Exam 1
Basic IT components
1) Hardware- consists of devices such as the processor, monitor, keyboard, and printer. Together, these devices accept, process, and display data and information. Software- is a program or collection of programs that enable the hardware to process data. Database- is a collection of related files or tables containing data. Network- is a connecting system (wireline or wireless) that permits different computers to share resources. 2) IT people 3) IT procedures- are the instructions for combining the preceding components to process information and generate the desired output.
Five key factors are contributing to the increasing vulnerability of organizational information resources
1. Today's interconnected, interdependent, wirelessly networked business environment 2. Smaller, faster, cheaper computers and storage devices 3. Decreasing skills necessary to be a computer hacker 4. International organized crime taking over cyber crime 5. Lack of management support
Competitive strategy
A statement that identifies a business's approach to compete, its goals, and the plans and policies that will be required to carry out those goals
Supervisory Control and Data Acquisition Attacks
A large-scale distributed measurement and control system. SCADA systems are used to monitor or to control chemical, physical, and transport processes such as those used in oil refineries, water and sewage treatment plants, electrical generators, and nuclear power plants.
Business Process Management (BPM)
A management system used to support continuous BPI initiatives for core business processes over time Important components of BPM: Process modeling Business Activity Monitoring (BAM)
Platform for Privacy Preferences (P3P)
A protocol that communicates privacy policies between a web site and its visitors
Digital dossier
All the tracks of information you leave behind on your internet life. An electronic profile of you and your habits.
Business process Improvement
An incremental approach to move an organization toward business process centered operations Focuses on reducing variation in process outputs by identifying the underlying cause of the variation Six Sigma is a popular methodology for BPI
Privacy Codes & Policies
An organization's guidelines for protecting the privacy of its customers, clients, and employees. Opt-out Model- of informed consent permits the company to collect personal information until the customer specifically requests that the data not be collected. Opt-in Model-of informed consent, which prohibits an organization from collecting any personal information unless the customer specifically authorizes it.
Strategic information systems (sis)
Any information system that helps an organization achieve a competitive advantage or reduce a competitive disadvantage
BPR vs. BPI
BPR- High risk / high cost Radical redesign Top-down approach Time consuming Impacts can be overwhelming High failure rate BPI- Low risk / low cost Incremental change Bottom-up approach Takes less time Quantifiable results All employees trained in BPI
Other types of Organizational Information Systems
Business intelligence (BI) systems- also known as business analytics systems) provide computer-based support for complex, nonroutine decisions, primarily for middle managers and knowledge workers. Expert systems- attempt to duplicate the work of human experts by applying reasoning capabilities, knowledge, and expertise within a specific domain. Dashboards- are a special form of IS that support all managers of the organization. They provide rapid access to timely information and direct access to structured information in the form of reports.
Security
Can be defined as the degree of protection against criminal activity, danger, damage, or loss.
Information system
Collects, processes, stores, analyzes, and disseminates information for a specific purpose. The purpose of information systems has been defined as getting the right information to the right people at the right time in the right amount and in the right format. people, processes, machines
Strategies for competitive advantage
Cost Leadership- Produce products and services at the lowest cost in the industry. Differentiation- Offer different products, services, or product features than your competitors. Innovation Operational Effectiveness- Improve the manner in which a firm executes its internal business processes so that it performs these activities more effectively than its rivals. Customer-Orientation- Concentrate on making customers happy.
Competitive performance measures
Customer satisfaction: The result of optimizing and aligning business processes to fulfill customers' needs, wants, and desires. Cost reduction: The result of optimizing operations and supplier processes. Cycle and fulfillment time reduction: The result of optimizing the manufacturing and logistics processes. Quality: The result of optimizing the design, development, and production processes. Differentiation: The result of optimizing the marketing and innovation processes. Productivity: The result of optimizing each individual's work processes.
Knowledge
Data and/or information organized and processed to convey understanding, experience, accumulated learning, and expertise as they apply to a current business problem Job prospects
Flow of data
Data, information, knowledge, computer based information system
5 Basic Phases of BPI
Define- documents the existing "as is" process activities, process resources, and process inputs and outputs, usually as a graphical process map or diagram. Measure- the BPI team identifies relevant process metrics, such as time and cost to generate one output (product or service), and collects data to understand how the metrics evolve over time. Analyze- the BPI team examines the "as is" process map and the collected data to identify problems with the process (e.g., decreasing efficiency or effectiveness) and their root causes. Improve-the BPI team identifies possible solutions for addressing the root causes, maps the resulting "to be" process alternatives, and selects and implements the most appropriate solution. Control- the BPI team identifies possible solutions for addressing the root causes, maps the resulting "to be" process alternatives, and selects and implements the most appropriate solution.
Remote software attacks that do not need user action
Denial-of-service attack- An attacker sends so many information requests to a target computer system that the target cannot handle them successfully and typically crashes (ceases to function). Distributed denial-of-service attack- An attacker first takes over many computers, typically by using malicious software. These computers are called zombies or bots. The attacker uses these bots—which form a botnet—to deliver a coordinated stream of information requests to a target computer, causing it to crash.
Deliberate Threats to Information Systems
Espionage or trespass- when an unauthorized individual attempts to gain illegal access to organizational information Information extortion- when an attacker either threatens to steal, or actually steals, information from a company. Sabotage or vandalism- acts that involve defacing an organization's website, potentially damaging the organization's image and causing its customers to lose faith. Theft of equipment or information- Identity theft- the deliberate assumption of another person's identity, usually to gain access to his or her financial information or to frame him or her for a crime Compromises to intellectual property Software attacks Alien software Supervisory control and data acquisition (SCADA) attacks Cyberterrorism and cyberwarfare
Information systems play a role in these 3 areas of the business process
Executing the process- Informing employees when it is time to complete a task Providing required data Providing a means to complete the task Capturing and storing process data- Processes generate data Dates, times, product numbers, quantities, prices, addresses, names, employee actions Monitoring process performance- IS evaluates information to determine how well a process is being executed Evaluations occur at two levels Process level Instance level Monitoring identifies problems for process improvement
Common good approach
Highlights the interlocking relationships that underlie all societies. This approach argues that respect and compassion for all others is the basis for ethical actions. It emphasizes the common conditions that are important to the welfare of everyone.
Interorganizational Information Systems (IOS)
IS that connect 2 or more organizations Supply chain Electronic commerce (E-commerce) systems
Code of ethics
Is a collection of principles intended to guide decision making by members of the organization
Business Process Reengineering (BPR)
Is a strategy for making an organization's business processes more productive and profitable. Michael Hammer & James Champy, 1993, Reengineering the Corporation Examines business processes with a "clean slate" approach
Social engineering
Is an attack in which the perpetrator uses social skills to trick or manipulate legitimate employees into providing confidential company information such as passwords. The most common example of social engineering occurs when the attacker impersonates someone else on the telephone, such as a company manager or an information systems employee. Tailgating or shoulder surfing
Computer based information system
Is an information system that uses computer technology to perform some or all of its intended tasks.
Business process
Is an ongoing collection of related activities that create a product or a service of value to the organization, its business partners, and its customers. The process involves three fundamental elements: Inputs: Materials, services, and information that flow through and are transformed as a result of process activities Resources: People and equipment that perform process activities Outputs: The product or a service created by the process
Alien software
Is clandestine software that is installed on your computer through duplicitous methods. It typically is not as malicious as viruses, worms, or Trojan horses, but it does use up valuable system resources. It can also enable other parties to track your web surfing habits and other personal behaviors.
Vulnerability
Is the possibility that the system will be harmed by a threat.
Privacy
Is the right to be left alone and to be free of unreasonable personal intrusions.
Business-information technology alignment
Is the tight integration of the IT function with the organization's strategy, mission, and goals.
Support for organizational workers
Knowledge workers- are professional employees such as financial and marketing analysts, engineers, lawyers, and accountants. All knowledge workers are experts in a particular subject area. They create information and knowledge, which they integrate into the business. Lower and middle level managers Executives Clerical workers
Rights approach
Maintains that an ethical action is the one that best protects and respects the moral rights of the affected parties. Moral rights can include the rights to make one's own choices about what kind of life to lead, to be told the truth, not to be injured, and to enjoy a degree of privacy
Business pressures
Market Pressures- generated by the global economy, intense competition, the changing nature of the workforce, and powerful customers. Technology Pressures- technological innovation and information overload. Societal/Political/Legal Pressures- social responsibility, government regulation/deregulation, spending for social programs, spending to protect against terrorism, and ethics
Cross functional processes
No single functional area is responsible steps executed in a coordinated, collaborative way Procurement & Fulfillment Cross-functional processes
Human error
Performed without malicious intent that nevertheless represent a serious threat Are typically the result of laziness, carelessness, or a lack of awareness concerning information security. Carelessness with laptops Careless Internet surfing Poor password selection and use Carelessness with one's office
Exposure
Of an information resource is the harm, loss, or damage that can result if a threat compromises that resource
Information
Organized data so they have meaning and value to the recipient GPA Money Language
Fairness approach
Posits that ethical actions treat all human beings equally, or, if unequally, then fairly, based on some defensible standard.
Four General Categories of Ethical Issues Related to IT:
Privacy Issues Accuracy Issues Property Issues Accessibility Issues
Five Steps in Ethical Decision Making Framework
Recognize an ethical issue Get the facts Evaluate alternative actions Make a Decisions and Test It Act and Reflect on the Outcome of Decisions
Ethics
Refers to the principles of right and wrong that individuals use to make choices that guide their behavior.
Information technology
Relates to any computer-based tool that people use to work with information and to support the information and information-processing needs of an organization. hardware, software, database, network
Fundamental tenets of ethics include:
Responsibility- means that you accept the consequences of your decisions and actions . Accountability- refers to determining who is responsible for actions that were taken. Liability- is a legal concept that gives individuals the right to recover the damages done to them by other individuals, organizations, or systems.
Risk mitigation
Risk acceptance: Accept the potential risk, continue operating with no controls, and absorb any damages that occur. Risk limitation: Limit the risk by implementing controls that minimize the impact of the threat. Risk transference: Transfer the risk by using other means to compensate for the loss, such as by purchasing insurance.
BPR, BPI, and BPM at Chevron
Started with BPR This complex BPR effort was initially followed by several smaller, employee-driven BPI initiatives. To coordinate these various BPI efforts, Chevron has adopted a unified BPM approach that involves standardizing processes across the entire company and consolidating process information within a central repository.
Utilitarian approach
States that an ethical action is the one that provides the most good or does the least harm. The ethical corporate action would be the one that produces the greatest good and does the least harm for all affected parties
Deontology approach
States that the morality of an action is based on whether that action itself is right or wrong under a series of rules, rather than based on the consequences of that action. An example of deontology is the belief that killing someone is wrong, even if it was in self-defense.
Organizational responses
Strategic Systems- Strategic systems provide organizations with advantages that enable them to increase their market share and profits to better negotiate with suppliers and to prevent competitors from entering their markets. Customer Focus- reoganizational attempts to provide superb customer service can make the difference between attracting and retaining customers versus losing them to competitors. Make-to-Order and Mass Customization- Make-to-order is a strategy of producing customized (made to individual specifications) products and services. E-Business & E-Commerce- Electronic commerce (EC or e-commerce) describes the process of buying, selling, transferring, or exchanging products, services, or information through computer networks, including the Internet. E-business is a somewhat broader concept. In addition to the buying and selling of goods and services, e-business also refers to servicing customers, collaborating with business partners, and performing electronic transactions within an organization.
Transaction processing system
Supports the monitoring, collection, storage, and processing of data from the organization's basic business transactions, each of which generates data
Departmental information system
The collection of application programs in a single department Summarize data and prepare reports Accounting IS Finance IS Marketing IS Production/Operation Management (POM) IS Human Resources IS
Profiling
The process of forming a digital dossier
Information privacy
The right to determine when, and to what extent, information about you can be gathered and/or communicated to others.
Data aggregators
These companies collect public data such as real estate records and published telephone numbers, in addition to nonpublic information such as Social Security numbers; financial data; and police, criminal, and motor vehicle records. They then integrate these data to form digital dossiers on most adults in the United States.
Porter's competitive forces model
Threat of Entry of New Competitors Bargaining Power of Suppliers Bargaining Power of Customers/Buyers Threat of Substitute Products or Services Rivalry Among Existing Firms within the Industry
Electronic Surveillance
Tracking people's activities with the aid of IT. Conducted by employers, governments, and other institutions. At home At work
Attacks by a Programmer Developing a System
Trojan horse- Software programs that hide in other computer programs and reveal their designed behavior only when they are activated Back door- Typically a password, known only to the attacker, that allows him or her to access a computer system at will, without having to go through any security procedures (also called a trap door). Logic bomb- A segment of computer code that is embedded within an organization's existing computer programs and is designed to activate and perform a destructive action at a certain time or date
Two major types of threats
Unintentional (such as human error) and deliberate (from outside threats)
Data
Unorganized information Numbers Letters Figures Sounds Images
Porter's value chain model
Value Chain- A sequence of activities through which the organization's inputs are transformed into valuable outputs. Primary Activities- Relate to Production & Distribution of Products & Services Support Activities- Support Primary Activities Contributing to Competitive Advantage
Remote software attacks that user action
Virus- Segment of computer code that performs malicious actions by attaching to another computer program. Worm- Segment of computer code that performs malicious actions and will replicate, or spread, by itself (without requiring another computer program). Phishing- Phishing attacks use deception to acquire sensitive personal information by masquerading as official looking e-mails or instant messages. Spear phishing- Phishing attacks target large groups of people. In spear phishing attacks, the perpetrators find out as much information about an individual as possible to improve their chances that phishing techniques will obtain sensitive, personal information.
Software attacks
When attackers used malicious software (called malware) to infect as many computers worldwide as possible, to the profit driven, web-based attacks of today.
Threat
to an information resource is any danger to which a system may be exposed.