MIS Exam 3
Name 3 elements in a scrum requirement.
Who, what, why
In a business process, a ______ is defined as a collection of something.
repository
Define ad blocking and explain how it hurts online companies abilities to generate revenue.
-Ad blocking software: software that filters out advertising content. A recent report by page fair indicated that 11% of web surfers use ad-blocking software to filter out advertising content, and rarely, if ever, see Internet ads. It is also reported that the use of ad working software grew by 30% over the past year. Social media companies that rely solely on ad revenue may see their share price is plummet if the use of ad-blocking software becomes widespread.
Give examples of how social media companies generate revenue from advertising and charging for premium services.
-Advertising Most SM companies earn revenue through advertising. Advertising on SM can come in the form of paint search, display or banner ads, mobile ads, classifieds, or digital video ads. Google lead the way in making digital advertising revenue with search, followed by Gmail and then YouTube. Advertisers like digital ads because, unlike traditional media such as newspapers, users can respond directly to web ads by clicking on them. Run an ad in the print version of the Wall Street Journal, and you have no idea of who responds to that ad and how strongly. But place an ad for that same product in the newspapers online version, and you also know the percentage of viewers who clicked that ad and what action they took next. This knowledge led to the pay per click revenue model, in which advertisers display ads to potential customers for free and pay only when the customer clicks. Another way to grow add revenue is to increase site value with user contributions. The term use increases value means the more people use the site, the more value it has, and the more people will visit. Furthermore, the more value on site has, the more existing users will return. If you can get people to connect their community of practice to a site, you will get more users, they will add more value, existing users will return more frequently, and, all things considered, the more add clicks there will be. -Premium The freemium revenue model offers users a basic service for free and then charges a premium for upgrades or advanced features.
List data safeguards.
-Data Safeguards are measures used to protect databases and other data assets from threats. Includes data rights and responsibilities, encryptions, backup and recovery, and physical security. 1.Define data policies such as "We will not share identifying customer data with any other organization." 2.Data rights and responsibilities 3.Rights enforced by user accounts authenticated by passwords 4. Data encryption(e.g. when data are encrypted, a trusted party should have a copy of the encryption key) 5. Backup and recovery procedures (e.g. The organization should store at least some of these backups off 6. Physical securities
Define encryption, key, symmetric encryption, asymmetric encryption, and public key encryption.
-Encryption: The process of transforming clear text into coded, unintelligible text for secure storage or communication. -Encryption Algorithms: Algorithms used to transform clear text into coded, unintelligible text for secure storage or communication. Procedures for encrypting data. -Key: A string of bits used to encrypt data. The encryption algorithm applies the key to the original message to produce the coded message. It is called a key because it unlocks a message, but it is a string of bits, expressed as numbers or letters, used with an encryption algorithm. Decoding (decrypting) a message is similar; a key is applied to the coded message to recover the original text. -Symmetric Encryption: An encryption method whereby the same key is used to encode and decode the message. -Asymmetric Encryption: An encryption method whereby different keys are used to encode and to decode the message; one key encodes the message, and the other key decodes the message. Asymmetric encryption is slower and more complicated than symmetric encryption. -Public Key Encryption: A special version of asymmetric encryption that is popular on the Internet. With this method, each site has a public key for encoding messages and a private key for decoding them.
In your own words, explain the meaning and importance of each of the principles in Figure 12-20.
-Expect, even welcome, changes in requirements *The first way in which scrum and the other agile techniques differ from the SDLC is that they expect and even welcome change. Given the nature of social systems, expect is not a surprise, but why welcome? Isn't welcoming requirements change a bit like welcoming a good case of the flu? No, because systems are created to help organizations and people achieve their strategies, and the more the requirements change, the closer they come to facilitating strategies. the result is better and more satisfying for both the users and the development team. -Frequently deliver working version of the product. *Second, scrum and other agile development processes are designed to frequently deliver a working version of some part of the product. Frequently means 1 to 8 weeks, not longer. This frequency means that management is at risk only for whatever costs and time have been consumed in that period. And, at the end of the period, they will have some usable product piece that has at least some value to the business. *Thus, unlike the SDLC, agile techniques deliver benefits early and often.. The initial benefits might be small, but they are positive and increase throughout the process. With the SDLC, no value is generated until the very end. Considering the time value of money, this characteristic alone makes agile techniques more desirable. -Work closely with the customer for the duration *Someone who knows the business requirements must be available to the development team and must be able and willing to clearly express, clarify, and elaborate on requirements. Also, customers needs to be available to test the evolving work product and provide guidance on how well new features work. -Design as you go *Rather than design the complete, overall system at the beginning, only those portions of the design that are needed to complete the current work are done. Sometimes this is called just-in-time design. Designing in this way means that the design is constantly changing, and existing designs may need to be revised, along with substantial revision to the work product produced so far. On the surface, it is inefficient. However, experience has shown that far too many teams have constructed elaborate, fanciful, and complete designs that turned out to be glamorous fiction as the requirements changed. -Test as you go -Teams knows best how it's doing/how to change *Is obvious if the team is going to be delivering working versions. Development teams know how well they're doing. you could go into any development environment today and ask the team how it's doing and, once team members understood you were not about to inflict a new management program on them, you would find they know their strengths, weaknesses, bottlenecks, and process problems quite well. That principle is part of agile development methodologies. At the end of every deliverable or some other (short) milestone, the team meets to assess how its doing and how it can improve. -Can be used for business processes, information systems, and applications development *Finally, agile development methodologies are generic. They can be applied to the creation of business processes, information systems, and applications. They are applicable to other team projects as well.
Define malware and name 6 types of malware.
-Malware is a broad category of software that includes viruses, worms, trojan horses, spyware, and adware. 1. Virus: A computer program that replicates itself. -Many viruses take unwanted and harmful actions. The program code that causes the unwanted actions is called the payload. The payload can delete programs or data--or, even worse, modify data in undetected ways. 2. Trojan Horses: Viruses that masquerade as useful programs or files. A typical Trojan horse appears to be a computer game, an MP3 music file, or some other useful, innocuous program. 3. Worm: A virus that propagates itself using the Internet or some other computer network. Worm code is written specifically to infect another computer as quickly ahs possible. 4. Spyware: Programs installed on the user's computer without the user's knowledge or permission that reside in the background, and unknown to the user, observe the user's actions and keystrokes, modify computer activity, and report the user's activities to sponsoring organizations. Malicious spyware, called keystrokes, captures keystrokes to obtain usernames, passwords, account numbers, and other sensitive information. Other spyware is used for marketing analyses, observing what users do, Web sites visited, products examined and purchased, and so forth. 5. Adware: Programs installed on the user's computer without the user's knowledge or permission that reside in the background and, unknown to the user, observe the user's actions and keystrokes, modify computer activity, and report the user's activities to sponsoring organizations. Most adware is benign in that it does not perform malicious acts or steal data. It does, however, watch user activity and produce pop-up ads. 6. Ransomware: Malicious software that blocks access to a system or data until money is paid to the attacker.
Q9-4 Define monetize and describe why it's difficult for social media companies to generate revenue.
-Monetize: social social media companies ability to make money from its application, service, or content. Both YouTube and Facebook have extremely large numbers of active users. The only problem is that they give it away for free. Billions of anything multiplied by zero is zero. Do all of those users really matter if Facebook and YouTube can't make a single penny off of them? Social media has evolved in such a way that users expect to use us SM applications without paying for them. SM companies want to build up a large network of users quickly, but have to offer a free product in order to attract users. The dilemma that becomes harder they monetize, or make money from, their application, service, or content. The answer is by making users the product. When a company runs an advertisement, it is essentially being paid to put the ad in front of its users. Innoway, it's renting your eyeballs to an advertiser for a short period of time. Google is paid to target users with ads by using their search terms, sites they visit, and "scans" of their emails to place targeted ads in front of them. In essence, then, users are the product being sold to advertisers.
Define pay-per-click, conversion rate, and freemium.
-Pay-per-click: A revenue model in which advertisers display ads to potential customers for free and pay only when the customer clicks. Another way to grow add revenue is to increase site value with user contributions. The term use increase his value means that the more people use the site, the more value it has, and the more people will visit. Furthermore, the more value a site has, the more existing users will return. -Conversion Rate: Measures the frequency with which someone who clicks on an ad makes a purchase, "likes" a site, or takes some other action desired by the advertiser. -Freemium: A revenue model offering a basic service for free and charging a premium for upgrades or advanced features.
Explain how laws like GLBA, HIPAA, and PCI DSS protect consumer data.
-Payment Card Industry Data Security Standard (PCI DSS) is a standard that governs that secure storage and processing of credit card data. -Gramm-Leach-Bliley Act (GLBA): This act protects consumers financial data stored by financial institutions, which are defined as banks, securities firms, insurance companies, and organizations that provide financial advice, prepare tax returns, and provide similar financial services. -Health Insurance Portability and Accountability Act (HIPPA): The privacy provisions of this 1996 act give individuals the right to access health data created by doctors and other healthcare providers. HIPAA also sets rules and limits on who can read and receive a person's health information.
Define perimeter firewall, internal firewalls, and packet-filtering firewall.
-Perimeter Firewall: A firewall that sits outside the organizational network; it is the first device that Internet traffic encounters. -Internal Firewalls: Firewalls that sit inside the organizational network. -Packet-filtering Firewall: A firewall that examines each packet and determines whether to let the packet pass. To make this decision, it examines the source address, the destination addresses, and other data.
Q9-2 Summarize how social media contributes to sales and marketing, customer support, inbound logistics, outbound logistics, manufacturing and operations, and human resources. Name SM risks for each activity.
-Sales and Marketing - Focus outward to prospects; social CRM & Peer-to-peer sales Dynamic, SM-based CRM process: In the past, organizations controlled their relationships with customers using structured processes and related information systems. Primary purpose of traditional CRM was to manage customer touches.Social CRM: Customers craft own relationship ->Ex. Wikis, blogs, discussion lists, frequently asked questions, sites for user reviews and commentary, other dynamic content.Customers search content, contribute reviews and commentary, ask questions, create user groups, etc. Not centered on customer lifetime value. -Customer Service - Focus outward to customer; peer-to-peer support Relationships emerge from joint activity, customers have as much control as companies. Product users freely help each other solve problems. Selling to or through developer networks most successful. Microsoft's MVP program. Peer-to-peer support risks loss of control. -Inbound Logistics - Focus on upstream supply chain providers, problem solving -Outbound Logistics - Focus on downstream supply chain shippers, problem solving For inbound and outbound logistics: Benefits: Numerous solution ideas and rapid evaluation of them. Better solutions to complex supply chain problems. Facilitates user created content and feedback among networks needed for problem solving. Loss of privacy: Open discussion of problem definitions, causes, and solution constraints. Problem solving in front of your competitors. -Manufacturing and operations - focus on outward for user design; inward to operations and manufacturing, user-guided design, industry relationships, operational efficiencies Improves communication channels within organization and externally with consumers, design products, develop supplier relationships, and operational efficiencies. Crowdsourcing, Businesses-to-consumer (B2C) •Crowdsourcing is the dynamic social media process of employing users to participate in product design or product redesign. •Business-to-business (B2B): relationships through which businesses generate new retail leads. •Business-to-consumer (B2C): relationships through which businesses market their products to end-users. -Human Resources - employment candidates; employee communications, employee prospecting, recruiting, and evaluation, Sharepoint fo employee-to-employee communication Employee communications using internal personnel sites.Ex: MySite and MyProfile in SharePoint. Finding prospective employees, recruiting and evaluating candidates. Place for employees to post their expertise. Risks: Forming erroneous conclusions about employees, Becoming defender of belief or pushing unpopular management message. Risks: -Sales and marketing - loss of credibility and bad pr -Customer Service - Loss of control -Inbound logistics - privacy -Outbound logistics - privacy -Manufacturing and operations - efficiency/effectiveness -Human Resources - error and loss of credibility
Define social CRM and crowdsourcing.
-Social CRM: CRM that includes social networking elements and gives the customer much more power and control in the customer/vendor relationship. Social CRM is a dynamic, SM based CRM process. The relationships between organizations and customers are merge in a dynamic process as both parties create and process content. Today, many organizations are struggling to make the transition from controlled, structured, traditional CRM processes to wide-open, adaptive, dynamic social SRM processes; the struggle represents a significant job opportunity for those interested and IS, sales, and social media. -Crowdsourcing: The dynamic social media process of employing users to participate in product design or re-design.
Chapter 9 Q9-1 Define social media, communities of practice, social media information systems, social media provider, and social networks.
-Social Media (SM) is the use of information technology to support the sharing of content among networks of users. -Communities of Practice: are also called communities; groups of people related by a common interest. -Social Media Information System (SMIS) is an information system that supports the sharing of content among networks of users. -Social Media Providers: are companies that provide platforms that enable the creation of social networks. Facebook, Twitter, LinkedIn, and Google are all social media providers. -Social networks: are the social relationships among people with common interests.
Name and describe 3 SMIS organizational roles.
-Social Media Providers Social media providers such as Facebook, Google+, LinkedIn, Twitter, Instagram, and Pinterest provide platforms that enable the creation of social networks, or social relationships among people with common interests. Social media providers compete with one another for the attention of users in for the associated advertising dollars. -Users Users include both individuals and organizations that use social media sites to build social relationships. Depending on how organizations want to use social media, they can be users, providers, or both. For example, larger organizations are big enough to create and manage their own internal social media platforms such as wikis, blogs, and discussion boards. In this case, the organization would be a social media provider. -Communities Social media communities are formed based on mutual interests and transcend familial, geographic, and organizational boundaries. Because of this transcendence, most people belong to several, or even many, different user communities. How the social media site chooses to relate to these communities depends on its goals. If the social media site is interested in pure publicity, it will want to relate to as many tiers of communities as I can. If so, it will create a viral hook, which is some inducement, such as prize or other reward, for passing communications along through the tiers. If, however, the purpose of the social media site is to solve in embarrassing problem, say, to fix a product defect, then it would endeavor to constrain, as much as it can, the communications to Community A. The exponential nature of relationships via community tiers offers organizations both a blessing and a curse. Social media is a powerful tool, and to use it well, organizations must know if your goals and plan accordingly.
Scrum Process
-Takes place over 1-8 weeks Prioritized Requirements list Choose requirements to deliver Stand up (Daily) Do work (Daily) Deliver and Reflect
Summarize the contents of a security policy.
-What sensitive data the organization will store. -How it will process that data. -Whether data will be shared with other organizations. -How employees and others can obtain copies of data stored about them. -How employees and others can request changes to inaccurate data. -What employees can do with their mobile devices at work. -What non-business-related activities employees can take with employee-owned equipment.
Name 3 uses for the BPMN diagrams.
1. BPMN diagrams are used to define process alternatives for discussion and evaluation 2. Another use is to document processes for employee training 3. To provide process requirements documentation for systems and application development
List four common social media goals and describe why they are important.
1. Brand Awareness - extent that users recognize a brand (Ex: Organization's brand mentioned in a tweet). Brand Awareness Metrics: Total Twitter followers, audience growth rate, brand mentions in SM, Klout or Krefeld score. 2. Conversion rates - measures the frequency that someone takes a desired action (Ex: likes the organization's Facebook page) Conversion Rates Metrics: Click rate on your SM content, assisted social conversions. 3. Web site traffic - quantity, frequency, duration, and depth of visits to a web site (Ex: traffic from Google+ Post mentioning the organization's site) Web Site Traffic Metrics: Visitor frequency rate, referral traffic from SM 4. User engagement - extant to which users interact with a site, application, or other media (Ex: user regularly comments on organization's LinkedIn posts.) User Engagement Metrics: Number of SM interactions, reshaped of SM content. "Without clearly defined goals, you won't know whether you SM effort was successful
Name 3 development processes and state which processes are used for the development of business processes, information systems, and applications.
1. Business process management is a technique used to create new business processes and to manage manages to existing processes. 2. The systems development life cycle (SDLC) is a process that can be used to develop both information systems and applications. The SDLC achieved prominence in the 1980s when the U.S. Department of Defense required that it be used on all software and systems development projects. 3. Scrum is a new development process that was created, in part, to overcome the problems that occur when suing the SDLC. Scrum is generic enough that is can be used for the development (and adaptation) of business processes, information systems, and applications.
Name three factors that determine social capital and explain how "they are more multiplicative than additive."
1. Number of Relationships, 2. Relationship Strength, -to an organization, the strength of relationship is the likelihood that the other entity in the relationship will do something that benefits the organization. An organization may have a strong relationship with you if you write positive reviews about it, post pictures of you using the organizations products or services, tweet about upcoming product releases, and so on. (The wedding photographer example) 3. Entity Resources (resources controlled by "friends") Social Capital = Number of Relationships X Relationship Strength X Entity Resources This multiplicative nature of social capital means that a huge network of relationships with people who have few resources may be of less value then a smaller network of relationships with people who have substantial resources.
Q10-7 Summarize human safeguards for each activity in Figure 10-13.
1. Position Definition - Separate duties and authorities - Determine least privilege - Document position sensitivity 2. Hiring and Screening 3. Dissemination and enforcement 4. Termination - Friendly -Unfriendly
List and explain 4 critical factors for development project management.
1. Coordination -Development projects, especially large-scale projects, are usually organized into a variety of development groups that work independently. Coordinating the work of these independent groups can be difficult, particularly if the groups reside in different geographic locations or different countries. An accurate and complete WBS facilitates coordination, but no project ever proceeds exactly in accordance with the WBS. Delays occur, and unknown or unexpected dependencies develop among tasks. 2. Diseconomies of Scale -A principle that states as development teams become larger, the average contribution per worker decreases. -The number of possible interactions among team members rises exponentially with the number of team members. Ultimately, no matter how well managed a project is, diseconomies of scale will set in. 3. Configuration control -A set of management policies, practices, and tools that systems developers use to maintain control over project's resources. -Configuration control is vital; a loss of control over a project's configuration is so expensive and disruptive that it can result in termination for senior project managers. 4. Unexpected events -The larger and longer the project, the greater the chance of disruption due to an unanticipated event. Critical people can change companies; even whole teams have been known to pack up and join a competitor. A hurricane may destroy an office; the company may have a bad quarter and freeze hiring just as the project is staffing up; technology will change; competitors may do something that makes the project more (or less) important; or the company may be sold and new management may change requirements and priorities.
Q12-5 Name 5 keys for successful development projects.
1. Create a work breakdown structure 2. Estimate time and costs 3. Create a project plan 4. Adjust the plan via trade-offs 5. Manage development challenges
Name five basic systems development activities.
1. Define System 2. Determine Requirements 3. Design System Components 4. Implement System 5. Maintain System
Describe the process of developing an effective SMIS.
1. Define Your Goals The first step in developing an SMIS is to clearly define what the organization wants to achieve with SM. As previously mentioned, your goals must be clear, deliberate, and aligned with the organizations competitive strategy. Without clearly defined goals, you won't know whether your SM effort was successful. The goals for each organization are different. For organizations that choose a differentiation strategy, SM goals can include better employee recruiting, quicker product development, becoming an industry product leader, or increasing customer loyalty. In general, most organizations include increase brand awareness, conversion rates, website traffic, or user engagement as goals. 2. Identify Success Metrics After you know what you want to accomplish using SM, you need to identify metrics that will indicate when you've achieved your goals. These are referred to as success metrics or key performance indicators (KPI). Metrics are simply measurements use to track performance. Every organization has different metrics for success. The hard part and identifying success metrics as identifying the right ones. The right metrics help you make better decisions; the wrong metrics are meaningless and don't positively affect your decision making. Metrics that don't improve your decision making are commonly referred to as vanity metrics. Remember, in some circumstances you want to maximize the metric, while in others you want to minimize the metric. It just depends on what you're measuring. Whereas you may want to maximize a metric like conversion rate, or the percentage of people who achieve a certain result, you will probably want to minimize other metrics like bounce rate, or the percentage of people who visit your website and then immediately leave. 3. Identify Target Audience Clearly identify your target audience. Chances are it's not going to be everyone. Once you've identified your target audience, you need to find out which SM platforms they use. Certain social media platforms attract certain audiences. Your target audience will influence which SM platform you use. 4. Define Your Value After pinpointing your target audience, you'll need to define the value you'll provide your audience. Why should these users listen to you, go to your website, like your post, or tweet about your products? Are you providing news, entertainment, education, employee recruiting, or information? In essence, you need to define what you are going to give your audience an exchange for making a connection with you. If you are unsure how your organization could add value, start by performing a competitive analysis to identify the strengths and weaknesses in your competitors use of social media. Look at what they're doing right and what they're doing wrong. 5. Make Personal Connections The true value of social media can be achieved only when organizations use social media to interact with customers, employees, and partners in a more personal, humane, relationship oriented way. Skepticism of organizational messages gives a competitive advantage to organizations that can make personal connections with users via social media. Today, people want informed, useful interactions that help them solve particular problems and satisfy unique needs. The increasingly ignore prepackaged organizational messages that tout product benefits. This requires you to engage audience members, ask him questions, and respond to their posts. It also means you must avoid hard selling products, overwhelming audience members with content, and contacting them too often. 6. Gather and Analyze Data Finally, when creating a social media strategy, you need to gather the right amount of data necessary to make the most informed decision you can. You can use online analytical tools like a Google analytics, Facebook page insights, clicky, or KISSmetrics to measure the success metrics you defined earlier. These tools will show you statistical information such as which tweets get the most attention, which post generate the most traffic, and which social media platform generates the most referrals. Then you can redefine your use of social media based on the performance of your success metrics. Be sure to rely on analysis of hard data, not anecdotes from friends. Also, remember that the social media landscape is changing rapidly. Oh wow your use of social media to be flexible enough to change with the times. Senior managers need to see regular progress reports about how social media is affecting the organization. They also need to be educated about changes in social media landscape.
Q9-7 Name and describe two sources of SM risk.
1. Employee Communication -Social Media Policy -The 3 key pillars of Intel's policy in 2018 are: Disclose, Protect, and Use Common Sense 2. Inappropriate Content -User-generated content (USG) -The major sources of UGC problems are: junk and crackpot contributions, inappropriate content, unfavorable reviews, and mutinous movements. -Responding to Social Networking Problems by either leaving it, responding to it, or deleting it. -Internal Risks of Social Media
Q10-8 Summarize the actions that an organization should take when dealing with a security incident?
1. Have plan in place 2. Centralized reporting 3. Specific responses - Speed - Preparation pays - Don't make problem worse 4. Practice First, every organization should have an incident response plan as part of the security program, and it should ensure employees know where to find it when an incident occurs. The plan should provide centralized reporting of all security incidents. When an incident does occur, speed is of the essence. Viruses and worms can spread very quickly across an organization's networks, and a fast response will help mitigate the conse- quences. Because of the need for speed, preparation pays. The incident response plan should identify critical personnel and their off-hours contact information.
Explain 3 reasons why business processes need to be managed.
1. Improve process quality Process quality has two dimensions: efficiency (use of resources) and effectiveness (accomplish strategy). The most obvious reason for changing a process is that it has efficiency or effectiveness problems. With regard to efficiency, the process may use its resources poorly. It is not easy to determine what process structure is best. The need to monitor process quality and adjust process design, as appropriate, is one reason that processes need to be managed. 2. To adapt to changes in technology When new technology changes any of a process's activities in a significant way, the entire process needs to be evaluated. The evaluation is another reason for managing processes. 3. To adapt to changes in business fundamentals A substantial change in any of the following factors might result in the need to modify business processes: -Market (e.g., new customer category, change in customer characteristics) -Product lines -Supply chain -Company policy -Company organization (e.g., merger, acquisition) -Internationalization -Business environment
Describe 6 ways to protect against malware.
1. Install antivirus and antispyware programs on your computer. 2. Set up your antimalware programs to scan your computer frequently. 3. Update malware definitions. -Malware definitions are patterns that exist in malware code. Antimalware vendors update these definitions continuously and incorporate them into their products in order to better fight against malware. 4. Open email attachments only from known sources. 5. Promptly install software updates from legitimate sources. 6. Browse only reputable websites.
Name the four stages of the BPM process and summarize the activities in each.
1. Model Processes -The BPM cycle begins by creating a model of existing business process, called the as-is model. Then business users who are involved in the process and business and systems analysts evaluate that model and make improvements. Business processes can be improved by changing the structure of the process, by adding resources, or both. If the process structure is to be changed, a model of the changed process is constructed. Two common ways of adding resources to a process are to assign more people to process activities and to create or modify information systems. 2. Create Components -In this activity, the team designs changes to the business process at a depth sufficient for implementation. If the business process involves new information systems or changes to existing information systems then systems development projects are created and managed at this stage. Again, some activities involve IS, and some do not. For those that do, information systems procedures need to be created to enable users to accomplish their process tasks. 3. Implement Processes -Here process actors are trained on the activities that they will perform and on the IS procedures that they will use. Converting from an existing process to a new or revised one usually meets with employee resistance. Thus, an important activity for you during implementation is softening that resistance. 4. Assess Results -Once the process has been implemented, well-managed organizations don't stop there. Instead, they create policy, procedures, and committees to continually assess business process effectiveness. The Information Systems Audit and Control Association has created a set of standard practices called COBIT (Control Objectives for Information and related Technology) that are often used in the assessment stage of the BPM cycle. When the assessment process indicates that a significant need for a change has arisen, the BPM cycle is repeated and adjusted. New process models are developed, and components are created, implemented, and assessed.
Summary of Scrum Estimation Techniques
1. Team assigns 1 point to the simplest task. 2. Times to deliver working tasks are compared to each other and assigned points (points are Fibonacci numbers). Use... -Team estimation -Planning poker -Other 3. Using past experience, team computes its velocity...number of points it can accomplish per scrum period. 4. Working with product owner, team selects tasks for the upcoming scrum period, constrained by its velocity.
Q12-6 Explain two reasons that the SDLC is falling out of favor.
1. The nature of the SDLC denies what every experienced developer knows to be true: systems requirements are fuzzy and always changing. They change because they need to be corrected, or more is known, or users change their minds about what they want after they use part of the system, or business needs change, or technology offers other possibilities. 2. It is very risky. The people for whom the system is being constructed cannot see what they have until the very end. At that point, if something is wrong, all the money and time has already been spent.
Explain how internal use of social media can create risks to inform security, organizational liability, and employee productivity.
1. The use of social media can directly affect the ability of an organization to secure its information resources 2. Employees may inadvertently increase corporate liability when they use social media 3. Increased use of social media can be a threat to employee productivity
List three types of threats and five types of security losses.
3 types of threats: 1. Human Error 2. Computer Crime 3. Natural Events and Disasters 5 types of security losses: 1. Unauthorized Data Disclosure Unauthorized Data Disclosure occurs when a threat obtains data that is supposed to be protected. *Human Error: Procedural Mistakes *Computer Crime: Pretexting, Phishing, Spoofing, Sniffing and Hacking. -Pretexting is deceiving someone over the Internet by pretending to be another person or organization. -Phishing is a technique for obtaining unauthorized data that uses pretexting via email. The phisher pretends to be a legitimate company and sends an email requesting confidential data, such as account numbers, Social Security numbers, account passwords and so forth. A phisher is an individual that spoofs legitimate companies in an attempt to illegally capture personal data, such as credit card numbers, email accounts, and driver's license numbers. -Spoofing is when someone pretends to be someone else with the intent of obtaining unauthorized data. If you pretend to be your professor, you are spoofing your professor. IP Spoofing is a type of spoofing whereby an intruder uses another site's IP address as if it were that other site. Email spoofing is a synonym for phishing. A technique for obtaining unauthorized data that uses pretexting via email. The phisher pretends to be a legitimate company and sends email requests for confidential data, such as account numbers, Social Security numbers, account passwords, and so forth. Phishers direct traffic to their sites under the guise of legitimate business. -Sniffing is a technique for intercepting computer communications. With wired networks, sniffing requires a physical connection to the network. With wireless networks, no such connection is required. Wardrivers are people who use computers with wireless connections to search for unprotected wireless networks. Packet sniffers is a program that captures network traffic. -Hacking is a form of computer crime in which a person gains unauthorized access to a computer system. Although some people hack for the sheer joy of doing it, other hackers invade systems for the malicious purpose of stealing or modifying data. *Natural Disasters: Disclosure during recovery. 2. Incorrect Data Modification *Human Error: Procedural mistakes, incorrect procedures, ineffective accounting controls or system errors. *Computer Crime: Hacking *Natural Disasters: Incorrect data recovery 3. Faulty Service *Human Error: Procedural mistakes, development and installation errors. *Computer Crime: Usurpation (Usurpation occurs when unauthorized programs invade a computer system and replace legitimate programs. Such unauthorized programs typically shut down the legitimate system and substitute their own processing to spy, steal and manipulate data, or achieve other purposes. *Natural Disasters: Service improperly restored. 4. Denial of Service (DoS) Denial of Service (DoS) is a security problem in which users are not able to access an information system; can be caused by human errors, natural disaster, or malicious activity. *Human Error: Accidents *Computer Crime: DoS attacks *Natural Disasters: Service interruption 5. Loss of Infrastructure *Human Error: Accidents *Computer Crime: Theft and/or terrorist activity -Advanced Persistent Threat (ATP): A sophisticated, possibly long-running, computer hack that is perpetrated by large, well-funded organizations like governments. ATPs are a means to engage in cyberwarfare. *Natural Disasters: Property Loss
Explain the elements in the Gantt chart in Figure 12-17.
A Gantt chart is a timeline graphical chart that shows tasks, dates, dependencies, and possibly resources.
Explain the primary roles of business and system analysts.
A business analyst is some who is well versed in Porter's models and in the organization's strategies and who focuses, primarily, on ensuring that business processes and information systems meet the organization' s competitive strategies. Systems analysts are IS professionals who understand both business and information technology. They focus primarily on IS development, but are all involved with business analysts on the management of business processes as well. Systems analysts pay a key role in moving development project through the SDLC or scrum development process
Define critical path and explain critical path analysis.
A critical path is the sequence of activities that determine the earliest date by which the project can be completed. Critical path analysis is the process by which project managers compress a schedule by moving resources, typically people, from noncritical path tasks to critical path tasks.
Define firewall, and explain its purpose.
A firewall is a computing device located between public and private networks that prevent unauthorized access to or from the internal network. A firewall can be a special-purpose computer, or it can be a program on a general-purpose computer or on a router. A firewall is a computing device that prevents unauthorized network access
Which of the following usually happens in a malicious denial-of-service attack?
A hacker floods a Web server with many millions of bogus service requests.
Define as-is model.
A model that represents the current situation and processes.
Summarize requirements, cost, and schedule trade-offs.
A trade-off is a balancing of three critical factors: requirements, cost, and time Using trade-offs, the WBS plan can be modified to shorten schedules or reduce costs. But they cannot be reduced by management fiat.
Explain the purpose of a work breakdown structure.
A work breakdown structure (WBS) is a hierarchy of the tasks required to complete a project; for a large project, it might involve hundreds or thousands of tasks. Tasks are interrelated, and to prevent them from becoming a confusing morass, project teams create a work breakdown structure (WBS), which is a hierarchy of the tasks required to complete a project
Waterfall method and agile development
According to the SDLC, however, progress goes in a linear sequence from requirements to design to implementation. Sometimes this is called the waterfall method. The waterfall method is the assumption that one phase of the SDLC can be completed in its entirety and the project can progress, without any backtracking, to the next phase of the SDLC. Projects seldom are that simple; backtracking is normally required. Over the past 40 years, numerous alternatives to the SDLC have been proposed, including rapid application development, the unified process, extreme programming, scrum, and others. All of these techniques addressed the problems of the SDLC, and by the turn of the last century, their philosophy had coalesced into what has become know as agile development, which means a development process that conforms to the principles in Figure 12-20 (the image on the next card). Agile development is an adaptive project management process based on the principles listed in Figure 12-20. It can be used for the management of many types of projects, including processes, information systems, and applications. Traditionally, agile development was thought to be done by small organizations, working on small projects. Scrum is an agile methodology and conforms the the principles shown in Figure 12-20. More than 58% of agile projects use the scrum methodology.
Describe 3 dimensions of safeguards for account administration.
Account Management concerns the creation of new user accounts, the modification of existing account permissions, and the removal of unneeded accounts Password Management Help-Desk Policies Account management concerns the creation of new user accounts, the modification of existing account permissions, and the removal of unneeded accounts. Information system administrators perform all of these tasks, but account users have the responsibility to notify the administrators of the need for these actions.
______ is a sophisticated, possibly long-running computer hack that is perpetrated by large, well-funded organizations such as governments.
Advanced persistent threat (APT)
How does the knowledge of your generation of businesspeople influence systems development?
All management grads are going to play strong roles in developing new systems as well as managing the projects. You grew up using systems with great user experience (UX) design into them. This experience will enable you to help create a closer alignment between processes and IS and business strategy, goals, and objectives.
Define IDS, and explain why the use of an IDS program is sobering, to say the least.
An Intrusion Detection System (IDS) is a computer program that senses when another computer is attempting to scan the disk or otherwise access a computer or network. IDS logs can record thousands of attempts each day.
Explain how scrum provides a framework for process learning.
As a team works more and more scrum periods together, it learns better and better how to assign points, and it learns more and more what its true velocity is.
Describe 3 types of authentication.
Authentication methods fall into three categories: what you know (password or PIN), what you have (smart card), and what you are (biometric). Password or PIN: Personal Identification Number (PIN) A form of authentication whereby the user supplies a number that only he or she knows. Smart Card: Plastic cards similar to credit cards that have microchips. The microchip, which holds much more data than a magnetic strip, is loaded with identifying data. Normally requires a PIN. Biometric: The use of personal physical characteristics, such as fingerprints, facial features, and retinal scans, to authenticate users.
In your own words, explain the nature of the five components of SMIS for each of the 3 SMIS organizational roles.
Because they are Information systems, SMIS have the same 5 components as all IS: hardware, software, data, procedures, and people. -Hardware Both users and organizations processes social media sites using desktops, laptops, and mobile services. In most cases, social media providers hosted the social media presence using elastic servers in the cloud. -Software Users employ browsers and client applications to communicate with others, send and receive content, and add and remove connections to communities and other users. These applications can be desktop or mobile applications for a variety of platforms, including iOS, android, and windows. Social media providers develop and operate their own custom, proprietary, social networking application software. Supporting custom software is expensive over the long term; social media application vendors must do so because the features and functions of their applications are fundamental to their competitive strategy. They can do so because this where the development cost over the revenue generated by millions of users. Many social networking vendors use a NoSQL database management system to process their own data, though traditional relational DBMS products are used as well. In addition to custom applications and databases, SM providers also invest in analytic software to understand how users interact with their site and application software. -Data SM data falls into 2 categories: content and connection. •Content data is data and responses to data that are contributed by users. You provide the source content data for your Facebook site, and your friends provide response content when they write on your wall, make comments, tag you, or otherwise publish your site. •Connection data is data about relationships. On Facebook, for example, the relationships to your friends our connection data. The fact that you've liked particular organizations is also connection data. Connection data differentiates SMIS from web sight applications. Both websites and social networking sites present user and responder content, but only social networking application store in process connection data. SM providers store and retrieve SM data on behalf of users. They must do so in the presence of network and server failures, and they must do so rapidly. The problem is made somewhat easier, however, because Sand content and connection data have a relatively simple structure. -Procedures For social networking users, procedures are informal, evolving, and socially oriented. You do what your friends do. When the members of your community learn how to do something new and interesting, you copy them. SM software is designed to be easy to learn in use. Such informality makes using SMIS easy, but it also means that unintended consequences are common. The most troubling examples concern user privacy. For organizations, social networking procedures are more formalized and aligned with the organizations strategy. Organizations develop procedures for creating content, managing user responses, removing obsolete or objectionable content, and extracting value from content. -People Users of social media do what they want to do depending on their goals and their personalities. They behave in certain ways and observe the consequences. They may or may not change their behavior. By the way, note that SM users aren't necessarily rational, at least not in purely monetary ways. organizations cannot be so casual. Anyone who uses his or her position in a company to speak for an organization needs to be trained on both SMIS user procedures in the organization social networking policy.
Define best practices and explain how the ESN implementation best practices list and Figure 9-13 could improve adoption of the ESN.
Best Practices - Methods that have been shown to produce successful results in prior implementations. When implementing an ESN, successful companies follow a process of four stage is having the elements shown in Figure 9-13. ESN deployment best practices: Strategy, Sponsorship, Support, and Success
Brooks' Law and baseline WBS
Brooks' Law: The adage that states: Adding more people to a late project makes the project later. Brooks' Law is true not only because a larger staff requires increased coordination, but also because new people need to be trained. The only people who can train the new employees are the existing team members, who are thus taken off productive tasks. The costs of training new people can overwhelm the benefit of their contributions. Baseline WBS: The initial work breakdown structure that shows the planned tasks, dependencies, durations, and resource assignments.
Define brute force attack.
Brute Force Attack: A password-cracking program that tries every possible combination of characters.
Nonword passwords are vulnerable to a ______ attack in which the password cracker tries every possible combination of characters.
Brute force
A ______ is a person who is well versed in an organization's strategy and focuses on ensuring that business processes and information systems meet the organization's competitive strategies.
Business Analyst
A ______ is a network of activities, repositories, roles, resources, and flows that interact to accomplish a business function.
Business Process
Q12-2 State the definition of business process used in this chapter and define roles, resources, and data flows.
Business Process - a network of activities, repositories, roles, resources, and flows that interact to accomplish a business function Roles - a collection of activities Repository-a collection of something Resources - people or computer applications that are assigned to roles Control flow - directs the order of activities Data Flow - shows the movement of data among activities and repositories
Describe the need for BPM and explain why it is a cycle.
Business process management (BPM) - a cyclical process for systematically creating, assessing, and altering business processes. When the assessment process indicates that a significant need for change has arisen, the BPM cycle is repeated and adjusted. new process models are developed, and components are created, implemented, and assessed.
Chapter 12 Q12-1 Using your own words, explain the differences among business processes, information systems, and applications. State the components of each.
Business processes, information systems, and applications have different characteristics and components. The activities in a business process often involve information systems. Each of these information systems has the 5 components that we've repeatedly discussed. The actors or participants in the business process are the users of the information systems. They employ IS procedures to use information systems to accomplish tasks in process activities. Each of these information systems contains a software component. Developing software nearly always involves the data component, and it often involves the specification and characteristics of hardware (e.g., mobile devices). Consequently, we define the term application to mean a combination of hardware, software, and data components that accomplishes a set or requirements.
Q12-7 Describe how machine learning will change systems development projects.
By 2029, the way information systems are developed will have changed. In fact, it is already changing. Artificial intelligence (AI), machine learning, and deep neural networks are reshaping the way enterprise systems are developed. From a user's perspective, it will appear that information systems are being "trained" rather than "created". Well, it's because machines are faster and more accurate when it comes to certain tasks. Writing code for a calculator that does basic addition and subtraction is easy. The mathematical rules are straightforward. Write several lines of code and you're done. Developers who make this type of software create it line by line. But what if the task is less clear--more abstract. For example, it is much more difficult to write software that can identify a specific face, translate content from one language to another, or determine which news stories are relevant to individual users. The types of applications are increasingly relevant and profitable. Developers are solving these types of problems via machine learning by TRAINING the system to make decisions that lead to the correct outcome. They DON'T CREATE code for it.
Explain the role of COBIT.
COBIT (Control Objectives for Information and related Technology) is a set of standard practices, created by the Information Systems Audit and Control Association, that are used in the assessment stage of the BPM cycle to determine how well an information system compiles with an organization's strategy.
Q9-3 Define capital, human capital, and social capital.
Capital - the investment of resources for future profit Human Capital - the investment in human knowledge and skills for future profit Social Capital - the investment in social relations with the expectation of returns in the marketplace
Explain how the focus of computer criminals will likely change in the next 10 years. Explain how this is likely to impact smaller organizations, and you.
Cloud vendors and major organizations will continue to invest in safeguards; they'll hire more people, train them well, and become ever more difficult to infiltrate. Although some criminals continue to attack these fortresses, most will turn their attention to smaller organizations and to individuals. You can steal $50 million from one company or $50 from a million companies with the same cash result. And, in the next 10 years, because of improved security at large organizations, the difficulty and cost of stealing that $50 million will be much higher than stealing $50 a million times. Part of the problem is porous national borders. People can freely enter the United States electronically without a passport. they can commit crimes with little fear of repercussions. There are no real electronic IDs. Cyber-gangs are well organized, financially motivated, and possible state-sponsored. Electronic lawlessness is the order of the day. If someone in Romania steals from Google, Apple, Microsoft, or Boeing and then disappears into a cloud of networks in Uzbekistan, do those large organizations have the resources, expertise, and legal authority to pursue attackers? What if the same criminal steals from you in Nashville? Can your local law enforcement authorities help? And, if your portion of the crime is for $50, how many calls to Uzbekistan do they want to make? At the federal level, finances and politics take precedence over electronic security. the situation will likely be solved as it was in the past. Strong local "electronic" sheriffs will take control of the electronic borders and enforce existing laws. It will take at least a couple decades for this to happen. Technology is moving faster than either the public or elected officials can educate themselves.
Explain how changes in communication channels have change the way organizations communicate with employees.
Communication channels: means of delivering messages. ESN allow employees to bypass the corporate chain on command in order to post ideas directly to upper management.
Explain how the phrase cat and mouse pertains to the evolution of computer crime.
Computer crime is a game of cat and mouse. Computer criminals find a vulnerability to exploit, and they exploit it. Computer security experts discover that vulnerability and create safeguards to thwart it. Computer criminals find a new vulnerability to exploit, computer security forces thwart it, and so it goes. The next major challenges will likely be those affecting mobile devices. But security on these devices will be improved as threats emerge that exploit their vulnerabilities. This cat and mouse game is likely to continue for at least the next 10 years. No super-safeguard will be devised to prevent computer crime, nor will any particular computer crime be impossible to thwart. However, the skill level of this cat and mouse activity is likely to increase, and substantially so. Because of increased security in operating systems and other software, and because of improved security procedures and employee training, it will become harder and harder for the lone hacker to find some vulnerability to exploit. Not impossible, but vastly more difficult.
Using Microsoft Fetch! as an example, explain why "training" will be an integral part of systems development.
Consider what will happen when AI and machine learning are applied to robotics, drones, self-driving cars, and 3D printing. Employees in accounting, manufacturing, finance, sales, and IS will all TRAIN a system to help them with their job--or do their job. Systems will, with help from their human partners, become their own developers.
Define cookie and explain why using a program like CCleaner is a good example of the computer security trade-off.
Cookies are small files that are stored on the user's computer by a browser. Cookies can be used for authentication, for storing shopping cart contents and user preferences, and for other legitimate purposes. Cookies are small files stored by the Web browser to enable access to Web sites without having to sign in every time, and they speed up processing of some sites. Cookies can also be used to implement spyware. CCleaner is a safeguard against cookies that are a security threat. It is free, open-source software that will do a better job at removing or disabling cookies than the browser.
Explain the relationship of the differences between crab and deer to this change.
Crabs have an external exoskeleton. Deers have an internal endoskeleton. When crabs grow, they must endure the laborious and biologically expensive process of shutting a small shell and growing a larger one. They are also vulnerable during the transition. When deer grow, the skeleton inside goes with the deer. No need for vulnerable molding. And, considering agility, would you take a crab over a deer? In the 1960s, organizations were the exoskeleton around employees. By 2029, organizations will be the endoskeleton, supporting the work of people on the exterior.
Describe tasks required for the definition, requirements, and design steps.
Define the System - Define System Goals and Scopes - Assess Feasibility *Cost feasibility is an assessment of whether the anticipated benefits of the system are likely to justify the estimated development and operational costs. *Schedule feasibility is whether an information system can be developed within the time available. *Technical feasibility is whether existing information technology will be able to meet the requirements of a new information system. *Organizational feasibility is whether an information system fits within an organization's customer, culture, and legal requirements. - Form a Project Team Determine Requirements Here, developers identify the particular features and functions of a new system. This is the most important phase in the SDLC process. - Sources of Requirements - Role of a Prototype - Approve Requirements Design System Components - the team designs each component by developing alternatives, evaluating each of those alternatives against the requirements, and then selecting from among those alternatives. Design portions of business processes here, as needed to use information system. Implement System -Testing -System Conversion -Implementation has two meanings for us. It could mean to implement the information systems components only, or it could mean to implement the information system and the business process that use that system. -Developers implement, test, and install the new system. Over time, users will find errors, mistakes, and problems. They will also develop new requirements. The description of fixes and new requirements is input into a system maintenance phase. Maintain System -The maintenance phase starts the process all over again, which is why the process is considered a cycle. The work done during this phase is either to fix the system so it works correctly or to adapt it to changes in requirements.
State specific activities for each of the five components during the design and implementation stages.
Design -Hardware: Determine hardware specifications - Software: Select off-the-shelf program. Design alterations and custom programs as necessary - Data: Design database and related structures - Procedures: Design user and operations procedures - People: Develop user and operations job descriptions Implementation - Hardware: Obtain, install, and test hardware - Software: License and install off-the-shelf programs. Write alterations and custom programs. Test programs. - Data: Create database. Fill with data. Test data - Procedures: Document procedures. Create training programs. Review and test procedures. - People: Hire and train personnel
Q12-3 Explain the need for a process documentation standard.
Differences in documentation can be problematic, especially when two different organizations with two different sets of definitions must work together. Accordingly, a software-industry standards organization called the Object Management Group (OMG) created a standard set of terms and graphical notations for documenting business processes. That standard, called Business Process Modeling Notation (BPMN), is documented at www.bpmn.org. The basic symbols of BPMN are easy to understand, and they work naturally with our definition of business process.
Summarize the characteristics of a strong password.
Does not contain any words in any language, uses a mixture of upper and lower case letters, numbers, and special characters. Use long passwords with no words, 12 or more characters, and a mix of letters, numbers, and special characters.
Q9-6 Define enterprise social network (ESN) and describe the primary goal of an ESN.
Enterprise Social Network - a software platform that uses social media to facilitate cooperative work of people within an organization. The primary goal of ESN is to improve communication, collaboration, knowledge sharing, problem solving, and decision making.
Define identification and authentication.
Every information system today should require users to sign on with a username and password. The username identifies the user (the process of identification), and the password authenticates that user (the process of authentication). Identification: The process whereby an information system identifies a user by requiring the user to sign on with a username and password. Authentication: The process whereby an information system verifies (validates) a user.
Explain the symbols in Figures 12-7 and 12-8 and describe the relationship between these two diagrams.
Figure 12-7 shows existing order processes and 12-8 shows check customer credit process. Figure 12-7 shows more processes and goes back and forth between swim-lanes. Figure 12-8 shows a more straightforward process and shows the check customer credit process.
The ______ revenue model offers users a basic service for free, and then charges a premium for upgrades or advanced features.
Freemium
Explain why concerns about mobile devices limiting ad revenue are overreactions.
From PCs to mobile devices, particularly small screen smartphones, there is much less ad space available. On the surface, this means a reduction in ad revenue. However, growth in the number of mobile devices far exceeds PC growth. So, even though the revenue per device may be lower for mobile devices than PCs, the sheer number of mobile devices in use may swamp the difference in revenue. Furthermore, mobile users click ads more often and hence generate more revenue. Because ads take up so much more space on mobile devices than they do on PC 's, many of the mobile clicks could've been accidental. Conversion rate measures the frequency that someone who clicks on an ad makes a purchase, "likes" a site, or takes some other action desired by the advertiser.
A ______ shows the tasks, dates, and dependencies for the tasks of a project.
Gantt chart
Summarize possible management challenges when controlling employees in 2029. Describe the text suggested response.
How do you manage this team? (They have their own devices and their own SM accounts) If "management" means to plan, organize, and control, how can you accomplish any of these functions in this emergent network of employees? If you and your organization follow the lead of tech-savvy companies such as Intel, you'll know you cannot close the door on your employees SM lives, nor will you want to. Instead, you'll harness the power of social behavior of your employees and partners to advance your strategy.
Summarize safeguards that pertain to nonemployee personnel.
Human Safeguards for Nonemployee Personnel: Business requirements may necessitate opening information systems to nonemployee personnel— temporary personnel, vendors, partner personnel (employees of business partners), and the public. Companies should require vendors and partners to perform appropriate screening and security training. The contract also should mention specific security responsibilities that are particular to the work to be performed. Companies should provide accounts and passwords with the least privilege and remove those accounts as soon as possible. -In general, the best safeguard from threats from public users is to harden the Web site or other facility against attacks as much as possible. Hardening a site means to take extraordinary measures to reduce a system's vulnerability. Hardened sites use special versions of the operating system, and they lock down or eliminate operating system features and functions that are not required by the application. Hardening is actually a technical safeguard, but it is the most important safeguard against public users. Human Safeguards for Employees: 1. TRUST BUT VERIFY: If motivated and trained about security, employees can make the security task much easier. The most important security safeguard for employees is to be less trusting of others using the system. 2. POSITION DEFINITIONS: Effective human safeguards also include definitions of job tasks and responsibilities. In general, job descriptions should provide a separation of duties and authorities. 3. HIRING AND SCREENING: Security considerations should be part of the hiring process. 4. DISSEMINATION AND ENFORCEMENT: Employees need to be educated about the security policies, procedures, and responsibilities they will have. 5. TERMINATION: Companies also must establish security policies and procedures for the termination of employees.
Describe security monitoring techniques.
Important monitoring functions are activity log analyses, security testing, and in estimating and learning from security incidents
Summarize the difficulties of development estimation and describe 3 ways of addressing it.
It is exceedingly difficult to determine the duration and labor requirements for many development tasks. Software is pure thought-stuff. Ways to address it: 1. Avoid scheduling problems altogether and never develop systems and software in-house. 2. Admit the impossibility of scheduling a date for the completion of the entire system and take the best result they can get 3. Attempt to schedule the development project in spite of all the difficulties.
Define influencer and describe how you could use social media to increase the number and strength of your social relationships.
Influencer - An individual in a social network whose opinion can force a change in others' behavior and beliefs Such communication is unreliable and brief: you are more likely to say something to your friends if the experience was particularly good or bad; but, even then, you were likely only to say something to those friends whom you encounter while the experience is still recent. And once you have said something, that's it; your words don't live on for days or weeks. Ex: Wedding photographer using SM to promote her business by asking a recent client (user 1) to "like" her Facebook page and the wedding photos posted there. She also tags people in her client's pictures on Facebook. She might even ask the client to tweet about her experience. All of the people in their client's social network (users 4-6) sees the likes, tags, and tweets. If user 6 likes the pictures, they might be seen by users 10-12. It's possible that one of those users is looking for a wedding photographer. Using SM, the photographer has thus grown her social media network to reach potential clients who she wouldn't have otherwise had access to. She also used SM to grow the number of relationships she has with clients. Depending on the number of, strength, and value of those relationships, her social capital within those networks could substantially increase. To the photographer, the number of friends the client has in her social network is important, but equally important is the strength of the relationships. Will the clients friends like the photographers page and photos? Will they retweet the client success story? If none of the clients friends like the photographers page and photos, the strength of the relationships is weak. If all of the clients friends like the photographers page and photos, the strength of the relationship in the clients social network is strong.
Explain 4 ways that social capital adds value.
Information -Relationships in social networks can provide information about opportunities, alternatives, problems, and other actors important to business professionals Influence -Relationships provide an opportunity to influence decision makers at your employer or in other organizations who are critical to your success Social Credentials -Being linked to a network of highly regarded contacts is a form of social credential Personal Reinforcement -Being linked into social networks reinforces a professional's identity, image, and position in an organization or industry •Value of social capital: value determined by the number of relationships in a social network, by the strength of those relationships, and by the resources controlled by those related.
Explain why the term maintenance is a misnomer when applied to information systems; state tasks performed during systems maintenance.
It is a misnomer because the work done during this phase is either to fix the system so that it works correctly or to adapt it to changes in requirements. Record requests for change: - Failures - Enhancements Prioritize requests Fix failures: - Patches - Service packs - New releases
Q10-2 Explain why it is difficult to know the true size of the computer security problem in general and of computer crime in particular. List the takeaways in this question and explain the meaning of each.
It's difficult to know the true size of the computer security problem because potential threats are hard to measure and not all faults are reported /published. In terms of computer crime, there are a lot of occurrences that aren't even reported or solved. These ongoing issues just keep spiking the cost.
The final phase of the systems development life cycle (SDLC) is ______.
Maintaining the System
Explain how your identity and password do more than just open doors on your computer.
Make sure you use very strong passwords for important sites (like your bank's site), and do not reuse those passwords on less important sites (like your social networking sites).
Summarize why malware is a serious problem.
Malware can be hugely damaging to businesses as well as individuals. Hackers often use malware to try and gain entry into an organization's systems or networks, from where they can access valuable data to steal and sell on.
Define metrics, success metrics, and vanity metrics and give examples of metrics that could be measured for the four goals mentioned previously.
Metrics - measurements used to track performance Success Metrics - measurements that indicate when you've achieved you goals Vanity Metrics - metrics that don't improve your decision making Examples of Metrics - Figures 8-11
Geofencing
Mobility as a different dimension in the ability to target customers with ads. Companies can use Geofencing to target customers with ads when they are physically on the company premises. Geofencing is a location service that allows applications to know when the user has crossed a virtual fence (specific location) and then triggers an automated action. Geofencing has the potential to make a tremendous impact on a massive number of people because Geo fencing is technically supported by more than 90% of smart phones in the United States.
Explain how SSL/TLS works.
Most secure communication over the Internet uses a protocol called https. With https, data are encrypted using a protocol called the Secure Socket Layer (SSL), which is also known as Transport Layer Security (TLS). SSL/TLS uses a combination of public key/private key and symmetric encryption. The basic idea is this: Symmetric encryption is fast and is preferred. But the two parties (say, you and a Web site) don't share a symmetric key. So, the two of you use asymmetric encryption to share the same symmetric key. Once you both have that key, you use symmetric encryption. 1. Your computer obtains the public key of the Web site to which it will connect 2. Your computer generates a key for symmetric encryption 3. Your computer encodes that key using the Web site's public key. It send the encrypted symmetric key to the Web site 4. The Web site then decodes the symmetric key using its private key 5. From that point forward, you computer and the Website communicate using symmetric encryption
______ present(s) the largest risk for an organization's infrastructure loss.
Natural disasters
Explain why systems will be more easily adapted.
New systems will come online fast, and the limiting factor will be human's ability to cope. Business professionals have a key role in solving those coping problems. In the end, user involvement will be the key to the success of systems development. Systems will depend on users to train them. Users will know how to create successful user interfaces. And users will be the ones to solve previously unknown problems. You as a business user will be the one to make a difference.
Explain why it is difficult to know the true cost of computer crime.
No one knows the cost of computer crime. For one, there are no standards for tallying crime cost. Does the cost of a denial-of-service attack include lost employee time, lost revenue or long-term revenue losses due to lost customers? Second, all the studies on the cost of computer crime are based on surveys. Different respondents interpret terms differently, some organizations don't report all of their losses, and some won't report computer crime losses at all. Absent standard definitions and a more accurate way of gathering crime data, we cannot rely on the accuracy of any particular estimate. The most we can do is looks for trends by comparing year-to-year data, assuming the same methodology is used by the various types of survey respondents.
Using the terminology from Chapter 5, describe the relationship of business processes and IS.
Not all business processes contain information systems. It is possible for none of the activities to use an IS. IS supports many business processes. Every IS supports at least one business process. We can use the terminology of Chapter 5 to summarize these statements and state that the relationship of business processes and information systems is many-to-many. One business process can potentially use many IS, and a single IS can support potentially many business processes. Furthermore, a business process is not required to use an IS, but every IS supports at least one business process. So to summarize: 1. Business processes, information systems, and applications have different characteristics and components. 2. The relationship of business processes to information systems is many-to-many, or N:M. A business process need not relate to any information system, but an information system relates to at least one business process. 3. Every IS has at least one application because every IS has a software component.
Describe the problems in the process in Figure 12-7 and suggest one solution.
Once the as-is model has been documented, that model can then be analyzed for problems or for improvement opportunities. For example, the process in Figure 12-7 has a serious problem. The problem involves allocations. The Operations Manager role allocates inventory to the orders as they are processed, and the Credit Manager role allocates credit to the customer of orders in process. These allocations are correct as long as the order is accepted. However, if the order is rejected, these allocations are not freed. Thus, inventory is allocated that will not be ordered, and credit is extended for orders that will not be processed. One fix (many are possible) is to define an independent process for Reject Order (in Figure 12-7 that would mean placing a box with a + in the Reject Order activity) and then designing the Reject Order sub process to free allocations.
Summarize the steps that organizations should take when balancing risk and cost.
Organizations need to create an inventory of the data they store and possible threats to that data. Then determine how much trade-off is necessary between risks and cost. To make trade-off decisions, organizations need to create an inventory of the data and hardware they want to protect and then evaluate safeguards relative to the probability of each potential threat. Given the set of inventory and threats, the organization needs to decide how much risk it wishes to take or, which security safeguards it wishes to implement. An easy way to remember information system safeguards is to arrange them according to the five components of an information system (Hardware, Software, Data, Procedures, and People). Some of the safeguards involve computer hardware and software. Some involve data; others involve procedures and people.
Summarize how growth in mobile devices affects revenue streams.
Other ways of generating revenue on social media sites includes the sale of apps and virtual goods, affiliate commissions, and donations. Social media is the ultimate expression of it use increasing value. The more communities of a practice there are the more people, and the more incentive people will have to come back again and again. So, social media would seem to be the next great revenue generator, except, possibly, for the movement from PCs to mobile devices.
Q9-5 Discuss why aligning the development of SMIS with the organizational strategy is important.
SMIS should be used in facilitation of a companies goals and objective.
Define PRISM, privacy and security.
PRISM: Is a code name for a secret global surveillance program by which the National Security Agency (NSA) requested and received data about Internet activities from major Internet providers. Privacy: The freedom from being observed by other people. Security: The state of being free from danger.
Q10-3 Explain each of the elements in Figure 10-6.
Personal Security Safeguards: -Take security seriously .-Create strong passwords. -Use multiple passwords .-Send no valuable data via email or IM. -Use https at trusted, reputable vendors. -Remove high-value assets from computers. -Clear browsing history, temporary files, and cookies .-Demonstrate security concern to your fellow workers .-Follow organizational security -Consider security for all business initiatives. -Use caution when using public machines.
Give an example of how an ESN could benefit an organization.
Red Robin's CFO offered a $1,000 employee bonus for the best cost-saving idea. The winning idea was reusable kids cups that saved hundreds of thousands of dollars. Lapping attributes the cost savings to the ESN, stating, "I'm convinced that the idea would've never have surfaced if we didn't have a social network." Cost savings, improve and better communication
Explain what it means to manage risk.
Risk cannot be eliminated, so manage risks means to proactively balance the trade-off between risk and cost. Risk varies between industries and organizations. For example a bank will have to endure more risk than a bowling alley, thus implementing more safeguards. How is risk managed? -Risk is the likelihood of an adverse occurrence. -Management cannot manage threats directly, but can limit security consequences by creating a backup processing facility at a remote location. -Companies can reduce risks, but always at a cost. Uncertainty refers to the lack of knowledge especially about the change of occurrence or risk of an outcome or event.
Explain each element in the SLATES model.
SLATES is an acronym developed by Andrew McAfee that summarizes key characteristics of Enterprise 2.0: search, links, author, tagged, extensions, signaled. 1. Search - people have more success searching than they do in finding from structured content First, workers want to be able to search for content inside the organization just like they do on the web. Most workers find that searching is more effective than navigating content structures such as lists and tables of content. 2. Links - Links to enterprise resources Second, workers want to access original content via links, just as they do on the web. 3. Authoring - Create enterprise content via blogs, wikis, discussion groups, presentation, etc 4. Tags - Flexible tagging results in folksonomies of enterprise content A fourth characteristic of ES ends is that their content is tagged, just like content on the web, and these tags are organized into structures, as is done on the web at sites like Delicious (www.delicious.com). These structures organize tags as a taxonomy does, but, unlike taxonomies, they are not preplanned; they emerge organically. In other words, ESNs employ a folksonomy, or a content structure that emerges from the processing of many user tags. 5. Extensions - Using usage patterns to offer enterprise content via tags processing Workers want applications that enable them to rate tagged content and to use the tags to predict content that will be of interest to them, a process McAfee refers to as extensions. 6. Signals - Pushing enterprise content to users based on subscriptions and alerts. Workers want relevant content pushed to them; or, in McAfee's terminology, they want to be signaled when something of interest to them happens in organizational content.
Design for Secure Applications
SQL injection attack: The situation that occurs when a user obtains unauthorized access to data by entering a SQL statement into a form in which one is supposed to enter a name or other data. If the program is improperly designed, it will accept this statement and make it part of the SQL command that it issues to the DBMS. The final technical safeguard concerns the design of applications.
Explain how each of the scrum essential items in Figure 12-23 is implemented in the scrum process shown in Figure 12-24.
Scrum—> huddle Figure 12-23 Scrum Essentials is attached 1. First, the process is driven by a prioritized list of requirements that is created by the users and business sponsors for the new system. (Requirements list drives process) 2. Scrum work periods can be as short as one week, but, as with all agile processes, never longer than 8. 2 to 4 weeks is recommended. (Each work period (1 to 4-8 weeks) Each work period, the team selects the top priority items that it will commit to delivering that period. -Select requirements to consider -Determine tasks to perform—select requirements to deliver -Determine tasks to perform-select requirements to deliver -Team meets daily for 15 minutes (Stand-up): a 15 minute meeting in which each team member states: *what he or she has done in the past day *what he or she will do in the coming day *any factors that are blocking his or her progress The purpose of standup is to achieve accountability for team members' progress and to give a public forum for blocking factors. Oftentimes one team member will have the expertise to help a blocked team member resolve the blocking issue. -Testing frequently. Possibly many times per day. Sometimes the business owner of the project is involved in daily testing as well. -Paired work possible In some cases, team members work in pairs; in paired programming, for example, two team members share the same computer and write a computer program together. Sometimes, one programmer will provide a test, and the other will either demonstrate that the code passes the test or alter the code so it will. Then the two team members switch roles. Other types of paired work are possible as well. -Minimal documentation. *Minimal documentation is prepared. The result of the team's work is not design or other documents but, rather, a working version of the requirements that were selected at the start of the scrum period. -Deliver (something) that works *At the end of the scrum period, the working version of the product is delivered to the customer, who can, if desired, put it to use at that time, if its not-fully-finished state. -Evaluate team's work process at end of period (and say thanks) *After the product is delivered, the team meets to evaluate its own processes and to make changes as needed. Team members are given an opportunity to express thanks and receive recognition for superior work at these meetings. 3. Rinse and repeat until -Customer says we're done -Out of time -Out of money 4. Three principle roles -Product owner (business professional who represents customer) -Scrum master -Team members (7 +or- 2 people)
Q10-4 Name and describe two security functions that senior management should address.
Senior management needs to address two critical security functions: security policy and risk management. *Considering the first, senior management must establish company-wide security policies. Must establish company-wide policy that states the company's posture regarding data that it gathers on customers, suppliers, partners, and employees. Take, for example, a data security policy that states the organization's posture regarding data that it gathers about its customers, suppliers, partners, and employees. At a minimum, the policy should stipulate: -What sensitive data the organization will store -How it will process that data -Whether the data will be shared with other organizations -How employees and others can obtain copies of data stored about them -How employees and others can request changes to inaccurate data. The specifics of a policy depend on whether the organization is a governmental or nongovernmental, on whether it is publicly held or private, on the organization's industry, on the relationship of management to employees, and on other factors. As a new hire, seek out your employer's security policy if it is not discussed with you in new-employee training. *The second senior management security function is to manage risk. Risk cannot be eliminated, so manage risks means to proactively balance the trade-off between risk and cost. This trade-off varies from industry to industry and from organization to organization. To make trade-off decisions, organizations need to create an inventory of the data and hardware they want to protect and then evaluate safeguards relative to the probability of each potential threat. Given the set of inventory and threats, the organization needs to decide how much risk it wishes to take or, which security safeguards it wishes to implement.
Describe the purpose of an SM policy and summarize Intel's guiding principles.
Social Media Policy: A statement that outlines employees rights and responsibilities when generating social media content. Intel Corporation has pioneered open and employee-trusting SM policies, policies that continue to evolve as the company gains more experience with employee-written social media. 3 key pillars of Intel's policy in 2018 are: 1. Disclose 2. Protect 3. Use Common Sense
______ is the use of information technology to support the sharing of content among networks of users.
Social media
Explain why you will be involved in systems development projects during your professional career.
Software runs the world. Your current employer depends on software to keep making money. Your future employer will become even more dependent on these types of applications.
Explain how system procedures can serve as human safeguards.
System Users - Normal Operation: Use the system to perform job tasks, with security appropriate to sensitivity - Backup: Prepare for loss of system functionality- Recovery: Accomplish job tasks during failure. Know tasks to do during system recovery Operations Personnel - Normal Operation: Operate data center equipment, manage networks, run Web servers, and do related operation tasks - Backup: Back up Web site resources, databases, administrative data, account and password data, and other data - Recovery: Recover system from backed up data. Perform role of help desk during recovery
Q10-5 List 5 technical safeguards.
Technical safeguards are procedures designed to protect the hardware and software components of an information system. Examples include identification and authorization, encryption, firewalls, malware protection, and application design.
Describe how a social media company might be able to benefit from an IOT device.
The explosive growth of IoT devices has opened up entirely new markets for social media. For example, a network enable to fitness tracker can now send workout data to the cloud where it can be used as a part of a friendly competition with friends. Fitness trackers can now be part of a larger social interaction. Imagine the new types of social interactions that will come when mixed reality devices become popular.
SDLC System Maintenance Phase
The fifth and final phase in the SDLC, in which developers record requests for change (failures and enhancements), prioritize requests, fix failures (patches, service packs, new releases)
System Definition Phase
The first phase in the SDLC, in which developers, with the help of eventual users, define the new system's goals and scope, assess its feasibility, form a project team, and plan the project.
SDLC Implementation Phase
The fourth phase in the SDLC, in which developers build system components, conduct unit test, integrate components, conduct integrated tests and convert to a new system
Explain the goal of IS security.
The goal of Information Security is to find an appropriate trade-off between the risk of loss and the cost of implementing safeguards.
Describe the swim-lane layout.
The process in this Figure 12-7 is a model, an abstraction that shows the essential elements of the process but omits many details. If it were not an abstraction, the model would be as large as the business itself. This diagram is shown in swim-lane layout. In this format, each role in the business process is given its own swim lane. In this figure, there are 5 roles, hence five swim lanes. All activities for a given role are shown in that role's swim lane. Swim-lane layout simplifies the process diagram and draws attention to interactions among components of the diagram. Two kinds of arrows are shown. Dotted arrows depict the flow of messages and data flows. Solid arrows depict the flow or sequence of the activities in the process. Some sequence flows have data associated with them as well. Diamonds represent decisions and usually contain a question that can be answered with yes or no. Process arrows labeled Yes and No exit two of the points of the diamond. Three of the activities in the as-is diagram contain a square with a plus (+) sign. This notation means that the activity is considered to be a sub process of this process and that it is defined in greater detail in another diagram.
Requirements Analysis Phase
The second phase in the SDLC, in which developers conduct user interviews; evaluate existing systems; determine new forms/reports/queries; identify new features and functions, including security; and create the data model.
Q12-4 Describe the origins of the SDLC and how it came to prominence.
The systems development life cycle (SDLC) is the traditional process used to develop information systems and applications. The IT industry developed that SDLC in the "school of hard knocks." Many early projects met with disaster, and companies and systems developers sifted through the ashes of those disasters to determine what went wrong. By the 1970s, most seasoned project managers agreed on the basic tasks that need to be performed to successfully build and maintain information systems. These basic tasks are combined into phases of systems development. As stated, SDLC rose to prominence when the U.S. Department of Defense required it on government contracts.
Explain the tasks required to implement a system and describe four types of system conversion.
The term implementation has two meanings for us. It could mean to implement the information systems components only, or it could mean to implement the information system and the business processes that use the system. Testing- Developers construct each of the components independently. They obtain, install, and test hardware. They license and install off-the-shelf programs; they write adaptations and custom programs as necessary. They construct a database and fill it with data. They document, review, and test procedures, and they create training programs. Finally, the organization hires and trains needed personnel. Once each component has been tested independently, the entire system is tested as an integrated whole. A test plan are groups of action and usage sequences for validating the capability of new software. System Conversion- System conversion is the process of converting business activity from the old system to the new. Once the system has passed testing, the organization installs the new system. The term system conversion is often used to this activity because it implies the process of converting business activity form the old system to the new. Again, conversion can be to the new system only, or it can be to the new system, including new business processes. 1. Pilot Installation - the organization implements the entire system/business processes on a limited portion of the business 2. Phased installation - the new system/business processes are installed in phases across the organizations 3. Parallel installation - the new system/business processes run parallel with the old one until the new system is tested and fully operational. 4. Plunge Installation - the organization shuts off the old system/business processes and starts the new one
Component Design Phase
The third phase in the SDLC, in which developers determine hardware and software specifications, design the database, design procedures, and create job descriptions for users and operations personnel
Describe the importance of making personal connections with users.
The true value of social media can be achieved only when organizations use social media to interact with customers, employees, and partners in a more personal, humane, relationship oriented way. Skepticism of organizational messages gives a competitive advantage to organizations that can make personal connections with users via social media. Today, people want informed, useful interactions that help them solve particular problems and satisfy unique needs. The increasingly ignore prepackaged organizational messages that tout product benefits. This requires you to engage audience members, ask him questions, and respond to their posts. It also means you must avoid hard selling products, overwhelming audience members with content, and contacting them too often.
Q9-8 Describe ways in which the use of social media is changing today.
There are still tremendous opportunities for growth in the social media space. Enterprises are starting to use it (SM) internally (Enterprise 2.0). Is there an Enterprise 3.0 around the corner? New mobile devices with innovative mobile-device UX, coupled with dynamic and agile information systems based on cloud computing and dynamic virtualization, guarantee that monumental changes will continue to occur between now and 2029.
Explain the elements of Figure of 9-3.
This figure shows that, from the point of you of the social media site, Community A is a first-tier community. It consists of users you have a direct relationship to that site. User 1, in turn, belongs to three communities: A, B, and C (these could be classmates, professional contacts, and friends). Communities B-E are second-tier communities because the relationships in those communities are intermediated by first-tier users. The number of second-and third-tier community members grows exponentially. If each community had, for example, 100 members, then the social media site would have 100 x 100, or 10,000, second-tier members and 100 x 100 x 100, or 1 million, third-tier members. However, the statement is not quite true because communities overlap; in Figure 9-3, for example, User 7 belongs to Communities C and E. Thus, these calculations reveal the maximum number of users, as opposed to the actual number.
Chapter 10 10-1 Define threat, vulnerability, safeguard, and target. Give an example of each.
Threat: A person or organization that seeks to obtain or alter data or other IS assets illegally, without the owner's permission and often without the owner's knowledge Example: Hacker wants to steal your bank login credentials. Or an employee posts sensitive data to public Google+ group. Vulnerability: An opportunity for threats to gain access to individual or organizational assets. Some vulnerabilities exist because there are no safeguards or because the existing safeguards are ineffective. Example: Hacker creates a phishing site nearly identical to your online banking site. Or there is public access to a not-secure group. Safeguard: Any action, device, procedure, technique, or other measure that reduces a system's vulnerability to a threat. Example: Only access sites using https, no safeguard or passwords, procedures and employee training. Target: The asset that is desired by a security threat. Example: Hacker wants to steal your bank login credentials or an employee posts sensitive data to a public Google+ group.
Define velocity and explain how it is used in scheduling.
Velocity - the total number of points of work they can accomplish each scrum period The team uses its velocity to determine how many requirement sit can commit to accomplishing in the next scrum period.
Q10-6 Define data administration and database administration, and explain the difference.
Two organizational units that are responsible for data safeguards are data administration and database administration. -Data administration: An organization-wide function that develops and enforces data policies and standards. -Database administration: A person or department that develops procedures and practices to ensure efficient and orderly multiuser processing of the database, to control changes to database structure, and to protect the database. -Key Escrow: A control procedure whereby a trusted party is given a copy of a key used to encrypt database data. Data administration refers to a function that applies to an entire organization; it is a management-oriented function that concerns corporate data privacy and security issues. Database administration refers to a more technical function that is specific to a particular database including the applications that process that database.
Q10-9 What, in the opinion of the authors, is likely going to happen regarding cyberwarfare in the next 10 years?
Unfortunately, it is likely that sometime in the next 10 years some new, major incidents of cyberwarfare will have occurred. APTs (Advanced Persistent Threat: A sophisticated, possible long-running, computer hack that is perpetrated by large, well-funded organizations like governments. APTs are a means to engage in cyberwarfare) will become more common, if indeed, they are not already common but we don't know it. Will some new nation or group enter the cyberwar picture? That also seems likely. Unless you're in the security and intelligence business, there isn't much you can do about it. But don't be surprised if some serious damage is inflicted somewhere in the world due to ATPs. Example: PRISM
Describe what is unique about the way that scrum determines the time required to accomplish a task.
Unlike the SDLC, if a scrum project terminates because of time or budget limitations, the customer will have some useful result for the time and money expended.
Name 4 sources of problems of UGC; name three possible responses and give the advantages and disadvantage is of each.
User-generated content (UGC), which simply means content on your SM site that is contributed by users, in the essence of SM relationships. 1. Junk and crackpot 2. Inappropriate Content 3. Unfavorable Reviews 4. Mutinous Movements 1. Leave it If the problematic content represents reasonable criticism of the organizations products or services, the best response may be to leave it where it is. Such criticism indicates that the site is not just a shell for the organization but contains a legitimate user content. Such criticism also serves as a free source of product reviews, which can be useful for product development. For the criticism to be useful, the development team needs to know about it, so, as stated, processes to ensure the criticism is found and communicated to the team or necessary. 2. Respond to it The second alternative is to respond to the problematic content. However, this alternative is dangerous. If the response can be construed in any way as patronizing or insulting to the content contributor, it can reach the community and generate a strong backlash. Also, if the response appears defensive, it can become a public relations negative. In most cases, responses are best reserve for when the problematic content has caused the organization to do something positive as a result. If a reason, non-defensive response generates continued and unreasonable you GC from that same source, it is best for the organization to do nothing. 3. Delete it deleting content should be reserved for contributions that are inappropriate because they are contributed by crockpots, have nothing to do with the site, or contain obscene or otherwise inappropriate content. Deleting legitimate negative comments can result in a strong user backlash. *Never set up a site that will generate content for which you have no effective response.
Define Web 2.0 and Enterprise 2.0.
Web 2.0: A dynamic system that uses user generated content. Enterprise 2.0: The use of emergent social software platforms within companies or between companies and their partners or customers. In other words, the term Enterprise 2.0 refers to the use of enterprise social networks.
A ______ is a person or an organization that seeks to obtain or alter data or other IS assets illegally, without the owner's permission and often without the owner's knowledge.
threat
The term ______ means the more people use a site, the more value it has, and the more people will visit.
use increases value
According to Henk Flep, the ______ is determined by the number of relationships in a social network, by the strength of those relationships, and by the resources controlled by those related.
value of social capital
A(n) ______ is an inducement to social media users for passing communications along through different tiers of communities of social media.
viral hook