ISB Exam 1
Terms
undefined, object
copy deck
- Personal Information Network
-
Created by cooperation of
1)Digital devices
2)Wired/Wireless networks we access
3)Web-based tools for finding information and communicating and collaborating with other people - Examples of Personal movable information network
-
Cell Phone
Multifunction watch
Heart/respiration monitor
Laptop - Management Information Systems
- (MIS) Planning, development, management and use of IT (information tech) to perform tasks related to information processing and management
- Information Technology
- (IT) computer based tools that people use to work with information and support information processes
- Business Process
- Collection of related activities that produce a product or a service of value to the organization, its business partners, and/or its customers
- Business process managment
- management technique that includes methods and tools to support the design, analysis, implementation, management, and optimization of business processes
- Knowledge
- Data and/or information organized and processed to convey understanding , experience, accumulated learning and expertise as they apply to a current problem or activity
- Information system links
- Data -> Information -> Knowledge -> Wisdom ->?
- Information Technology Architecture
- High-level map or plan of the information assets in an organization which guides current operations and is a blueprint for future directions
- Information Technology Infrastructure.
- The physical facilities, IT components, IT services and IT management that support an entire organization
- IT components
- Hardware, software, telecommunications and networks, and wireless communications
- IT services
- consist of data management, managing security and risk, and systems development
- IT personnel
- They use "IT components" to produce "IT services"
- IT platform
- synonymous with IT components
- Stages of Globalization
-
Globalization 1.0 (1492-1800)
Globalization 2.0 (1800-2000)
Globalization 3.0 (2000-Present) - Globalization 3.0
-
2000 – now
World is now tiny (everyone is everyone else’s close neighbor)
Competitive playing field is being leveled
Key agent of change: software, in conjunction with the global fiber-optic network, and wireless technology
Enabling people to collaborate and compete globally
- Thomas Friedman's Ten Flattners
-
Fall of the Berlin Wall
Netscape goes public
Development of work-flow software
Uploading
Outsourcing
Off shoring
Supple Chaining
In sourcing
Informing
The steroids - Fall of the Berlin Wall
-
11/9/1989
Shift of the world to a free market
Led to the rise of the European Union - Netscape goes Public
- Popularized the World Wide Web
- Workflow Software
-
Enabling computer applications to work with one another without human intervention.
Enabling faster, closer collaboration and coordination among employees, regardless of their location - Uploading
-
Empowered individuals to create content and make it visible
Led the transition from a passive Web to a participatory collaborative web - Outsourcing
- Contracting an outside company to perform specific functions that your company was doing itself and then integrating their work into your operation.
- Offshoring
- relocating an entire operation, or just certain tasks, to another country
- Supply chaining
- The creation of networks of communication between companies, suppliers and customers to collaborate, share information and increase efficiency.
- Insourcing
-
the delegating of jobs within a business to another company that specializes in that job.
Like dell hiring FedEx to ship their products - Informing
- the ability to search for information (Search Engine)
- Virtual
- the process of shaping, manipulating and transmitting digitized content can be done at very high speeds so that users do not have to think about these processes
- Great Convergence
-
1) cheap and ubiquitous computing devices
2) low-cost, high bandwidth
3) Open standards - Business Pressure
-
The business environment is the combination of social, legal, economic, physical and political factors that affect business activities. Significant changes in any of these factor are likely to create business pressure on the organization.
Market
Technology
Societal - Market Pressures
-
The global economy and strong competition
The changing nature of the workforce
Powerful customers - Technology Pressures
-
Technological innovation and obsolescence
Information Overload - Customer Focus
- is the difference between attracting and keeping customers by providing superb customer service to losing them to competitors.
- Make-to-order
- strategy of producing customized products and services
- chapter 2 opening case
-
Johnnys Lunch and Pitney Bowes Mapinfo
(johnnys lunch = restaurant)
(Pitnet Bowes = company that maps out human traffic in a area to help companies figure out best location) - Computer-based information system (CBIS)
-
CBIS uses computer technology to perform some or all of their tasks and are composed of:
Hardware
Software
Database
Network
Procedures
People - Hardware
- device such as a processor, monitor,keyboard or printer
- Software
- program or collection of programs that enable hardware to process data
- Database
- is a collection of related files or tables containing data
- Network
- is a connecting system (wireline or wireless) that permits different computers to share resources
- Procedures
- set of instructions about how to combine the above components in order to process information and generate the desired output
- people
- are those individuals who use the hardware/software, interface with it, or uses its output
- Capabilities of Information Systems
-
perform high speed high volume numerical computations
provide fast accurate communication and collaboration within and among organizations
store huge amounts of information in small space
allow quick inexpensive access to vast amounts of information worldwide
interpret vast amounts of data quickly and efficiently
Increase effectiveness and efficiency of people working in groups in one place or around the world
automate semiautomatic business process and manual tasks - Application program
- computer program designed to support a specific task, a business process or another program
- Breadth of support of information systems
-
Functional area information systems
Enterprise resource planning systems
Transaction processing systems
Interorganizatonal information systems - Information systems support for organization employees
-
Office automation systems
functional area information systems
Business intelligence systems
Expert systems
Dashboards
- High threat of entry of new competition
- when it is easy to enter a market
- low threat of entry of new competiton
- when significant barriers to entry exist
- Barrier to entry
- produce or service feature that customers expect from organization in a certain industry
- bargaining power of suppliers is high
- when buyers have few choices
- bargaining power of suppliers of low
- when buyers have many choices
- bargaining power of buyer is high
- when buyer have many choices
- bargaining power of buyer is low
- when buyers have few choices
- threat of substitute products or service is high
- when that are many substitutes for an organizations products or service
- threat of substitute products or services are low
- when there are few substitutes
- Primary activites
-
those business activites that relate to the production and distribution of the firm's products and services, thus creating value for which customers are willing to pay.
ex. inbound logistics, operations, outbound logistics, marketing and sales, and customer service - support activities
-
support primary activites.
ex. accounting, finance, management, human resources management, product and technology development, and procurement - Cost Leadership
- Produce products/services at the lowest cost in the industry
- Differentation
- offer different products, services or product features
- Innovation
- Introduce new products and services, add new features to existing products and services or develop new ways to produce them - Citi bank first ATMS
- Operational Effectiveness
- Improve the manner in which internal business processes are executed so that a firm performs similar activities better than its rivals
- Customer orientation
- Concentrate on making customers happy
- Why are information systems important to organization and society?
-
IT will reduce the number of middle managers
IT will change the manager's job
IT impacts employees at work
IT provides quality of live improvements - Ergonomic Products
-
Wrist support
Back support
Eye-protection filter
Adjustable foot rest - 1950's IT resources were managed by whom?
- Information systems department (ISD) managed all of the computing resources
- Role of IS department
-
The ISD is responsible for corporate level and shared resources and for using IT to solve end users business problems.
End users are responsible for their own computing resources and departmental resources.
ISD and end users work together as partners to manage the IT resources - Traditional major IS functions
-
Managing systems development and systems project management
Managing computer operations
Staffing, training, developing IS skills
Providing technical services
Infrastructure planning, development control - New IS functions
-
Initiating and designing strategic information systems
Incorporating the internet and e-commerce into the business
Managing system integration
Educating non-IS managers about IT
Educating IS staff about the business
Supporting end-user computing
Partnering with executives
Managing outsourcing
Innovate
Ally with vendors and IS departments in other organizations
- Ethics
- branch of philosophy that deals with what is considered to be right and wrong
- Code of Ethics
- a collection of principles that are intended to guide decision making by members of an organization
- Responsibility
- you accept the consequences of your decisions and actions
- Accountability
- means a determination of who is responsible for actions that were taken
- Liability
- is a legal concept meaning that individuals have the right to recover the damages done to them by other individuals, organizations, or systems.
- Privacy Issues
- Collecting, storing and disseminating information about individuals
- Accuracy Issues
- Involve the authenticity, fidelity and accuracy of information that is collected and processed.
- Property Issues
- involve the ownership and value of information
- Accessibility Issues
- revolve around who should have access to information and whether they should have to pay for this access
- Privacy
- is the right to be left alone and to be free of unreasonable personal intrusions
- Data aggregators
-
Companies that collect public data (ex, real estate, telephone numbers)
and non public data (ex, ssn, financial data, police records, motor vehicle records) and integrate them to produce digital dossiers.
- Digital dossier
- electronic description of you and your habits
- Profiling
- process of creating a digital dossier
- Electronic Surveillance
-
tracking of people's activites, online or offline, with the aid of computers.
- Sense through the wall
- Technology by Oceanit, allows you to see if anyone is in a building, prior to entering, by detecting a person's heartbeat/respiration
- Personal Information in Databases
- Information about individuals is being kept in databases, ex banks, utilities co. govt. agencies
- Social Networking sites
- include electronic discussions such as chat rooms, ex facebook, twitter, linkedin
- Blog
- Informal, personal journal that is frequently updated and intended for general public reading
- Privacy Codes and Policies
- An organization's guidelines with respect to protecting the privacy of customers, clients and employees
- Opt out model
- informed consent permits the company to collect personal information until the customer specifically requests that the data not be collected.
- Opt in model
- informed consent means that organizations are prohibited from collecting any personal information unless the customer specifically authorizes it
- International aspects of privacy
- privacy issues that international organizations and governments face when information spans countries and jurisdictions
- Untrusted network
- is any network external to your organization
- Downstream liability
- occuers when Company A's systems are attacked and taken over by the perpetrator. Company A's systems are then used to attack Company B. Company A could be sued successfully by Company B, if Company A cannot prove that it exercised due diligence in securing its systems.
- Due diligence
- means that a company takes all necessary security precautions, as judged by commonly accepted best practices
- Unmanaged devices
-
those outside control of the IT department
ex. devices in hotel business centers, customer computers, computers in restaurants like Mcdonalds, Panera. - Lack of management support
- takes many forms: insufficient funding, technological obsolesence, lack of attention.
- Threat
- any danger to which a system, possessing information resources, may be exposed
- exposure
- is the harm, loss or damage that can result if a threat compromises the information resource
- System vulnerability
- possibility that the system will suffer harm by a threat
- Risk
- the likelihood that a threat will occur
- Information system controls
- the procedures, devices, or software aimed at preventing a compromise to the system
- Categories of threats to information systems
-
Unintentional acts
Natural disasters
Technical failures
Management failures
Deliberate acts - Unintentional Acts
-
Human errors
Deviation in quality of service by service providers
Environmental hazards - Human Errors
-
Tailgating
Shoulder surfing
Carelessness with laptops and portable computing devices
Opening questionable e-mails
Careless Internet surfing
Poor password selection and use - Shoulder surfing
- occurs when the attacker watched another person's computer screen over that person's shoulder. Particularly dangerous in public areas such as airports, commuter trains, and on airplanes
- Social engineering
-
an attack where the attacker uses social skills to trick a legitmate employee into providing confidential company information such as passwords
typically unintentional human error on the part of an employee, but it is the result of a deliberate action on the part of an attacker - Competitive intelligence
- consists of legal information gathering techniques
- Industrial espionage
- crosses the legal boundary
- Intellectual property
- property created by individuals or corporation which is protected under trade secret, patent and copyright laws
- Trade secret
- Intellectual work such as a business plan, that is a company secret and is not based on public information
- Patent
- Document that grants the holder exclusive rights on an invention or process for 20 years
- Copyright
- Statutory grant that provides creators of intellectual property with ownership of the property for life of the creator plus 70 years
- Piracy
- copying a software program without making payment to the owner
- Virus
- segment of computer code that performs malicious actions by attaching to another computer program
- Worm
- segment of computer code that performs malicious actions and will spread by itself without requiring another program
- Trojan hourse
- computer program that hides in another computer program and reveals its designated behavior only when it is activated
- Logic bomb
- segment of computer code that is embedded inside an organizations existing computer programs and is designed to activate and perform a destructive action at a certain time or date
- Phishing attacks
- use deception to acquire sensitive personal information by masquerading as official-looking-emails or instant messages
- destributed denial of service attack
- attacker first takes over many computers, these computers called zombies or bots, together these bots form a botnet
- Spyware
- collects personal information about users without their consent
- Keystroke loggers
- record your keystrokes and your web browsing history
- Screen scrapers
- record a continuous movie of what you do on a screen
- Spamware
- is alien software that is designed to use your computer as a launchpad for spammers
- Spam
- unsolicited email
- Cookies
- small amounts of information that websites store on your computer
- Supervisory control and data acquistion (SCADA)
-
large scale, distributed, measurement and control system
link between electronic world and the physical world - Risk management
- to identify, control and minimize the impact of threats
- Risk analysis
- to assess the value of each asset being protected, estimate the probability it might be compromised, and compare the probable costs of it being compromised with the cost of protecting it.
- Risk mitigation
-
when the organization takes concrete actions against risk
1) implement controls to prevent identified threats from occurring
2) developing a means of recovery should the threat become a reality. - Risk acceptance
- Accept the potential risk, continue operating with no controls and absorb any damages that occur.
- Risk limitation
- Limit the risk by implementing controls that minimize the impact of threat
- Risk transference
- transfer the risk by using other means to compensate for the loss, such as purchasing insurance.
- Physical controls
- Physical protection of computer facilities and resources
- Access controls
- Restriction of unauthorized user access to computer resources; use biometrics and passwords controls for user id.
- Communication (network) controls
- protect the movement of data across networks and include border security controls, authentication and authorization
- Application controls
- protect specific applications
- Authentication
- Major objective is proof of identity
- Biometrics
- Something the user is, access controls examine a user's innate physical characteristics, ex fingerprint, eye ball
- Something the user has
- access controls include ID cards, smart cards, and tokens
- Something the user does
- Voice and signature recognition
- Something the user knows
-
access controls include passwords and passphrases.
Password is a private combination of characters that only the user should know. A passphrase is a series of characters that is longer than a password but can be memorized easiy - Authorization
- Permission issued to individuals and groups to do certain activities with information resources, based on verified id.
- Privilege
- collection of related computer system operations that can be performed by users of the system
- Least privilege
- principle that users be granted the privilege for some activity only if there is a justifiable need to grant this authorization.
- Fire walls
- System that enforces access-control policy between two networks
- Anti-malware systems
-
Anti virus software
software packages that attempt to identify and eliminate viruses, worms and other malicious software. - Whitelisting
- process in which a company identifies the software that it will allow to run and does not try to recognize malware
- blacklisting
- process in which a company allows all software to run unless it is on the blacklist
- Intrusion detection systems
- designed to detect all types of malicious network traffic and computer usage that cannot be detected by a firewall
- Encryption
- process of converting an original message into a form that cannot be read by anyone except the intended receiver
- Demilitarized zone
- DMS located between two firewalls, the DMZ contains company servers that typically handle web page requests and email
- Digital certificate
- an electronic document attached to a file certifying that the file is from the organization that it claims to be from and has not been modified from its original format
- Certificate authorities
- are trusted intermediaries between 2 organizations, issue digital certificates
- Virtual private network
- private network that uses a public network ( usually internet) to connect users
- Secure socket layer (SSL)
- SSL now called transport layer security (TLS) is an encryption standard used for secure transactions such as credit card purchases and online banking.
- Vulnerability management systems
-
Security on demand
extend the security perimeter that exists for the organizations managed devices, to unmanaged, remote devices - Employee monitoring systems
- monitor employees computers, email activities, and internet surfing
- Tunneling
- encrypts each data packet that is sent and places each encrypted packet inside another packet
- Hot site
- fully configured computer facility with all services communications links, and physical plant operations
- Warm site
- provides many of the same services and options of the hot site, but it typically does not include the actual applications the company runs
- Cold site
- provides only rudimentary services and facilities and so does not supply computer hardware or user workstations
- Information systems auditing
- independent or unbiased observers task to ensure that information systems work properly
- Audit
- examination of information systems, their inputs, outputs and processing
- Types of auditors and audits
-
Internal
External - Internal audit
- performed by corporate internal auditors
- External audits
- reviews internal audit as well as the inputs, processing and outputs of information systems
- Auditing around the computer
- means verifying processing by checking for known outputs or specific inputs
- Auditing through the computer
- means inputs, outputs and processing are checked
- Auditing with the computer
- means using a combination of client data, auditor software, and client and auditor hardware