ISB Exam 1

Start Studying!

Terms

undefined, object

copy deck

Personal Information Network: Created by cooperation of
1)Digital devices
2)Wired/Wireless networks we access
3)Web-based tools for finding information and communicating and collaborating with other people
Examples of Personal movable information network: Cell Phone
Multifunction watch
Heart/respiration monitor
Laptop
Management Information Systems: (MIS) Planning, development, management and use of IT (information tech) to perform tasks related to information processing and management
Information Technology: (IT) computer based tools that people use to work with information and support information processes
Business Process: Collection of related activities that produce a product or a service of value to the organization, its business partners, and/or its customers
Business process managment: management technique that includes methods and tools to support the design, analysis, implementation, management, and optimization of business processes
Knowledge: Data and/or information organized and processed to convey understanding , experience, accumulated learning and expertise as they apply to a current problem or activity
Information system links: Data -> Information -> Knowledge -> Wisdom ->?
Information Technology Architecture: High-level map or plan of the information assets in an organization which guides current operations and is a blueprint for future directions
Information Technology Infrastructure.: The physical facilities, IT components, IT services and IT management that support an entire organization
IT components: Hardware, software, telecommunications and networks, and wireless communications
IT services: consist of data management, managing security and risk, and systems development
IT personnel: They use "IT components" to produce "IT services"
IT platform: synonymous with IT components
Stages of Globalization: Globalization 1.0 (1492-1800)
Globalization 2.0 (1800-2000)
Globalization 3.0 (2000-Present)
Globalization 3.0: 2000 â€“ now

World is now tiny (everyone is everyone elseâ€™s close neighbor)

Competitive playing field is being leveled

Key agent of change: software, in conjunction with the global fiber-optic network, and wireless technology

Enabling people to collaborate and compete globally
Thomas Friedman's Ten Flattners: Fall of the Berlin Wall
Netscape goes public
Development of work-flow software
Uploading
Outsourcing
Off shoring
Supple Chaining
In sourcing
Informing
The steroids
Fall of the Berlin Wall: 11/9/1989

Shift of the world to a free market

Led to the rise of the European Union
Netscape goes Public: Popularized the World Wide Web
Workflow Software: Enabling computer applications to work with one another without human intervention.

Enabling faster, closer collaboration and coordination among employees, regardless of their location
Uploading: Empowered individuals to create content and make it visible

Led the transition from a passive Web to a participatory collaborative web
Outsourcing: Contracting an outside company to perform specific functions that your company was doing itself and then integrating their work into your operation.
Offshoring: relocating an entire operation, or just certain tasks, to another country
Supply chaining: The creation of networks of communication between companies, suppliers and customers to collaborate, share information and increase efficiency.
Insourcing: the delegating of jobs within a business to another company that specializes in that job.
Like dell hiring FedEx to ship their products
Informing: the ability to search for information (Search Engine)
Virtual: the process of shaping, manipulating and transmitting digitized content can be done at very high speeds so that users do not have to think about these processes
Great Convergence: 1) cheap and ubiquitous computing devices
2) low-cost, high bandwidth
3) Open standards
Business Pressure: The business environment is the combination of social, legal, economic, physical and political factors that affect business activities. Significant changes in any of these factor are likely to create business pressure on the organization.

Market
Technology
Societal
Market Pressures: The global economy and strong competition

The changing nature of the workforce

Powerful customers
Technology Pressures: Technological innovation and obsolescence

Information Overload
Customer Focus: is the difference between attracting and keeping customers by providing superb customer service to losing them to competitors.
Make-to-order: strategy of producing customized products and services
chapter 2 opening case: Johnnys Lunch and Pitney Bowes Mapinfo

(johnnys lunch = restaurant)
(Pitnet Bowes = company that maps out human traffic in a area to help companies figure out best location)
Computer-based information system (CBIS): CBIS uses computer technology to perform some or all of their tasks and are composed of:
Hardware
Software
Database
Network
Procedures
People
Hardware: device such as a processor, monitor,keyboard or printer
Software: program or collection of programs that enable hardware to process data
Database: is a collection of related files or tables containing data
Network: is a connecting system (wireline or wireless) that permits different computers to share resources
Procedures: set of instructions about how to combine the above components in order to process information and generate the desired output
people: are those individuals who use the hardware/software, interface with it, or uses its output
Capabilities of Information Systems: perform high speed high volume numerical computations

provide fast accurate communication and collaboration within and among organizations

store huge amounts of information in small space
allow quick inexpensive access to vast amounts of information worldwide

interpret vast amounts of data quickly and efficiently

Increase effectiveness and efficiency of people working in groups in one place or around the world

automate semiautomatic business process and manual tasks
Application program: computer program designed to support a specific task, a business process or another program
Breadth of support of information systems: Functional area information systems

Enterprise resource planning systems

Transaction processing systems

Interorganizatonal information systems
Information systems support for organization employees: Office automation systems

functional area information systems

Business intelligence systems

Expert systems

Dashboards
High threat of entry of new competition: when it is easy to enter a market
low threat of entry of new competiton: when significant barriers to entry exist
Barrier to entry: produce or service feature that customers expect from organization in a certain industry
bargaining power of suppliers is high: when buyers have few choices
bargaining power of suppliers of low: when buyers have many choices
bargaining power of buyer is high: when buyer have many choices
bargaining power of buyer is low: when buyers have few choices
threat of substitute products or service is high: when that are many substitutes for an organizations products or service
threat of substitute products or services are low: when there are few substitutes
Primary activites: those business activites that relate to the production and distribution of the firm's products and services, thus creating value for which customers are willing to pay.

ex. inbound logistics, operations, outbound logistics, marketing and sales, and customer service
support activities: support primary activites.
ex. accounting, finance, management, human resources management, product and technology development, and procurement
Cost Leadership: Produce products/services at the lowest cost in the industry
Differentation: offer different products, services or product features
Innovation: Introduce new products and services, add new features to existing products and services or develop new ways to produce them - Citi bank first ATMS
Operational Effectiveness: Improve the manner in which internal business processes are executed so that a firm performs similar activities better than its rivals
Customer orientation: Concentrate on making customers happy
Why are information systems important to organization and society?: IT will reduce the number of middle managers

IT will change the manager's job

IT impacts employees at work

IT provides quality of live improvements
Ergonomic Products: Wrist support
Back support
Eye-protection filter
Adjustable foot rest
1950's IT resources were managed by whom?: Information systems department (ISD) managed all of the computing resources
Role of IS department: The ISD is responsible for corporate level and shared resources and for using IT to solve end users business problems.

End users are responsible for their own computing resources and departmental resources.

ISD and end users work together as partners to manage the IT resources
Traditional major IS functions: Managing systems development and systems project management

Managing computer operations

Staffing, training, developing IS skills

Providing technical services

Infrastructure planning, development control
New IS functions: Initiating and designing strategic information systems

Incorporating the internet and e-commerce into the business

Managing system integration

Educating non-IS managers about IT

Educating IS staff about the business

Supporting end-user computing

Partnering with executives

Managing outsourcing

Innovate

Ally with vendors and IS departments in other organizations
Ethics: branch of philosophy that deals with what is considered to be right and wrong
Code of Ethics: a collection of principles that are intended to guide decision making by members of an organization
Responsibility: you accept the consequences of your decisions and actions
Accountability: means a determination of who is responsible for actions that were taken
Liability: is a legal concept meaning that individuals have the right to recover the damages done to them by other individuals, organizations, or systems.
Privacy Issues: Collecting, storing and disseminating information about individuals
Accuracy Issues: Involve the authenticity, fidelity and accuracy of information that is collected and processed.
Property Issues: involve the ownership and value of information
Accessibility Issues: revolve around who should have access to information and whether they should have to pay for this access
Privacy: is the right to be left alone and to be free of unreasonable personal intrusions
Data aggregators: Companies that collect public data (ex, real estate, telephone numbers)
and non public data (ex, ssn, financial data, police records, motor vehicle records) and integrate them to produce digital dossiers.
Digital dossier: electronic description of you and your habits
Profiling: process of creating a digital dossier
Electronic Surveillance: tracking of people's activites, online or offline, with the aid of computers.
Sense through the wall: Technology by Oceanit, allows you to see if anyone is in a building, prior to entering, by detecting a person's heartbeat/respiration
Personal Information in Databases: Information about individuals is being kept in databases, ex banks, utilities co. govt. agencies
Social Networking sites: include electronic discussions such as chat rooms, ex facebook, twitter, linkedin
Blog: Informal, personal journal that is frequently updated and intended for general public reading
Privacy Codes and Policies: An organization's guidelines with respect to protecting the privacy of customers, clients and employees
Opt out model: informed consent permits the company to collect personal information until the customer specifically requests that the data not be collected.
Opt in model: informed consent means that organizations are prohibited from collecting any personal information unless the customer specifically authorizes it
International aspects of privacy: privacy issues that international organizations and governments face when information spans countries and jurisdictions
Untrusted network: is any network external to your organization
Downstream liability: occuers when Company A's systems are attacked and taken over by the perpetrator. Company A's systems are then used to attack Company B. Company A could be sued successfully by Company B, if Company A cannot prove that it exercised due diligence in securing its systems.
Due diligence: means that a company takes all necessary security precautions, as judged by commonly accepted best practices
Unmanaged devices: those outside control of the IT department
ex. devices in hotel business centers, customer computers, computers in restaurants like Mcdonalds, Panera.
Lack of management support: takes many forms: insufficient funding, technological obsolesence, lack of attention.
Threat: any danger to which a system, possessing information resources, may be exposed
exposure: is the harm, loss or damage that can result if a threat compromises the information resource
System vulnerability: possibility that the system will suffer harm by a threat
Risk: the likelihood that a threat will occur
Information system controls: the procedures, devices, or software aimed at preventing a compromise to the system
Categories of threats to information systems: Unintentional acts

Natural disasters

Technical failures

Management failures

Deliberate acts
Unintentional Acts: Human errors

Deviation in quality of service by service providers

Environmental hazards
Human Errors: Tailgating

Shoulder surfing

Carelessness with laptops and portable computing devices

Opening questionable e-mails

Careless Internet surfing

Poor password selection and use
Shoulder surfing: occurs when the attacker watched another person's computer screen over that person's shoulder. Particularly dangerous in public areas such as airports, commuter trains, and on airplanes
Social engineering: an attack where the attacker uses social skills to trick a legitmate employee into providing confidential company information such as passwords

typically unintentional human error on the part of an employee, but it is the result of a deliberate action on the part of an attacker
Competitive intelligence: consists of legal information gathering techniques
Industrial espionage: crosses the legal boundary
Intellectual property: property created by individuals or corporation which is protected under trade secret, patent and copyright laws
Trade secret: Intellectual work such as a business plan, that is a company secret and is not based on public information
Patent: Document that grants the holder exclusive rights on an invention or process for 20 years
Copyright: Statutory grant that provides creators of intellectual property with ownership of the property for life of the creator plus 70 years
Piracy: copying a software program without making payment to the owner
Virus: segment of computer code that performs malicious actions by attaching to another computer program
Worm: segment of computer code that performs malicious actions and will spread by itself without requiring another program
Trojan hourse: computer program that hides in another computer program and reveals its designated behavior only when it is activated
Logic bomb: segment of computer code that is embedded inside an organizations existing computer programs and is designed to activate and perform a destructive action at a certain time or date
Phishing attacks: use deception to acquire sensitive personal information by masquerading as official-looking-emails or instant messages
destributed denial of service attack: attacker first takes over many computers, these computers called zombies or bots, together these bots form a botnet
Spyware: collects personal information about users without their consent
Keystroke loggers: record your keystrokes and your web browsing history
Screen scrapers: record a continuous movie of what you do on a screen
Spamware: is alien software that is designed to use your computer as a launchpad for spammers
Spam: unsolicited email
Cookies: small amounts of information that websites store on your computer
Supervisory control and data acquistion (SCADA): large scale, distributed, measurement and control system

link between electronic world and the physical world
Risk management: to identify, control and minimize the impact of threats
Risk analysis: to assess the value of each asset being protected, estimate the probability it might be compromised, and compare the probable costs of it being compromised with the cost of protecting it.
Risk mitigation: when the organization takes concrete actions against risk

1) implement controls to prevent identified threats from occurring

2) developing a means of recovery should the threat become a reality.
Risk acceptance: Accept the potential risk, continue operating with no controls and absorb any damages that occur.
Risk limitation: Limit the risk by implementing controls that minimize the impact of threat
Risk transference: transfer the risk by using other means to compensate for the loss, such as purchasing insurance.
Physical controls: Physical protection of computer facilities and resources
Access controls: Restriction of unauthorized user access to computer resources; use biometrics and passwords controls for user id.
Communication (network) controls: protect the movement of data across networks and include border security controls, authentication and authorization
Application controls: protect specific applications
Authentication: Major objective is proof of identity
Biometrics: Something the user is, access controls examine a user's innate physical characteristics, ex fingerprint, eye ball
Something the user has: access controls include ID cards, smart cards, and tokens
Something the user does: Voice and signature recognition
Something the user knows: access controls include passwords and passphrases.
Password is a private combination of characters that only the user should know. A passphrase is a series of characters that is longer than a password but can be memorized easiy
Authorization: Permission issued to individuals and groups to do certain activities with information resources, based on verified id.
Privilege: collection of related computer system operations that can be performed by users of the system
Least privilege: principle that users be granted the privilege for some activity only if there is a justifiable need to grant this authorization.
Fire walls: System that enforces access-control policy between two networks
Anti-malware systems: Anti virus software

software packages that attempt to identify and eliminate viruses, worms and other malicious software.
Whitelisting: process in which a company identifies the software that it will allow to run and does not try to recognize malware
blacklisting: process in which a company allows all software to run unless it is on the blacklist
Intrusion detection systems: designed to detect all types of malicious network traffic and computer usage that cannot be detected by a firewall
Encryption: process of converting an original message into a form that cannot be read by anyone except the intended receiver
Demilitarized zone: DMS located between two firewalls, the DMZ contains company servers that typically handle web page requests and email
Digital certificate: an electronic document attached to a file certifying that the file is from the organization that it claims to be from and has not been modified from its original format
Certificate authorities: are trusted intermediaries between 2 organizations, issue digital certificates
Virtual private network: private network that uses a public network ( usually internet) to connect users
Secure socket layer (SSL): SSL now called transport layer security (TLS) is an encryption standard used for secure transactions such as credit card purchases and online banking.
Vulnerability management systems: Security on demand

extend the security perimeter that exists for the organizations managed devices, to unmanaged, remote devices
Employee monitoring systems: monitor employees computers, email activities, and internet surfing
Tunneling: encrypts each data packet that is sent and places each encrypted packet inside another packet
Hot site: fully configured computer facility with all services communications links, and physical plant operations
Warm site: provides many of the same services and options of the hot site, but it typically does not include the actual applications the company runs
Cold site: provides only rudimentary services and facilities and so does not supply computer hardware or user workstations
Information systems auditing: independent or unbiased observers task to ensure that information systems work properly
Audit: examination of information systems, their inputs, outputs and processing
Types of auditors and audits: Internal
External
Internal audit: performed by corporate internal auditors
External audits: reviews internal audit as well as the inputs, processing and outputs of information systems
Auditing around the computer: means verifying processing by checking for known outputs or specific inputs
Auditing through the computer: means inputs, outputs and processing are checked
Auditing with the computer: means using a combination of client data, auditor software, and client and auditor hardware

Start Studying!

Deck Info

Number of cards 167

Created By kimlongtrieu93