MIS Exam 3 Concept Quizlet
What are the 4 parts of the "Fair Use" exceptions to the Copyright Law.
"Fair Use" Exceptions to U.S. Copyright Law 1. If use is for noncommercial purposes. 2. If work is factual, rather than creative. 3. If you use only a tiny, insubstantial amount of the material. 4. If your use does not affect the potential market for or value of the protected work. That is, your use is not a reasonable substitute for the original work.
When we talk about "personal information", what are examples of that?
"Personal Information" includes: Personal Subjects • Health conditions, finances, lifestyle, purchases, sex, religion, politics • GDPR: "any information that can be used to identify a particular person" Personal Questions • Where you live, what you do, who you do it with, when you do it, what you say, where you are now • Same for your children, friends, partners and other people you care about
Know what these SQL functions mean/do: MONTH(datefield), YEAR(datefield), CONCAT
- "month(aDateField)" will extract the month and return it as an integer. - "Year(aDateField)" extracts the year as an integer, and "Day(aDateField)" extracts the day of the month as an integer. - CONCAT(x,y,[z]...) --returns the strings concatenated together. It works just like the concatenation operator above. -- Example: Concat(Lastname, ', ',firstname) == Jones, Bill
Know the parts of the "Prevention Checklist" in the class slides. Know what each means, and how each protects your computer Network Layer:
- Firewall: Computer or a router that controls access in and out of the organization's networks - Virtual Private Network (VPN): A VPN is an application that sits between your other applications and the network - Deny hacks (phishing / fraud): Check what is legitimate
Know what "encryption" is. You don't need to know how to encrypt, just what it is
- In cryptography, encryption is the process of encoding information. This process converts the original representation of the information, known as plaintext, into an alternative form known as ciphertext. Ideally, only authorized parties can decipher a ciphertext back to plaintext and access the original information - convert (information or data) into a cipher or code, especially to prevent unauthorized access. Cipher - scrambles letters Decipher - unscrambles letters on the other side Key - both parties have key to unlock code
Know the parts of the "Prevention Checklist" in the class slides. Know what each means, and how each protects your computer. Application Layer:
- Password Vault (manager): Applications you install on your device to store and organize passwords - AntiVirus Software: keeps a database of these "bad apps" and checks them against known apps. - AntiSpyware Software: Spyware is like a form of malware, only it doesn't destroy your data, it collects it and sends it to a hacker or sleazy company. - Browser Filters: Plug-ins / Add-ins to your browser that protects you from a variety of problems when you browse the web - Download Practices: These are habits and practices, where you use your brain instead of software, because software can only protect you so much!
Know what these SQL operators mean/do: SELECT, FROM, WHERE, JOIN
- The Select clause lists the columns that should show in the result of the query. They can be in whatever order you want. - The From clause lists the table or tables in which the data resides. So far, all our queries access only one table to get their result, but later we will see how we can access multiple tables to answer a query. - The Where clause contains the selection conditions the query uses to decide which data to include in the query result. Specifically, the query looks at the table in the From clause and then applies the selection condition from the Where clause to each row in the table. If a row satisfies the condition in the Where clause, then the row is selected for the result. If not, the row is simply omitted from the result. - Join condition: logical condition that matches a column in one table with a column in another table
In what 3 ways do systems development projects often fail? schedule, budget, functionality.
- schedule: didn't meet the deadline - budget: costs more than expected - functionality: product doesn't do the correct function
How do data brokers get your personal information?
-can get information from companies -companies track your visits on different websites -they buy and sell from each other -follow you around from site to site -companies watch you when you're browsing and filling out your information on certain websites
Know what these common security threats are. Malware, Virus, Phishing, Social Engineering, Ransomware, Sniffer, and Trojan Horse. Don't be afraid to search online for descriptions and examples of each
1. Malware (e.g., viruses, worms, botnets, trojans, polyglot) - Malware is a contraction for "malicious software." - Virus: piece of software that acts like a virus, tries to find a host ot jump to, infects it, then uses as launching pad to infect others / a hacker creates a virus and attaches it to a program, document, or website... thinking the file is legitimate, the user downloads it and infects other files and programs on the computer. Quickly the virus spreads in email attachments and shared files to co-workers and friends. - Virus: Software written with evil intent to annoy or cause real damage. - Trojans: acts like something good but actually has a virus embedded (put soldiers inside wooden horse to kill people) 2. Social engineering (phishing, vishing, offline deception) Social engineering is a manipulation technique that exploits human error to gain private information, access, or valuables - Phishing: (YOU WON $1,000,000!) 3. Ransomware - Ransomware is a type of malicious software (malware) that threatens to publish or blocks access to data or a computer system, usually by encrypting it, until the victim pays a ransom fee to the attacker. 4. Identify Theft - Identity theft is a crime that involves using another person's personal information to take malicious actions, such as conducting fraud 5. Malicious insiders / weak credentials - An insider threat is a security risk that originates from within the targeted organization. Types of insider threats include: Malicious insider— someone who maliciously and intentionally abuses legitimate credentials, typically to steal information for financial or personal incentives (people in companies that steal things from a company) 6. Malvertising (e.g, fake ads on Facebook) - Malvertising is a malicious cyber tactic that attempts to distribute malware through online advertisements. ... A relatively new cyber threat, malvertising takes advantage of these pathways and uses them as a dangerous tool that requires little input from its victims 7. Spyware Spyware is a type of malicious software - or malware -- that is installed on a computing device without the end user's knowledge. Spyware is one of the most common threats to internet users. Once installed, it monitors internet activity, tracks login credentials and spies on sensitive information 8. Sniffer: a kind of malware that records your keystrokes as you type them, and then sends that info to an evil doer
Know the second 5 guiding principles of information ethics (ie, #6 - #10 as presented on the slide entitled "Guiding Principles of Info Ethics") Guiding Principles of I.S. Ethics
6. Principle of honesty: do not deceive others. 7. Principle of lawfulness: do not violate the law. 8. Principle of autonomy: acknowledge a person's freedom over his/her actions or physical body. 9. Principle of justice: acknowledge a person's right to due process, fair compensation for harm done, and fair distribution of benefits. 10. Rights: acknowledge a person's rights to life, information, privacy, free expression, and safety.
What does copyright law protect? Specifically, the 5 rights.
A copyright owner has six rights in their copyrighted work: 1. Reproduction Right - Only the copyright owner may make reproductions or copies of the work. 2. Modification Right - Only the copyright owner may modify the work to create a new work 3. Distribution Right - Only the copyright owner may make a work available to the public by sale, rental, lease, or lending 4. Public Performance Right - Only the copyright owner may perform a copyrighted work 5. Public Display Right - Only the copyright owner may display a copyrighted work 6. Digital Transmission Right - Only the copyright owner may transmit sound recordings by means of digital audio transmission
What is the difference between values, morals, ethics, and laws? Be able to look at some statements and choose whether it is a value, moral, ethic, or law as we discussed in class (not in general). Ethics:
A field of study that examines the moral basis of human behavior and attempts to determine the best course of action in the face of conflicting choices. • It is the study of what it means to "do the right thing". • Being "ethical" means you are "making the right choices". • What is "right" depends on your underlying values & morals. • Ethical (or nonethical) behavior is NOT determined by human made laws but by underlying values of what it means to be a living being, in society.
What are the two main factors in securing data assets? Know what each means and what examples of each could be. Authentication:
A method for confirming identities. "Are you who you say you are?" • The most secure type of authentication involves: 1. Something the user knows (what was your first pet's name?) 2. Something the user has (password, registered phone, IP address) 3. Something that is part of the user (fingerprint, retinal scan, biometrics) Eventually DNA
Know what these terms represent and how you or a business would use them: VPN, password manager, anti-virus app, authentication vs. authorization Authentication vs. authorization:
Authentication: A method for confirming identities. "Are you who you say you are?" • The most secure type of authentication involves: 1. Something the user knows (what was your first pet's name?) 2. Something the user has (password, registered phone, IP address) 3. Something that is part of the user (fingerprint, retinal scan, biometrics) Eventually DNA Authorization: The process of giving someone permission to do or have something. "What are you allowed to do here?"
What is the difference between values, morals, ethics, and laws? Be able to look at some statements and choose whether it is a value, moral, ethic, or law as we discussed in class (not in general). Values:
Beliefs of what is important and worthwhile. • Each individual has their own values based on family, peers, culture, social class, religion, gender, etc. • Example: "men and women should have the same professional opportunities"
In looking at the I.S. Lifecyle slide (Class 14a deck), why do the Benefits and Costs curves converge over time?
Benefits and Costs curves converge over time because of entropy (SYSTEMS TEND TO FALL APART OVER TIME) costs go up and benefits go down at the end •All systems fall apart over time if they don't adapt
What is the difference between values, morals, ethics, and laws? Be able to look at some statements and choose whether it is a value, moral, ethic, or law as we discussed in class (not in general). Morals:
Codes of conduct governing behavior based on values. They can be held at an individual, group or society level. - behavior that matches the value • Example: "treat others as you would like to be treated"
What is the difference between "on premises" computing and "cloud" computing? Cloud computing:
DESIGN PHASE OF SDLC • Hardware and software resides on a partner's property, and all transactions and processes occur between the company's front end devices and the partner's cloud services. • Ex: Biff's Boards owns laptops, desktops, and devices but uses the Internet to connect to "their" servers which are housed at their partners' facilities. • Cloud Services Vendors: Amazon Web Services (AWS), Oracle, Salesforce, Google, many more
What is the difference between "on premises" computing and "cloud" computing? On premises computing:
DESIGN PHASE OF SDLC • Hardware and software resides on company property, the company owns it, and the company must manage (installation, production, upgrades, retirement) • Ex: Biff's Boards owns all network servers, web servers, data servers, laptops, desktops, printers, devices, etc. and manages them all to run their enterprise systems.
What are the 3 ways companies acquire information systems? (ie, Build/Make, Buy, Subscribe). What is the main advantage of each? rent/subscribe (cloud)
DESIGN PHASE OF SDLC • Similar advantages and disadvantages of COTS systems • Advantage: Company can "pay as they grow" rather than capital investment in equipment and staff • Disadvantage: Company might lose some flexibility in customizing their processes
What are the 3 ways companies acquire information systems? (ie, Build/Make, Buy, Subscribe). What is the main advantage of each? build—custom
DESIGN PHASE OF SDLC • Systems that you build on your own • Advantages and Disadvantages are flip side of COTS • Ex: Biff's Boards conceives, designs, and builds a Virtual Reality app to help customers envision how they'd look on their board.
What are the 3 ways companies acquire information systems? (ie, Build/Make, Buy, Subscribe). What is the main advantage of each? buy—COTS (commercial off the shelf)
DESIGN PHASE OF SDLC • Systems that you buy from vendors and install, either on premise or on cloud. • Advantages: already exists so faster to get in production, cost is clearer, vendor handles bugs • Disadvantages: might not be exactly what you need, no strategic advantage • Ex: Biff's Boards buys an enterprise accounting system from Oracle and installs it on their "on premise" technology
What is a Systems Development Life Cycle (SDLC) and why do companies use it to build systems?
Development phases: 1. Planning Phase 2. Requirements Phase 3. Design Phase 4. Development Phase 5. Implementation Phase Production phases: 6. Maintenance Phase What Problem Do We Want To Solve? • Only about 33% of I.S. projects are reported as a "success" Root Causes of IS Development Failure 1. only been developing complex software for around 50 years 2. in distributed "cloud" environments about 25 years 3. managers of development projects often know too little about IS development methods 4. IS specialists often have too little training in formal software engineering methods 5. software is a logical, not a physical, product 6. culturally, programmers often resist what they see as arbitrary restrictions on their creativity and expertise 7. Hardware life cycles are different from software life cycles • Solution: project and development life cycle models that "bake in" best practices
What is a "hacker"? What is the difference between a "black hat hacker" and a "white hat hacker"? Hacker:
Experts in technology who use their evil knowledge to break into computers and computer networks, either for profit or just motivated by the challenge. More recently, for social mayhem. (See Russia)
Know the parts of the "Prevention Checklist" in the class slides. Know what each means, and how each protects your computer. Data Layer
Operating System Updates: Update your Operating System a month or so after its release. (bugs come up in first month) Backup Practices: Then when your device "goes missing" all you have to do is reinstall that image and you're good to go. - cloud backup and local backup Physical Protection: - Normal physical theft precautions - Track it and make sure it works. - Find My iPhone app - Kill Switch - Enables you to delete all data from your phone if it gets away from you. - Use Thief Photo Capture Feature Disconnect Your Device: - Turn off your device when you're not using it - Turn off wifi, Turn on Airplane mode (cuts cell connection) - If they can't access it, they can't steal your data Insurance: Buy Renters Insurance, which will cover theft even away from home. Make sure you have the device serial number and picture of the device, and ideally the receipt.
Know the four feasibility studies in SDLC (Class 14a deck), and what the focus of each is.
Organizational: Will / can the organization use the system? Technical: Is the technology available and easy enough to use? Schedule: Can we get the system into production soon enough? Economic: Is the proposed system affordable and worth the investment?
Know these words from project management: scope, scope creep, milestones, PERT chart (and task sequencing), Gantt chart (and calendar time). Milestones:
Points in time at which a task will be done.
Know these words from project management: scope, scope creep, milestones, PERT chart (and task sequencing), Gantt chart (and calendar time). Pert vs Gantt:
Project Management Tools: • Tool to manage the dependencies and best sequencing of tasks - PERT Chart • Tool to manage task completion on a real time calendar - Gantt Chart PERT vs Gantt PERT: • Shows task dependencies and time sequencing • Works off "ideal" time not calendar or actual time • Useful to manage critical path critical path - path where there is no slack (bottom path) slack - extra time Gantt: • Shows who owns and executes each task • Works off calendar and actual time • Useful to match against real time calendar to monitor project progress
Know what "gap analysis" is in the Systems Analysis phase. Gap analysis:
REQUIREMENTS PHASE OF SDLC a set of techniques to examine and describe the gap between current performance and desired future goals. the comparison of actual performance with potential or desired performance ***Gap refers to the space between "where we are" (the present state) and "where we want to be" (the target state). Requirements Phase - Do "gap analysis" between "as is" process/product and "to be" process/product. Define what the "to be" system should do. (not how). Create business requirements statement.
Be able to identify a correct SQL statement from an incorrect SQL statement using the above, and how to fix it. For example, if I give you this SQL statement, you should be able to tell me if it's correct or incorrect. If it's incorrect, what's the problem? In this case, you would say "This is incorrect. The correct operator is WHERE, not WHEN"
SELECT Cust_name, Cust_Address FROM CustomerData WHEN Credit_Rating > 10
Know these words from project management: scope, scope creep, milestones, PERT chart (and task sequencing), Gantt chart (and calendar time). Scope / scope creek:
Scope • Scope = the functionality and features that the project will include. • (Also by definition, what the project will NOT include.) • Scope Creep = when scope grows without budget and schedule also growing
What has been the impact of poor ethics (e.g., perceptions of corruption) on the ability of countries to gain foreign direct investment? What's the take away about how the world views ethical or high integrity behavior?
Take Away: Less corrupt countries get more foreign investment
According to one study, on average, how much does it cost a company when a security threat becomes reality for a company resulting in downtime?
The (Rising!) Cost of Downtime $260,000 - average cost per hour of downtime (across all businesses)
What are the two main factors in securing data assets? Know what each means and what examples of each could be. Authorization:
The process of giving someone permission to do or have something. "What are you allowed to do here?"
Who owns your data when you work on a company's servers?
The Company owns your data when you work on that company's servers - The courts have held that a company owns all the data on or going through its private servers - When you text or surf web using wifi that goes through your employer's servers, they have the right to look at it
What is a firewall? How does it protect you (or companies) from evil-doers?
The firewall (security software) allows inside people to use the outside Internet, and prevents outsiders from getting in.
Know these words from project management: scope, scope creep, milestones, PERT chart (and task sequencing), Gantt chart (and calendar time). Tasks:
The processes that the team must perform to complete the project. • Big tasks broken down into smaller "do-able" tasks • Work Breakdown Structure is a useful tool
Know the difference between a primary key and a foreign key, particularly when using the JOIN operator
Use primary key in Table 1 that is a foreign key in Table 2 to join Table 1 and Table 2 Select * From Product P Join Manufacturer M On P. ManufacturerID = M. ManufacturerID (ManufacturerID is primary key of Manufacturer and foreign key of Product)
Know what these terms represent and how you or a business would use them: VPN, password manager, anti-virus app, authentication vs. authorization VPN:
Virtual Private Network (VPN) - What does a VPN do? A VPN is an application that sits between your other applications and the network 1. Encrypt your data transmissions. A VPN encrypts your transmissions from your device through the destination so evil doers can't intercept and steal them Great for unsecure wifi connections (802.11). Cell phone networks already have encryption as part of 4G and 5G. 2. Mask your identity and personal information. A VPN hides your identity and personal information on the internet so hackers can't steal it AND so vendors can't capture it. It masks your IP address. 3. Bypass geo-restrictions. A VPN lets you go through anonymous servers so that your local server can't track where you go, and the destination server doesn't know where you are. For example, you go to Netflix from Vietnam through an anonymous server in California, Netflix thinks you're in California.
Know what this sentence means: "VPN software encrypts your data transmission from your device to a wifi router, making it more secure than if you don't use a VPN"
Virtual Private Network (VPN) - What does a VPN do? A VPN is an application that sits between your other applications and the network 1. Encrypt your data transmissions. A VPN encrypts your transmissions from your device through the destination so evil doers can't intercept and steal them Great for unsecure wifi connections (802.11). Cell phone networks already have encryption as part of 4G and 5G. 2. Mask your identity and personal information. A VPN hides your identity and personal information on the internet so hackers can't steal it AND so vendors can't capture it. It masks your IP address. 3. Bypass geo-restrictions. A VPN lets you go through anonymous servers so that your local server can't track where you go, and the destination server doesn't know where you are. For example, you go to Netflix from Vietnam through an anonymous server in California, Netflix thinks you're in California.
Know what these terms represent and how you or a business would use them: VPN, password manager, anti-virus app, authentication vs. authorization AntiVirus Software:
Virus: malware applications that get into your system in a variety of ways • Anti virus: keeps a database of these "bad apps" and checks them against known apps • Trick: new apps emerge all the time, so the company providing the anti virus must update their database of apps at least daily. And you must update to that list all the time, at least weekly. • Install on ALL your devices. • Example: Norton AntiVirus by Symantec
What is a project? What is a process? Know the difference.
What Is a Project? - Temporary with a definite start and end - Has a unique purpose, not ongoing - Clear outcome & deliverables - Requires resources, often from different areas - Involves uncertainty and change - Must balance scope, time and cost. - Usually new and novel effort. - Must have a sponsor or customer. *** It is NOT an ongoing process Which of these Activities are Projects? • Purchasing office supplies (process) • Maintaining an information system (process) • Planning a wedding - project • Maintaining employee morale (process) • Having a child - project • Getting dressed in the morning (process) • Answering customer service calls (process) • Developing a software program - project • Deciding to take a trip to Bermuda (process) • Taking this class - project
What is the dilemma we face as business professionals in dealing with the handling of personal information, as discussed in class?
What is the problem? • Information Security (last class): make sure clearly unethical threats are thwarted • Information Privacy (this class): Strike the ethical balance between "personalization" and "intrusion", with respect to information collected by organizations about individuals using their services • Dilemma: 1. As a business, you want to know everything about your customers so you can sell/serve them better. 2. As a customer, you don't want the business the know everything about you because then you lose privacy.
Be able to name and describe the three levels of system security (slides and Belanger Fig 8.2) App Access:
Which applications can do CRUD on which data? Who can use those applications?
Be able to name and describe the three levels of system security (slides and Belanger Fig 8.2) Network Access:
Who may access the resources on our network? Intranet? Extranet?
Be able to name and describe the three levels of system security (slides and Belanger Fig 8.2) Data Access:
Who/what can access databases and what can they do with that access? Create, Read, Update, Delete (CRUD)
what is "intellectual property?"
Your intellectual property includes the intangible assets you create for your business, such as names, designs, and automated processes. And just like tangible possessions, your intellectual property needs to be monitored and protected. Intellectual Property (IP) in I.T. - Ownership of ideas • Patents: Ownership of an invention. Ex: Microsoft patented "double clicking" (2004) • Trademarks: Phrase, symbol, or design that distinguishes the source of products or services. Ex: Apple apple logo and "fake" Apple stores in China • Trade Secrets: Formula, process that gives one company a business advantage. Ex: Google search algorithm • Copyright: Nondigital Assets - books, oil paintings, vinyl records Digital Assets - Music, movies, photos, eBooks, software, games
From the videos we saw in class, what is a data broker?
a data broker is someone who can track and collect your data online and sell it to companies so that they can profit
Understand the difference between an external threat to a business system and an internal threat. Be familiar with the example in the slides and Belanger Fig 8.1 Internal threats (within the company):
businesses can control - policies not followed - data - internal controls - system development - malicious employees
Understand the difference between an external threat to a business system and an internal threat. Be familiar with the example in the slides and Belanger Fig 8.1 External threats (outside of the company):
businesses can't control -legal and regulatory -natural disasters -pranksters - criminals and terrorists - viruses - hackers
What is a "hacker"? What is the difference between a "black hat hacker" and a "white hat hacker"? White hat hacker (good guy):
job title; people that have skill in breaking into systems and companies hire them to find vulnerabilities in their systems
What is a "hacker"? What is the difference between a "black hat hacker" and a "white hat hacker"? Black hat hacker (bad guy):
people that actively try to get into a system and do evil things
What is the difference between values, morals, ethics, and laws? Be able to look at some statements and choose whether it is a value, moral, ethic, or law as we discussed in class (not in general). Law:
rules of behavior, enforced by consequences for violating those rules. •Determined and enforced by a governing body with authority to enforce penalties. •Values create laws, laws don't usually create values.
Know what these terms represent and how you or a business would use them: VPN, password manager, anti-virus app, authentication vs. authorization. Password Managers:
• Applications you install on your device to store and organize passwords • You only have to remember one strong password to have access to database of their other passwords • Encrypted - ensures strong passwords; might lead to vulnerability if database compromised • Keep a copy of this on the cloud to share among all of your devices
Know these words from project management: scope, scope creep, milestones, PERT chart (and task sequencing), Gantt chart (and calendar time). Task Sequencing:
• Designing the tasks to leverage your team, and get the project done as quickly as possible. PERT Chart and Gantt Chart are two useful tools. • Critical Path Method and "slack"
In developing systems, most companies use either the Waterfall or Agile model. Know the differences as we discussed in class, and why you - as a manager - might choose one over the other. Agile:
• Iterative • Specifically designed for feedback and learning • Harder for most to understand • Good for end results which are novel / innovative
Know what these terms represent and how you or a business would use them: VPN, password manager, anti-virus app, authentication vs. authorization. Two-factor authentication (2FA):
• Requires extra step to log into app or device • First authentication factor: username, password • Second authentication factor: app on trusted device, token, call, SMS/text, or one-time verification codes • Tricky to do if you're abroad with different SIM card!
Know these words from project management: scope, scope creep, milestones, PERT chart (and task sequencing), Gantt chart (and calendar time). Task Ownership:
• Who "owns" a task? Who is accountable for getting the task done - even if they don't do it directly?
In developing systems, most companies use either the Waterfall or Agile model. Know the differences as we discussed in class, and why you - as a manager - might choose one over the other Waterfall:
• a sequential project management methodology where one phase completely finishes before the next phase begins • Linear Sequential • Not best for feedback and learning • Easy for most to understand • Speedier if you totally know what you want at the end
What is the difference between values, morals, ethics, and laws? Be able to look at some statements and choose whether it is a value, moral, ethic, or law as we discussed in class (not in general). How They Relate - Example:
•Value: individuals deserve to live freely •Moral: you should respect individual's right to make decisions for themselves •Ethics: you are ethical when you let others make decisions for themselves, you are unethical when you make decisions for them against their wishes. •Law: USA Bill of Rights, First Amendment Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances.