MIS QUIZ #3

Protocol

Reading: Glossary: A set of rules and procedures that govern transmission between the components in a network.

Website

Reading: Glossary: All of the World Wide Web pages maintained by an organization or an individual.

Domain Name

Reading: Because it would be incredibly difficult for Internet users to remember long strings of numbers, an IP address can be represented by a natural language convention called a domain name. Glossary: English-like name that corresponds to the unique 32-bit numeric Internet Protocol (IP) address for each computer connected to the Internet.

Telnet

Reading: Logging on to one computer system and doing work on another Glossary: Network tool that allows someone to log on to one computer system while doing work on another.

File Transfer Protocol (FTP)

Reading: Transferring files from computer to Computer Glossary: Tool for retrieving and transferring files from a remote computer.

Pull-Based Model

Reading: With new flows of information made possible by web-based tools, supply chain management more easily follows a pull-based model. In a pull-based model, also known as a demand-driven or build-to-order model, actual customer orders or purchases trigger events in the supply chain. Transactions to produce and deliver only what customers have ordered move up the supply chain from retailers to distributors to manufacturers and eventually to suppliers. Only products to fulfill these orders move back down the supply chain to the retailer. Manufacturers use only actual order demand information to drive their production schedules and the procurement of components or raw materials, as illustrated in Figure 9.4. Walmart's continuous replenishment system described in Chapter 3 is an example of the pull-based model. Glossary: Supply chain driven by actual customer orders or purchases so that members of the supply chain produce and deliver only what customers have ordered.

Controls

Reading: Glossary: All of the methods, policies, and procedures that ensure protection of the organization's assets, accuracy and reliability of its records, and operational adherence to management standards.

Identity Management

Reading: Glossary: Business processes and software tools for identifying the valid users of a system and controlling their access to system resources.

Demand Planning

Reading: Glossary: Determining how much product a business needs to make to satisfy all its customers' demands.

Malware

Reading: Glossary: Malicious software programs such as computer viruses, worms, and Trojan horses.

drive-by download

Reading: Glossary: Malware that comes with a downloaded file a user intentionally or unintentionally requests.

Security

Reading: Glossary: Policies, procedures, and technical measures used to prevent unauthorized access, alteration, theft, or physical damage to information systems.

supply chain planning systems

Reading: Glossary: Systems that enable a firm to generate demand forecasts for a product and to develop sourcing and manufacturing plans for that product.

Spyware

Reading: Glossary: Technology that aids in gathering information about a person or organization without their knowledge.

Supply Chain

Reading: Glossary: Network of organizations and business processes for procuring materials, transforming raw materials into intermediate and finished products, and distributing the finished products to customers.

Evil Twin

Reading: Glossary: Wireless networks that pretend to be legitimate to entice participants to log on and reveal passwords or credit card numbers.

Cable Internet Connections

Reading: . Cable Internet connections provided by cable television vendors use digital cable coaxial lines to deliver high-speed Internet access to homes and businesses. They can provide high-speed access to the Internet of up to 50 Mbps, although most providers offer service ranging from 3 Mbps to 20 Mbps. Where DSL and cable services are unavailable, it is possible to access the Internet via satellite, although some satellite Internet connections have slower upload speeds than other broadband services. Glossary: Internet connections that use digital cable lines to deliver high-speed Internet access to homes and businesses.

4G Networks

Reading: 4G networks have much higher speeds, up to 100 Mbps download and 50 Mbps upload, with more than enough capacity for watching high-definition video on your smartphone. Long Term Evolution (LTE) and mobile Worldwide Interoperability for Microwave Access (WiMax—see the following section) are the current 4G standards. Glossary: Recent wireless communication technology capable of providing between 1 Mbps and 1 Gbps speeds; up to 10 times faster than 3G networks.

Smart Card

Reading: A smart card is a device about the size of a credit card that contains a chip formatted with access permission and other data. (Smart cards are also used in electronic payment systems.) A reader device interprets the data on the smart card and allows or denies access. Glossary: A credit-card-size plastic card that stores digital information and that can be used for electronic payments in place of cash.

Blog

Reading: A blog, the popular term for a weblog, is a personal website that typically contains a series of chronological entries (newest to oldest) by its author and links to related web pages. The blog may include a blogroll (a collection of links to other blogs) and trackbacks (a list of entries in other blogs that refer to a post on the first blog). Most blogs allow readers to post comments on the blog entries as well. The act of creating a blog is often referred to as blogging. Blogs can be hosted by a third-party service such as Blogger.com or TypePad.com, and blogging features have been incorporated into social networks such as Facebook and collaboration platforms such as IBM Notes. WordPress is a leading open source blogging tool and content management system. Glossary: Popular term for "weblog," designating an informal yet structured website where individuals can publish stories, opinions, and links to other websites of interest.

Modem

Reading: A digital signal is a discrete, binary waveform rather than a continuous waveform. Digital signals communicate information as strings of two discrete states: 1 bits and 0 bits, which are represented as on-off electrical pulses. Computers use digital signals and require a modem to convert these digital signals into analog signals that can be sent over (or received from) telephone lines, cable lines, or wireless media that use analog signals (see Figure 7.5). Modem stands for modulator-demodulator. Cable modems connect your computer to the Internet by using a cable network. DSL modems connect your computer to the Internet using a telephone company's landline network. Wireless modems perform the same function as traditional modems, connecting your computer to a wireless network that could be a cell phone network or a Wi-Fi network. Glossary: A device for translating a computer's digital signals into analog form for transmission over analog networks or for translating analog signals back into digital form for reception by a computer.

Distributed denial-of-service (DDoS) attack

Reading: A distributed denial-of-service (DDoS) attack uses numerous computers to inundate and overwhelm the network from numerous launch points. Although DoS attacks do not destroy information or access restricted areas of a company's information systems, they often cause a website to shut down, making it impossible for legitimate users to access the site. For busy e-commerce sites, these attacks are costly; while the site is shut down, customers cannot make purchases. Especially vulnerable are small and midsize businesses whose networks tend to be less protected than those of large corporations. Perpetrators of DDoS attacks often use thousands of zombie PCs infected with malicious software without their owners' knowledge and organized into a botnet. Hackers create these botnets by infecting other people's computers with bot malware that opens a back door through which an attacker can give instructions. The infected computer then becomes a slave, or zombie, serving a master computer belonging to someone else. When hackers infect enough computers, they can use the amassed resources of the botnet to launch DDoS attacks, phishing campaigns, or unsolicited spam email. Glossary: Numerous computers inundating and overwhelming a network from numerous launch points.

Hacker

Reading: A hacker is an individual who intends to gain unauthorized access to a computer system. Within the hacking community, the term cracker is typically used to denote a hacker with criminal intent, although in the public press, the terms hacker and cracker are used interchangeably. Hackers gain unauthorized access by finding weaknesses in the security protections websites and computer systems employ. Hacker activities have broadened beyond mere system intrusion to include theft of goods and information as well as system damage and cybervandalism, the intentional disruption, defacement, or even destruction of a website or corporate information system. Glossary: A person who gains unauthorized access to a computer network for profit, criminal mischief, or personal pleasure.

Bugs

Reading: A major problem with software is the presence of hidden bugs or program code defects. Studies have shown that it is virtually impossible to eliminate all bugs from large programs. The main source of bugs is the complexity of decision-making code. A relatively small program of several hundred lines will contain tens of decisions leading to hundreds or even thousands of paths. Important programs within most corporations are usually much larger, containing tens of thousands or even millions of lines of code, each with many times the choices and paths of the smaller programs. Zero defects cannot be achieved in larger programs. Complete testing simply is not possible. Fully testing programs that contain thousands of choices and millions of paths would require thousands of years. Even with rigorous testing, you would not know for sure that a piece of software was dependable until the product proved itself after much operational use. Flaws in commercial software not only impede performance but also create security vulnerabilities that open networks to intruders. Each year security firms identify thousands of software vulnerabilities in Internet and PC software. An example is the Heartbleed bug, which is a flaw in OpenSSL, an open-source encryption technology that an estimated two-thirds of web servers use. Hackers could exploit the bug to access visitors' personal data as well as a site's encryption keys, which can be used to collect even more protected data. Glossary: Software program code defects.

Metropolitan Area Network (MAN)

Reading: A metropolitan area network (MAN) is a network that spans a metropolitan area, usually a city and its major suburbs. Its geographic scope falls between a WAN and a LAN. Glossary: Network that spans a metropolitan area, usually a city and its major suburbs. Its geographic scope falls between a WAN and a LAN.

risk assessment

Reading: A risk assessment determines the level of risk to the firm if a specific activity or process is not properly controlled. Not all risks can be anticipated and measured, but most businesses will be able to acquire some understanding of the risks they face. Business managers working with information systems specialists should try to determine the value of information assets, points of vulnerability, the likely frequency of a problem, and the potential for damage. For example, if an event is likely to occur no more than once a year, with a maximum of a $1000 loss to the organization, it is not wise to spend $20,000 on the design and maintenance of a control to protect against that event. However, if that same event could occur at least once a day, with a potential loss of more than $300,000 a year, $100,000 spent on a control might be entirely appropriate. Glossary: Determining the potential frequency of the occurrence of a problem and the potential damage if the problem were to occur. Used to determine the cost/benefit of a control.

Sniffer

Reading: A sniffer is a type of eavesdropping program that monitors information traveling over a network. When used legitimately, sniffers help identify potential network trouble spots or criminal activity on networks, but when used for criminal purposes, they can be damaging and very difficult to detect. Sniffers enable hackers to steal proprietary information from anywhere on a network, including email messages, company files, and confidential reports. Glossary: Type of eavesdropping program that monitors information traveling over a network.

WiMax

Reading: A surprisingly large number of areas in the United States and throughout the world do not have access to Wi-Fi or fixed broadband connectivity. The range of Wi-Fi systems is no more than 300 feet from the base station, making it difficult for rural groups that don't have cable or DSL service to find wireless access to the Internet. The Institute of Electrical and Electronics Engineers (IEEE) developed a family of standards known as WiMax to deal with these problems. WiMax, which stands for Worldwide Interoperability for Microwave Access, is the popular term for IEEE Standard 802.16. It has a wireless access range of up to 31 miles and transmission speed of 30-40 Mbps (and up to 1 Gbps for fixed stations). WiMax antennas are powerful enough to beam high-speed Internet connections to rooftop antennas of homes and businesses that are miles away. Cellular handsets and laptops with WiMax capabilities are appearing in the marketplace. Mobile WiMax is one of the 4G network technologies we discussed earlier in this chapter. Glossary: Popular term for IEEE Standard 802.16 for wireless networking over a range of up to 31 miles with a data transfer rate of up to 75 Mbps. Stands for Worldwide Interoperability for Microwave Access.

Virtual Private Network (VPN)

Reading: A virtual private network (VPN) is a secure, encrypted, private network that has been configured within a public network to take advantage of the economies of scale and management facilities of large networks, such as the Internet (see Figure 7.10). A VPN provides your firm with secure, encrypted communications at a much lower cost than the same capabilities offered by traditional non-Internet providers that use their private networks to secure communications. VPNs also provide a network infrastructure for combining voice and data networks. Figure 7.10 Glossary: A secure connection between two points across the Internet to transmit corporate data. Provides a low-cost alternative to a private network.

Security Policy

Reading: After you've identified the main risks to your systems, your company will need to develop a security policy for protecting the company's assets. A security policy consists of statements ranking information risks, identifying acceptable security goals, and identifying the mechanisms for achieving these goals. What are the firm's most important information assets? Who generates and controls this information in the firm? What existing security policies are in place to protect the information? What level of risk is management willing to accept for each of these assets? Is it willing, for instance, to lose customer credit data once every 10 years? Or will it build a security system for credit card data that can withstand the once-in-a-hundred-years disaster? Management must estimate how much it will cost to achieve this level of acceptable risk. The security policy drives other policies determining acceptable use of the firm's information resources and which members of the company have access to its information assets. Glossary: Statements ranking information risks, identifying acceptable security goals, and identifying the mechanisms for achieving these goals.

Operational CRM

Reading: All of the applications we have just described support either the operational or analytical aspects of customer relationship management. Operational CRM includes customer-facing applications, such as tools for sales force automation, call center and customer service support, and marketing automation. Glossary: Customer-facing applications, such as sales force automation, call center and customer service support, and marketing automation.

Peer-to-Peer

Reading: Alternatively, LANs may use a peer-to-peer architecture. A peer-to-peer network treats all processors equally and is used primarily in small networks with ten or fewer users. The various computers on the network can exchange data by direct access and can share peripheral devices without going through a separate server. Glossary: Network architecture that gives equal power to all computers on the network; used primarily in small networks.

Internet Service Provider (ISP)

Reading: An Internet service provider (ISP) is a commercial organization with a permanent connection to the Internet that sells temporary connections to retail subscribers. EarthLink, NetZero, and AT&T are ISPs. Individuals also connect to the Internet through their business firms, universities, or research centers that have designated Internet domains. There is a variety of services for ISP Internet connections. Connecting via a traditional telephone line and modem, at a speed of 56.6 kilobits per second (Kbps), used to be the most common form of connection worldwide, but high-speed broadband connections have largely replaced it. Digital subscriber line, cable, satellite Internet connections, and T lines provide these broadband services. Glossary: A commercial organization with a permanent connection to the Internet that sells temporary connections to subscribers.

Computer Forensics

Reading: An effective electronic document retention policy ensures that electronic documents, email, and other records are well organized, accessible, and neither retained too long nor discarded too soon. It also reflects an awareness of how to preserve potential evidence for computer forensics. Computer forensics is the scientific collection, examination, authentication, preservation, and analysis of data held on or retrieved from computer storage media in such a way that the information can be used as evidence in a court of law. It deals with the following problems: Recovering data from computers while preserving evidential integrity Securely storing and handling recovered electronic data Finding significant information in a large volume of electronic data Presenting the information to a court of law Glossary: The scientific collection, examination, authentication, preservation, and analysis of data held on or retrieved from computer storage media in such a way that the information can be used as evidence in a court of law.

Analytical CRM

Reading: Analytical CRM includes applications that analyze customer data generated by operational CRM applications to provide information for improving business performance. Analytical CRM applications are based on data from operational CRM systems, customer touch points, and other sources that have been organized in data warehouses or analytic platforms for use in online analytical processing (OLAP), data mining, and other data analysis techniques (see Chapter 6). Customer data collected by the organization might be combined with data from other sources, such as customer lists for direct-marketing campaigns purchased from other companies or demographic data. Such data are analyzed to identify buying patterns, to create segments for targeted marketing, and to pinpoint profitable and unprofitable customers (see Figure 9.10). Glossary: Customer relationship management applications dealing with the analysis of customer data to provide information for improving business performance.

Customer Lifetime Value (CLTV)

Reading: Another important output of analytical CRM is the customer's lifetime value to the firm. Customer lifetime value (CLTV) is based on the relationship between the revenue produced by a specific customer, the expenses incurred in acquiring and servicing that customer, and the expected life of the relationship between the customer and the company. Glossary: Difference between revenues produced by a specific customer and the expenses for acquiring and servicing that customer minus the cost of promotional marketing over the lifetime of the customer relationship, expressed in today's dollars.

Application Controls

Reading: Application controls are specific controls unique to each computerized application, such as payroll or order processing. They include both automated and manual procedures that ensure that only authorized data are completely and accurately processed by that application. Application controls can be classified as (1) input controls, (2) processing controls, and (3) output controls. Glossary: Specific controls unique to each computerized application that ensure that only authorized data are completely and accurately processed by that application.

Online Transaction Processing (OLTP)

Reading: As companies increasingly rely on digital networks for revenue and operations, they need to take additional steps to ensure that their systems and applications are always available. Firms such as those in the airline and financial services industries with critical applications requiring online transaction processing have traditionally used fault-tolerant computer systems for many years to ensure 100 percent availability. In online transaction processing, transactions entered online are immediately processed by the computer. Multitudinous changes to databases, reporting, and requests for information occur each instant. Glossary: Transaction processing mode in which transactions entered online are immediately processed by the computer.

Search Engine Optimization (SEO)

Reading: Because search engine marketing is so effective (it has the highest click-through rate and the highest return on ad investment), companies seek to optimize their websites for search engine recognition. The better optimized the page is, the higher a ranking it will achieve in search engine result listings. Search engine optimization (SEO) is the process of improving the quality and volume of web traffic to a website by employing a series of techniques that help a website achieve a higher ranking with the major search engines when certain keywords and phrases are put into the search field. One technique is to make sure that the keywords used in the website description match the keywords likely to be used as search terms by prospective customers. For example, your website is more likely to be among the first ranked by search engines if it uses the keyword lighting rather than lamps if most prospective customers are searching for lighting. It is also advantageous to link your website to as many other websites as possible because search engines evaluate such links to determine the popularity of a web page and how it is linked to other content on the web. Glossary: The process of changing a website's content, layout, and format in order to increase the ranking of the site on popular search engines and to generate more site visitors.

biometric authentication

Reading: Biometric authentication uses systems that read and interpret individual human traits, such as fingerprints, irises, and voices to grant or deny access. Biometric authentication is based on the measurement of a physical or behavioral trait that makes each individual unique. It compares a person's unique characteristics, such as the fingerprints, face, voice, or retinal image, against a stored profile of these characteristics to determine any differences between these characteristics and the stored profile. If the two profiles match, access is granted. Fingerprint and facial recognition technologies are just beginning to be used for security applications, with many PC laptops (and some smartphones) equipped with fingerprint identification devices and some models with built-in webcams and face recognition software. Financial service firms such as Vanguard and Fidelity have implemented voice authentication systems for their clients. Glossary: Technology for authenticating system users that compares a person's unique characteristics such as fingerprints, face, or retinal image against a stored set profile of these characteristics.

Blogosphere

Reading: Blog pages are usually based on templates provided by the blogging service or software. Therefore, millions of people without HTML skills of any kind can post their own web pages and share content with others. The totality of blog-related websites is often referred to as the blogosphere. Although blogs have become popular personal publishing tools, they also have business uses (see Glossary: Totality of blog-related websites.

Wiki

Reading: Blogs allow visitors to add comments to the original content, but they do not allow visitors to change the original posted material. Wikis, in contrast, are collaborative websites on which visitors can add, delete, or modify content, including the work of previous authors. Wiki comes from the Hawaiian word for "quick." 278 Wiki software typically provides a template that defines layout and elements common to all pages, displays user-editable software program code, and then renders the content into an HTML-based page for display in a web browser. Some wiki software allows only basic text formatting, whereas other tools allow the use of tables, images, or even interactive elements, such as polls or games. Most wikis provide capabilities for monitoring the work of other users and correcting mistakes. Glossary: Collaborative website where visitors can add, delete, or modify content, including the work of previous authors.

Personal Area Network (PANs)

Reading: Bluetooth is the popular name for the 802.15 wireless networking standard, which is useful for creating small personal area networks (PANs). It links up to eight devices within a 10-meter area using low-power, radio-based communication and can transmit up to 722 Kbps in the 2.4-GHz band. Wireless phones, pagers, computers, printers, and computing devices using Bluetooth communicate with each other and even operate each other without direct user intervention (see Figure 7.13). For example, a person could direct a notebook computer to send a document file wirelessly to a printer. Bluetooth connects wireless keyboards and mice to PCs or cell phones to earpieces without wires. Bluetooth has low power requirements, making it appropriate for battery-powered handheld computers or cell phones. Glossary: Computer network used for communication among digital devices that are close to one person.

Bluetooth

Reading: Bluetooth is the popular name for the 802.15 wireless networking standard, which is useful for creating small personal area networks (PANs). It links up to eight devices within a 10-meter area using low-power, radio-based communication and can transmit up to 722 Kbps in the 2.4-GHz band. Wireless phones, pagers, computers, printers, and computing devices using Bluetooth communicate with each other and even operate each other without direct user intervention (see Figure 7.13). For example, a person could direct a notebook computer to send a document file wirelessly to a printer. Bluetooth connects wireless keyboards and mice to PCs or cell phones to earpieces without wires. Bluetooth has low power requirements, making it appropriate for battery-powered handheld computers or cell phones. Glossary: Standard for wireless personal area networks that can transmit up to 722 Kbps within a 10-meter area.

Broadband

Reading: Both voice and data communication networks have also become more powerful (faster), more portable (smaller and mobile), and less expensive. For instance, the typical Internet connection speed in 2000 was 56 kilobits per second, but today the majority of U.S. households have high-speed broadband connections provided by telephone and cable TV companies running at 3 to 20 megabits (millions of bits per second). The cost for this service has fallen exponentially, from 50 cents per kilobit in 2000 to a tiny fraction of a cent today. Increasingly, voice and data communication, as well as Internet access, are taking place over broadband wireless platforms such as mobile phones, mobile handheld devices, and PCs in wireless networks. More than 70 percent of Internet users (232 million people) in the United States use smartphones and tablets to access the Internet, as well as desktop PCs. Glossary: High-speed transmission technology. Also designates a single communications medium that can transmit multiple channels of data simultaneously.

Business Continuity Planning

Reading: Business continuity planning focuses on how the company can restore business operations after a disaster strikes. The business continuity plan identifies critical business processes and determines action plans for handling mission-critical functions if systems go down. For example, Healthways, a well-being improvement company headquartered in Franklin, Tennessee, implemented a business continuity plan that identified the business processes of nearly 70 departments across the enterprise and the impact of system downtime on those processes. Healthways pinpointed its most critical processes and worked with each department to devise an action plan. Glossary: Planning that focuses on how the company can restore business operations after a disaster strikes.

Social CRM

Reading: CRM software vendors are enhancing their products to take advantage of social networking technologies. These social enhancements help firms identify new ideas more rapidly, improve team productivity, and deepen interactions with customers (see Chapter 10). Using social CRM tools, businesses can better engage with their customers by, for example, analyzing their sentiments about their products and services. Social CRM tools enable a business to connect customer conversations and relationships from social networking sites to CRM processes. The leading CRM vendors now offer such tools to link data from social networks to their CRM software. SAP, Salesforce.com, and Oracle CRM products now feature technology to monitor, track, and analyze social media activity on Facebook, LinkedIn, Twitter, YouTube, and other sites. Business intelligence and analytics software vendors such as SAS also have capabilities for social media analytics (with several measures of customer engagement across a variety of social networks) along with campaign management tools for testing and optimizing both social and traditional web-based campaigns. Glossary: Tools enabling a business to link customer conversations, data, and relationships from social networking sites to CRM processes.

Chat

Reading: Chat systems now support voice and video chat as well as written conversations. Many online retail businesses offer chat services on their websites to attract visitors, to encourage repeat purchases, and to improve customer service. Glossary: Live, interactive conversations over a public network.

Cross-Selling

Reading: Cross-selling is the marketing of complementary products to customers. (For example, in financial services, a customer with a checking account might be sold a money market account or a home improvement loan.) CRM tools also help firms manage and execute marketing campaigns at all stages, from planning to determining the rate of success for each campaign. Figure 9.8 illustrates the most important capabilities for sales, service, and marketing processes found in major CRM software products. Like enterprise software, this software is business-process driven, incorporating hundreds of business processes thought to represent best practices in each of these areas. To achieve maximum benefit, companies need to revise and model their business processes to conform to the best-practice business processes in the CRM software. Glossary: Marketing complementary products to customers.

Churn Rate

Reading: Customer churn is reduced as sales, service, and marketing respond better to customer needs. The churn rate measures the number of customers who stop using or purchasing products or services from a company. It is an important indicator of the growth or decline of a firm's customer base. Glossary: Measurement of the number of customers who stop using or purchasing products or services from a company. Used as an indicator of the growth or decline of a firm's customer base.

Anti-malware software

Reading: Defensive technology plans for both individuals and businesses must include anti-malware protection for every computer. Anti-malware software prevents, detects, and removes malware, including computer viruses, computer worms, Trojan horses, spyware, and adware. However, most anti-malware software is effective only against malware already known when the software was written. To remain effective, the software must be continually updated. Even then it is not always effective because some malware can evade detection. Organizations need to use additional malware detection tools for better protection. Glossary: Software designed to detect, and often eliminate, malware from an information system.

digital certificates

Reading: Digital certificates are data files used to establish the identity of users and electronic assets for protection of online transactions (see Figure 8.7). A digital certificate system uses a trusted third party, known as a certificate authority (CA), to validate a user's identity. There are many CAs in the United States and around the world, including Symantec, GoDaddy, and Comodo. Glossary: An attachment to an electronic message to verify the identity of the sender and to provide the receiver with the means to encode a reply.

Digital Subscriber Line (DSL)

Reading: Digital subscriber line (DSL) technologies operate over existing telephone lines to carry voice, data, and video at transmission rates ranging from 385 Kbps all the way up to 3 Mbps, depending on usage patterns and distance. Fios (Verizon's fiber optic cable service) can deliver over 900 Mbps, although most home service delivers 100 Mbps. Glossary: A group of technologies providing high-capacity transmission over existing copper telephone lines.

Employee relationship management (ERM)

Reading: ERM software deals with employee issues that are closely related to CRM, such as setting objectives, employee performance management, performance-based compensation, and employee training. Major CRM application software vendors include Oracle, SAP, Salesforce.com, and Microsoft Dynamics CRM. Glossary: Software dealing with employee issues that are closely related to CRM, such as setting objectives, employee performance management, performance-based compensation, and employee training.

3G Networks

Reading: Earlier generations of cellular systems were designed primarily for voice and limited data transmission in the form of short text messages. Today wireless carriers offer 3G and 4G networks. 3G networks, with transmission speeds ranging from 144 Kbps for mobile users in, say, a car, to more than 2 Mbps for stationary users, offer transmission speeds appropriate for email and web browsing, but are too slow for videos Glossary: Cellular networks based on packet-switched technology with speeds ranging from 144 Kbps for mobile users to more than 2 Mbps for stationary users, enabling users to transmit video, graphics, and other rich media in addition to voice.

Push-Based Model

Reading: Earlier supply chain management systems were driven by a push-based model (also known as build-to-stock). In a push-based model, production master schedules are based on forecasts or best guesses of demand for products, and products are pushed to customers. Glossary: Supply chain driven by production master schedules based on forecasts or best guesses of demand for products, and products are "pushed" to customers.

Email

Reading: Email enables messages to be exchanged from computer to computer, with capabilities for routing messages to multiple recipients, forwarding messages, and attaching text documents or multimedia files to messages. Most email today is sent through the Internet. The cost of email is far lower than equivalent voice, postal, or overnight delivery costs, and email messages can arrive anywhere in the world in a matter of seconds. Glossary: The computer-to-computer exchange of mess

Enterprise Software

Reading: Enterprise software is built around thousands of predefined business processes that reflect best practices. Table 9.1 describes some of the major business processes that enterprise software supports. Glossary: Set of integrated modules for applications such as sales and distribution, financial accounting, investment management, materials management, production planning, plant maintenance, and human resources that allow data to be used by multiple functions and business processes.

zero-day vulnerabilities

Reading: Especially troublesome are zero-day vulnerabilities, which are holes in the software unknown to its creator. Hackers then exploit this security hole before the vendor becomes aware of the problem and hurries to fix it. This type of vulnerability is called zero-day because the author of the software has zero days after learning about it to patch the code before it can be exploited in an attack. Sometimes security researchers spot the software holes, but more often, they remain undetected until an attack has occurred. Glossary: Security vulnerabilities in software, unknown to the creator, that hackers can exploit before the vendor becomes aware of the problem.

Fault-tolerant computer systems

Reading: Fault-tolerant computer systems contain redundant hardware, software, and power supply components that create an environment that provides continuous, uninterrupted service. Fault-tolerant computers use special software routines or self-checking logic built into their circuitry to detect hardware failures and automatically switch to a backup device. Parts from these computers can be removed and repaired without disruption to the computer or downtime. Glossary: Systems that contain extra hardware, software, and power supply components that can back a system up and keep it running to prevent system failure.

Firewall

Reading: Firewalls prevent unauthorized users from accessing private networks. A firewall is a combination of hardware and software that controls the flow of incoming and outgoing network traffic. It is generally placed between the organization's private internal networks and distrusted external networks, such as the Internet, although firewalls can also be used to protect one part of a company's network from the rest of the network The firewall acts like a gatekeeper that examines each user's credentials before it grants access to a network. The firewall identifies names, IP addresses, applications, and other characteristics of incoming traffic. It checks this information against the access rules that the network administrator has programmed into the system. The firewall prevents unauthorized communication into and out of the network. Glossary: Hardware and software placed between an organization's internal network and an external network to prevent outsiders from invading private networks.

Predictive search

Reading: Google searches also take advantage of Knowledge Graph, an effort of the search algorithm to anticipate what you might want to know more about as you search on a topic. Results of the knowledge graph appear on the right of the screen on many search result pages and contain more information about the topic or person you are searching on. For example, if you search "Lake Tahoe," the search engine will return basic facts about Tahoe (altitude, average temperature, and local fish), a map, and hotel accommodations. Google has made predictive search part of most search results. This part of the search algorithm guesses what you are looking for and suggests search terms as you type your search words. Glossary: Part of a search alogrithm that predicts what a user query is looking as it is entered based on popular searches.

Uniform Resource Locator (URL)

Reading: HTTP is the first set of letters at the start of every web address, followed by the domain name, which specifies the organization's server computer that is storing the web page. Most companies have a domain name that is the same as or closely related to their official corporate name. The directory path and web page name are two more pieces of information within the web address that help the browser track down the requested page. Together, the address is called a uniform resource locator (URL). When typed into a browser, a URL tells the browser software exactly where to look for the information. For example, in the URL http://www.megacorp.com/content/features/082610.html, http names the protocol that displays web pages, www.megacorp.com is the domain name, content/features is the directory path that identifies where on the domain web server the page is stored, and 082610.html is the web page name and the name of the format it is in. (It is an HTML page.) Glossary: The address of a specific resource on the Internet.

Cybervandalism

Reading: Hacker activities have broadened beyond mere system intrusion to include theft of goods and information as well as system damage and cybervandalism, the intentional disruption, defacement, or even destruction of a website or corporate information system. Glossary: Intentional disruption, defacement, or destruction of a website or corporate information system.

Spoofing

Reading: Hackers attempting to hide their true identities often spoof, or misrepresent, themselves by using fake email addresses or masquerading as someone else. Spoofing may also involve redirecting a web link to an address different from the intended one, with the site masquerading as the intended destination. For example, if hackers redirect customers to a fake website that looks almost exactly like the true site, they can then collect and process orders, effectively stealing business as well as sensitive customer information from the true site. We will provide more detail about other forms of spoofing in our discussion of computer crime. Glossary: Tricking or deceiving computer systems or other computer users by hiding one's identity or faking the identity of another user on the Internet.

Deep Packet Inspection (DPI)

Reading: Have you ever tried to use your campus network and found that it was very slow? It may be because your fellow students are using the network to download music or watch YouTube. Bandwidth-consuming applications such as file-sharing programs, Internet phone service, and online video can clog and slow down corporate networks, degrading performance. A technology called deep packet inspection (DPI) helps solve this problem. DPI examines data files and sorts out low-priority online material while assigning higher priority to business-critical files. Based on the priorities established by a network's operators, it decides whether a specific data packet can continue to its destination or should be blocked or delayed while more important traffic proceeds. Glossary: Technology for managing network traffic by examining data packets, sorting out low-priority data from higher priority business-critical data, and sending packets in order of priority.

Hotspots

Reading: Hotspots are locations with one or more access points providing wireless Internet access and are often in public places. Some hotspots are free or do not require any additional software to use; others may require activation and the establishment of a user account by providing a credit card number over the web. Businesses of all sizes are using Wi-Fi networks to provide low-cost wireless LANs and Internet access. Wi-Fi hotspots can be found in hotels, airport lounges, libraries, cafes, and college campuses to provide mobile access to the Internet. Dartmouth College is one of many campuses where students now use Wi-Fi for research, course work, and entertainment. Glossary: A specific geographic location in which an access point provides public WI-FI network service.

information systems audit

Reading: How does management know that information systems security and controls are effective? To answer this question, organizations must conduct comprehensive and systematic audits. An information systems audit examines the firm's overall security environment as well as controls governing individual information systems. The auditor should trace the flow of sample transactions through the system and perform tests, using, if appropriate, automated audit software. The information systems audit may also examine data quality. Glossary: Identifies all the controls that govern individual information systems and assesses their effectiveness.

Just-in-time strategy

Reading: If a manufacturer had perfect information about exactly how many units of product customers wanted, when they wanted them, and when they could be produced, it would be possible to implement a highly efficient just-in-time strategy. Components would arrive exactly at the moment they were needed, and finished goods would be shipped as they left the assembly line. In a supply chain, however, uncertainties arise because many events cannot be foreseen—uncertain product demand, late shipments from suppliers, defective parts or raw materials, or production process breakdowns. To satisfy customers, manufacturers often deal with such uncertainties and unforeseen events by keeping more material or products in inventory than they think they may actually need. The safety stock acts as a buffer for the lack of flexibility in the supply chain. Although excess inventory is expensive, low fill rates are also costly because business may be lost from canceled orders. Glossary: Scheduling system for minimizing inventory by having components arrive exactly at the moment they are needed and finished goods shipped as soon as they leave the assembly line.

disaster recovery plan

Reading: If you run a business, you need to plan for events, such as power outages, floods, earthquakes, or terrorist attacks, that will prevent your information systems and your business from operating. Disaster recovery planning devises plans for the restoration of disrupted computing and communications services. Disaster recovery plans focus primarily on the technical issues involved in keeping systems up and running, such as which files to back up and the maintenance of backup computer systems or disaster recovery services. For example, MasterCard maintains a duplicate computer center in Kansas City, Missouri, to serve as an emergency backup to its primary computer center in St. Louis. Rather than build their own backup facilities, many firms contract with cloud-based disaster recovery services or firms such as SunGard Availability Services that provide sites with spare computers around the country where subscribing firms can run their critical applications in an emergency. Glossary: Planning for the restoration of computing and communications services after they have been disrupted.

Gramm-Leach-Bliley Act

Reading: If you work in a firm providing financial services, your firm will need to comply with the Financial Services Modernization Act of 1999, better known as the Gramm-Leach-Bliley Act after its congressional sponsors. This act requires financial institutions to ensure the security and confidentiality of customer data. Data must be stored on a secure medium, and special security measures must be enforced to protect such data on storage media and during transmittal. Glossary: Requires financial institutions to ensure the security and confidentiality of customer data.

Sarbanes-Oxley Act

Reading: If you work in a publicly traded company, your company will need to comply with the Public Company Accounting Reform and Investor Protection Act of 2002, better known as the Sarbanes-Oxley Act after its sponsors Senator Paul Sarbanes of Maryland and Representative Michael Oxley of Ohio. This act was designed to protect investors after the financial scandals at Enron, WorldCom, and other public companies. It imposes responsibility on companies and their management to safeguard the accuracy and integrity of financial information that is used internally and released externally. One of the Learning Tracks for this chapter discusses Sarbanes-Oxley in detail. 311 Sarbanes-Oxley is fundamentally about ensuring that internal controls are in place to govern the creation and documentation of information in financial statements. Because information systems are used to generate, store, and transport such data, the legislation requires firms to consider information systems security and other controls required to ensure the integrity, confidentiality, and accuracy of their data. Each system application that deals with critical financial reporting data requires controls to make sure the data are accurate. Controls to secure the corporate network, prevent unauthorized access to systems and data, and ensure data integrity and availability in the event of disaster or other disruption of service are essential as well. Glossary: Law passed in 2002 that imposes responsibility on companies and their management to protect investors by safeguarding the accuracy and integrity of financial information that is used internally and released externally.

HIPAA

Reading: If you work in the healthcare industry, your firm will need to comply with the Health Insurance Portability and Accountability Act (HIPAA) of 1996. HIPAA outlines medical security and privacy rules and procedures for simplifying the administration of healthcare billing and automating the transfer of healthcare data between healthcare providers, payers, and plans. It requires members of the healthcare industry to retain patient information for six years and ensure the confidentiality of those records. It specifies privacy, security, and electronic transaction standards for healthcare providers handling patient information, providing penalties for breaches of medical privacy, disclosure of patient records by email, or unauthorized network access. Glossary: Law outlining rules for medical security, privacy, and the management of healthcare records.

RSS

Reading: If you're an avid blog reader, you might use RSS to keep up with your favorite blogs without constantly checking them for updates. RSS, which stands for Really Simple Syndication or Rich Site Summary, pulls specified content from websites and feeds it automatically to users' computers. RSS reader software gathers material from the websites or blogs that you tell it to scan and brings new information from those sites to you. RSS readers are available through websites such as Google and Yahoo, and they have been incorporated into the major web browsers and email programs. Glossary: Technology using aggregator software to pull content from websites and feed it automatically to subscribers' computers

wireless sensor networks (WSNs)

Reading: If your company wanted state-of-the art technology to monitor building security or detect hazardous substances in the air, it might deploy a wireless sensor network. Wireless sensor networks (WSNs) are networks of interconnected wireless devices that are embedded in the physical environment to provide measurements of many points over large spaces. These devices have built-in processing, storage, and radio frequency sensors and antennas. They are linked into an interconnected network that routes the data they capture to a computer for analysis. These networks range from hundreds to thousands of nodes. Wireless sensor networks are valuable for uses such as monitoring environmental changes; monitoring traffic or military activity; protecting property; efficiently operating and managing machinery and vehicles; establishing security perimeters; monitoring supply chain management; or detecting chemical, biological, or radiological material. Glossary: Networks of interconnected wireless devices with built-in processing, storage, and radio frequency sensors and antennas that are embedded into the physical environment to provide measurements of many points over large spaces.

denial-of-service (DOS) attack

Reading: In a denial-of-service (DoS) attack, hackers flood a network server or web server with many thousands of false communications or requests for services to crash the network. The network receives so many queries that it cannot keep up with them and is thus unavailable to service legitimate requests. Glossary: Flooding a network server or web server with false communications or requests for services in order to crash the network.

Intrusion Detection System (IDS)

Reading: In addition to firewalls, commercial security vendors now provide intrusion detection tools and services to protect against suspicious network traffic and attempts to access files and databases. Intrusion detection systems feature full-time monitoring tools placed at the most vulnerable points or hot spots of corporate networks to detect and deter intruders continually. The system generates an alarm if it finds a suspicious or anomalous event. Scanning software looks for patterns indicative of known methods of computer attacks such as bad passwords, checks to see whether important files have been removed or modified, and sends warnings of vandalism or system administration errors. The intrusion detection tool can also be customized to shut down a particularly sensitive part of a network if it receives unauthorized traffic. Glossary: Tools to monitor the most vulnerable points in a network to detect and deter unauthorized intruders.

Transmission Control Protocol/Internet Protocol (TCP/IP)

Reading: In the past, diverse proprietary and incompatible protocols often forced business firms to purchase computing and communications equipment from a single vendor. However, today, corporate networks are increasingly using a single, common, worldwide standard called Transmission Control Protocol/Internet Protocol (TCP/IP). TCP/IP was developed during the early 1970s to support U.S. Department of Defense Advanced Research Projects Agency (DARPA) efforts to help scientists transmit data among different types of computers over long distances. TCP/IP uses a suite of protocols, the main ones being TCP and IP. TCP refers to the Transmission Control Protocol, which handles the movement of data between computers. TCP establishes a connection between the computers, sequences the transfer of packets, and acknowledges the packets sent. IP refers to the Internet Protocol (IP), which is responsible for the delivery of packets and includes the disassembling and reassembling of packets during transmission. Glossary: Dominant model for achieving connectivity among different networks. Provides a universally agreed-on method for breaking up digital messages into packets, routing them to the proper addresses, and then reassembling them into coherent messages.

unified communications

Reading: In the past, each of the firm's networks for wired and wireless data, voice communications, and videoconferencing operated independently of each other and had to be managed separately by the information systems department. Now, however, firms can merge disparate communications modes into a single universally accessible service using unified communications technology. Unified communications integrates disparate channels for voice communications, data communications, instant messaging, email, and electronic conferencing into a single experience by which users can seamlessly switch back and forth between different communication modes. Presence technology shows whether a person is available to receive a call. Glossary: Integrates disparate channels for voice communications, data communications, instant messaging, email, and electronic conferencing into a single experience where users can seamlessly switch back and forth between different communication modes

General Controls

Reading: Information systems controls are both manual and automated and consist of general and application controls. General controls govern the design, security, and use of computer programs and the security of data files in general throughout the organization's information technology infrastructure. On the whole, general controls apply to all computerized applications and consist of a combination of hardware, software, and manual procedures that create an overall control environment. General controls include software controls, physical hardware controls, computer operations controls, data security controls, controls over the systems development process, and administrative controls. Glossary: Overall control environment governing the design, security, and use of computer programs and the security of data files in general throughout the organization's information technology infrastructure.

instant messaging

Reading: Instant messaging is a type of chat service that enables participants to create their own private chat channels. The instant messaging system alerts the user whenever someone on his or her private list is online so that the user can initiate a chat session with other individuals. Instant messaging systems for consumers include Yahoo! Messenger, Google Hangouts, AOL Instant Messenger, and Facebook Messenger. Companies concerned with security use proprietary communications and messaging systems such as IBM Sametime. Newsgroups are worldwide discussion groups posted on Internet electronic bulletin boards on which people share information and ideas on a defined topic such as radiology or rock bands. Anyone can post messages on these bulletin boards for others to read. Employee use of email, instant messaging, and the Internet is supposed to increase worker productivity, but the accompanying Interactive Session on Management shows that this may not always be the case. Many company managers now believe they need to monitor and even regulate their employees' online activity, but is this ethical? Although there are some strong business reasons companies may need to monitor their employees' email and web activities, what does this mean for employee privacy? Glossary: Chat service that allows participants to create their own private chat channels so that a person can be alerted whenever someone on his or her private list is online to initiate a chat session with that particular individual.

Cyberwarfare

Reading: Internet vulnerabilities have also turned individuals and even entire nation-states into easy targets for politically motivated hacking to conduct sabotage and espionage. Cyberwarfare is a state-sponsored activity designed to cripple and defeat another state or nation by penetrating its computers or networks to cause damage and disruption. One example is the efforts of Russian hackers to disrupt the U.S. elections described in the chapter-opening case. The infamous 2014 hack on Sony has been attributed to state actors from North Korea. In 2017, the WannaCry and Petya cyber attacks, masquerading as ransomware, caused large-scale disruptions in Ukraine as well as to the UK's National Health Service, pharmaceutical giant Merck, and other organizations around the world. Russians were suspected of conducting a cyberattack on Ukraine during a period of political turmoil in 2014. Cyberwarfare also includes defending against these types of attacks. Cyberwarfare is more complex than conventional warfare. Although many potential targets are military, a country's power grids, dams, financial systems, communications networks, and even voting systems can also be crippled. Non-state actors such as terrorists or criminal groups can mount attacks, and it is often difficult to tell who is responsible. Nations must constantly be on the alert for new malware and other technologies that could be used against them, and some of these technologies developed by skilled hacker groups are openly for sale to interested governments. Glossary: State-sponsored activity designed to cripple and defeat another state or nation by damaging or disrupting its computers or networks.

Internet2

Reading: Internet2 is an advanced networking consortium representing more than 500 U.S. universities, private businesses, and government agencies working with 94,000 institutions across the United States and international networking partners from more than 100 countries. To connect these communities, Internet2 developed a high-capacity, 100 Gbps network that serves as a test bed for leading-edge technologies that may eventually migrate to the public Internet, including large-scale network performance measurement and management tools, secure identity and access management tools, and capabilities such as scheduling high-bandwidth, high-performance circuits. Glossary: Research network with new protocols and transmission speeds that provides an infrastructure for supporting high-bandwidth Internet applications.

Keyloggers

Reading: Keyloggers record every keystroke made on a computer to steal serial numbers for software, to launch Internet attacks, to gain access to email accounts, to obtain passwords to protected computer systems, or to pick up personal information such as credit card or bank account numbers. The Zeus Trojan described earlier uses keylogging. Other spyware programs reset web browser home pages, redirect search requests, or slow performance by taking up too much computer resources. Glossary: Spyware that records every keystroke made on a computer to steal personal information or passwords or to launch Internet attacks.

Computer Virus

Reading: Malicious software programs are referred to as malware and include a variety of threats such as computer viruses, worms, and Trojan horses. (See Table 8.1.) A computer virus is a rogue software program that attaches itself to other software programs or data files to be executed, usually without user knowledge or permission. Most computer viruses deliver a payload. The payload may be relatively benign, such as instructions to display a message or image, or it may be highly destructive—destroying programs or data, clogging computer memory, reformatting a computer's hard drive, or causing programs to run improperly. Viruses typically spread from computer to computer when humans take an action, such as sending an email attachment or copying an infected file. Glossary: Rogue software program that attaches itself to other software programs or data files in order to be executed, often causing hardware and software malfunctions.

Ransomware

Reading: Malware known as ransomware is proliferating on both desktop and mobile devices. Ransomware tries to extort money from users by taking control of their computers, blocking access to files, or displaying annoying pop-up messages. For example, the ransomware called WannaCry that attacked computers in more than 150 countries in May 2017 encrypts an infected computer's files, forcing users to pay hundreds of dollars to regain access. You can get ransomware from downloading an infected attachment, clicking a link inside an email, or visiting the wrong website. Som​e types of spyware also act​ as malicious software. Glossary: Malware that extorts money from users by taking control of their computers or displaying annoying pop-up messages.

Encryption

Reading: Many businesses use encryption to protect digital information that they store, physically transfer, or send over the Internet. Encryption is the process of transforming plain text or data into cipher text that cannot be read by anyone other than the sender and the intended receiver. Data are encrypted by using a secret numerical code, called an encryption key, that transforms plain data into cipher text. The message must be decrypted by the receiver. Glossary: The coding and scrambling of messages to prevent their being read or accessed without authorization.

Managed security service providers (MSSPs)

Reading: Many companies, especially small businesses, lack the resources or expertise to provide a secure high-availability computing environment on their own. They can outsource many security functions to managed security service providers (MSSPs) that monitor network activity and perform vulnerability testing and intrusion detection. SecureWorks, AT&T, Verizon, IBM, Perimeter eSecurity, and Symantec are leading providers of MSSP services. Glossary: Company that provides security management services for subscribing clients.

Trojan Horse

Reading: Many malware infections are Trojan horses. A Trojan horse is a software program that appears to be benign but then does something other than expected. The Trojan horse is not itself a virus because it does not replicate, but it is often a way for viruses or other malicious code to be introduced into a computer system. The term Trojan horse is based on the huge wooden horse the Greeks used to trick the Trojans into opening the gates to their fortified city during the Trojan War. An example of a modern-day Trojan horse is the ZeuS (Zbot) Trojan, which infected more than 3.6 million computers in 2009 and still poses a threat. It has been used to steal login credentials for banking by surreptitiously capturing people's keystrokes as they use their computers. Zeus is spread mainly through drive-by downloads and phishing, and recent variants have been difficult to eradicate. Glossary: A software program that appears legitimate but contains a second hidden function that may cause damage.

Microblogging

Reading: Microblogging, used in Twitter or other platforms with serious space or size constraints, is a type of blogging that features very small elements of content such as short sentences, individual images, or video links. Glossary: Blogging featuring very short posts, such as using Twitter.

Computer Crime

Reading: Most hacker activities are criminal offenses, and the vulnerabilities of systems we have just described make them targets for other type​s of computer crime as ​well. Computer crime is defined by the U.S. Department of Justice as "any violations of criminal law that involve a knowledge of computer technology for their perpetration, investigation, or prosecution." Table 8.2 provides examples of the computer as both a target and an instrument of crime. Glossary: The commission of illegal acts through the use of a computer or against a computer system.

Hubs

Reading: Most networks also contain a switch or a hub acting as a connection point between the computers. Hubs are simple devices that connect network components, sending a packet of data to all other connected devices. Glossary: Very simple devices that connect network components, sending a packet of data to all other connected devices.

Switch

Reading: Most networks also contain a switch or a hub acting as a connection point between the computers. Hubs are simple devices that connect network components, sending a packet of data to all other connected devices. A switch has more intelligence than a hub and can filter and forward data to a specified destination on the network. Glossary: Device to connect network components that has more intelligence than a hub and can filter and forward data to a specified destination.

Software-defined networking (SDN)

Reading: Network switches and routers have proprietary software built into their hardware for directing the movement of data on the network. This can create network bottlenecks and makes the process of configuring a network more complicated and time-consuming. Software-defined networking (SDN) is a networking approach in which many of these control functions are managed by one central program, which can run on inexpensive commodity servers that are separate from the network devices themselves. This is especially helpful in a cloud computing environment with many pieces of hardware because it allows a network administrator to manage traffic loads in a flexible and more efficient Glossary: Using a central control program separate from network devices to manage the flow of data on a network.

Token

Reading: New authentication technologies, such as tokens, smart cards, and biometric authentication, overcome some of these problems. A token is a physical device, similar to an identification card, that is designed to prove the identity of a single user. Tokens are small gadgets that typically fit on key rings and display passcodes that change frequently. Glossary: Physical device similar to an identification card that is designed to prove the identity of a single user.

Phishing

Reading: One increasingly popular tactic is a form of spoofing called phishing. Phishing involves setting up fake websites or sending email messages that look like those of legitimate businesses to ask users for confidential personal data. The email message instructs recipients to update or confirm records by providing social security numbers, bank and credit card information, and other confidential data, either by responding to the email message, by entering the information at a bogus website, or by calling a telephone number. eBay, PayPal, Amazon.com, Walmart, and a variety of banks have been among the top spoofed companies. In a more targeted form of phishing called spear phishing, messages appear to come from a trusted source, such as an individual within the recipient's own company or a friend. Glossary: Form of spoofing involving setting up fake websites or sending email messages that resemble those of legitimate businesses that ask users for confidential personal data.

Bullwhip Effect

Reading: One recurring problem in supply chain management is the bullwhip effect, in which information about the demand for a product gets distorted as it passes from one entity to the next across the supply chain. A slight rise in demand for an item might cause different members in the supply chain—distributors, manufacturers, suppliers, secondary suppliers (suppliers' suppliers), and tertiary suppliers (suppliers' suppliers' suppliers)—to stockpile inventory so each has enough just in case. These changes ripple throughout the supply chain, magnifying what started out as a small change from planned orders and creating excess inventory, production, warehousing, and shipping costs For example, Procter & Gamble (P&G) found it had excessively high inventories of its Pampers disposable diapers at various points along its supply chain because of such distorted information. Although customer purchases in stores were fairly stable, orders from distributors spiked when P&G offered aggressive price promotions. Pampers and Pampers' components accumulated in warehouses along the supply chain to meet demand that did not actually exist. To eliminate this problem, P&G revised its marketing, sales, and supply chain processes and used more accurate demand forecasting. The bullwhip effect is tamed by reducing uncertainties about demand and supply when all members of the supply chain have accurate and up-to-date information. If all supply chain members share dynamic information about inventory levels, schedules, forecasts, and shipments, they have more precise knowledge about how to adjust their sourcing, manufacturing, and distribution plans. Supply chain management systems provide the kind of information that helps members of the supply chain make better purchasing and scheduling decisions. Glossary: Distortion of information about the demand for a product as it passes from one entity to the next across the supply chain.

Internet of Things (IoT)

Reading: Output from RFID systems and wireless networks is fueling the Internet of Things (IoT), introduced earlier in this chapter, in which machines such as jet engines, power plant turbines, or agricultural sensors constantly gather data and send the data over the Internet for analysis. The data might signal the need to take action such as replacing a part that's close to wearing out, restocking a product on a store shelf, starting the watering system for a soybean field, or slowing down a turbine. Over time, more and more everyday physical objects will be connected to the Internet and will be able to identify themselves to other devices, creating networks that can sense and respond as data changes. The Tour de France race tracking system, described in the chapter-opening case, is an example of an IoT application. You'll find more examples of the Internet of Things in Chapters 2 and 12. Glossary: Pervasive web in which each object or machine has a unique identity and is able to use the Internet to link with other machines or send data. Also known as the Industrial Internet.

Partner relationship management (PRM)

Reading: PRM uses many of the same data, tools, and systems as customer relationship management to enhance collaboration between a company and its selling partners. If a company does not sell directly to customers but rather works through distributors or retailers, PRM helps these channels sell to customers directly. It provides a company and its selling partners with the ability to trade information and distribute leads and data about customers, integrating lead generation, pricing, promotions, order configurations, and availability. It also provides a firm with tools to assess its partners' performances so it can make sure its best partners receive the support they need to close more business. Glossary: Automation of the firm's relationships with its selling partners using customer data and analytical tools to improve coordination and customer sales.

Packet Switching

Reading: Packet switching is a method of slicing digital messages into parcels called packets, sending the packets along different communication paths as they become available, and then reassembling the packets once they arrive at their destinations (see Figure 7.3). Prior to the development of packet switching, computer networks used leased, dedicated telephone circuits to communicate with other computers in remote locations. In circuit-switched networks, such as the telephone system, a complete point-to-point circuit is assembled, and then communication can proceed. These dedicated circuit-switching techniques were expensive and wasted available communications capacity—the circuit was maintained regardless of whether any data were being sent. Packet switching is more efficient. Messages are first broken down into small fixed bundles of data called packets. The packets include information for directing the packet to the right address and for checking transmission errors along with the data. The packets are transmitted over various communications channels by using routers, each packet traveling independently. Packets of data originating at one source will be routed through many paths and networks before being reassembled into the original message when they reach their destinations. Glossary: Technology that breaks messages into small, fixed bundles of data and routes them in the most economical way through any available communications channel.

Downtime

Reading: Parts from these computers can be removed and repaired without disruption to the computer or downtime. Downtime refers to periods of time in which a system is not operational. Glossary: Period of time in which an information system is not operational.

Botnet

Reading: Perpetrators of DDoS attacks often use thousands of zombie PCs infected with malicious software without their owners' knowledge and organized into a botnet. Hackers create these botnets by infecting other people's computers with bot malware that opens a back door through which an attacker can give instructions. The infected computer then becomes a slave, or zombie, serving a master computer belonging to someone else. When hackers infect enough computers, they can use the amassed resources of the botnet to launch DDoS attacks, phishing campaigns, or unsolicited spam email. Ninety percent of the world's spam and 80 percent of the world's malware are delivered by botnets. A recent example is the Mirai botnet, which infected numerous IoT devices (such as Internet-connected surveillance cameras) in October 2016 and then used them to launch a DDoS attack against Dyn, whose servers monitor and reroute Internet traffic. The Mirai botnet overwhelmed the Dyn servers, taking down Etsy, GitHub, Netflix, Shopify, SoundCloud, Spotify, Twitter, and a number of other major websites. A Mirai botnet variant attacked financial firms in January 2018. Glossary: A group of computers that have been infected with bot malware without users' knowledge, enabling a hacker to use the amassed resources of the computers to launch distributed denial-of-service attacks, phishing campaigns, or spam.

Pharming

Reading: Pharming redirects users to a bogus web page, even when the individual types the correct web page address into his or her browser. This is possible if pharming perpetrators gain access to the Internet address information Internet service providers (ISPs) store to speed up web browsing and flawed software on ISP servers allows the fraudsters to hack in and change those addresses Glossary: Phishing technique that redirects users to a bogus web page, even when an individual enters the correct web page address.

Radio Frequency Identification (RFID)

Reading: Radio frequency identification (RFID) systems provide a powerful technology for tracking the movement of goods throughout the supply chain. RFID systems use tiny tags with embedded microchips containing data about an item and its location to transmit radio signals over a short distance to RFID readers. The RFID readers then pass the data over a network to a computer for processing. Unlike bar codes, RFID tags do not need line-of-sight contact to be read. 283 The RFID tag is electronically programmed with information that can uniquely identify an item plus other information about the item such as its location, where and when it was made, or its status during production. The reader emits radio waves in ranges anywhere from 1 inch to 100 feet. When an RFID tag comes within the range of the reader, the tag is activated and starts sending data. The reader captures these data, decodes them, and sends them back over a wired or wireless network to a host computer for further processing (see Figure 7.15). Both RFID tags and antennas come in a variety of shapes and sizes. Glossary: Technology using tiny tags with embedded microchips containing data about an item and its location to transmit short-distance radio signals to special RFID readers that then pass the data on to a computer for processing.

SQL Injection Attack

Reading: SQL injection attacks exploit vulnerabilities in poorly coded web application software to introduce malicious program code into a company's systems and networks. These vulnerabilities occur when a web application fails to validate properly or filter data a user enters on a web page, which might occur when ordering something online. An attacker uses this input validation error to send a rogue SQL query to the underlying database to access the database, plant malicious code, or access other systems on the network. Glossary: Attacks against a website that take advantage of vulnerabilities in poorly coded SQL (a standard and common database software application) applications in order to introduce malicious program code into a company's systems and networks.

Search Engine Marketing

Reading: Search Engine Marketing Search engines have become major advertising platforms and shopping tools by offering what is now called search engine marketing. Searching for information is one of the web's most popular activities; it is estimated that 242 million people in the United States will use search engines by 2019 and 215 million will use mobile search by that time. With this huge audience, search engines are the foundation for the most lucrative form of online marketing and advertising: search engine marketing. When users enter a search term on Google, Bing, Yahoo, or any of the other sites serviced by these search engines, they receive two types of listings: sponsored links, for which advertisers have paid to be listed (usually at the top of the search results page), and unsponsored, organic search results. In addition, advertisers can purchase small text boxes on the side of search results pages. The paid, sponsored advertisements are the fastest growing form of Internet advertising and are powerful new marketing tools that precisely match consumer interests with advertising messages at the right moment. Search engine marketing monetizes the value of the search process. In 2018, search engine marketing was expected to generate $42 billion, or 44.2 percent of digital ad spending, nearly half of all online advertising ($93 billion) (eMarketer, 2018). About 90 percent of Google's revenue of $110 billion in 2017 came from online advertising, and 90 percent of that ad revenue came from search engine marketing (Alphabet, 2018). Because search engine marketing is so effective (it has the highest click-through rate and the highest return on ad investment), companies seek to optimize their websites for search engine recognition. The better optimized the page is, the higher a ranking it will achieve in search engine result listings. Glossary: Use of search engines to deliver in their results sponsored links, for which advertisers have paid.

Search Engines

Reading: Search engines can be gamed by scammers who create thousands of phony website pages and link them to a single retailer's site in an attempt to fool Google's search engine. Firms can also pay so-called link farms to link to their site. Google changed its search algorithm in 2012 to deal with this problem by examining the quality of links more carefully with the intent of down-ranking sites that have a suspicious pattern of sites linking to them. 277 In general, search engines have been very helpful to small businesses that cannot afford large marketing campaigns. Because shoppers are looking for a specific product or service when they use search engines, they are what marketers call hot prospects—people who are looking for information and often intending to buy. Moreover, search engines charge only for click-throughs to a site. Merchants do not have to pay for ads that don't work, only for ads that receive a click. Consumers benefit from search engine marketing because ads for merchants appear only when consumers are looking for a specific product. Thus, search engine marketing saves consumers cognitive energy and reduces search costs (including the cost of transportation needed to search for products physically). One study estimated the global value of search to both merchants and consumers to be more than $800 billion, with about 65 percent of the benefit going to consumers in the form of lower search costs and lower prices (McKinsey & Company, 2011). Glossary: A tool for locating specific sites or information on the Internet.

Visual Web

Reading: Searching photos, images, and video has become increasingly important as the web becomes more visual. The visual web refers to websites such as Pinterest, where pictures replace text documents, where users search pictures, and where pictures of products replace display ads for products. Pinterest is a social networking site that provides users (as well as brands) with an online board to which they can pin interesting pictures. Pinterest had 200 million active monthly users worldwide in 2018. Instagram is another example of the visual web. Instagram is a photo and video sharing site that allows users to take pictures, enhance them, and share them with friends on other social sites such as Facebook and Twitter. In 2018, Instagram had 800 million monthly active users. Glossary: Refers to web linking visual sites such as Pinterest where pictures replace text documents and where users search on pictures and visual characteristics.

Secure Hypertext Transfer Protocol (S-HTTP)

Reading: Secure Hypertext Transfer Protocol (S-HTTP) is another protocol used for encrypting data flowing over the Internet, but it is limited to individual messages, whereas SSL and TLS are designed to establish a secure connection between two computers. Glossary: Protocol used for encrypting data flowing over the Internet; limited to individual messages.

Semantic Search

Reading: Semantic Search Another way for search engines to become more discriminating and helpful is to make search engines capable of understanding what we are really looking for. Called semantic search, the goal is to build a search engine that can really understand human language and behavior. Google and other search engine firms are attempting to refine search engine algorithms to capture more of what the user intended and the meaning of a search. Rather than evaluate each word separately in a search, Google's Hummingbird search algorithm tries to evaluate an entire sentence, focusing on the meaning behind the words. For instance, if your search is a long sentence like "Google annual report selected financial data 2018," Hummingbird should be able to figure out that you really want Google's parent company Alphabet's SEC Form 10K report filed with the Securities and Exchange Commission in February 2018. Glossary: Search technology capable of understanding human language and behavior.

Shopping Bots

Reading: Shopping bots use intelligent agent software for searching the Internet for shopping information. Shopping bots such as MySimon or PriceGrabber, and travel search tools like Trivago, can help people interested in making a purchase or renting a vacation room filter and retrieve information according to criteria the users have established, and in some cases negotiate with vendors for price and delivery terms. Glossary: Software with varying levels of built-in intelligence to help electronic commerce shoppers locate and evaluate products or service they might wish to purchase.

Smartphones

Reading: Smartphones such as the iPhone, Android phones, and BlackBerry combine the functionality of a cell phone with that of a mobile laptop computer with Wi-Fi capability. This makes it possible to combine music, video, Internet access, and telephone service in one device. A large part of the Internet is becoming a mobile, access-anywhere, broadband service for the delivery of video, music, and web search. Glossary: Wireless Phone with voice, text, and internet capabilities.

Social Search

Reading: Social Search One problem with Google and mechanical search engines is that they are so thorough. Enter a search for "ultra computers" and, in 0.2 seconds, you will receive over 300 million responses! Social search is an effort to provide fewer, more relevant, and trustworthy search results based on a person's network of social contacts. In contrast to the top search engines that use a mathematical algorithm to find pages that satisfy your query, social search would highlight content that was created or touched by members of your social network. Glossary: Effort to provide more relevant and trustworthy search results based on a person's network of social contacts.

Social Networking

Reading: Social networking sites enable users to build communities of friends and professional colleagues. Members typically create a profile—a web page for posting photos, videos, audio files, and text—and then share these profiles with others on the service identified as their friends or contacts. Social networking sites are highly interactive, offer real-time user control, rely on user-generated content, and are broadly based on social participation and sharing of content and opinions. Leading social networking sites include Facebook, Twitter, and LinkedIn (for professional contacts). Social networking has radically changed how people spend their time online; how people communicate and with whom; how business people stay in touch with customers, suppliers, and employees; how providers of goods and services learn about their customers; and how advertisers reach potential customers. The large social networking sites are also application development platforms where members can create and sell software applications to other members of the community. Facebook alone has more than 7 million apps and websites integrated with it, including applications for gaming, video sharing, and communicating with friends and family. Glossary: Online Community for expanding users' business or social contacts by making connections through their mutual business or personal connections.

Supply Chain Execution Systems

Reading: Supply chain management (SCM) systems automate the flow of information among members of the supply chain so they can use it to make better decisions about when and how much to purchase, produce, or ship. More accurate information from supply chain management systems reduces uncertainty and the impact of the bullwhip effect. Supply chain management software includes software for supply chain planning and for supply chain execution. Internet technology facilitates the management of global supply chains by providing the connectivity for organizations in different countries to share supply chain information. Improved communication among supply chain members also facilitates efficient customer response and movement toward a demand-driven model. Glossary: Systems to manage the flow of products through distribution centers and warehouses to ensure that products are delivered to the right locations in the most efficient manner.

T1 Lines

Reading: T1 and T3 are international telephone standards for digital communication. They are leased, dedicated lines suitable for businesses or government agencies requiring high-speed guaranteed service levels. T1 lines offer guaranteed delivery at 1.54 Mbps, and T3 lines offer delivery at 45 Mbps. The Internet does not provide similar guaranteed service levels but, simply, best effort. Glossary: High-Speed guaranteed service level data lines leased from communications providers, such as T-1 lines (with a transmission capacity of 1.544 Mbps).

Near Field Communication (NFC)

Reading: Tap-and-go services like Apple Pay or Google Wallet use an RFID-related technology called near field communication (NFC). NFC is a short-range wireless connectivity standard that uses electromagnetic radio fields to enable two compatible devices to exchange data when brought within a few centimeters of each other. A smartphone or other NFC-compatible device sends out radio frequency signals that interact with an NFC tag found in compatible card readers or smart posters. The signals create a current that flows through the NFC tag, allowing the device and the tag to communicate with one another. In most cases the tag is passive and only sends out information while the other device (such as a smartphone) is active and can both send and receive information. (There are NFC systems where both components are active.) NFC is used in wireless payment services, to retrieve information, and even to exchange videos or information with friends on the go. You could share a website link by passing your phone over a friend's phone, while waving the phone in front of a poster or display containing an NFC tag could show information about what you're viewing at a museum or exhibit. Glossary: Short-range wireless connectivity standard that uses electromagnetic radio fields to enable two compatible devices to exchange data when brought within a few centimeters of each other.

Wi-Fi

Reading: The 802.11 set of standards for wireless LANs and wireless Internet access is also known as Wi-Fi. The first of these standards to be widely adopted was 802.11b, which can transmit up to 11 Mbps in the unlicensed 2.4-GHz band and has an effective distance of 30 to 50 meters. The 802.11g standard can transmit up to 54 Mbps in the 2.4-GHz range. 802.11n is capable of transmitting over 100 Mbps. Today's PCs and tablets have built-in support for Wi-Fi, as do the iPhone, iPad, and other smartphones. In most Wi-Fi communication, wireless devices communicate with a wired LAN using access points. An access point is a box consisting of a radio receiver/transmitter and antennas that links to a wired network, router, or hub. Glossary: Stands for "wireless fidelity" and refers to the 802.11 family of wireless networking standards.

Domain Name System (DNS)

Reading: The Domain Name System (DNS) converts domain names to IP addresses. DNS servers maintain a database containing IP addresses mapped to their corresponding domain names. To access a computer on the Internet, users need only specify its domain name, such as Expedia.com, 262 DNS has a hierarchical structure (see Figure 7.6). At the top of the DNS hierarchy is the root domain. The child domain of the root is called a top-level domain, and the child domain of a top-level domain is called a second-level domain. Top-level domains are two- and three-character names you are familiar with from surfing the web; for example, .com, .edu, .gov, and the various country codes such as .ca for Canada or .it for Italy. Second-level domains have two parts, designating a top-level name and a second-level name—such as buy.com, nyu.edu, or amazon.ca. A host name at the bottom of the hierarchy designates a specific computer on either the Internet or a private network. Glossary: A hierarchical system of servers maintaining a database enabling the conversion of domain names to their numeric IP addresses

Voice over IP (VoIP)

Reading: The Internet has also become a popular platform for voice transmission and corporate networking. Voice over IP (VoIP) technology delivers voice information in digital form using packet switching, avoiding the tolls charged by local and long-distance telephone networks (see Figure 7.9). Calls that would ordinarily be transmitted over public telephone networks travel over the corporate network based on the Internet protocol, or over the public Internet. Voice calls can be made and received with a computer equipped with a microphone and speakers or with a VoIP-enabled telephone. Glossary: Facilities for managing the delivery of voice information using the Internet Protocol (IP).

Internet Protocol (IP) address

Reading: The Internet is based on the TCP/IP networking protocol suite described earlier in this chapter. Every device connected to the Internet (or another TCP/IP network) is assigned a unique Internet Protocol (IP) address consisting of a string of numbers. Glossary: Four-part numeric address indicating a unique computer location on the Internet.

IPv6

Reading: The Internet was not originally designed to handle billions of users and the transmission of massive quantities of data. Because of sheer Internet population growth, the world is about to run out of available IP addresses using the old addressing convention. The old system based on 32-bit addresses is being replaced by a new version of IP addressing called IPv6 (Internet Protocol version 6), which contains 128-bit addresses (2 to the power of 128), or more than a quadrillion possible unique addresses. IPv6 is compatible with most modems and routers sold today, and IPv6 will fall back to the old addressing system if IPv6 is not available on local networks. The transition to IPv6 will take several years as systems replace older equipment. Glossary: New IP addressing system using 128-bit IP addresses. Stands for Internet Protocol version 6.

Public Key Infrastructure (PKI)

Reading: The digital certificate system would enable, for example, a credit card user and a merchant to validate that their digital certificates were issued by an authorized and trusted third party before they exchange data. Public key infrastructure (PKI), the use of public key cryptography working with a CA, is now widely used in e-commerce. Glossary: System for creating public and private keys using a certificate authority (CA) and digital certificates for authentication.

network operating system (NOS)

Reading: The network operating system (NOS) routes and manages communications on the network and coordinates network resources. It can reside on every computer in the network or primarily on a dedicated server computer for all the applications on the network. A server is a computer on a network that performs important network functions for client computers, such as displaying web pages, storing data, and storing the network operating system (hence controlling the network). Microsoft Windows Server and Linux are the most widely used network operating systems. Glossary: Special software that routes and manages communications on the network and coordinates network resources.

5G Networks

Reading: The next generation of wireless technology, called 5G, is still under development. 5G will support transmission of huge amounts of data in the gigabit range, with fewer transmission delays and the ability to connect many more devices (such as sensors and smart devices) at once than existing cellular systems. 5G technology will be needed for self-driving vehicles, smart cities, and extensive use of the Internet of Things. AT&T, Verizon, and other carriers are starting to launch 5G networks. Glossary: Next wireless technology evolution, supporting transmission of huge amounts of data in the gigabit range, with fewer transmission delays and the ability to connect many more devices (such as sensors and smart devices) at once than existing cellular systems.

Public Key Encryption

Reading: The problem with all symmetric encryption schemes is that the key itself must be shared somehow among the senders and receivers, which exposes the key to outsiders who might just be able to intercept and decrypt the key. A more secure form of encryption called public key encryption uses two keys: one shared (or public) and one totally private as shown in Figure 8.6. The keys are mathematically related so that data encrypted with one key can be decrypted using only the other key. To send and receive messages, communicators first create separate pairs of private and public keys. The public key is kept in a directory, and the private key must be kept secret. The sender encrypts a message with the recipient's public key. On receiving the message, the recipient uses his or her private key to decrypt it. Glossary: Uses two keys: one shared (or public) and one private.

Bandwidth

Reading: The range of frequencies that can be accommodated on a particular telecommunications channel is called its bandwidth. The bandwidth is the difference between the highest and lowest frequencies that can be accommodated on a single channel. The greater the range of frequencies, the greater the bandwidth and the greater the channel's transmission capacity. Glossary: The capacity of a communications channel as measured by the difference between the highest and lowest frequencies that can be transmitted by that channel.

Acceptable Use Policy (AUP)

Reading: The security policy drives other policies determining acceptable use of the firm's information resources and which members of the company have access to its information assets. An acceptable use policy (AUP) defines acceptable uses of the firm's information resources and computing equipment, including desktop and laptop computers, mobile devices, telephones, and the Internet. A good AUP defines unacceptable and acceptable actions for every user and specifies consequences for noncompliance. Glossary: Defines acceptable uses of the firm's information resources and computing equipment, including desktop and laptop computers, wireless devices, telephones, and the Internet, and specifies consequences for noncompliance.

two-factor authentication

Reading: The steady stream of incidents in which hackers have been able to access traditional passwords highlights the need for more secure means of authentication. Two-factor authentication increases security by validating users through a multistep process. To be authenticated, a user must provide two means of identification, one of which is typically a physical token, such as a smartcard or chip-enabled bank card, and the other of which is typically data, such as a password or personal identification number (PIN). Biometric data, such as fingerprints, iris prints, or voice prints, can also be used as one of the authenticating mechanisms. A common example of two-factor authentication is a bank card; the card itself is the physical item, and the PIN is the other piece of data that goes with it. Glossary: Validating user identity with two means of identification, one of which is typically a physical token, and the other of which is typically data.

Hertz

Reading: The total amount of digital information that can be transmitted through any telecommunications medium is measured in bits per second (bps). One signal change, or cycle, is required to transmit one or several bits; therefore, the transmission capacity of each type of telecommunications medium is a function of its frequency. The number of cycles per second that can be sent through that medium is measured in hertz—one hertz is equal to one cycle of the medium. Glossary: Measure of frequency of electrical impulses per second, with 1 Hertz equivalent to 1 cycle per second.

Touch Point

Reading: This is where customer relationship management systems help. Customer relationship management (CRM) systems, which we introduced in Chapter 2, capture and integrate customer data from all over the organization, consolidate the data, analyze the data, and then distribute the results to various systems and customer touch points across the enterprise. A touch point (also known as a contact point) is a method of interaction with the customer, such as telephone, email, customer service desk, conventional mail, Facebook, Twitter, website, wireless device, or retail store. Well-designed CRM systems provide a single enterprise view of customers that is useful for improving both sales and customer service Glossary: Method of firm interaction with a customer, such as telephone, email, customer service desk, conventional mail, or point-of-purchase.

Patches

Reading: To correct software flaws once they are identified, the software vendor creates small pieces of software called patches to repair the flaws without disturbing the proper operation of the software. It is up to users of the software to track these vulnerabilities, test, and apply all patches. This process is called patch management. 308 Because a company's IT infrastructure is typically laden with multiple business applications, operating system installations, and other system services, maintaining patches on all devices and services a company uses is often time-consuming and costly. Malware is being created so rapidly that companies have very little time to respond between the time a vulnerability and a patch are announced and the time malicious software appears to exploit the vulnerability. Glossary: Small pieces of software to repair the software flaws without disturbing the proper operation of the software.

Authentication

Reading: To gain access to a system, a user must be authorized and authenticated. Authentication refers to the ability to know that a person is who he or she claims to be. Authentication is often established by using passwords known only to authorized users. New authentication technologies, such as tokens, smart cards, and biometric authentication, overcome some of these problems. Glossary: The ability of each party in a transaction to ascertain the identity of the other party.

password

Reading: To gain access to a system, a user must be authorized and authenticated. Authentication refers to the ability to know that a person is who he or she claims to be. Authentication is often established by using passwords known only to authorized users. An end user uses a password to log on to a computer system and may also use passwords for accessing specific systems and files. However, users often forget passwords, share them, or choose poor passwords that are easy to guess, which compromises security. Password systems that are too rigorous hinder employee productivity. When employees must change complex passwords frequently, they often take shortcuts, such as choosing passwords that are easy to guess or keeping their passwords at their workstations in plain view. Passwords can also be sniffed if transmitted over a network or stolen through social engineering. Glossary: Secret word or string of characters for authenticating users so they can access a resource such as a computer system.

Unified Threat Management (UTM)

Reading: To help businesses reduce costs and improve manageability, security vendors have combined into a single appliance various security tools, including firewalls, virtual private networks, intrusion detection systems, and web content filtering and anti-spam software. These comprehensive security management products are called unified threat management (UTM) systems. UTM products are available for all sizes of networks. Leading UTM vendors include Fortinent, Sophos, and Check Point, and networking vendors such as Cisco Systems and Juniper Networks provide some UTM capabilities in their products. Glossary: Comprehensive security management tool that combines multiple security tools, including firewalls, virtual private networks, intrusion detection systems, and web content filtering and anti-spam software.

Secure Sockets Layer (SSL)

Reading: Two methods for encrypting network traffic on the web are SSL and S-HTTP. Secure Sockets Layer (SSL) and its successor, Transport Layer Security (TLS), enable client and server computers to manage encryption and decryption activities as they communicate with each other during a secure web session. Glossary: Enables client and server computers to manage encryption and decryption activities as they communicate with each other during a secure web session.

Local Area Network (LAN)

Reading: Up to 500 meters (half a mile); am office or floor of a building If you work in a business that uses networking, you are probably connecting to other employees and groups via a local area network. A local area network (LAN) is designed to connect personal computers and other digital devices within a half-mile or 500-meter radius. LANs typically connect a few computers in a small office, all the computers in one building, or all the computers in several buildings in close proximity. LANs also are used to link to long-distance wide area networks (WANs, described later in this section) and other networks around the world, using the Internet. Glossary: A telecommunications network that requires its own dedicated channels and that encompasses a limited distance, usually one building or several buildings in close proximity.

Social Engineering

Reading: We tend to think the security threats to a business originate outside the organization. In fact, company insiders pose serious security problems. Studies have found that user lack of knowledge is the single greatest cause of network security breaches. Many employees forget their passwords to access computer systems or allow coworkers to use them, which compromises the system. Malicious intruders seeking system access sometimes trick employees into revealing their passwords by pretending to be legitimate members of the company in need of information. This practice is called social engineering Glossary: Tricking people into revealing their passwords by pretending to be legitimate users or members of a company in need of information.

Hypertext Transfer Protocol (HTTP)

Reading: Web pages are based on a standard Hypertext Markup Language (HTML), which formats documents and incorporates dynamic links to other documents and other objects stored in the same or remote computers (see Chapter 5). Web pages are accessible through the Internet because web browser software operating your computer can request web pages stored on an Internet host server by using the Hypertext Transfer Protocol (HTTP). HTTP is the communications standard that transfers pages on the web. For example, when you type a web address in your browser, such as http://www.sec.gov, your browser sends an HTTP request to the sec.gov server requesting the home page of sec.gov. HTTP is the first set of letters at the start of every web address, followed by the domain name, which specifies the organization's server computer that is storing the web page. Most companies have a domain name that is the same as or closely related to their official corporate name. The directory path and web page name are two more pieces of information within the web address that help the browser track down the requested page. Glossary: The communications standard used to transfer pages on the web. Defines how messages are formatted and transmitted.

Router

Reading: What if you want to communicate with another network, such as the Internet? You would need a router. A router is a communications processor that routes packets of data through different networks, ensuring that the data sent get to the correct address. Network switches and routers have proprietary software built into their hardware for directing the movement of data on the network. Glossary: Specialized communications processor that forwards packets of data from one network to another network.

Click Fraud

Reading: When you click an ad displayed by a search engine, the advertiser typically pays a fee for each click, which is supposed to direct potential buyers to its products. Click fraud occurs when an individual or computer program fraudulently clicks an online ad without any intention of learning more about the advertiser or making a purchase. Click fraud has become a serious problem at Google and other websites that feature pay-per-click online advertising. Some companies hire third parties (typically from low-wage countries) to click a competitor's ads fraudulently to weaken them by driving up their marketing costs. Click fraud can also be perpetrated with software programs doing the clicking, and botnets are often used for this purpose. Search engines such as Google attempt to monitor click fraud and have made some changes to curb it. Glossary: Fraudulently clicking on an online ad in pay per click advertising to generate an improper charge per click.

Wide Area Network (WANs)

Reading: Wide area networks (WANs) span broad geographical distances—regions, states, continents, or the entire globe. The most universal and powerful WAN is the Internet. Computers connect to a WAN through public networks, such as the telephone system or private cable systems, or through leased lines or satellites. Glossary: Telecommunications network that spans a large geographical distance. May consist of a variety of cable, satellite, and microwave technologies.

War Driving

Reading: Wireless networks in many locations do not have basic protections against war driving, in which eavesdroppers drive by buildings or park outside and try to intercept wireless network traffic. An intruder who has associated with an access point by using the correct SSID is capable of accessing other resources on the network. For example, the intruder could use the Windows operating system to determine which other users are connected to the network, access their computer hard drives, and open or copy their files. Glossary: Technique in which eavesdroppers drive by buildings or park outside and try to intercept wireless network traffic.

identity theft

Reading: With the growth of the Internet and electronic commerce, identity theft has become especially troubling. Identity theft is a crime in which an imposter obtains key pieces of personal information, such as social security numbers, driver's license numbers, or credit card numbers, to impersonate someone else. The information may be used to obtain credit, merchandise, or services in the name of the victim or to provide the thief with false credentials. Identity theft has flourished on the Internet, with credit card files a major target of website hackers (see the chapter-ending case study). According to the 2018 Identity Fraud Study by Javelin Strategy & Research, identity fraud affected 16.7 million U.S. consumers in 2017, and they lost nearly $17 billion to identity fraud that year (Javelin, 2018). Glossary: Theft of key pieces of personal information, such as credit card or Social Security numbers, in order to obtain merchandise and services in the name of the victim or to obtain false credentials.

Worm

Reading: Worms are independent computer programs that copy themselves from one computer to other computers over a network. Unlike viruses, worms can operate on their own without attaching to other computer program files and rely less on human behavior to spread rapidly from computer to computer. Worms destroy data and programs as well as disrupt or even halt the operation of computer networks. Worms and viruses are often spread over the Internet from files of downloaded software; from files attached to email transmissions; or from compromised email messages, online ads, or instant messaging. Glossary: Independent software programs that propagate themselves to disrupt the operation of computer networks or destroy data and other programs.