MIS 304: EXAM 3
Types of Cyberterrorism
- Coordinated bomb attacks - Manipulation of financial and banking information - Manipulation of the pharmaceutical industry - Manipulation of transportation control systems - Manipulation of civilian infrastructures - Manipulation of nuclear power plants
Smaller companies may change their business practices to accommodate the ERP software (instead of customizing the ERP software) because: - All of: {ERP software incorporates features to support social engineering, ERP software is based around best practices, The licensing for ERP software does not permit changes} - None of the other options are correct - ERP software is based around best practices - ERP software incorporates features to support social engineering - The licensing for ERP software does not permit changes
- ERP software is based around best practices
Computer criminals who deface Web sites to promote political or ideological goals are called - Online predators - Crackers - Internet activists - Social promoters - Hacktivists
- Hacktivists
Based on the video watched in class, we concluded ____ is/are critical for amazon's success - Social engineering - All of the other options are correct - Information integration - Legacy Systems - DDoS
- Information integration
_____ are reported by organizations as the most common (computer crime) offenders - Organized crime (e.g., the mafia) - Online predators - Hacktivists - Crackers - Insiders (current or past employees)
- Insiders (current or past employees)
Assessing Risks
- Risk Reduction - Actively installing countermeasures Risk Acceptance - Accepting any losses that occur Risk Transference - Have someone else absorb the risk (insurance, outsourcing) Risk Avoidance - Using alternative means, avoiding risky tasks
___ requires companies to maintain financial controls (usually IS-based) and holds senior management responsible for failures. - FDIC - Arizona Corporation commission - Sarbanes-Oxley Act - None of the other options is correct - HIPAA
- Sarbanes-Oxley Act
A steering committee identifies and assesses all possible systems development projects that the organization could undertake. - True - False
- True
The term shoulder surfing refers to looking over one's shoulder while the person is keying in access information. - True - False
- True
The total cost of ownership is focused on understanding not only the total cost of acquisition, but also all costs associated with ongoing use and maintenance of a system. - True - False
- True
Packaged Software
- also called off the shelf - may or may not require significant configuration - enterprise software often divided into modules - special functionality may require customizing the packaged version
Traditionally, companies are organized around five distinct functional areas. Which of the following is one of them? - technology management - systems management - None of the other options are correct - supply chain management - Both: {technology management, supply chain management}
- supply chain management
Proprietary Systems
-From vendors -Not designed to share with other vendors' systems -Lack of integration
Steps in Development Proceess
1.Systems planning and selection 2.Systems analysis 3.Systems design 4.Systems implementation and operation
The Computer Fraud and Abuse Act of 1986
A crime to access government computers or communications A crime to extort money by damaging computer systems A crime to threaten the president, vice president, members of Congress, administration officials
Electronic Communications Privacy Act of 1986
A crime to break into any electronic communications service, including telephone services Prohibits the interception of any type of electronic communications
Cookies
A small file Web sites place on user's computer. Can be legitimate (to capture items in a shopping cart) but can be abused (to track individuals browsing habits) and can contain sensitive information (like credit card numbers) and pose a security risk
A(n) ________ is an integrated suite of business applications for virtually every department, process, and industry, allowing companies to integrate information across operations on a company-wide basis using one large database. A) enterprise system B) distributed system software C) decision support system D) legacy system E) management information system
A) enterprise system
Designing and developing applications that support the primary business activities are a part of the ________ activities. A) technology development B) operations and manufacturing C) procurement D) inbound logistics E) outbound logistics
A) technology development
Which of the following is an example of an intangible cost? A.Losing customers B.Employee salaries C. Installation and maintenance of software D. Employee recruitment and retention E. Customer support
A.Losing customers
Recall our assignment. _______ is/are among the visualizations supported by python for exploratory data analysis. A.Scatterplots B.GPS maps C.Social Engineering D.All ofthe above E.None of the above
A.Scatterplots
Are Python variables case sensitive? A.Yes B.No C.Maybe? D.Yeson Macs only E.None of the above
A.Yes
Cyberterrorism
Attacks by individuals and organized groups Political, religious, or ideological goals Terrorists are leveraging the Internet to coordinate their activities, recruit, and perform fundraising
Which of the following is true of system effectiveness? A) It is the extent to which a system enables the firm to do things faster, at lower cost. B) It is the extent to which a system enables the firm to accomplish goals well. C) It is the extent to which a system allows a firm to plan its tasks. D) It is the extent to which a system allows a firm to cut operational costs. E) It is the extent to which a system enables people to accomplish tasks with relatively little time and effort.
B) It is the extent to which a system enables the firm to accomplish goals well.
Business case arguments based on data, quantitative analysis, and/or indisputable factors are known as arguments based on ________. A) fiction B) facts C) faith D) fads E) fear
B) facts
A major disadvantage of ERP is it does not allow for modular implementation of software A. True B. False
B. False
Externally focused systems improve information flows between department and processes A. True B. False
B. False
The custom designing of products is a step within the following core business practices. A. Procure-to-Pay B. Make-to-Order
B. Make-to-Order
Information technology is traditionally viewed as a _____ center A.Profit B.Cost C.Nerd D.A and B only E.All ofthe above
B.Cost
Spam
Bulk unsolicited email sent to millions of users at extremely low cost, typically seeking to sell a product, distribute malware, or conduct a phishing attack
Cybersquatting
Buying and holding a domain name with the intent to sell The 1999 Anti-Cybersquatting Consumer Protection Act makes it a crime if the intent is to profit from the goodwill of a trademark belonging to someone else
________ contains spyware that collects information about a person's Web surfing behavior in order to customize Web site banner advertisements. A) Malware B) A cookie C) Adware D) A honeypot E) Firmware
C) Adware
When Shelly downloaded an arcade game from an unknown Internet Web site, an unauthorized connection unknown to Shelly was established with her computer. The arcade game is most likely to be ________. A) a worm B) adware C) a Trojan horse D) encryption E) spyware
C) a Trojan horse
The first phase of the systems development life cycle (SDLC) is systems ________. A) implementation B) operation C) planning and selection D) analysis E) design
C) planning and selection
Employees steal time on company computers to do personal business. This is an example of ________. A) vandalism B) hacking C) unauthorized access D) cyberstalking E) functional inconvenience
C) unauthorized access
Identify the approach often used for implementation of module based software. A. Parallel B. Direct C. Phased D. Pilot
C. Phased
Systems Analysis
Collecting Requirements - May be the most important part of Systems Development - Dictates how the proposed system should function Modeling Data - What data is needed - Modeled using Entity-Relationship diagrams Modeling Processes and Logic - Model the Data flow - Model the Processing Logic - Develop System Designs & Evaluate, Selecting One
Implementing Controls
Commonly used controls: - Physical access restrictions - Firewalls - Encryption - Virus monitoring and prevention - Secure data centers - Systems development controls - Human controls
Hacktivist
Crackers who are motivated by political or ideological goal and who use Cracking to promote their interests
Cyberwar
Cyberwar Vulnerabilities - Command-and-control systems - Intelligence collection, processing, and distribution systems - Tactical communication systems and methods - Troop and weapon positioning systems - Friend-or-foe identification systems - Smart weapons systems
Which of the following terms refers to junk newsgroup postings used for the purpose of advertising for some product or service? A) Web filter B) adware C) cookie D) spam E) bot herder
D) spam
Which kind of query takes the results of a query and "exports" it into an MS-Access table? A.Select-Join Query B.Append Query C.Select Query D.Make Table Query E.None of the above
D.Make Table Query
Security Concerns
Destructive code is called Malware, and includes computer viruses and other types of code designed to infect computers or perform other malicious or criminal activities. Viruses, Worms, and Trojans all fall into this category.
________ software are applications written by third-party vendors that are used by many different users and organizations. A) Tailored B) Custom C) Personalized D) Bespoke E) Packaged
E) Packaged
An internally focused system helps an organization coordinate with its ________. A) suppliers B) business partners C) producers D) customers E) departments
E) departments
____ is an attempt to trick financial account and credit card holders into giving away information. A. Cyber tunneling B. Viral marketing C. Logic bombing D. Hacking E. Phishing
E. Phishing
Employees steal space on company computers for personal business. This is an example of: A. Hacking B. Web vandalism C. Cyberstalking D. Embezzlement E. Unauthorized access
E. Unauthorized access
In-class, we watched a video where ______ was/were used to target the nuclear infrastructure of a country. A. social engineering B. web vandalism C. DDoS attacks D. embezzlement schemes E. a computer virus
E. a computer virus
Central Information Repository
ERP replaces stand alone applications Modules based on: - common database - similar application interfaces
ERP Limitations
ERP systems often require organizations to change their business processes -Once implemented, a company is locked in -Difficult and costly to make future changes -Modifications require extra and costly programming
ERP Support
ERP systems support core business processes Assist with: - Order-to-cash - Procure-to-pay - Make-to-stock/make-to-order Often packaged industry-specific ERP versions - Support industry-specific core processes - Health care - Automotive - Construction - Retail - Specialized manufacturing industries
The order-to-cash process entails sub-processes such as price and terms negotiations, issuing of the purchase order, receiving the goods, and receiving and paying the invoice. - True - False
False
ERP Compliance
Have built in systems to: - mirror organizational processes - support segregation of duties - monitor business activities Dont solve all compliance problems but help a lot
Costs & Benefits
Identifying Costs - Tangible costs—total cost of ownership (TCO) - Non-recurring costs (acquisition) - Recurring costs (use and maintenance) - Intangible costs (e.g., loss of customers) Identifying Benefits - Tangible benefits (e.g., estimated sales gains) - Intangible benefits (e.g., improved customer service)
Identity Theft
Identity theft is one of the fastest growing information crimes Stealing Social Security, credit card, bank account numbers and information Possible solutions Government and private sector working together to change practices - Use of biometrics and encryption
Threats
Insider Threats - disgruntled employees Accidents/disasters, employees, associates, viruses/malware
Stakeholders
Management - greater strategic focus Steering Committe - cross functional focus - cost benefit analysis User Department - narrow non strategic focus - faster development IS Executive - focus on integration with current systems - less concerned with cost benefit analysis
Traditional Business Functions
Markering & Sales Supply Chain Management Accounting & Finance Human Resources
Vendor Selection
Once all the proposals are in and evaluated, those that meet your needs should be scored and ranked to provide a solid basis for comparison.
Conversion Strategies
Parallel - old and new systems are used at the same time Direct - old system is discontinued on one day, and the new IS is used on the next Phased - parts of the new system are implemented over time Pilot - entire system is used in one location
Phishing
Phishing is the "casting" of email messages typically hoping to trick users into sending in usernames and passwords. It is a common form of spam, and some phishing attacks can be very realistic. A variation of phishing is "Spear Phishing" where a single targeted email message might be sent to an individual in a company seeking specific information, such as an email to the COO asking about product development which is shown as coming from the office of the CEO and which references the people the COO works with by name, making it seem very plausible.
Off-the-Shelf Software
Prepackaged - less costly - faster to procure - of higher quality - less risky
External Acquisition of Systems
Reasons: limited IS staff - Staff may be too small. - Staff may be occupied in other ways. - Staff is not capable of developing the system without additional hiring. IS staff has limited skill set - Many organizations have outside groups manage their Web sites. IS staff is overworked Problems with performance of IS staff
Business Case
Sells an investment - build a strong integrated set of arguments - show how an IS adds value - lay out costs and benefits - used to make a 'go' or 'no go' decision - may be used to justify continued funding
Request for Proposal
The RFP needs to include enough information that vendors can submit an informed proposal that will meet the company's needs. This includes the current situation, all the requirements for the new system, how the new system will be evaluated, and any constraints on the proposal.
Make-to-Order
The previous models only looked at selling or buying a product. What about the actual design and manufacture of the product? The production process is involved in the "Make to order" or "Make to stock" process. The process of manufacturing goods, either based on forecasts or based on orders
Proposal Evaluation
The proposal needs to be evaluated based on the cost and benefits, which is often interpreted as functionality - Total cost of ownership - System features - compared to RFP - System benefits - based on system features - System benchmarks - measure of system features
Systems Design
This includes the Phase 2 models and optimal architecture or System Design. In this phase the system is completely modeled based on prior knowledge from the analysis phase, and the additional work being done to complete the design. We finalize the look and feel of the software at this stage, often by drawing up "screens" or prototypes of what the user will see on their computer.
Procure-to-Pay
This is a standard purchasing model. The company negotiates a purchase of goods, and pays the vendor. Functional Areas - Supply Chain Management - Accounting & Finance - Manufacturing & Operations
Order-to-Cash
This is the traditional sales model for a company. A product is sold, and money is collected. Functional Areas - Sales & Marketing - Accounting & Finance - Manufacturing & Operations
Developing Strategy
Types of controls: - Preventive - Detective - Corrective
Stand-Alone Applications
Variety of computing hardware platforms Not designed to communicate with other systems Not helpful for other areas in the firm
Managing Software License
Varying degrees of restrictiveness or freedom Types of licenses: Shrink-wrap or click-wrap licenses - Typical for off-the-shelf and system software Enterprise or volume licenses - Usually negotiated Software asset management - Performing a software inventory Linux is an example of protective open source software. Microsoft Windows is an example of proprietary software.
Viruses
Viruses infect a computer, and then spread to other computers through mechanisms such as e-mail attachments and the sharing of infected files. A virus can spread very rapidly through and across organizations.
Denial of Service
When a server has too many requests to handle, it becomes overloaded and unable to serve the requests of legitimate users. A Denial-of-Service attack seeks to overload servers, typically using a network of hacked computers that are controlled remotely, by sending too many requests or messages to the server for it to handle.
Firewall
a part of a computer system or network that is designed to block unauthorized access while permitting outward communication.
Enterprise Resource Planning (ERP)
a suite of applications called modules, a database, and a set of inherent processes for consolidating business operations into a single, consistent, computing platform
Making a business case can be done on faith, fear and/or facts. a) True b) False
a) True
Systems Planning & Selection
analyst gather informations and builds the case Multiple approaches to selecting projects - Formal IS planning process - Ad-hoc planning process informal The business case role - Business cases for different projects compared - Multiple selection criteria
Hackers vs. Crackers
both gain unauthorized access to computer Hackers do not damage or steal information Crackers used information with intent to commit a crime
Performing cost-benefit analyses + comparing competing investments is part of ____ a) Case arguments based on Faith b) Case arguments based on Fear c) Case arguments based on Fact d) All of the above e) None of the above
c) Case arguments based on Fact
Based on the video we watched in class, Sheldon was stuck in an infinite loop because: a) His algorithm was too complicated b) He wanted to sell his algorithm at Comic-Con c) None of the other options is correct d) He did not properly interpret and take into account the problem requirements e) Kripke and he shared an interest in the infinite
d) He did not properly interpret and take into account the problem requirements
Consider our Assignment on Python. Which of the following are true? a) a comment in Python begins with the following characters: /* b) a comment in Python begins with the following characters: // c) variables in Python are NOT case-sensitive d) variables in Python are case-sensitive e) None of the other options are correct
d) variables in Python are case-sensitive
Custom Software
designed and developed exclusively for a specific organization
What are some reasons for the IT productivity paradox? a) Cloud computing b) Time lags c) Redistribution d) All of the above e) Only B & C
e) Only B & C
Computer Crime
if you commit a crime against a computer, while using a computer, or even simply use a computer to support other criminal activities, it is considered computer crime.
Integrated Enterprise System
integrated suite of business applications for virtually every department, process, and industry
Systems Implementation & Operation
involves converting the design to a system, implementing the database, creating the user guides, conducting the training, and switching over to the new system.
IS Security Process
involves four main tasks: - assessing risks - developing a strategy - implementing controls - monitoring the resulting security. This is an ongoing process that requires frequent review and update as threats evolve. Organizations should continuously watch for emerging threats, vulnerabilities, and attacks.
Value Chains
it is necessary for information to flow between companies for the smooth and efficient operation of the value system.
Mobile Threats
lost devices keep sensitive information without passcodes jailbreaking mobile phones unsecure wireless networks
Open Source Software
programs source code is freely available for use free to use but hidden support costs may offer commercial trade support for a fee Ex. Linux & MySQL
Enterprise Systems
provide enterprise wide support and data access for a firm's operations and business processes
Spyware
software that monitors the activity on a computer, such as the Web sites visible or even the keystrokes of the user
Customized Software
tailored to unique needs problem specific - pay only for what is needed
Productivity Paradox
the observation that productivity increases at a rate that is lower than expected when new technologies are introduced Recall the paradox created for banks after investment in ATM technology. Bank teller productivity decreased when measured by existing metrics. For example, the amount of checks cashed. In reality, the bank teller was now responsible for more value-added business activities, requiring new metrics to be established.
Prototyping
trial and error Works even when the desired endpoint isn't known, if there is a basis for determining when one prototype is better than another