CISB FINAL EXAM REVIEW: Modules 12-14

Database

a collection of related data that is stored and organized in a manner enabling information to be retrieved from the DB as needed.

Entity

a person, place, or thing (for example, customer, order, product) an
organization wants to store data about

Advantages of Databases

-Reduced Data Redundancy

-Improved data integrity

-Shared Data

-Easier Access

-Reduced Development Time

Database Administrator (DBA)

The person responsible for managing an organization’s
database. Responsibilities include assigning and updating user access, creating and/or modifying table data, monitoring DB performance, creating database backups and data security.

Database Management System (DBMS)

Program that allows users to create a database and
then add, delete, modify, and query data within the database

Popular DBMS

Access, MySQL, Oracle, SQL Server

Front-end

User-friendly interface that enables users to enter, change and retrieve data from the back-end database. In a web app the front-end is created using HTML, CSS and JavaScript (or other scripting language)

Back-end

includes the server containing the DBMS and the data itself. For data integrity and security reasons, only database designers and DBAs interact directly with the DBMS.

Table

A collection of fields, organized into rows and columns. and looks like an Excel spreadsheet.

Query

extracts data from a database based on specified criteria, or conditions, for one or more fields located in one or more tables.

Report

way of retrieving and displaying data from the tables in a customized format. Can contain images and provide much of the same formatting capabilities as word processing program.

Form

provides an easy-to-use data entry screen that hides all the other records in a table so the user only sees the fields of one record at a tim

Data Dictionary

keeps track of the “definitions” (such as field properties) of all the table structures within a DB. A data dictionary improves the data integrity of a database because it does not allow a user to enter invalid data into the database tables called data validation.

Data Definition

describes the properties of the data that go into each DB table

Data Validation

making sure you can put valid data into the database tables

Primary Key

unique identifier for a record in a database table. It ensures that each row has a distinct value, preventing duplicates and null value.

Foreign Key

Any field in one table that is a primary key in another table

SQL

standard language used by all relational DBMS to add,
delete, modify, and query information from a database. SQL has industry standard commands:
• The Insert command is used to add data to a table
• The Delete command is used to delete a record from the table
• The Update command is used to modify data in a table
• The Select command is used to query data from one or more tables

Middleware

software that acts as a bridge between the database and applications, enabling communication, data processing, and management functions like authentication, transaction handling, and API interactions.

Big data

Refers to diverse data (tweets, facebook posts, websites, pictures, videos, phone records, etc.) that is not structured in a way that enables it to be stored in a traditional database.

Alphabetic/Numeric Check

ensures that users enter only alphabetic data into a field. A ___ ensures that users enter only numeric data into a field.

Range Check

determines whether a number is within a specified range.

Consistency Check

tests the data in two or more associated fields to ensure that the relationship is logical and their data is in the correct format.

Completeness Check

verifies that a required field contains data.

Check Digit

is a number(s) or character(s) that is appended to or inserted in a primary key value.

s a number added at the end of an ID or code to help catch mistakes when entering data into a database.

Database Security Strategies

• Require strong passwords and minimal access privileges for database users.

• Store database servers in secure, locked rooms.

• Filter all access requests through a firewall to block hackers.

• Encrypt sensitive data to prevent unauthorized access.

• Automate daily backups to ensure data security.

• Maintain a tested recovery plan for emergencies.

Digital Security Risk

any event or action that could cause a loss of or damage to computer hardware, software, data and/or processing capability

Computer Crime

is any illegal act involving the use of a computer

Hacker

are people who access a computer or network illegally

Zombie

a computer that is being controlled remotely by a hacker without the knowledge of the computer's owner.

botnet

is a group of zombies that are used to attack other networks.

backdoor

software that allows a user to bypass security controls when accessing a computer. When hackers gain access to a computer they often install, which allows them to continue to access the computer remotely without the user's knowledge

Spoofing

when a hacker tries to make an email or website look legitimate in order to trick
the user into downloading malware or providing confidential information

Malware

are programs created by hackers that harm the computer's
operations.

Virus

software that is attached to a data file, program file, or email message. Can delete files, erase the hard drive, slow system performance, display screen messages, and/or send emails to everyone in your address book

Trojan Horse

malicious program that is disguised as (or within) a legitimate program. When the program is run, it executes whatever malicious code the hacker has written. Cannot duplicate itself

Denial of Service Attack

Program that floods a web server or network server with so many
requests for action that it or can no longer handle legitimate requests

Spyware

A program that is installed on a computer without the user’s knowledge. Secretly gathers information about the user (Web site activity and/or keystrokes) and transmits it back to the person who created it

Ransomware

A program that encrypts the victim’s data so it is not accessible. The hacker demands the victim to pay a ransom (in untraceable bitcoins) in order to have their data restored

Encryption

codes data into a form that is unreadable to an unauthorized party

VPN

enables mobile users to have a secure connection to
an organization's network. It uses software installed on both the company server and the user's computer to encrypt data sent remotely over the Internet

digital signature

an encrypted code that a person, website or organization attaches to an electronic message to verify the identity of the message sender

disaster recovery plan

lists the actions an organization should take if a natural or
mad-made disaster occurs to their computer system

ethics

are the moral guidelines that govern the use of computers, mobile devices and information systems.

computer code of conduct

users of their computers are required to
follow. Written guidelines that define what actions are allowed and not allowed when using an organization's computers and network

green computing

means considering the environment by reducing electricity and environmental waste.

cookie

a small text file that is created and stored in a cookie folder on your hard drive by a Web server to identify return visitors and their preferences.

adware

a program that displays unwanted, online advertisements in a banner, pop-up window or other location on the computer screen.

Five Strategies to protect from a Malware Attack

• Use antivirus software to scan emails, messages, and downloads for malware.

• Enable a firewall to block suspicious incoming data and prevent cyberattacks.

• Download software and files only from trusted websites.

• Avoid sharing external storage devices between computers to prevent infections.

• Only open email attachments from known senders; avoid files with risky extensions like .exe, .com, .bat, or .vbs.

• Keep software up to date by regularly installing security patches for your operating system, browser, email, and antivirus programs.

• Avoid peer-to-peer site downloads to reduce exposure to malware.

• Back up your data regularly to protect against loss.

Unauthorized Access

occurs when a person gains access to a computer or network without permission.

Unauthorized Use

involves using a computer resource for unauthorized (and possibly illegal) activities

Five strategies to protect a device from unauthorized access and unauthorized use

• Require employees to log in with usernames and passwords, granting access only to necessary files and programs.

• Enforce strong passwords (at least 8 characters with symbols, numbers, and letters) and require frequent password changes. Remove access when an employee leaves.

• Set clear rules for computer use with an acceptable use policy (AUP).

• Disable file and print sharing to prevent unauthorized access.

• Use firewalls to block hackers and scan incoming messages for threats.

• Require users to enter CAPTCHA codes to prevent automated logins.

• Implement access control with magnetic cards, badges, or biometric devices (fingerprint, eye, or voice recognition).

• Use two-step verification (e.g., password + a texted code) for extra security

Five strategies to protect against information theft.

• Encrypt sensitive data to keep it secure from unauthorized access.

• Use a VPN for secure remote connections.

• Digital signatures verify message authenticity.

• Digital certificates confirm website legitimacy.

• HTTPS encryption protects online data exchange.

• Trust cloud providers like Microsoft & Amazon for security.

Three strategies to protect against hardware theft and vandalism

• Secure hardware like servers, routers, and switches in locked, unmarked rooms with magnetic badge access.

• Use surveillance cameras and alarms to detect unauthorized entry or temperature issues.

• Physically lock computers and equipment to prevent tampering or theft.

• Install device tracking software on mobile computers for location monitoring and recovery.

Five strategies to protect against hardware failure

• Protect hardware with surge suppressors and UPS devices to prevent damage from electrical surges or power outages.

• Back up all critical data on secure cloud storage and fireproof/offsite locations to prevent data loss.

• Use redundant systems (multiple CPUs, hard drives, and NICs) to ensure continuous operation during failures.

• Prevent overheating and physical damage by avoiding extreme temperatures, soft surfaces, and liquid exposure near computers.

• Develop a disaster recovery plan outlining evacuation procedures, backup locations, insurance details, and steps to restore operations after a disaster.

Five things that should be part of a disaster recovery plan

1. Risk Assessment – Identify potential threats and their impact.

2. Emergency Response – Outline immediate actions to protect people and assets.

3. Data Backup & Recovery – Ensure secure backups and restoration procedures.

4. Redundant Systems – Maintain backup infrastructure for seamless operations.

5. Communication Plan – Establish clear protocols for notifying employees and stakeholders.

Five Wireless Security Strategies

• Change default WAP passwords for security.

• Keep WAPs locked away to prevent unauthorized access.

• Disable SSID broadcast to hide the network.

• Use WPA3 encryption to secure wireless data.

• Restrict device access with MAC address filtering.

• Limit signal range to reduce exposure if possible.

1st Step every web developer follows when creating a web site

Designing it’s layout

2nd Step every web developer follows when creating a web site

Deciding upon the content for each web page

3rd Step every web developer follows when creating a web site

Typing the HTML code into a text editor (or uses a web-authoring tool to do so)

4th Step every web developer follows when creating a web site

Publishing Site to Web Server

Web Flowchart

illustrates the design of the entire website by using geometric shapes to represent each web page and lines to indicate the links between web pages

Web Page Layout

illustrates the type, location and size of the content on each web page.

Text Editor

similar to a word processing program, but it lacks most text formatting features and it saves files in a text format

Code Editor

is a type of text editor that has additional features such as displaying different types of html code in different colors and adding indenting and line spacing to improve code readability.

Web-authoring Software

simplifies Web development by enabling individuals to create Web
pages without writing HTML code.

Content Management System

a web publishing tool that manages the publishing, modifications, organization, and access to web resource

HTML

the primary language used to create Web pages. uses tags to inform the browser where Web page content (headings, paragraphs, images) will appear and how it will appear.

Cascading Style Sheets (CSS)

often used within a web page to specify the fonts, colors, layout
and placement of HTML elements on a webpage.

Javascript

a scripting language that enables the web page to generate content and allows a user to interact with a web page.

Hyperlink

s text or a graphic within a web page that, when clicked, navigates to another web page or performs some other action

Types of Multimedia

Text, Graphics, Animation, Audio, Video

HTML Tag

are elements used to structure and format content on web pages. They are enclosed in angle brackets (< >) and usually come in pairs: an opening tag () and a closing tag

Title

<title>

Body

<body>

Heading

<h1> to <h6>

Paragraph

<p>

Image

<img>

List

<ul>

Common Guidelines for creating accessible pages

• Use alt tags for images, videos, and audio to help visually impaired users.

• Provide text transcripts for video/audio to assist hearing-impaired users.

• Specify the site’s language in the header for better text reader support.

• Use high-contrast colors and avoid confusing color combinations for color-blind users.