BIA TEST 3

malware safeguards

- Install antivirus and antispyware software - Scan your computer frequently - Update malware definitions - Open email attachments only from known sources - Promptly install software updates from legitimate sources - Browse only reputable web sites

problems created by information silos

-data duplication, data inconsistency (same data in different databases) -disjointed processes (info not joined with same question, not connected well) -limited information and lack of integrated information (not having customer info) -isolated decisions lead to organizational inefficiencies -increased expense

major challenges to system development

-the difficulty of determining requirements (things we need) -changes in requirements -difficulties involving scheduling and budgeting (sometimes paid by line of code so more coding occurs and scheduling time to take breaks is hard) -changing technology (how apps and updates change) -diseconomies of scale (having more makes it more expensive)

how is the IS department organized

CEO & COO at top, HR and legal (plus other staff functions below) CMO, VP sales, VP manufacturing, CIO, CFO, VP engineering, and CSO in middle data administration, CTO, operations, development, outsourcing relations, CISO at bottom and connected to the CIO

application providers

Costs to develop, implement, manage social networking procedures costs associated with running services (providers have expenses)

design and implementation to enterprise app integration

EAI server: translator on top to build relationships and connect thru the EAI central metadata tool EAI server connects to EAI metadata which is virtual integrated database CRM sends requests to manufacturing system via EAI server and system doesn't change but adds relationships thru separate piece

revenue model in action

Edward Tufte said "there are only two industries that call their customers users: illegal drugs and software great hack and social dilemma (by Jaron Lanier)

security concerns

IS design involves constant trade-offs: threat of focused attack (hack one system so you can hack them all) inter-enterprise system connects competitors (customer / insurance can see all the data so we can chose cheapest option bc info should be separate from company perspective) security in the cloud (security and regulations such as less open source)

social networking (sites)

IS for sharing content three roles: providers (meta aka Facebook provides platform for insta) users (us) communities/sponsors (ads for Nike, Coke, Ford) you can be one, two, or three roles in the way that nike is a sponsor AND user or Facebook is ALL THREE

Social Media Information System (SMIS)

IS for sharing content among networks of users basically info used to share content

alignment

IS professional should look at alignment, security, and CIO connection because they are working together can be challenging to manage IS

social media (SM)

IT to support content sharing among networks of users enables communities of practice through people related by common interest (aka similar following) also known as content that is uploaded

pilot approach

Implement entire system in limited portion of business Limits exposure to business if system fails (only allowing one division to use it) risk: communication between departments, could purposely create info silos and actively shutting communications one

structured process

Support operational and structured managerial decisions and activities Standardized Usually formally defined and documented Exceptions rare and not (well) tolerated Process structure changes slowly and with organizational agony Example: Customer returns, order entry, purchasing, payroll, etc.

dynamic process

Support strategic and less structured managerial decision and activities Less specific, fluid Usually informal Exceptions frequent and expected Adaptive processes that change structure rapidly and readily Example: Collaboration; social networking; ill-defined, ambiguous situations

phased approach

System installed in phases or modules Each piece installed and tested, looks at pieces of system and only use little piece of data

managing the risk of inappropriate content

User Generated Content (UGC) Problems from external sources -Junk and crackpot contributions (bad sources or reviews) -Inappropriate content (bad photos) -Unfavorable reviews (cold coffee reviews) -Mutinous movements (hashtags for attention)

Malware Types and Spyware and Adware Symptoms

Viruses: Payload Trojan horses (prentending to be something else, access to location tracking or using video link to hack) Worms (replicate email that sends to contact list) Spyware (on machine, can track our passwords and records by gaining access to what we type) adware (ads blocking screen, ex: quizlet ads)

managing employees social network use

ability to review employee sites (when hiring and after hired thru contract) ability to post on sites (about work? without identifying info?), basically dictates if they are allowed to post about work without disclosing specific work info

Brooks' Law involving diseconomies of scale

adding more people can make it a slower process, veteran members train new staff and lose productivity while training, schedules can be compressed only so far, once a project is late and over budget no good choices exist

revenue model for social media

advertising: pay per click (interest shown they click causes you to see more of the Ads because you showed interest) AND uses increases value (ex: Facebook makes money the advertising) freemium: offers users a basic service for free then charges a premium for upgrade or advanced features (ex: Spotify) sales: apps and virtual goods, affiliate commissions, donations (normal sales)

highly structured business process example

any website follows this process because it is efficient and increases speed order - check inventory - out of stock or in stock - check customer credit - credit rejected or credit approved - approve special terms or special terms rejected leads to order fulfillment process if approved

enterprise

anyone in the business, support one or more enterprise processes, 100-1000+ users, procedures formalized and problem solutions affect enterprise, eliminate workgroup data duplication, difficult to change (ex: hospital)

customer life cycle

attract (marketing) - sell (customer acquisition) - relationship management (support and resell) - categorize (loss/churn) target - prospect - customer - either low value or high value customers

Goal of Information Systems Security

balance the trade off (trade off between damage and safeguards and cost/value), security is not about being successful 100% of the time threats, vulnerability, safeguards, targets, no safeguards, and loss can all help or hurt a company

social network in the news

bound by Section 230 of the Communications Decency Act which is where social networks are not responsible for the content on them hard to create a list of universally bad things to block or monitor from company's end since companies do not have control can help companies market and create credibility, shows popularity in press, encouragement looks good for company and shows they care (ex: Starbucks recognizing front line nurses)

hacking

breaking into computers to steal data

changes due to mobile

by 2022 number of mobile devices will reach 12.3 billion mobile ad spending should reach $141B and account for 75% of total Digital ad spending average click the rate of smartphones is 3.75% but only 2.29% on PCs (click thru if you click on something even accidentally it counts) use of ad blocking software growing by 69% per year

how to reduce challenges

careful planning, substantial training, senior management invovlement employee resistance to new system (expect it) because this requires change in effort and engenders fear, threat to self-efficacies, and requirement gaps (what you need the system to be) new technology: the cloud, mobile tech, risk and potential outside control fo organizational resources (manage risks outside company)

IS / IT outsourcing alternatives

cloud, PaaS, SaaS, IaaS, or whole procedures (ex: oracle, blue line which changes procedures) aspects utilized for certain procedures in IS IaaS cloud hosting: hardware licensed software / outsourced development: software PaaS: hardware, software SaaS: hardware, software, data System: hardware, software, data, procedures Business function: hardware, software, data, procedures, and people

parallel

complete new and old systems run simultaneously, very safe but expensive, runs new and old systems together, allows you to double check, expensive because you are doing twice the work because of time and labor

inter-enterprise

connecting with someone else, support one or more inter-enterprise processes, 1000+ users, system procedures formalized and problem solutions can affect multiple organizations can resolve problems of duplicated enterprise data, very difficult to change, ex: Sodexo with Creighton

customer relationship management

connection of tools that connect with database to manage processes suite of applications, database, and set of inherent processes manage all interactions with customer through four phases of customer life cycle (manages data of how we interact with our customers) 1) marketing 2) customer acquistion 3) relationship management 4) loss / churn supports customer-centric organization

enterprise application integration

connects system islands, enables communicating and sharing data, provides integrated info, provides integrated layers on top of existing systems while leaving functional applications as is, enables less expensive and more gradual move to ERP

benefits and uses for social networks and such

constantly changing balance of power with customers (dynamic) users can build on each other: solve issues, complaints or reviews, market to others employee recruitment and use customer interaction solves problems within company thru customer's ideas which gains ability to know what customers think

use of multiple firewalls

data delivered they packets internet connects to perimeter firewall (outside firewall) goes to server network (mail server and web server) server network to internal firewall which is used as security to see threats assembled and stops them (aka packets of a virus can be processed as one virus / spam) internal firewall then goes to local are network of personal computers ex: bomb can't be taken they airport but ind. materials can be taken they security and created which in the same way multiple packets with threats and scams could get thru perimeter but be stopped by firewall

types of safeguards: data

data safeguards: data rights and responsibilities, passwords, encryption, backup and recovery, physical security

business process re-engineering

developed to fix inefficiencies seen in 1990s, goal was to automate standardized functions enterprise systems enabled creation of more efficient or more effective process integrated data, enterprise systems create stronger, faster, more effective linkages in value chains difficult, slow, and exceedingly expensive DIDNT ACTUALLY WORK

problems with the System development life cycle (SDLC)

difficult to document requirements: - requirements change - analysis paralysis - users don't know what they need scheduling and budgeting difficulties no changes occur until maintenance stage

responding to social networking problems: 3 rules of engagement

disclose, protect, use common sense

human safeguards actions / approaches

dissemination and enforcement (responsibility, accountability, compliance) termination (friendly approach to avoid backlash, tough now because personal devices store info, unfriendly approach can cause issues) position definition (separate duties and authorities, determine least privilege needed for each individual, document position sensitivity aka double authorization when dealing with money) hiring and screening (hire good people)

ransomware

encrypts data until ransom is pair, money required to get Apple ID password or photos back from hacker

principles of agile development methodologies

expect and welcome changes in requirements, frequently deliver working version of product, work closely with customer for the duration, design and test as you go, team knows changes and results best, can be used for applications, IS, and BPD just-in-time design

social media and the value chain: outbound logistics

focus: downstream supply chain suppliers dynamic process: problem solving risks: privacy

social media and the value chain: Human Resources

focus: employment candidates, employee communications dynamic processL employee prospecting, recruiting, and eval Sharepoint for employee to employee communication risks: error, loss of credibility

social media and the value chain: manufacturing and operations

focus: outward for user design and inward to operations and manufacturing dynamic process: user guided design, industry relationships, operational efficiencies risks: efficiency and effectiveness

social media and the value chain: customer service

focus: outward to customers dynamic process: peer to peer support risks: loss of control

social media and the value chain: sales and marketing

focus: outward to prospects dynamic process: social CRM, peer to peer sales risks: loss of credibility, bad PR

social media and the value chain: inbound logistics

focus: upstream supply chain providers dynamic process: problem solving risks: privacy

advantages of outsourcing

gives people in charge the ability to work on stuff related to their expertise management advantages: obtain expertise, avoid management problems, free management time cost reduction: obtain part time services, gain economies of scale risk reduction: cap financial exposure, improve quality, reduce implementation risk

responding to security incidents involves

having a plan in place, centralized reporting, specific responses (speed, preparation pays, don't make the problem worse), practice

Work Breakdown Structure (WBS)

hierarchy of tasks, tasks end with deliverables, documents / designs / prototypes / data models / database designs / working data entry screens used, identifies task dependencies, estimated task duration / cost and labor needed, created with project management software such as Microsoft project

plunge

high risk if new system fails, only if new system is not vital to company operations, fully plunge in, useful if you know it'll work or no existing system is present critical point: risk of failing is less than risk of not going

sources of threats

human error (people make mistakes): mistakenly giving out info or overwriting data computer crime: intentional destruction of data, viruses natural disaster: fire, hurricanes

types of safeguards: procedures and people

human safeguards: hiring, training, education, procedure design, admin, assessment, compliance, accountability

How do some companies earn revenue from social media?

hyper social organization: use SM to transform interactions with customers, employees, and partners into mutually satisfying relationships with them and their communities, depends on relationships and networking you are the product: "if you are not paying, you're the product", renting your eyeballs to an adviser if we believe in company relationships and values we are more likely to invest in them

technical safeguards

identification and authorization, encryption, firewalls, malware protection, design for secure applications

improving processes

improve efficiency or effectiveness (change process structure, change process resources or both)

standardization

inherent processes: predesigned procedures for using software products, based on industries best practices basic and efficient process (ex checking out at store) customer relationship management (CRM), enterprise resource planning (ERP), and enterprise application integration (EAI) all of which are still functional

enterprise Social Networks (SN)

internal networks using Sharepoint for wikis, discussion board, photo sharing (ex: slack, yammer - used in workplace) enterprise allows employees to connect which gives transparency

knowledge management

knowledge trapped in organization can be taken and exchanged efficiently (contain knowledge in company and find answers from past workers) ex: if worker created a new system and retired then using knowledge management would allow you to obtain their info and learn how to use it again

the art of deception by Mitnick and Simon

lady wants a divorce, husband puts all money in a different account (and the wife does not file for divorce until she knows where money it), wants to know where assets are find out what info you need to know basically he (the private investigator) used calls to collect info and get credit info based off of utilizing previous info to find where money was hidden

responding to social networking problems

leave it (inattentive), respond to it (saying sorry and helping), delete it (causes people to question what happened) general rule: never wrestle with a pig you'll get dirt and the pig will enjoy it AKA won't end up good if you make it go away or ignore customer complaints or do not respond well

risks of outsourcing

loss of control: vendor in driver's seat (in control), technology direction, potential loss of intellectual capital, product fixes, enhancements in wrong priority, vendor management / direction or identity changes, CIO superfluous (knowing more than enough info) benefits outweighed by long term costs: high unit costs forever, paying for someone else's mismanagement, int time outsource vendor is de facto dole source (locked in), many not het what you pay for but don't know it no easy exit: critical knowledge in mind of vendors and not employees, expensive and risky to change vendors

average computer crime costs and percent of attacks by type (greatest to least)

malware, phishing & social engineering, web based attacks, malicious code, botnets, stolen devices, denial of service, malicious insiders, ransomware (current growing more)

severity of computer crime

malware, web-based attacks, denial of service are top three but botnets and ransonwar are lowest attack type

systems development is difficult and risky

many projects never finish, 200-300% over budget, some don't accomplish goals aka do what they said they would do, high risk of failure even with competent people following appropriate methodology

conversion rate

measures if you did something with a site/program/app to engage with it frequency someone clicks on ad makes a purchase, likes a site, or takes some other action desired by the advertiser conversion rate on smartphones is 2.25% but 4.84% on PCs thus conversion rate is more popular for PCs but click thru more common on smartphone

distributed systems for inter-enterprise ARES system

native or thin client application is used for reports (member and personal progress), machine generated data (store exercise data), lab results, and reports through mobile devices that go to the ARES database

what IS related job positions exist

network administrator, technical writer, technical sales, tech support enginner, systems analysis, programmer, business intelligence analyst, business analyst / IT, test QA engineer, database administrator, consultant / IT, manager or project manager / IT, CTO, CIO, CISO

international outsourcing

outsourcing does not always need to be international India: large, well educated, English-speaking, labor cost is 20-30% of the US labor cost china and other countries utilized modern telephone technology and internet-enabled service database allows for outsourcing customer support and other functions operational 24/7 when international

information systems can

perform an activity (automation), augment a human performing an activity, control data quality and process flow (look for areas where systems can make process easier)

system conversion approaches: 4 approaches

pilot, phased, parallel, plunge

ERP applications

primary purpose is integration sales apps, relationship management applications, customer support applications, accounting apps, manufacturing apps, inventory apps, HR apps, solicitation and lead management applications

systems development

process of creating and maintaining an information systems involves all five components of IS model requires: establishing system goals, setting up the project, determining requirements, business knowledge and management skill

outsourcing

process of hiring another organization to perform a service relies on elasticity of other companies, similar to how cloud is outsourced so those jobs would be outsources any value chain business activity can be outsourced, save costs and gain expertise, save direct / indirect management time & attention "your back room is someone else's front room" ex: Sodexo is outsources from creighton because it is cheaper, gives correct supply of food and produces in economies of scale that can be split among other universities that use Sodexo in midwest THUS switching Sodexo would change info systems already in place

scrum process: steps details

product owner - prioritize requirements list - chose requirements to deliver - stand up and do work daily - period ends so deliver and reflection occurs scrum period of work is between 1 to 8 weeks

use common senese

remember that professional, straightforward and appropriate communication is best

the triple constraint

requirements (scope), time, and cost trade off between these three things requirements have more resources, people, changes in process one change = trade off with others in some regard always some limit that keeps us from doing what we want to do

the scrum process

requirements list drives process, each work period designated, requirements selected and team meets daily, test frequently, paired work possible to limit mistakes minimal documentation (documenting is too much work so if two people understand there is enough backup and knowledge between them to not need documentation) evaluate process at end of period, rinse and repeat until done, out of money, or out of time three principle roles: product owner (business professional), scrum master, team members between 5-9 people total

data safeguards

rights and responsibilities tied to employee account and access define data policies, data rights and responsibilities, rights enforced by user accounts authenticated by passwords, data encryption (hide passwords when typing in), backup recovery procedures, physical security (lock doors, security guards)

the viruses made thru malware, spyware, and adware cause

slow system startup, sluggish system performance, many pop-up ads, suspicious browser homepage changes, suspicious changes to taskbar and other system interfaces, unusual hard-disk activity

CRM applications

solicitation and lead management application, sales applications, relationship management applications, customer support applications all lead to CRM database

planning the use of IS

strategy and usage is important to increase engagement and processes align IS with organizational strategy, maintain alignment as organization changes communicate IS/IT issues to exec group (don't silo info) develop / enforce IS priorities within the IS department sponsor steering committee (steer strategy)

workgroup

sub-population of primary business, support one or more workgroup processes 10-100 users, procedures often formalized and problem solutions within group, workgroups can duplicate data but somewhat difficult to change (ex: acc dept in company)

enterprise resource planning

suite of applications, database, and inherent processes consolidates business operations into a single, consistent computing platform CRM plus accounting, manufacturing, inventory, and Human Resources applications SAP (market leader in ERP similar to oracle) offers industry-specific customized packages

Systems Development Life Cycle (SDLC)

system definition (planning) - what it is requirements analysis (analysis) - thinking about what we need component design (design) implementation (using system makes it successful) maintenance (updates and changes)

protect

take extra care to protect both intel and yourself, PROTECT

human safeguards actual steps to consider

take security seriously, create strong passwords & use multiple passwords, send no valuable data via email or IM, use https at trusted, reputable vendors (lock on web site), remove high value assets from computers, clear browsing history / temporary files and cookies, regularly update antivirus software, demonstrate security concern to your fellow workers, follow organizational security directives and guidelines, consider security for all business initiatives

Gantt chart of WBS

takes work breakdown structure and creates layout of resources critical path: what has to happen before each phase can move forward

types of safeguards: hardware and software

technical safeguards: identification and authorization, encryption, firewalls, malware protection, application design

implementation: system testing

test plan, product quality assurance (PQA), user testing (develop test plans and test cases), beta testing (user decides if it works or not, users final say on whether system is "production ready"

inter-enterprise IS solve the problems of Enterprise Silos

these IES systems are made to fix data issues info silos can include through employers if they do not know certain health records, through health clubs if they do not update membership or exercise performance data, or through home usage of tech (such as exercise bike) if health monitor data or watch data recorded in mobile devices create silos

types of security loss

unauthorized data disclosure: pretexting (creating scenario to get people to divulge info aka art of deception example) spoofing (pretending to be an authorized person) phasing (emailing purporting to be a reputable company) sniffing (intercepting through wired connection (ex: overriding security in national treasure movie haha) wardriving: driving around to connect to available wifi incorrect data modifications (set up internal controls) faulty service (system mistakes and sending wrong info somewhere) loss of infrastructure (loss of property, theft of intellectual property aka ex: breaking into car and stealing laptop) denial of service (overland servers w request to overload data info and input)

beta testing

users final say on whether system is "production ready"

what are the functions of the IS (information systems) department

usually spread out in organization plan use of IS to accomplish organizational goals and strategy (using whole system) Manage outsourcing relationships Protect information assets (data and devices) Develop, operate, maintain computing infrastructure (IT) Develop, operate, maintain applications (developers or IT)

information silos

when data is isolated in separate systems: data isolated in islands of automation, different department goals (different departments have different info instead of them having relationship between data and department info ex: insurance address example), different personal and workgroup needs, duplicate data as organization grows results in data integrity problems and disjointed business processes (issues in databases, normalization decreases, integrity issues and redundancy) disjointed business processes

the waterfall method

works well because they use all the steps and keeps going down, never back up business planning process -system need- system definition -project plan- requirements analysis -approved user requirements- component design -system design- Implementation -system- users -problem or need for change- system maintenance goes back up to system definition

disclose

your presence in social media must be transparent, explain what you are doing

human safeguards for non employee personnel

• Temporary personnel, vendors, partner personnel (employees of business partners), and public, hardening to reduce vulnerabilities • Require vendors and partners to perform appropriate screening and security training • Contract specifies security responsibilities • Least privilege for accounts and passwords, remove accounts as soon as possible (ex: having specific event wifi for public to avoid hacking issues)