MGSC300 Test 1
What is a data center?
A data center consists of a large number of network servers (Figure 2.13) used for the storage, processing, management, distribution, and archiving of data, systems, Web traffic, services, and enterprise applications. Data center also refers to the building or facility that houses the servers and equipment.
What is a WLAN?
A WLAN (Wireless Local Area Network) is a type of local area network that uses high-frequency radio waves to communicate between computers or devices such as printers, which are referred to as nodes on the network. A WLAN typically extends an existing wired LAN by attaching a wireless access point (AP) to a wired network.
What is a business model?
A business model is the means by which a company expects to, and does, make money
What is the function of data governance?
Data governance is the process of creating and agreeing to standards and requirements for the collection, identification, storage, and use of data. The success of every data-driven strategy or marketing effort depends on data governance. Data governance policies must address structured, semi-structured, and unstructured data (discussed in Section 2.3) to ensure that insights can be trusted. Data governance allows managers to determine where their data originates, who owns them, and who is responsible for what—in order to know they can trust the available data when needed. Data governance is an enterprise-wide project because data cross boundaries and are used by people throughout the enterprise.
Why are data in databases volatile?
Data in databases are volatile because they can be updated millions of times every second, especially if they are transaction processing systems (TPS)
What are the risks caused by data tampering?
Data tampering refers to an attack during which someone enters false or fraudulent data into a computer, or changes or deletes existing data. Data tampering is extremely serious because it may not be detected. This introduces dirty data with all of its inherent issues
What factors should be considered when selecting a mobile network?
1. Simple: Easy to deploy, manage and use. 2. Connected: Always makes the best connection possible. 3. Intelligent: Works behind the scenes, easily integrating with other systems. 4. Trusted: Enables secure and reliable communications
What are the mobile network standards?
1. WiMAX is based on the IEEE 802.16 standard and the metropolitan area network (MAN) access standard. IEEE 802.16 specifications are: • Range: 30 miles (50 km) from base station • Speed: 70 megabits per second (Mbps) • Line-of-sight not needed between user and base station WiMAX operates on the same basic principles as Wi-Fi in that it transmits data from one device to another via radio signals. 2. LTE (Long-Term Evolution) is a GSM-based technology that is deployed by Verizon, AT&T, and T-Mobile. LTE has download data rates of 100 Mbps and upload data rates of 50 Mbps. 8. 9. NFC enables two devices within close proximity to establish a communication channel and transfer data through radio waves. NFC is location-aware technologies that are more secure than other wireless technologies like Bluetooth and Wi-Fi. Unlike RFID, NFC is a two-way communication tool.
What is the difference between 3G and 4G?
4G delivers average download rates of 3Mbps or higher. In contrast, today's 3G networks typically deliver average download speeds about one-tenth of that rate. Even though individual networks, ranging from 2G to 3G, started separately with their own purposes, soon they will be converted to the 4G network. 4G is based purely on the packet-based Internet Protocol (IP) - unlike current 2G and 3G networks that have a circuit-switched subsystem.
What is a data silo?
A data silo is one of the data deficiencies that can be addressed. It refers to the situation where the databases belonging to different functional units (e.g., departments) in an organization are not shared between the units because of a lack of integration. Data silos support a single function and therefore do not support the cross-functional needs of an organization. The lack of sharing and exchange of data between functional units raises issues regarding reliability and currency of data, requiring extensive verification to be trusted. Data silos exist when there is no overall IT architecture to guide IS investments, data coordination, and communication
Describe a database and a database management system (DBMS).
A database is a collection of data sets or records stored in a systematic way. A database stores data generated by business apps, sensors, and transaction processing systems. Databases can provide access to all of the organization's data collected for a particular function or enterprise-wide, alleviating many of the problems associated with data file environments. Central storage of data in a database reduces data redundancy, data isolation, and data inconsistency and allows for data to be shared among users of the data. In addition, security and data integrity are easier to control, and applications are independent of the data they process. There are two basic types of databases: centralized and distributed. A database management system (DBMS) is software used to manage the additions, updates, and deletions of data as transactions occur; and support data queries and reporting. DBMSs integrate with data collection systems such as TPS and business applications; store the data in an organized way; and provide facilities for accessing and managing that data
What is a digital business model?
A digital business model defines how a business makes money digitally
What are the motives of hacktivists?
A hacktivist is someone who does hacking as a way to protest for a cause.
What is the difference between data centers and cloud computing?
A main difference between a cloud and data center is that a cloud is an off-premise form of computing that stores data on the Internet. In contrast, a data center refers to on-premises hardware and equipment that store data within an organization's local network. Cloud services are outsourced to a third-party cloud provider who manages the updates, security, and ongoing maintenance. Data centers are typically run by an in-house IT department A data center is owned by the company. Since only the company owns the infrastructure, a data center is more suitable for organizations that run many different types of applications and have complex workloads. A data center, like a factory, has limited capacity. Once it is built, the amount of storage and the workload the center can handle does not change without purchasing and installing more equipment. A data center is physically connected to a local network, which makes it easier to restrict access to apps and information by only authorized, company-approved people and equipment. However, the cloud is accessible by anyone with the proper credentials and Internet connection. This accessibility arrangement increases exposure to company data at many more entry and exit points. Cloud computing is the delivery of computing and storage resources as a service to end-users over a network. With cloud computing, shared resources (such as hard drives for storage) and software apps are provided to computers and other devices on-demand, like a public utility. That is, it's similar to electricity - a utility that companies have available to them on-demand and pay for it based on usage. Cloud systems are scalable. That is, they can be adjusted to meet changes in business needs. A drawback of the cloud is control because a third party manages it. Companies do not have as much control as they do with a data center.
Explain why APT attacks are difficult to detect.
APT is a stealth network attack in which an unauthorized person gains access to a network and remains undetected for a long time. Skilled hackers launch APT attacks to steal data continuously (e.g., daily) over months or year—rather than to cause damage that would reveal their presence. APTs require a new information-protection model that focuses on continuous monitoring of network activity and high-value information. Most U.S organizations lack these capabilities.
What is an SLA? Why are SLAs important?
An SLA is a negotiated agreement between a company and service provider that can be a legally binding contract or an informal contract. An SLA serves "as a means of formally documenting the service(s), performance expectations, responsibilities, and limits between cloud service providers and their users. A typical SLA describes levels of service using various attributes such as: availability, serviceability, performance, operations, billing, and penalties associated with violations of such attributes."
Explain authentication and two methods of authentication.
Authentication, also called user identification, is proving that the user is who he claims to be and is a part of access control. Answers may vary. Authentication methods include: Something only the user knows, such as a password Something only the user has, for example, a smart card or a token Something only the user is, such as a signature, voice, fingerprint, or retinal (eye) scan; implemented via biometric controls, which can be physical or behavioral
What are bandwidth and broadband?
Bandwidth is the communication capacity of a network. Bandwidth is the amount of data that passes through a network connection over time as measured in bits per second (bps). For an analogy to bandwidth, consider a pipe used to transport water. The larger the diameter of the pipe, the greater the throughput (volume) of water that flows through it and the faster water is transferred through it. Broadband is short for broad bandwidth and means high capacity.
When is batch processing used?
Batch processing is used when there are multiple transactions which can be accumulated and processed at one time. These transactions are not as time sensitive as those that need to be processed in real time. The transactions may be collected for a day, a shift, or over another period of time, and then they are processed. Batch processing often is used to process payroll in a weekly or bi-weekly manner. Batch processing is less costly than real-time processing.
What are the four components of EA?
Business Architecture (the processes the business uses to meet its goals) Application architecture (design of IS applications and their interactions) Data architecture (organization and access of enterprise data) Technical architecture (the hardware and software infrastructure that supports applications and their interactions)
Briefly described the basic network functions.
Business networks support basic functions including: communication, mobility, collaboration, relationships, and search. Communication: Provides sufficient capacity for human and machine generated transmissions, such as being able to talk, text, tweet, fax, send messages, etc. Mobility: Provides secure, trusted, and reliable access from any mobile device anywhere at satisfactory download (DL) and upload (UL) speeds. Collaboration: Supports teamwork activities that may be synchronous or asynchronous; brain storming; and knowledge and document sharing. Relationships: Manages interaction with customers, supply chain partners, shareholders, employees, regulatory agencies, etc. Search: Able to locate data, contracts, documents, spreadsheets, and other knowledge within an organization easily and efficiently.
What is the purpose of business process management (BPM)?
Business process management (BPM) consists of methods, tools, and technology to support and continuously improve business processes. The purpose of BPM is to help enterprises become more agile and effective by enabling them to better understand, manage, and adapt their business processes.
What is a business process? Give three examples.
Business processes are series of steps by which organizations coordinate and organize tasks to get work done. In the simplest terms, a process consists of activities that convert inputs into outputs by doing work. • Accounting: Invoicing; reconciling accounts; auditing • Finance resources (HR): Recruiting and hiring; assessing compliance with regulations; evaluating job performance • IT or information systems: Generating and distributing reports and data visualizations; data analytics; data archiving • Marketing: Sales; product promotion; design and implementation of sales campaigns; qualifying a lead • Production and operations: Shipping; receiving; quality control; inventory management • Cross-functional business processes: Involve two or more functions, for example, order fulfillment and product development
Describe cloud computing.
Cloud computing is the general term for infrastructures that use the Internet and private networks to access, share, and deliver computing resources
How can cloud computing solve the problems of managing software licenses?
Cloud computing makes it more affordable for companies to use services that in the past would have been packaged as software and required buying, installing and maintaining on any number of individual machines. A major type of service available via the cloud is called software as a service, or SaaS. Because applications are hosted by vendors and provided on demand, rather than via physical installations or seat licenses (a key characteristic of cloud computing), applications are accessed online through a Web browser instead of stored on a computer. Companies pay only for the computing resources or services they use. Vendors handle the upgrades and companies do not purchase or manage software licenses. They simply pay for the number of concurrent users.
Define competitive advantage.
Competitive advantage is the edge that enables a company to outperform its average competitor. Competitive advantage can be sustained only by continually pursuing new ways to compete. IT can be an enabler of competitive advantage. Competitive advantage is the difference between a company and its competitors on matters pertinent to customers—such as quality of service/product, and value for money.
What is consumerization of information technology (COIT)?
Consumerization of information technology (COIT) is a trend where users are obtaining for personal use an increasing amount of information technology (e.g., personal mobile devices, such as smartphones and tablets, and powerful home PCs and laptops) which often is mobile, unsecured, and in some cases, better than that provided by their employer
What is a standard operating procedure (SOP)?
Credit card or loan approval; estimating credit risk and financing terms • HumanA standard operating procedure (SOP) is a well-defined and documented way of doing something. An effective SOP documents who will perform the tasks; what materials to use; and where, how, and when the tasks are to be performed.
What are the two categories of crime?
Crime can be divided into two categories depending on the tactics used to carry out the crime: violent and nonviolent
Explain how identity theft can occur.
Criminals have always obtained information about other people—by stealing wallets or dumpster digging. But widespread electronic sharing and databases have made the crime worse. A variety of cybercrime, including the use of botnets, have been used to steal identities
What is a critical infrastructure? List three types of critical infrastructures.
Critical infrastructure is defined as "systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters. Some examples are commercial facilities; defense industrial base; transportation systems; national monuments and icons; banking and finance; and agriculture and food
Contrast data, information, and knowledge.
Data, or raw data, refers to a basic description of products, customers, events, activities, and transactions that are recorded, classified, and stored. Data are the raw material from which information is produced and the quality, reliability and integrity of the data must be maintained for the information to be useful information is data that has been processed, organized, or put into context so that it has meaning and value to the person receiving it. Knowledge consists of data and/or information that have been processed, organized, and put into context to be meaningful, and to convey understanding, experience, accumulated learning, and expertise as they apply to a current problem or activity.
What are the differences between databases and data warehouses?
Databases are: Designed and optimized to ensure that every transaction gets recorded and stored immediately. Volatile because data are constantly being updated, added, or edited. OLTP systems. Medium and large enterprises typically have many databases of various types. Data warehouses are: Designed and optimized for analysis and quick response to queries. Nonvolatile. This stability is important to being able to analyze the data and make comparisons. When data are stored, they might never be changed or deleted in order to do trend analysis or make comparisons with newer data. OLAP systems. Subject-oriented, which means that the data captured are organized to have similar data linked together. Data warehouses integrate data collected over long time periods from various source systems, including multiple databases and data silos.
Why are cybercriminals so successful?
Defending yesterday. Relying on yesterday's cybersecurity practices is ineffective at combating today's threats. Bigger attack surface. The attack surface—consisting of business partners, suppliers, customers, and others—has expanded due to larger volumes of data flowing through multiple channels. Implementing before securing. Popular technologies like cloud computing, mobile, and BYOD (bring your own device) are implemented before they are secured. Not ready for next-generation cyberthreats. Few organizations are prepared to manage future threats. According to Gary Loveland, a principal in PwC's security practice, "What's needed is a new model of information security, one that is driven by knowledge of threats, assets, and the motives and targets of potential adversaries" (PWC, 2014). Unsafe cloud. While 47 percent of respondents use cloud computing, only 18 percent include provisions for cloud in their security policy. Unprepared for advanced persistent threats (APT). APTs require a new information-protection model that focuses on continuous monitoring of network activity and high-value information. Most U.S organizations lack these capabilities. Social engineering. Powerful IT security systems cannot defend against what appears to be authorized access. Robust data security is not the responsibility of IT alone, but the ongoing duty of everyone in an organization.
What is the relationship between data quality and the value of analytics?
Dirty data degrade the value of analytics. The "cleanliness" of data is very important to data mining and analysis projects
What are the business benefits of EA?
EA cuts IT costs and increases productivity by giving decision makers access to information, insights, and ideas where and when they need them. EA determines an organization's competitiveness, flexibility, and IT economics for the next decade and beyond. That is, it provides a long-term view of a company's processes, systems, and technologies so that IT investments do not simply fulfill immediate needs. EA helps align IT capabilities with business strategy—to grow, innovate, and respond to market demands, supported by an IT practice that is 100 percent in accord with business objectives.
How can EA maintain alignment between IT and business strategy?
EA starts with the organization's target-where it is going—not with where it is. Once an organization identifies the strategic direction in which it is heading and the business drivers to which it is responding, this shared vision of the future will dictate changes in business, technical, information, and solutions architectures of the enterprise, assign priorities to those changes, and keep those changes grounded in business value. EA guides and controls software add-ons and upgrades, hardware, systems, networks, cloud services, and other digital technology investments which are aligned with the business strategy
Explain why data on laptops and computers need to be encrypted.
Encryption is a part of a defense-in-depth approach to information security. The basic principle is that when one defense layer fails, another layer provides protection. For example, if a wireless network's security was compromised, then having encrypted data would still protect the data, provided that the thieves could not decrypt it
Explain enterprise architecture.
Enterprise architecture (EA) is the way IT systems and processes are structured. EA is an ongoing process of creating, maintaining, and leveraging IT. It helps to solve two critical challenges: where an organization is going and how it will get there. EA helps, or impedes, day-to-day operations and efforts to execute business strategy. There are two problems that the EA is designed to address: IT systems' complexity. IT systems have become unmanageably complex and expensive to maintain. Poor business alignment. Organizations find it difficult to keep their increasingly expensive IT systems aligned with business needs. EA is the roadmap that is used for controlling the direction of IT investments and it is a significant item in long-range planning. It is the blueprint that guides the build out of overall IT capabilities consisting of four sub-architectures (see question 3). EA defines the vision, standards, and plan that guide the priorities, operations, and management of the IT systems supporting the business.
What are the benefits of APIs?
For programmers: The benefits of APIs are that they simplify the programmer's job and ensure that all programs using the same API use that resource in the same manner. APIs are the common method for accessing information, websites, and databases. Business benefits of APIs include: APIs are channels to new customers and markets: APIs enable partners to use business assets to extend the reach of a company's products or services to customers and markets they might not reach easily. APIs promote innovation: Through an API, people who are committed to a challenge or problem can solve it themselves. APIs are a better way to organize IT: APIs promote innovation by allowing everyone in a company to use each other's assets without delay. APIs create a path to lots of Apps: Apps are going to be a crucial channel in the next 10 years. Apps are powered by APIs. Developers use APIs and combinations of APIs to create new user experiences.
Explain the differences between formal and informal processes
Formal processes are documented and have well-established steps. Order taking and credit approval processes are examples. Informal processes are typically undocumented, have inputs that may not yet been identified, and are knowledge-intensive.
Explain fraud and occupational fraud.
Fraud is nonviolent crime because fraudsters use deception, confidence, and trickery. Fraudsters carry out their crime by abusing the power of their position or by taking advantage of the trust, ignorance, or laziness of others. Occupational fraud refers to the deliberate misuse of the assets of one's employer for personal gain
What three factors are driving collaboration and information sharing?
Global, mobile workforce (a growing number of employees telecommute) Mobility-driven consumerization (cloud-based collaboration solutions are on the rise) Principle of any (there is growing need to connect anybody anytime anywhere and on any device)
Why does BYOD raise serious and legitimate areas of concern?
Hackers break into employees' mobile devices and leapfrog into employers' networks—stealing secrets without a trace. New vulnerabilities are created when personal and business data and communications are mixed together. All cybersecurity controls—authentication, access control, data confidentiality, and intrusion detection—implemented on corporate-owned resources can be rendered useless by an employee-owned device. Also, the corporation's mobile infrastructure may not be able to support the increase in mobile network traffic and data processing, causing unacceptable delays or requiring additional investments.
What is the number one cause of data loss or breaches?
Hacking is the number one cause of data loss
Why are human expertise and judgment important to data analytics?
Human expertise and judgment are needed to interpret the output of analytics. Data are worthless if you cannot analyze, interpret, understand, and apply the results in context. human expertise + data analytics + high-quality of data = trends or relationships / context to understand what the #s represent and how to interpret them / what action to take
Explain IT consumerization.
IT consumerization is the migration of consumer technology into enterprise IT environments. This shift has occurred because personally owned IT is as capable and cost-effective as its enterprise equivalents.
What are the business benefits of information management?
Improves decision quality (due to timely response using reliable data) Improves the accuracy and reliability of management predictions ("what is going to happen" as opposed to financial reporting on "what has happened.") Reduces the risk of noncompliance (due to improved compliance with regulation resulting from better information quality and governance) Reduces the time and cost of locating relevant information (due to savings in time and effort through integration and optimization of repositories)
What are two red flags of internal fraud?
Internal fraud may be indicated by anomalous patterns, such as excessive hours worked, deviations in patterns of behavior, copying huge amounts of data, attempts to override controls, unusual transactions, and inadequate documentation about a transaction
Explain the Net neutrality debate.
In January 2014 an appeals court struck down the FCC's 2010 decision (providing a Net "semi-neutrality".) The court allowed ISPs to create a two-tiered Internet but to avoid anticompetitive practices, and banned "unreasonable" discrimination against providers. However, the rules do not explicitly forbid "paid prioritization," which would allow a company to pay an ISP for faster data transmission. Those in favor of Net neutrality. They want a one-tier system in which all Internet data packets are treated the same, regardless of their content, destination, or source. In contrast, those who favor the two-tiered system argue that there have always been different levels of Internet service and that a two-tiered system would enable more freedom of choice and promote Internet-based commerce.
What is the difference between an intranet and an extranet?
Intranets are used within a company for data access, sharing, and collaboration. An extranet is a private, company-owned network that can be accessed remotely via the Internet. It connects two or more companies, suppliers, vendors, partners, or customers, so they can securely share information.
Explain information management
Information management is the use of IT tools and methods to collect, process, consolidate, store, and secure data from sources that are often fragmented and inconsistent. A modern organization needs to manage a variety of information which goes beyond the structured types like numbers and texts to include semi-structured and unstructured contents such as video and sound. The digital library includes content from social media, texts, photos, videos, music, documents, address books, events, and downloads. Maintaining—updating, expanding, porting—an organization's digital library's contents on a variety of platforms is the task of Information Management. Specifically, Information Management deals with how information is organized, stored, and secured, and the speed and ease with which it is captured, analyzed and reported.
What are two applications of NFC?
Location-aware NFC technology, such as smartphones, can be used to make purchases in restaurants, resorts, hotels, theme parks and theaters, at gas stations, and on buses and trains. They also can provide consumers with content to complement their current activity, such as recipe or idea videos when shopping at a supermarket having proper NFC tag-equipped units.
What is machine-to-machine (M2M) technology? Give an example of a business process that could be automated with M2M.
Machine-to-machine (M2M) technology enables sensor-embedded products to share reliable real-time data via radio signals. M2M is also referred to as the Internet of Things (IoT) and is widely used to automate business processes in industries ranging from transportation to health care. By adding sensors to trucks, turbines, roadways, utility meters, heart monitors, vending machines, and other equipment they sell, companies can track and manage their products remotely
What are the objectives of cybersecurity?
Make data and documents available and accessible 24/7 while simultaneously restricting access. Implement and enforce procedures and acceptable use policies (AUPs) for data, networks, hardware, and software that are company- or employee-owned, as discussed in the opening case. Promote secure and legal sharing of information among authorized persons and partners. Ensure compliance with government regulations and laws. Prevent attacks by having network intrusion defenses in place. Detect, diagnose, and respond to incidents and attacks in real time. Maintain internal controls to prevent unauthorized alteration of data and records. Recover from business disasters and disruptions quickly.
What are the benefits of cloud computing?
Many IT infrastructures are extremely expensive to manage and too complex to easily adapt. Because cloud computing resources are scalable "on demand", this increases IT agility and responsiveness. In a business world where first movers gain the advantage, IT responsiveness and agility provide a competitive edge. Access to data in the cloud is possible via any device that can access the Internet, allowing users to be more responsive and productive. Cloud services are outsourced to a third-party cloud provider who manages the updates, security, and ongoing maintenance, including backups and disaster recovery, relieving this burden from the business. The business saves the costs of increased staff, power consumption, and disposal of discontinued hardware. Additionally, cloud services significantly reduce IT costs and complexity through improved workload optimization and service delivery.
Define bandwidth and broadband.
Mobile broadband: Describes various types of wireless high-speed Internet access through a portable modem, telephone or other device. Various network standards may be used, such as GPRS, 4G, 3G, WiMAX, LTE UMTS/HSPA, EV-DO, and some portable satellite-based systems. The textbook discusses 4G standards, so students' answers will probably be focused along this line. In general, users can get 4G wireless connectivity through one of two standards: WiMAX or LTE (Long-Term Evolution).
What factors are contributing to mobility?
New wireless technologies such as WiMAX-Wireless Broadband and standards such as 8.11n High-speed wireless networks such as 4G Multitasking mobile devices More robust mobile OSs and their applications Increased competitive pressure as others start adopting mobile technology for strategic applications
Explain what an online transaction-processing (OLTP) system does.
OLTP is a database design that breaks down complex information into simple data tables in order to be efficient for capturing transactional data, including additions, updates, or deletions. OLTP databases are capable of processing millions of transactions every second.
What is the difference between business deliverables and objectives?
Objectives define the desired benefits or expected performance improvements. They do not and should not describe what you plan to do, how you plan to do it, or what you plan to produce, which is the function of processes. This last item, what you plan to produce, are deliverables
When are real-time processing capabilities needed?
Online transaction processing (OLTP), or real-time processing, is used when a system must be updated as each transaction occurs. The input device or website for entering transactions must be directly linked to the transaction processing system (TPS). This type of entry is used for more time sensitive data, such as reservation systems in which the user must know how many seats or rooms are available.
Why is strategic planning of mobile networks important?
Organizations are recognizing the strategic value of mobile technology. So, organizations are moving away from ad hoc adoption of mobile devices and network infrastructure to a more strategic planning build-out of their mobile capabilities. As technologies that make up the mobile infrastructure evolve, identifying strategic technologies and avoiding wasted investments require more extensive planning and forecasting
Why do organizations still have information deficiency problems?
Over many decades, changes in technology and the information companies require, along with different management teams, changing priorities, and increases or decreases in IT investments as they compete with other demands on an organization's budget, have all contributed. Other common reasons include: data silos (information trapped in departments' databases), data lost or bypassed during transit, poorly designed user interfaces requiring extra effort from users, non-standardized data formats, and fast-moving changes in the type of information desired, particularly unstructured content, requiring expensive investments
How are phishing attacks done?
Phishing is a deceptive method of stealing confidential information by pretending to be a legitimate organization, such as PayPal, a bank, credit card company, or other trusted source. Phishing messages include a link to a fraudulent phish website that looks like the real one. When the user clicks the link to the phish site, he or she is asked for a credit card number, social security number, account number, or password. Successful attacks depend on untrained or unaware users responding to phishing scams.
What are the business costs or risks of poor data quality?
Poor quality data cannot be trusted and may result in the inability to make intelligent business decisions. Poor data may lead to lost business opportunities, increased time, and effort trying to prevent errors, increased time, and effort trying to correct errors, misallocation of resources, flawed strategies, incorrect orders, and customers becoming frustrated and driven away. The cost of poor quality data spreads throughout the company affecting systems from shipping and receiving to accounting and customer services. Errors can be difficult, time-consuming, and expensive to correct, and the impacts of errors can be unpredictable or serious.
Why is social engineering a technique used by hackers to gain access to a network?
Social engineering, also known as human hacking, is tricking users into revealing their credentials and then using those credentials to gain access to networks or accounts. It is a hacker's clever use of deception or manipulation of people's tendency to trust, be helpful, or simply follow their curiosity. Powerful IT security systems cannot defend against what appears to be authorized access. Humans are easily hacked, making them and their social media posts high-risk attack vectors. For instance, it is often easy to get users to infect their corporate network or mobiles by tricking them into downloading and installing malicious apps or backdoors
How do social networks and cloud computing increase vulnerability?
Social networks and cloud computing increase vulnerabilities by providing a single point of failure and attack for organized criminal networks. Critical, sensitive, and private information is at risk, and like previous IT trends, such as wireless networks, the goal is connectivity, often with little concern for security
Explain spear phishing
Spear phishers often target select groups of people with something in common—they work at the same company, bank at the same financial institution, or attend the same university. The scam e-mails appear to be sent from organizations or people the potential victims normally receive e-mails from, making them even more deceptive. Spear phish creators gather information about people's companies and jobs from social media or steal it from computers and mobile devices, and then use that same information to customize messages that trick users into opening an infected e-mail. They then send e-mails that look like the real thing to targeted victims, offering all sorts of urgent and legitimate-sounding explanations as to why they need your personal data. Finally, the victims are asked to click on a link inside the e-mail that takes them to a phony but realistic-looking website, where they are asked to provide passwords, account numbers, user IDs, access codes, PINs, and so on.
Describe strategic planning
Strategic planning is a series of processes in which an organization selects and arranges its businesses or services to keep the organization healthy or able to function even when unexpected events disrupt one or more of its businesses, markets, products, or services. Strategic planning involves environmental scanning and prediction, or SWOT analysis, for each business relative to competitors in that business' market or product line.
What federal law requires effective internal controls?
The Sarbanes-Oxley Act (SOX) requires companies to set up comprehensive internal controls
Why do the SEC and FTC impose huge fines for data breaches?
The SEC and FTC impose huge fines for data breaches to deter companies from underinvesting in data protection
Describe the relationships in the SoMoClo model
The SoMoClo model refers to social, mobile, and cloud technologies and their relationships, creating the technical infrastructure for digital business. At the core is the cloud, providing 24/7 access to storage, apps, and services. Handhelds and wearables, such as Google Glass, Pebble, and Sony Smartwatch (Figure 1.8), and their users form the edge. Social channels connect the core and edge
Explain the cloud.
The cloud consists of huge data centers accessible via the Internet which provides 24/7 access to storage, apps, and services
Why are internal controls needed?
The internal control environment is the work atmosphere that a company sets for its employees. Internal control (IC) is a process designed to achieve: Reliability of financial reporting, to protect investors Operational efficiency Compliance with laws Regulations and policies Safeguarding of assets
What causes or contributes to data breaches?
The main cause of a data breach is hacking, but the reason hacking is so successful is negligence—management not doing enough to defend against cyber-threats. Even high-tech companies and market leaders appear to be detached from the value of the confidential data they store and the threat that highly motivated hackers will try to steal them
What defenses help prevent internal fraud?
The single-most effective fraud prevention tactic is making employees know that fraud will be detected by IT monitoring systems and punished, with the fraudster possibly turned over to the police or FBI. The fear of being caught and prosecuted is a strong deterrent. IT must play a visible and major role in detecting fraud
Why have mobile devices given consumers more power in the marketplace?
The social influences of a connected society impact advertising and marketing. Positive, or negative, influences on social media can impact consumer buying. Being mobile, consumers can check endorsements and prices on the spot when contemplating a purchase. Customer loyalty, and therefore revenue, increasingly is dependent upon a business exploiting mobile technology, such as location-aware services, apps, alerts, and social networks
List and give examples of the three components of a business process.
The three components of a business process are inputs, activities, and deliverables. Inputs are those items needed to produce the deliverables. These may be raw materials, data, knowledge, or expertise. Activities are the work that transforms inputs and acts upon data and knowledge in order to produce deliverables. Deliverables are the products, services, plans, or actions which result from business processes.
What are two BYOD security risks?
The user-owned device may become infected due to personal use, at home or mobile. If an employee's device is lost, the company can suffer a data breach if the device is not encrypted
Why are patches and service packs needed?
They are needed to keep software up to date and protected as fully as possible. When new vulnerabilities are found in operating systems, applications, or wired and wireless networks, patches are released by the vendor or security organization. Patches, sometimes called service packs, are software programs that users download and install to fix a vulnerability
What are threats, vulnerabilities, and risk?
Threat: Someone or something that can cause loss, damage, or destruction. Vulnerability: Weakness or flaw in a system that allows an attack to be successful. Risk: Probability of a threat exploiting a vulnerability and the resulting cost of the loss, damage, disruption, or destruction. Risk = f (Threat, Vulnerability, Cost of the impact)
Describe the data life cycle.
Three general data principles relate to the data life cycle perspective and help to guide IT investment decisions. Principle of diminishing data value. Viewing data in terms of a life cycle focuses attention on how the value of data diminishes as the data age. The more recent the data, the more valuable they are. This is a simple, yet powerful, principle. Most organizations cannot operate at peak performance with blind spots (lack of data availability) of 30 days or longer. Principle of 90/90 data use. Being able to act on real-time or near real-time operational data can have significant advantages. According to the 90/90 data-use principle, a majority of stored data, as high as 90 percent, is seldom accessed after 90 days (except for auditing purposes). Put another way, roughly 90 percent of data lose most of their value after three months. Principle of data in context. The capability to capture, process, format, and distribute data in near real-time or faster requires a huge investment in data management architecture and infrastructure to link remote POS systems to data storage, data analysis systems, and reporting applications. The investment can be justified on the principle that data must be integrated, processed, analyzed, and formatted into "actionable information." End users need to see data in a meaningful format and context if the data are to guide their decisions and plans.
Define TPS and give an example.
Transaction processing systems are designed to process specific types of data input from ongoing transactions. TPSs can be manual, as when data are typed into a form on a screen, or automated by using scanners or sensors to capture data. Organizational data are processed by a TPS--sales orders, payroll, accounting, financial, marketing, purchasing, inventory control, etc. Transactions are either: Internal transactions: Transactions that originate from within the organization or that occur within the organization. Examples are payroll, purchases, budget transfers, and payments (in accounting terms, they're referred to as accounts payable). External transactions: Transactions that originate from outside the organization, e.g., from customers, suppliers, regulators, distributors, and financing institutions. TPSs are essential systems. Transactions that do not get captured can result in lost sales, dissatisfied customers, and many other types of data errors having financial impact. For example, if accounting issues a check as payment for an invoice (bill) and that check is cashed, if that transaction is not captured, the amount of cash on the financial statements is overstated, the invoice continues to show as unpaid, and the invoice may be paid a second time. Or if services are provided, but not recorded, the company loses that service revenue
When are private clouds used instead of public clouds?
Ultimately, it all boils down to control. A large company may choose a private cloud, while a smaller business might choose a public cloud.
How does a virtual private network (VPN) provide security?
Virtual private networks (VPNs) encrypt the data packets before they are transferred over the network and decrypt at the receiving end
List and define three types of malware.
Viruses, worms, trojans, rootkits, backdoors, botnets, and keyloggers are types of malware. Most viruses, trojans, and worms are activated when an attachment is opened or a link is clicked. Remote access trojans, or RATS, create an unprotected backdoor into a system through which a hacker can remotely control that system.
How does Wi-Fi work?
Wi-Fi is a technology that allows computers to share a network or internet connection wirelessly without the need to connect to a commercial network. Wi-Fi networks beam packets over short distances using part of the radio spectrum, or they can extend over larger areas, such as municipal Wi-Fi networks. Municipal networks are not common because of huge costs. Wi-Fi is the standard way computers connect to wireless networks. Nearly all computers have built-in Wi-Fi chips that allow users to find and connect to wireless routers. The router must be connected to the Internet in order to provide Internet access to connected devices.
Why is WiMAX important?
Wireless broadband WiMAX transmits voice, data, and video over high-frequency radio signals to businesses, homes, and mobile devices. It was designed to bypass traditional telephone lines and is an alternative to cable and DSL
What are the benefits of cloud computing?
With cloud computing, IT services are delivered via the Internet on-demand. Some benefits are faster application deployment, no need for upfront hardware costs, a flexible capacity for changing computing requirements, and the ability to add, or reduce, server space on-demand
