IDS180 Information And Decision Systems f07 midterm study guide

IDS180 Information And Decision Systems f07 midterm study guide

Info iconThis preview shows pages 1–5. Sign up to view the full content.

View Full Document Right Arrow Icon
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Background image of page 2
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Background image of page 4
Background image of page 5
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: Chapter OIIC Study Guide / t/\ H 4— E1316 Purpose of information systems is to get the right information to the right people at are rig t‘fifiie in the right amount and in the right format. _ ~ Data Items- elementary description of things, events, activities, and transactions that are recorded, classrfied, and stored but are not organized to convey any specific meaning. Can be numbers, letters, figures, sounds, or images. (student grade in class or hours in workday.) _ . . Information- data that have been organized so that they have meaning and value to the rec1pient. (a student’s name coupled With their GPA. 5‘ _ Knowledge- data or/ and information that have been organized and processed to convey understanding, experience, accumulated learning, and expertise as they apply to a current business problem. Information technology architectur - a high-level map or plan of the information assets in an organization. Guide for current operations rin or ture directions. - Information technology infrastructure- consists of the physical facilities, IT components, IT serVices, and IT personnel that AM.— ' support the entire organization. Information System- collects, processes, stores, analyzes, and disseminates information for a specific purpose. Computer-based information system (CBIS)- information system that uses computer technology to perform some or all of its intended tasks. Although not all information systems are computerized, most are. Hardware- device such as processor, monitor, keyboard, and printer. Software- A program or collection of programs that enable the hardware to process data. Database- is a collection of related files or tables containing data. Network— connecting system that permits different computers to share resources. Procedures- set of instructions about how to combine the above components in order to process information and generate the desired output. People- individuals who use the hardware and software, interface with it, or use its output. Application Program (pg8 fig 1.2)— computer program specific task or business process. Department 18- collection of application programs in a single department. Human Resources IS (HRIS)- collection of application programs in the human resources area. Departmental or Functional Area IS- each supports a particular functional area in the organization. (Accounting IS, Finance IS, Production IS...) Enter rise Resource Planning IS (ERP) - designed to correct a problem within the functional area. Transaction processing l 5- supports the monitoring, collection, storage, and processing of data from the organization’s basic business transactions, each of which generates data. Interorganizational IS (IOSs)- systems that connect two or more organizations. {Supply Chain- an organization’s supply chain describes the flow of materials, information, money, and services from raw material suppliers through factories and warehouses to the end customers. Electronic Commerce 18- another type of Interorganizational IS that enable organizations to conduct transactions, called business- to-business (B2B) electronic commerce, and customers to conduct transactions with business, called business-to-consumer (B2C) electronic commerce. Types of IS employees Clerical workers- book keepers, secretaries, electronic file clerks, and insurance claim processors. Lower-level managers- handle day to day operations of the org. like assigning tasks to employees and placing orders Middle Managers- make tactical decisions which deal with activities like short-term planning, organizing, and control. Knowledge Workers- financial and marketing analysts, engineers, lawyers, and accountants. Are experts in particular subject area. They are advrsors to middle managers and executives. Executives- make decisions that deal with situations that can significantly change the manner in which business is done such as introducing new product line, acquiring other business, and relocating operations to a foreign country. Office Automation systems (OASs!- support clerical staff lower and middle managers, and knowledge workers. Used to develop documents, sc edule resources, and communicate ( email, voicemail. . .). Management 18- summarize data and prepare reports, primarily for middle and lower managers. Decision Support Systems (DSSs)- provide computer-based support for complex, nonroutine decisions for middle managers and knowledge workers. Expert Systems (ES)- attempt to duplicate the work of human experts by applying reasoning capabilities, knowledge, and expertise within a specific domain for knowledge workers. Executive information systems (EIS)- support top managers of the organization. Provide rapid access to timely information and direct access to structured information in the form of reports. Information Systems department (ISD) — when businesses first began to use computers in the 50’s the ISD owned the only computing resource in the organization. End User Computing- Computers are located throughout the organization, and almost all employees use computers in their work. Chief Information Officer (CIO) — Senior Executive of the department with a managerial role. ISD now report directly to CEO’s or senior vice president. Chapter Three Study Guide — IT Security Solutions NORA- “Non-obvious relationship awareness” software searches for obvious and non-obvious relationships among data stored in multiple databases. It flags high risk persons and compares what it knows of them to other databases. - ANNA- “Anonymized data analysis” allows investigators to search databases without seeing names, addresses, and other info they are examining. Customer Monitoring— video surveillance, facial-recognition software, security personnel, and tracking systems. Monitoring Employees— Watch employees at all times even though they may not already be suspicious Sharing Information— Share security information with other organizations (casinos) so they mutually help one another. Ethical Issues Code of ethics- collection of principals that are intended to guide decision making by members of the organization. Four issue categories: Privacy— collecting, storing, and disseminating info about persons. Accuracy— authenticity, fidelity, and accuracy of info that is collected and processed. Property— ownership and value of information. Accessibility- revolve around who should have access to info and if it should cost something. Privacy— the right to be left alone and to be free of unreasonable personal instructions. Information privacy- is the right to determine when, and to what extent, info about yourself can be gathered and or communicated to others. Electronic surveillance— the monitoring or tracking people with the aid of computers. Privacy policies or Privacy codes— organization’s guidelines with respect to protecting the privacy of customers, clients, and employees. Having this can help organizations avoid legal problems. Threats to Information Securi 69 Threat— any danger to which a system may be exposed. Exposure- of an information resource is the harm, loss, or damage that can result if a threat compromises that resource. Vulnerability- is the possibility that the system will suffer harm by a threat. Risk— likelihood a threat will occur. Information System controls— are the procedures, devices, or software aimed at preventing a compromise to the system. Unintentional Threats Human errors- occur in design of the hardware or information system. Environmental hazards— earthquakes etc.. Computer System Failures— result of poor manufacturing or defective material. Intentional Threats Cyber crimes- fraudulent activities committed using computers and communication networks. Committed by outsiders or insiders in the system. Hacker- person who has penetrated computer system with no criminal intent. Cracker- Malicious hacker who presents serious problems Social engineering— strategy where computer criminals or corporate spies get around security systems by building an inappropriate trust relationship with insiders. Industrial espionage- where researching info about the competition is perfectly legal. Many companies practice this. Shoulder surfing— people observer info without authorization by looking at a computer monitor or ATM screen. Information extortion— when attacker or formerly trusted employee steals info from a computer system and then demands compensation for it’s return in return for not disclosing it. Hacktivist or Cyberactivists— use technology for high-tech civil disobedience to protest the operations, policies, or actions of an individual, organization, or government agency. Cyberterrorism- premeditated, politically motivated attack against information, computer systems, programs, and data that results in violence against noncombatant targets by sub national groups or clandestine agents. Cyberwar— a country’s information systems could be paralyzed by a massive attack of destructive software. Identity Theft- in which a criminal poses as somebody else by stealing SS and CC numbers to commit fraud. This severely damages a person’s credit rating. Malware- software designed to damage, destroy, or deny service to the targeted systems. Computer Viruses- segments of computer code that perform actions ranging from merely annoying to destructive. Worms— destructive programs that replicate themselves without requiring another program to provide a safe environment for replication. Trojan horses— programs that hide in other computer programs and reveal their designed behavior only when they activated. Logic bombs- segments of computer code that are embedded within an organization’s existing computer programs, often by a disgruntled employee. Back or Trap doors- password known only to the attacker that allows at attacker to access the system at will, without havmg to go through any security procedures. Denial of Service attack- attacker sends so many information requests to a target system that the target cannot handle them successfully and in some cases preventing it from performing ordinary functions. Distributed denial of Service attack— a coordinated stream of requests in launched against a target system from many computers at the same time. The compromised machines are known as zombies. Alien Software- sofiware on computers that the owners do not know about such as pestware, adware, and spyware. Pestware— clandestine software that is installed on your pc through duplicitous channels. Tricks you into installing it. Adware- software that is designed to help pop-up advertisements appear on your screen. Spyware- like pestware including keylogger programs that record your keystrokes, password logger programs that record your passwords, and spamware that is designed to use your computer as a launch pad for spammers. Spam- unsolicited e-mail usually for the purpose of advertising for products and services. Cookies- small amounts of info that web sites store on your computer temp or more-or-less permanently. Web bugs- small usually invisible, graphic images that are added to a web page or an email message. Phishing- uses deception to acquire sensitive personal information such as account numbers and passwords by masquerading as an official-looking e-mail. Pharming- where the attacker fraudulently acquires the domain name for a company’s web site. Where the fake website looks like the real one and people may enter important information that is sent to the attacker. Protecting information Resources Risk management— goal of this is to identify, control, and minimize the impact of threats. Risk analysis- process in which an organization assesses the value of each asset being projected, estimates the probability that each asset might be compromised, and compares the probable costs of each being compromised with the costs of protecting it. Risk migration- two functions: (1) implementing controls to prevent identified threats from occurring and (2) developing means of recovery should the threat become a reality. Risk Mitigation Strategies: Risk acceptance— accept the potential risk, continue operating with no controls, and absorb the damages Risk Limitation- Limit the risk by implementing controls that minimize the impact of the threat. Risk Transference- Transfer the risk by using other means to compensate for the loss, like purchasing insurance. Controls Evaluation— where the organization identifies security deficiencies and calculates the costs of implementing adequate control measures. Some times implementing controls is not cost-effective. General Controls General controls— established to protect the system regardless of the specific application. Physical controls- prevent individuals from gaining access to a company’s computer facilities. ( gates or fences). Access controls- restrict people from using info resources and are concerned with user identification. Something the user is— also known as Biometrics, these controls examine a user’s innate physical characteristics such as fingerprint scans and retina scans. ' Something the User Has— Regular ID cards and smart cards. Something the User Does- Are things like voice and signature recognition. Something the User knows- Passwords and passphrases. Strong passwords- difficult to guess, long, have all types of text, etc... Brute force dictionary attack— hacker uses computer program that tries every word in the dictionary until it finds a match. Communications controls- deal with the movement of data across networks and include border security controls, authentication, and authorization. Firewall- A system that prevents a specific type of information from moving between untrusted networks, such as the intemet, and private networks similar to that of a company. Encryption— The process of converting an original message into a form that cannot be read by anyone except the intended receiver. Symmetric encryption— where the sender and recipient use the same key. Public-key encryption- also known as asymmetric encryption uses both a public and a private key. Certificate authority— more complex system for when business is done on the internet. It acts as a trusted intermediary between companies by issuing digital certificates and verifying their worth and integrity. Digital Certificate— electronic document attached to a file certifying that the file is from the organization it claims to be from and has not been modified from its original format. Virtual Private Networking— A VPN is a private network that uses a public network (intemet) to connect users. Instead of using an exclusively owned network a VPN uses virtual connections from the company’s private network to a remote site, employee, or another company. Application controls- safeguards that protect specific applications unlike general controls that protect an entire system. Audit- an examination of information systems, their inputs, outputs, and processing. EX- Information systems auditing. Internal Auditing— performed by corporate internal auditors. External Auditing- where an auditor reviews findings of the internal audit as well as the inputs processing, and outputs of IS. . _ . Auditing around the computer— verifying processing by checking for known outputs usmg specrfic mputs. Auditing through the computer— where inputs, outputs, and processing are checked. Auditing with the computer- combination of client data, auditor software, and client and auditor software. Disaster Recovery- chain of events linking planning to protection and to recovery. Plan- supposed to keep the business running alter a disaster occurs, a process called business continuity. Disaster avoidance- reduce the chances of avoidable disaster such as arson/human threats. Back up power supply. Hot Sites- backup location while central computing facility is inoperable. (World Trade Center). Chapter Ten Study Guide Organizations must analyze the need for applications and then justify each application in terms of costs and benefits. Application portfolio— prioritized list of both existing and potential IT applications made when a company examines needs. IT Planning Organization’s strategic plan- states the firm’s overall mission, the goals that follow from that mission, and the broad steps necessary to reach these goals. IT strategic plan- set of long-range goals that describe the IT nfrastructure and aj or IT initiatives needed to achieve the goals of the organization. It includes 3 objectives: Must be aligned with organizations strategic plan. Provide for IT architecture that enables users, apps, and databases to easily networked and integrated. Efficiently allocated IS development resources among competing projects, so projects are ontime, and in budget. IS operational plan- made after 1T strategic plan is agreed on and consists of clear set of projecs that the IS department and functional area manaers will execute in support of IT strategic plan. Consists of these elements- Mission- mission of IS function IS environment— summary of info needs of functional areas and organization as whole Objectives of the IS function— best current estimate of the goals. Constraints of the IS function- technological, financial, personnel, and other resource limitations on the IS function. App Portfolio- above Project management and Resource allocation- list of people’s duties. (what, how, and when.) Costs Fixed costs- remain the same regardless of any change in the activity level. (fixed payrolls etc..) Net Present Value- analysts convert future vales of benefits to their present-value equivalent by discounting them at the organization’s costs of funds. Compare present value of future benefits compared to the costs to achieve those benefits. Return on Investment— measures management’s effectiveness in generating profits with its available assets. The higher the percentage, the better. Calculated by dividing net income to a projects by the assets invested in the project. Breakeven analysis- the point at which the cumulative dollar value of the benefits equals the investments made. Business Case approach- A Bus. Case is a written document that managers use to justify funding. Provides funding and the foundation for tactical decision making and technology risk management. Strategies for Acquiring IT applications Buy option- buy the applications off the shelf. ( rarely can satisfy all organizational needs). Lease Option- Used as quick way to solve problems but rarely meets all needs. Attractive to smaller enterprises. Build option- Where people build a IS to meet their own specific needs and is usually better fit. Traditional Systems Development Life Cycle System Development Life Cycle- is the traditional systems method that organization use for large-scale IT projects. It is a structured frame-work that consists of sequential processes by which information systems are developed. Waterfall Approach- Where tasks in one stage were completed before the work proceeded to the next stage. Users- employees from all functional areas and levels of the organization who interact with the system. System analysts— IS pros who modify existing computer programs or write new computer programs to satisfy user requirrnents. Technical Specialists- are experts on a certain type of technology, sch as databases or telecommunications. Systems stakeholders- people who are affected by changes in IS. (mangers and users). An 8-stage systems development life cycle- pg 312 Business problem- more time they invest in understanding this problem to be solved, technical options for systems, and potential problems the greater chance for success. 3 solutions to a business problem: (1) do nothing. (2). Modify or enhance the system. (3) develop new system. Feasibility study- analyzes which of the three solutions best fits the particular business problem. Determines the probability that the solution chosen will succeed through assessment of it’s technical, economic, and organizational feasibility. Technical Feasibility— determines if the hardware, software, and communications, components, can be acquired to s olve the problem Economic Feasibility- determines if the project is an acceptable financial risk and if the organization can afford the expense and time needed up completion. Behavioral feasibility— addresses the human issues of the project. Organization Feasibility- refers to a organizations ability to accept the proposed project. Go/No-Go Decision— Afier feasibility analysis is presented a decision is made whether to continue or not. Systems analysis- examination of the business problem that the organization plans to solve with an information system. Defines the problem in more detail, identifies it’s causes, specifies the solution, and identifies the info requirements needed to be satisfied. Systems Design— describes how the system will accomplish this taks. Logical system design- states what the system will do, using abstract specifications. Physical system design— states how the system will perform it’s functions with actual physical specifications Scope creep- occurs during development when users add to or change the info requirements of a system after the requirements have been “frozen”. Runaway projects- systems developments projects that are so far over budget and past deadline they must be abandoned. Programming— involves translating the design specifications into computer code. Structured Programming— techniques that improve logical flow of the program by decomposing computer code into modules, which are sections of code. There are two errors in computer code: Syntax and Logic. Syntax: misspelled word or comma Logic: Permit program to run but result in incorrect output. Good Enough software- where errors are present but it is impossible to find them all. Implementation— is the process of converting from the old system to the new system. Four Major Conversion strategies: Parallel conversion— old and new system operate simultaneously for a period Direct Conversion- Old system is cut off and new system is turned on at certain point in time. Pilot Conversion- introduces new system in one part of the organization, such as in one plant or functional area. Phased Conversion— introduces components of a new system, such as individual modules, in stages. Types of Maintenance needed on systems: Debugging, updating, add new functions. Alternative Methods and Tools for Systems Development Prototyping— defines initial list of user requirements, builds a prototype system, and then improves the system in several iterations based on user feedback. Either contains components of new systems or is a small scale working version of it. Joint application design— group based tool for collecting user requirements and creating system designs. Computer-aided software engineering (CASE)— A development approach that uses specialized tools to automate many of the tasks in the SDLC. Integrated Case tools- provide links between upper CASE and lower CASE tools. Rapid Application Development- systems developments method that can combine joint application design, prototyping, and integrated CASE tools to rapidly produce a high-quality system. Obj ect- Oriented Development-based on a fundamentally different view of computer systems than the perceptions that characterized traditional SDLC development approaches. Outsourcing and Application Service Providers Small companies with few IT staff and limited budgets are best served by outside contractors. Outsourcing- acquiring IT applications from outside contractors or eternal organizations. Software houses- Companies like IBM to Oracle offer outsourcing services for developing and maintaining IT Apps. Outsourcers and others— IT outsourcers such as EDS and large CPS companies offer outsourcing services. Off shoring— Places like India and China that can save money. Does include risks, like sending info overseas. Application service provider- most common type of IT outsourcing is where a vendor assembles the software needed by enterprises and packages the software with services such as development, operations, and maintenance. The providers collect fees for their services. ...
View Full Document

This note was uploaded on 02/15/2008 for the course IDS 180 taught by Professor Easton during the Fall '07 term at UCSD.

Page1 / 5

IDS180 Information And Decision Systems f07 midterm study guide

This preview shows document pages 1 - 5. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online