S2 - Information Systems and Data Management

The physical components that comprise computers, computer-realted equipment, and external peripheral devices

Computer Hardware

Electronic machines, typically computers or microcomputers, that directly interact with employees or consumers at the “edge” of a network

End-user devices

Examples of non-end user devices

Switches, routers, servers, other network support devices

Facilities and safeguards on such facilities that contain hardware

Infrastructure housing

Traditional hardware found in most networks

Modems, routers, switches, gatewats, edge-enabled devices, servers, firewalls

Connect a network to an internet service provider’s network

Modems

Manage network traffic by connecting devices to form a network

Routers

Connect and divide devices within a computer network

Switches

A computer or device that acts as an intermediary between different networks

Gateways

Allow computing, storage, and networking functions closer to the devices’ source of the data or system requests

Edge-enabled devices

Physical or virtual machines that coordinate the computers, programs, and data that are part of the network

Servers

Software applications or hardware devices that protect a person’s or a company’s network traffic by filtering it through security protocols with predefined rules

Firewalls

Seven Layers responsible for specific data exchange functions in the Open System Interconnection (OSI) model

Physical, Data link, network, transport, session, persentation, application

Local-Area Networks, Wide-Area networks, Software-defined Wide Area Networks, Virtual Private Networks, Demilitarized Zone

Network Architecture Designs

Three Primary Cloud Computing Models and the respective levels of controls associated with each model

Iaas (More control), Paas (Medium Control), Saas (less)

The publication provides specific guidance to organizations for applying the COSO framework to cloud computing. In general, an organization must integrate the governance of cloud computing into its overall risk management strategy

COSO Enterprise Risk Management for Cloud Computing

Cross-functional systems that support different business functions and facilitate the integration of information across department such as accounting, customer management, finance, human resources, inventory management, manufacturing, marketing and vendor management. An ERP may include accounting information system (AIS) capabilities while being more robust than a standalone AIS and integrated with other departments

Enterprise Resource Planning Systems

Three subsystems that make up an AIS

Transaction processing system, financial reporting system, management reporting system

Revenue and cash collection, purchasing and disbursement, human resources and payroll, production, fixed assets, treasury, general ledger and reporting

Common transaction cycels within an accounting department

Four broad areas of process improvements that can enhance accounting information system performances

Automation, shared services, outsourcing, offshore operations

A system’s ability to initiate and complete transactions so that they are valid, accurate, completed timely, and authorized to meet an organization’s objective

Processing Integrity

A properly designed control that either:

• does not operate as designed

• is performed by a person who lacks authority or competence to perform the control effectively

Deficiency in the operation of a control

Assess the risks, identify mission-critical applications and data, develop a plan for handling the mission-critical applications, determine the responsibilities of the personnel involved in disaster recovery, test the disaster recovery plan

Common steps in a disaster recovery plan

Located off-site, connections are in place, equipment is not in place, typically takes 1-3 days to be operational, and is the cheapest

Cold site

Located off-site, connections are/are not in place, equipment is/is not in place, typically takes 0-3 days to be operational, and is moderately expensive

Warm Site

Located off-site, connections are in place, equipment is in place, typically immediate to be operational, and it the most expensive

Hot site

Failure of IT infrastructure, insufficient capacity and resources, lack of business resiliency

Common system availability risks

Physical controls, IT infrastructure controls, uninterrupted power supply, redundancy, system backup

System availability controls

The policies, procedures, and resources employed to govern change in an organization

Change management

Five forms of computing environment

Development, testing, staging, production, disaster recovery

Three examples of risks that exist pertaining to the selection and acquisition of software

Lack of expertise, lack of a formal selection process, software/hardware vulnerability and compatibility

User resistance, lack of management support, lack of stakeholder support, resource concerns, business disruptions, lack of system integration

Integration risks during change management process

Lack of organizational knowledge, uncertainty of the third’s party’s knowledge and management, lack of security

Outsourcing risks during the change management process

Establish acceptance criteria, analyze logs, evaluate the results, monitor, test using continuous adoption

Procedures to test change management controls

Different teams of employees performing separate tasks in sequence, with:

• each team beginning work from the rpe-written authoritative agreement of the preceding team

• ending work when ther euqiremnts for the team have been met

Waterfall model

Different teams working on different phases or task simulatneously, with shorter deadlines to encourage efficiency. Relative to the waterfall model,a more flexible approach to change management

Agile model

Different conversion methods for converting a computer systems to another system

Direct method, parallel method, pilot method, phased method, hybrid method

System test during the development process

Unit Testing, Integration testing, System testing, acceptance testing

Examining the smallest increment, or unit of an application

Unit Testing

Examining if different components or modules within an application will work cohesively

Integration Testing

Verifying that all combined modules of a completed application work as designed in totality

System Testing

Assessing an application to determine whether it meets end-user requirements

Acceptance testing

Eight steps of data life cycle

Definition, capture, preparation, synthesis, analytics and usage, publication, archival, purging

Remove unnecessary headings or subtotals, clean leading zeros and non printable characters, format negative numbers, identify and correct inconsistencies across data, address inconsistent data types

Cleaning data

When data already exists, whether internal or external, the data must be extracted from its original sources, transformed into useful information, and loaded into the tool you choose to use for analysis.

Extract, transform, load data collection method

Directly asking users fro data through means such as a survey or an interview

Active Data Collection Method

Interactions occur involving the collection of data without direct permission from users

Passive data collection method

Repository of transactional data from multiple sources and is often an interim areas between a data source and data warehouses

Operational Data Store

Large data repositories that are centralized and sued for reporting and analysis rather than for transactional purposes

Data warehouses

Similar to data warehouse but more focused on a specific purpose and is often a subset of a data warehouse

Data mart

Repository similar to a data warehouse but contains both structured and unstructured data, with data mostly beign in its natural or raw format

Data lake

Store data across a series of related tables. Storing data in a normalized database helps to reasonably assure that data is complete, not redundant, and that business rules and internal controls are enforced

Relational databases

Data elements associated with relational databses?

Tables, attributes, records, fields, data types, keys

An attribute required in every table to help solidify that each row in the table is unique

Primary key

The combination of more than one attribute to uniquely identify each record in the table

Composite Primary key

Attributes in one table that are also primary keys in another table

Foreign keys

High-level of design of the data structures in an information system

Data model

Actual implementation and execution of that design in a specific relational database

Database schema

Forms in the normalization of data to eliminate redundant data and ensure data is stored logically

First normal form, second normal form, third normal form

Two common types of schemas for dimensional modeling

Star schema, snowflake schema

Central fact table with associated dimension tables surrounding it

Star schema

Similar to star schema, but with dimension tables further normalized. The dimension tables are broken down into multiple related tables rather than a single table

Snowflake schema

Language specific words used in SQL queries intended for data extraction

SQL Commands

References to table names, attribute names, or criteria

Database elements

Command is required as the first clause in most SQL queries. Indicate which attributes are requested to view

SELECT SQL Command

Command is required as the second clause. Indicates which table the attribute(s) requested to SELECT are located in.

FROM SQL command

Command is used to filter results, command [attribute] = [criteria]

WHERE SQL Command

Clauses are required to indicate the second table and how the second table is related to the primary tables (via the related primary key and foreign key)

JOIN and ON SQL Commands

Showcase how many organizations are involved in a given process in BPMN activity models

Pools

More granular than pools, indicating the segregation of duties within an organization in BPMN activity models

Swim lanes

Describe the appropriate order of SQL Commands

Select, from, join, where, group by, having, order by, limit