T14:Please match each term with the most appropriate definition. You will be given one attempt. No time limit. Best motivation for starting BPM Essential element of all BPM projects Focuses on eliminating waste How an organization competes in its markets Internal control purpose associated with BPM Must be defined before starting a BPM project Often used in , but not essential to, BPM Should be frequent in BPM Should be reduced or eliminated Should be used cautiously in BPM A. Boundaries B. Strategy C. Stakeholders' needs D. People E. Non-value-added activities F. Communication G. Consultants H. Information technology I. Efficiency J. Activity-based management CoBIT information criteria Match each element on the right with the most appropriate definition. Answer Appropriate information is provided for management to operate the entity. Sensitive information is protected from unauthorized disclosure. The information complies with externally imposed business criteria. The information is available when required by the business process. The information is delivered in a timely, correct, consistent and usable manner. The information is in accordance with business values. The information is provided through the optimal use of resources. A. Reliability B. Compliance C. Efficiency D. Effectiveness E. Integrity F. Confidentiality G. Availability Internal control taxonomy Match the items below with the most appropriate IT control taxonomy presented in the text. Answer Conflict of interest policies Content blocking programs Mandatory password rotation Monthly security reports Regular internal audits Silent alarms Spam controls Sprinkler systems Spyware protection Uninterruptible power supplies A. Administrative controls B. Physical controls C. Technical controls Business risks and threats Match the activity with the risk and threat. Answer A cashier receives inadequate training and gives a customer too much change. A corporate spy sells information about new products to a firm's competitors. A cyber-criminal threatens to disable an air traffic control system unless he is provided with a flight out of the country. A data entry clerk increases prices by ten percent when inputting invoice data. A group of hackers bombard an information system with requests for information, preventing other users from accessing the system. A hacker introduces a virus in an information system. A restaurant waiter sells a customer's credit card number to a friend. A systems designer uses a secret password to bypass control added by the client. Because of a power outage, payroll checks are processed two days late. A. Information manipulation B. Information theft C. Disclosure of confidental information D. Error E. Service interruptions and delays F. Denial of service attack G. Extortion H. Malicious software I. Intrusions Types of computer criminals Identify the type of computer criminal described in each of the following cases. Answer Could disrupt power grids, telecommunications and transportation systems. Have been getting into spamming, phishing and extortion. Inexperienced hacker who uses tools written by others to attack systems. Possess advanced skills and have turned to hacking for the money. Someone who invades an information system for malicious purposes. Take advantage of computer intrusion techniques to gather information. The largest threat to a company's information systems. A. Organized crime B. Corporate spy C. Cyber-criminal D. Terrorist E. Script kiddie F. Hacker G. Insider