k-201 final
Terms
undefined, object
copy deck
- Information Security
- The protection of information from accidental or intentional misuse by persons by persons inside or outside an organization.
- Authentications authorization
- Confirm user identities, authorize/give access -user ID and password -smart card/token -fingerprint and voice signature
- Insiders
- Legitimate users who purposely or accidently misuse their access environments and cause some types of business-affected incident.
- Social engineering
- Using social skills to trick people into revealing access/info. Dumpster diving in people's trash.
- Information security policies
- Rules for access to information. Found in information security plan.
- Prevention and Resistance
- stop intruders for accessing intellectual capital
- Content filtering
- orgs use software to filter content to prevent transmission of unauthorized info
- Encryption
- scrambles of info that requires key/password to decrypt. -Public key encryption (PKE): encryption system with 2 keys; public and private
- Firewalls
- hardware/software guards private network by analyzing info leaving/entering network. (can even detect unintentional connection to internet)
- Detection and Response
- if prevention/resistance (filter, encrypt, firewalls) and there is security breach -> use Detection and Response - Antivirus Software
- Worm
- virus that spreads itself from comp to comp
- Virus
- must attached to something (i.e. a file) – software written with malicious intent to annoy/damage
- DoS (Denial of Service) attack
- DoS (Denial-of-Service) attack – floods website with so many requests it clows/crashes
- DDos (Distributed)
- many comps at once receiving bad info
- Trojan
- Trojan – hides in software, backdoor programs – open way into network for future attackers, polymorphic – change form as propagate
- Hackers
- -Cracker: criminal intent -Cyber terrorist: seek to harm with internet -Script kiddies/bunnies: hacking code into businesses -Hactivists: political reasons -Black-hat: comp systems to look/steal/destroy -White-hat: request by system owners to find vulnerabilities to fix
- Ethics
- principles and standards that guide behavior toward other people, and how they handle info and technology. Technology has created ethical dilemmas (from goals, competition, responsibilities and loyalties)
- Intellectual Property
- intangible work in physical form
- Copyright
- legal protection of idea (i.e. song, game, documents)
- Fair use Doctrine
- legal to use copyrighted material
- Pirated Software
- unauthorized/duplication/distribution/or sale of copyrighted software
- Counterfeit Software
- software that is manufactured to look like real thing and sold
- Privacy
- right to be left alone, control over personal possessions, observed without consent
- Confidentiality
- assurance that messages and info are available only to those who are authorized to view -ePolicies: policies/procedures that address ethical use of computers/internet in business environment
- Privacy Act 1974
- restricts info federal gov can collect, allow correction of info on self, procedures protect personal info, forbids disclosure of name linked info w/out permission.
- Family Education Rights and Privacy Act
- access to personal education records by gov agencies/third parties, right of students to see own records.
- Cable Communications Act 1984
- requires written/electronic consent from viewers before cable providers can release viewing choices or other personal ID info
- Electronic Communication Privacy Act 1986
- allows reading of communications by firm, employees have no right to privacy when using companies computers
- Computer Fraud and Abuse Act 1986
- prohibits unauthorized access to comps for financial, U.S. gov, interstate/international trends.
- USA Patriot Act
- Law access any info for terrorist/clandestine intelligence activities
- Homeland Security Act
- restrictions on Freedom of Info Act (examine gov records), power gov to declare health securities.
- Bork Bill
- prohibits personal video rental info other than use of marketing goods
- Fair and Accurate Credit Transaction Act
- right to free credit report, all but last 5 card # digits on receipt, identity theft driven.
- CAN-Span Act
- regulate solicitation e-mails, SPAM, phony subject titles etc.
- Sarbanes-Oxely Act
- policies to prevent illegal activity in company, respond timely manner to investigate
- Responsibilities of CIO
- -managing info over its life cycle -controlling access/use of info -inappropriate destruction of info -bringing technological knowledge to the development of info management practices/policies -should partner with executive peers to develop/execute the orgs info management policies
- E-policies
- policies/procedures that address ethical use of comps/internet usage in business environment – used so that people understand the company policies.
- Ethical computer use policy
- o Contains general principles to guide computer user behavior (i.e. no playing video games during work). Employees must be informed of computer use policies.
- Information privacy policy
- Contains general principles regarding info privacy → 1. Adoption and implementation of privacy policy (business has responsibility to adopt protection) 2. Notice and disclosure (must be easy to read/understand) 3. Choice and consent (individuals must be given opportunity to choose how their info will be collected) 4. Information security (orgs should make effort to assure personal info reliability/misuse) 5. Information quality and access (orgs have processes so inaccuracy can be corrected)
- Acceptable use policy
- policy that a user must agree to follow in order to be provided access to network/internet.
- Nonrepudiation
- contract that e-business participants do not deny (repudiate) their online actions
- E-mail Privacy Policy
- details the extent to which e-mail messages may be read by other (companies can set bars, i.e. look at employees e-mails). This policy must be understood by employees etc.
- Internet use policy
- contains general principles to guide proper use of the Internet
- Anti-spam policy
- Spam (unsolicited e-mail). This policy simply states that e-mail users will not send SPAM.
- Ethics in the Workplace
- monitoring employees, termination policies (i.e. going to the wrong website)
- Information Monitoring Technologies
- tracking peoples activities by such measures as number of keystrokes, error rate and number of transactions processed.
- Key logger/trapper software
- Records keystrokes and mouse clicks
- Hardware key logger
- captures keystrokes on journey from keyboard to motherboard
- Cookie
- small file deposited on hard-drive by a Web site, containing info about customers and their web activities. Cookies record website comings and goings, usually without knowledge or consent.
- Adware
- software generating ads that install themselves on comp when person downloads other programs from internet
- Spyware
- sneakware/stealthware, software that comes hidden in free downloadable software. It tracks online movements, mines info stored on comps, or uses comps CPU for storage without users knowledge.
- Weblog
- one line of info for every visitor to a Web site, usually stored on Web server.
- Click stream
- records info about customer during Web surfing (i.e. which sites visited, how long, ads viewed, purchased)
- Employee Monitoring Policies
- explicitly states how, when and where the company monitors its employees. → 1. Specific as possible 2. Always enforce 3. Enforce same for everyone 4. Communicate companies right to do so 5. State when monitoring 6. State what will be monitored 7. Describe types of info collected 8. State consequences 9. State all provisions that allow for updates to policies 10. Specify scope/manner of monitoring 11. Written receipt of acknowledgement.
- 21st Century Organization Trends
- 1) Uncertainty in terms of future business scenarios and economic outlooks 2) Emphasis on strategic analysis for cost reduction/productivity enhancements 3) Focus on improved business with enhanced security
- Technological Trends
- 1) IT infrastructures 2) Security 3) E-business 4) Integration
- IT Infrastructure
- hardware/software/telecommunications equipment that combined provide foundation to support organizations goal’s – has large influence on companies strategic capabilities.
- Security
- Increasingly opening up networks to customers, partners and suppliers with even more diverse set of computer devices/networks – can use latest security technologies.
- E-Business
- mobility/wireless is new focus in e-business, helps improve efficiency of inventory, info accuracy, reduced costs, increased productivity, revenues, customer service.
- Telematics
- blending comps and wireless telecommunications technologies with goal of conveying info over vast networks to improve business: i.e. internet itself
- Electronic tagging
- technique for identifying/tracking assets and individuals with technologies i.e. radio frequency ID and smart cards
- Radio Frequection Identification (RFID)
- active/passive tags in chips or smart labels to store unique IDs and relay info to electronic readers→ inventories, logistics, distribution, asset management. Also mobile, through cells and smart cards→ i.e. in clothing at the GAP to record inventories/understand better.
- Integration
- allows separate systems to communicate directly with eachother – integration of business and technology has allowed orgs to increase share of the global economy, transform business ways, and become more efficient and effective. The Global economy has been reshaped with this integration.
- Integration Shifts
- ⬢Product-centricity to customer-centricity ⬢Mass production to mass customization ⬢Value in material things to value of knowledge and intelligence
- For-sight
- most important, but hard to follow with all the changes. Important for companies to anticipate and prepare for future by studying emerging trends/new technologies.
- Trend analysis
- trend examined to identify name, causes, speed of development and potential impacts
- Trend monitoring
- Important trends in specific community/industry/sector are carefully monitored and reported to key decision makers
- Trend projection
- When numerical data are available, trend can be plotted to display changes through time and future
- Computer simulation
- complex systems (i.e. US economy) can be modeled with math equations/scenarios for “what if†analysis
- Historical analysis
- historical events studied to anticipate outcome of current developments
- World population will double in the next 4o years
- Impact: increased global agricultural demand, developing countries retires need to remain on job, developing nations increase immigration limits
- People in developing countries are going to live longer
- New pharmaceutical/medical technologies. Impact: Global product demand, elderly will have jobs. Cost of health care sky-rocket. Pharmaceutical companies pushed for advances.
- Growth in info industries is creating a global society that dependent on knowledge
- Impact: Computer literate to maintain jobs, knowledge workers higher paid, unskilled professions require more education, midlevel managers not needed (info flow from from-office workers to high management)= flattening corporate pyramid, downsizing/restructure/organizing/layoffs increase as struggle to reinvent/restructure increases
- Global economy becoming more integrated
- outsourcing and internet purchasing. Impact: increase need for foreign language training, e-business growth and internet shop increase for raw materials, internet continue to enable small companies to compete, internet-based operations require knowledge workers
- Economy/society are dominated by technology
- computers becoming part of our environment. Impact: dozens of new business creation/job opportunities, automation decrease cost of products/services so price reductions possible with profit improvement, internet push prices to commodity level, demand for scientist, engineers and technicians will continue to grow
- Pace of technological innovation increasing
- technology advancing at phenomenal pace, i.e. medical knowledge, taught in high schools. Impact: time to get products/services to market shortened by technology (life cycles shortened), industries will face tighter competition based on new technologies.
- Time is becoming one of the world's most precious commodities
- today workers spend about 10% more time on their jobs that a decade ago. Increasing need for time saving technologies. Impact: companies must take active role in helping employees balance work, family and leisure time, stress-related problems affecting employee morale/wellness continue to grow, internet stores have growing advantage.
- Digital Ink
- (electronic ink) technology that digitally represents handwritten in its natural form.
- Radio Paper
- dynamic high-resolution electronic display that combines a paper-like reading experience with the ability to access info, anytime, anywhere.
- Digital Paper
- (electronic paper) – any paper that is optimized for any type of digital printing. Unlike tree paper, it is made in a laboratory and uses excellent resolution, high contrast under wide viewing angles, doesn’t degrade over time, and is flexible.
- Teleliving
- using info devices and Internet to conduct all aspects of life seamlessly. Future: information summoned at the touch of a finger (house, office), as well as robotic salespersons.
- Virtual Assistant
- small program stored on a PC or portable device that monitors e-mails, faxes, messages, an phone calls. Helps individuals solve problems like a real assistant – it will take over writing letters, retrieving files, making phone calls.
- Alternative Energy Source
- xImpact: Modernizing around the world, increase in energy use. Cost of alternative energy sources is dropping, helps oil price limits. New world of entrepreneurship, oil will remain worlds most important energy resource but reliance will decline, and better air and water.
- Autonomic Computing
- one of the building clocks of widespread computer, computers will be all around us, through increasingly interconnected networks. Impact: Used in security, storage, network management etc. Seeks out ways to optimize computing→ achieve system performance goals. Can “self-heal†in event of a failure.
- Outsourcing
- arrangement by which one org provides service(s) for another org that chooses not to perform them in-house on their own. It has spread because of a businesses’ need to focus on core competencies, Web implementation initiatives, consolidation across industries and a tight labor pool.
- These have influenced the rapid growth of outsourcing
- -Globalization -The internet -Growing economy and low unemployment rate -Technology -Deregulation
- Outsourcing Benefits
- increased quality/efficiency of process/service, reduced operating expenses, access to better service, access to better technology, flexibility, reduced hiring/employee stress. It has also grown, and will continue to turn into an overall context for business rather than just a cost-saving strategy- this means more buyers choices, and better prices for better product value.
- Onshore Outsourcing
- engaging another company within the same country for services
- Near shore Outsourcing
- contracting an outsource with company in nearby country (often border shared)
- Offshore Outsourcing
- using orgs from developing countries to write code/develop systems
- The leaders
- countries leading the outsourcing industry (i.e. Canada, India, Ireland, Israel, Philippines)
- The up and comers
- countries beginning to emerge as solid outsourcing option (i.e. Brazil, China, Malaysia, Mexico, Russia, South Africa)
- The rookies
- countries just entering outsourcing industry (i.e. Argentina, Chile, Costa Rica, New Zealand, Thailand, Ukraine)
- Contract Length
- most outsourcing IT contracts last for a long time, because cost of transferring asses/employees/maintain technological investment is high. Three problems: 1) difficult to get out of contract if outsource not good 2) Problems foreseeing business action over next 5-10 years, so hard to write appropriate contract 3) Problems forming internal IT department after contract period is up.
- Competitive edge
- A product or a service an organizations customer places a greater value on than similar offerings of a competitor
- Scope definition
- IT projects suffer from problems associated with defining the scope of the system – same with outsourcing arrangements, i.e. contract misunderstandings
- Multisourcing
- combination of professional services, mission-critical support, remote management, and hosting service offered to customers. Goal is to integrate collection of IT services into none stable, cost-efficient system.