This site is 100% ad supported. Please add an exception to adblock for this site.

ISB Exam 1


undefined, object
copy deck
Personal Information Network
Created by cooperation of
1)Digital devices
2)Wired/Wireless networks we access
3)Web-based tools for finding information and communicating and collaborating with other people

Examples of Personal movable information network
Cell Phone
Multifunction watch
Heart/respiration monitor

Management Information Systems
(MIS) Planning, development, management and use of IT (information tech) to perform tasks related to information processing and management
Information Technology
(IT) computer based tools that people use to work with information and support information processes
Business Process
Collection of related activities that produce a product or a service of value to the organization, its business partners, and/or its customers
Business process managment
management technique that includes methods and tools to support the design, analysis, implementation, management, and optimization of business processes
Data and/or information organized and processed to convey understanding , experience, accumulated learning and expertise as they apply to a current problem or activity
Information system links
Data -> Information -> Knowledge -> Wisdom ->?
Information Technology Architecture
High-level map or plan of the information assets in an organization which guides current operations and is a blueprint for future directions
Information Technology Infrastructure.
The physical facilities, IT components, IT services and IT management that support an entire organization
IT components
Hardware, software, telecommunications and networks, and wireless communications
IT services
consist of data management, managing security and risk, and systems development
IT personnel
They use "IT components" to produce "IT services"
IT platform
synonymous with IT components
Stages of Globalization
Globalization 1.0 (1492-1800)
Globalization 2.0 (1800-2000)
Globalization 3.0 (2000-Present)

Globalization 3.0
2000 – now

World is now tiny (everyone is everyone else’s close neighbor)

Competitive playing field is being leveled

Key agent of change: software, in conjunction with the global fiber-optic network, and wireless technology

Enabling people to collaborate and compete globally

Thomas Friedman's Ten Flattners
Fall of the Berlin Wall
Netscape goes public
Development of work-flow software
Off shoring
Supple Chaining
In sourcing
The steroids

Fall of the Berlin Wall

Shift of the world to a free market

Led to the rise of the European Union

Netscape goes Public
Popularized the World Wide Web
Workflow Software
Enabling computer applications to work with one another without human intervention.

Enabling faster, closer collaboration and coordination among employees, regardless of their location

Empowered individuals to create content and make it visible

Led the transition from a passive Web to a participatory collaborative web

Contracting an outside company to perform specific functions that your company was doing itself and then integrating their work into your operation.
relocating an entire operation, or just certain tasks, to another country
Supply chaining
The creation of networks of communication between companies, suppliers and customers to collaborate, share information and increase efficiency.
the delegating of jobs within a business to another company that specializes in that job.
Like dell hiring FedEx to ship their products
the ability to search for information (Search Engine)
the process of shaping, manipulating and transmitting digitized content can be done at very high speeds so that users do not have to think about these processes
Great Convergence
1) cheap and ubiquitous computing devices
2) low-cost, high bandwidth
3) Open standards

Business Pressure
The business environment is the combination of social, legal, economic, physical and political factors that affect business activities. Significant changes in any of these factor are likely to create business pressure on the organization.


Market Pressures
The global economy and strong competition

The changing nature of the workforce

Powerful customers

Technology Pressures
Technological innovation and obsolescence

Information Overload

Customer Focus
is the difference between attracting and keeping customers by providing superb customer service to losing them to competitors.
strategy of producing customized products and services
chapter 2 opening case
Johnnys Lunch and Pitney Bowes Mapinfo

(johnnys lunch = restaurant)
(Pitnet Bowes = company that maps out human traffic in a area to help companies figure out best location)

Computer-based information system (CBIS)
CBIS uses computer technology to perform some or all of their tasks and are composed of:

device such as a processor, monitor,keyboard or printer
program or collection of programs that enable hardware to process data
is a collection of related files or tables containing data
is a connecting system (wireline or wireless) that permits different computers to share resources
set of instructions about how to combine the above components in order to process information and generate the desired output
are those individuals who use the hardware/software, interface with it, or uses its output
Capabilities of Information Systems
perform high speed high volume numerical computations

provide fast accurate communication and collaboration within and among organizations

store huge amounts of information in small space
allow quick inexpensive access to vast amounts of information worldwide

interpret vast amounts of data quickly and efficiently

Increase effectiveness and efficiency of people working in groups in one place or around the world

automate semiautomatic business process and manual tasks

Application program
computer program designed to support a specific task, a business process or another program
Breadth of support of information systems
Functional area information systems

Enterprise resource planning systems

Transaction processing systems

Interorganizatonal information systems

Information systems support for organization employees
Office automation systems

functional area information systems

Business intelligence systems

Expert systems


High threat of entry of new competition
when it is easy to enter a market
low threat of entry of new competiton
when significant barriers to entry exist
Barrier to entry
produce or service feature that customers expect from organization in a certain industry
bargaining power of suppliers is high
when buyers have few choices
bargaining power of suppliers of low
when buyers have many choices
bargaining power of buyer is high
when buyer have many choices
bargaining power of buyer is low
when buyers have few choices
threat of substitute products or service is high
when that are many substitutes for an organizations products or service
threat of substitute products or services are low
when there are few substitutes
Primary activites
those business activites that relate to the production and distribution of the firm's products and services, thus creating value for which customers are willing to pay.

ex. inbound logistics, operations, outbound logistics, marketing and sales, and customer service

support activities
support primary activites.
ex. accounting, finance, management, human resources management, product and technology development, and procurement
Cost Leadership
Produce products/services at the lowest cost in the industry
offer different products, services or product features
Introduce new products and services, add new features to existing products and services or develop new ways to produce them - Citi bank first ATMS
Operational Effectiveness
Improve the manner in which internal business processes are executed so that a firm performs similar activities better than its rivals
Customer orientation
Concentrate on making customers happy
Why are information systems important to organization and society?
IT will reduce the number of middle managers

IT will change the manager's job

IT impacts employees at work

IT provides quality of live improvements

Ergonomic Products
Wrist support
Back support
Eye-protection filter
Adjustable foot rest

1950's IT resources were managed by whom?
Information systems department (ISD) managed all of the computing resources
Role of IS department
The ISD is responsible for corporate level and shared resources and for using IT to solve end users business problems.

End users are responsible for their own computing resources and departmental resources.

ISD and end users work together as partners to manage the IT resources

Traditional major IS functions
Managing systems development and systems project management

Managing computer operations

Staffing, training, developing IS skills

Providing technical services

Infrastructure planning, development control

New IS functions
Initiating and designing strategic information systems

Incorporating the internet and e-commerce into the business

Managing system integration

Educating non-IS managers about IT

Educating IS staff about the business

Supporting end-user computing

Partnering with executives

Managing outsourcing


Ally with vendors and IS departments in other organizations

branch of philosophy that deals with what is considered to be right and wrong
Code of Ethics
a collection of principles that are intended to guide decision making by members of an organization
you accept the consequences of your decisions and actions
means a determination of who is responsible for actions that were taken
is a legal concept meaning that individuals have the right to recover the damages done to them by other individuals, organizations, or systems.
Privacy Issues
Collecting, storing and disseminating information about individuals
Accuracy Issues
Involve the authenticity, fidelity and accuracy of information that is collected and processed.
Property Issues
involve the ownership and value of information
Accessibility Issues
revolve around who should have access to information and whether they should have to pay for this access
is the right to be left alone and to be free of unreasonable personal intrusions
Data aggregators
Companies that collect public data (ex, real estate, telephone numbers)
and non public data (ex, ssn, financial data, police records, motor vehicle records) and integrate them to produce digital dossiers.

Digital dossier
electronic description of you and your habits
process of creating a digital dossier
Electronic Surveillance
tracking of people's activites, online or offline, with the aid of computers.

Sense through the wall
Technology by Oceanit, allows you to see if anyone is in a building, prior to entering, by detecting a person's heartbeat/respiration
Personal Information in Databases
Information about individuals is being kept in databases, ex banks, utilities co. govt. agencies
Social Networking sites
include electronic discussions such as chat rooms, ex facebook, twitter, linkedin
Informal, personal journal that is frequently updated and intended for general public reading
Privacy Codes and Policies
An organization's guidelines with respect to protecting the privacy of customers, clients and employees
Opt out model
informed consent permits the company to collect personal information until the customer specifically requests that the data not be collected.
Opt in model
informed consent means that organizations are prohibited from collecting any personal information unless the customer specifically authorizes it
International aspects of privacy
privacy issues that international organizations and governments face when information spans countries and jurisdictions
Untrusted network
is any network external to your organization
Downstream liability
occuers when Company A's systems are attacked and taken over by the perpetrator. Company A's systems are then used to attack Company B. Company A could be sued successfully by Company B, if Company A cannot prove that it exercised due diligence in securing its systems.
Due diligence
means that a company takes all necessary security precautions, as judged by commonly accepted best practices
Unmanaged devices
those outside control of the IT department
ex. devices in hotel business centers, customer computers, computers in restaurants like Mcdonalds, Panera.
Lack of management support
takes many forms: insufficient funding, technological obsolesence, lack of attention.
any danger to which a system, possessing information resources, may be exposed
is the harm, loss or damage that can result if a threat compromises the information resource
System vulnerability
possibility that the system will suffer harm by a threat
the likelihood that a threat will occur
Information system controls
the procedures, devices, or software aimed at preventing a compromise to the system
Categories of threats to information systems
Unintentional acts

Natural disasters

Technical failures

Management failures

Deliberate acts

Unintentional Acts
Human errors

Deviation in quality of service by service providers

Environmental hazards

Human Errors

Shoulder surfing

Carelessness with laptops and portable computing devices

Opening questionable e-mails

Careless Internet surfing

Poor password selection and use

Shoulder surfing
occurs when the attacker watched another person's computer screen over that person's shoulder. Particularly dangerous in public areas such as airports, commuter trains, and on airplanes
Social engineering
an attack where the attacker uses social skills to trick a legitmate employee into providing confidential company information such as passwords

typically unintentional human error on the part of an employee, but it is the result of a deliberate action on the part of an attacker

Competitive intelligence
consists of legal information gathering techniques
Industrial espionage
crosses the legal boundary
Intellectual property
property created by individuals or corporation which is protected under trade secret, patent and copyright laws
Trade secret
Intellectual work such as a business plan, that is a company secret and is not based on public information
Document that grants the holder exclusive rights on an invention or process for 20 years
Statutory grant that provides creators of intellectual property with ownership of the property for life of the creator plus 70 years
copying a software program without making payment to the owner
segment of computer code that performs malicious actions by attaching to another computer program
segment of computer code that performs malicious actions and will spread by itself without requiring another program
Trojan hourse
computer program that hides in another computer program and reveals its designated behavior only when it is activated
Logic bomb
segment of computer code that is embedded inside an organizations existing computer programs and is designed to activate and perform a destructive action at a certain time or date
Phishing attacks
use deception to acquire sensitive personal information by masquerading as official-looking-emails or instant messages
destributed denial of service attack
attacker first takes over many computers, these computers called zombies or bots, together these bots form a botnet
collects personal information about users without their consent
Keystroke loggers
record your keystrokes and your web browsing history
Screen scrapers
record a continuous movie of what you do on a screen
is alien software that is designed to use your computer as a launchpad for spammers
unsolicited email
small amounts of information that websites store on your computer
Supervisory control and data acquistion (SCADA)
large scale, distributed, measurement and control system

link between electronic world and the physical world

Risk management
to identify, control and minimize the impact of threats
Risk analysis
to assess the value of each asset being protected, estimate the probability it might be compromised, and compare the probable costs of it being compromised with the cost of protecting it.
Risk mitigation
when the organization takes concrete actions against risk

1) implement controls to prevent identified threats from occurring

2) developing a means of recovery should the threat become a reality.

Risk acceptance
Accept the potential risk, continue operating with no controls and absorb any damages that occur.
Risk limitation
Limit the risk by implementing controls that minimize the impact of threat
Risk transference
transfer the risk by using other means to compensate for the loss, such as purchasing insurance.
Physical controls
Physical protection of computer facilities and resources
Access controls
Restriction of unauthorized user access to computer resources; use biometrics and passwords controls for user id.
Communication (network) controls
protect the movement of data across networks and include border security controls, authentication and authorization
Application controls
protect specific applications
Major objective is proof of identity
Something the user is, access controls examine a user's innate physical characteristics, ex fingerprint, eye ball
Something the user has
access controls include ID cards, smart cards, and tokens
Something the user does
Voice and signature recognition
Something the user knows
access controls include passwords and passphrases.
Password is a private combination of characters that only the user should know. A passphrase is a series of characters that is longer than a password but can be memorized easiy
Permission issued to individuals and groups to do certain activities with information resources, based on verified id.
collection of related computer system operations that can be performed by users of the system
Least privilege
principle that users be granted the privilege for some activity only if there is a justifiable need to grant this authorization.
Fire walls
System that enforces access-control policy between two networks
Anti-malware systems
Anti virus software

software packages that attempt to identify and eliminate viruses, worms and other malicious software.

process in which a company identifies the software that it will allow to run and does not try to recognize malware
process in which a company allows all software to run unless it is on the blacklist
Intrusion detection systems
designed to detect all types of malicious network traffic and computer usage that cannot be detected by a firewall
process of converting an original message into a form that cannot be read by anyone except the intended receiver
Demilitarized zone
DMS located between two firewalls, the DMZ contains company servers that typically handle web page requests and email
Digital certificate
an electronic document attached to a file certifying that the file is from the organization that it claims to be from and has not been modified from its original format
Certificate authorities
are trusted intermediaries between 2 organizations, issue digital certificates
Virtual private network
private network that uses a public network ( usually internet) to connect users
Secure socket layer (SSL)
SSL now called transport layer security (TLS) is an encryption standard used for secure transactions such as credit card purchases and online banking.
Vulnerability management systems
Security on demand

extend the security perimeter that exists for the organizations managed devices, to unmanaged, remote devices

Employee monitoring systems
monitor employees computers, email activities, and internet surfing
encrypts each data packet that is sent and places each encrypted packet inside another packet
Hot site
fully configured computer facility with all services communications links, and physical plant operations
Warm site
provides many of the same services and options of the hot site, but it typically does not include the actual applications the company runs
Cold site
provides only rudimentary services and facilities and so does not supply computer hardware or user workstations
Information systems auditing
independent or unbiased observers task to ensure that information systems work properly
examination of information systems, their inputs, outputs and processing
Types of auditors and audits
Internal audit
performed by corporate internal auditors
External audits
reviews internal audit as well as the inputs, processing and outputs of information systems
Auditing around the computer
means verifying processing by checking for known outputs or specific inputs
Auditing through the computer
means inputs, outputs and processing are checked
Auditing with the computer
means using a combination of client data, auditor software, and client and auditor hardware

Deck Info