Information Management
Systems exam preparation
summary
Define the terms information, system, subsystem, and information (management) system
Explain the functionality of the main types of information systems and clarify the difference
between an information system and a computer system
Understand and apply security in the Software Development Life Cycle
Manage the SDLC by applying good practices (e.g., following CMM models, implementing
proper maintenance and change management etc.)
Describe the main software and database development methodologies and how security
controls are involved
Understand and tackle the security challenges introduced by today’s distributed software
environment
Identify the security issues related to the source code of information systems and monitor
the trends in security development, so as to determine which are the most critical source
code-related threats that an organization should anticipate
Decide and implement malware and software protection policies, and be able to assess the
effectiveness of the software security mechanisms implemented
Week 1 Information Management Systems
Define information and explain its difference with data
Define what is system, subsystem, and information system
Describe the characteristics of information and how they relate to the information systems
management
Name the sources of information, and describe the information flow within a hypothetical
information system
Explain the difference between a computer system and an information system
Describe the information system in relation to the value chain
Name the main challenges/responsibilities of the manager that is in charge of applying
information systems changes
Explain the functionality of the 4 main types of information systems
Week 2 Security in the Software Development Life Cycle
Explain how security is included in the Software Development Life Cycle
Name the current threats (in software development) and describe how to detect them
Describe the main phases of the Systems Development Lifecycle
Explain how is security outlined within the aforementioned SDLC phases
Explain the function and purpose of (Capability) Maturity Models
Describe the activities to be taken for proper system operation and system maintenance
Name the steps of the change management process
Week 3 Software related Security Controls
Name and describe the most notable software development methods
Identify the main differences between the waterfall and iterative software development
methodologies
Describe the DBMS architecture
, Name the necessary characteristics that the database model should be able to demonstrate
Describe the state-of-the-art database management models
Explain the four properties that guarantee database transactions to have been reliably
processed
Name the integrity rules that apply to the relational database model
Name the main sublanguages of SQL
Describe the functionality of Database Interface Languages
Explain the security considerations that come along with the new trend of accessing
databases through the Internet
Define the term Data Warehousing
Describe the main database vulnerabilities and threats
Define the term knowledge-based systems
Discuss the additional threats and protection applicable to web application environments
Week 4: Security of the Software Environment
Describe the current software environment and discuss its distributed nature
Assess the security risks brought by the distributed nature of today’s software environments
Explain what is open source software
Define full disclosure in the context of open source software
Name the differences between low-level and high-level programming languages
Name the differences between compiled and interpreted source code
Describe the three main layers of Java Security
Name and explain the main characteristics of object-oriented programming (OOP) and their
relation to security
Name the considerations for the Security Manager, when using distributed object-oriented
systems
Week 5 Security Issues of Programming Languages
Elaborate on the security issues related to the source code of applications
Monitor the trends in security development, so as to determine which are the most critical
source code-related threats that an organization should anticipate
Identify the source code mechanisms that allow for emergency recovery of a system (e.g.,
trapdoors) in a given information system, and determine their impact on security
Explain what is malware
Define the most common types of malware
Determine the severity of infection of each type of malware on a given information system
Week 6 Malware and Software Protection
Enforce a suitable training program for the employees concerning malware protection
Develop generic policies and detailed guidelines to enhance malware protection
Name and describe the main types of antivirus systems, and indicate the corresponding IDSs
that work in a similar manner as each of the antivirus types
Identify the software protection mechanisms that should be enforced in a given information
system, and describe their role and functionality
Define the term Configuration Management
Assess the effectiveness of software security
Conduct risk analysis and mitigation after the implementation of large or small scale system
changes
Systems exam preparation
summary
Define the terms information, system, subsystem, and information (management) system
Explain the functionality of the main types of information systems and clarify the difference
between an information system and a computer system
Understand and apply security in the Software Development Life Cycle
Manage the SDLC by applying good practices (e.g., following CMM models, implementing
proper maintenance and change management etc.)
Describe the main software and database development methodologies and how security
controls are involved
Understand and tackle the security challenges introduced by today’s distributed software
environment
Identify the security issues related to the source code of information systems and monitor
the trends in security development, so as to determine which are the most critical source
code-related threats that an organization should anticipate
Decide and implement malware and software protection policies, and be able to assess the
effectiveness of the software security mechanisms implemented
Week 1 Information Management Systems
Define information and explain its difference with data
Define what is system, subsystem, and information system
Describe the characteristics of information and how they relate to the information systems
management
Name the sources of information, and describe the information flow within a hypothetical
information system
Explain the difference between a computer system and an information system
Describe the information system in relation to the value chain
Name the main challenges/responsibilities of the manager that is in charge of applying
information systems changes
Explain the functionality of the 4 main types of information systems
Week 2 Security in the Software Development Life Cycle
Explain how security is included in the Software Development Life Cycle
Name the current threats (in software development) and describe how to detect them
Describe the main phases of the Systems Development Lifecycle
Explain how is security outlined within the aforementioned SDLC phases
Explain the function and purpose of (Capability) Maturity Models
Describe the activities to be taken for proper system operation and system maintenance
Name the steps of the change management process
Week 3 Software related Security Controls
Name and describe the most notable software development methods
Identify the main differences between the waterfall and iterative software development
methodologies
Describe the DBMS architecture
, Name the necessary characteristics that the database model should be able to demonstrate
Describe the state-of-the-art database management models
Explain the four properties that guarantee database transactions to have been reliably
processed
Name the integrity rules that apply to the relational database model
Name the main sublanguages of SQL
Describe the functionality of Database Interface Languages
Explain the security considerations that come along with the new trend of accessing
databases through the Internet
Define the term Data Warehousing
Describe the main database vulnerabilities and threats
Define the term knowledge-based systems
Discuss the additional threats and protection applicable to web application environments
Week 4: Security of the Software Environment
Describe the current software environment and discuss its distributed nature
Assess the security risks brought by the distributed nature of today’s software environments
Explain what is open source software
Define full disclosure in the context of open source software
Name the differences between low-level and high-level programming languages
Name the differences between compiled and interpreted source code
Describe the three main layers of Java Security
Name and explain the main characteristics of object-oriented programming (OOP) and their
relation to security
Name the considerations for the Security Manager, when using distributed object-oriented
systems
Week 5 Security Issues of Programming Languages
Elaborate on the security issues related to the source code of applications
Monitor the trends in security development, so as to determine which are the most critical
source code-related threats that an organization should anticipate
Identify the source code mechanisms that allow for emergency recovery of a system (e.g.,
trapdoors) in a given information system, and determine their impact on security
Explain what is malware
Define the most common types of malware
Determine the severity of infection of each type of malware on a given information system
Week 6 Malware and Software Protection
Enforce a suitable training program for the employees concerning malware protection
Develop generic policies and detailed guidelines to enhance malware protection
Name and describe the main types of antivirus systems, and indicate the corresponding IDSs
that work in a similar manner as each of the antivirus types
Identify the software protection mechanisms that should be enforced in a given information
system, and describe their role and functionality
Define the term Configuration Management
Assess the effectiveness of software security
Conduct risk analysis and mitigation after the implementation of large or small scale system
changes
