Physical devices making up a computer system.
|CPU Central Processing Unit||
The brain of any computer. In a desktop computer it is often referred to as a microprocessor. Larger computers such as servers and mainframes can have more than one CPU
|The most important functions of a CPU||
1. Move data from storage to main memory
2. Execure the instruction for manipulating data
3. move the results from main memory back to storage.
The speed of a CPU measured by the number of instructions it can carry out per second
|RAM Random Access Memory||
Also referred to as main memory or primary storage.
It is a holding area for data before and after processing by the CPU.
Ram units are volatile, they are emptied when the computer is shut off.
Is measured in size rather than speed.
|ROM Read only memory||
Permanent storage used to hold the basic low-level programs and data particular to a computer's harware.
Vital to the operation of the hardware and cannot be altered by the owner and aren't affected when the computer is shut off.
|Secondary Storage Devices||
Hard Drives- most common
Optical Drives- record and read data by laser beam. Dvd, cds. They rotate
Flash Drives- thumb drives. no moving parts
Floppy disks and magnetic tape- slow access times and hold less
Keyboard, mouse, scanner, touch screen, (MICR)magnetic ink reader, (OCR) Optical character reader, MIcrophone, light pen, sensor
Monitor, printer, plotter, voice emulator.
Refers to the programs that are executed by the hardware.
Two perspectives, 1. systems v. applications and 2. the programming language in which the software is written
|Two major types of software||
Systems software- performs fundamental tasks to manage computer resources. 1. the operating system (traffic cop of any computer system). 2. Utility programs which perform basic functions not particular to a specific application such as copying, deleting, merging and sorting.
Application Software- consists of programs that tell the computer what steps the user wants carried out. can be purchased from vendors or developed internally.
Examples include, word processors, spreadsheets, graphics and small databases, payroll, hr, accounts payable, general ledger, etc
|First generation programming language||
Also called machine language. Are written in a binary code (combo of ones and zeros) unique to each type of computer. These are directly understood by the computer with no translation needed.
|Second generation programming language||
Also called assembly languages. Use mnemonic symbols to represent groups of binary ones and zeros. They must be converted to machine languages for the computer to understand them.
|Third generation programming language||
Also called procedural language. consist of English-like words and phrases that represent multiple machine language instructions, making these languages easier to learn. Converted in two ways: Compiled or interpreted.
|COBOL- Common business oriented language||
third generation programming language. Designed in 1959 to be easy to read and maintain. Still in production
|BASIC- Beginner's all-purpose symbolic instruction code||
Third generation programming language developed to teach programming but not used in large business application processing. Visual BASIC provides a graphical user interface to develop Microsoft Windows applications from code written in BASIC
|C and C++||
Third generation programming languages that have been very popular since introduction. Enable the technique called object-oriented programming.
Third generation programming language. Is a high level, object oriented language developed by Sun Microsystems that is used to write programs embedded in a WWW document. Allows user to download from network only the data necessary to perform the task.
|Fourth Generation Language||
Also called problem oriented or nonprocedural language. provides further simplification of programming. Permit a nonspecialized user to describe the problem to and receive guidance from the computer instead of specifying a procedure.
|Types of 4th generation languages||
SQL- Structured Query Language: best know. Enables user to read, update, reorganize and report on data contained in a relational database
GAS- Generalized audit software: also know as CAAT computer assisted audit techniques. allows processing functions such as extracting sample items, verifying totals, developing file statistics, and retrieving specified data fields.
HTML- hypertext markup language: authoring software language commonly used to creat and link websites. Key features are hotlinking and graphics display.
XML- Extensible markup language: open standard usable with many programs and applications.
XBRL- Extensible business reporting language: specification developed by the AICPA to report in accordance with GAAP. Variation of XML that is expected to decrease costs of generating financial reports and sharing business info.
Simple keyboard and monitor combinations with no processing power used for communication with mainframe computers
Converting a computer's digital signal into an analog signal.
Converting an analog signal back to a digital signal.
Device that converts digital and analog signals. Modems allowed orgs to move info between locations in purely electronic format, eliminating the need to passing physical documents. huge cost savings.
Remote connections through desk top computers rather than dumb terminals.
Involves decentralization of processing tasks and data storage and assigning these functions to multiple computers often in separate locations.
|LAN: Local area network||
An interconnection between devices in a single office or building.
|Peer to peer||
Used in small networks with few devices, where every device is connected directly to every other.
|Client Server Networks||
Type of LAN, differ from peer to peer in that the devices play more specialized roles. Client processes (individual users) request services from server processes (maintained centrally)
Any object that uses the resources of another object. Can be a device or a software program. Commonly it is a device that requests services from a server.
|Three-tiered architecture of client||
The client/server model runs processes on the platform most appropriate to that process while attempting to minimize traffic over the network.
|Client/Server Model Security||
May be more difficult than in a highly centralized system because of the numerous access points.
COnnects devices within a single office or home or among buildings in an office park. LAN is owned entirely by a single organization.
|MAN- Metropolitan area network.||
Connects devices across an urban area for instance, two or more office parks.
Has had limited success as a wire-based network.
|WAN- Wide area network||
Consists of a conglomerate of LANs over widely separated locations. Can be publicly or privately owned.
|Publicly owned WANs||
Such as public telephone system and internet are available to any user with a compatible device.
|Public switched networks||
Use public telephone lines to carry data. Is economical but the quality of data transmission cannot be guaranteed and security is questionable.
|Privately owned WANs||
Profit making enterprises. Offer fast, secure data communication service to orgs that do not wish to make their own large investments in the necessary infrastructure.
|VANs- Value added networks||
Private networks that provide their customers with reliable high speed secure transmission of data. They have added value of error detection and correction services, email facilities for EDI, EDI translation and security for email and data transmissions. Type of privately owned WAN.
|VPN- Virtual Private networks||
Type of privately owned WAN. a relatively inexpensive way to solve the problem of high cost leased lines.
|PBX- Private branch exchange||
A specialized computer used to handle both voice and data traffic. CAn switch digital data among computer and office equip. Uses telephone lines so capacity is limited.
the signal carrying capacity of a transmission medium. It is a rough indication of the highest speed that data can attain while traveling through it.
|Baseband and Broadband||
Baseband- a medium that can carry only one signal
Broadband- a medium that can carry multiple signals.
Wiring graded into categories each of which denotes a different bandwidth. It is fundamentally a baseband medium. Named from the continuous weaving of the strands of wire around each other within the cable. A magnetic field is produced around the wire where current is passed. Comes in shielded (STP) and unshielded (UTP) varieties.
A magnetic field that disrupts the transmission of electrical signals.
|Category 1 twisted pair||
Unshielded. Usually referred to as regular telephone wire
|Category 3 twisted wire||
Comes in both shielded and unshielded. Can support a higher bandwidth than cat1.
|Category 5 twisted pair||
comes in both shielded and unshielded and can support a higher bandwidth than cat3.
commonly used medium for LANs. Also used for transmission of cable tv. Usually necessary when broadband transmission is desired. Is named coaxial because one signal conductor surrounds the other, giving them a common axis.
|Wired LANs' two basic types of networking devices||
Hubs- very simple and serve only to broadcast messages to every other device on the network.
Bridges- improve traffic flow by dividing LANs into segments. More intelligent than hubs. They read the destination address and isolate the message to the segment where the destination device is located, elimating traffic.
|Remote bridges or gateways||
Connect separate LANs.
|Fiber optic cable||
extremely fine threads of glass or plastic. electrical signal is converted to pulses of light which are sent through the optical medium at higher speeds than can travel through copper wire. Light pulses continuously bounce down the fiber aiding in separating the various signals when they arrive at the other end.
|2 major advantages of fiber optics over wire||
1. Light pulses used in fiber optics are not subject to electromagnetic interference.
2. Interception by unauthorized parties is impossible because the light pulses cannot be tapped as electrical signals can. Also, cut fiber becomes a mirror immediately alerting administrators that there is a problem.
involves propagating electrical signals through air and space instead of through metal wire or optical fiber.
transmitting the microwave signal to a satellite in orbit which retransmits the signal to the destination back on Earth.
|LOS loss of sight microwaves||
an older technology still in use in some places. COnsists of beaming the signals from one tower to another from horizon to horizon.
Most successful protocol for LAN transmission. It breaks up the flow of data between devices into discrete groups of data bits called frames.
Polite conversation: Each device listens to the network to determine if another conversation is taking place. Once the network is determined to be free of traffic the device sends the message.
PRotocol that originally had a much higher speed than Ethernet.
Each device is connected to the next in a ring config. a special frame called the token is passed continuously around. When a device sends a message it attaches a message to the token and the token drops it off at the destination when it arrives there. I
It is expensive and difficult to expand.
A set of standards for message transmission among the devices in a network.
A single physical pathway is established in the public telephone system and reserved for the full and exclusive use of the two parties for the duration of their communication. ie. an ordinary telephone call or a dial up internet connection.
MOre intelligent than hubs, bridges or switches. They have tables stored in memory that tell them the most efficient path along which each packet should be sent.
Routing is what makes the internet possible.
|TCP/IP- Transmission control protocol/internet protocol||
A suite of routing protocols that make it possible to interconnect many thousands of devices from dozens of manufacturers all over the world through the internet.
The heart of internet routing. Allows any device anywhere in the world to be recognized on the internet through the use of standard format IP address.
Each of the four decimal separated elements of an IP address is a numeral between 0 and 255.
|Dynamic host configuration protocol DHCP||
allows tremendous flexibility on the internet by enabling the constant use reuse of IP addresses.
|PAN Personal area network||
Such as a bluetooth. Allows much smaller radius than a wireless network. about 30 feet.
|Fat client in a client server network||
Has its own local long term storage and considerable processing power.
|Thin client in a client server network||
Has just enough memory and processing power to download and run portions of an application it needs locally.
a network of networks all over the world.
|Uniform resource location URL||
A unique address for a page on the web, recognizable by any web enable device.
provides sharing of information throughout an org by applying internet connectivity standards and web software to the org's internal network.
Consists of the linked intranets of two or more orgs, for example, of a supplier and its customers . It typically uses the public internet as its transmission medium but requires a password for access.
Negotiates conversation between the computer's hardware, the application the user is running and the datat that the application is working with.
A second program could begin running while the first program was waiting for a command from the operator, or for input from a slower device such as a card reader.
An important feature of the current generation of operating systems. The operating system rapidly switches the computer's attention back and forth between programs, sometimes in a fraction of a second, giving the appearance to users of jobs running simultaneously.
The computer has multiple cpu's, permitting a single application to be broken up and have its parts run in parallet on the various processors, greatly speeding up completion times.
The dominant operating system for IBM compatible mainframes.
Operating system developed by Bell labs. Portable (used on many brands of computers), multi user, and multitasking. Has been expanded and refined and is considered to be very robust.
Variants are Linux ( free) and Solaris ( used on high end Sun servers and workstations.)
The networking version of Microsoft's Windows operating system for the desktop.
|NOvell Open Enterprise Software||
the successor to that company's once dominant NetWare network operating system.
|Graphical user interface ( GUI)||
Is a "point and click". The ability to use a mouse or touchpad to issue commands to the computer by manipulating pictorial icons, called a window.
A characteristic of GUI. the ablility for a computer to display more than one program on the screen at a time. Each program has its own section of the screen called a window.
|Operating System software||
Can provide multiprogramming capability. Can also provide multiprocessing and virtual storage capabilities.
encompasses not only computer hardware and software, but all of an org's information, no matter what medium it resides on.
|Three principal goals for information security programs.||
Protecting data from disclosure to unauthorized personnel.
Assuring that the org's info systems are up and running so that employees and customer are able to access the data they need.
Assuring that data accurately reflect the business events underlying them and are not subject to tampering or destruction.
|Threats to an org's information||
Improper disposal of customer records- threat to confidentiality
VIruses and denial of service attacks- threat to availability
Employee errors and disgruntles employee sabotage- threats to integrity.
|Two phases of risk analysis||
Determining the likelihood of the identified threats
and determining the level of damage that could be done if the threats materialize.
|Three major types of controls||
Physical, logical and policy
|Enterprise wide information security plan||
A plan that lists the controls that will be put in place and how they will be enforced.
Set forth expectations of all persons, both employees and external users, with access to the org's systems.
|Most important policy||
That which governs the information resources to which individuals have access and how the level of access will be tied to their job duties.
|Classic division of controls||
Between general controls and application controls.
Relate to the org's information systems environment as a whole and include:
Segregation of duties
Controls over systems development
Should be a separate function with its own set of management and technical skills.
Are built into the equipment by the manufacturer. Assure proper internal handling of data as they are moved and stored.
They include parity checks, echo checks, read-after-write checks, and any other procedure built into the equipment to assure data integrity.
Limit physical access and environmental damage to computer equipment and important documents. They include:
Access controls and
No persons except operators should be allowed unmonitored access to the computer's center. This can be accomplished through a guard desk, a keypad or a magnetic card reader.
The computer center should be equipped with a cooling and heating system to maintain a year round constant level of temp and humidity, and fire suppression system
established to limit access in accordance with the principle that all persons should have access only to those elements of the org's information systems that are necessary to perform their job duties.
They have a double focus: Authentication and Authorization
the act of assuring that the person attempting to access the system is in fact who they say they are. This is mainly achieved through passwords adn IDs.
Should be made every 90 days.
The practice of assuring that once in the system, the user can only access those programs and data elements necessary to his/her job duties.
a combination of hardware and software that separates an internal network from an external network and prevents passage of specific types of traffic.
Relate to specific tasks performed by each system. They should provide reasonable assurance that the recording, processing and reporting of data are properly performed. They relate to individual computerized accounting applications. Example: programmed edit controls for verifying customers' account numbers and credit limits.
provide reasonable assurance that data have not been lost, suppressed, added, duplicated, or otherwise improperly changed.
They provide reasonable assurance that data received for processing have been properly authorized, converted into machine sensible form and identified.
Provide reasonable assurance that processing has been performed as intended for the particular application.
-all transactions should be processed as authorized, no authorized transactions omitted, and no unauthorized transactions should be added.
provide assurance that the processing result is accurate adn that only authorized personnel recieve the output.
States not only the meaning of a data element, but also its ownership, size, format and usage.
|Two Main Types of Data Files||
A master file and a transaction file
Contains two subtypes:
1. Contains records that do not change very often, Example: a vendor file with vendor's name, address,
2. One that is regularly updated to reflect ongoing activity. Example; a general ledger file, which at any given moment holds the balances of all accounts in the ledger.
Is the relative frequency with which the records in a file are added, deleted, or changed during a period.
Contains the data that reflect ongoing business activity, such as individual purchases from vendors or general journal entries.
A pattern of ones and zeros.
is either a 1 or 0 in binary code. Can be strung together to form a binary number.
A group of bits. Each byte is used to signify a character ( a number, letter, symbol)
|Coding systems for mapping values of binary numbers to characters||
EBCDIC- Extended Binary Coded Decimal Interchange Code
ASCII- American Standard Code for Information interchange
|EBCDIC- Extended binary coded decimal interchange code||
Developed by IBM for its mainframe computers. Uses 8 bits to a byte
|ASCII- AMerican standard code for information interchange||
developed by the american national standards institute. Employed by most personal computers and servers and uses 7 bits to a byte.
sponsored by the internation organization for standards, can use multiple bytes to represent each character, thereby enabling the deployment of special characters and all the world's alphabets.
1 KB= 1,24 bytes
1 mb= 1,048,576 bytes or 1,024 KB
1 GB= 1,073,741,824 bytes, or 1024 MB
1 TB= 1,099,511,627,776 or 1024 GB
A group of bytes. Contains a unit of data about some entity. Example: a name of a composer.
A group of fields. All fields contain information pertaining to an entity
Designation field which contains enough information to uniquely identify each record. ie, there can be no two records with the same key.
Keys allow records to be sorted and managed with greater efficiency.
A group of records. All the records within it contain the same pieces of information about different occurences.
Every record in a file has an identical layout, thus records can be conceived of as forming a two-dimentional pattern of rows and columns. A telephone directory would be a flat file.
The earliest means of associating the records of a flat file with each other. Each record had a pointer tacked on teh end that pointed to the next record
|Variable Length Records||
Represented space saving. Space is not taken up when empty fields are not filled.
To find a record, every intervening record had to be examined and bypassed. LIke a cassette tape, when you had listen to a song and skip it to find the desired song.
|INdexed sequential access method ISAM||
Developed by IBM. each file contains an extra table holding the storage location of every record. When a record is desired, the system consults the index table to find the record. then the record can be retrieved directly.
|Direct or random access||
Disk drives which can quickly seek out a given storage address.
|Hierarchical (Tree) Database model||
Records form branches and leaves extending from a root. A customer's address will only be stored once. Every parent record can have multiple child records. But each parent can have only one child. Each customer can have many orders, but each order can only have one customer/
|Network Database Model||
Allowed child records to have multiple parents. An attempt to make queries more efficient, but the large number of cross references made maintenance too complex
|Relational Database Model||
the elements of data relate to oneanother in a highly flexible way. Tables are not referred to as relations. Table's columns are now called attributes, and rows are called tuples.
Each element is stores as few times as necessary.
|Two features that make a relational data structure stand out||
Cardinality and Referential integrity
Refers to the boundaries of the relationship between certain data elements. FOr example, and order table cannot contain a record where the quantity ordered has a value of 0 or less or a value greater than 500.
For a record to be entered into a given table, there must already be a record in some other table. Example, an order table cannot contain a record where the part number is not already part of the parts table.
A group of tables built following the principles of relational data structures.
|Database Management Systems (DBMS)||
An integrated set of software tools superimposed on the data files that helps maintain the integrity of the underlying database. Allow programmers and designers to work independently of the physical and logical structure of the database.
Different users define their own views of the data in a database without changing any of the programs using data items.
A particular database's design. Consists of layouts of the tables and the constraints on entering new records.
|Two vital parts of any DBMS||
Data Definition Language
Data Manipulation Language
|Data Definition Language||
Allows the user to specify how the tables will look and what kinds of data elements they will hold.
|Data Manipulation Language||
WIth which the DBMS retrieves, adds, deletes, or modifies records and data elements.
|Structured Query Language (SQL)||
Database management system that fulfills data definition and data manipulation languages.
COntains the physical and logical characteristics of every data element in a database. For example: the name of the data element (employee name, part number), the amount of space required to store it (byte) and what kind of data is allowed in the data element (alphabetic, numeric)
Can be maintained by a DBMS. A database that is stored in two or more physical sites.
|Replication or snapshot technique||
the DBMS duplicates the entire database adn sends it to multiple locations. Changes are periodically copied and simailarly distributed to the distributed databases.
|Fragmentation of partitioning method||
Specific records are stored where they are most needed in a distributed database. Example: a bank will hold a particular customer's info at their regular branch. If the customer goes to another branch they will retrieve the info via communication lines.
When two transitions attempt to update a single data element simultaneously. This can be resolved by a DBMS. When this occurs the DBMS selectes a "victim" and releases teh data resources it controls so that the other transaction can run to completionn. Then the victim transaction is then restarted and permitted to run.
The IT function responsible for dealing with the DBMS.
Determining how groups of data items in a relational structure are arranged in records in a database. Relies on "normal forms" (conceptual definitions of data records and specified design rules). It is a process of breaking down a complex data structure and creating smaller more efficent relations, thereby minimizing or eliminating the repeating groups in each relation.
Transactions are accumulated and submitted to the computer as a single batch. The user cannot influence the process once the job has begun. Must wait till process has completed.
Is efficient for applications such as payroll where large numbers of routine transactions must be processed on a regular schedule.
The computer processes each transaction individually as the user enters it. User is in direct communication with the computer and gets immediate feedback on whether the transaction was accepted or not. Common example is AP system where a payable clerk can enter each individual invoice as paperwork is verified.
|Combined batch/online modes||
Used by many applications. Users continuously enter transactions in online mode throughout the workday collecting them in batches. Then the computer can use batch mode overnight when there are fewer users logged onto the system.
Having the latest information available at all times. An example is a thermostat.
|Online/ Realtime processing||
combines the two modes of user data entry and instant update. Common example is an airline reservation system, which is constantly updated from moment to moment and must be available all the time.
All processing and systems development is done at a single, central location. SInce everything is done at one office, controls are strong and economies of scale are achieved.
Branches can store and process its data onsite, transmitting results overnight to the mainframe at the home office.
Parts of an org's computer operations could be performed in separate physical locations.
It runs processes on the platform most appropriate to that process while attempting to minimize traffic over the network. Server is centrally located and devoted to the functions needed by all network users. Example is an email server or internet server.
Any object that uses the resources of another object. Can be a piece of hardware or a software program. Is generally referred to as a device that requests services from the server.
WHen all or part of an org's IT function is farmed out to an outside provider.
|Two common reasons for outsourcing||
1. Outside provides offers economies of scale that are not available to the org. Ex; payroll processing hardware.
2.Or management determines that IT is not a core competency and the entire IT function is more efficiently provided by a firm specializing in IT.
In order to be processed data must be entered into the system. Can be done in batch mode, by online entry, or even from a personal digital assistant.
Controls programmed into the software that prevent certain types of errors from getting into the system.
A preformatted screen many be designed to look exactly like a paper document to avoid data entry errors.
Some data elements can only contain certain characters, and any transaction that attempts to use an invalid character is halted. Ex: a ssn, which is only allowed to contain numbers.
|Limit and Range checks||
Based on known limits for given information, certain entries can be rejected by the system. Ex: hours worked per week cannot exceed 80 without a special override.
In order for a transaction to be processes, some other record must already exist in another file. Ex; for a system to accept an transaction requesting payment for a vendor invoice, the vendor must already exist in the vendor master file.
Processing efficiency is increases when files are sorted by keys before operations such as matching.
An algorithm is applied to, for instance, a product number and incorporated into the number.
|Zero balance checks||
THe system will reject any transaction or batch in which the sum of all debits and credits does not equal zero.
Procedures performed at the end of processing to ensure that all transactions the user expected to be processes were. Includes:
Run to run control totals
Proof account activity listing
An audit trail of all processing activity
All transactions rejected by the system are printed and distributed to the appropriate user department for resolution.
The total number of records processed by the system is compared to the number the user expected to be processed
|Run-to-run control totals||
The new financial balance should be the sum of the old balance plus the activity that was just processed.
These are totals without a defined meaning, such as the total of employee numbers or invoice numbers
|Proof account activity listing||
THis report shows all changes to master files. It can be sent to the appropriate user department to verify that the changes were authorized.
|Master File Maintenance||
Two subtypes. The first subtype is only updated irregularly, for instance, when a new vendor is added or an old one changes its mailing address.
The second subtype is updated regularly, for instance, with the daily postings of journal activity.
Whichever of the two is involved, the power to approve changes to a master file must be assigned in accord with a coherent organizational policy.
|Reports should be presented in a way that||
a. reveal the organization's performance or
b. help in decision making.
Do not necessarily have to be in paper form.
A quick and dirty report drawn from one of the organization's databases that fulfills a user need but for which there is not sufficient time or resources to request formally from the IT function.
|Audit trail of activities||
Is crucial part of monitoring security over a system. It includes not only the reports created, but also such reports as logs of system sign-in and sign-out times to monitor who was doing what on the system.
Checks the values of data items against established limits. If John was known to work in only department B and C, then a this test would be performed to make sure that only one of these departments were listed for him in a payroll report.
(Field check) determines whether characters are appropriate to a field.
|Check digit verification||
used to identify incorrect identification numbers. The digit is generated by applying a logorithm to the ID number. During input, the check digit is recomputed by applying the same algorithm to the entered ID number
|Closed Loop verification||
The display of the amounts entered in an input control that permits visual verification of the accuracy of the input by the operator.
The process of resuming normal information processing operations after the occurance of a major interruption.
the continuation of business by other means during the period in which computer processing is unavailable or less than normal.
|Two major contingencies to plan for||
1st type is power failure, random intrusions such as viruses, and deliberate intrusions such as hacking. PHysical facilities are sound, but immediate action is required to keep normal processing going.
2nd type is more serious. This type is caused by disasters such as floods, fires, hurricanes, earthquakes, etc. These occurance require an alternate processing facility existing.
|Periodic backup and offsite rotation of computer files||
The most basic part of any disaster recovery/business continuity plan.
|Typical backup routine||
Involves duplicating all data files and application programs once a month. Incremental changes are then backed up and taken to the offsite location once a week.
Forms the core contingency planning and involves identifying and prioritizing the organization's critical applications. and determining the minumum recovery time frames and minimum hardware requirement and developing a recovery plan.
Can be guarded against by the purchase of backup electrical generators. They can be programmed to automatically begin running as soon as a dip in the level of electrical current is detected. Especially used in hospitals where 24 hour availability is crucial.
The system must be brought down gracefully to halt the spread of the infection.
|Flood, fire, earthquake,||
Must contract for alternate processing facilities.
|Alternate processing facility||
A physical location maintained by an outside contractor for the express purpose of providing processing facilities for customers in case of disaster.
A fully operational processing facility that is immediately available.
A hot site with the latest data and software that permit startup within a few minutes or even seconds.
a facility with limited hardware, such as communications and networking equipment, already installed but lacking the necessary servers and client terminals.
|Fault tolerant computer systems||
Have additional hardware and software as well as a back up power supply. Has additional chips and disk storage. Used for mission critical applications that cannot afford to suffer downtime.
|High Availability computing||
used for the less critical applications because it provides for a short recovery time rather than the elimination of recovery time.
1. Identifies and prioritizes critical applications
2. Evaluates their organizational impact
3. determines recovery time frames and minimum hardware platform requirements
4. assesses insurance coverage
5. identifies exposures and their implications
6. develops recovery plans.
umbrella term referring to all methods of conducting business electronically. Can include strictly internal communications as well as nonfinancial dealings with outside parties (contract negotiations)
Refers to financial transactions with outside parties, (the purchase and sale of goods and services)
2 basic varieties; B2B business to business and B2C business to consumer
|B2B Business to business commerce||
not limited to EDI and other direct links between businesses but also involves activities within the broader electronic market. Involves working with vendors, distributors, and other businesses over the internet.
2 types of B2B companies; vertical and horizontal
|Vertical B2B company||
work at all levels within an industry and mostly earn their revenues from advertising on specialized sector or from transaction fees from the ecommerce they host.
|Horizontal B2B companies||
Operate across numerous industries. Provide products, goods, materials, or services that are not specific to a particular industry or company.
Reduced purchasing costs- online purchasing saves time and electronic processing simplifies order process
INcreased market efficiency- internet gives easy access for market quotes etc. More likely to find a better price
Greater market intelligence- provides producers with greater insights into the demand levels of any given market
Decreased inventory levels- internet allows for JIT manufacturing techniques.
|e-commerce security issues||
1. correct identification of transacting parties (authentication)
2. Determination of who can make binding agreements (authorization)
3. protecting confidentiality and integrity of info
4. Assuring trustworthiness of listed prices and discounts
5. Providing evidence of tranmission and receipt of docs
6. Guarding against repudiation by sender or recipient
7. Proper extent of verification of pmt data
8. Best method of pmt to avoid wrongdoing or disagreements
9. Lost of duplicated transactions
10. Determining who bears the risk of fraud.
|Responses to security issues in ecommerce||
1. encryption and authentication methods, preferably by secure hardware rather than software.
2. Numerical sequencing to identify missing or false messages
3. The capacity of the host computer to avoid downtime and repel attacks
4. Nonrepudiation methods, such a digital certs, which prove origination and delivery.
5. Adherance to legal requirements
6. Documenting trading agreements, especially the terms of trade and methods of authorization and authentication
7. agreements for end to end security and availibility with providers of info services and value added networks
8. Disclosure by public trading systems of their terms of business.
|EDI Electronic Data Interchange||
the leading method of ecommerce. Involves communication of data in format agreed to by the parties directly from a computer in one entity to another computer in another entity. FOr example, to order goods from a supplier or to transfer funds
Reduction of clerical errors, speed of transactions, and the elimination of repetitive clerical tasks such as document preparation, processing, and mailing.
|Disadvantages of EDI||
Information may be insecure
Data may be lost
Transmissions to trading partners may fail
EDI is less standardized and more costly than internet based commerce, which ordinarily uses XML
EDI requires programming expertise and lease phone lines or use of a value added or third party network.
|Standard concern procedures||
Convert written docs into a standard electronic document-messaging format to facilitate EDI
the procedures for arranging data elements in specified formats for various accounting transactions (invoices, advance shipment notices, etc)
prescibes the meaning of data elements, including specification of each transaction structure
Rules used to determine how each electronic envelope is structured and processed by the communications devices.
|Point to point system||
requires the use of dedicated computers by all parties. each computer must be compatible with the others.
|Value added networks||
Private third party providers of common interfaces between organizations.
Another means of carrying on ecommerce.
rely on the established communications protocols of the internet. So expensive specialized equip needed for EDI is unnecessary.
|EFT Electronic funds transfer||
Service provided by financial institutions worldwide that is based on EDI technology.
|EFTA Electronic Fund Transfer Act of 1978||
Enacted by Congress to regulate electronic banking services.
Primary purpose is to provide disclosure to consumers who use these services.
|Types of EFT services||
ATM, POS, Direct deposit and payment, payment by telephone (PBT)
|EFT Reciepts must include the following||
Date of transaction
Type of transfer
Identity of the account
Identity of any third party from whom or to whom funds are transferred
Location or identification of the electronic terminal involved.
|Monthly EFT Statement must include||
Amt of fees or charges assessed for maintenance
Balances of the accts at beg. and end of period
Address and telephone to be used in case of error
|Reporting EFT errors||
Customers have 60 days after recieving a statement to report errors. The financial institution has 10 days to investigate. If error is found, bank has 1 day to correct it.
|Liability limit (EFT)||
Customers are liable for a max of $50 for unauthorized transfers
Stored-value cards such as phone cards.
Smart cards which contain computer chips
|Disadvantage of electronic money||
MOst types are not covered by the FDIC and rules for EFTs do not extend to electronic money
|Online payment systems (OPS)||
a software application that stores credit card numbers and other personal information and is usually kept on the buyer's computer.
Update and analyze the perpetual inventory records.
Can perform other accounting tasks suchs as crediting revenue accounts and debiting cash, AR and COGS.
Provide marketing info in order to identify trends, make sales forecasts, determine products not in demand, improve customer service, target products and promotions to customers with different demographic traits, and evaluate the effects of promotions and coupons.
|POS Systems also||
Help control liquid assets, facilitate purchasing decisions, minimize costs, record personnel and transactional info about specific customers, process all forms of payment, permit instant price changes, permit integration with internet sales applications.
Is vital technology for the security and therefore the success of electronic commerce, especially with regard to transaction carried out over public networks.
The sender's encryption program encodes the data prior to transmission, then the recipient's program decodes it at the other end. Unauthorized users made be able to intercept data, but cannot decode without the encryption key.
|Two major types of encryption routine are in general use||
Private Key and Public key
|Private key encryption||
or symmetric, is the less secure of the two kinds because there is only one key. The single key must be revealed to both the sender and the recipient.
|Public key encryption||
or asymmetric, is more secure of the two. The public key used by the sender for encoding is widely known, but the related private key used by the recipient for decoding is only known to the recipient.
LIke a post office box. Anyone knows the address and can mail to it, but only the owner has the key to open it.
|Certificate Authority (CA)||
Third party in encryption necessary to issue keys in order for the keys to form a mathematical pair. Verisign is an example of a CA
Another means of authentication used in ecommerce. the CA issues a coded electronic certificate that contains the holder's name, a copy of its public key, a serial number, and exp. date. The certificate verifies the holder's identity.
An encryption technique, not only to keep messages secret, but to verify that it actually originated with the person who is claiming to have sent it. Public key (2 key) encryption is used to achieve this.
|Malicious software (malware)||
May exploit a known hole or weakness in an application or operating system program to evade security measures. This vulernability could be caused by programming errors.
an apparently innocent program that includes a hidden function that may do damage when activated
a program that copies itself from file to file. May destroy data or programs. Commonly spread through email attachments.
Copies itself not from file to file but from computer to computer. OFten very rapidly. Repeated replication overloads a system by depleting memory or overwhelming network traffic capability.
LIke a trojan horse, but only activitate upon some occurance, for instance a certain date.
|Controls to prevent or detect infection||
a. require use of only authorized software
b. adherence to licensing agreements
c. create accoutability for the persons authorized to maintain software
d. require safeguards when data or programs are obtained by means of external media
e. anti virus software should continuously monitor the system for virusing and should be constantly updated
f. software and data should be regualrly reviewed
g. investigation of unauthorized files should be investigated
h. email attachments should be checked
i. procedure should be established for copying either malware.
j. backup plan drafted
k. info about malware should be verified and alerts given
l. be aware of false messages and hoaxes.
attempt access to a system by stealing the passwords of legitimate users and then masquerading as those users.
|Brute force password attack||
uses password cracking software to try large numbers of letter and number combinations to access a network.
Identity misrepresentaion in cyberspace. Example is using a false website to obtain information about people.
use of software to eavesdrop on information sent by a user to the host computer of a website.
|Man in the middle attack||
takes advantage of network packet sniffing and routing and transport protocols to access packets flowing through a network.
|Denial of service attack.||
an attempt to overload a system with messages so that it cannot function.
|Intrusion detection system (IDS)||
detect breaches of an organization's information security regime before they can do damage. Examines user log files and patterns of traffic over the organization's network to catch suspicious activity. Alerts IT personnel who can take appropriate action.
|Rivest, Shamir, Adelman (RSA)||
An encyrption standard licensed to hardware and software vendors. Requires two keys, one that is a public key available to anyone for encrypting messages, and a private key that is known only to the recipient.
A false notice about the existance of a computer virus. It is usually disseminated throught use of distribution lists and is sent by email or via an internal network.
a spider or bot, is a computer program created to access and read information on websites. The results are included as entries in the index of a seach engine.
is so useful that is may justify widespread adoption of a new technology.
|Business Information system||
any combination of people, procedures and computing equipment employed to pursue a business objective
|Stakeholders in a BIS||
those who affect, or are affected by, the output of the information system. They have an interest in the system's effective and efficient functioning. (manager, employees, IT personnel, suppliers and customers)
|Four major tasks of any information system||
The system must acquire data from within or outside of the entity.
Raw materials (data) are converted into knowledge useful for decision making
The ultimate purpose of the system is communicatoin of results to internal or external customers.
before, during and after processing, data must be temporarily or permanently stored, for example, in files or databases.
|Transaction Processing System (TPS)||
Captures fundamental data that reflect the economic life of an organization.
|MIS Management Information System||
Typically receive info from a TPS, aggregates it, then reports it in a format useful by middle management in running the business. Are often classified by function or activity.
Single function management information systems with a limited focus. Are gradually being replaced by integrated systems which link multiple business activities across an org.
A central database for transaction level data from more than one of the org's TPSs. They are very large and require that the transaction records be converted to a standard format. Powerful tool for adhoc inquiries.
Is strictly a query-and-reporting system. Not used to carry out an org's routine operations.
|online analytical processing (OLAP)||
Accesses a data warehouse using analytical and graphics tools. It is a drill down analysis
componant of OLAP in which the user is first presented with the data at an aggregate level and then can display succesive levels of detail for a given date, region, product, etc, until reaching the original transactions.
A subset of an enterprise wide data warehouse. Designed primarily to address a specific function or department's needs. Where a data warehouse is generally meant to address the needs of the entire enterprise.
The search for unexpected relationships between data. Enabled by a data warehouse.
|Decision support system DSS||
an interactive system that is useful in solving semistructured problems. Does NOT automate a decision. It examines the relevant data and presents a manager with choices between alternative courses of action.
those with structured portion (which a computer can solve), and an unstructured portion (which requires the manager's insight and judgment).
|Three basic components of a DSS||
The database, the model, and the dialog.
consists of raw data, that are relevant to the decision. Data can come from both within and outside of the org.
the set of equations, comparisons, graphs, conditions, assumptions, etc, into which the data will be fed in the DSS
teh user interface which allows the user to specify the appropriate model and the particular set of data to which the model should be applied.
|A group DSS||
aids in the collaborative solution of unstructured problems. Users in separate areas of the organization can specify parameters pertinent to their functions.
|Expert System (ES)||
an interactive system that attempts to imitate the reasoning of a human expert in a given field. is useful for addressing unstructured problems when there is a local shortage of human experts.
consists of facts and the relationships among those facts
often a series of if/then decisions.
Allows the user to input data relevant to the current problem, which are then filtered through the inference engine and used to query the knowledge database.
an exploratory problem-solving technique that uses self-education methods to improve performance. Often very interactive and provide explanations of their problem solving behavior.
|Artificial intelligence (AI)||
More sophisticated than expert systems, computer software designed to perceive, reason, and understand. work through a series of if/then questions in which every operation has exactly two possible outcomes (yes/no, on/off)
|Advantages to AI in a business environment||
Can work 24 hours a day
will not get sick or die
are extremely fast processors of data
|Fuzzy logic systems||
a form of AI that deal with imprecise data and problems that have many solutions.. Uses soft linguistic variables (large, hot, cold, tall) and a continuous range of truth values rather than strict binary decisions and assignements. Useful in design of industrial controls, data retrieval, and in systems the user is not intimately familiar with.
a collection of processing elements working together to process information much like the human brain, including learning from previous situations and generalizing concepts
|Case-based reasoning systems||
use a process similar to that used by humans to learn from previous, similar experiences
function on the basis of set rules to arrive at an answer. These cannot be changed by the system itself. THey must be changed by an outside source.
programs that apply a built in or learned knowledge base to execute a specific, repetitive and predictable task, for example; showing a computer user how to perform a task or searching websites for financial information.
|Business Intelligence (BI)||
what gives upper management the information it needs to know where the organization is and how to steer it in the intended direction. BI gives an executive immediate information about an org's critical succes factors.
THe displays of bar graphs, pie charts, column reports, etc, grouped by an exec's particular needs in an BI
|Enterprise Resource Planning (ERP)||
intended to integrate enterprise-wide informatino systems by creating one database linked to all of an org's applications.
|Traditional ERP System||
subsystems share data and coordinate their activities. Thus if marketing recieves an order, it can quickly verify that the inventory is sufficient to notify shipping to process the order.
|Back Office Functions||
the subsystems in a traditional ERP that are internal to the organization. The information produced is usually intended for internal use by the org's managers
Current generation of ERP software with added front office functions which connect the organization with customers suppliers, owner, creditors and strategic allies. Enable supply chain management, customer relationship management, and partner relationship management.
|Types of Major ERP packages||
R/3 from SAP, AG and Oracle e Business Suite, Peoplesoft, and JD Edwards EnterpriseOne, all from Oracle.
|Disadvantages of ERPs||
the extent and complexity which make implementation difficult and costly
|OFfice automation systems (OASs)||
the familiar word processing, spreadsheet, digital doc storage, and desktop publishing applications of most office workers are part of any org's information system technology.
|Information Resources Management (IRM)||
Takes a global view of the information holdings and needs of an organization because of the diverse needs of users.
|Financial Reporting systems||
generate info for use primarily by outside parties, such as investors, regulators and creditors. Commonly in the form of financial statements
Reflects the accounting cycle