on all employees Information Systems (IS) area poses a threat because not only do they have access to the same info that human resources has access to but they can also control ( store, edit, and delete) the information. |
Ch: 7 Information Security Sec: .7.2 Unintentional Threats to Information Systems |
|
Human errors/ mistakes by employees are usually the result of laziness, carelessness, or a lack of awareness concerning information security which arises from poor education and training efforts by the organization. |
True |
Ch: 7 Information Security Sec: .7.2 Unintentional Threats to Information Systems |
|
Define Malware. |
Malicious software (i.e viruses & worms) |
Ch: 7 Information Security Sec: .7.2 Unintentional Threats to Information Systems |
|
Define Social Engineering. |
Getting around security systems by tricking computer users inside a company into revealing sensitive information or gaining unauthorized access privileges. |
Ch: 7 Information Security Sec: .7.2 Unintentional Threats to Information Systems |
|
Why might an attacker use social engineering ? |
To induce individuals to make unintentional mistakes and disclose sensitive information. |
Ch: 7 Information Security Sec: .7.2 Unintentional Threats to Information Systems |
|
Name and describe two social engineering techniques. |
1. Tailgating - a technique designed to allow the perpetrator to enter restricted area that are controlled with locks and car entry. (Once employee gains access to a room the perp asks the employee to hold the door. 2. Shoulder surfing - when perpetrator watches an employee's computer screen over the employee's shoulder. |
Ch: 7 Information Security Sec: .7.2 Unintentional Threats to Information Systems |
|
You should regularly delete any spyware that might be residing on your computer because it may be dangerous. |
False |
Ch: 7 Information Security Sec: .7.3 Deliberate Threats to Information Systems |
|
The theft of computing devices is less serious today than in the past because devices are less expensive to replace and can be reordered online. |
False |
Ch: 7 Information Security Sec: .7.3 Deliberate Threats to Information Systems |
|
Phishing attacks occur when the attacker uses deception to acquire sensitive personal information by masquerading as official-looking e-mails or instant messages |
True |
Ch: 7 Information Security Sec: .7.3 Deliberate Threats to Information Systems |
|
Which type of alien software uses your computer to send emails that look like they came from you to all the people in your address book? A) cookies B) spyware C) spamware D) adware |
C) spamware |
Ch: 7 Information Security Sec: .7.3 Deliberate Threats to Information Systems |
|
What are the 10 common types of deliberate threats to information systems? |
1. Espionage or trespass 2. Information extortion 3. Sabotage or vandalism 4. Theft of equipment or information 5. Identity theft 6. Compromises to intellectual property 7. Software attacks 8. Alien software 9. Supervisory control and data acquisition (SCADA) attacks 10. Cyberterrorism and cyberwarfare |
Ch: 7 Information Security Sec: .7.3 Deliberate Threats to Information Systems |
|
Describe Espionage or trespass |
Occurs when an unauthorized individual attempts to gain illegal access to organizational information. Competitive intelligence consists of legal information whereas industrial espionage crosses the legal boundary. |
Ch: 7 Information Security Sec: .7.3 Deliberate Threats to Information Systems |
|
Describe Information extortion |
Occurs when an attacker threatens to steal, or actually steal information from a company. |
Ch: 7 Information Security Sec: .7.3 Deliberate Threats to Information Systems |
|
Describe Sabotage or vandalism |
Acts that involve defacing an organization's Website, potentially damaging the organization's image and causing its customers to lose faith. |
Ch: 7 Information Security Sec: .7.3 Deliberate Threats to Information Systems |
|
Describe Theft of equipment or information |
Stealing machines with info or info itself. Dumpster Diving is a form of theft that involves rummaging through commercial or residential trash to find discard information |
Ch: 7 Information Security Sec: .7.3 Deliberate Threats to Information Systems |
|
Describe Identity theft |
Techniques for illegally obtaining personal information include: * Stealing mail/ dumpster diving * Stealing personal info in computer databases *Infiltrating organizations that store large amounts of personal info. * Impersonating a trusted organization in an electronic communication (phishing) |
Ch: 7 Information Security Sec: .7.3 Deliberate Threats to Information Systems |
|
Define Identity Theft |
Crime in which someone uses the personal information of others to create a false identity and then uses it for some fraud |
Ch: 7 Information Security Sec: .7.3 Deliberate Threats to Information Systems |
|
Define Intellectual Property |
The intangible property created by individuals or corporations, which is protected under trade secret, patent, and copyright laws. |
Ch: 7 Information Security Sec: .7.3 Deliberate Threats to Information Systems |
|
Define Trade Secret |
Intellectual work, such as a business plan, that is a company secret and is not based on public information. |
Ch: 7 Information Security Sec: .7.3 Deliberate Threats to Information Systems |
|
Define Patent |
A document that grants the holder exclusive rights on an invention or process for a specified period of time, currently 20 years. |
Ch: 7 Information Security Sec: .7.3 Deliberate Threats to Information Systems |
|
Define Copyright |
A grant that provides the creator of intellectual property with ownership of it for a specified period of time, currently the life of the creator plus 70 years. |
Ch: 7 Information Security Sec: .7.3 Deliberate Threats to Information Systems |
|
Define Piracy |
Copying a software program (other than freeware, demo software, etc.) without making payment to the owner.
|
Ch: 7 Information Security Sec: .7.3 Deliberate Threats to Information Systems |
|
Name the types of Software attacks and their category. |
(1) Remote Attacks Requiring User Action 1. Virus 2. Worm 3. Phishing attack 4. Spear Phishing (2) Remote Attacks Needing No User Action 5. Denial-of-service attack 6. Distributed-denial-of-service attack (3) Attacks by a Programmer Developing a System 7. Trojan horse 8. Back door 9. Logic Bomb |
Ch: 7 Information Security Sec: .7.3 Deliberate Threats to Information Systems |
|
Define Virus |
Malicious software that can attach itself to (or infect) other computer programs without the owner of the program being aware of the infection. |
Ch: 7 Information SecuritySec: .7.3 Deliberate Threats to Information Systems |
|
Define Worm |
Destructive programs that replicate themselves without requiring another program to provide a safe environment for replication. |
Ch: 7 Information Security Sec: .7.3 Deliberate Threats to Information Systems |
|
Define Phishing Attack |
An attack that uses deception to fraudulently acquire sensitive personal information by masquerading as an official-looking-e-mail. |
Ch: 7 Information Security Sec: .7.3 Deliberate Threats to Information Systems |
|
Define Spear Phishing |
Perps finding out as much information about an individual as possible to improve their chances of a successful phish. |
Ch: 7 Information Security Sec: .7.3 Deliberate Threats to Information Systems |
|
Define Denial-of-service attack |
A cyberattack in which an attacker sends a flood of data packets to the target computer, with the aim of overloading its resources. |
Ch: 7 Information Security Sec: .7.3 Deliberate Threats to Information Systems |
|
Define Distributed denial-of-service- attack |
A denial-of-service attack that sends a flood of data packets from many compromised computers(bots that from a botnet or a network of the compromised computers) simultaneously. |
Ch: 7 Information Security Sec: .7.3 Deliberate Threats to Information Systems |
|
Define Trojan Horse |
A software program containing hidden function that presents a security risk. |
Ch: 7 Information Security Sec: .7.3 Deliberate Threats to Information Systems |
|
Define Back Door(Trap Door) |
Typically a password, known only to the attacker, that allows the attacker to access the system without having to go through any security procedures. |
Ch: 7 Information Security Sec: .7.3 Deliberate Threats to Information Systems |
|
Define Logic Bomb |
Segments of computer code embedded within an organization's existing computer programs. |
Ch: 7 Information Security Sec: .7.3 Deliberate Threats to Information Systems |
|
What was the problem in the case : Stealing Cash from ATMs with Text Message? |
A group of cyber criminals has developed a method to obtain cash from an ATM-by text message thorough a program know as Ploutus which has to be installed on stand alone atms. |
Ch: 7 Information Security Sec: .7.3 Deliberate Threats to Information Systems |
|
Define Alien software (pestware) |
Clandestine software that is installed on your computer through duplicitous methods. |
Ch: 7 Information Security Sec: .7.3 Deliberate Threats to Information Systems |
|
Define adware |
Alien software designed to help pop-up advertisements appear on your screen. |
Ch: 7 Information Security Sec: .7.3 Deliberate Threats to Information Systems |
|
Define Sypware |
Alien software that can record your keystrokes and /or capture your passwords. |
Ch: 7 Information Security Sec: .7.3 Deliberate Threats to Information Systems |
|
What are are keystroke loggers (keyloggers) ? |
1 of 2 types of spyware that record both your individual key strokes and your internet web browsing history. |
Ch: 7 Information Security Sec: .7.3 Deliberate Threats to Information Systems |
|
What are Screen scrapers ? |
2 of 2 types of spyware that records a continuous move of a screen's content (screen grabbers) |
Ch: 7 Information Security Sec: .7.3 Deliberate Threats to Information Systems |
|
What is CAPTCHA ? |
A test to check if the user is a human of software program. |
Ch: 7 Information Security Sec: .7.3 Deliberate Threats to Information Systems |
|
Define Spamware |
Alien software that uses your computer as a launch platform for spammers. |
Ch: 7 Information Security Sec: .7.3 Deliberate Threats to Information Systems |
|
Define Spam |
Unsolicited e-mail |
Ch: 7 Information Security Sec: .7.3 Deliberate Threats to Information Systems |
|
Define cookies |
Small amounts of info that web sites store on your computer. temporarily or more or less permanently |
Ch: 7 Information Security Sec: .7.3 Deliberate Threats to Information Systems |
|
What are tracking cookies? |
Cookies that can track your path through a web site, the time you spend there, what links you click on, an other details that the company wants to record, usually for marketing purposes. |
Ch: 7 Information Security Sec: .7.3 Deliberate Threats to Information Systems |
|
Describe SCADA |
Refers to a large-scale distributed measurement and control system used to monitor/ control chemical, physical, and transport processes. These systems consist of many sensors , a master computer, and a communications infrastructure |
Ch: 7 Information Security Sec: .7.3 Deliberate Threats to Information Systems |
|
Define Cyberterrorism |
Premeditated, politically motivated attack against information, computer systems, computer programs, and data that result in violence against noncombatant targets by subnational groups or clandestine agents. |
Ch: 7 Information Security Sec: .7.3 Deliberate Threats to Information Systems |
|
Define Cyberwarfare |
War in which a country's information systems could be paralyzed from a massive attack by destructive software. |
Ch: 7 Information Security Sec: .7.3 Deliberate Threats to Information Systems |
|
What was the problem in the case : The Mask? |
Careto is a spyware that portray itself as a newsletter and searches your systems for vulnerabilities once clicked. |
Ch: 7 Information SecuritySec: .7.3 Deliberate Threats to Information Systems |
|
Examining the costs versus taking concrete action is the difference between controls evaluation and risk ______ |
mitigation |
CH 7 |
|
A homeowner who trims a neighbor’s falling tree branch from his property to prevent damage is practicing risk______ |
limitation |
Ch 7 |
|
What is an example of risk transference in playing the state lottery? A) joining a lottery pool B) buying more tickets C) studying winning numbers D) playing on multiple days |
A) joining a lottery pool |
CH 7 |
|
A proactive approach to computer asset protection is to use_____ |
early-warning software |
CH 7 |
|
IT security is the business of everyone in an organization. |
True |
Ch: 7 Information Security Sec: .7.4 What Organizations Are Doing To Protect Information Resources |
|
What are some difficulties in protecting information resources ? |
|
Ch: 7 Information Security Sec: .7.4 What Organizations Are Doing To Protect Information Resources |
|
Define Risk |
The likelihood that a threat will occur |
Ch: 7 Information Security Sec: .7.4 What Organizations Are Doing To Protect Information Resources |
|
Define Risk Management |
A process that identifies, controls, and minimize the impact of threats, in an effort to reduce risk to manageable levels |
Ch: 7 Information Security Sec: .7.4 What Organizations Are Doing To Protect Information Resources |
|
Why do organizations perform risk analyses ? |
To ensure that their IS security programs are cost effective. |
Ch: 7 Information Security Sec: .7.4 What Organizations Are Doing To Protect Information Resources |
|
Define Risk Analysis |
The process by which an organization (1) assess the value of each asset being protected, (2) estimates the probability that each asset might be comprised, and (3) compares the probable cost of each being compromised with costs of protecting it. |
Ch: 7 Information Security Sec: .7.4 What Organizations Are Doing To Protect Information Resources |
|
Define Risk Mitigation |
A process whereby the organization takes concrete actions against risks, such as (1) implementing controls and (2) developing a disaster recovery plan. |
Ch: 7 Information Security Sec: .7.4 What Organizations Are Doing To Protect Information Resources |
|
Name the 3 most common risk mitigation strategies. |
1. Risk acceptance 2. Risk limitation 3. Risk transfernce |
Ch: 7 Information SecuritySec: .7.4 What Organizations Are Doing To Protect Information Resources |
|
Define Risk Acceptance |
A strategy in which the organization accepts the potential risk, continues to operate with no controls, and absorbs any damages that occur. |
Ch: 7 Information Security Sec: .7.4 What Organizations Are Doing To Protect Information Resources |
|
Define Risk Limitation |
A strategy in which organization limits its risk by implementing controls that minimize the impact of a threat. |
Ch: 7 Information Security Sec: .7.4 What Organizations Are Doing To Protect Information Resources |
|
Define Risk Transference |
A process in which the organization transfers the risk by using other means to compensate for a loss, such as by purchasing insurance |
Ch: 7 Information Security Sec: .7.4 What Organizations Are Doing To Protect Information Resources |
|
Define Controls |
Defense mechanisms (countermeasures) |
Ch: 7 Information Security Sec: .7.5 Information Security Controls |
|
To protect their information assets, organizations implement _______________. |
controls |
Ch: 7 Information Security Sec: .7.5 Information Security Controls |
|
Controls are intended to prevent accidental hazards, deter intentional acts, detect problems as early as possible, enhance damage recovery, and correct problems. |
True |
Ch: 7 Information Security Sec: .7.5 Information Security Controls |
|
The single most valuable control is user education and training. |
True |
Ch: 7 Information Security Sec: .7.5 Information Security Controls |
|
Define Physical Controls |
Controls that restrict unauthorized individuals from gaining access to a accompany's computer facilities |
Ch: 7 Information Security Sec: .7.5 Information Security Controls |
|
Define Access Controls |
Controls that restrict unauthorized individuals from using information resources and are concerned with user identification. |
Ch: 7 Information Security Sec: .7.5 Information Security Controls |
|
What are the 2 major functions of access controls ? |
1. Authentication 2. Authorization |
Ch: 7 Information Security Sec: .7.5 Information Security Controls |
|
Define Authentication |
A process that determines the identity of the person requiring access. |
Ch: 7 Information Security Sec: .7.5 Information Security Controls |
|
Define Authorization |
A process that determines which actions, right, or privileges the person has, based on verified identity. |
Ch: 7 Information Security Sec: .7.5 Information Security Controls |
|
To authenticate authorized personnel, an organization can use one or more of what methods ? |
1. Something the user is : authentication method that examines a person's innate physical characteristics. 2. Something the user has: authentication mechanism that includes regular identification cards ( pic & signature), smart IDs ( embedded ship with pertinent info), and tokens ( embedded chips and digital display that presents a login number that employees use to access the organization's network) 3. Something the user does : an authentication mechanism that includes voice and signature recognition. 4. Something the user knows : authentication mechanism that includes passwords and passphrases. |
Ch: 7 Information Security Sec: .7.5 Information Security Controls |
|
Define biometrics |
The science and technology of authentication by measuring the subject's physiological or behavioral characteristics. |
Ch: 7 Information Security Sec: .7.5 Information Security Controls |
|
What are the basic guidelines for building strong passwords. |
- difficult to guess - long - mix of upper casing, lower casing. numbers, and special characters - use unrecognizable words - don't use the name of familiar things or people. - don't use a recognizable string of numbers |
Ch: 7 Information Security Sec: .7.5 Information Security Controls |
|
What is a passphrase ? |
A series of characters that is longer than a password but easy to remember. |
Ch: 7 Information Security Sec: .7.5 Information Security Controls |
|
What is multifactor authentication? |
The process of implementing more than one type of authentication. |
Ch: 7 Information Security Sec: .7.5 Information Security Controls |
|
Define Privilege |
A collection of related computer system operations that can performed by users of the system. |
Ch: 7 Information Security Sec: .7.5 Information Security Controls |
|
A principle that users be granted the privilege for some activity only if there is a justifiable need to grant this authorization is known as _____ |
Least privilege. |
Ch: 7 Information Security Sec: .7.5 Information Security Controls |
|
Define Communication Controls |
(network controls) Controls that deal with the movement of data across networks. |
Ch: 7 Information Security Sec: .7.5 Information Security Controls |
|
Define Firewall |
A system that prevents a specific type of information from moving between untrusted networks , such as the internet, and private networks, such as your company's network. |
Ch: 7 Information Security Sec: .7.5 Information Security Controls |
|
Define Demilitarized Zone (DMZ) |
A separate organizational local area network that is located between an organization's internal network and an external network. usually the internet. |
Ch: 7 Information Security Sec: .7.5 Information Security Controls |
|
The SQL database used by LinkedIn is a main reason for the company’s success. |
False |
Ch: 14 Acquiring Information Systems and Applications Sec: .Intro Acquiring Information Systems and Applications Overview |
|
In most companies today, acquisition is limited to building new systems in-house. |
False |
Ch: 14 Acquiring Information Systems and Applications Sec: .Intro Acquiring Information Systems and Applications Overview |
|
Application portfolio |
The set of recommended application resulting from the planning and justification process in application development. |
Ch: 14 Acquiring Information Systems and Applications Sec: .14.1 Planning for and Justifying IT Applications |
|
The planning processs for new IT applications begins with an analysis of the organizational Strategic Plan |
True |
Ch: 14 Acquiring Information Systems and Applications Sec: .14.1 Planning for and Justifying IT Applications |
|
IT strategic plan |
A set of long-range goals that describe the IT infrastructure and major it initiatives needed to achieve the goals of the organization |
Ch: 14 Acquiring Information Systems and Applications Sec: 14.1 Planning for and Justifying IT Applications |
|
What 3 objectives must the IT Strategic Plan meet ? |
1. It must be aligned with the organization's strategic plan. 2. It must provide for an IT architecture that seamlessly networks users, application, and databases. 3. It must efficiently allocate IS development resources among competing projects so that the projects can be complete on time and within budget and still have the required functionality. |
Ch: 14 Acquiring Information Systems and Applications Sec: 14.1 Planning for and Justifying IT Applications |
|
One critical component in developing and implementing the IT strategic plan is the IT steering commitee |
True |
Ch: 14 Acquiring Information Systems and Applications Sec: .14.1 Planning for and Justifying IT Applications |
|
IT steering committee |
A committee , comprised of a group of managers and staff representing various organizational units, set up to establish it priorities and to ensure that the MIS function is meeting the needs of the enterprise. |
Ch: 14 Acquiring Information Systems and Applications Sec: .14.1 Planning for and Justifying IT Applications |
|
IS operational plan |
Consists of a clear set of projects that the IS department and the functional area managers will execute in support of the it strategic plan. |
Ch: 14 Acquiring Information Systems and Applications Sec: .14.1 Planning for and Justifying IT Applications |
|
A typical IS operational plan contains what elements? |
- Mission - IS environment - Objectives of the IS function - Constraints on the IS function - The Application portfolio - Resource allocation and project mamangment |
Ch: 14 Acquiring Information Systems and Applications Sec: .14.1 Planning for and Justifying IT Applications |
|
A typical IS operational plan contains which of the following elements? A) IS function's estimate of its goals B) All of the choices are correct C) Summary of the information needs of the functional areas and of the entire organization D)Mission of the IS function E)Application portfolio |
B) All of the choices are correct |
Ch: 14 Acquiring Information Systems and Applications Sec: .14.1 Planning for and Justifying IT Applications |
|
The application portfolio in an organization is a set of recommended applications resulting from the planning and justification process in application development. |
True |
Ch: 14 Acquiring Information Systems and Applications Sec: .14.1 Planning for and Justifying IT Applications |
|
The information systems planning process proceeds in which order? A)organization strategic plan – organization mission – IS strategic plan – new IT architecture B) organization mission – IS strategic plan – organization strategic plan – IS operational plan C) organization mission – organization strategic plan – IS strategic plan – new IT architecture D)IS development projects – IS operational plan – new IT architecture – organization mission E) IT architecture – IS strategic plan – organization strategic plan – organization mission |
A)organization strategic plan – organization mission – IS strategic plan – new IT architecture |
Ch: 14 Acquiring Information Systems and Applications Sec: .14.1 Planning for and Justifying IT Applications |
|
The cost-benefit analysis that measures management’s effectiveness in generating profits with its available assets is known as __________________. A) business case approach B) return on investment C) net present value D) breakeven analysis |
B) return on investment |
Ch: 14 Acquiring Information Systems and Applications Sec: .14.1 Planning for and Justifying IT Applications |
|
4 Common approaches to conducting a cost-benefit analysis |
1. Net Present Value - convert future values of benefits to their present-value equivalent by discounting them at the organization's cost of funds. 2. Return on Investment (ROI) - measures management's effectiveness in generating profits with its available assets. 3. Breakeven analysis - determines the point at which the cumulative dollar value of the benefits from a project equals the investment made in a project. 4. Business case approach - system developers write a business case to justify funding one or more specific applications or projects |
Ch: 14 Acquiring Information Systems and Applications Sec: .14.1 Planning for and Justifying IT Applications |
|
Purchasing packaged software programs is appropriate when the organization is looking for an easy to use and highly customized product. |
False |
Ch: 14 Acquiring Information Systems and Applications Sec: .14.2 Strategies For Acquiring IT Aplications |
|
Leasing of software is a good choice for small companies that cannot afford to make huge IT investments and do not have the resources to manage and maintain the IT they need. |
True |
Ch: 14 Acquiring Information Systems and Applications Sec: .14.2 Strategies For Acquiring IT Applications |
|
IT applications can be developed in which of the following ways? A) Build the system in-house. B) Buy an application and install it. C) Lease software from an application service provider. D) Outsource the development. E) All of the choices are correct. |
E) All of the choices are correct. |
Ch: 14 Acquiring Information Systems and Applications Sec: .14.2 Strategies For Acquiring IT Applications |
|
Outsourcing is the use of outside contractors or external organizations to acquire IT services. |
True |
Ch: 14 Acquiring Information Systems and Applications Sec: .14.2 Strategies For Acquiring IT Applications |
|
A System analyst is an IS professional who either creates a new software program or is an expert on a certain type of technology. |
False |
Ch: 14 Acquiring Information Systems and Applications Sec: .14.3 The Traditional Systems Development Life Cycle |
|
Advantages of Rapid Application Development include which of the following? A) All of the choices are correct B) Active involvement of users in the development process C) Reduction in training costs D) Faster development process E) System better meets user needs |
A) All of the choices are correct |
Ch: 14 Acquiring Information Systems and ApplicationsSec: .14.3 The Traditional Systems Development Life Cycle |
|
In the _________ stage of the systems development life cycle, the design specifications are translated into computer code. A)feasibility study B) systems design C) systems analysis D) prototyping E) programming |
E) programming |
Ch: 14 Acquiring Information Systems and Applications Sec: .14.3 The Traditional Systems Development Life Cycle |
|
If a firm implements a new information system in one of its plants, assesses the new system’s performance, and then implements the new system in its other plants, this is called a ____________. A) phased conversion B) parallel conversion C) direct conversion D) pilot conversion |
D) pilot conversion |
Ch: 14 Acquiring Information Systems and Applications Sec: .14.3 The Traditional Systems Development Life Cycle |
|
System Analysts |
IS professionals who specialize in analyzing and designing information systems. |
Ch: 14 Acquiring Information Systems and Applications Sec: .14.3 The Traditional Systems Development Life Cycle |
|
Programmers |
IS professionals who modify existing computer programs or write new computer programs to satisfy user requirements. |
Ch: 14 Acquiring Information Systems and Applications Sec: .14.3 The Traditional Systems Development Life Cycle |
|
Technical Specialist |
Experts on a certain type of technology, such as databases or telecommunications. |
Ch: 14 Acquiring Information Systems and Applications Sec: .14.3 The Traditional Systems Development Life Cycle |
|
System Stakeholders |
All ppl who are affected by changes in a company's information systems |
Ch: 14 Acquiring Information Systems and Applications Sec: .14.3 The Traditional Systems Development Life Cycle |
|
Implementation |
The process of converting from an old computer system to a new one. |
Ch: 14 Acquiring Information Systems and Applications Sec: .14.3 The Traditional Systems Development Life Cycle |
|
Direct Conversion |
Implementation process in which the old system is cut off and the new system is turned on at a certain point in time. |
Ch: 14 Acquiring Information Systems and Applications Sec: .14.3 The Traditional Systems Development Life Cycle |
|
Pilot Conversion |
Implementation process that introduces the new system in one part of the organization on trial basis; when the new system is working properly, it is introduced in other parts of the organization |
Ch: 14 Acquiring Information Systems and Applications Sec: .14.3 The Traditional Systems Development Life Cycle |
|
Phased Conversion |
Implementation process that introduces components of the new system in stages, until the entire system is operational. |
Ch: 14 Acquiring Information Systems and Applications Sec: .14.3 The Traditional Systems Development Life Cycle |
|
Parallel Conversion |
the old and new systems operate simultaneously. |
Ch: 14 Acquiring Information Systems and Applications Sec: .14.3 The Traditional Systems Development Life Cycle |
|
The _________ method allows the combination of JAD, prototyping and ICASE tools to produce high quality systems. A) joint application development B) rapid application development C) traditional systems development life cycle D) None of the choices are correct. |
B) rapid application development |
Ch: 14 Acquiring Information Systems and Applications Sec: .14.4 Alternative Methods And Tools For Systems Development |
|
Which of the following is NOT true about agile development? A) It requires only infrequent user contact. B): It focuses on end goals rather than immediate needs. C): It focuses on rapid development. D) It acknowledges that all problems cannot be fully understood from the start. |
A) It requires only infrequent user contact. |
Ch: 14 Acquiring Information Systems and Applications Sec: .14.4 Alternative Methods And Tools For Systems Development |
|
Computer-aided software engineering tools provide which of the following advantages? A) Can speed up the development process. B) Can produce systems that are more adaptable to changing business conditions. C) Can produce systems that more closely meet user requirements. D) Can produce systems with longer effective operational lives. E) All of the choices are correct. |
E) All of the choices are correct. |
Ch: 14 Acquiring Information Systems and Applications Sec: .14.4 Alternative Methods And Tools For Systems Development |
|
Joint Application Design (JAD) |
Group Based Tool for collecting user requirements and creating stem design |
Ch: 14 Acquiring Information Systems and Applications Sec: .14.4 Alternative Methods And Tools For Systems Development |
|
Rapid Application Development |
Development method that uses special tools and in iterative approach to rapidly produce a high-quality system. |
Ch: 14 Acquiring Information Systems and Applications Sec: .14.4 Alternative Methods And Tools For Systems Development |
|
End-User Development |
Approach in which an organization's end users develop their own applications with little or no formal assistance from the IT department. |
Ch: 14 Acquiring Information Systems and Applications Sec: .14.4 Alternative Methods And Tools For Systems Development |
|
Agile Development |
A software development methodology that delivers functionality in rapid iterations, measured in weeks, requiring frequent communications, development, testing, and delivery. |
Ch: 14 Acquiring Information Systems and Applications. Sec: .14.4 Alternative Methods And Tools For Systems Development |
|
__________ is the most difficult and crucial task in evaluating a vendor and a software package. A) Negotiating a contract B) Determining the evaluation criteria C) Evaluating vendors and packages D) Identifying potential vendors E) Choosing the vendor and package |
B) Determining the evaluation criteria |
Ch: 14 Acquiring Information Systems and Applications.Sec: .14.5 Vendor and Software Selection |
|
A(n) _________ is sent to potential vendors inviting them to describe their product and how it would meet the firm’s needs. A) request for proposal B) technical specification C)request for requirements D) request for bid E) prototype |
A) request for proposal |
Ch: 14 Acquiring Information Systems and Applications. Sec: .14.5 Vendor and Software Selection |
|
The buy option is particularly attractive if the software vendor allows the company to modify the package to meet its needs. |
True |
Ch: 14 Acquiring Information Systems and Applications. Sec: .14.5 Vendor and Software Selection |
|
Name and describe the 6 steps to selecting a software vendor |
1. Identify Potential Vendors 2. Determine the Evaluation Criteria 3. Evaluate Vendors and Packages 4. Choose Vendor & Package 5. Negotiate Contract 6. Establish a Service-Level Agreement |
Ch: 14 Acquiring Information Systems and Applications. Sec: .14.5 Vendor and Software Selection |
|
Service-Level Agreement |
(SLAs) Formal agreement regarding the division of work between a company and its vendors. |
Ch: 14 Acquiring Information Systems and Applications. Sec: .14.5 Vendor and Software Selection |
|
Request for Proposal |
Document that is sent to potential vendors inviting them to submit a proposal describing their software package and how it would meet the company's needs. |
Ch: 14 Acquiring Information Systems and Applications. Sec: .14.5 Vendor and Software Selection |
|
Compared with other approaches, component-based development generally involves A: less programming. B: more programming. C: more real-world modeling. D: less assembly. |
A: less programming. |
Ch 14 |