This site is 100% ad supported. Please add an exception to adblock for this site.

k-201 final


undefined, object
copy deck
Information Security
The protection of information from accidental or intentional misuse by persons by persons inside or outside an organization.
Authentications authorization
Confirm user identities, authorize/give access -user ID and password -smart card/token -fingerprint and voice signature
Legitimate users who purposely or accidently misuse their access environments and cause some types of business-affected incident.
Social engineering
Using social skills to trick people into revealing access/info. Dumpster diving in people's trash.
Information security policies
Rules for access to information. Found in information security plan.
Prevention and Resistance
stop intruders for accessing intellectual capital
Content filtering
orgs use software to filter content to prevent transmission of unauthorized info
scrambles of info that requires key/password to decrypt. -Public key encryption (PKE): encryption system with 2 keys; public and private
hardware/software guards private network by analyzing info leaving/entering network. (can even detect unintentional connection to internet)
Detection and Response
if prevention/resistance (filter, encrypt, firewalls) and there is security breach -> use Detection and Response - Antivirus Software
virus that spreads itself from comp to comp
must attached to something (i.e. a file) – software written with malicious intent to annoy/damage
DoS (Denial of Service) attack
DoS (Denial-of-Service) attack – floods website with so many requests it clows/crashes
DDos (Distributed)
many comps at once receiving bad info
Trojan – hides in software, backdoor programs – open way into network for future attackers, polymorphic – change form as propagate
-Cracker: criminal intent -Cyber terrorist: seek to harm with internet -Script kiddies/bunnies: hacking code into businesses -Hactivists: political reasons -Black-hat: comp systems to look/steal/destroy -White-hat: request by system owners to find vulnerabilities to fix
principles and standards that guide behavior toward other people, and how they handle info and technology. Technology has created ethical dilemmas (from goals, competition, responsibilities and loyalties)
Intellectual Property
intangible work in physical form
legal protection of idea (i.e. song, game, documents)
Fair use Doctrine
legal to use copyrighted material
Pirated Software
unauthorized/duplication/distribution/or sale of copyrighted software
Counterfeit Software
software that is manufactured to look like real thing and sold
right to be left alone, control over personal possessions, observed without consent
assurance that messages and info are available only to those who are authorized to view -ePolicies: policies/procedures that address ethical use of computers/internet in business environment
Privacy Act 1974
restricts info federal gov can collect, allow correction of info on self, procedures protect personal info, forbids disclosure of name linked info w/out permission.
Family Education Rights and Privacy Act
access to personal education records by gov agencies/third parties, right of students to see own records.
Cable Communications Act 1984
requires written/electronic consent from viewers before cable providers can release viewing choices or other personal ID info
Electronic Communication Privacy Act 1986
allows reading of communications by firm, employees have no right to privacy when using companies computers
Computer Fraud and Abuse Act 1986
prohibits unauthorized access to comps for financial, U.S. gov, interstate/international trends.
USA Patriot Act
Law access any info for terrorist/clandestine intelligence activities
Homeland Security Act
restrictions on Freedom of Info Act (examine gov records), power gov to declare health securities.
Bork Bill
prohibits personal video rental info other than use of marketing goods
Fair and Accurate Credit Transaction Act
right to free credit report, all but last 5 card # digits on receipt, identity theft driven.
CAN-Span Act
regulate solicitation e-mails, SPAM, phony subject titles etc.
Sarbanes-Oxely Act
policies to prevent illegal activity in company, respond timely manner to investigate
Responsibilities of CIO
-managing info over its life cycle -controlling access/use of info -inappropriate destruction of info -bringing technological knowledge to the development of info management practices/policies -should partner with executive peers to develop/execute the orgs info management policies
policies/procedures that address ethical use of comps/internet usage in business environment – used so that people understand the company policies.
Ethical computer use policy
o Contains general principles to guide computer user behavior (i.e. no playing video games during work). Employees must be informed of computer use policies.
Information privacy policy
Contains general principles regarding info privacy → 1. Adoption and implementation of privacy policy (business has responsibility to adopt protection) 2. Notice and disclosure (must be easy to read/understand) 3. Choice and consent (individuals must be given opportunity to choose how their info will be collected) 4. Information security (orgs should make effort to assure personal info reliability/misuse) 5. Information quality and access (orgs have processes so inaccuracy can be corrected)
Acceptable use policy
policy that a user must agree to follow in order to be provided access to network/internet.
contract that e-business participants do not deny (repudiate) their online actions
E-mail Privacy Policy
details the extent to which e-mail messages may be read by other (companies can set bars, i.e. look at employees e-mails). This policy must be understood by employees etc.
Internet use policy
contains general principles to guide proper use of the Internet
Anti-spam policy
Spam (unsolicited e-mail). This policy simply states that e-mail users will not send SPAM.
Ethics in the Workplace
monitoring employees, termination policies (i.e. going to the wrong website)
Information Monitoring Technologies
tracking peoples activities by such measures as number of keystrokes, error rate and number of transactions processed.
Key logger/trapper software
Records keystrokes and mouse clicks
Hardware key logger
captures keystrokes on journey from keyboard to motherboard
small file deposited on hard-drive by a Web site, containing info about customers and their web activities. Cookies record website comings and goings, usually without knowledge or consent.
software generating ads that install themselves on comp when person downloads other programs from internet
sneakware/stealthware, software that comes hidden in free downloadable software. It tracks online movements, mines info stored on comps, or uses comps CPU for storage without users knowledge.
one line of info for every visitor to a Web site, usually stored on Web server.
Click stream
records info about customer during Web surfing (i.e. which sites visited, how long, ads viewed, purchased)
Employee Monitoring Policies
explicitly states how, when and where the company monitors its employees. → 1. Specific as possible 2. Always enforce 3. Enforce same for everyone 4. Communicate companies right to do so 5. State when monitoring 6. State what will be monitored 7. Describe types of info collected 8. State consequences 9. State all provisions that allow for updates to policies 10. Specify scope/manner of monitoring 11. Written receipt of acknowledgement.
21st Century Organization Trends
1) Uncertainty in terms of future business scenarios and economic outlooks 2) Emphasis on strategic analysis for cost reduction/productivity enhancements 3) Focus on improved business with enhanced security
Technological Trends
1) IT infrastructures 2) Security 3) E-business 4) Integration
IT Infrastructure
hardware/software/telecommunications equipment that combined provide foundation to support organizations goal’s – has large influence on companies strategic capabilities.
Increasingly opening up networks to customers, partners and suppliers with even more diverse set of computer devices/networks – can use latest security technologies.
mobility/wireless is new focus in e-business, helps improve efficiency of inventory, info accuracy, reduced costs, increased productivity, revenues, customer service.
blending comps and wireless telecommunications technologies with goal of conveying info over vast networks to improve business: i.e. internet itself
Electronic tagging
technique for identifying/tracking assets and individuals with technologies i.e. radio frequency ID and smart cards
Radio Frequection Identification (RFID)
active/passive tags in chips or smart labels to store unique IDs and relay info to electronic readers→ inventories, logistics, distribution, asset management. Also mobile, through cells and smart cards→ i.e. in clothing at the GAP to record inventories/understand better.
allows separate systems to communicate directly with eachother – integration of business and technology has allowed orgs to increase share of the global economy, transform business ways, and become more efficient and effective. The Global economy has been reshaped with this integration.
Integration Shifts
⬢Product-centricity to customer-centricity ⬢Mass production to mass customization ⬢Value in material things to value of knowledge and intelligence
most important, but hard to follow with all the changes. Important for companies to anticipate and prepare for future by studying emerging trends/new technologies.
Trend analysis
trend examined to identify name, causes, speed of development and potential impacts
Trend monitoring
Important trends in specific community/industry/sector are carefully monitored and reported to key decision makers
Trend projection
When numerical data are available, trend can be plotted to display changes through time and future
Computer simulation
complex systems (i.e. US economy) can be modeled with math equations/scenarios for “what if” analysis
Historical analysis
historical events studied to anticipate outcome of current developments
World population will double in the next 4o years
Impact: increased global agricultural demand, developing countries retires need to remain on job, developing nations increase immigration limits
People in developing countries are going to live longer
New pharmaceutical/medical technologies. Impact: Global product demand, elderly will have jobs. Cost of health care sky-rocket. Pharmaceutical companies pushed for advances.
Growth in info industries is creating a global society that dependent on knowledge
Impact: Computer literate to maintain jobs, knowledge workers higher paid, unskilled professions require more education, midlevel managers not needed (info flow from from-office workers to high management)= flattening corporate pyramid, downsizing/restructure/organizing/layoffs increase as struggle to reinvent/restructure increases
Global economy becoming more integrated
outsourcing and internet purchasing. Impact: increase need for foreign language training, e-business growth and internet shop increase for raw materials, internet continue to enable small companies to compete, internet-based operations require knowledge workers
Economy/society are dominated by technology
computers becoming part of our environment. Impact: dozens of new business creation/job opportunities, automation decrease cost of products/services so price reductions possible with profit improvement, internet push prices to commodity level, demand for scientist, engineers and technicians will continue to grow
Pace of technological innovation increasing
technology advancing at phenomenal pace, i.e. medical knowledge, taught in high schools. Impact: time to get products/services to market shortened by technology (life cycles shortened), industries will face tighter competition based on new technologies.
Time is becoming one of the world's most precious commodities
today workers spend about 10% more time on their jobs that a decade ago. Increasing need for time saving technologies. Impact: companies must take active role in helping employees balance work, family and leisure time, stress-related problems affecting employee morale/wellness continue to grow, internet stores have growing advantage.
Digital Ink
(electronic ink) technology that digitally represents handwritten in its natural form.
Radio Paper
dynamic high-resolution electronic display that combines a paper-like reading experience with the ability to access info, anytime, anywhere.
Digital Paper
(electronic paper) – any paper that is optimized for any type of digital printing. Unlike tree paper, it is made in a laboratory and uses excellent resolution, high contrast under wide viewing angles, doesn’t degrade over time, and is flexible.
using info devices and Internet to conduct all aspects of life seamlessly. Future: information summoned at the touch of a finger (house, office), as well as robotic salespersons.
Virtual Assistant
small program stored on a PC or portable device that monitors e-mails, faxes, messages, an phone calls. Helps individuals solve problems like a real assistant – it will take over writing letters, retrieving files, making phone calls.
Alternative Energy Source
xImpact: Modernizing around the world, increase in energy use. Cost of alternative energy sources is dropping, helps oil price limits. New world of entrepreneurship, oil will remain worlds most important energy resource but reliance will decline, and better air and water.
Autonomic Computing
one of the building clocks of widespread computer, computers will be all around us, through increasingly interconnected networks. Impact: Used in security, storage, network management etc. Seeks out ways to optimize computing→ achieve system performance goals. Can “self-heal” in event of a failure.
arrangement by which one org provides service(s) for another org that chooses not to perform them in-house on their own. It has spread because of a businesses’ need to focus on core competencies, Web implementation initiatives, consolidation across industries and a tight labor pool.
These have influenced the rapid growth of outsourcing
-Globalization -The internet -Growing economy and low unemployment rate -Technology -Deregulation
Outsourcing Benefits
increased quality/efficiency of process/service, reduced operating expenses, access to better service, access to better technology, flexibility, reduced hiring/employee stress. It has also grown, and will continue to turn into an overall context for business rather than just a cost-saving strategy- this means more buyers choices, and better prices for better product value.
Onshore Outsourcing
engaging another company within the same country for services
Near shore Outsourcing
contracting an outsource with company in nearby country (often border shared)
Offshore Outsourcing
using orgs from developing countries to write code/develop systems
The leaders
countries leading the outsourcing industry (i.e. Canada, India, Ireland, Israel, Philippines)
The up and comers
countries beginning to emerge as solid outsourcing option (i.e. Brazil, China, Malaysia, Mexico, Russia, South Africa)
The rookies
countries just entering outsourcing industry (i.e. Argentina, Chile, Costa Rica, New Zealand, Thailand, Ukraine)
Contract Length
most outsourcing IT contracts last for a long time, because cost of transferring asses/employees/maintain technological investment is high. Three problems: 1) difficult to get out of contract if outsource not good 2) Problems foreseeing business action over next 5-10 years, so hard to write appropriate contract 3) Problems forming internal IT department after contract period is up.
Competitive edge
A product or a service an organizations customer places a greater value on than similar offerings of a competitor
Scope definition
IT projects suffer from problems associated with defining the scope of the system – same with outsourcing arrangements, i.e. contract misunderstandings
combination of professional services, mission-critical support, remote management, and hosting service offered to customers. Goal is to integrate collection of IT services into none stable, cost-efficient system.

Deck Info