T/F: Systems development involves four of the five components of information systems.

Information systems are never off-the-shelf, unlike software.

Systems development is primarily a technical task for programmers and hardware designers.

In most cases, companies will purchase off-the-shelf information systems.

Maintenance of the information system means adapting it to new requirements.

Maintenance of the information system means the same as operation.

It is not unusual for information system projects to be 200-300 percent over budget.

SDLC moves a project from systems definition through multiple phases until it reaches system maintenance.

It is not unusual for information system projects to be 200-300 percent over budget.

The three dimensions of feasibility are cost, schedule, and technical feasibility.

A project buy-in is limited to cost estimates and is not related to the project schedule.

Technical feasibility refers to the likelihood that existing technology will be able to meet the

needs of the system.

Systems analysts are IT professionals who understand both business and technology.

The most important systems development task for future users is to communicate proper information requirements.

The basic idea of RAD is to break up the design and implementation phases of the SDLC into smaller chunks.

JAD stands for Joint Application Design.

CASE tools are good for creating prototypes.

CASE tools have a repository for system documentation, but cannot help with actually generating program code.

The basic idea of a CASE tool is to use a computer system to help develop other computer programs and systems.

It is usually not a good management practice to involve users in testing new systems.

It is very important that business users take responsibility for the success of new systems rather than IS personnel.

Managing outsourcing relationships is one of the major functions of the information systems department.

Downloading audio music files is one of the major functions of the information systems department.

A common title for the principal manager of the IS department is Chief Systems Officer.

In some organizations, the CIO reports to the COO, though most often directly to the CEO.

The responsibilities of the CIO are the same as the CTO.

It makes sense for the CIO to report to the CFO if the primary function of the IS department is to support accounting and finance activities.

The development group manages the process of creating and maintaining information systems.

The operations group exists in organizations that have negotiated outsourcing agreements with other IS companies.

IS departments have different goals and objectives than IT departments.

The most important planning issue for the IS department is to make sure that the systems are aligned with the organizational strategy.

IS infrastructures are easily changed as the organization’s strategy and needs change.

It is important that a company considering a merger or acquisition addresses the issues surrounding how the systems of each of the companies will be integrated.

The structure of the organization should be reflected in the structure of the IS infrastructure.

It is usually acceptable with the IS department if every computer user to have their own individual configuration for their hardware and software.

Most IS departments have developed three or four different standard system configurations for their users.

Good IS departments maintain a prioritized queue for resolving user problems.

A network manager is usually responsible for the help desk function.

A computer center manager is usually responsible for the network technicians.

All development processes are variations of the theme of requirements, design, and

implementation.

Legacy systems usually require special maintenance teams and activities to keep them running.

A legacy system is one that uses the most up-to-date technology and provides a unique competitive advantage for the organization.

EAI requires that developers create primary layers of software.

Data administration and database administration are basically the same functions.

Sustaining-application developers work on new applications.

Data standards, such as the name, official definition, usage, version, and format are part of the metadata.

Data standards are definitions for items stored in your computer.

A data dictionary is a database of data definitions.

Data policies are almost all the same at every company.

One of the most common reasons to outsource is cost reduction.

Acquiring licensed software is a form of outsourcing.

When outsourcing, a company does not have to worry about loss of proprietary information.

Your organization cannot be held responsible for mismanagement by a company that you

outsourced work to.

Employers cannot monitor your Web surfing and email activity while you are at work.

Outsourcing IS functions usually solves all the prior IS problems.

When you outsource your IS functions, the firm that was hired frequently turns around and hires many of your former IS department employees to staff the outsourcing contract.

An example of a human mistake is an employee entering the wrong data into an account.

A driver loses control of his vehicle, slamming it into and through the building, destroying

the server room, destroying the computer equipment. This is an example of human error.

A forest fire burns through your building, destroying everything. This is an example of

human mistakes.

Unauthorized data disclosures can occur from malicious human activity.

Phishing is when someone sends an email pretending to be a legitimate company and asking for confidential data, such as account numbers.

Spoofing is a technique for intercepting computer communications.

Drive-by spoofers take computers with wireless connections through an area and search for unprotected wireless networks.

Phishers will copy almost all of a legitimate Web site in order to make their email seem real.

People who intentionally gain unauthorized access to computer systems are called hackers.

Denial of service always occurs because of malicious attacks on the system.

When a hacker floods a Web server with millions of bogus service requests so that it cannot service legitimate requests, this is called a denial of service attack.

Any action, device, procedure, technique, or other measure that reduces a system’s vulnerability to a threat is a safeguard.

The IT department sets the security policy for an organization.

Uncertainty is the likelihood of an adverse occurrence.

Risk management can only be approximated because of uncertainty.

The Privacy Act of 1974 gives individuals the right to access health data.

Vulnerabilities in a security system are weaknesses.

Biometric authentication has been around for some time, and because of weaknesses are not likely to see much usage in the future.

Technical safeguards involve the hardware and software components of an information system.

Despite warnings, users have a tendency to write their passwords on sticky notes next to the computer.

Encryption is one of several technical safeguards.

You should never send sensitive data over the Internet unless you see https:// in the browser’s address bar.

A perimeter firewall sits inside the organizational network.

A firewall is a computing device that prevents unauthorized access to a network.

Viruses and worms are malware.

Most anti-malware programs check email attachments for malware code.

Care must be taken when terminating employees because they may take harmful and malicious actions.

Following a disaster, hot sites provide office space, but customers themselves must come and provide and install the equipment needed to continue operations.

Backup facilities are inexpensive, so every company should have one.

Organizations need a rehearsed incident-response plan in place.

Viruses and worms don’t spread very quickly so it is essential to move cautiously when one is discovered by someone in your organization.

the database administratior will administer data standards for the entire company