MIS 304: EXAM 3

Types of Cyberterrorism

- Coordinated bomb attacks - Manipulation of financial and banking information - Manipulation of the pharmaceutical industry - Manipulation of transportation control systems - Manipulation of civilian infrastructures - Manipulation of nuclear power plants

Smaller companies may change their business practices to accommodate the ERP software (instead of customizing the ERP software) because: - All of: {ERP software incorporates features to support social engineering, ERP software is based around best practices, The licensing for ERP software does not permit changes} - None of the other options are correct - ERP software is based around best practices - ERP software incorporates features to support social engineering - The licensing for ERP software does not permit changes

- ERP software is based around best practices

Computer criminals who deface Web sites to promote political or ideological goals are called - Online predators - Crackers - Internet activists - Social promoters - Hacktivists

- Hacktivists

Based on the video watched in class, we concluded ____ is/are critical for amazon's success - Social engineering - All of the other options are correct - Information integration - Legacy Systems - DDoS

- Information integration

_____ are reported by organizations as the most common (computer crime) offenders - Organized crime (e.g., the mafia) - Online predators - Hacktivists - Crackers - Insiders (current or past employees)

- Insiders (current or past employees)

Assessing Risks

- Risk Reduction - Actively installing countermeasures Risk Acceptance - Accepting any losses that occur Risk Transference - Have someone else absorb the risk (insurance, outsourcing) Risk Avoidance - Using alternative means, avoiding risky tasks

___ requires companies to maintain financial controls (usually IS-based) and holds senior management responsible for failures. - FDIC - Arizona Corporation commission - Sarbanes-Oxley Act - None of the other options is correct - HIPAA

- Sarbanes-Oxley Act

A steering committee identifies and assesses all possible systems development projects that the organization could undertake. - True - False

- True

The term shoulder surfing refers to looking over one's shoulder while the person is keying in access information. - True - False

- True

The total cost of ownership is focused on understanding not only the total cost of acquisition, but also all costs associated with ongoing use and maintenance of a system. - True - False

- True

Packaged Software

- also called off the shelf - may or may not require significant configuration - enterprise software often divided into modules - special functionality may require customizing the packaged version

Traditionally, companies are organized around five distinct functional areas. Which of the following is one of them? - technology management - systems management - None of the other options are correct - supply chain management - Both: {technology management, supply chain management}

- supply chain management

Proprietary Systems

-From vendors -Not designed to share with other vendors' systems -Lack of integration

Steps in Development Proceess

1.Systems planning and selection 2.Systems analysis 3.Systems design 4.Systems implementation and operation

The Computer Fraud and Abuse Act of 1986

A crime to access government computers or communications A crime to extort money by damaging computer systems A crime to threaten the president, vice president, members of Congress, administration officials

Electronic Communications Privacy Act of 1986

A crime to break into any electronic communications service, including telephone services Prohibits the interception of any type of electronic communications

Cookies

A small file Web sites place on user's computer. Can be legitimate (to capture items in a shopping cart) but can be abused (to track individuals browsing habits) and can contain sensitive information (like credit card numbers) and pose a security risk

A(n) ________ is an integrated suite of business applications for virtually every department, process, and industry, allowing companies to integrate information across operations on a company-wide basis using one large database. A) enterprise system B) distributed system software C) decision support system D) legacy system E) management information system

A) enterprise system

Designing and developing applications that support the primary business activities are a part of the ________ activities. A) technology development B) operations and manufacturing C) procurement D) inbound logistics E) outbound logistics

A) technology development

Which of the following is an example of an intangible cost? A.Losing customers B.Employee salaries C. Installation and maintenance of software D. Employee recruitment and retention E. Customer support

A.Losing customers

Recall our assignment. _______ is/are among the visualizations supported by python for exploratory data analysis. A.Scatterplots B.GPS maps C.Social Engineering D.All ofthe above E.None of the above

A.Scatterplots

Are Python variables case sensitive? A.Yes B.No C.Maybe? D.Yeson Macs only E.None of the above

A.Yes

Cyberterrorism

Attacks by individuals and organized groups Political, religious, or ideological goals Terrorists are leveraging the Internet to coordinate their activities, recruit, and perform fundraising

Which of the following is true of system effectiveness? A) It is the extent to which a system enables the firm to do things faster, at lower cost. B) It is the extent to which a system enables the firm to accomplish goals well. C) It is the extent to which a system allows a firm to plan its tasks. D) It is the extent to which a system allows a firm to cut operational costs. E) It is the extent to which a system enables people to accomplish tasks with relatively little time and effort.

B) It is the extent to which a system enables the firm to accomplish goals well.

Business case arguments based on data, quantitative analysis, and/or indisputable factors are known as arguments based on ________. A) fiction B) facts C) faith D) fads E) fear

B) facts

A major disadvantage of ERP is it does not allow for modular implementation of software A. True B. False

B. False

Externally focused systems improve information flows between department and processes A. True B. False

B. False

The custom designing of products is a step within the following core business practices. A. Procure-to-Pay B. Make-to-Order

B. Make-to-Order

Information technology is traditionally viewed as a _____ center A.Profit B.Cost C.Nerd D.A and B only E.All ofthe above

B.Cost

Spam

Bulk unsolicited email sent to millions of users at extremely low cost, typically seeking to sell a product, distribute malware, or conduct a phishing attack

Cybersquatting

Buying and holding a domain name with the intent to sell The 1999 Anti-Cybersquatting Consumer Protection Act makes it a crime if the intent is to profit from the goodwill of a trademark belonging to someone else

________ contains spyware that collects information about a person's Web surfing behavior in order to customize Web site banner advertisements. A) Malware B) A cookie C) Adware D) A honeypot E) Firmware

C) Adware

When Shelly downloaded an arcade game from an unknown Internet Web site, an unauthorized connection unknown to Shelly was established with her computer. The arcade game is most likely to be ________. A) a worm B) adware C) a Trojan horse D) encryption E) spyware

C) a Trojan horse

The first phase of the systems development life cycle (SDLC) is systems ________. A) implementation B) operation C) planning and selection D) analysis E) design

C) planning and selection

Employees steal time on company computers to do personal business. This is an example of ________. A) vandalism B) hacking C) unauthorized access D) cyberstalking E) functional inconvenience

C) unauthorized access

Identify the approach often used for implementation of module based software. A. Parallel B. Direct C. Phased D. Pilot

C. Phased

Systems Analysis

Collecting Requirements - May be the most important part of Systems Development - Dictates how the proposed system should function Modeling Data - What data is needed - Modeled using Entity-Relationship diagrams Modeling Processes and Logic - Model the Data flow - Model the Processing Logic - Develop System Designs & Evaluate, Selecting One

Implementing Controls

Commonly used controls: - Physical access restrictions - Firewalls - Encryption - Virus monitoring and prevention - Secure data centers - Systems development controls - Human controls

Hacktivist

Crackers who are motivated by political or ideological goal and who use Cracking to promote their interests

Cyberwar

Cyberwar Vulnerabilities - Command-and-control systems - Intelligence collection, processing, and distribution systems - Tactical communication systems and methods - Troop and weapon positioning systems - Friend-or-foe identification systems - Smart weapons systems

Which of the following terms refers to junk newsgroup postings used for the purpose of advertising for some product or service? A) Web filter B) adware C) cookie D) spam E) bot herder

D) spam

Which kind of query takes the results of a query and "exports" it into an MS-Access table? A.Select-Join Query B.Append Query C.Select Query D.Make Table Query E.None of the above

D.Make Table Query

Security Concerns

Destructive code is called Malware, and includes computer viruses and other types of code designed to infect computers or perform other malicious or criminal activities. Viruses, Worms, and Trojans all fall into this category.

________ software are applications written by third-party vendors that are used by many different users and organizations. A) Tailored B) Custom C) Personalized D) Bespoke E) Packaged

E) Packaged

An internally focused system helps an organization coordinate with its ________. A) suppliers B) business partners C) producers D) customers E) departments

E) departments

____ is an attempt to trick financial account and credit card holders into giving away information. A. Cyber tunneling B. Viral marketing C. Logic bombing D. Hacking E. Phishing

E. Phishing

Employees steal space on company computers for personal business. This is an example of: A. Hacking B. Web vandalism C. Cyberstalking D. Embezzlement E. Unauthorized access

E. Unauthorized access

In-class, we watched a video where ______ was/were used to target the nuclear infrastructure of a country. A. social engineering B. web vandalism C. DDoS attacks D. embezzlement schemes E. a computer virus

E. a computer virus

Central Information Repository

ERP replaces stand alone applications Modules based on: - common database - similar application interfaces

ERP Limitations

ERP systems often require organizations to change their business processes -Once implemented, a company is locked in -Difficult and costly to make future changes -Modifications require extra and costly programming

ERP Support

ERP systems support core business processes Assist with: - Order-to-cash - Procure-to-pay - Make-to-stock/make-to-order Often packaged industry-specific ERP versions - Support industry-specific core processes - Health care - Automotive - Construction - Retail - Specialized manufacturing industries

The order-to-cash process entails sub-processes such as price and terms negotiations, issuing of the purchase order, receiving the goods, and receiving and paying the invoice. - True - False

False

ERP Compliance

Have built in systems to: - mirror organizational processes - support segregation of duties - monitor business activities Dont solve all compliance problems but help a lot

Costs & Benefits

Identifying Costs - Tangible costs—total cost of ownership (TCO) - Non-recurring costs (acquisition) - Recurring costs (use and maintenance) - Intangible costs (e.g., loss of customers) Identifying Benefits - Tangible benefits (e.g., estimated sales gains) - Intangible benefits (e.g., improved customer service)

Identity Theft

Identity theft is one of the fastest growing information crimes Stealing Social Security, credit card, bank account numbers and information Possible solutions Government and private sector working together to change practices - Use of biometrics and encryption

Threats

Insider Threats - disgruntled employees Accidents/disasters, employees, associates, viruses/malware

Stakeholders

Management - greater strategic focus Steering Committe - cross functional focus - cost benefit analysis User Department - narrow non strategic focus - faster development IS Executive - focus on integration with current systems - less concerned with cost benefit analysis

Traditional Business Functions

Markering & Sales Supply Chain Management Accounting & Finance Human Resources

Vendor Selection

Once all the proposals are in and evaluated, those that meet your needs should be scored and ranked to provide a solid basis for comparison.

Conversion Strategies

Parallel - old and new systems are used at the same time Direct - old system is discontinued on one day, and the new IS is used on the next Phased - parts of the new system are implemented over time Pilot - entire system is used in one location

Phishing

Phishing is the "casting" of email messages typically hoping to trick users into sending in usernames and passwords. It is a common form of spam, and some phishing attacks can be very realistic. A variation of phishing is "Spear Phishing" where a single targeted email message might be sent to an individual in a company seeking specific information, such as an email to the COO asking about product development which is shown as coming from the office of the CEO and which references the people the COO works with by name, making it seem very plausible.

Off-the-Shelf Software

Prepackaged - less costly - faster to procure - of higher quality - less risky

External Acquisition of Systems

Reasons: limited IS staff - Staff may be too small. - Staff may be occupied in other ways. - Staff is not capable of developing the system without additional hiring. IS staff has limited skill set - Many organizations have outside groups manage their Web sites. IS staff is overworked Problems with performance of IS staff

Business Case

Sells an investment - build a strong integrated set of arguments - show how an IS adds value - lay out costs and benefits - used to make a 'go' or 'no go' decision - may be used to justify continued funding

Request for Proposal

The RFP needs to include enough information that vendors can submit an informed proposal that will meet the company's needs. This includes the current situation, all the requirements for the new system, how the new system will be evaluated, and any constraints on the proposal.

Make-to-Order

The previous models only looked at selling or buying a product. What about the actual design and manufacture of the product? The production process is involved in the "Make to order" or "Make to stock" process. The process of manufacturing goods, either based on forecasts or based on orders

Proposal Evaluation

The proposal needs to be evaluated based on the cost and benefits, which is often interpreted as functionality - Total cost of ownership - System features - compared to RFP - System benefits - based on system features - System benchmarks - measure of system features

Systems Design

This includes the Phase 2 models and optimal architecture or System Design. In this phase the system is completely modeled based on prior knowledge from the analysis phase, and the additional work being done to complete the design. We finalize the look and feel of the software at this stage, often by drawing up "screens" or prototypes of what the user will see on their computer.

Procure-to-Pay

This is a standard purchasing model. The company negotiates a purchase of goods, and pays the vendor. Functional Areas - Supply Chain Management - Accounting & Finance - Manufacturing & Operations

Order-to-Cash

This is the traditional sales model for a company. A product is sold, and money is collected. Functional Areas - Sales & Marketing - Accounting & Finance - Manufacturing & Operations

Developing Strategy

Types of controls: - Preventive - Detective - Corrective

Stand-Alone Applications

Variety of computing hardware platforms Not designed to communicate with other systems Not helpful for other areas in the firm

Managing Software License

Varying degrees of restrictiveness or freedom Types of licenses: Shrink-wrap or click-wrap licenses - Typical for off-the-shelf and system software Enterprise or volume licenses - Usually negotiated Software asset management - Performing a software inventory Linux is an example of protective open source software. Microsoft Windows is an example of proprietary software.

Viruses

Viruses infect a computer, and then spread to other computers through mechanisms such as e-mail attachments and the sharing of infected files. A virus can spread very rapidly through and across organizations.

Denial of Service

When a server has too many requests to handle, it becomes overloaded and unable to serve the requests of legitimate users. A Denial-of-Service attack seeks to overload servers, typically using a network of hacked computers that are controlled remotely, by sending too many requests or messages to the server for it to handle.

Firewall

a part of a computer system or network that is designed to block unauthorized access while permitting outward communication.

Enterprise Resource Planning (ERP)

a suite of applications called modules, a database, and a set of inherent processes for consolidating business operations into a single, consistent, computing platform

Making a business case can be done on faith, fear and/or facts. a) True b) False

a) True

Systems Planning & Selection

analyst gather informations and builds the case Multiple approaches to selecting projects - Formal IS planning process - Ad-hoc planning process informal The business case role - Business cases for different projects compared - Multiple selection criteria

Hackers vs. Crackers

both gain unauthorized access to computer Hackers do not damage or steal information Crackers used information with intent to commit a crime

Performing cost-benefit analyses + comparing competing investments is part of ____ a) Case arguments based on Faith b) Case arguments based on Fear c) Case arguments based on Fact d) All of the above e) None of the above

c) Case arguments based on Fact

Based on the video we watched in class, Sheldon was stuck in an infinite loop because: a) His algorithm was too complicated b) He wanted to sell his algorithm at Comic-Con c) None of the other options is correct d) He did not properly interpret and take into account the problem requirements e) Kripke and he shared an interest in the infinite

d) He did not properly interpret and take into account the problem requirements

Consider our Assignment on Python. Which of the following are true? a) a comment in Python begins with the following characters: /* b) a comment in Python begins with the following characters: // c) variables in Python are NOT case-sensitive d) variables in Python are case-sensitive e) None of the other options are correct

d) variables in Python are case-sensitive

Custom Software

designed and developed exclusively for a specific organization

What are some reasons for the IT productivity paradox? a) Cloud computing b) Time lags c) Redistribution d) All of the above e) Only B & C

e) Only B & C

Computer Crime

if you commit a crime against a computer, while using a computer, or even simply use a computer to support other criminal activities, it is considered computer crime.

Integrated Enterprise System

integrated suite of business applications for virtually every department, process, and industry

Systems Implementation & Operation

involves converting the design to a system, implementing the database, creating the user guides, conducting the training, and switching over to the new system.

IS Security Process

involves four main tasks: - assessing risks - developing a strategy - implementing controls - monitoring the resulting security. This is an ongoing process that requires frequent review and update as threats evolve. Organizations should continuously watch for emerging threats, vulnerabilities, and attacks.

Value Chains

it is necessary for information to flow between companies for the smooth and efficient operation of the value system.

Mobile Threats

lost devices keep sensitive information without passcodes jailbreaking mobile phones unsecure wireless networks

Open Source Software

programs source code is freely available for use free to use but hidden support costs may offer commercial trade support for a fee Ex. Linux & MySQL

Enterprise Systems

provide enterprise wide support and data access for a firm's operations and business processes

Spyware

software that monitors the activity on a computer, such as the Web sites visible or even the keystrokes of the user

Customized Software

tailored to unique needs problem specific - pay only for what is needed

Productivity Paradox

the observation that productivity increases at a rate that is lower than expected when new technologies are introduced Recall the paradox created for banks after investment in ATM technology. Bank teller productivity decreased when measured by existing metrics. For example, the amount of checks cashed. In reality, the bank teller was now responsible for more value-added business activities, requiring new metrics to be established.

Prototyping

trial and error Works even when the desired endpoint isn't known, if there is a basis for determining when one prototype is better than another