Module 42

  1. Router
    a communications interface device that connects 2 networks and determines the best way for data packets to move forward to their destinations.
  2. Bridge
    a device that divides a LAN into 2 segments, selectively forwarding traffic across the network boundry it defines.
  3. Switch
    a device that channels incoming data from any of multiple input ports to the specific output port that will take the data toward its intended destination.
  4. Structured Query Language
    The most common language used for creating and querying relational databases - commands may be classified into 3 types: DDL, DML, and DCL.
  5. Data Definition Language (DDL)
    Used to define a database, including creating, altering, and deleting tables and establishing various constraints.
  6. Data Manipulation Language (DML)
    Commands used to maintain and query a database including updating, inserting, modifying, and querying.(joining of info from more than one table)
  7. Data Control Language (DCL)
    Commands used to control a database, including controlling which users have various privileges.
  8. Local Area Network (LAN)
    Privately owned networks w/in a single building or campus of up to a few miles in size.
  9. Wide Area Network (WAN)
    Networks that span a large geographical area, often a country or continent. Composed of a collection of computers and other hardware and software for running user programs.
  10. Metropolitan Area Network (MAN)
    A larger version of LAN - for example, it might include a group of nearby offices w/in a City.
  11. Internet
    an international collection of networks made up of independently owned computers that operate as a large computing network. Primary applications: 1) email 2) news dissemination 3) remote log in of computers 4) file trsf among computers 5) electronic commerce.
  12. Firewall
    A method for protecting an organizations computers & info from outsiders. Consists of security algorithums & router communications protocals that prevent outsiders from tapping into corporate database & email systems.
  13. Gateway
    A communication of hardware and software that links to different types of networks.
  14. Proxy Server
    A server that saves & serves copies of web pages to those who request them. Can both increase efficiency of internet operations & help assure data security.
  15. Bulletin Board
    A computer system that functions as a centralized info source and message switching system for users w/particular interest.
  16. Intranet
    A local network, usually limited to an organization that uses internet-based technology to communicate w/in the org.
  17. Extranet
    Similar to an intranet, but includes an org's external customers and/or suppliers in the network.
  18. End-User Computing (EUC)
    Decentralized system. The end user is responsible for the development and execution of the computer application that generates the info used by the same end user.
  19. Risks Involved when EUC
    • (1) End-user applications are not always adequately tested
    • (2) More client personnel need to understand control concepts
    • (3) Mgmt often does not review the results of applications appropriately
    • (4) Old/existing applications may not be updated for current applicability and accuracy
  20. 5 Areas of Risk Associated w/ Electronic Commerce
    • 1) Security
    • 2) Availability
    • 3) Processing integrity
    • 4) Online privacy
    • 5) Confidentiality
  21. Advantages of Point-to-Point Communication between trading partners:
    • 1) no reliance on 3rd parties
    • 2) org controls who has access
    • 3) Org can enforce proprietary software stds in dealing w/ all trading partners
    • 4) Timeliness of delivery may be improved
  22. Disadvantages of Point-to-Point Communication between Trading Partners:
    • 1) Must establish connection w/ each trading partner
    • 2) High initial cost
    • 3) Computer scheduling issues
    • 4) Need for common protocals between partners
    • 5) Need for software & hardware compatibility
  23. Value Added Network (VAN)
    Privately owned network that routes the EDI transactions between trading partners and in many cases provides translation, storage and other processing.
  24. Advantages of VAN used between Trading Partners:
    • 1) Reduces communication & data protocal problems
    • 2) Do no have to establish point-to-point connections
    • 3) Reduces scheduling problems
    • 4) In some cases, VAN translates application to a std format
    • 5) VAN can provide increased security
  25. Disadvantages of VAN used between Trading Partners:
    • 1) Cost
    • 2) Dependence upon VAN's systems and controls
    • 3) Possible loss of data confidentiality
  26. Advantage of Public Networks used between Trading Partners:
    • 1) Avoids cost of proprietary lines
    • 2) Avoids cost of VAN
    • 3) Directly communicates transactions
    • 4) Sofware is beng developed which will allow communication between differing systems
  27. Disadvantages of Public Networks used between Trading Partners:
    • 1) Possible loss of data confidentiality
    • 2) Computer/transmission disruption
    • 3) Hackers and Viruses
    • 4) Attempted electronic frauds
  28. Segregation of Duties in a Computerized Environment
    an attempt must be made to segregate the programming, operations and library functions.
  29. Mainframe Computers
    Largest and most powerful computers available @ a particular point in time. Generally used to store & process extremely large computer databases.
  30. Disaster Recovery Plan
    • 1) Minimize extent of disruption, damage and loss
    • 2) Establish an alternative method for processing data
    • 3) Resume normal operations as quickly as possible
    • 4) Train and familiarize personnel to perform emergency operations.
  31. Asynchronous Modems
    handle data streams from peripheral devices to a central processor
  32. Cryptographic Devices
    protect data in transmission over communication lines
  33. Compiler
    produces a machine language object program from a source program language
  34. User Control Activities to Test Completeness & Accuracy of Computer-Processed Controls
    • 1) Checks of computer output against source docs, control totals to provide assurance that financial reporting systems and control activities have operated effectively
    • 2) Reviewing computer processing logs to determine computer jobs executed properly
    • 3) Maintaining proper procedures & communications specifying authorized recipients of output
  35. Why is user acceptance testing more important in object-oriented development process than in a traditional environment?
    because all objects in a class inherit the properties of the hierarchy, which means that changes to one object may affect other objects, which increases the importance of user acceptance testing to verify correct functioning of the whole system.
  36. Enterprise Resource Planning (ERP)
    Enterprise-wide computerized info systems that connect all functional areas w/in an organization. Designed as relatively complete info system "suites" for large and medium sized orgs. (ie. PeopleSoft). Also facilitated supply chain management by connecting the firm electronically to its suppliers and customers.
  37. Materials Requirement Planning (MRP)
    a computerized system that manufactures finished goods based on demand forecasts. "Push through" system.
  38. Input Validation (Edit) Controls
    Preprinted form; check digit; control/batch or proof total; hash total; record count; limit test; menu driven input; field check; validity check; missing data check; field size check; logic check; redundant data check; closed-loop verification.
  39. Output Controls
    • 1) Review of the computer processing logs to ensure that data is accurate and complete.
    • 2) Periodic reconciliation of output reports to ensure accurate and complete data
    • 3) Maintaining formal procedures and documentation specifying authorized recipients is an output control to ensure proper distribution
  40. Program Change Control
    • 1) Maintaining records of change authoriztions, code changes and test results
    • 2) Adhering to a systems development methodology
    • 3) Authorizing changeovers of subsidiary and headquarter interfaces, and
    • 4) Restricting access to authorized source and executable codes
Card Set
Module 42
Information Technology