1
Q
BTM definition
A
set of processes and services that unite an enterprises business technology and business management
2
Q
What is an Information System
A
collection of technology, tools, people who use it, and the processes that support it
- collect, process, store, analyze and disseminate info for a specific purpose
3
Q
What are the components of an IS
A
(L - R) Hardware, software, data, procedures, people
- hardware software = computer
- people procedures = human
- data = bridge between
4
Q
What is data
A
raw facts with no context
5
Q
What is information
A
Processed data with context, relevance and purpose
6
Q
What is knowledge
A
Information that facilitates action
- explicit knowledge = can be expressed in words/numbers (e.g. textbook)
- tacit knowledge = learn by doing (e.g. ride a bike)
7
Q
What is wisdom
A
Combination of knowledge and experience to produce a deeper understanding of a topic
8
Q
What is systems analyst
A
Manages projects by identifying business needs and imagining a new/redesigned computer-based system to fulfill needs
9
Q
What is programmer
A
Writes computer code in programming languages to fulfill specifications of analyst/designer
10
Q
What is computer engineer
A
Designs computing devices. Includes software, hardware, system and network engineers
11
Q
What jobs make up the creator section of IS
A
systems analyst, programmer/developer, computer engineer
12
Q
What is computer operator
A
oversees the mainframe computers and data centers in organizations
13
Q
What is database administrator
A
manages the databases for an org
14
Q
What is IT Support
A
First line of support for computer users in a company
15
Q
What is trainer
A
Conducts classes to teach people specific computer skills
16
Q
What jobs make up the operator section of IS
A
computer operator, database administrator, IT support, trainer
17
Q
What is CIO/CTO
A
head of the information-systems function
18
Q
What is information manager
A
responsible for determining the info needed for the org, collecting the appropriate data, and converting it to info + communicating the info
19
Q
What is project manager
A
responsible for keeping systems projects on time and in budget
20
Q
What is information security officer
A
in charge of setting information-security policies for an org, and overseeing implementation
21
Q
What jobs make up the managers section of IS
A
CIO/CTO, information manager, project manager, information security officer
22
Q
What are innovators
A
First individuals to adopt a new technology
- youngest in age
- highest social class
- great financial liquidity
- willing to take risks
- close contact with scientific sources and other innovators
23
Q
What are early adopters
A
Those who adopt an innovation soon after a technology has been introduced and proven
- highest degree of opinion leadership
- younger in age
- higher social status
- more financial liquidity
- advanced education
- socially aware
24
Q
What are early majority
A
Those who adopt an innovation after a varying degree of time
- above average social status
- contact with early adopters
- rarely have positions of opinion leadership
25
What are late majority
Those who adopt an innovation after the average member of society
- high degree of skepticism
- below average social status
- very little financial liquidity
- low opinion leadership
26
What are laggards
Those who are the last to adopt an innovation
- no opinion leadership
- aversion to change
- advanced in age
- lowest social status
- lowest financial liquidity
27
What is a systems thinking approach
looking at an entire process, taking into consideration all parts and how they work together instead of focusing on one part
- look at how different systems work together
28
What is an abstract thinking system
Looking at the relation of a system to a business, and the business process
29
What are parts of technology in IS
hardware, software, networking communication
30
What is hardware
tangible, physical portion of an IS - computers, keyboards, etc
- input, process, output and store data according to software or computer programs
31
What is software
set of instructions that tell the hardware what to do, intangible
- Operating systems and application software
32
What is an operating system
- program that controls computer's resources
provide an interface between hardware and the application software - windows, IOS, etc (GUI)
33
What is an application software
- perform specific user tasks
allows user to perform tasks such as word processing, spreadsheet, presentation, database management system, desktop publishing, financial software, etc (productivity software)
34
What is networking communication
made up of hardware and software, but it is the ability of information systems to communicate and connect to one another
35
What is a process
A series of steps undertaken to achieve a desired outcome or goal
36
What are the characteristics of good data
accessible, consistent, complete, timely, accurate, cost, relevant, clear
37
What is outsourcing, and how is it affecting IS
Hiring people outside the company to do work without training new employees
- cost cutting move, companies are cutting out people or even entire departments
38
IS effects on the model of organizations
- flattening of org structure due to removal of 1+ layers of mgmt
- network-based org structure --> bring employees with the right skills tgt to work on a project, groups are somewhat informal and maximize effectiveness
39
END OF CLASS 1
:)
40
Describe Generation 1 computers
- 1930 to mid 1950s
- large, fragile, complex and expensive
- high energy consumption
- require cooling system
- only run 1 program at a time
- punch card input
- housed at universities
41
Describe Generation 2 computers
- mid 1950s to mid 1960s
- first digital computing machines used in biz/gov
- smaller, simpler, faster
- lower power and heat requirements
- increased reliability
- magnetic data-storage drum
- punch card input
- printout output
42
Describe Generation 3 computers
- mid 1960s to early 1970s
- silicon chip (semiconductors)
- smaller, faster, cheaper
- keyboard input
- monitor output
- bigger storage capacity
43
Describe Generation 4 computers
- early 1970s to present
- CPU
- GUI
- mouse
- floppy drive
- personal computers
44
Describe Generation 5 computers
- early 2000s to present
- parallel processing and superconductors
- nanotechnology
- natural language input
45
Discuss networking personal computers
- mid 1980s to present
- critical to the rapid adoption of personal computers + rise of social networks
- LANS
- WANS
46
What are LANs
- link many personal computers together (e.g. all devices in a house)
- shared access to data, printers and other
- connect you to the WANs
47
What are WANs
- internet
- email
- web browsing
- etc
48
Describe mobile computing
- late 1990s to present
- small form factor computer devices that work almost the same as large PCs
- integrate many components into one (e.g. built in weather app, GPS, etc)
49
Describe cloud computing
- mid 2010s to present
- cloud = internet, where software and data is stored and accessible from any location at any time
- rented from 3rd party providers and consume computing resources as a service
- customers do not own the computer infrastructure
50
What is input hardware
hardware that accepts or capture data to be entered into the system
- direct: keyboard, mouse, touchpad, touch screen, writing tablet, etc
- indirect: scanners, digital cameras, biometric systems (retina scanner)
51
What are common input devices
6 common categories of input devices
- pointing devices: mouse, trackball, touchpad, pointing stick
- game controllers: gaming wheel, joystick, gamepad
- keyboards/styluses
- scanners: image scanner, bar code scanner, optimal mark reader, optimal character reader, biometric scanner
- cameras: digital still camera, digital video camera, webcam
- microphones
52
What is output hardware
most visible part of computing, consists of 3 parts:
- video output: monitors = CRT vs Flat Panel display
- Printed output: printers = inkjet VS laser
- Sound output: speakers
53
What are common output devices
3 common categories of output devices
- monitors: CRTS, Flat panel displays = LCD, Gas plasma
- Printers: Inkjet, laser, multi-function, plotter
- Speakers
54
What is a bit, byte, and what is the difference?
bit = binary digits, used to represent data through 0s or 1s
byte = group of 8-bits
55
What are the different specifications for size of memory
K = kilobyte = 1024 bytes
MB = megabyte = 1024 K
GB = gigabyte = 1024 MB
TB = terabyte = 1024 GB
PB = petabyte = 1024 TB
56
What is the CPU
central processing unit, transfers program or data from disk to main memory
- moves instructions from main memory via data channel or bus
- small amount of very fast memory = cache (keeps frequently used instructions, bigger = more expensive)
57
What is the motherboard
electronic circuitry which provides the means to connect various computer hardware together
- all components must connect to the motherboard (CPU, primary memory, buses, ports and expansion slots, etc)
58
What is the main memory (RAM)
- contains program instructions, OS instructions
- too little RAM = constant memory swapping = slow processing
59
What is memory swapping
- main memory is too small to hold all the data, so the CPU loads programs into the memory in chunks
- new programs are placed into unused memory
- chunks being used will be replaced with requested data
60
Discuss RAM VS ROM
RAM
- volatile (lose data when turned off)
- can be added to motherboard
- working memory
ROM
- non-volatile (not lost when turned off)
- stores permanent instructions
- used to "boot up" the machine
61
What are the types of secondary storage
magnetic disks, optical disks, flash memory, the cloud
62
What are magnetic disks
fixed drive disks AKA hard drives
- non-volatile
- capacity measured in bytes
- multi-platter design
- records in tracks and sectors
- HDD popular in phones/tablets
63
What are optical disks
3 types, Compact disk, digital versatile disk, and blu-ray disk
- Compact disk --> up to 700 MB of data
- DVD --> stores up to 8.5 GB of data
- BD --> high density DVD, stores from 25 to 128 GB
64
What is flash memory
flash memory device = small device that plugs into a USB port (flash drive)
Flash memory card = high capacity storage card that is inserted into a reader which turns plugs into a USB port (digital camera memory)
SSD = high capacity storage used instead of magnetic hard disk drive (HDD), popular in personal computers
65
What is the cloud
hard drive space accessible via the internet
- popular with mobile devices
- can be used to work on same data file on multiple devices
- provided by many commercial services (e.g. iCloud, Google Drive, etc)
66
What is a client computer
computers used to review and process information
- e.g. word processing, spreadsheets, database access, etc
- connect to servers for web browsing, email, database access, etc
67
What is a server computer
computers dedicated to providing access to information and applications
- faster, larger and more powerful than client computers
- serve resources to client computers
- dedicated: mail, file, web, applications, database, etc
68
What are the steps in operating computer software
user --> application program --> operation system --> BIOS --> computer
69
What is firmware
- computer software installed into devices
- e.g. printers, game controllers, communication devices, etc
- coded like other software
- installed into ROM
- can be changed and upgraded
BIOS - used when a computer is initially booted up
- required because all RAM is lost when a computer shuts down
70
What are constraints (on OS/application systems)
- a particular version of an operating system written for a particular type of hardware (PC vs MAC)
- application programs are written to use a particular operating system
71
What is proprietary software
- executable files only, can't see program source code
- users buy license to use the program
- software is owned by development company
- e.g. Microsoft Office
72
What is open source software
- source code is available, and can be adopted to your needs
- cannot sell any updates made
- no license fee
- must follow GNU General Public License
- many companies make money by offering support
73
Methods of acquiring application software (3)
- buy off-the-shelf: may be a good fit, may not be a good fit (horizontal)
- buy off-the-shelf with alterations: customized for specific industry, good fit (vertical, a bit of horizontal)
- custom developed: tailor-made for a specific org, good fit (custom)
74
What are the different types of application software (3)
- horizontal market application software: provides capabilities common across all industries, general purpose software
- vertical market application software: services needs of a specific industry, usually altered/customized
- one of a kind application software: designed for a specific need/org
75
What is Moore's law
computing power will double every two years for the same price point
76
What is Huang's law
GPU's are increasing faster than doubling every two years
77
What are the advantages and disadvantages of proprietary software
advantages: get exactly what you need/want, have control over the process
disadvantages: significant investment, need to provide ongoing support/maintenance
78
What are the advantages and disadvantages of off the shelf software
advantages: lower initial cost, usually meets org's basic needs, support and training is available
disadvantages: might pay for unnecessary features, may lack required features and customization can be costly
79
What are the advantages and disadvantages of open source software
advantages: available for free, can be examined and reviewed before being installed, large community = quick big fixing and new features
disadvantages: technical support is not available, software companies provide updates and features as required by the users, user interface may be more challenging to use
80
End of Class 2
81
What is a database
structured collection of data accessed and utilized by many different applications and users
- shared data goes thru DBMS to logical view program, where we can view it
hierarchy: tables > records > fields > bytes
82
What is DBMS
software for dealing with administrating and managing database
PROS: only have to update the database, and all data will be updated automatically
83
What is a flat file database
database that contains only one file/table and no relationships (e.g. spreadsheet)
84
What is a hierarchical database
database that connected data together in a hierarchy, allowing for parent/child relationship between data (popular in 1960s-70s)
85
What are different types of data
text, number, Boolean, data/time, currency, paragraph text, object
86
How are entities represented in the relational model
relation/table (must be uniquely represented)
87
How are attributes represented in the relational model
field/column with a data type and possible constraints
88
How are instances/objects represented in the relational model
record/row in a relation
89
What is a primary key
field or combination of fields that uniquely identifies each record
(note: make sure the primary key MAKES SENSE in the context -- not private info, everyone has it, etc)
90
What are foreign keys
primary keys for a table represented in another table become foreign keys (to the table they don't originate from)
91
What is metadata
data that describes the structure of the database
92
What are violations of entity constraints
- empty primary keys
- repeated primary keys
93
What are violations of referential constraints
- values in foreign keys that do not match existing primary key
(note: empty foreign keys are allowed if the relationship between PK and FK is optional)
94
What is a data dictionary
created alongside database when its being designed, it holds the metadata, and defines the fields/structure of the database
95
How do you normalize data
eliminate repeating groups to create normalized tables, each containing only one relation
- each row is unique in a table, and identified by a PK
- each column in a row must be single valued (no repeating groups allowed in any rows)
- repeat until there are no repeated groups of a theme (e.g. family member, pet)
96
What is the point of data normalization
1) reduce data redundancy
2) ensure data integrity
97
What are the 4 types of cardinality constraints
optional one: o /
mandatory one: //
optional many: o<
mandatory many: /<
98
What are the types of relationships (in ER diagrams)
one to one (1:1)
one to many (1:M)
many to many (M:N)
99
What are different programs (?) used to retrieve data thru queries
SQL = people can use a variety of statements to select, use and manipulate data (SELECT, FROM, WHERE, etc)
QBE = users can fill out a query design grid/template to construct a sample or description of the data they want
- drag and drop fields from diff. tables
- visual representation
- easier to use than SQL
100
End of Class 3
101
How can big data be categorized
volume: size of the datasets
variety: types of data used within datasets
velocity: speed at which all sources can work together and be analyzed
102
What are the 6 steps of decision making
1. recognize decision to be made
2. generate multiple alternatives
3. analyze the alternatives
4. select an alternative
5. implement selected alternative
6. evaluate alternative effectiveness
103
What are the different levels of decision making
operational decisions: concern day-to-day activities
- supported by transaction processing system
- more structured
managerial decisions: concern the allocation and utilization of resources
- supported by management info systems
- structured and unstructured
strategic decisions: concern broader-scope, organizational issues
- supported by executive info systems
- mostly unstructured
104
How can TPS database be updated
1. batch processing: data is collected over time and processed together
2. online processing: data is collected and immediately processed --> data is kepyt current
- more expensive
105
What is a decision support system
system to help managers make decisions using interactive computer models that describe real-world processes
common analysis techniques: what if analysis, sensitivity analysis, goal seek analysis, optimization analysis
106
What is structured decision process
decision that has an understood and accepted method for making a decision (e.g. tax paying)
- managers often develop heuristics (mental shortcuts) for programmed decisions
107
What is an expert system
a system that gives managers advice similar to what they would get from a human consultant
- expensive and difficult to create
- can take the place of human experts, or can assist them
108
What is unstructured decision process
decision that has no agreed upon decision making method
109
What is a semi-structured decision
decision making where most factors needed to make the decision are known, but human experience and external factors may still impact the decision
110
What is OLTP
online transaction processing systems collect data electronically and process the transactions online
- support decision making by providing the raw info about transactions and status for an org
111
What is OLAP
online analytic processing systems focus on making OLTP-collected data useful for decision making
- ability to sum, count, avg, and other simple arithmetic operations on groups of data
112
What is the difference between OLTP and OLAP
users: OLTP = customer front line managers, OLAP = managers, analysts
Processing applications: OLTP: POS, Payroll, inventory, etc. OLAP: query, stats, reports, data mining
Where the data goes: OLTP = operational database, OLAP: data warehouse
113
What is business intelligence systems
BI systems transform data into actionable intelligence and inform an org's strategic and tactical business decisions
- access and analyze data sets and present analytical findings (reports, summaries, dashboards, graphs, charts, maps, etc)
114
What are data brokers
companies that collect and sell data based on online activity
115
What are the areas that combine: engineering + analysis, analysis + communication and communication + engineering
engineering + analysis: data mining
analysis + communication: analytics
communications + engineering: data mining
116
What are the different types of data analytics
descriptive: what happened
diagnostic: why did it happen
predictive: what might happen in the future
prescriptive: what to do next
117
What is the architecture for business intelligence
data sources (OLTP, general ledger, external sources) --> data preparation (scrubbing, summary, quality verified) --> data warehouse (marketing, HR, etc) --> OLAP tools (querying, data mining, report writer)
118
What is a data warehouse
large, multidimensional database that collects and condenses important historical info from company-wide databases and external sources into one database
- used to extract and clean data from operational systems and other sources
- designed specifically to support mgmt decision making
- prepares data for BI processing
- uses non-operational data (the data is a copy from active databases)
- data is time variant and standardized
119
What is a data mart
subset of data warehouse that addressing particular needs (e.g. business function, problem, opportunity)
120
What are the critical conditions for data mining
1. clean and consistent data
2. data accurately reflects current and future trends
121
End of class 4
122
What is the cycle between IT projects and IT operations
IT projects = create new projects
IT operations = maintain current operations
IT projects start a new project b/c there is a need for something new, and then its maintained by IT operations until it needs a new update, where the cycle repeats
123
Why does IT have such a large budget/personnel?
Affects data, people and processes
124
What are the risks of IT projects
- good estimates are difficult b/c tech is always changing --> sometimes updates are required even in the middle of projects
- lack of experience in project team --> lack of understanding of new tech and changes
- lack of support from top mgmt --> don't understand how tech helps other departments
- lack of participation from system users --> agile systems require user participation
- unclear and uncertain project req. --> garbage in = garbage out
- high level of technical complexity
125
What are the different IT project team roles
project manager: manage the people working on project as well as customer expectations
technical analyst: develop the software and hardware
change management: walk users through the transition of systems
system analyst: see how they can design a system that supports the requirements
business analyst: analyzes effects on org (?)
126
What is the iron triangle rule
between time, quality and cost, you can only maximize 2 of them
cheap + quick = low quality
cheap + high quality = low priority
fast + high quality = expensive
127
What is the project life cycle
initiate --> plan --> execute --> close
- projects can be scrapped at any of these steps
- planning is very important because this is where you break down activities, schedule them, budget them, etc.
reasons for initiation: new disruptive tech, competitor improves their tech, etc.
128
What are types of system development methodologies
TPM --> traditional project management
APM --> agile project management
129
What is TPM
Method that follow the system development life cycle (SDLC)
- waterfall, linear, slow, structured, standardized
- linear structure, each step must be completed before the next
- makes more sense for procedural programming languages
130
What are the steps in SDLC
1. preliminary analysis: request for replacement or new system is reviewed
2. systems analysis: determine specific requirements for new system
3. systems design: develops specific technical details required for system based on requirements
4. programming: code is written for system
5. testing: system is put thru a series of structured tests
6. implementation: training users, providing documentation, and data conversion from previous systems
7. maintenance: structured support process for system
131
What is APM
Methods that follow: RAD (rapid application development), XP(extreme programming), Scrum, Kanban, etc.
- prototyping, fast, iterative, active user involvement
- can hop between different parts of the process
- makes more sense for object-oriented programming languages
132
What are the steps of the RAD methodology
1. requirements planning: requirements are defined, team identified, and feasibility is determined
2. User design: representatives of users work with systems analysts, designers and programmers to create the design of the system (JAD sessions)
3. construction: application developers work with users to build the next version of the system thru interactive process
4. cutover: switch old system to new --> done in periods of low activity
133
What are characteristics of agile methodologies
- small cross-functional teams that include development team members and users
- daily status meetings to discuss current state of project
- short time-frame increments for each change to be completed
- working project at end of each iteration demonstrates progress to stakeholders
GOAL: provide flexibility of iterative method while ensuring a quality product
134
What is the lean methodology
- focuses on taking an initial idea and developing an MVP that works well enough just to demonstrate the idea behind the project
- once developed, its given to potential users for review (direct observation/discussion)
- after discussion, it is determined whether they continue in same development direction or rethink the core idea behind the project, change functions and create a new MVP
Works best in an entrepreneurial environment where company is interested in determining if their idea for a program is worth developing
135
Compare TPM and APM
TPM: fixed scope, estimated resources and time
APM: fixed resources and time, estimated scope
- start by assigning time and resources to work on activities, scope changes as iterations happen
136
Build VS buying software
- depends on the needs of the organization and the capabilities of the software that can be purchased
- identify discrepancies between needs and software capabilities
- make a decision, you can either:
1. modify the software (off the shelf custom)
2. modify the org to fit the software (good for young companies without legacy systems)
3. live with the problems
NOTE: buy is usually cheaper and available much quicker, but its also possible your competitors could be using it and customization process is difficult
137
What do you have to consider when buying/building new systems
economic feasibility: can we afford to make/buy it as well as maintain it
technical feasibility: does the capability exist in a manner that is acceptable --> can our IT build the system, or should we outsource
operational feasibility --> how does it fit with existing systems, do we need to build some bridges between current and new system, how do we deal with existing data
138
What are the different methods of system implementation
parallel: keep old system, and test new system until happy with it
- least risk, most expensive
- not applicable sometimes
pilot: test small parts of new system and see if they work, then transfer and distribute when satisfied
- any problems can be contained and resolved in small groups
phased: Install software in modules/phases, only move on to installing the next phase when happy with current one
- only possible if system has multiple modules/phases
- easier to digest changes
plunge: disable old system and use new system immediately
- most risky if new system does not perform as expected
- least expensive
- requires extensive testing
- often mandatory
139
What is PERT
Project evaluation and review technique
- statistical tool used in project mgmt designed to analyze and represent an estimation of project cost/time
- relies on triangulation of data
formula: (optimistic time + most likely time *4 + pessimistic time)/6
140
Why is PERT usually skewed (result is almost always above most likely time)
pessimistic view is often much worse than optimistic view is good, so the data is skewed
141
Compare PERT and GANTT charts
PERT:
- shows duration for each
- has a start and end that makes it easy to follow flow
- easy to see what tasks are independent or dependent
- longest path = critical path (IMPORTANT)
GANTT:
- length corresponds with time needed
- arrows dont indicate dependencies
- doesn't showcase critical paths
142
End of Class 5
143
What are the typical functional systems
accounting --> operations --> HR --> sales and marketing
- functional systems were referred to as silos to show that early functional systems didn't talk to one another, and weren't as efficient as they could have been
144
Explain accounting systems usages
used to track and manage the financial resources of the org, analyze income and expenses, generate statements and reports, etc.
- financial reporting
- AR, AP
- cost accounting
- budgeting
145
Explain operations system usages
concerns the management of finished goods inventory and the movement of goods from that inventory to the customer
- order management
- inventory management
- customer service
146
Explain HR systems usages
support management of org's employees and affiliated personnel
- recruiting
- payroll and compensation
- employee evaluation
- development and training
HR planning
147
Explain sales & marketing systems usages
store data about potential customers, their product interests and contact with them by sales personnel
- POS (point of sale)
- product management
- lead tracking
- sales forecasting
- customer management
148
What are cross functional systems
integrated process-based systems that operate across functional boundaries (e.g. CRM, ERP)
- increased functionality to support business processes
- integrated processing systems are more efficient
149
What is CRM
Customer relationship management
- provides all info about a specific customer
- it is always cheaper to keep existing customers happy than to try and get new customers
150
What is ERP
enterprise resource planning, developed to bring an entire org under one program
- very expensive and can be disruptive if org has legacy systems
e.g. SAP, Microsoft, Oracle
151
What are the key benefits of ERP
- computer program is customized and specific for an individual org
- database is centralized
- can be used to manage an entire org's operations
152
What are some criticisms of ERP
- commoditize business processes --> drive all businesses to use the same processes and lose their uniqueness
- orgs have to maintain custom changes themselves
153
What are inter-organizational systems
cross functional systems used by 2+ related companies (e.g. Supply chain mgmt, E-commerce)
- efficiently handle the flow of goods from suppliers to customers
- involves selling and purchasing
- integrate multiple-company operations
154
What is supply chain management (SCM)
inter-organizational systems that enable companies too efficiently handle the flow of goods from suppliers to customers
Supplier --> manufacturer --> distributor --> retailer --> customer
NOTE: if you are a distributor, your supplier is manufacturer and your customer is retailers (same goes for any other role in the SCM)
- distributor would have supplier relationship mgmt, as well as customer relationship mgmt
155
What is knowledge management
process of creating, formalizing the capture, indexing, storing, and sharing of the company's knowledge in order to benefit from the experience and insights the company has captured during its existence
156
What is EDI
electronic data interchange is the computer-to-computer exchange of business documents in a standard electronic format between business partners
- provides a competitive advantage through integrating the supply chain electronically
- vastly reduce the resources required to manage the relevant info
157
What is E-commerce
systems that link parties that buy goods and services with parties that sell those goods and services over the internet
NOTE: E-commerce =/ E-business
E-commerce = purchasing and selling stuff online
E-business = online presence
158
What are the different branches of E-business
- Business intelligence
- Customer relationship management
- supply chain management
- enterprise resource management
- e commerce
- online activities between businesses
- collaboration
- electronic transfer within firm
159
What are the different E-commerce business models
B2B, C2B, G2B, B2C, C2C, G2C, G2G, C2G, G2G
B = business
C = customer
G = government
160
What are the advantages and disadvantages of e-commerce
advantages: expanded markets, increased availability, cost reduction, improved efficiency, improved customer service
disadvantages: technical issues, security issues, establishing customer trust and satisfaction is harder
161
What are merchant companies
companies that take the title of the goods they sell (they own them)
- buy goods and resell them
- sell services they provide
e.g. B2C, B2B, B2G
162
What are non-merchant companies
companies that arrange for the purchase and sale of goods without ever owning or taking the title to those goods
- sell services provided by others
e.g. Auctions (eBay), Clearinghouses (Amazon Marketplace), Electronic Exchanges (Priceline)
163
What is a pure-play business
businesses that have online presence only --> use the capabilities of the internet to create a new business
e.g. Amazon
164
What is a brick-and-click business
businesses that combine a physical presence with an online presence
e.g. Indigo, Canadian Tire
165
What is M-commerce + reasons for growth
purchase of goods and services through wireless technology, such as phones and handheld devices
Reasons for growth:
- # global mobile users is steadily increasing
- rapid adoption of e-commerce
- improved tech
- broadband tech and lowering data costs
- instant gratification
166
What are the benefits of M-commerce
- access: access to internet thru mobile device is easier and more affordable than desktop options
- convenience: always with us and being constantly connected with no need to log in or other
- costs: more affordable than desktop devices
- ease of use: relatively easy and simple to use
- mobile payment: alternative options for transactions --> easy and secure
- rich content: brands can better demonstrate a products key features, share testimonials and showcase use
167
What is P2P commerce
form of e-commerce comprised of an online platform that connects individuals looking to transact with one another
e.g Etsy, Uber, Airbnb
168
End of Class 6
169
What are common security threats to individuals
Identity theft --> thief acquires personal info (name, address, DOB, SIN, etc.) and uses it to impersonate the person
thief can take over victim's financial accounts --> open new bank accounts, transfer balances, apply for loans, credit cards, etc.
170
What are ways you can protect yourself?
1. keep your software up to date
2. use encryption on your devices
3. be careful with cloud services
4. only use location services when needed
5. do regular and multiple data backups
6. set long, unique and strong passwords
7. Be suspicious of strange attachments and links
171
What is cybercrime/computer crime
an illegal activity that is committed with the use of a computer, or where the computer is the object of the crime
172
What is malware
short form for malicious software --> any program that is designed to steal or destroy data and systems
e.g. viruses, worms, spyware, randsomware
173
What is social engineering
when criminals lure individuals into sending them personal, confidential data that can be used for crime
174
What is hacking
someone accesses a computer without permission
175
What is phishing
when a user receives an email that looks as if it is from a trusted source, but there is a link that mimics the genuine website and the ID + password are captured by the sender/attacker
176
What is spoofing
technique where culprits disguise their identities by modifying the address of the computer from which the scheme has been launched
177
What is piracy
illegal copying and distribution/use of software
178
What is the information security triad
confidentiality, availability and integrity
confidentiality = protecting info, restricting access to those who are allowed to see it
integrity = assurance that the info being accessed has not been altered and truly represents what is intended
availability = info can be accessed and modified by anyone authorized to do so in an appropriate timeframe
179
What are the sources of security threats to organizations
human error/mistakes, malicious human activity, natural disasters
180
Explain human error and mistakes
accidental problems caused both by employees and non employees; this includes poorly written programs, poorly designed procedures and physical accidents
- e.g. misunderstanding operating procedures and deleting records, spilling coffee on data storage, etc.
NOTE: hardest to protect against
181
Explain malicious human activity
includes employees/former employees who intentionally destroy data or other system components; hackers who break into a system; virus/worm writers who infect computer systems; criminals who break into a system to steal for financial gain; terrorism
182
What is a white hat hacker
hackers that work for security companies --> break in to access the vulnerability of the system and the security companies fixes it
183
What is a black hat hacker
criminals
184
Explain natural events and disasters
acts of nature; problems in this category arise not only from the initial loss of capability and service, but also from actions to recover from the initial problem (often make it worse rather than better)
- biggest impact, easiest to plan for
185
List the different security problems and sources
procedural mistake = human error + unauthorized data disclosure
pretexting/phishing/spoofing/sniffing/computer crime = malicious activity + unauthorized data disclosure
disclosure during recovery = natural disasters + unauthorized data disclosure
procedural mistakes/incorrect procedures/ineffective accounting controls/system errors = human error + incorrect data modification
hacking/computer crime = malicious activity + incorrect data modification
incorrect data recovery = natural disaster + incorrect data modification
procedural mistakes/development and installation errors = human error + faulty service
computer crime/usurpation = malicious activity + faulty service
service improperly restored = natural disaster + faulty service
accidents = human error + denial of service
DOS attacks = malicious activity + denial of service
Service interruption = natural disasters + denial of service
accidents = human error + loss of infrastructure
Theft/terrorist activity = malicious activity + loss of infrastructure
property loss = natural disasters + loss of infrastructure
186
What are the different security safeguards
hardware + software = technical safeguards --> identification and authorization, encryption, firewalls, malware protection, application and design
data = data safeguards --> data rights and responsibilities, passwords, encryption, backup and recovery, physical security
procedures + human = human safeguards --> hiring, training, education, procedure design, administration, assessment, compliance, accountability
NOTE: effective security requires balanced attention to all 5 components
187
What is multi-factor authentication
uses a combination of what you know, what you have, and what you are to allow entry
what you know = identification, authentication
what you have = smart cards, authentication app
what you are = biometrics
188
What is access control
determines which users are authorized to read, modify, add and or delete info
models: access control list (ACL), Role-based access control (RBAC)
189
Explain ACL
identifies a list of users who have the capability to take specific actions with an info resource
- specific permissions are assigned to each user (read, write, etc.)
drawbacks: each info resource is managed separately, harder to maintain as users increase
190
What is RBAC
assigns roles to users, and these rolls all have specific permissions attached
191
What is symmetric key encryption
both parties share the encryption key
192
What is public key encryption
has 2 keys --> public key and private key
- share message = public key
- receive/decode message = private key
193
What is a hardware firewall
device that is connected to the network and filters the packets based on a set of rules
194
What is a software firewall
runs on the operating system and intercepts packets as they arrive at a computer
195
What are anti virus programs
software that can be installed on a computer/network to detect and remove known malicious programs (viruses, spyware)
--> provide a reactive defense
196
What is an intrusion detection system
a system that can be placed on the network for security purposes --> provides the capability to identify if the network is being attacked
--> can be configured to watch for specific types of activities and then alert security personnel if detected
197
What is physical security
protection of the actual hardware and networking components that store and transmit info resources
- e.g. locked doors, physical intrusion detection, secured equipment, environmental monitoring, employee training, etc.
198
What are the goals of a disaster recovery plan
- minimize disruption, damage and loss from a disaster
- provide a temporary method for processing business and accounting transactions
- resume normal operations quickly
Disaster recovery planning = mitigation and prevention --> preparedness --> response --> recovery --> repeat
199
What is disaster preparedness
safeguards that include: asset location, identification of mission-critical systems, and the preparation of remote backup facilities (backup facility is very expensive)
- best safeguard is appropriate location of infrastructure
200
What are the different disaster recovery strategies
Work area recovery (WAR) = office space with basic equipment, usually pre-configured for company use at a recovery facility; can be shared with other companies; charges a monthly subscription fee
- downside = shared (not ideal for natural disasters)
Cold site = room/building used for recovery, but not set up for immediate occupation of use
- for long term interruption
hot site = recovery location that is available 24/7, IT systems + applications are either running all the time or can be activated within 2 hours
relocate = recovery team members relocate to other locations (branches/vendors) to resume/continue work
- short term solution
shut down = temporarily halting all non-essential activities (only mission critical activities are running)
201
What is a security incident response plan
every org must have one --> it is hypothetical planning to prepare for the unexpected --> revisit when a crisis does occur --> evaluate the plan post-crisis to determine how it should be changed to better address future crises
centralized reporting of incidents --> detailed reporting and response; speed is of the essence
preparation pays off --> identify critical employees and contact numbers; training is vital
202
End of class 7
Comm 205
flashcards
Decks in class (1)
# Cards
