Business 4 covers organizational needs assessment, systems design and other elements, security,
internet implications for business, types of information systems and technology risks, and disaster
recovery and business continuity.
The Content Specification Outline assigns a range of 15 to 19 percent to this area on the Business exam.
III. SECURITY
B. The threats in a computerized environment include viruses, worms, Trojan horses, denial-of
service attacks, and phishing.
C. The steps in risk assessment are to identify the threats; to evaluate the threats in terms of the
probability of occurrence; to evaluate the exposure, in terms of potential loss, from each threat; to
identify the controls that could guard against the threats; to evaluate the costs and benefits of
implementing the controls; and to implement the controls that are cost effective.
D. Access controls limit access to program documentation, data files, programs, and computer
hardware to those who require it in the performance of their job responsibilities.
C. A database management system (DBMS) is technically not a database, but instead a separate
computer program that allows an organization to create new databases and then use and work with
the contained data. The four main functions of DBMS are database development, database query,
database maintenance, and application development.
D. A network is a group of interconnected computers, terminals, communication channels,
communication processors, and communication software. Local area networks (LANs) allow shared
resources (software, hardware, and data) among computers within a limited area. Wide area
networks (WANs) allow national and international communications.