BEC Gleim IT Sections Flashcards

Personal computer
Terms Definitions
Physical devices making up a computer system.
CPU Central Processing Unit
The brain of any computer.  In a desktop computer it is often referred to as a microprocessor. Larger computers such as servers and mainframes can have more than one CPU
The most important functions of a CPU
1. Move data from storage to main memory
2. Execure the instruction for manipulating data
3. move the results from main memory back to storage.
Clock Rate
The speed of a CPU measured by the number of instructions it can carry out per second
RAM Random Access Memory
Also referred to as main memory or primary storage.
It is a holding area for data before and after processing by the CPU.
Ram units are volatile, they are emptied when the computer is shut off.
Is measured in size rather than speed.
ROM Read only memory
Permanent storage used to hold the basic low-level programs and data particular to a computer's harware.
Vital to the operation of the hardware and cannot be altered by the owner and aren't affected when the computer is shut off.
Secondary Storage Devices
Hard Drives- most common
Optical Drives- record and read data by laser beam. Dvd, cds. They rotate
Flash Drives- thumb drives. no moving parts
Floppy disks and magnetic tape- slow access times and hold less
Input Devices
Keyboard, mouse, scanner, touch screen, (MICR)magnetic ink reader, (OCR) Optical character reader, MIcrophone, light pen, sensor
Output devices
 Monitor, printer, plotter, voice emulator.
Refers to the programs that are executed by the hardware. 
Two perspectives, 1. systems v. applications and 2. the programming language in which the software is written
Two major types of software
Systems software- performs fundamental tasks to manage computer resources. 1. the operating system (traffic cop of any computer system). 2. Utility programs which perform basic functions not particular to a specific application such as copying, deleting, merging and sorting.
Application Software- consists of programs that tell the computer what steps the user wants carried out. can be purchased from vendors or developed internally.
Examples include, word processors, spreadsheets, graphics and small databases, payroll, hr, accounts payable, general ledger, etc
First generation programming language
Also called machine language. Are written in a binary code (combo of ones and zeros) unique to each type of computer.  These are directly understood by the computer with no translation needed.
Second generation programming language
Also called assembly languages. Use mnemonic symbols to represent groups of binary ones and zeros. They must be converted to machine languages for the computer to understand them.
Third generation programming language
Also called procedural language. consist of English-like words and phrases that represent multiple machine language instructions, making these languages easier to learn. Converted in two ways: Compiled or interpreted.
COBOL- Common business oriented language
third generation programming language. Designed in 1959 to be easy to read and maintain. Still in production
BASIC- Beginner's all-purpose symbolic instruction code
Third generation programming language developed to teach programming but not used in large business application processing. Visual BASIC provides a graphical user interface to develop Microsoft Windows applications from code written in BASIC
C and C++
Third generation programming languages that have been very popular since introduction. Enable the technique called object-oriented programming.
Third generation programming language. Is a high level, object oriented language developed by Sun Microsystems that is used to write programs embedded in a WWW document. Allows user to download from network only the data necessary to perform the task.
Fourth Generation Language
Also called problem oriented or nonprocedural language. provides further simplification of programming. Permit a nonspecialized user to describe the problem to and receive guidance from the computer instead of specifying a procedure.
Types of 4th generation languages
SQL- Structured Query Language: best know. Enables user to read, update, reorganize and report on data contained in a relational database
GAS- Generalized audit software: also know as CAAT computer assisted audit techniques. allows processing functions such as extracting sample items, verifying totals, developing file statistics, and retrieving specified data fields.
HTML- hypertext markup language: authoring software language commonly used to creat and link websites. Key features are hotlinking and graphics display.
XML- Extensible markup language: open standard usable with many programs and applications.
XBRL- Extensible business reporting language: specification developed by the AICPA to report in accordance with GAAP. Variation of XML that is expected to decrease costs of generating financial reports and sharing business info.
Dumb Terminals
Simple keyboard and monitor combinations with no processing power used for communication with mainframe computers
Converting a computer's digital signal into an analog signal.
Converting an analog signal back to a digital signal.
Device that converts digital and analog signals.  Modems allowed orgs to move info between locations in purely electronic format, eliminating the need to passing physical documents. huge cost savings.
Terminal Emulation
Remote connections through desk top computers rather than dumb terminals.
Distributed processing
Involves decentralization of processing tasks and data storage and assigning these functions to multiple computers often in separate locations.
LAN: Local area network
An interconnection between devices in a single office or building.
Peer to peer
Used in small networks with few devices, where every device is connected directly to every other.
Client Server Networks
Type of LAN, differ from peer to peer in that the devices play more specialized roles. Client processes (individual users) request services from server processes (maintained centrally)
Any object that uses the resources of another object. Can be a device or a software program. Commonly it is a device that requests services from a server.
Three-tiered architecture of client
The client/server model runs processes on the platform most appropriate to that process while attempting to minimize traffic over the network.
Client/Server Model Security
May be more difficult than in a highly centralized system because of the numerous access points.
COnnects devices within a single office or home or among buildings in an office park.  LAN is owned entirely by a single organization.  
MAN- Metropolitan area network.
Connects devices across an urban area for instance, two or more office parks.
Has had limited success as a wire-based network.
WAN- Wide area network
Consists of a conglomerate of LANs over widely separated locations. Can be publicly or privately owned.
Publicly owned WANs
Such as public telephone system and internet are available to any user with a compatible device.
Public switched networks
Use public telephone lines to carry data. Is economical but the quality of data transmission cannot be guaranteed and security is questionable.
Privately owned WANs
Profit making enterprises. Offer fast, secure data communication service to orgs that do not wish to make their own large investments in the necessary infrastructure.
VANs- Value added networks
Private networks that provide their customers with reliable high speed secure transmission of data.  They have added value of error detection and correction services, email facilities for EDI, EDI translation and security for email and data transmissions. Type of privately owned WAN.
VPN- Virtual Private networks
Type of privately owned WAN. a relatively inexpensive way to solve the problem of high cost leased lines.
PBX- Private branch exchange
A specialized computer used to handle both voice and data traffic. CAn switch digital data among computer and office equip. Uses telephone lines so capacity is limited.
the signal carrying capacity of a transmission medium. It is a rough indication of the highest speed that data can attain while traveling through it.
Baseband and Broadband
Baseband- a medium that can carry only one signal
Broadband- a medium that can carry multiple signals.
Twisted pair
Wiring graded into categories each of which denotes a different bandwidth. It is fundamentally a baseband medium.  Named from the continuous weaving of the strands of wire around each other within the cable. A magnetic field is produced around the wire where current is passed. Comes in shielded (STP) and unshielded (UTP) varieties.
Electromagnetic interference
A magnetic field that disrupts the transmission of electrical signals.
Category 1 twisted pair
Unshielded. Usually referred to as regular telephone wire
Category 3 twisted wire
Comes in both shielded and unshielded. Can support a higher bandwidth than cat1.
Category 5 twisted pair
comes in both shielded and unshielded and can support a higher bandwidth than cat3.
Coaxial cable
commonly used medium for LANs. Also used for transmission of cable tv.  Usually necessary when broadband transmission is desired.  Is named coaxial because one signal conductor surrounds the other, giving them a common axis.
Wired LANs' two basic types of networking devices 
Hubs- very simple and serve only to broadcast messages to every other device on the network.
Bridges- improve traffic flow by dividing LANs into segments. More intelligent than hubs. They read the destination address and isolate the message to the segment where the destination device is located, elimating traffic.
Remote bridges or gateways
Connect separate LANs.
Fiber optic cable
extremely fine threads of glass or plastic.  electrical signal is converted to pulses of light which are sent through the optical medium at higher speeds than can travel through copper wire.  Light pulses continuously bounce down the fiber aiding in separating the various signals when they arrive at the other end.
2 major advantages of fiber optics over wire
1. Light pulses used in fiber optics are not subject to electromagnetic interference.
 2. Interception by unauthorized parties is impossible because the light pulses cannot be tapped as electrical signals can.  Also, cut fiber becomes a mirror immediately alerting administrators that there is a problem.
Microwave transmission
involves propagating electrical signals through air and space instead of through metal wire or optical fiber.
Satellite relay
transmitting the microwave signal to a satellite in orbit which retransmits the signal to the destination back on Earth.
LOS loss of sight microwaves
an older technology still in use in some places. COnsists of beaming the signals from one tower to another from horizon to horizon.
Most successful protocol for LAN transmission. It breaks up the flow of data between devices into discrete groups of data bits called frames.
Polite conversation: Each device listens to the network to determine if another conversation is taking place. Once the network is determined to be free of traffic the device sends the message.
Token Ring
PRotocol that originally had a much higher speed than Ethernet.
Each device is connected to the next in a ring config. a special frame called the token is passed continuously around. When a device sends a message it attaches a message to the token and the token drops it off at the destination when it arrives there. I
It is expensive and difficult to expand.
A set of standards for message transmission among the devices in a network.
Circuit Switching
A single physical pathway is established in the public telephone system and reserved for the full and exclusive use of the two parties for the duration of their communication.  ie. an ordinary telephone call or a dial up internet connection.
MOre intelligent than hubs, bridges or switches.  They have tables stored in memory that tell them the most efficient path along which each packet should be sent.
Routing is what makes the internet possible.
TCP/IP- Transmission control protocol/internet protocol
A suite of routing protocols that make it possible to interconnect many thousands of devices from dozens of manufacturers all over the world through the internet.
IP addressing
The heart of internet routing. Allows any device anywhere in the world to be recognized on the internet through the use of standard format IP address.
Each of the four decimal separated elements of an IP address is a numeral between 0 and 255.
Dynamic host configuration protocol DHCP
allows tremendous flexibility on the internet by enabling the constant use reuse of IP addresses.
PAN Personal area network
Such as a bluetooth. Allows much smaller radius than a wireless network. about 30 feet.
Fat client in a client server network
Has its own local long term storage and considerable processing power.
Thin client in a client server network
Has just enough memory and processing power to download and run portions of an application it needs locally.
 a network of networks all over the world.
Uniform resource location URL
A unique address for a page on the web, recognizable by any web enable device.
An intranet
provides sharing of information throughout an org by applying internet connectivity standards and web software to the org's internal network.
An extranet
Consists of the linked intranets of two or more orgs, for example, of a supplier and its customers . It typically uses the public internet as its transmission medium but requires a password for access.
Operating System
Negotiates conversation between the computer's hardware, the application the user is running and the datat that the application is working with.
A second program could begin running while the first program was waiting for a command from the operator, or for input from a slower device such as a card reader.
An important feature of the current generation of operating systems.  The operating system rapidly switches the computer's attention back and forth between programs, sometimes in a fraction of a second, giving the appearance to users of jobs running simultaneously.
The computer has multiple cpu's, permitting a single application to be broken up and have its parts run in parallet on the various processors, greatly speeding up completion times.
The dominant operating system for IBM compatible mainframes.
Operating system developed by Bell labs. Portable (used on many brands of computers), multi user, and multitasking. Has been expanded and refined and is considered to be very robust.
Variants are Linux ( free) and Solaris ( used on high end Sun servers and workstations.)
Windows Server
The networking version of Microsoft's Windows operating system for the desktop.
NOvell Open Enterprise Software
the successor to that company's once dominant NetWare network operating system.
Graphical user interface ( GUI)
Is a "point and click". The ability to use a mouse or touchpad to issue commands to the computer by manipulating pictorial icons, called a window.
A characteristic of GUI. the ablility for a computer to display more than one program on the screen at a time. Each program has its own section of the screen called a window.
Operating System software
Can provide multiprogramming capability.  Can also provide multiprocessing and virtual storage capabilities.
Information Security
encompasses not only computer hardware and software, but all of an org's information, no matter what medium it resides on.
Three principal goals for information security programs.
Data confidentiality
Data availability
Data Integrity
Data confidentiality
Protecting data from disclosure to unauthorized personnel.
Data availability
Assuring that the org's info systems are up and running so that employees and customer are able to access the data they need.
Data integrity
Assuring that data accurately reflect the business events underlying them and are not subject to tampering or destruction.
Threats to an org's information
Improper disposal of customer records- threat to confidentiality
VIruses and denial of service attacks- threat to availability
Employee errors and disgruntles employee sabotage- threats to integrity.
Two phases of risk analysis
Determining the likelihood of the identified threats
and determining the level of damage that could be done if the threats materialize.
Three major types of controls
Physical, logical and policy
Enterprise wide information security plan
A plan that lists the controls that will be put in place and how they will be enforced.
Set forth expectations of all persons, both employees and external users, with access to the org's systems.
Most important policy
That which governs the information resources to which individuals have access and how the level of access will be tied to their job duties.
Classic division of controls
Between general controls and application controls.
General controls
Relate to the org's information systems environment as a whole and include:
IT Administration
Segregation of duties
Controls over systems development
Hardware controls
Physical controls
Logical controls
IT administration
Should be a separate function with its own set of management and technical skills.
Hardware controls
Are built into the equipment by the manufacturer. Assure proper internal handling of data as they are moved and stored. 
They include parity checks, echo checks, read-after-write checks, and any other procedure built into the equipment to assure data integrity.
Physical controls
Limit physical access and environmental damage to computer equipment and important documents. They include:
Access controls and
Environmental controls.
Access controls
No persons except operators should be allowed unmonitored access to the computer's center. This can be accomplished through a guard desk, a keypad or a magnetic card reader.
Environmental Controls
The computer center should be equipped with a cooling and heating system to maintain a year round constant level of temp and humidity, and fire suppression system
Logical Controls
established to limit access in accordance with the principle that all persons should have access only to those elements of the org's information systems that are necessary to perform their job duties.  
They have a double focus: Authentication and Authorization
the act of assuring that the person attempting to access the system is in fact who they say they are.  This is mainly achieved through passwords adn IDs.
Password changes
Should be made every 90 days.
The practice of assuring that once in the system, the user can only access those programs and data elements necessary to his/her job duties.
a combination of hardware and software that separates an internal network from an external network and prevents passage of specific types of traffic.
Application Controls
Relate to specific tasks performed by each system. They should provide reasonable assurance that the recording, processing and reporting of data are properly performed.  They relate to individual computerized accounting applications.  Example: programmed edit controls for verifying customers' account numbers and credit limits.
Input controls
provide reasonable assurance that data have not been lost, suppressed, added, duplicated, or otherwise improperly changed. 
They provide reasonable assurance that data received for processing have been properly authorized, converted into machine sensible form and identified.
Processing controls
Provide reasonable assurance that processing has been performed as intended for the particular application.
-all transactions should be processed as authorized, no authorized transactions omitted, and no unauthorized transactions should be added.
Output Controls
provide assurance that the processing result is accurate adn that only authorized personnel recieve the output.
Data DIctionary
States not only the meaning of a data element, but also its ownership, size, format and usage.
Two Main Types of Data Files
A master file and a transaction file
Master file
Contains two subtypes:
1. Contains records that do not change very often, Example: a vendor file with vendor's name, address,
2. One that is regularly updated to reflect ongoing activity. Example; a general ledger file, which at any given moment holds the balances of all accounts in the ledger.
Is the relative frequency with which the records in a file are added, deleted, or changed during a period.
Transaction file
Contains the data that reflect ongoing business activity, such as individual purchases from vendors or general journal entries.
Binary format
A pattern of ones and zeros.
is either a 1 or 0  in binary code.  Can be strung together to form a binary number.
A group of bits. Each byte is used to signify a character ( a number, letter, symbol)
Coding systems for mapping values of binary numbers to characters
EBCDIC- Extended Binary Coded Decimal Interchange Code
ASCII- American Standard Code for Information interchange
EBCDIC- Extended binary coded decimal interchange code
Developed by IBM for its mainframe computers. Uses 8 bits to a byte
ASCII- AMerican standard code for information interchange
developed by the american national standards institute. Employed by most personal computers and servers and uses 7 bits to a byte.
sponsored  by the internation organization for standards, can use multiple bytes to represent each character, thereby enabling the deployment of special characters and all the world's alphabets.
1 kilobyte
1 KB= 1,24 bytes
1 megabyte
1 mb= 1,048,576 bytes or 1,024 KB
1 gigabyte
1 GB= 1,073,741,824 bytes, or 1024 MB
1 terabyte
1 TB= 1,099,511,627,776 or 1024 GB
A group of bytes. Contains a unit of data about some entity.  Example: a name of a composer.
A group of fields. All fields contain information pertaining to an entity
Designation field which contains enough information to uniquely identify each record. ie, there can be no two records with the same key.
Keys allow records to be sorted and managed with greater efficiency.
A group of records. All the records within it contain the same pieces of information about different occurences.
Flat file
Every record in a file has an identical layout, thus records can be conceived of as forming a two-dimentional pattern of rows and columns. A telephone directory would be a flat file.
Linked List
The earliest means of associating the records of a flat file with each other. Each record had a pointer tacked on teh end that pointed to the next record
Variable Length Records
Represented space saving. Space is not taken up when empty fields are not filled.
Sequential access
To find a record, every intervening record had to be examined and bypassed. LIke a cassette tape, when you had listen to a song and skip it to find the desired song.
INdexed sequential access method ISAM
Developed by IBM. each file contains an extra table holding the storage location of every record.  When a record is desired, the system consults the index table to find the record. then the record can be retrieved directly.
Direct or random access
Disk drives which can quickly seek out a given storage address.
Hierarchical (Tree) Database model
Records form branches and leaves extending from a root. A customer's address will only be stored once. Every parent record can have multiple child records. But each parent can have only one child.  Each customer can have many orders, but each order can only have one customer/
Network Database Model
Allowed child records to have multiple parents.  An attempt to make queries more efficient, but the large number of cross references made maintenance too complex
Relational Database Model
the elements of data relate to oneanother in a highly flexible way.  Tables are not referred to as relations. Table's columns are now called attributes, and rows are called tuples.
Each element is stores as few times as necessary.
Two features that make a relational data structure stand out
Cardinality and Referential integrity
Refers to the boundaries of the relationship between certain data elements. FOr example, and order table cannot contain a record where the quantity ordered has a value of 0 or less or a value greater than 500.
Referential Integrity
For a record to be entered into a given table, there must already be a record in some other table.  Example, an order table cannot contain a record where the part number is not already part of the parts table.
Relational Database
A group of tables built following the principles of relational data structures. 
Database Management Systems (DBMS)
An integrated set of software tools superimposed on the data files that helps maintain the integrity of the underlying database. Allow programmers and designers to work independently of the physical and logical structure of the database.
Different users define their own views of the data in a database without changing any of the programs using data items.
A particular database's design. Consists of layouts of the tables and the constraints on entering new records.
Two vital parts of any DBMS
Data Definition Language
Data Manipulation Language
Data Definition Language
Allows the user to specify how the tables will look and what kinds of data elements they will hold.
Data Manipulation Language
WIth which the DBMS retrieves, adds, deletes, or modifies records and data elements.
Structured Query Language (SQL)
Database management system that fulfills data definition and data manipulation languages.
Data Dictionary
COntains the physical and logical characteristics of every data element in a database. For example: the name of the data element (employee name, part number), the amount of space required to store it (byte) and what kind of data is allowed in the data element (alphabetic, numeric)
Distributed Database
Can be maintained by a DBMS. A database that is stored in two or more physical sites.
Replication or snapshot technique
the DBMS duplicates the entire database adn sends it to multiple locations. Changes are periodically copied and simailarly distributed to the distributed databases.
Fragmentation of partitioning method
Specific records are stored where they are most needed in a distributed database.  Example: a bank will hold a particular customer's info at their regular branch. If the customer goes to another branch they will retrieve the info via communication lines.
Deadly embrace/deadlock
When two transitions attempt to update a single data element simultaneously. This can be resolved by a DBMS. When this occurs the DBMS selectes a "victim" and releases teh data resources it controls so that the other transaction can run to completionn. Then the victim transaction is then restarted and permitted to run.
Database Administrators
The IT function responsible for dealing with the DBMS.
Determining how groups of data items in a relational structure are arranged in records in a database. Relies on "normal forms" (conceptual definitions of data records and specified design rules).  It is a process of breaking down a complex data structure and creating smaller more efficent relations, thereby minimizing or eliminating the repeating groups in each relation.
Batch Processing
Transactions are accumulated and submitted to the computer as a single batch. The user cannot influence the process once the job has begun. Must wait till process has completed. 
Is efficient for applications such as payroll where large numbers of routine transactions must be processed on a regular schedule.
Online Processing
The computer processes each transaction individually as the user enters it.  User is in direct communication with the computer and gets immediate feedback on whether the transaction was accepted or not.  Common example is AP system where a payable clerk can enter each individual invoice as paperwork is verified.
Combined batch/online modes
Used by many applications.  Users continuously enter transactions in online mode throughout the workday collecting them in batches. Then the computer can use batch mode overnight when there are fewer users logged onto the system.
Realtime processing
Having the latest information available at all times. An example is a thermostat.
Online/ Realtime processing
combines the two modes of user data entry and instant update. Common example is an airline reservation system, which is constantly updated from moment to moment and must be available all the time.
All processing and systems development is done at a single, central location. SInce everything is done at one office, controls are strong and economies of scale are achieved.
Branches can store and process its data onsite, transmitting results overnight to the mainframe at the home office.
Distributed Processing
Parts of an org's computer operations could be performed in separate physical locations.
Client/Server Networks
It runs processes on the platform most appropriate to that process while attempting to minimize traffic over the network.  Server is centrally located and devoted to the functions needed by all network users.  Example is an email server or internet server.
Any object that uses the resources of another object. Can be a piece of hardware or a software program. Is generally referred to as a device that requests services from the server.
WHen all or part of an org's IT function is farmed out to an outside provider.
Two common reasons for outsourcing
1. Outside provides offers economies of scale that are not available to the org. Ex; payroll processing hardware.
2.Or management determines that IT is not a core competency and the entire IT function is more efficiently provided by a firm specializing in IT.
Data Capture
In order to be processed data must be entered into the system. Can be done in batch mode, by online entry, or even from a personal digital assistant.
Edit routines
Controls programmed into the software that prevent certain types of errors from getting into the system.
A preformatted screen many be designed to look exactly like a paper document to avoid data entry errors.
Field checks
Some data elements can only contain certain characters, and any transaction that attempts to use an invalid character is halted.  Ex: a ssn, which is only allowed to contain numbers.
Limit and Range checks
Based on known limits for given information, certain entries can be rejected by the system.  Ex: hours worked per week cannot exceed 80 without a special override.
Validity Checks
In order for a transaction to be processes, some other record must already exist in another file.  Ex; for a system to accept an transaction requesting payment for a vendor invoice, the vendor must already exist in the vendor master file.
Sequence checks
Processing efficiency is increases when files are sorted by keys before operations such as matching.
Self-checking digits
An algorithm is applied to, for instance, a product number and incorporated into the number.
Zero balance checks
THe system will reject any transaction or batch in which the sum of all debits and credits does not equal zero.
Output Controls
Procedures performed at the end of processing to ensure that all transactions the user expected to be processes were. Includes:
Error listings
Record Counts
Run to run control totals
Hash totals
Proof account activity listing
An audit trail of all processing activity
Error Listings
All transactions rejected by the system are printed and distributed to the appropriate user department for resolution.
Record COunts
The total number of records processed by the system is compared to the number the user expected to be processed
Run-to-run control totals
The new financial balance should be the sum of the old balance plus the activity that was just processed.
Hash Totals
These are totals without a defined meaning, such as the total of employee numbers or invoice numbers
Proof account activity listing
THis report shows all changes to master files. It can be sent to the appropriate user department to verify that the changes were authorized.
Master File Maintenance
Two subtypes. The first subtype is only updated irregularly, for instance, when a new vendor is added or an old one changes its mailing address.
The second subtype is updated regularly, for instance, with the daily postings of journal activity.
Whichever of the two is involved, the power to approve changes to a master file must be assigned in accord with a coherent organizational policy.
Reports should be presented in a way that
a. reveal the organization's performance or
b. help in decision making.
Do not necessarily have to be in paper form.
Adhoc report
A quick and dirty report drawn from one of the organization's databases that fulfills a user need but for which there is not sufficient time or resources to request formally from the IT function.
Audit trail of activities
Is crucial part of monitoring security over a system. It includes not only the reports created, but also such reports as logs of system sign-in and sign-out times to monitor who was doing what on the system.
Reasonableness Test
Checks the values of data items against established limits. If John was known to work in only department B and C, then a this test would be performed to make sure that only one of these departments were listed for him in a payroll report.
Compatibility Test
(Field check) determines whether characters are appropriate to a field.
Check digit verification
used to identify incorrect identification numbers. The digit is generated by applying a logorithm to the ID number. During input, the check digit is recomputed by applying the same algorithm to the entered ID number
Closed Loop verification
The display of the amounts entered in an input control that permits visual verification of the accuracy of the input by the operator.
Disaster Recovery
The process of resuming normal information processing operations after the occurance of a major interruption.
Business Continuity
the continuation of business by other means during the period in which computer processing is unavailable or less than normal.
Two major contingencies to plan for
1st type is power failure, random intrusions such as viruses, and deliberate intrusions such as hacking.  PHysical facilities are sound, but immediate action is required to keep normal processing going.
2nd type is more serious. This type is caused by disasters such as floods, fires, hurricanes, earthquakes, etc. These occurance require an alternate processing facility existing.
Periodic backup and offsite rotation of computer files
The most basic part of any disaster recovery/business continuity plan.
Typical backup routine
Involves duplicating all data files and application programs once a month. Incremental changes are then backed up and taken to the offsite location once a week.
Risk Assessment
Forms the core contingency planning and involves identifying and prioritizing the organization's critical applications. and determining the minumum recovery time frames and minimum hardware requirement and developing a recovery plan.
Power failure
Can be guarded against by the purchase of backup electrical generators. They can be programmed to automatically begin running as soon as a dip in the level of electrical current is detected.  Especially used in hospitals where 24 hour availability is crucial.
The system must be brought down gracefully to halt the spread of the infection.
Flood, fire, earthquake,
Must contract for alternate processing facilities.
Alternate processing facility
A physical location maintained by an outside contractor for the express purpose of providing processing facilities for customers in case of disaster.
Hot site
A fully operational processing facility that is immediately available.
Flying-start site
A hot site with the latest data and software that permit startup within a few minutes or even seconds.
warm site
a facility with limited hardware, such as communications and networking equipment, already installed but lacking the necessary servers and client terminals.
Fault tolerant computer systems
Have additional hardware and software as well as a back up power supply. Has additional chips and disk storage. Used for mission critical applications that cannot afford to suffer downtime.
High Availability computing
used for the less critical applications because it provides for a short recovery time rather than the elimination of recovery time.
Risk Analysis
1. Identifies and prioritizes critical applications
2. Evaluates their organizational impact
3. determines recovery time frames and minimum hardware platform requirements
4. assesses insurance coverage
5. identifies exposures and their implications
6. develops recovery plans.
umbrella term referring to all methods of conducting business electronically. Can include strictly internal communications as well as nonfinancial dealings with outside parties (contract negotiations)
Refers to financial transactions with outside parties, (the purchase and sale of goods and services)
2 basic varieties; B2B business to business and B2C business to consumer
B2B Business to business commerce
not limited to EDI and other direct links between businesses but also involves activities within the broader electronic market. Involves working with vendors, distributors, and other businesses over the internet.
2 types of B2B companies; vertical and horizontal
Vertical B2B company
work at all levels within an industry and mostly earn their revenues from advertising on specialized sector or from transaction fees from the ecommerce they host. 
Horizontal B2B companies
Operate across numerous industries. Provide products, goods, materials, or services that are not specific to a particular industry or company.
B2B Benefits
Reduced purchasing costs- online purchasing saves time and electronic processing simplifies order process
INcreased market efficiency- internet gives easy access for market quotes etc.  More likely to find a better price
Greater market intelligence- provides producers with greater insights into the demand levels of any given market
Decreased inventory levels- internet allows for JIT manufacturing techniques.
e-commerce security issues
1. correct identification of transacting parties (authentication)
2. Determination of who can make binding agreements (authorization)
3. protecting confidentiality and integrity of info
4. Assuring trustworthiness of listed prices and discounts
5. Providing evidence of tranmission and receipt of docs
6. Guarding against repudiation by sender or recipient
7. Proper extent of verification of pmt data
8. Best method of pmt to avoid wrongdoing or disagreements
9. Lost of duplicated transactions
10. Determining who bears the risk of fraud.
Responses to security issues in ecommerce
1. encryption and authentication methods, preferably by secure hardware rather than software.
2. Numerical sequencing to identify missing or false messages
3. The capacity of the host computer to avoid downtime and repel attacks
4. Nonrepudiation methods, such a digital certs, which prove origination and delivery.
5. Adherance to legal requirements
6. Documenting trading agreements, especially the terms of trade and methods of authorization and authentication
7. agreements for end to end security and availibility with providers of info services and value added networks
8. Disclosure by public trading systems of their terms of business.
EDI Electronic Data Interchange
the leading method of ecommerce.  Involves communication of data in format agreed to by the parties directly from a computer in one entity to another computer in another entity. FOr example, to order goods from a supplier or to transfer funds
EDI Advantages
Reduction of clerical errors, speed of transactions, and the elimination of repetitive clerical tasks such as document preparation, processing, and mailing.
Disadvantages of EDI
Information may be insecure
Data may be lost
Transmissions to trading partners may fail
EDI is less standardized and more costly than internet based commerce, which ordinarily uses XML
EDI requires programming expertise and lease phone lines or use of a value added or third party network.
Standard concern procedures
Convert written docs into a standard electronic document-messaging format to facilitate EDI
the procedures for arranging data elements in specified formats for various accounting transactions (invoices, advance shipment notices, etc)
Data dictionary
prescibes the meaning of data elements, including specification of each transaction structure
Transmission protocols
Rules used to determine how each electronic envelope is structured and processed by the communications devices.
Point to point system
requires the use of dedicated computers by all parties. each computer must be compatible with the others.
Value added networks
Private third party providers of common interfaces between organizations.
Another means of carrying on ecommerce.
rely on the established communications protocols of the internet. So expensive specialized equip needed for EDI is unnecessary.
EFT Electronic funds transfer
Service provided by financial institutions worldwide that is based on EDI technology.
EFTA Electronic Fund Transfer Act of 1978
Enacted by Congress to regulate electronic banking services.
Primary purpose is to provide disclosure to consumers who use these services.
Types of EFT services
ATM, POS, Direct deposit and payment, payment by telephone (PBT)
EFT Reciepts must include the following
Amount involved
Date of transaction
Type of transfer
Identity of the account
Identity of any third party from whom or to whom funds are transferred
Location or identification of the electronic terminal involved.
Monthly EFT Statement must include
Amt of fees or charges assessed for maintenance
Balances of the accts at beg. and end of period
Address and telephone to be used in case of error
Reporting EFT errors
Customers have 60 days after recieving a statement to report errors. The financial institution has 10 days to investigate. If error is found, bank has 1 day to correct it.
Liability limit (EFT)
Customers are liable for a max of $50 for unauthorized transfers
Electronic Money
Stored-value cards such as phone cards.
Smart cards which contain computer chips
Disadvantage of electronic money
MOst types are not covered by the FDIC and rules for EFTs do not extend to electronic money
Online payment systems (OPS)
Electronic wallet
a software application that stores credit card numbers and other personal information and is usually kept on the buyer's computer.
POS Systems
Update and analyze the perpetual inventory records.
Can perform other accounting tasks suchs as crediting revenue accounts and debiting cash, AR and COGS.
Provide marketing info in order to identify trends, make sales forecasts, determine products not in demand, improve customer service, target products and promotions to customers with different demographic traits, and evaluate the effects of promotions and coupons.
POS Systems also
Help control liquid assets, facilitate purchasing decisions, minimize costs, record personnel and transactional info about specific customers, process all forms of payment, permit instant price changes, permit integration with internet sales applications.
Is vital technology for the security and therefore the success of electronic commerce, especially with regard to transaction carried out over public networks.
Encryption process
The sender's encryption program encodes the data prior to transmission, then the recipient's program decodes it at the other end. Unauthorized users made be able to intercept data, but cannot decode without the encryption key.
Two major types of encryption routine are in general use
Private Key and Public key
Private key encryption
or symmetric, is the less secure of the two kinds because there is only one key. The single key must be revealed to both the sender and the recipient.
Public key encryption
or asymmetric, is more secure of the two. The public key used by the sender for encoding is widely known, but the related private key used by the recipient for decoding is only known to the recipient.
LIke a post office box. Anyone knows the address and can mail to it, but only the owner has the key to open it.
Certificate Authority (CA)
Third party in encryption necessary to issue keys in order for the keys to form a mathematical pair.  Verisign is an example of a CA
Digital Certificate
Another means of authentication used in ecommerce. the CA issues a coded electronic certificate that contains the holder's name, a copy of its public key, a serial number, and exp. date. The certificate verifies the holder's identity.
Digital Signature
An encryption technique, not only to keep messages secret, but to verify that it actually originated with the person who is claiming to have sent it. Public key (2 key) encryption is used to achieve this.
Malicious software (malware)
May exploit a known hole or weakness in an application or operating system program to evade security measures.  This vulernability could be caused by programming errors.
Trojan horse
an apparently innocent program that includes a hidden function that may do damage when activated
a program that copies itself from file to file. May destroy data or programs. Commonly spread through email attachments.
Copies itself not from file to file but from computer to computer. OFten very rapidly. Repeated replication overloads a system by depleting memory or overwhelming network traffic capability.
Logic bomb
LIke a trojan horse, but only activitate upon some occurance, for instance a certain date.
Controls to prevent or detect infection
Policies should
a. require use of only authorized software
b. adherence to licensing agreements
c. create accoutability for the persons authorized to maintain software
d. require safeguards when data or programs are obtained by means of external media
e. anti virus software should continuously monitor the system for virusing and should be constantly updated
f. software and data should be regualrly reviewed
g. investigation of unauthorized files should be investigated
h. email attachments should be checked
i. procedure should be established for copying either malware.
j. backup plan drafted
k. info about malware should be verified and alerts given
l. be aware of false messages and hoaxes.
Password attacks
attempt access to a system by stealing the passwords of legitimate users and then masquerading as those users.
Brute force password attack
uses password cracking software to try large numbers of letter and number combinations to access a network.
IP spoofing
Identity misrepresentaion in cyberspace.  Example is using a false website to obtain information about people.
Packet sniffing
use of software to eavesdrop on information sent by a user to the host computer of a website.
Man in the middle attack
takes advantage of network packet sniffing and routing and transport protocols to access packets flowing through a network.
Denial of service attack.
an attempt to overload a system with messages so that it cannot function.
Intrusion detection system (IDS)
detect breaches of an organization's information security regime before they can do damage.  Examines user log files and patterns of traffic over the organization's network to catch suspicious activity. Alerts IT personnel who can take appropriate action.
Rivest, Shamir, Adelman (RSA)
An encyrption standard licensed to hardware and software vendors. Requires two keys, one that is a public key available to anyone for encrypting messages, and a private key that is known only to the recipient.
Hoax Virus
A false notice about the existance of a computer virus. It is usually disseminated throught use of distribution lists and is sent by email or via an internal network.
Web Crawler
a spider or bot, is a computer program created to access and read information on websites. The results are included as entries in the index of a seach engine.
Killer application
is so useful that is may justify widespread adoption of a new technology.
Business Information system
any combination of people, procedures and computing equipment employed to pursue a business objective
Stakeholders in a BIS
those who affect, or are affected by, the output of the information system. They have an interest in the system's effective and efficient functioning.  (manager, employees, IT personnel, suppliers and customers)
Four major tasks of any information system
The system must acquire data from within or outside of the entity.
Raw materials (data) are converted into knowledge useful for decision making
The ultimate purpose of the system is communicatoin of results to internal or external customers.
before, during and after processing, data must be temporarily or permanently stored, for example, in files or databases.
Transaction Processing System (TPS)
Captures fundamental data that reflect the economic life of an organization.
MIS Management Information System
Typically receive info from a TPS, aggregates it, then reports it in a format useful by middle management in running the business. Are often classified by function or activity.
Stovepipe Systems
Single function management information systems with a limited focus. Are gradually being replaced by integrated systems which link multiple business activities across an org.
Data Warehouse
A central database for transaction level data from more than one of the org's TPSs. They are very large and require that the transaction records be converted to a standard format. Powerful tool for adhoc inquiries.
Is strictly a query-and-reporting system. Not used to carry out an org's routine operations.
online analytical processing (OLAP)
Accesses a data warehouse using analytical and graphics tools. It is a drill down analysis
Drill-down analysis
componant of OLAP in which the user is first presented with the data at an aggregate level and then can display succesive levels of detail for a given date, region, product, etc, until reaching the original transactions.
Data mart
A subset of an enterprise wide data warehouse.  Designed primarily to address a specific function or department's needs.  Where a data warehouse is generally meant to address the needs of the entire enterprise.
Data mining
The search for unexpected relationships between data. Enabled by a data warehouse.
Decision support system DSS
an interactive system that is useful in solving semistructured problems. Does NOT automate a decision. It examines the relevant data and presents a manager with choices between alternative courses of action.
semistructured problems
those with structured portion (which a computer can solve), and an unstructured portion (which requires the manager's insight and judgment).
Three basic components of a DSS
The database, the model, and the dialog.
the database
consists of raw data, that are relevant to the decision. Data can come from both within and outside of the org.
The Model
the set of equations, comparisons, graphs, conditions, assumptions, etc, into which the data will be fed in the DSS
The dialog
teh user interface which allows the user to specify the appropriate model and the particular set of data to which the model should be applied.
A group DSS
aids in the collaborative solution of unstructured problems. Users in separate areas of the organization can specify parameters pertinent to their functions.
Expert System (ES)
an interactive system that attempts to imitate the reasoning of a human expert in a given field. is useful for addressing unstructured problems when there is a local shortage of human experts.
Knowledge database
consists of facts and the relationships among those facts
Inference engine
often a series of if/then decisions.
Allows the user to input data relevant to the current problem, which are then filtered through the inference engine and used to query the knowledge database.
an exploratory problem-solving technique that uses self-education methods to improve performance. Often very interactive and provide explanations of their problem solving behavior.
Artificial intelligence (AI)
More sophisticated than expert systems, computer software designed to perceive, reason, and understand. work through a series of if/then questions in which every operation has exactly two possible outcomes (yes/no, on/off)
Advantages to AI in a business environment
Can work 24 hours a day
will not get sick or die
are extremely fast processors of data
Fuzzy logic systems
a form of AI that deal with imprecise data and problems that have many solutions.. Uses soft linguistic variables (large, hot, cold, tall) and a continuous range of truth values rather than strict binary decisions and assignements.  Useful in design of industrial controls, data retrieval, and in systems the user is not intimately familiar with.
Neural networks
a collection of processing elements working together to process information much like the human brain, including learning from previous situations and generalizing concepts
Case-based reasoning systems
use a process similar to that used by humans to learn from previous, similar experiences
Rule-based systems
function on the basis of set rules to arrive at an answer. These cannot be changed by the system itself. THey must be changed by an outside source.
Intelligence Agents
programs that apply a built in or learned knowledge base to execute a specific, repetitive and predictable task, for example; showing a computer user how to perform a task or searching websites for financial information.
Business Intelligence (BI)
what gives upper management the information it needs to know where the organization is and how to steer it in the intended direction. BI gives an executive immediate information about an org's critical succes factors.
Digital Dashboard
THe displays of bar graphs, pie charts, column reports, etc, grouped by an exec's particular needs in an BI
Enterprise Resource Planning (ERP)
intended to integrate enterprise-wide informatino systems by creating one database linked to all of an org's applications.
Traditional ERP System
subsystems share data and coordinate their activities. Thus if marketing recieves an order, it can quickly verify that the inventory is sufficient to notify shipping to process the order.
Back Office Functions
the subsystems in a traditional ERP that are internal to the organization.  The information produced is usually intended for internal use by the org's managers
Current generation of ERP software with added front office functions which connect the organization with customers suppliers, owner, creditors and strategic allies.  Enable supply chain management, customer relationship management, and partner relationship management.
Types of Major ERP packages
R/3 from SAP, AG and Oracle e Business Suite, Peoplesoft, and JD Edwards EnterpriseOne, all from Oracle.
Disadvantages of ERPs
the extent and complexity which make implementation difficult and costly
OFfice automation systems (OASs)
the familiar word processing, spreadsheet, digital doc storage, and desktop publishing applications of most office workers are part of any org's information system technology.
Information Resources Management (IRM)
Takes a global view of the information holdings and needs of an organization because of the diverse needs of users.
Financial Reporting systems
generate info for use primarily by outside parties, such as investors, regulators and creditors. Commonly in the form of financial statements
Audit Trail
Reflects the accounting cycle
/ 309

Leave a Comment ({[ getComments().length ]})

Comments ({[ getComments().length ]})


{[ comment.comment ]}

View All {[ getComments().length ]} Comments
Ask a homework question - tutors are online