AIS Ch 1,2,5,6

  1. System
    set of 2 or more interrelated components that interact to achieve a goal
  2. Goal Conflict
    subsystem's goals are inconsistent with the goals of another subsystem or with the system as a whole
  3. Goal Congruence
    A subsystem achieves its goals while contributing to the organization's overall gal
  4. Data
    facts collected, recorded, stored, and processed by an information system
  5. Information overload
    exceeding amount of information a human mind can absorb and process, resulting in a decline in decision-making quality and an increase in the cost of providing information
  6. Information technology (IT)
    computers and other electronic devices used to store retrieve, transmit and manipulate data
  7. Value of information
    benefit provided by information less the cost of producing it
  8. 3 Benefits of Value of Information
    • reduce uncertainty
    • improve decisions
    • improve ability to plan and schedule activities
  9. 7 Characteristics Information useful and meaningful
    • Relevant
    • Reliable
    • Complete
    • Timely
    • Understandable
    • Verifiable
    • Accessible
  10. Data Processing Cycle: 4 Steps
    • 1. Data Input
    • 2. Data Storage
    • 3. Data Processing
    • 4. Information Output
  11. Source documents
    documents used to capture transaction data at its source
  12. Turnaround documents
    records of company data sent to an eternal party and then returned to the system as input
  13. Source data automation
    collection of transaction data in machine-readable form at the time and place of origin (ex: point-of-sale terminals and ATMs)
  14. General Ledger
    contains summary-level data for every asset, liability, equity, revenue, and expense account
  15. Subsidiary Ledger
    contains detailed data for any general ledger account with many individual accounts
  16. Control Account
    general ledger account corresponding to a subsidiary ledger; summarizes the total amounts recorded in a subsidiary ledger
  17. Chart of Accounts
    list of the numbers assigned to each general ledger account
  18. General Journal
    record infrequent or non-routine transactions, such as loan payments and end-of-period adjusting and closing entries
  19. Specialized journal
    records large numbers of repetitive transactions such as sales, cash receipts, and cash disbursements
  20. Audit trail
    traceable path of a transaction through a data processing system from point of origin to final output, or backward from final output to point of origin
  21. Entity
    something about which information is stored, such as employees, inventory items, and customers
  22. Attributes
    • characteristics of interest of an entity that is stored in a database (description) 
    • Ex. employee number, pay rate, name, address
  23. Field
    portion of a data record where the data value for a particular attribute is stored
  24. Record
    set of fields whose data values describe specific attributes of an entity
  25. Data value
    actual value stored in a field (describes a particular attribute of an entity)
  26. File
    group of related records
  27. Master file
    permanent file of records that stores cumulative data about an organization (updated to keep current)
  28. Transaction file
    individual business transactions that occur during a specific fiscal period (temporary)
  29. Database
    set of interrelated, centrally coordinated files
  30. 4 Different types of Data Processing
    • Creating new data records
    • Reading, retrieving, or viewing existing data
    • Updating previously stored data
    • Deleting data
  31. Batch processing
    records are usually sorted into some sequence before processing and it is updated periodically
  32. Documents
    records of transaction or other company data (checks/invoices)
  33. Reports
    system output used by employees to control operational activities and by managers to make decisions and to formulate business strategies
  34. Query
    used to provide the information needed to deal with problems and questions that need rapid action or answers
  35. Enterprise Resource Planning (ERP) systems
    integrates all aspects of an organization's activities into one system
  36. Fraud
    • any mean a person uses to gain an unfair advantage over another person
    • false statement, representation, or disclosure
    • material face
    • intent to deceive
    • victim relied on misrepresentation
    • injury or loss was suffered by victim
  37. Misappropriation of assets
    theft of company assets which can include physical assets (cash/inventory) and digital assets (intellectual property)
  38. Fraudulent financial reporting
    • "cooking the books"
    • Example: booking fictitious revenue, overstating assets, etc.
  39. 3 conditions for fraud
    • pressure
    • opportunity
    • rationalize
  40. Computer fraud
    computer is used to commit fraud
  41. Hacking
    unauthorized access, modification, or use of an electronic device or some element of a computer
  42. Hijacking
    gaining control of a computer to carry out illicit activities
  43. Botnet
    (robot network): powerful network of hijacked computers used to attack systems or spread malware
  44. Zombies
    hijacked computers
  45. Bot herders
    person who creates botnet
  46. Denial of Service (DoS) Attack
    attacker sends so many email bombs to overload the server and server shuts down
  47. Spamming
    sending the same unsolicited message to many people, often in an attempt to sell them something
  48. Dictionary attacks
    (direct harvesting attacks): guess company email addresses and send them blank email messages; unread msgs are valid email
  49. Splog
    spam blogs created to increase a website's Google PageRank, which is how often a web page is referenced by other web pages
  50. Spoofing
    altering some part of an electric communication to make it look as if someone else sent the communication in order to gain the trust of the recipient
  51. Email spoofing
    making a sender address and other parts of an email header appear as though the email originated from a different source
  52. Caller ID Spoofing
    displaing an incorrect number on the recipient's caller ID display to hid the caller's identity
  53. IP Address Spoofing
    creating internet Protocol packets with a forged IP address to hide the sender's identity or to impersonate another computer system (most frequently used in DoS attacks)
  54. Address Resolution Protocol (ARP) spoofing
    sending fake ARP messages to an Ethernet LAN
  55. MAC address (Media Access Control)
    hardware address that uniquely identifies each node on a network
  56. SMS spoofing
    using short message service to change the name or number a text message appears to come from
  57. Web page spoofing
  58. DNS spoofing
    sniffing the ID of a Domain Name System request and replying before the real DNS server
  59. zero-day attack
    attack between the time a new software vulnerability is discovered and "released it into the wild" and the time a software developer releases a patch to fix the problem
  60. Patch
    code released by software developers that fixes a particular software vulerability
  61. Cross-site scripting (XSS)
    vulnerability in dynamic web pages that allows an attacker to bypass a browser's security mechanisms and instruct the victim's browser to execute code, thinking it came from the desired website
  62. buffer overflow attack
    amount of data entered into a program is greater than the amount of the input buffer.  Input overflow overwrites the next computer instruction, causing the system to crash.  Hackers exploit this by crafting the input so that the overflow contains code that tells the computer what to do next. This code could open a back door into the system
  63. SQL Injection (insertion) attack
    inserting a malicious SQL query in input such that it is passed to and executed by an application program. This allows a hacker to convince the application to run SQL code that it was not intended to execute
  64. Man-in-the-middle (MITM)
    hacker placing himself between a client and a host to intercept communications between them
  65. Masquerading
    (impersonating): pretending to be an authorized user
  66. Piggybacking
    • clandestine use of a neighbor's Wi-Fi network
    • tapping into a communications line and electronically latching onto a legitimate user before the user enters a secure system
    • unauthorized person following an authorized person through a secure door, bypassing physical security controls
  67. Password cracking
    intruder penetrates a system's defense, steals the file containing valid passwords, decrypts them, and uses them to gain access to programs, files, and data
  68. War dialing
    program a computer to dial thousands of phone lines searching for dial-up modem lines
  69. War driving
    driving around looking for unprotected home or corporate wireless networks
  70. War rocketing
    using rockets to let loose wireless access points attached to parachutes that detect unsecured wireless networks
  71. Phreaking
    attacking phone systems to obtain free phone line access, use phone lines to transmit malware, and to access,s teal, and destroy data
  72. Data diddling
    changing data before or during entry into a computer system in order to delete, alter, add, or incorrectly update key system data
  73. Data leakage
    unauthorized copying of company data, often without leaving any indication that it was copied
  74. Podslurping
    using a small device with storage capacity (iPod, flash drive) to download unauthorized data from a computer
  75. Salami technique
    stealing tiny slices of money from many different accounts
  76. Round-down fraud
    instructing the computer to round down all interest calculations to two decimal places and that round down cent is put into the programmer's account
  77. Economic espionage
    theft of information, trade secrets, and intellectual property
  78. cyber-extortion
    threatening to harm a company or a person if a specified amount of money is not paid
  79. Internet terrorism
    using the Internet to disrupt electronic commerce and harm computers and communications
  80. Internet misinformation
    using the Internet to spread false or misleading information
  81. email threats
    threats sent to victims by email (usually follow up action)
  82. Internet auction fraud
    using an internet auction site to defraud another person
  83. Internet pump-and-dump
    using Internet to pump up the price of a stock and then sell it
  84. Click Fraud
    Manipulating the number of times an ad is clicked on to inflate advertising bills
  85. web cramming
    offering a free website for a month, developing a worthless website ,and charging the phone bill of the people who accept the offer for months, whether they want to continue using the websites or not
  86. Software piracy
    unauthorized copying or distribution of copyrighted software
  87. Social engineering
    tricks to get people to comply with the perpetrator's wishes in order to gain physical or logical access to a building, computer, server, or network
  88. pretexting
    using an invented scenario that creates legitimacy to the target's mind in order to increase the likelihood that a victim will divulge information or do something
  89. posing
    creating a seemingly legitimate business, collecting personal information while making a sale, and never delivering the product
  90. Phishing
    sending electronic message pretending to be a legitimate company, usually a financial institution, and requesting information or verification of information and often warning of a consequence if it is not provided. The request is bogus, and the information gathered is used to commit identity theft or to steal funds from the victim's account
  91. vishing
    voice phishing
  92. carding
    activities performed on stolen credit cards, including making a small online purchase to determine whether the card is still valid and buying and selling stolen credit card numbers
  93. pharming
    redirecting website traffic to a spoofed website
  94. evil twin
    wireless network with the same name as a legitimate wireless access point
  95. Typosquatting/URL hijacking
    setting up similarly named websites so that users making typographical errors when entering a website name are sent to an invalid site
  96. QR barcode replacements
    fraudsters cover valid Quick Response codes with stickers containing a replacement QR code to fool people into going to an unintended site that infects their phones with malware
  97. tabnapping
    secretly changing an already open browser tab in order to capture user IDs and passwords when the victim logs back into the site
  98. scavenging/dumpster diving
    searching documents and records to gain access to confidential information
  99. shoulder surfing
    perpetrators look over a person's shoulders in a public place to get information such as ATM PIN numbers or user IDs and passwords
  100. Lebanese spoofing
    perpetrator inserts a sleeve into an ATM that prevents the ATM from ejecting the card
  101. Skimming
    double-swiping a credit card in a legitimate terminal or covertly swiping a credit card in a small, hidden, handheld card reader that records credit card data for later use
  102. Chipping
    posing as a service engineer and planting a small chip that records transaction data in a legitimate credit card reader
  103. Eavesdropping
    listening to private communications or tapping into data transmissions
  104. Malware
    any software that is used to do harm
  105. spyware
    software that secretly monitors computer usage, collects personal information about users, and sends it to someone else, often without the computer user's permission
  106. Adware
    spyware that can pop banner ads on a monitor, collect information about the user's web-surfing and spending habits, and forward it to the adware creator
  107. torpedo software
    software that destroys competing malware (malware warfare)
  108. scareware
    software that is often malicious and is sold using scare tactics
  109. Ransomware
    encrypts programs and data until a ransom is paid to remove it
  110. Keylogger
    software records computer activity, such as key strokes, email sent and received, and websites visited
  111. Trojan horse
    set of malicious computer instructions in an authorized and otherwise properly functioning program
  112. Time bombs and logic bombs
    Trojan horses that lie idle until triggered by a specified date or time that destroys program or data
  113. Trap door/back door
    set of computer instructions that allows a user to bypass the system's normal controls
  114. Packet sniffers
    capture data from information packets as they travel over networks
  115. Steganography program
    merge confidential information with a seemingly harmless file, password protect the file, send it anywhere in the world, where the file is unlocked and the confidential information is reassembled. The host file can still be heard or viewed because humans are not sensitive enough to pick up the slight decrease in image or sound quality
  116. Rootkit
    conceals processes, files, network connections, memory addresses, systems utility programs, and system data from the operating systems and other programs
  117. Superzapping
    unauthorized use of special system programs to bypass regular system controls and perform illegal acts, all without leaving an audit trail
  118. virus
    segment of self-replicating, executable code that attaches itself to a file or program
  119. worm
    it is a program rather than a code segment hidden in the host program
  120. bluesnarfing
    stealing contact lists, images, and other data using flaws in Bluetooth applications
  121. Bluebugging
    taking control of someone else's phone to make or listen to calls, send or read text messages, connect to the Internet, forward the victim's calls, and call numbers that charge fees
Card Set
AIS Ch 1,2,5,6