{[ promptMessage ]}

Bookmark it

{[ promptMessage ]}

IDS180 Information And Decision Systems f07 midterm study guide

IDS180 Information And Decision Systems f07 midterm study guide

Info icon This preview shows pages 1–5. Sign up to view the full content.

View Full Document Right Arrow Icon
Image of page 1

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Image of page 2
Image of page 3

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Image of page 4
Image of page 5
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: Chapter OIIC Study Guide / t/\ H 4— E1316 Purpose of information systems is to get the right information to the right people at are rig t‘fifiie in the right amount and in the right format. _ ~ Data Items- elementary description of things, events, activities, and transactions that are recorded, classrfied, and stored but are not organized to convey any specific meaning. Can be numbers, letters, figures, sounds, or images. (student grade in class or hours in workday.) _ . . Information- data that have been organized so that they have meaning and value to the rec1pient. (a student’s name coupled With their GPA. 5‘ _ Knowledge- data or/ and information that have been organized and processed to convey understanding, experience, accumulated learning, and expertise as they apply to a current business problem. Information technology architectur - a high-level map or plan of the information assets in an organization. Guide for current operations rin or ture directions. - Information technology infrastructure- consists of the physical facilities, IT components, IT serVices, and IT personnel that AM.— ' support the entire organization. Information System- collects, processes, stores, analyzes, and disseminates information for a specific purpose. Computer-based information system (CBIS)- information system that uses computer technology to perform some or all of its intended tasks. Although not all information systems are computerized, most are. Hardware- device such as processor, monitor, keyboard, and printer. Software- A program or collection of programs that enable the hardware to process data. Database- is a collection of related files or tables containing data. Network— connecting system that permits different computers to share resources. Procedures- set of instructions about how to combine the above components in order to process information and generate the desired output. People- individuals who use the hardware and software, interface with it, or use its output. Application Program (pg8 fig 1.2)— computer program specific task or business process. Department 18- collection of application programs in a single department. Human Resources IS (HRIS)- collection of application programs in the human resources area. Departmental or Functional Area IS- each supports a particular functional area in the organization. (Accounting IS, Finance IS, Production IS...) Enter rise Resource Planning IS (ERP) - designed to correct a problem within the functional area. Transaction processing l 5- supports the monitoring, collection, storage, and processing of data from the organization’s basic business transactions, each of which generates data. Interorganizational IS (IOSs)- systems that connect two or more organizations. {Supply Chain- an organization’s supply chain describes the flow of materials, information, money, and services from raw material suppliers through factories and warehouses to the end customers. Electronic Commerce 18- another type of Interorganizational IS that enable organizations to conduct transactions, called business- to-business (B2B) electronic commerce, and customers to conduct transactions with business, called business-to-consumer (B2C) electronic commerce. Types of IS employees Clerical workers- book keepers, secretaries, electronic file clerks, and insurance claim processors. Lower-level managers- handle day to day operations of the org. like assigning tasks to employees and placing orders Middle Managers- make tactical decisions which deal with activities like short-term planning, organizing, and control. Knowledge Workers- financial and marketing analysts, engineers, lawyers, and accountants. Are experts in particular subject area. They are advrsors to middle managers and executives. Executives- make decisions that deal with situations that can significantly change the manner in which business is done such as introducing new product line, acquiring other business, and relocating operations to a foreign country. Office Automation systems (OASs!- support clerical staff lower and middle managers, and knowledge workers. Used to develop documents, sc edule resources, and communicate ( email, voicemail. . .). Management 18- summarize data and prepare reports, primarily for middle and lower managers. Decision Support Systems (DSSs)- provide computer-based support for complex, nonroutine decisions for middle managers and knowledge workers. Expert Systems (ES)- attempt to duplicate the work of human experts by applying reasoning capabilities, knowledge, and expertise within a specific domain for knowledge workers. Executive information systems (EIS)- support top managers of the organization. Provide rapid access to timely information and direct access to structured information in the form of reports. Information Systems department (ISD) — when businesses first began to use computers in the 50’s the ISD owned the only computing resource in the organization. End User Computing- Computers are located throughout the organization, and almost all employees use computers in their work. Chief Information Officer (CIO) — Senior Executive of the department with a managerial role. ISD now report directly to CEO’s or senior vice president. Chapter Three Study Guide — IT Security Solutions NORA- “Non-obvious relationship awareness” software searches for obvious and non-obvious relationships among data stored in multiple databases. It flags high risk persons and compares what it knows of them to other databases. - ANNA- “Anonymized data analysis” allows investigators to search databases without seeing names, addresses, and other info they are examining. Customer Monitoring— video surveillance, facial-recognition software, security personnel, and tracking systems. Monitoring Employees— Watch employees at all times even though they may not already be suspicious Sharing Information— Share security information with other organizations (casinos) so they mutually help one another. Ethical Issues Code of ethics- collection of principals that are intended to guide decision making by members of the organization. Four issue categories: Privacy— collecting, storing, and disseminating info about persons. Accuracy— authenticity, fidelity, and accuracy of info that is collected and processed. Property— ownership and value of information. Accessibility- revolve around who should have access to info and if it should cost something. Privacy— the right to be left alone and to be free of unreasonable personal instructions. Information privacy- is the right to determine when, and to what extent, info about yourself can be gathered and or communicated to others. Electronic surveillance— the monitoring or tracking people with the aid of computers. Privacy policies or Privacy codes— organization’s guidelines with respect to protecting the privacy of customers, clients, and employees. Having this can help organizations avoid legal problems. Threats to Information Securi 69 Threat— any danger to which a system may be exposed. Exposure- of an information resource is the harm, loss, or damage that can result if a threat compromises that resource. Vulnerability- is the possibility that the system will suffer harm by a threat. Risk— likelihood a threat will occur. Information System controls— are the procedures, devices, or software aimed at preventing a compromise to the system. Unintentional Threats Human errors- occur in design of the hardware or information system. Environmental hazards— earthquakes etc.. Computer System Failures— result of poor manufacturing or defective material. Intentional Threats Cyber crimes- fraudulent activities committed using computers and communication networks. Committed by outsiders or insiders in the system. Hacker- person who has penetrated computer system with no criminal intent. Cracker- Malicious hacker who presents serious problems Social engineering— strategy where computer criminals or corporate spies get around security systems by building an inappropriate trust relationship with insiders. Industrial espionage- where researching info about the competition is perfectly legal. Many companies practice this. Shoulder surfing— people observer info without authorization by looking at a computer monitor or ATM screen. Information extortion— when attacker or formerly trusted employee steals info from a computer system and then demands compensation for it’s return in return for not disclosing it. Hacktivist or Cyberactivists— use technology for high-tech civil disobedience to protest the operations, policies, or actions of an individual, organization, or government agency. Cyberterrorism- premeditated, politically motivated attack against information, computer systems, programs, and data that results in violence against noncombatant targets by sub national groups or clandestine agents. Cyberwar— a country’s information systems could be paralyzed by a massive attack of destructive software. Identity Theft- in which a criminal poses as somebody else by stealing SS and CC numbers to commit fraud. This severely damages a person’s credit rating. Malware- software designed to damage, destroy, or deny service to the targeted systems. Computer Viruses- segments of computer code that perform actions ranging from merely annoying to destructive. Worms— destructive programs that replicate themselves without requiring another program to provide a safe environment for replication. Trojan horses— programs that hide in other computer programs and reveal their designed behavior only when they activated. Logic bombs- segments of computer code that are embedded within an organization’s existing computer programs, often by a disgruntled employee. Back or Trap doors- password known only to the attacker that allows at attacker to access the system at will, without havmg to go through any security procedures. Denial of Service attack- attacker sends so many information requests to a target system that the target cannot handle them successfully and in some cases preventing it from performing ordinary functions. Distributed denial of Service attack— a coordinated stream of requests in launched against a target system from many computers at the same time. The compromised machines are known as zombies. Alien Software- sofiware on computers that the owners do not know about such as pestware, adware, and spyware. Pestware— clandestine software that is installed on your pc through duplicitous channels. Tricks you into installing it. Adware- software that is designed to help pop-up advertisements appear on your screen. Spyware- like pestware including keylogger programs that record your keystrokes, password logger programs that record your passwords, and spamware that is designed to use your computer as a launch pad for spammers. Spam- unsolicited e-mail usually for the purpose of advertising for products and services. Cookies- small amounts of info that web sites store on your computer temp or more-or-less permanently. Web bugs- small usually invisible, graphic images that are added to a web page or an email message. Phishing- uses deception to acquire sensitive personal information such as account numbers and passwords by masquerading as an official-looking e-mail. Pharming- where the attacker fraudulently acquires the domain name for a company’s web site. Where the fake website looks like the real one and people may enter important information that is sent to the attacker. Protecting information Resources Risk management— goal of this is to identify, control, and minimize the impact of threats. Risk analysis- process in which an organization assesses the value of each asset being projected, estimates the probability that each asset might be compromised, and compares the probable costs of each being compromised with the costs of protecting it. Risk migration- two functions: (1) implementing controls to prevent identified threats from occurring and (2) developing means of recovery should the threat become a reality. Risk Mitigation Strategies: Risk acceptance— accept the potential risk, continue operating with no controls, and absorb the damages Risk Limitation- Limit the risk by implementing controls that minimize the impact of the threat. Risk Transference- Transfer the risk by using other means to compensate for the loss, like purchasing insurance. Controls Evaluation— where the organization identifies security deficiencies and calculates the costs of implementing adequate control measures. Some times implementing controls is not cost-effective. General Controls General controls— established to protect the system regardless of the specific application. Physical controls- prevent individuals from gaining access to a company’s computer facilities. ( gates or fences). Access controls- restrict people from using info resources and are concerned with user identification. Something the user is— also known as Biometrics, these controls examine a user’s innate physical characteristics such as fingerprint scans and retina scans. ' Something the User Has— Regular ID cards and smart cards. Something the User Does- Are things like voice and signature recognition. Something the User knows- Passwords and passphrases. Strong passwords- difficult to guess, long, have all types of text, etc... Brute force dictionary attack— hacker uses computer program that tries every word in the dictionary until it finds a match. Communications controls- deal with the movement of data across networks and include border security controls, authentication, and authorization. Firewall- A system that prevents a specific type of information from moving between untrusted networks, such as the intemet, and private networks similar to that of a company. Encryption— The process of converting an original message into a form that cannot be read by anyone except the intended receiver. Symmetric encryption— where the sender and recipient use the same key. Public-key encryption- also known as asymmetric encryption uses both a public and a private key. Certificate authority— more complex system for when business is done on the internet. It acts as a trusted intermediary between companies by issuing digital certificates and verifying their worth and integrity. Digital Certificate— electronic document attached to a file certifying that the file is from the organization it claims to be from and has not been modified from its original format. Virtual Private Networking— A VPN is a private network that uses a public network (intemet) to connect users. Instead of using an exclusively owned network a VPN uses virtual connections from the company’s private network to a remote site, employee, or another company. Application controls- safeguards that protect specific applications unlike general controls that protect an entire system. Audit- an examination of information systems, their inputs, outputs, and processing. EX- Information systems auditing. Internal Auditing— performed by corporate internal auditors. External Auditing- where an auditor reviews findings of the internal audit as well as the inputs processing, and outputs of IS. . _ . Auditing around the computer— verifying processing by checking for known outputs usmg specrfic mputs. Auditing through the computer— where inputs, outputs, and processing are checked. Auditing with the computer- combination of client data, auditor software, and client and auditor software. Disaster Recovery- chain of events linking planning to protection and to recovery. Plan- supposed to keep the business running alter a disaster occurs, a process called business continuity. Disaster avoidance- reduce the chances of avoidable disaster such as arson/human threats. Back up power supply. Hot Sites- backup location while central computing facility is inoperable. (World Trade Center). Chapter Ten Study Guide Organizations must analyze the need for applications and then justify each application in terms of costs and benefits. Application portfolio— prioritized list of both existing and potential IT applications made when a company examines needs. IT Planning Organization’s strategic plan- states the firm’s overall mission, the goals that follow from that mission, and the broad steps necessary to reach these goals. IT strategic plan- set of long-range goals that describe the IT nfrastructure and aj or IT initiatives needed to achieve the goals of the organization. It includes 3 objectives: Must be aligned with organizations strategic plan. Provide for IT architecture that enables users, apps, and databases to easily networked and integrated. Efficiently allocated IS development resources among competing projects, so projects are ontime, and in budget. IS operational plan- made after 1T strategic plan is agreed on and consists of clear set of projecs that the IS department and functional area manaers will execute in support of IT strategic plan. Consists of these elements- Mission- mission of IS function IS environment— summary of info needs of functional areas and organization as whole Objectives of the IS function— best current estimate of the goals. Constraints of the IS function- technological, financial, personnel, and other resource limitations on the IS function. App Portfolio- above Project management and Resource allocation- list of people’s duties. (what, how, and when.) Costs Fixed costs- remain the same regardless of any change in the activity level. (fixed payrolls etc..) Net Present Value- analysts convert future vales of benefits to their present-value equivalent by discounting them at the organization’s costs of funds. Compare present value of future benefits compared to the costs to achieve those benefits. Return on Investment— measures management’s effectiveness in generating profits with its available assets. The higher the percentage, the better. Calculated by dividing net income to a projects by the assets invested in the project. Breakeven analysis- the point at which the cumulative dollar value of the benefits equals the investments made. Business Case approach- A Bus. Case is a written document that managers use to justify funding. Provides funding and the foundation for tactical decision making and technology risk management. Strategies for Acquiring IT applications Buy option- buy the applications off the shelf. ( rarely can satisfy all organizational needs). Lease Option- Used as quick way to solve problems but rarely meets all needs. Attractive to smaller enterprises. Build option- Where people build a IS to meet their own specific needs and is usually better fit. Traditional Systems Development Life Cycle System Development Life Cycle- is the traditional systems method that organization use for large-scale IT projects. It is a structured frame-work that consists of sequential processes by which information systems are developed. Waterfall Approach- Where tasks in one stage were completed before the work proceeded to the next stage. Users- employees from all functional areas and levels of the organization who interact with the system. System analysts— IS pros who modify existing computer programs or write new computer programs to satisfy user requirrnents. Technical Specialists- are experts on a certain type of technology, sch as databases or telecommunications. Systems stakeholders- people who are affected by changes in IS. (mangers and users). An 8-stage systems development life cycle- pg 312 Business problem- more time they invest in understanding this problem to be solved, technical options for systems, and potential problems the greater chance for success. 3 solutions to a business problem: (1) do nothing. (2). Modify or enhance the system. (3) develop new system. Feasibility study- analyzes which of the three solutions best fits the particular business problem. Determines the probability that the solution chosen will succeed through assessment of it’s technical, economic, and organizational feasibility. Technical Feasibility— determines if the hardware, software, and communications, com...
View Full Document

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern