IT Fundamentals Final Exam

Confidentiality

ensuring data is secure (cannot be
accessed by individuals who do not have adequate
rights)

integrity

ensuring data is correct

Availability

ensuring data is accessible when needed

communication

can the information be communicated
between individuals without others being able to
intercept/access it

hardware

is the information secure, for instance if stored on
a laptop, can anyone access that laptop? Is it encrypted on
the laptop?

software

must ensure that access to the information is done
only once the person has been authenticated as someone
who is allowed to access it

data checking mechanisms

polices on how the data will be used to ensure it is being used as collected

accuracy of collected data

double check the data for accuracy, data modification must be tracked - so that mistakes can be rolled back to previous versions

Y2K

in 1960s-1970s, to reduce memory usage years were stored as 2 digits instead of 4

ex. if born in 1973 and it is 1999 (99-73>=18, no problem)

ex. if born in 1973 and it is 2013 (13-73<18, causes negative age)

Authenticity

ensuring that the parties
communicating are who they say they are –
that is, that the data/information is authentic

Non-repudiation

if a party pays for an item or
service, the other party is legally bound to fulfill
the transaction (perform the action, send the
item)

risk management

identify goals of the organization
• identify information assets of the organization
• enumerate vulnerabilities of those assets
• identify threats that exploit those vulnerabilities
• find solutions
• prioritize the solutions based on the original goals

identifying goals

derived from organization’s mission statement

physical assets

computers, computer networks, people

intellectual property

ideas, products, business strategies

information

data gathered and processed

identify vulnerabilities

computer hardware is vulnerable to fire, water
damage, network based attacks

people are vulnerable to bribes or social engineering

threats

person is exploitable to social engineering attacks, and hired from the organization with a higher salary

server might be threatened by denial of service attack

computer is threatened with an unauthorized access

policies

user access to data is limited based on role within organization, implemented
through account roles
passwords must be strong passwords
employees will be trained against social engineering attacks

actions

install intrusion detection software
install fireproof foam in the building

keep data secure off-site

social engineering

human is weakest link, trick humans by pretending to be someone you are not and asking for secure information

phishing

fake emails and websites, “mocked up” websites that look like real ones but are just facades to secure information through a webcam

insider attacks

bribe a person with access rights to obtain and provide to you secure information

protocol attacks

taking advantage of weaknesses in TCP/IP

software exploits

exploiting flaws in code

intrusions

breaking into accounts, perhaps by guessing people’s passwords

malware

viruses, Trojan horses, worms, spyware

denial of service attacks

Preventing a server from doing its job by flooding it with fake
requests

Flood a server with requests so that it cannot handle all of the requests

solutions

educating / training personnel

strong passwords

polices on IT usage

proper firewall protection

intrusion-detection software

review of log files
encryption & redundancy

digital signatures

programmer

someone who hacks code

white hat hackers

those who do it to promote security, claim they are doing it for good

black hat hackers

those who do it with malicious intent

backups

backup of the file system or at least the important files and maybe done incrementally

RAID

redundant array of inexpensive disks

RAID 0

no redundancy, just distribution of files

RAID 1

Known as mirror, half the drives are a backup

RAID 2

redundancy through Hamming codes, known as stripes data at the bit (rather than block) level

RAID 3

redundancy through parity bits, known as byte-level striping with a dedicated parity disk

Cryptography

placing a message into a coded form

Symmetric (public) key encryption

one key used for both encrypting and decrypting

Asymmetric (private) key encryption

one key used for encrypting (public key), and another for decrypting (private key)

Data encryption standard (DES)

56-bit key size, no longer considered secure

Advanced encryption standard (AES)

uses 128-bit to 256-bit key sizes

database

Organized collection of data that is stored in a central location or in
multiple locations, structured set of data

organized collection of data

Data hierarchy

structure and organization of data involving fields, records, and files

Database management system (DBMS)

Software for creating, storing, maintaining, and accessing database files, combination of software and data made up of a physical database, database engine, and database schema

physical database

collection of files that contain the data

database engine

software that supports access to and modification of the database contents

database schema

specification of the logical structure of the data stored in the database

database query

request to retrieve data from a database

Hierarchical

Implements the "parent-child" relationship

network DBMS

supports many-to-many relations

relational DBMS

defines relationships in form of tables, also known as relations

data items and the relationships among them are organized into tables

Object Oriented Relation DBMS

supports storage of new data types

Distributed Database

consists of two or more files located in different sites

data warehouse

central repository for data, specifically designed for fast query and analysis

constitutes sum total of data collected by or about the organization, processed data (information), processes, business practices, etc

electronic storage of a large amount of data of information by a business or organization

NoSQL database

nonrelational database, allows unstructured and semi-unstructured data to be stored and manipulated

graph database

stores data in terms of entities and relationships between entities

OLTP Database (Online Transaction Processing DB)

speedy, analytic database designed for large numbers of transactions performed by multiple users

category of Data Processing that is focused on transaction-oriented task

OLAP (Online Analytical Processing)

often used to provide Data Analytics from OLTP database to provide
forecasting, budgeting, planning.

for Analytical Processing

schema

defined tables and ‘types’ for the data

relationship

defines how items interact with each other

table

collection of records

records

collection of related fields that make up a single database entry

fields (attributes)

single value in a database record

key

One or more fields of a database record that uniquely identifies it
among all other records in the table

relation

table where data is stored in rows

each row is a record

each column is a field or attribute of the records

collection of records

projections

returns the entire relation(s) but only select fields

obtain specific fields of all records

restrictions

return all fields of select records of the relation(s) based on some criteria

obtain specific records that match some criteria or criterion

join

combine multiple relations together

combine records and fields of multiple relations

inner join

combine relations but only records that appear in all relations

full join

return all records of all relations

left join

return all records of the first relation and all unique records of the other relation(s)

right join

return all records of the last relation and all unique records of the other relation(s)

primary key

field of a relation that is used to uniquely identify each record

Structured Query Language (SQL)

comprehensive relational database language for data manipulation and queries

non-relational database

database that does not use the tabular schema of rows and columns found in most traditional database systems, use a storage model

information

processed data

interpreted data

results of processing data

raw data

accumulated but unorganized findings

inputs

perceptions

intellectual property

human created artifacts

plans and designs

formulas and recipes

books

computer programs

strategies

data

inputs

knowledge

application of information or the synthesis multiple sources of information

wisdom

places knowledge within a social context

relational database

database is made up of relations

query

ask questions of the relation(s)

insert

add a record to a relation

update/modify

update a value of one or more records in a relation

delete

remove records from a relation

set operations

intersection, union, difference

ETL Process

extract data

transform data

load data

extract data

data comes from a large variety of sources

transform data

data from different sources may not “sync up” so data must be transformed to cohere

load data

data gets loaded into a storage facility

slicing

create a meaningful subset by collapsing multidimensional data to one dimension

dicing

create a meaningful subset by without collapsing dimensions

drilling up/down

shifting the view of the data to provide less detail (up) or more detail (down)

rolling up

summarizing data by collapsing collections of data to individual meaningful units

pivoting

changing the perspective of the data

data mining

process of analyzing a large batch of information to discern trends and patterns

nearest neighbors

distance between records x and y