In organizations that operate significant nonaccounting information systems, the chief information officer is most likely to report to the ________.
chief executive officer
Developing, operating, and maintaining an organization's computing infrastructure is a major function of the ________ department.
Which of the following is a function of the technology office in an organization's IS department? a. creating new information technologies b. managing computing infrastructure c. investigating new IS technologies d. maintaining existing information systems
investigating new information systems technologies
In the IS department, the ________ group manages computing infrastructure, including individual computers, in-house server farms, networks, and communications media.
Which of the following is true about the "maintenance" of information systems? a. It is performed by operations, as it involves fixing problems with existing software. b. It involves fixing problems or adapting existing systems to support new features. c. It includes monitoring the user experience and responding to user problems. d. It is undertaken by the IS department only if programs are developed in-house.
It involves fixing problems or adapting existing systems to support new features.
In the IS department, the ________ group manages the process of creating new information systems as well as maintaining existing information systems.
If an organization does not develop programs in-house, then the development group of the IS department will be staffed primarily by ________.
business and system analysts
The purpose of the ________ group is to protect data and information assets by establishing data standards and data management practices and policies.
A ________ prepares program documentation, help-text, procedures, job descriptions, and training materials.
The responsibilities of a computer technician include ________.
installing software and repairing networks
The responsibilities of a ________ include advising the chief information officer, executive group, and project managers on emerging technologies.
chief technology officer
Which of the following is true about IS infrastructure?
a. IS applications can be easily changed to meet organizational requirements. b. Changing IS infrastructure is expensive and time-consuming. c. Information systems need to change only when organizations merge. d. Once developed, it is not possible to change IS infrastructure.
changing IS infrastructure is expensive and time consuming
The ________ is the representative for IS and IT issues within the executive staff, providing the IS perspective during discussions of problem solutions, proposals, and new initiatives.
chief information officer
A(n) ________ is a group of senior managers from the major business functions that works with the CIO to set IS priorities and decide among major IS projects and alternatives.
________ is the process of hiring another organization to perform a service.
One of the reasons outsourcing is undertaken is to ________.
cap an organization's financial exposure
Which of the following is true about outsourcing? a. It guarantees a higher level of quality than that provided in-house. b. It saves both direct and indirect management time. c. It increases budgetary instability due to the level of risk involved. d. It creates diseconomies of scale.
it saves both direct and indirect management time
International outsourcing companies like Amazon.com are particularly advantageous as they provide ________.
________ is a form of outsourcing.
acquired licensed software
Which of the following is a form of hardware outsourcing? a. SaaS b. acquiring licensed products c. Web storefronts d. IaaS cloud hosting
IaaS cloud hosting
What is an outsourcing alternative, in which hardware and both operating system and application software are leased?
software as a service
Which of the following is a risk of outsourcing IS/IT functions? a. It gives undue authority to the CIO in the executive team. b. It involves the potential loss of intellectual capital. c. It enables the vendor to gain economies of scale. d. It provides the hiring organization with too many choices.
It involves the potential loss of intellectual capital
As an IS user, you have a right to a secure computing environment. This means that ________.
the organization should protect your computer and its files
Which of the following is a right of users of information systems? a. installing programs and applications of their choice b. receiving effective training according to their requirements c. making hardware modifications when desired d. obtaining the configuration of their choice
receiving effective training according to their requirements
Users should not bother IS personnel for trivial issues, so they have a responsibility to ________.
learn basic computer skills
A ________ is a person or organization that seeks to obtain data or other assets illegally, without the owner's permission and often without the owner's knowledge.
Which of the following is considered a computer crime?
a. internal software bug deleting customer records b. loss of data as a result of flooding c. poorly written programs resulting in data losses d. hacking of information systems
hacking of information systems
________ occurs when someone deceives by pretending to be someone else.
When referring to security threats, pretexting, sniffing, spoofing, and phishing are all examples of ________.
unauthorized data disclosure
A ________ pretends to be a legitimate company and sends an email requesting confidential data, such as account numbers, Social Security numbers, account passwords, and so forth.
Email spoofing is a synonym for ________.
________ is a technique for intercepting computer communications, either through a physical connection to a network or without physical connection in the case of wireless networks.
Which of the following is an example of a sniffing technique?
a. IP spoofing b. adware c. ad blockers d. caches
________ occurs when a person breaks into a network to steal data such as customer lists, product inventory data, employee data, and other proprietary and confidential data.
Which of the following usually happens in a malicious denial-of-service attack?
a. A hacker floods a Web server with millions of bogus service requests. b. A hacker monitors and intercepts wireless traffic at will. c. A hacker uses another site's IP address to masquerade as that other site. d. A phisher pretends to be a legitimate company and requests confidential data.
A hacker floods a Web server with millions of bogus service requests.
________ present the largest risk for an organization's infrastructure loss.
________ are small files that your browser stores on your computer when you visit Web sites and enable you to access Web sites without having to sign in every time.
Which of the following is a critical security function of senior management in an organization?
a. developing IS security software b. safeguarding computer hardware and software c. managing security programs on a real-time basis d. establishing the security policy and managing risk
establishing the security policy and managing risk
The Privacy Act of 1974 provides protection to individuals regarding ________.
records held by the U.S. government
Which of the following was passed to give individuals the right to access their own health data created by doctors and other healthcare providers?
a. Sarbanes-Oxley Act b. Gramm-Leach-Bliley Act c. Privacy Act of 1974 d. HIPAA of 1996
HIPAA of 1996
Which of the following is an example of a technical safeguard?
a. firewalls b. position definitions c. key escrow d. locked down servers
Users of smart cards are required to enter a ________ to be authenticated.
Personal Identification Number
Which of the following is used for biometric authentication?
a. smart cards b. passwords c. facial features d. personal identification numbers
________ is the process of transforming clear text into coded, unintelligible text for secure storage or communication.
Secure Socket Layer is also known as ________.
transport layer security
You are transferring funds online through the Web site of a reputed bank. Which of the following displayed in your browser's address bar will let you know that the bank is using the SSL protocol?
a. www b. https c. http d. .com
A ________ examines each part of a message and determines whether to let that part pass.
________ is the term used to denote viruses, worms and Trojan horses.
What is a major difference between spyware and adware?
Unlike spyware, adware does not perform malicious acts.
In a locked room, maintaining the computers of an organization that run the DBMS is a part of ________.
physical security procedures
________ involve the people and procedure components of information systems.
________ are the primary means of authentication and are important not just for access to a user's computer, but also for authentication to other networks and servers to which the user may have access.
Which of the following is true of information systems?
a. Every business process must include at least one information system. b. Every information system has at least one application. c. Information systems include all business process activities. d. Information systems should be bought off-the-shelf.
Every information system has at least one application.
Which of the following is true for the relationship between business processes and information systems?
a. Information systems incorporate all business process activities, and hence should be developed before business processes. b. Developing information systems before business processes ensures that all activities are considered in the development process. c. Starting from processes and working toward information systems is the best option to anticipate future demands and new business processes. d. A business process need not relate to any information system, but an information system relates to at least one business process.
A business process need not relate to any information system, but an information system relates to at least one business process.
________ are collections of related tasks that receive inputs and produce outputs.
An inventory or a database is an example of a ________, which is defined as a collection of something.
In a business process, a role refers to ________.
a collection of activities
In a business process, resources are ________.
people or computer applications that are assigned to roles
An as-is model ________.
documents the current situation of a business process
Which of the following is an accurate representation of the steps in the business process management cycle?
a. model processes; create components; implement processes; assess results b. model processes; implement processes; assess results; create components c. implement processes; create components; model processes; asses results d. create components; model processes; implement processes; assess results
model processes; create components; implement processes; assess results
The Information Systems Audit and Control Association has created a set of standard practices called ________ that are often used in the assessment stage of the BPM cycle.
________ set the stage for the requirements for any information systems and applications that need to be created or adapted.
Business Process Models
In a BPMN process diagram, all activities for a given role are shown in that role's ________.
The traditional technique for developing information systems is ________.
The systems development life cycle
The first phase of systems development involves ________.
defining the system
The final phase of systems development involves ________.
maintaining the system
The first step in the system definition phase of systems development is to ________.
determine the goals and scope
Once we have defined a project's goals and scope, the immediate next step is to ________.
What are the four dimensions of feasibility?
cost, schedule, technical, and organizational feasibility
Organizational feasibility concerns whether the new system aligns with ________.
If a defined project is determined to be feasible in the SDLC, the immediate next step is to ________.
form the project team
In a ________ installation, the new system runs alongside the old one until it has been tested and is fully operational.
A ________ installation is the riskiest because the old system is shut down and the new system is introduced.
With ________ installation, the organization implements the entire system/business processes on a limited portion of the business.
Fixing a system so that it works correctly, or adapting it to changes in requirements, occurs in the ________ phase of the SDLC.
Project teams create a ________, which is a hierarchy of the tasks required to complete a project.
A ________ involves balancing of three critical factors: requirements, cost, and time.