MIS 375 Exam 2
Maturity Level 2 - Framing
Framing the technology around the business model, and adding some boundaries/ rules
Maturity Level 1 - Reactive
Just created a start up, you're getting started so from an IT viewpoint you're just reacting, not very unified
Is employee awareness and training important for maintaining a secure organization?
Yes! Among FBI best practices for security controls that can reduce a cyberattack are User Education (train all users to consider what they include in publicly available documents and web content + risks from discussing work-related topics on social media, and the potential of being targeted by phishing attacks) and User Training.
Are there potential legal issues with generating AI content using the likenesses of famous actors?
Yes! We've already seen some examples of deep fake being used to make actors voice political opinions and puts them in a position to receive backlash despite not actually having said anything. Beyond that there would be legal limitations on the basis of defamation, copyright issues, and the right of publicity.
Is the threat from insiders increasing?
Yes, ransomware attacks are becoming more common and interfering with organizations that provide critical care, so much that the federal government has to get involved—and with the power of AI, password cracking is becoming even faster and easier. ex) Ransomware breaches of major tech/natural gas/insurance/healthcare companies, Snowden - insider employee threat, web-facing server preach, Target point of sale (POS) breach from zero-day exploit, hacker even taking over a flight's engine controls
Why are business and MIS principles important?
to create a scalable, adaptable, and coherent business They help establish general best practices that create optimal workplace efficiency, manage risk, and emphasizes continuous improvement.
Pay for Tools
- fee for better/upgraded tools - basic versions often free - ex: flickr, venmo, pinterest, SAP, linkedin
Pay for Access
- fee for facilitating lead generation - charge side that needs the other more - ex: opentable (restaurant has to pay for registration), match.com
Pay for a Transaction
- fee for facilitating transaction - don't take too much (amazon tried publisher's rake of 70%) - ex: airbnb, etsy, ebay, itunes, uber
Pay for Attention
- tends to be advertisers - fee for similar match - do not clutter the transaction - ex: youtube, adwords, facebook
What is the order of the four types of enterprise architecture maturity (Session 19 - slide 6)
1. Business Silos - Diversify: best of breed 2. Standardized Technology - Coordinate: shared data and integrations 3. Optimized Core - Unify: centralized applications 4. Business Modularity - Replicate: cookie-cutter applications, approved and supported applications
What are the four main divisions of Disney? How could AI be used for each?
1. Media Networks (ABC, Disney Channel, ESPN) AI Use - More important for ESPN but video analysis and tagging to create a more engaging live sports viewing experience and enhance replays 2. Parks, Experiences, and Consumer Products AI Use - Magic Band: you can make purchases through it/ have a gps tracker that could improve park flow 3. Studio Entertainment (Walt Disney Studios, Marvel Studios, Pixar, etc.) AI Use - Use predictive AI to help artists when working on animated films and quicken some of the sketching process 4. Direct to Consumer + International (Disney+, ESPN+, Hulu, etc.) AI Use - Better translation/captioning capabilities, Automated Speech Recognition (ASR)
What are some of the key security concerns for an organization? For an individual?
Cybercriminals interested in making money through fraud or from the sale of valuable information Industrial competitors and foreign intelligence services interested in gaining an economic advantage for their companies or countries Hackers who find interfering with computer systems an enjoyable challenge Hacktivists who wish to attack companies for political or ideological motives Employees, or those who have legitimate access, either by accidental or deliberate misuse
What were the outcomes that were defined by the CEO through each of LEGO's transformations?
Recovery (stabilize the company) - EA function established - guide technology platform - New CEO appointed - resolve supply chain - New CIO appointed - strategic principles formulated Optimize/build the core (making new kinds of products that are exciting and manufacturing - Production insourced - ensure quality - Consolidate HR platforms into a global platform - New vision: Inventing the future of play - Global manufacturing platform (COMBI 2) - Consolidate PLM (product lifecycle management) Innovate and reap the benefits(where the adjacencies started) - Reorganization and transformation - collaboration, adaptability - Excellence teams established - Open IT platform - cloud integration - Establishment of global hubs - LEGO idea platform - Customer engagement platform
What are the four key revenue models used by two-sided platforms? What are differences between the consumers and producers within each model?
Pay for a Transaction - Fee for facilitating transaction; Consumers pay for the products or services they receive, while producers pay a transaction fee to the platform for facilitating the transaction. Ex: AirBnB Pay for Access - Fee for facilitating lead generation; pay a subscription fee for visibility, and the platform generates revenue from both sides. Ex: Yelp, OpenTable, Dating Sites Pay for Attention - Fee for similar match; Consumers may see ads or sponsored content, while producers pay for advertising opportunities on the platform. Pay for Tools (SaaS) - Fee for better/upgraded tools; Consumers have the option to use the platform for free or pay for additional features, while producers may choose to pay for premium services that enhance their visibility or functionality. TAAT
What are some of the key areas that should be reviewed for an MIS self-assessment?
Strategy & Principles - What is your strategy, where do you get it from? What are the key principles that will drive operating model decisions and behaviors Organization - How are we organized? What are the associated key roles, skills, knowledge, and behaviors? Measures - How do we measure ourselves? Enterprise Architecture - Are you thinking through What is our collective tech design and what are the capabilities for continuous supporting the entire business model? Governance - How do you govern? How do you prioritize the tasks? Who is accountable for decisions and how do we govern efficiently? Services Portfolio - Ex: Valero, HEB, USAA What services do we offer and how do we optimize our service portfolio? Process Model & Application -Architecture How will we operate? How do we efficiently support and align with business needs? S&PEMOGPS
What are the three types of neural databases?
Textual, Visual, Audio
Why would a private data source be important as opposed to a public data source as a foundation for a generative AI large language model?
That main reason to opt for a private data source instead of a public one for a LLM would be that organizations could create AI models that are highly customized to their unique needs. So they could train an AI model based on content that is more relevant and specific to their goals/ requirements and the organization's specific domain and terminology. They would also have more control over the data and the model in order to enable greater security measures.
MIS Governance Principles
Use a cloud first approach Use a SaaS provider for strategic applications Use a strategic co-location data center model for customer and internet connectivity Use a high-speed VPN for remote employees Use a resilient, standardized high-speed network to connect your operations Use virtualization approach for all servers - Azure VMs Use a replicated location rapid restore disaster recovery infrastructure Use a standardized technology stack for any local site compute needs - getting into cookie cutter model but beneficial Use a balanced internal employee/ managed service provider model - need MIS employees here Importance: to create a scalable, adaptable, and coherent business
Characteristics of Platform Businesses
Value Exchange (Elements of a Value Exchange - Platform Producers Consumers) Rules and architecture Open, allowing regulated participation - whoever owns the platform tends to set the rules
How are Walmart and Amazon slowly encroaching into each other's unique business processes? What action did Walmart take to compete directly with Amazon?
Walmart began as a pipeline business but has taken steps to move into a platform business. Amazon began as a platform business so this is where some of that cross over occurs. Moreover, Walmarts move to acquire Jet.com was a significant e-commerce deal that rapidly expanded Walmart's e-commerce platform and their journey in becoming a platform business. This was a direct competitive move against Amazon since Jet.com was founded with the explicit goal of "doing e-commerce better" than Amazon.
Did Roasting Plant have competitive activities it could leverage to power its future growth?
Worldwide Coffee - Roasting Plant houses coffee beans from all over the world. - They could curate cultural exhibitions or feature certain regions. Javabot - Roasting Plant's proprietary technology that delivers a range of high-quality, competitively priced coffee with speed. - They could consider elevating this technology or turn technology enhancements efforts towards creating a mobile app. in-house roasting - partnerships with influencers for different endorsed/sponsored blends
What is prompting?
providing a specific input or instruction to an AI model to generate a desired output or response the prompt is a text-based or verbal query that a human user provides to the AI model, and it serves as the starting point for the model to generate a response or complete a task
What are the three main areas of an MIS (IT) organization? Which area has separation of duties implications?
technology group (pc's, servers, networks, cloud integrations) technicians and engineers overseen by project management office → project managers applications group (apps, databases) analysts, programmers business analysts, project managers, agile team members overseen by project management office→ project managers security group (firewalls) auditors and admins - this is where there is a separation of duties implication since ideally the security group is outside of the IT dept and helps ensure security within the IT dept
Audio Database
trained with every spoken language, regional accents, relation of words - not just hearing it but also noting the differences + employment of predictive/ suggestions used for tasks like speech recognition and audio analysis Training involves supervised learning with labeled audio data Ex - hey google! hey alexa! hey siri!, 1-800 phone lines use of AI
Visual Database
used for tasks like image recognition and computer vision trained by collecting data - for instance google analyzes everything that comes through it, the login site when you click for objects also help train visual databases (supervised learning with labeled audio data), potential for predictive picture expansion with AI Ex - Google, Meta
How did technology advancement impact the evolution of supply chains from being very local to becoming completely worldwide?
1970s - direct store replenishment by suppliers or wholesalers 1980s - centralization of deliveries through retailer distribution centers Walmart and target (retail distribution center) emerged, changing the past model of going to multiple stores to a single destination, more technology 1990s - the rise of global sourcing 2000s - e-commerce model involving parcel network, SAP has done a good job keeping up with the transformation but its getting more complicated and broad
What were some of the kay cloud SaaS providers Roasting Plant would want to consider while building its enterprise architecture?
1st thing you need is QuickBooks! a finance/accounting system 2nd thing you need to get is Office 365 or Gmail - tools for office productivity, consider a domain name, important for communication 3rd thing you need is a payroll system like Paychex (could be 2nd or 3rd) 4th thing you need is a point of sale system like Square 5th thing you need is a CRM, such as Zoho 6th thing, head into e-commerce (Shopify), business analytics **next up more mis related things the cloud servers - put in some networking, servers (preferably placed in cloud and azure since roasting plant is most likely to just use cloud not strive for technology development) + mobile app development
How is Disney experimenting with sentiment analysis AI?
AI to understand real time reactions when watching shows (live or cinema): AI coupled to a camera, a night vision camera that looks at the audience and will do an analysis and interpret audience facial expressions to get real time feedback on how people are reacting to shows - still in research faze, but the hope is to implement this in theme parks
What are some of the key advantages of using a platform approach as a part of an organization's business model?
Actively promotes (positive) interaction among different partners in a multi sided market Scales much faster than a pipeline business because it does not necessarily bear the costs of external production (orchestrates resources rather than controlling them)
Four Factors to Consider When Characterizing IT Maturity
Business priority - how do you determine the priority of the business, work, and technology Governance - who is going to ensure the strategies are being flushed out Sourcing - where will the resources come from Location - where's the data, is it on premise? is it on cloud? LSGB
What are the main forms of AI / ML? What are the technologies that are used for each? What purpose do they serve?
Decision Tree (Simple Decisions) Decision Tree (Random Forest/Machine Learning)• LLM/Generative AI (Knowledge Sifting - Public/Private, Text Generation, Language Translation, Code Generation, Audio Interaction, Image Interpretation), can use Natural Language Processing Algorithmic AI (Problem Solving, Autonomous Decision Making, Intelligent Monitoring, Probability Based Actions, Collaborative Filtering) EX: Bayesian Networks, Time Series Analysis
Maturity Level 3 - Integrating
Even more mature and has more unification, but they're also starting to integrate with other businesses, embedding their business into
Maturity Level 4 - Business Optimized
Everything is unified, integrated, and is continuously improving
What are some of the most important MIS security countermeasures?
Firewalls: control network traffic, block unauthorized traffic Intrusion detection systems: monitor network use for hacking attempts and take preventive action Honeypots: tempting, bogus targets meant to lure hackers Blacklists: deny the entry of specific IP addresses and other entities Whitelists: permit communication only with approved entities or in an approved manner WHIFB Update software as soon as patches release to ensure no vulnerabilities → zero-day exploits make hackers aware of weaknesses in software programs
Why would it be important to reason up from "fundamental truths" rather than rely on well-established analogies?
First principles (reasoning up from fundamental truths) thinking will help you develop a unique worldview to innovate and solve difficult problems in a completely new way. This is because you boil things down to the most fundamental truths ... and then reason up from there, rather than relying on analogies and ending up with slight variations of past assumptions.
What were some of Lego's key roadmap milestones and projects?
LEGO Light (2000s) - Implement SAP and underlying technology infrastructure as a common platform across the business -Inbound/standardize supply chain, finance, sales Open IT Platform (2012) - Three business-oriented verticals for the IT dept. to focus on along with a Technology and Security dept. paved the way for LEGO Group's strategic technology development through an open IT platform. LEGO Click Campaign (2010) - An integration of online networks, video, and mobile technologies. The campaign's viral video referred viewers to an online platform where ideas could be shared. - Digital products LEGO Ideas (2014) - Online platform that allowed customers to propose new products using existing LEGO components. PEN (Process Expert Network) (2011-2014) - Establishment of the Process Expert Network to ensure end-to-end global processes - Innovation/Optimization COMBI 2 (2009-2010) - LEGO Group implemented a global manufacturing platform. Consolidate PLM (2011-2012) - LEGO's new product lifecycle management (PLM) system, an extension to their enterprise platform, better supported master data management in the supply chain thereby increasing process automation and improving product output by 50%.
What is the primary security and infrastructure precautions an organization should take to protect itself from a Ransomware incident?
Learn how to spot and avoid phishing. Use multi-factor authentication where possible. Disable unused remote access/RDP ports and monitor remote access/RDP logs. Make sure you are backing up your data often and that you are backing it up to an offline source. Back-ups must be segregated and off-line. Make sure that all devices on your network are using the most current and patched versions of operating systems and applications. Make sure anti-virus and anti-malware solutions are set to automatically update and run regular scans. Use a pop-up blocker. Filter out emails with .exe attachments and set your computer to show hidden file extensions and never click on a URL contained in an unsolicited email. Have strong passwords and don't use the same passwords for everything. The FBI recommends never paying the ransom, as there is no guarantee that the scammer will send you the decryption key
How did Lego's enterprise architecture evolve over the time period of the case?
Lego's enterprise architecture changed from that of a traditional brick and mortar store to that of a digital company producing digitialzed toys that accompany LEGO bricks and developing multi-channel relationships with consumers, shoppers, and customers Lego Light - implement SAP and underlying technology infrastructure as a common technology platform across the business; better at ERP than standardization of processes and shared data early on (diversification) ERP platform extended to include global manufacturing platform, COMBI 2 (coordination) ERP to include product lifecycle management (PLM) system - better master data management over time (coordination) Business process integration - Process Expert Network (PEN) ensure global processes of each of its business areas (unification) Then shifted focus from enterprise platform to engagement platform Over the time period of the case it was evident that LEGO began standardizing their technologies and soon after established an optimized core that was able to support LEGO's innovation and move toward becoming a digital enterprise.
IT Maturity
Maturity Level 1 - Reactive Maturity Level 2 - Framing Maturity Level 3 - Integrating Maturity Level 4 - Business Optimized
What were the primary governance lessons from the Lego case?
One LEGO group based on global standards and global processes The LEGO enterprise model determines the best application approach LEGO resources master the LEGO enterprise platform Any new application is a strategic decision Use original business logic, do not copy aka use innovation Use the applications best practice processes Use strategic partners instead of vendors The LEGO data is precious and needs to be protected Solutions have to be managed in their entire lifecycle
Other FBI Best Practices (Aside from User Training and Education)
Patch management: apply patches at the earliest possibility to limit exposure to known software vulnerabilities Secure configuration: remove unnecessary software and default user accounts. Ensure default passwords are changed, and that automatic features that could activate malware are turned off (i.e. automatic downloads of email content) Can also restrict system functionality to the minimum needed for business operation. User access: well-maintained user access controls can restrict the applications, privileges, and data that users can access Monitoring: monitor and analyze all network activity to identify any malicious or unusual activity Malware protection: can block malicious emails and prevent malware from being downloaded from websites Device controls: devices within the internal gateway should be used to prevent unauthorized access to critical services or inherently insecure services that may still be required internally.
What were some of the weaknesses we discussed in Roasting Plant's mission statement and business practices?
Roasting Plant's mission statement does not incorporate any company values (financial, human, sustainability/enviornmental values). Employee yelp/glassdoor reviews would often claim Roasting Plant has suboptimal working conditions and didn't enjoy their employee experience. business practices: just business people and engineers running a coffee shop
Common Prompts Used for Prompting
Simple questions (what is... explain....) Lists (generate a list for....) Long-form written pieces (write a tweet/essay/paragraph) Complex problems (show mathematical equations that lead to) Feedback (critique this paragraph/essay) Modify (translate/paraphrase/lengthen this.....) Instructional guides (how do I..../ dinner ideas with these ingredients.....) Write and debug code Conversation and advice
What were the important technologies that were a part of each of LEGO's strategic actions? Did LEGO use projects?
Some of the technologies mentioned in the case were: SAP infrastructure, ERP systems Yes LEGO did "use" projects designed around their outcomes. Such as LEGO Light, Open IT Platform, LEGO Click Campaign, and LEGO Ideas to name a few.
What are some of the primary intrusion methods used by hackers?
Zero-day exploits: vulnerabilities from failure to patch a smartphone, laptop, PC, or server's operating system (Windows, Android, or iOS) on day zero of releasing a patch Phishing: cons executed using tech in order to acquire sensitive information or trick someone into installing malicious software Snooping: Hackers view other computer screens over a public network, can view password entries and other sensitive data (this is why websites started using dots for passwords); these programs are widely accessible Spyware: monitors user actions, network traffic, or scans for files Keylogger: records user keystrokes off of public computers (libraries, schools, hotels, etc.) - software or hardware-based Screen-capture: records pixels that appear on a user's screen to identify proprietary information Card-skimmer: captures data from a card's magnetic strip Ransomware: malware that encrypts users' files with demands that a user pay to regain control of their data and/or device SCRPSKSZ
What are the implications of AI for closed captioning and voice dubbing?
automated captioning tech brings highly accurate, near real time, speech to text captioning to live programming and showcases a commitment to accessibility in viewer experience some limitations/considerations include: accuracy, voice quality, cultural sensitivity, voice cloning ethical concerns, regulatory compliance
What is "social engineering"?
con games that trick employees into revealing information or performing other tasks that compromise a firm; personalized and targeted scams ex) hackers using branded flash drives with malware to trick employees into plugging them into their company computers
Textual Database
has every language in in, grammar, and translations/relationships between languages and between words trained using unsupervised pre-training and fine-tuning on specific tasks (emphasis on the fact that it takes many years to fully develop such a database, the companies that have textual neural databases are proprietary - facebook, apple, google) Ex - Chatgpt & Grammarly
