GB-310 FInal exam

white hats

"good" hackers who help organizations locate and fix security flaws. Hackers who act in the public's best interest, through activities such as authorized penetration testing, in order to identify and report on security vulnerabilities before they are exploited.

Class 10

10

class 11

11

Class 12

12

Class

13

class 9

9

Peer-to-peer transmission

: Communication occurs directly between peers, rather than a central node.

*Vendor Invoice and Payment

A business document that notifies the purchaser of an obligation to pay the vendor for goods (or services) that were ordered by and shipped to the purchaser. and then paid

Procurement Process

A cross-functional business process that originates when a company needs to acquire goods or services from external sources, and it concludes when the company receives and pays for them.

Just-in-time delivery

A delivery method that synchronizes manufacturing and supply so that materials arrive just as the manufacturing process requires them.

Blockchain

A digital ledger in which transactions made in bitcoin or another cryptocurrency are recorded chronologically and publicly

dashboards

A heads-up display of critical indicators that allow managers to get a graphical glance at key performance metrics. KPI

source list

A list of approved potential suppliers

packing list

A list showing the number and kinds of items being shipped, as well as other information needed for transportation purposes.

Virtual Private Network (VPN)

A private data network that creates secure connections, or "tunnels," over regular Internet lines. VPNs typically use encryption to maintain confidentiality of the data, user authentication to verify identities (e.g. passwords, biometrics, etc.), and hashing functions to confirm communication integrity.

public key/private key

A special version of asymmetric encryption that is popular on the Internet. With this method, each site has a public key for encoding messages and a private key for decoding them.

Customer Relationship Management (CRM)

A system that integrates customer-facing processes and manages all the interactions with customers

Remote Access VPN

A user-to-LAN virtual private network connection used by remote users.

Manufacturing Resource Planning (MRP II)

An information system that schedules equipment t and facilities and provides financial tracking of activities. a system that ties the basic MRP system to the company's financial system and to other core and supporting processes

Decentralized

Analyst groups are associated with business units, but have no other corporate structure. Can be difficult to set enterprise priorities and effectively deploy staff.

Center of excellence

Analyst groups reside in every major business unit, but all groups are associated with a corporate center of excellence that facilitates the sharing of best practices and project prioritization (e.g., Capital One, Bank of America)

Functional:

Analyst groups reside in the particular departments or business units that require their services, but can serve other parts of the organization, as needed (e.g., Fidelity)

Consulting:

Analysts belong to a single corporate entity, but are temporarily deployed as consultants on analytical projects.

Centralized:

Analysts report to a single corporate entity

Analytical Semiprofessionals

Apply the models and algorithms on behalf of the business. May have deep quant skills, but primarily focus on the application of existing tools to business problems. Semipros have a sophisticated understanding of information flows through the business processes, which enables them to link analyses to business results and prepare reports based on the analyses using specific tools

Insider Threat: Identification. essay q

Authentication and authorization: Failed attempts to access data outside an employee's role. Data access patterns: Changes in data access patterns not previously associated with a work role. Data ex-filtration: Large or unusual quantities of data being printed, stored on removable media, or sent via email. Facility: Time of access: Unusual times of access (e.g. when supervisors are absent). Location of access: Unusual location from which users are accessing resources. Business capabilities: Deletion or modification of data: Critical business data is deleted or modified . Competitor analysis: Competitor advances appear to take advantage of unreleased organizational information.

ransomeware prevention

Back up your files every day, Don't open email attachments, Keep antivirus software up to date (though this won't catch all instances of ransomware), Keep vulnerable applications (e.g. Windows, Java, Flash) fully patched, Install ransomware protection tools (e.g. BitDefender, Trend Micro Anti-Ransomware, EasySync CryptoMonitor),

CAPTCHA

Completely Automated Public Turing Test To Tell Computers and Humans Apart

Transactional Data

Data related to events such as a purchase or student enrollement

Distributed databases:

Each party on a blockchain has access to the entire database, but no single party controls the data

Analytical Amateurs

Employees whose primary job is not analytical work, but who need an understanding of analytics to do their jobs successfully. Amateurs are the 'consumers' of analytical insights and put them to work in their own business decisions.

Transparency with Pseudonymity

Every transaction and value is visible to anyone with access to the system. Users can remain anonymous if they choose.

Analytical champions

Executives who depend on data analyses to make business decisions and lead analytical initiatives. They act as advocates in the organization for how analytical techniques and technologies can be used. Champions don't necessarily need top technical skills, but require an appreciation for the data and can promote an analytical culture to the business

Availability Check

First, an availability check is conducted—SAP determines if the promised delivery quantity can be met by the promised delivery date.

black hats

Hackers who intentionally gain access to computer systems with malicious intent or other personal gain

grey hat hackers

Hackers who sometimes violate laws and ethical standards, but act in a non-malicious way. May have the skills and intent of a white hat, but will break into systems without permission (though with the intent of improving security).

analytical professionals

Highly proficient quant skillset and advanced technical skills to enable the creation of analytical applications using models and algorithms. Professionals provide analytical guidance to others and help to establish analytical goals and strategies.

Business-to-business (B2B)

Individuals and organizations that buy goods and services to use in production or to sell, rent, or supply to others.

Business Intelligence

Information collected from multiple sources such as suppliers, customers, competitors, partners, and industries that analyzes patterns, trends, and relationships for better decision making

Information Security

Information security is defined as the process of preventing unauthorized access to an information system or modification of its data.

information security threats

Malicious software Denial of service Social engineering

Malware

Malware refers to software that is specifically designed to penetrate systems, break security policies, and/or carry damaging payloads.

Virus

Malware- A fragment of code that attaches itself to other programs in order to be executed, usually without user knowledge or permission. Viruses require some type of user action to be activated (e.g. opening an email attachment) and replicated.

https

Most secure communication over the Internet

Irreversibility of records

Once a transaction is entered and the accounts are updated, the records cannot be altered.

Distributed Denial-of-Service (DDoS)= Network Threats

Originating from many compromised/infected computers ('zombies'), a targeted server is overloaded with data packets until a crash occurs. Attackers control the zombie computers using automated tools that allow a coordinated attack. This is sometimes referred to as a 'botnet'.

three categories of security controls:

Passwords Firewalls Encryption and virtual private networks

Encryption

Process of converting readable data into unreadable characters to prevent unauthorized access.

Worms

Programs that copy themselves (i.e. without user action) from one computer to another over networks. Can destroy data, programs, and halt operation of computer networks.

Benefits of CRM? essay q

Provide better customer service, Make call centers more efficient, Cross sell products more effectively, Help sales staff close deals faster, Simplify marketing and sales processes, Discover new customers, Increase customer revenues.

How to help Building an Analytical Culture? essay Q

Provide reminders on adopting analytical practices (e.g., at Google, proposals to product management for new features are asked if they tested the idea with data first). Encourage (friendly) pushback and dissent (e.g., Intel urges employees to propose alternative courses of action where they have differing opinions and supporting data) Expand information transparency by enabling employees to have broad access to information about the company. Hire leaders that are advocates of analytical methods and aren't afraid to make tough decisions that deviate from the norms of the past

Analyst skills? essay Q.

Quantitative and technical skills: familiar with statistical tools/systems. Business knowledge and design skills: understand of business process analytics are being applies to . Relationship and consulting skills. Coaching and staff development skills: Can enable the effective sharing of best practices/Helps colleagues understand how data driven insights can drive business value

Ransomware

Ransomware is a type of malicious software that restricts access to a computer system by locking or encrypting the data until a ransom is paid to the creator, typically in difficult-to-trace cyber currency, such as Bitcoin.

Real-time price discounts

Salespeople want to have the authority and data available to offer a real-time price discount a discount offered to a particular customer based on current market and customer factors. For example, in the before SAP process, if a customer considered doubling the size of an order but needed a price discount to close the deal, Sue would have to request a price discount from the sales manager

social engineering attack

Social engineering is a low-technology security attack that relies on lying, impersonation, bribes, and threats to gain access to information systems resources. A type of attack where the goal is to obtain sensitive data, including user names and passwords, from network users through deception and trickery.

Material Requirements Planning (MRP)

Software used to efficently manage inventory, production and labor. planning system that schedules the precise quantity of materials needed to make the product

Three-way match

The activity within the procurement process that ensures that the data on the invoice matches the data on the purchase order and the goods receipt.

bullwhip effect

The bullwhip effect occurs when companies order more supplies than are needed due to a sudden change in demand. distorted product-demand information ripples from one partner to the next throughout the supply chain.

Computational logic:

The ledger has built-in programming logic and rules for triggering transactions between nodes.

hacker

The term hacker can mean different things, ranging from the innocuous 'a person who uses computing skills to overcome a technical problem' to the more sinister 'a person who gains unauthorized access to information in a computer system in order to commit crimes'.

Humanyze company

Uses a credit card-sized ID badge to track data about employees using two microphones, Bluetooth, RFID, NFC, and an accelerometer. About 4GB of data are collected each day.

Problems with procurement before sap? SAp benefits essay q

Warehouse manager doesn't have data on sales price discounts.SOLUTION:integrated inherent processes show warehouse price discounts Accounting: three way match discrepancies take time to correct.. SOLUTION: real time sharing reduces time and errors Purchasing- weak internal controls lead to scrutiny of purchases. Solution: real time sharing increases use of financial reports.

Data Sharing

With data in one place it is more easily accessed by authorized users. For example, data from the Returns Management process about defective bicycle parts should be shared with the Supplier Evaluation process to ensure that suppliers with high defect rates are removed from the list of approved suppliers.

Symmetric vs. Asymmetric encryption

With symmetric encryption, the same key is used to encode and to decode. With asymmetric encryption, two keys are used; one key encodes the message, and the other key decodes the message.

itemized bill

a firm receive from its suppliers that contains details such as the amount due to the supplier and order number.

purchase requisition

a form used to request the responsible person or department to purchase merchandise or other property

supplier relationship management process

a process that automates, simplifies, and accelerates a variety of supply chain processes. helps companies reduce procurement costs, build collaborative supplier relationships, better manage supplier options, and improve time to market.

Advanced Persistent Threat (APT)

a sophisticated, possibly long-running computer hack that is perpetrated by large, well-funded organizations such as governments. cyberwarfare.

purchase order

a written order by a buyer for merchandise or other property specified in the purchase requisition

3 benefits of erp. Essay Q

an ERP system provides benefits to the organization as a whole including converting its processes to the vendor's inherent, best-practice processes that are appropriate for that company's strategy. A second benefit is that real-time data sharing allows managers to see trends as they are occurring and to respond appropriately. A third benefit is that an effective ERP system can lead to better management as more managers have visibility to more data. Finally, another significant benefit of an ERP system is solving the information silo problem. In the information system department of an organization, developing, installing, maintaining, and overseeing the organization's mission-critical software applications best describes the functions of an enterprise system. Enterprise software is built around thousands of predefined business processes that reflect best practices. Telecommunications and Network Services in an organization installs and manages communications technologies and networks, including voice, cell phones, and wireless networks. Systems administration in an organization installs, manages, and updates servers. End-User Support and Help Desk in an organization installs and maintains desktop equipment.

merchant company

an e-commerce company that takes title to the goods it sells. The company buys goods and resells them.

business to consumer

applies to any business that sells its products or services to consumers

how to strengthen passwords

complexity, expiration/reset, entry points, training,

Enterprise Application Integration (EAI)

connects the plans, methods, and tools aimed at integrating separate enterprise systems

Firewall

controls the flow of traffic in and out of networks. In effect, firewalls act as the security guards for an organization's data, stopping to inspect everything going in and coming out to make sure it adheres to a standardized set of rules and regulations.

organizational data

data about the company such as the location of it warehouses, the mailing addresses of the buildings, and the names of it financial accounts.

an accounting problem that CBI had with the procurement process before SAP?

data validation in the Accounting database takes quite a few man hours to sort out, and can cause damage to customer relations.

MAster Data

date used in the org. that dont change with every transaction. includes suppliers names and addresses, and employee data.

Supplier Evaluation Process

determines the criteria for supplier selection and adds and removes suppliers from the list of approved suppliers.

Key escrow

is a safety procedure where a trusted party has a copy of the encryption key.

Supply Chain Management

is the design, planning, execution, and integration of all supply chain processes. SCM uses a collection of tools, techniques, and management activities to help businesses develop integrated supply chains that support organizational strategy

goods receipt document

makes sure goods received matches goods ordered.

Session Hijacking

occurs when a hacker steals an encryption key that client is using to access a secure site and reuses that key to impersonate the legitimate user.

Process integration

occurs when processes are mutually supportive (when one process is done well, the objectives of another process are also achieved).

Inherent processes are ________.

predesigned procedures for using software products

configuration

process of adapting ERP software to conform to custom requirements without changing program code.

Insider threats

refer to current or former employees, contractors, or business partners accidentally or maliciously misusing their trusted access to harm the organization's employees, customers, assets, reputation, or interests.

Enterprise Resource Planning (ERP)

refers to a suite of software, a database, and a set of processes for consolidating business operations into a single consistent information system. By consolidating data, a company can avoid the problem of having multiple versions of the same thing—for example, storing data about a customer in two silos and not knowing which customer data is correct.

The three critical organizational security fundamentals are: __

security policy, risk management, and defense in layers

Cryptography

the art of protecting information by transforming it into an unreadable format, called cipher text

supply chain

the connected chain of all of the business entities, both internal and external to the company, that perform or support the logistics function from obtaining raw materials and ending with finished product

Phishing

the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.

brute force attack

the password cracker tries every possible combination of characters

organizational culture

the set of values, ideas, attitudes, and norms of behavior that is learned and shared among the members of an organization

lead time

the time needed for suppliers to respond/deliver a customer order

Business analytics

the use of current business data to solve business problems using mathematical analysis

Biometric authentication

uses personal physical characteristics such as fingerprints, facial features, and retinal scans to authenticate users.

Posting is __________.

when the legal ownership of a material that has been sold is transferred from the seller to the buyer

customization

writing new code to supplement an erp system