Untitled Flashcards Set

What are the key measures for securing information systems?

Security prevents unauthorized access/damage, and controls protect assets and ensure accuracy.

What are the major vulnerabilities in information systems?

1. Network Accessibility (open networks).

2. Hardware/Software Issues (breakdowns, errors).

3. Disasters/Device Theft (unexpected data loss).

Name two major areas of security challenges and examples for each.

• Internet Vulnerabilities: Open networks, unencrypted data, malicious emails.

• Wireless Security: Rogue access points, war driving, unauthorized access.

What are examples of malicious software (malware)?

Viruses, worms, Trojans, spyware, ransomware, SQL injection, and keyloggers.

How do worms and viruses spread?

Through downloads, email attachments, and social networks.

Differentiate hackers and crackers.

• Hackers: Skilled individuals who explore and improve systems.

• Crackers: Break into systems and bypass security for malicious purposes.

Name common computer crimes.

Identity theft, phishing, cyberterrorism, DDoS attacks.

Why are employees a significant security risk?

They may have insider knowledge, fall victim to social engineering, or lack security training.

What is the impact of a security breach on a business?

Loss of functions, legal liability, and decreased market value.

What are key regulations for securing information systems?

• HIPAA: Medical data security.

• Gramm-Leach-Bliley Act: Customer financial data.

• Sarbanes-Oxley Act: Financial accuracy.

Define electronic evidence and computer forensics.

• Electronic Evidence: Digital data for legal cases.

• Computer Forensics: Analyzing data for legal purposes.

Differentiate between general and application controls.

• General Controls: Hardware, software, data security.

• Application Controls: Input, processing, and output controls for applications.

What is the purpose of risk assessment?

To evaluate risks if certain activities aren't controlled.

What are examples of security policies?

• Security Policy: Ranks risks and sets goals.

• AUP: Defines appropriate resource use.

• Identity Management: Controls user access.

What is the difference between disaster recovery and business continuity?

• Disaster Recovery: Restores disrupted services.

• Business Continuity: Ensures operations continue after a disaster.

What is the purpose of security audits?

To test disaster response and identify control weaknesses.

Name key tools for securing information systems.

Identity management software, firewalls, intrusion detection, antivirus, UTM.

Compare WEP and WPA2.

• WEP: Basic encryption, vulnerable to attacks.

• WPA2: Stronger, dynamic encryption.

What are the types of encryption?

• Symmetric Key: Shared key.

• Public Key: Key pair for secure exchanges.

What ensures 100% system availability?

Fault-tolerant systems with redundant components.

What are key security measures for the cloud and mobile platforms?

Data protection, legal compliance, device management, and encryption.

How is software quality maintained?

Through metrics, early testing, and debugging.

What are the key functions of project management?

Planning, assessing risk, estimating resources, organizing, assigning tasks, reporting, and analyzing results.

What are the 5 major variables in project management?

Scope, time, cost, quality, and risk.

What are the potential consequences of poor project management?

Cost overruns, time slippage, technical shortfalls, and failure to obtain anticipated benefits.

What is the hierarchy for project management in large firms?

• Levels: Senior → Middle → Operational.

• Groups: Corporate strategic planning group, IS steering committee (approves plans), project management group (oversees projects), project team.

What is an information systems plan?

A roadmap identifying projects with the most value, detailing budget, purpose, current situation, strategy, and KPIs.

How does portfolio analysis assess projects?

Evaluates project risk vs. benefit:

• Low risk/low benefit: Routine projects.

• Low risk/high benefit: Develop and prioritize.

• High risk/high benefit: Proceed with caution.

• High risk/low benefit: Avoid.

What is a scoring model used for in project selection?

Assigns weights to multiple criteria to compare and prioritize projects.

What are tangible and intangible benefits of information systems?

• Tangible: Quantified in monetary value (e.g., reduced labor).

• Intangible: Lead to future gains (e.g., better decision-making).

What are capital budgeting models?

Tools for evaluating long-term investments using metrics like ROR, payback method, and net present value.

When is the real options pricing model used?

For projects with high upfront costs and uncertain payback, allowing phased risk assessment.

What is a limitation of financial models?

They do not account for social and organizational dimensions.

What factors influence project risk level?

Size, structure, and technological experience.

Why is change management important in projects?

Change creates resistance; managing it ensures team cohesion and successful adoption of the system.

What is the role of end users in project success?

High involvement ensures systems meet requirements and fosters acceptance.

Why is management support crucial in projects?

Ensures funding, enforces change, and improves user/staff perception.

Why do BPR projects often fail?

Poor implementation, resistance by key managers, and employee concerns about changes.

What risks are associated with mergers and acquisitions?

Integration challenges, system complexity, and organizational change.

What are Gantt charts and PERT used for in project management?

• Gantt Chart: Visualizes task timing and duration.

• PERT: Shows task interrelationships and sequences.

What strategies help overcome user resistance?

User participation, education, training, incentives, and resolving organizational issues.

How does project management software assist projects?

Automates tasks, schedules, and reporting (e.g., Microsoft Project, SaaS tools).

Define digitization, digitalization, and digital transformation.

• Digitization: Encoding analog information into binary for storage, processing, and transmission.

• Digitalization: Using digital tech to transform business operations.

• Digital Transformation: Cultural and operational changes through integrated digital tech across an organization.

What are the 3 sections of the MIT-Capgemini model?

1. Digital Capabilities: Tools and skills for executing digital strategy (e.g., SMACIT, IT-business integration).

2. Customer Experience: Improves customer interactions and satisfaction (e.g., tablets, e-commerce).

3. Operational Process: Enhances internal processes with automation, data integration, and agility.

How does the business model transform in digital transformation?

Innovates the company’s core business model to create new revenue streams (e.g., bricks and clicks, e-commerce platforms).

What are the 4 types of digital maturity in the matrix?

1. Beginners: Low transformation and digital intensity; skeptical management, immature culture.

2. Conservatives: High transformation management, low digital intensity; underdeveloped digital features.

3. Fashionistas: High digital intensity, low transformation management; advanced features but poor coordination.

4. Digirati: High intensity in both; strong vision, digital culture, and initiatives.

What challenges are faced during digital transformation initiation?

Lack of top management impetus, low regulation/reputation, unclear business values.

What challenges arise in DT execution and governance?

• Execution: Missing skills, resistant culture, ineffective IT relationships.

• Governance: Lack of top-down effort, incremental vision, and coordination issues.

What are the 3 key steps for a successful digital transformation?

1. Envision the digital future: Diagnose current and needed digital assets.

2. Invest in digital skills and initiatives.

3. Lead from the top: Engage the organization, communicate, and establish governance.