ISM Final Exam Review CH 9-12
What is a social media success metric? How do we measure?
Are metrics that are real and valuable to us. We can measure by looking up how many followers we have or, what's our user engagement.
What is crowdsourcing
Asking your users to help in product design or product redesign
What is the difference between structured and semi-structured knowledge?
-- The majority of our knowledge is based on semi-structured knowledge. Perhaps not too difficult to organize, but retrieving the knowledge and information is a huge challenge. Structured: Are things that we can easily refer to like, documents, reports, presentations, Lise's PowerPoint's. Structured knowledge means the same thing to everyone and it's easy to collect. Main problem: how to create an appropriate classification scheme to organize information so they can be easily accessed Tag/coded E.g. KPMG's KWorld is one of largest structured knowledge systems • International tax and accounting • We all organize differently. Thus we need to all agree on HOW everything will be organized - not an easy task since we all believe our way is the best way. Semi-structured: Things like, E-mail, voice mail, brochures, bulletin boards. Things that are linked to one another. Trying to retrieve knowledge from semi-structured knowledge is difficult. Digital information that does not exist in a formal document or a formal report 80% of an organization's business content is unstructured • E.g. folders, memos, e-mails, presentations Now required to track and manage • Sarbanes-Oxley Act of 2002 E-mail/phone conversations, 5 years -Tough to retrieve.
What are some revenue models for social media?
1) Advertising: The advertisers are the people that are paying for the platform. Advertising is very targeted. Based on what people click, not everyone sees the same advertisement. 2) Pay-per-click: EX) If you click on the advertisement, then that's when the provider will bill the advertiser meaning that the advertisement was successful. 3) Use increases value: As more people use a site, the more value it has, and the more people will visit 4) Freemium: Freemium is where you may offer a free app or free version of software. But to get all of the extra features, you would need to pay for those. It is a way of getting you hooked! The game Candy Crush is a good example!! Provide something for free. EX) Arccos Golf. Sale of apps, virtual goods, affiliate commissions, donations
Huge difference SMIS and IS
SMIS constantly changing nature of SM means process flows cannot be designed or diagrammed
What are some drawbacks of an expert system?
Must be consistent - cannot have situations where the result may be different. Drawbacks • Difficult and expensive to develop. Labor intensive Ties up domain experts. • Difficult to maintain. Changes cause unpredictable outcomes. • Didn't live up to expectations. Can't duplicate diagnostic abilities of humans. Constantly needing expensive changes to programs to reflect new knowledge. -Work well with problems of classification - possible outcomes are all known in advance -Less useful for unstructured problems typically encountered by managers -Expensive. May cost less to hire/train more experts than to build expert system! -Expert system must continually change -Maintenance costs high!
12. What did the Ponemon study determine?
No one knows exact cost of computer crime because a lot of it does NOT get reported, data is so valuable, Data loss is the single most expensive consequence of computer crime, data on mobile devices poses a significant risk, cost of computer crime based on surveys. Security safeguards work ex) 2 factor authentication Data loss is biggie, averaging $5.9 Million in losses annually PER FIRM. Business disruption, $4.0 Million Equipment losses and damages were only $0.5 Million of the lost value. VALUE is in the DATA and not in the hardware! Security safe guards work!! - Data is the most expensive consequence
Business capital types
Physical Human Social
21. What is meant by hardening the site?
Protecting us from the unknown. Think of this as a fortress. We need to figure out how to really block out potential intruders. We give folks the LEAST access possible. Screening someone really well. · Use special versions of operating system by locking down or eliminate operating systems features and functions not required by application. · Most important safeguard against public users. · Temporary personnel and vendors should have accounts and passwords with least privilege, and accounts terminated once contract ends.
23. What is a data breach?-
Unauthorized person views, alters, or steals secured data, someone accesses your data, but that doesn't mean they do something with the data. This means that they just have access to the data. This happens a lot in HEALTH CARE and EDUCATION. The highest one is HEALTHCARE. · 1+ billion people affected by data breaches in the past 5 years, 75% of breaches happened in US · Average cost of a single data breach $3.5 million · Average costs per stolen record in healthcare ($359), education ($294), pharmaceutical ($227), financial ($206), and communications ($177) industries Data breach does NOT mean someone has done something "bad" - but they do now have access, so they COULD. KNOW that the average costs per record are highest in healthcare, then education. Why education? Due to FAFSA requirements we disclose our SSN and other personal information.
8. Watch the trailer for "Zero Days".
What happened and why was this so critical? STUXNET was a virus that was on a USB flash drive. The virus (STUXNET) was impacting industrial control, so it seemed like it was attacking the homeland. What is an industrial controlà is what powers our lives. EX) of industrial control... Making coffee, turning off your alarm, pumping gas, using an ATM.
4. What is Brooks' Law?
· Brooks law is the diseconomies of scale... o Meaningà Adding more people to a late project makes the project later.
5. If your project is running behind schedule, what should you ask your boss for?
· Don't leave your project open ended if it's running behind. Don't let your boss give you more people for the project. · INSTEAD.... Ask the boss for à extension on the dead line, how about a change in the scope of the requirements- instead of giving you all of these items by Friday, what if we give you 75% of them and the 75% will work flawlessly just so if the client wants to see the project then the boss can show them a little of the project rather then them showing the client nothing. · REVIEW: Ask forà (3) More time, change in scope, and asked for more resource's aka money not people. TIME, SCOPE, RESOURCES = Triple constraint.
22. If you need to fire someone, what is the FIRST thing you should do?
· Firing people! Always remove all access BEFORE firing someone. A lot of damage can be done in a very short amount of time!! If someone calls in, do we give them their password over the phone? NO!! We cannot authenticate them.... They must be able to provide details that only the user would know - or we send info to their email, but we NEVER disclose what their old password was. Why? Because we have a tendency to use that same password on many accounts.
How is system definition accomplished?
• How is system definition accomplished? WE ARE LOOKING AT THE OVERALL SCOPE AND LOOKING AT THE FEASIBILITY • Define the new system, to assess its feasibility, and to plan project. • Members of initial team are both users and IS professionals. • Define system goals and scope. • This is phase 1 - we assess feasibility in terms of can it be done, do we have the time to do it, and do we have the funds to do it. We figure out who will be helping us. This phase is where the overall goals and scope are made clear.
30. What is a DLP? NIDS?
• Network intrusion detection system (NIDS) to examine traffic passing through internal network • Data loss prevention systems (DLP) to prevent sensitive data from being released to unauthorized persons
15,16,17. What are some examples of technical safeguards? What are some examples of data safeguards? What are some examples of human safeguards?
• Technical safeguards involve the hardware and software components of an information system.
What is network knowledge?
- Network knowledge refers to the PEOPLE in your network that are considered the experts. - Experts in well-defined knowledge domains... FAQs. - The people you know AKA networking.
What is meant by the strength of a relationship in a social network?
- How strong are your reviews? Do you influence others? If you do a lot of reviews, some companies may provide you with free products or even pay you to simply review their products if you can reach a large audience. Strength of relationshipà Likelihood other person or other organization will do something that benefits your organization. Some organizations will pay folks to review their products. Organizations strengthen relationships with you by asking you to do them a favor.
What are Intel's 3 pillars of social media policies? What do these each mean?
- Disclose is to be honest. Never mislead or lie. Anything you post is truthful. - Protect is to not disclose too much. - Use common sense is to add value, not simply the adding of "I agree" - add new information. Also, no need to ramble on about every detail of your life, e.g. "I had a bean burrito for lunch and it isn't settling well".
What is the purpose of a social media policy?
- Every company should have some sort of social media policy. What you are, and what you are not allowed to do with social media. Could be rules within the company or rules on the actual platform itself such as Facebook. Ex) If you work for a company and you post bad things on socials then they could potentially fire you bc your post is damaging to the company. - 3 main things that a social media policy must include is disclose, protect, and use common sense. These are explained in next slide.
What is social capital? What are the 4 ways it adds value? Examples.
- Value of social capital: Number and strength of relationships, resources controlled. The WHO you know. Its not the number of relationships you have, but it's the who you know and the strength of those relationships. The four ways and WHY people are on social media. WHY do you use it? Could be: - To be able to gain information - to stay informed. - To influence others. You want to provide information and sway others. - Social credentials. Like branding yourself or your company by having the presence on various platforms of social media. - Personal reinforcement is improving your status via social media.
"Analysis paralysis"
- projects spend so much time on documentation it hampers progress · projects spend so much time on documentation it hampers progress. · This is the person who is afraid to say something is done/ completed. · We all know that person that keeps wanting to modify to improve everything and cannot let go and move on! We know we can move on when we've met all of the requirements of the scope.
Who pays for the platforms
ADVERTISERS pay for platforms NOT the users
What is Agile What is traditional
AGILE- You have a scope, but you can make changes along the way TRADITIONAL- aka waterfall approach, you can't go back to and make changes
Revenue models for social media
Advertising Pay per click Use increases value Freemium ( free version and then you have to pay for it ) Sale of apps, donations, virtual goods
What is an enterprise social network (ESN) and what might its main purpose be?
An Enterprise Social Network is a social network JUST for the company. Works just like any other social media site, but is more secure and private. ESN.. A company wide social network. What are we doing with the networkà This is a specific social network just for our organization. What we gain from thisà Privacy, control over the system so we can improve all our communications. All our content can be shared throughout all the departments in the company. What's the goal of ESNà Goal is to improve communication, collaboration, knowledge sharing, problem solving, and decision making.
What is phishing
An email where someone poses as a credible company, such as PayPal or as a bank and are trying to get your information like your passwords.
CHAPTER 11 AND 12 BEGINS
CHAPTER 11 AND 12 BEGINS
CHAPTER 10 BEGINS
CHAPTER 10 BEGINS
What is capital?
Capital = Asset. Capital = Investment of resources for future profit. That is the knowledge that we gain. Knowledge and experiences. Physical capital are things we can put our hands on that has value. Social capital is what is stressed in this chapter. The value of our social relationships and the influence that one may have on others. ASSET = VALUE
What are some examples of Communities?
Communities: Are anything in mutual interest. You don't have to be related to these people.
6. What are some examples of computer crime?
Computer crime - intentional destruction or theft of data or other system components. Usurpation - taking control without permission. Popular computer crime = phishing... means when someone sends you an email and they're trying to grab the hook. Once you take the hook then that means you have already given out too much information. In a phishing attempt, someone is trying to be someone that they're not like acting like they're Pay Pall or the bank. Their goal is to get your password. Computer crime = sniffing... means when you're in a public place and you're just trying to find a wifi connection. If someone gains access to the wifi connection they have the opportunity to do a lot of damage.
What are content management systems?
Content management systems are all about organizing. This system just organizes the system and does NOT tell us how or when we're going to use the information. Information systems that track documents, web pages, graphics. Do not directly support business operations. Not part of operational system. Used to create, manage, or deliver documents. EX) My closet, Spices are organized alphabetically.
What are the steps needed when developing a social media plan?
Define your goals: Why are we going to be on social media? Identify success metrics: Are metrics that are real and valuable to us. Followers, user engagement. Gather and analyze data: Can go back and see if our goal was met.
7. What is meant by denial of service?
Denial of Service (DoS) attacks... meaning can be intentional or from a lot of traffic as well. a cyberattack on devices, information systems, or other network resources that prevents legitimate users from accessing expected services and resources. This is usually accomplished by flooding the targeted host or network with traffic until the target can't respond or crashes. Denial of service can be an overload of the system. Think of it as a parking lot in which there are no more spots to park - can't get in/out. May be intentional to bring the system down and make it vulnerable. The other examples I believe are straightforward.
25. What are examples of direct costs in a data breach
Direct costs are those that we can quantify easily. The indirect costs are much tougher. Somewhat like tangibles and intangibles, the indirect costs will add up but are much more difficult to predict and/or quantify - but they can be huge and outweigh the direct costs. Direct Costs- What we can easily measure · Notification- to notify each user it's going to cost "x" amount per user. · Detection- trying to understand how extensive the data breach was. Now making sure we have new data systems to protect us. · Escalation- How we're going to clean this up. · Remediation- How we're going to clean this up. · Legal fees and consultation THESE ARE TANGIBLE
Intels 3 pillars of SM policies
Disclose Protect Common sense
What is vanity metric?
Does not matter... EX) I got this amount of likes.... So what, who cares. A vanity metric is a false metric. Somewhat like how many friends you have on Facebook - or how many followers you may have on Twitter. They may be meaningless - A success metric is something that shows true value - so perhaps if you DO want more exposure, like a political candidate, number of followers may be good. Vanity metrics are the opposite of success metrics. - Hard part in identifying success metrics is identifying the right ones. The right metrics help you make better decisions, while the wrong metrics are meaningless. - Vanity metrics sound good but don't improve your decision making. Common social media metricsà Increased brand awareness, increased conversation rates, increased web site traffic, increased user engagement.
What are some of the not so obvious risks of social media?
Don't post your birthdate, or your address. ß Those are some of the obvious Not so obvious à You post something that doesn't have a caption, but in the picture it's of you with your birthday cake so now people know when it's your birthday. Not so obviousà Posting vacation pictures while you're on vacation= people will know no one is home. ... We may accidentally disclose too much information without knowing it. Showing pictures of our birthday but not stating that your birthdate is March 13, we still give away what our birthdate is. Another example don't disclose pictures of "having a great time on my vacation" - you are advertising that your home is empty and can be robbed. Happens with weddings (lots of new gifts in the home) and other events/travels.
What is a knowledge work system?
EX) Can go to Home Depot and put in the dimensions of the deck you want to build and the computer will let you know what you need. Highly specialized with powerful graphics, analytical tools, and communications and document management capabilities Computer-aided design (CAD) • Provide design specs. • Recalculates technical details. Virtual reality systems • Simulations • Virtual reality modeling language (VRML) - Web standard Investment workstations • Streamline investment process → financial sector.
How might social media affect employees and companies in a negative manner?
Employees may increase corporate liability when they use social media (any examples?) -Sexual harassment liability -Leak confidential information Reduced employee productivity -64% of employees visit non-work-related Web sites each day Yes, employees do non-work stuff at work, most do MORE work stuff on their personal time.
18. What is encryption? Hide our messages so others can't read it.
Encryption: process of transforming clear text into coded, unintelligible text for secure storage or communication Encryption algorithms Symmetric encryption · Same key (a number) used to encode and decode · Fast and preferred Asymmetric encryption (two keys) · One key encodes message, other key decodes message.
29. What regulatory law governs the protection for student education records?
Family Educational Rights and Privacy Act (FERPA) provides protection for student education records · FERPA is your student records.
It has to meet the scope because.......
Even if you think it's better, you need to make sure it meets the scope.
What are expert systems?
Ex) Calculators, ruled based. If this occurs, then this will happen. Expert systems are NOT artificial intelligence. They are NOT machine learning. Based things that are known and already figured out. Expert systems • Rule-based systems IF/THEN • Encode human knowledge • Example: your calculator! Expert systems shells • Process IF side of rules until no value returned • Reports values of all variables • Knowledge gathered from human experts in domain of interest
Explicit knowledge?
Explicit knowledge is knowledge that is very clear and referenceable. Like the chapter of a book. I like to think of this as "explained". Explicit would be referring to chapter 9 of our textbook or even the lecture that I created based around chapter 9. Very concrete
What is failure
Failure is a difference between what system does and what it's supposed to do
What are the challenges of Content Management?
Functions are complex. • Databases are huge. • New and changed content daily. Documents do not exist in isolation. • Refer to other documents. • When one changes, others must change. Document contents are perishable. • Become obsolete. • Need to be altered or removed. Documents must be translated into all languages before publishing. EX) Closet or collections
Changing the scope example
Give someone half of the project and the giving the rest of the project later
Communities are groups who ............
Groups sharing interests
26. How do data breaches happen?
HOW... Phishing? An email where they pose as a credible company, such as PayPal or a bank and are trying to get info like your passwords. Be VERY careful right now - folks will try to trick you that they are a legit company helping others, when they are not - they LOOK like a real company. Do your homework before you donate! WHAT HACKERS WANT TO GO FOR à Personally identifiable information (PII) • Names, addresses, dates of birth, Social Security numbers, credit card numbers, health records, bank account numbers, PINs, email addresses Debatable - most hackers are going after your info. Most hackers are going for bragging rights and NOT to get rich.
Diseconomies of scale
If you add more people to a late project, then the project will be later
How is SMIS used in human resources?
HR uses Social Media for both current employees as well as recruiting new employees. Current employees, they want to be sure aren't misrepresenting the company and also not over-sharing company information. Potential new employees are checked to see if they are good candidates. The biggest error that tends to be made is when HR decides to NOT bring someone in for an interview due to something that was negative within their social media sites - the negativity is misunderstood and that candidate may have actually been one of the strongest contenders.
What are the various roles of the providers, users, and communities in relation to the five components of SMIS?
Hardware: This is where the providers are providing cloud-based servers. One of the properties of a cloud-based server is that it's elastic. Elastic means that it's flexible in the sense that we don't pay for hardware that we're not utilizing. If we need more space, then we can just go buy more space later down the road. Social media providers provide elastic cloud-based servers. The users and their use of hardware, they need any type of device (phone, computer, tablet) to be able to access the platforms. Software: Software from the social media providers, are going to have 2 aspects. 1) They want to provide very user-friendly applications. 2) Analytics, they are going to want to be able to look at your information. The users of the software, all you need is some sort of a browser to be able to access all of this data that is on the platform. Data: The data is going to be provided by all of the users. From the provider standpoint, they want to be able to make it seamless and easy for all of that content to be shared, to be stored. They're going to want to look at very clear, and very structured relational databases so that you can retrieve a lot of this data very accurately. Procedures: Social media providers, providers are going to have procedures that are looking towards keeping their system up and running and from the standpoint of being able to keep it up and running but also to analyze all of this data. Procedures for the users, going to be how you'll actually create more content, how maybe you can share your data. People: The providers will provide the employees, the staff, to make sure that the platform is operational at all times. From the user standpoint, people like me are going to be using it. Businesses can use it as well.
28. What regulatory law governs the secure storage of data in healthcare?
Health Information Portability and Accountability Act (HIPAA) · HIPAA is protecting all of your medical data and everything about you.
5. What are some examples of human errors?
Human error examples: (1) employee misunderstands operating procedures and accidentally deletes customer records; (2) employee inadvertently installs an old database on top of current one while doing backing up; (3) physical accidents, such as driving a forklift through wall of a computer room. Human error example à Oh we haven't set up our system properly, no data validation rules, and someone putting data into a system that is outside of the system parameters (Example of incorrect data modification) could be a business putting incorrect info out on their website, no matter what te system should not allow you to publish the information. Faulty service. Overloading the systems so that no one can gain access to the system.
21. Why and when is formalized project management necessary?
ISM majors make ideal project managers because of the problem solving and ability to adjust as they go. Bigger the project the more team members you will need. To summarize, the bigger the project, the more you must have formal management of the project.
25. What are examples of indirect costs of a data breach?
Indirect Costs - things that are still measurable that are very large but might be a little harder to measure. · Loss of reputation- Our brand · Abnormal customer turnover- · Increased customer acquisition activities- · Additional $3.3 million per incident in US THESE ARE INTANGIBLE
Why is organizing knowledge a challenge?
Knowledge can be in different formats like an email, phone call, a book, or a text message.
What are the benefits of knowledge management?
Knowledge management systems organize but a knowledge management system goes further than a content management system because it helps us figure out when and how are we going to use this knowledge. When and how are we going to use this information.
What is tacit knowledge?
Knowledge that resides in the heads of experts. Thus the reason why we want to hire the best so that they can share what they know.
What are knowledge workers and knowledge work?
Knowledge workers: All of you will be knowledge workers. You make decisions based on what you have learned, know, and applying all of this to the circumstances. We WANT to be knowledge workers. Otherwise, we can be easily replaced by machines. Knowledge workers preform 3 key roles. • Keep organization current in knowledge as it develops in the external world. • Serving as internal consultants regarding the areas of their knowledge, the changes taking place, and opportunities • Acting as change agents, evaluating, initiating, and promoting change projects. Knowledge work: Knowledge work is the ability to create an understanding of nature, organizations, and processes, and to apply this understanding as a means of generating wealth in the organization.
What is a social media information system?
Main purpose is to share content an information system that supports the sharing of content among networks of users. The content is provided by the users. Content is shared by the users and their members of various groups. They can have numerous communities, communities being hobbies, sports, College of Business, pretty much anything. Social Mediaà Enables communities, people related by a common interest, use of IT to support content sharing among networks of users. Social Media changes quite rapidly. Social media platforms profile you since YOU are the product - thus the reason why they don't charge a membership fee. Your data is worth more to them. Your data is aggregated to create a profile that is sold to advertisers. The advertisers can then target you to make money.
11. What type of computer crime has been the most expensive?
Malware.
What is Melware?
Malware: software that is specifically designed to disrupt, damage, or gain unauthorized access to a computer system.
19. What is a firewall?
Picture this like your house. The front door has the most security so that will be the perimeter firewall. Your bedroom door may have a lock on it - that is an internal firewall. You may have a firebox in your closet that is kept locked. Another level. Multiple Fire Walls: We will have our perimeter fire wall (this is the one that protects us the most, the front door of my house). Then we could have multiple internal fire walls depending on who you want to access certain aspects of your network.
3 SMIS Roles
Providers Users Communities
. Who pays for the social media?
Providers are the ones who provide the platform for you. The SPONSORS/ ADVERTISERS are the ones who pay for the platform. The more people who are a part of this platform, the more they will attract advertisers because the advertisers can reach a bigger mass.
Pilot Phased Parallel Plunge
My preferred method is the PHASED approach. You build just part of the system then folks run it and test it out. Next phase can incorporate some of the comments from the review so it is always getting improved. Agile, build only a part of the system and then let people test it PILOT approach is where you build the entire system but only a small part of the business tests it out - the usual problem with this is that a lot of times they have the "new guys" testing it out, thus not as tough of a review. The new guy does not have the most experience so they will not be able to know how to break the system so the test is weak which they're preforming. Choosing the right people is very important, people who test are typically new people, build entire system and then have a few people test it. PARALLEL is where we keep the old system up and running in sync with the new - VERY COSTLY - but systems such as Amazon will do this, to ensure that their system will NOT go down! Most expensive, but the safest route to go. We keep the old system running while still letting the old system run. Allows us to have a backup because the two systems are in sync. Very expensive, 2 systems (old and new) systems run at the same time PLUNGE is where you set a date - April 23rd - and say on that date the old system doesn't run anymore and we're running the new one. No going back. Not recommended if you cannot afford for your system to be down for awhile. The riskiest phase!! Cheapest way,
What are the 3 types of business capital? Examples of each?
Physical: Produce goods and services (factories, machines, manufacturing equipment) Something you can put your hands on. Your house, car, equipment. Human: Human knowledge and skills investments (recall acknowledgment management) experience that you have gained. (Why we get hired) Social: Social relations with expectation of marketplace returns. Looks at our relationships and how valuable are those relationships to the business or other people. EX) Influencers social capital will be very high because they can impact so many individuals. This is their social capital. (How you influence others... what social media means)
Why might employees be resistant to sharing knowledge?
People don't want to share their knowledge because of Employees reluctant to exhibit ignorance, Fear appearing incompetent, Employee competition (** big**), Shyness, Fear of ridicule, Inertia. People may not want to share their knowledge. This is a bigger challenge than designing and building the system. If they share, they're knowledge then that means they need to find more value to bring before getting fired.
13. What 4 options do we have for system conversion and what happens in each?
Pilot • Implement entire system in limited portion of business. • Limits exposure to business if system fails. Phased • System installed in phases or modules. • Each piece installed and tested. • THE PREFERED METHOD • In this phase, we're going to build part of the system. Not only are we building the system, but we can also improve on it as well. Very agile in its approach. Parallel • Complete new and old systems run simultaneously. • Very safe, but expensive. Plunge • High risk if new system fails. • Only if new system not vital to company operations.
24. Watch the clip from "Office Space". What was it they were trying to do? What happened?
Planting a virus and then noticed they stole money. Disgruntled employees who created a virus... The virus was supposed to skim small amounts from their company's transactions to which then they would be getting some of the money. Instead of skimming a little of the transactions, the guy accidentally made the amount to big so now the company might notice that they're trying to steal money. This was an example of advance persistent threat
What is crowdsourcing?
Process of employing users to participate in product design or product redesign. Having users contribute to the products. This can be at various levels, from simply the "what do you think" to actually reviewing various prototypes and helping contribute to the design.
What are some examples of Providers
Providers: People who provide the applications for you to use. EX) Facebook, Google+, LinkedIn, Twitter, Instagram. Providers try to make the platform as appealing as possible, as simple as possible, so they are drawn into it. Providers provide the platform. Who pays? ADVERTISERS do. Users use the platform. Thus the more users the more data the more advertisers the more money. Communities are simply groups with similar interests. The users do NOT have to be related.
What are examples of social media value chain activities? The table represents how different business units use social media. Focusing on the risks...
Risks of Sales and Marketing on Social media: Anyone can post anything at any time. Someone could say that you sell poor products, which could not be the case = poor credibility. Inbound & Outbound logistics: issues in transportation. Can use social media to see how we can fix our problems. Manufacturing and operations: Could look to users to help us design products or to help us to see if we're operating efficiently. Human resources: Looks at new prospects so we want to make sure our social media is cleaned up.
How does a social media info system differ from a information system?
SMIS is NOT STRUCTURED
What is the main difference between an SMIS and other IS?
SMIS is constantly changing nature of SM means process flows cannot be designed or diagrammed BIG DIFFERENCE between IS and SMIS - the processes in IS are very structured and efficient. Everyone uses same structure. In SMIS the processes are dynamic and unique for each individual. Everyone may have different reasons for being on social media. The relationship between users is unique. Social Media Information Systems cannot be mapped out, their constantly changing nature of Social Media meaning process flows cannot be designed or diagrammed. Information Systems strategy determines value chains, which determine business processes, which determine information systems. Value chains determine structured business processes. In normal IS, they are very structured and we determine the most efficient and effective structure prior to building an IS. In SMIS they are not structured.
How does an SMIS help solve problems in customer service? In logistics?
SMIS: Examples may be how Amazon has customers answer questions for others. Answering problems on social media could snowball if customers start to build off of each other's frustrations. We use social media as a joint activity to try and solve problems. Customer service does not have to be an actual person that you talk to, it could be videos that demonstrate how to fix the problem. How does logistics help solve problems in customer service: Having products shipped to or away from you. If we're not getting things shipped fast enough, then that's a problem. The supply chain has to be resilient, needs to be able to adapt to the circumstances that we already have. Supply Chain issues. What if our shipments from our suppliers aren't arriving when we need them? What if our products can't get to the consumers? We reach out to social media to help us solve transportation / delivery issues. Great for getting the job done. Bad for airing our problems....
18. How does "paired programming" work? What is gained by using this methodology?
SUMMARY: Instead of having each programmer doing their part, the programmers are paired off with two working together on one computer. The pairs switch off every week and ideally, we try to get pairs of programmers that are NOT best of friends! i.e. we want them to have different opinions. By doing this, we get a decrease of only 15% less programming BUT we do get answers along the way. Otherwise, when individual programmers would meet, many may need to re-do stuff to be sure they're on the same path. By hashing it out as they go, this isn't as big an issue.
Is scope creep good Was the bradely tank good
Scope creep is bad Bradely tank was bad
7. What is Scope Creep?
Scope creep is what happens when changes are made to the project scope without any control procedure like change requests. Those changes also affect the project schedule, budget, costs, resource allocation and might compromise the completion of milestones and goals.
What is a multifactor authentication
multi-step account login process that requires users to enter more information than just a password
What is a social CRM and how does it differ from traditional CRM's?
Social CRM: Each customer is going to craft their own relationship and so depending why you're on social media which could be because the customer is there just to look at products, customer is their to post reviews. Social CRM is not structured like how our traditional CRM is. A social CRM is the integration between your customer relationship management (CRM) software and social media channels. A business -- or even a customer -- creates a fan page for the company or product on Facebook.
14. What items need to be included in a minimum-security policy?
Specific policy depends on whether an organization is governmental or nongovernmental, on whether it is publicly held or private, on the organization's industry, on the relationship of management to employees, and on other factors. First: We need to understand what sensitive data the organization will store. Not all data is important so we need to pin point the important data. EX) Mrs. Fields cookies the recipe is what people would be coming after which is their important data. Second: How will the minimum security policy process the data. Third: Will it share data with other organizations? How can employees and others obtain copies of data stored about them? How can employees and others request changes to inaccurate data? Focus on sensitive data --> address --> personal information
6. What are the five phases of the System Development Life Cycle (SDLC) and what happens ineach phase?
System definition. This step we need to know if I'm going to do it, or am I going to hire people to do it. This is where we look at the overall goals of the system. We look at the feasibility - technically is this feasible? Financially can we afford this? Do we have the time to pursue this. We have an overall idea of what we want to accomplish. Think of the TRIPLE CONSTRAINT = Time, Scope, resources like money or people. Requirements analysis. We get the details for our system. We get all the details. We ask all of the questions and then some! Entities (everything that we want to collect). Attributes (all the details of the entities), relationships, rules,.... user heavy, details of the scope, details of what you want, asking specific questions. Component design is the modeling step. We create the Entity relationship diagrams (ER-D) and DFDs (data flow diagrams - ISM331 you'll learn about these). Seeing how everything fits together. Where we model it Implementation is where we BUILD the system, TEST the system, and get the system up and running - replace the old with this new (system conversion). Convert it- We get rid of the old system and we get a new system, or we get a new system because there was no new system in the beginning. We're going to be a lot heavier with programmers because thry're the ones who actually build the system. In this phase we build it, test it, and convert it. This conversion is where we go from the old system to the new system. Where we mait it happen... we might outsource it Maintenance or maintenance and review - we make sure the system does what it is supposed to (does it match the scope from step 1) and we update aspects as long as it is still within the scope. Is it doing what it's supposed to do.
15. What is the traditional SDLC waterfall method? Why is this method no longer used?
Systems requirements are fuzzy and always changing Waterfall method not work well for "social" processes Assumes linear sequence from requirements to design to implementation Very risky - users do not see system until end Projects often run out of money or time before completion SDLC assumes requirements don't change Biggest problems: 1. Traditional Waterfall SDLC does not allow you to go back -- 2. Linear sequence means we can always follow the same steps - not really the case these days 3. Doesn't allow for any change - these days change happens fast, thus we need to be able to welcome it! 4. Traditional, there are no interim deliverables, thus if the project is abandoned midway, we have nothing to show for it.
Difference between traditional and agile approach
The five phases - note that they look like a WATERFALL. This is the traditional SDLC, meaning, just like a waterfall, it flows from one phase to the next BUT cannot flow backwards. Thus we better get it right in each phase!! Ask plenty of questions etc!! Otherwise, when we hand off everything in the 4th step (Implementation) for someone to build it (this is sometimes outsourced), if it isn't clear, folks will interpret and in many cases can be wrong. After the system is built, the users test it to be sure it does what it is supposed to. · Waterfall... bad thing with the 5 phases is that we can't go backwards so we need to make sure the system definition is perfect, we need to make sure that we asked every question possible. · The traditional approach aka waterfall approach was not perfect because you could NOT go back and fix problems. · The new agile approach is better because you CAN go back and fix mistakes.
12. What is system conversation?
The process of changing from the old system to the new one.
10. What are browser cookies? What are browser cookies?
They track every page you visit on the Internet and send that info to those sites. Somewhat an invasion of privacy.
3. Why are changing requirements an issue with systems development?
This can be very very bad. This pushes the need for what we call agile development (allows us to change technology) Agile means flexible. We still need a scope and we still need a budget, but if we anticipate some changes, we need to have that flexibility built in. We typically don't have big projects anymore because things change so fast and so often. · Systems development aims at a moving target · What should development team do? · Bigger the system, longer the project, the more requirements change · Incorporate changes, build, complete and make changes in maintenance phase?
Why are people on social media (4 reasons)
To get information To influence others Branding themselves Improving their status
What are some examples of Users
Users: Folks like me, anyone that wants to share their own content. Could be companies as well.
What determines structured business processes
Value chains
1. What is systems development?
We build a system because we want to meet our goals and objectives · Systems development is creating what we want our system to do. Requires · Establishing system goals · Setting up the project · Determining requirements · Business knowledge and management skill Systems Development sounds very technical. It is more so going through the process of setting up very accurate requirements based around the goals and scope of your system. If you don't know what you're shooting for, you won't know have any idea if it is a success. Systems Development covers all 5 components of Information Systems. The technical BUILDING of the system is handed off to the technical folks. Your role is to oversee the requirements and overall project development.
27. How should you notify users of a data breach? What should you NOT do?
We should respond very fast. And you want to be very transparent and accurate. Stop hackers from doing more damage. Exfiltration or illegally transferring data out. Immediately notify affected users
3. With information systems security, what is meant by "safeguards"?
What are some examples? Safeguards are what we do to protect our system. EX) having firewalls or anti-virus software, locking up your computer when you're done using it. Safeguard - measure individuals or organizations take to block threat from obtaining an asset; not always effective, some threats achieve their goal in spite of safeguards. EX) Anti-virus, firewall, 2 factor authentication
4. With information systems security, what is meant by a "target"?
What are some examples? Target= what are people going after... it could be money or maybe certain files. Big Targetà Trying to get all of the employee or client's personal identifying information... This is a big target because people can sell off this information, or steal your credit card information. Target - asset desired by threat. what they're looking for
2. With information systems security, what is meant by a "threat"?
What are some examples? Threat - a person or organization seeks to obtain data or other assets illegally, without the owner's permission and often without the owner's knowledge. EX) Natural Disaster, People, our competition, COVID. Natural disasters - fires, floods, hurricanes, earthquakes, tsunamis, avalanches, other acts of nature; includes initial loss of capability and service, and losses recovery costs Data validation issue International and non international
1. With information systems security, what is meant by a "vulnerability"?
What are some examples? Vulnerability - an opportunity for threats to gain access to individual or organizational assets; for example, when you buy online, you provide your credit card data, and as data is transmitted over the Internet, it is vulnerable to threats. What our weaknesses are. What creates vulnerability? If we don't have firewalls installed, leaving our computer open in the car while we're driving, not creating passwords or using the same password for every account.
What is the work-breakdown structure
Work-Breakdown Structure (WBS) • Hierarchy of tasks • Tasks end with deliverables • Documents, designs, prototypes, data models, database designs, working data entry screens, etc. • Identifies task dependencies • Estimated task duration, cost and labor needed • Created with project management software, such as Microsoft Project
17. What are some key principles of agile development?
Yay! Agile! Agile = flexibility! Agile allows for these changes. NOTE: Agile does NOT mean we don't have a scope and does NOT mean we don't have a budget - we just don't know the details. We leave areas open for flexibility. Also, a big plus is we get interim deliverables, therefore even if the project had to be scrapped, we have something to show for it!
Baseline plan
is mapping out the 3 triple constraints, but at the same time things don't always go as planned.
Https What does the "s" represent
this means that the website is secure
Enterprise-wide... an enterprise refers
to the entire organization.
29. What is configuration control?
· A method for controlling, approving and tracking changes to a product's deliverables and processes. · Creating effective configuration control in terms of management policies, practices, and tools to maintain control over resources.
24. What is a work-breakdown structure and what does it show?
· A work breakdown structure is looking at all of the tasks that need to be done, listing them out and grouping them and getting all of the details. Then, we look at things like deliverables (are something that you can put your hands on like a document so that we can see it. It's not the finished product, but it's something that we can measure throughout). · In terms of dependencies à That means that start one part of the project until another part is already done. Ex) In a team project, you can't do the final presentation until all of the steps/ slides are completed.
2. What are some challenges to system development?
· Difficulty of determining requirements: Customers will ask us to build a system and then when you ask them what they want, they come back to you and say "well you're the expert you tell me what I need" so then it just goes round and round. · Changes in requirements: Ideally, we don't want our requirements to change. Ex) lets put a pool in the back yard... this is a huge requirement which will change the budget and time restraints. We need to make sure the requirements stay set and when there is a new requirement then we just make that into a new project. · Difficulties involving scheduling and budgeting: We don't know how long something will take. Everyone works at different speeds that's why scheduling is very difficult. · Changing technology: We have new technology every month. If we're locked into one technology, then this might hurt us because there's always new technology coming out. · Diseconomies of scale: If we add additional people to a project, it makes it later and creates more problems. Add people during an ongoing project then this causes problems. Determining requirements. Our client may have difficulty explaining what they need. We need specifics. Not just a broad "we need a car that will get us to work" - what about budget? What about snow and ice? Etc. Changes. This is a BIG problem. A lot of things can change. Look at our classes for example and how we are now teaching/learning online! We can also have clients who change their mind or due to budget cuts, may HAVE to change the scope of the system. Schedule and budget. Think about your own schedule. It may be dependent on others! So, when one person can't meet deadlines that messes up everyone else. Budgets. Also, I refer to fluctuating gas prices - this was recorded in Winter 2020 and thus the gas prices were very
Why is systems Development difficult and Risky?
· Many projects never finish. Often 200-300% over budget · Some finish within budget and schedule, but don't accomplish goals · High risk of failure, even with competent people following an appropriate methodology Why don't projects finish? Why do they go over budget? Why don't they accomplish the goals? Most projects are new and have never been done before. You need folks with experience to oversee the systems development to be sure you're on track. The biggest problem is not accomplishing the goals. This happens when we aren't clear on the goals at the start of the project.
28. What is the biggest challenge for developing systems?
· Hard to estimate especially in an environment that is changing. Like right now - no clue when we'll be back to normal..... Critical path - we won't really discuss. It means that if a task is on the critical path, we don't have any flexibility or SLACK time - it must be done to avoid the project being delayed. Biggest challenge is scheduling • How long does it take to: Develop a large data model? Adapt data model to user satisfaction? Develop a computer program? • Scheduling errors accumulate (e.g., snowball) • Difficult to do credible planning. • Every task may be on critical path- are all of the tasks that don't have any type of buffer built in, so this means that if it's scheduled to be done on a specific date, then it must be done on that specific date otherwise our project will be delayed.
25. What is a Gantt Chart?
· How long each task takes and who is assigned to do them. · What we don't see, but we can save are the dollars for each of the tasks. This is because some tasks are going to be more costly than others. Just because we are halfway through a project doesn't mean we should be at half of our budget. It all depends on the tasks. If we had to make some huge investments up front, then at the halfway point, we could be at 75% of our budget used and be fine.
27. When should you NOT outsource work?
· If I don't know if I'll have enough work to hire someone fulltime, I could outsource the work and just hire them for a specific job and not have to worry about them after that. Hire them again when I have more work, as opposed to having to lay off someone because I don't have more work for them - outsource instead.
Difficulty of requirements determination:
· Must create environment where difficult questions are asked and answered. · Consider a client like my dad. I ask him "what type of cell phone do you want? 4G? 5G?" etc..... He has no clue. So instead of him providing me with requirements, I have to dig deeper and ask lots of questions. Things such as will he be using the phone for Internet? To check his email? Does he text? Is he hard of hearing? How is his eyesight? All of these questions plus more can affect what he really needs the cell phone for and which one would be the best match.
26. Why might you decide to outsource work?
· Outsourcing is simply having someone else do the work.
30. What is the role of users in systems development?
· Remember scope creep? We need to have a firm grasp on what it is we are doing - so that we know if it is in the scope or not. Spend lots of time up front on the requirements analysis so that we are clear. · Taking responsibility for requirements · Understand systems are built to support business functions, to help organization achieve goals and objectives · Managing requirements is critical · You ensure requirements are complete and accurate · Users cannot be passive · Responsible for ensuring complete and accurate requirements · Responsible for managing requirements changes, avoiding requirements creep · Define testable conditions for functions and features · Evaluate data models, provide test data and sample scenarios · Conduct user testing (beta testing) · Final approval of system
22. What is a project?
· Something that is finite- basically something that is unique. · A project has a finite time. We KNOW when it will be done. It does not go on indefinitely.
13. What are some concerns about surveys?
· Surveys pose an issue - may not get a lot of feedback and also may be skewed -
9. The requirements phase will be heavy with what type of person?
· System Analysts and user · 2nd phase - this is where we get all of the details. VERY heavy with Systems Analysts. · Systems analysts are the people that asks a lot of questions and see how the puzzle pieces will all fit together.
8. In which phase do we assess the feasibility of a new system?
· System definition phase. · In this phase this determines if we can go through with the project, is it feasible or not.
19. What are the functions of the IS Department?
· The functions of the IS Department is the core of the business. For the business to stay strong and function properly, we need a strong IS Department. · The IS Department plans all of the information systems for the entire organization and focuses on what the goals and strategies are for that organization. · Notice that the IS Department is the core of the entire organization. Without a strong IS Department, the business would collapse. ALL security, outsourcing, IS, infrastructure, and applications are the function of the IS Department no matter what department you work in! · Plan use of IS to accomplish organizational goals and strategy. · Manage outsourcing relationships. · Protect information assets, anything of value like our security aspects through the IS Department. · Develop, operate, and maintain the organization's computing infrastructure. · Develop, operate, and maintain applications, it doesn't matter who these applications are for, doesn't matter if its for a customer, finance department, marketing department or whoever... it all goes through the IS Department.
11. What is a prototype and what is its role?
· The purpose of a prototype (terms of software model) à To visually be able to see what it is that we're building. · The purpose of a prototype (terms of a hardware model)à Gives me a better picture of what it is that I will be working with. Ex) giving my dad multiple of phones to see what he likes physically. · A prototype may or may not be working - it can be something as simple as screen designs to show the user/client the fields being collected and button placement.
10. Who approves the final requirements before the project continues?
· Users must review and approve all before project continues · USERS are essential, just like they have been with other Information Systems. They need to approve the requirements before we begin. Sure we can build a system, but whether or not it meets the needs, we need the users to tell us that!
20. What does a business or systems analyst do?
· We tend to blend Business analyst and system analyst together - a lot of our ISM majors become business analysts! These are the requirement people - the folks that ask lots and lots of questions. The problem solvers!
Loss of infrastructure
• Examples - bulldozer cutting a conduit of fiber-optic cables or floor buffer crashing into a rack of Web servers. • APT - sophisticated, possibly long-running, computer hack perpetrated by large, well funded organizations like governments. People usually get away with this for a good amount of time. • Cyberwarfare examples - Stuxnet and Flame. Stuxnet reputed to have been used to set back Iranian nuclear program by causing Iranian centrifuges to malfunction. Flame is a large and complex computer program reputed to have hacked into computers and operate as a cyber spy, capturing screen images, email and text messages, and searching nearby smartphones using Bluetooth communication.
9. What is the main goal of information systems security?
• Find appropriate trade-off between the risk of loss and the cost of implementing safeguards- invest enough in security so we know when enough is enough. Ex) Moat around the house. • Use antivirus software- everyone should be using antivirus software. The problem with antivirus software is that it only protects us from viruses that we already know about. • Deleting browser cookies- leaving a trail every place you have visited. Companies want to save these cookies because it shows them your interests and what you have searched up. • Get in front of security problem by making appropriate trade-offs for your life and your business- have enough security but you might not need the moat with a draw bridge. BASICALLY.... don't spend $1,000 to protect $100
20. What are some symptoms that your machine may have spyware or adware?
• Have you experienced any of these? ANY of these could signal that your computer has been infected.
Why do things never go to plan?
• Requires trade-offs between requirements, costs, and time • Critical people leave • Hiring freezes • Natural disasters • Competitor actions • Technology changes • New management
23. What is the triple constraint and what is the tradeoff?
• Systems development projects require the balancing of three critical drivers: requirements (scope), cost (resources) and time (schedule). • We can trade off requirements against time and against cost. If we make the necklace simpler, it will take less time. If we eliminate the diamonds and gems, it will be cheaper. • Relationship between time and cost is more complicated. Normally, we can reduce time by increasing cost, but only to a point, because of diseconomies of scale. • Adding more time could decrease or increase cost. • This TRIPLE CONSTRAINT means that if we change one of these 3, it impacts the other 2.