Viewing All Flashcards for CS 330
Questions
Answers
The probability of attack of a specific type within a specific time period.
The probability of a threat being repelled.
Human, Environmental, Technical
Power failure, computers crash, defective parts.
Incorrect design/code, no authorization, lack of experience
Flood, earthquake, fire, etc.
1) Radio frequency bands are easy to scan2) SSID (service set identifiers) that identify access points are broadcast multiple times3) Often no protection against war driving (where eaves droppers drive by and try to intercept wireless network traffic)
Malicious damage to computer equipmentTheft of data, computer time, equipment, softwareManipulation of data input or processingVirusesDeliberately overwhelming the system, denying access (DDOS) Distributed Denial of ServiceLabour strikes, or sabotage.
- Rogue software that attach to other programs in order to be executed, usually without user knowledge or permission-Delivers a "payload" (the bad thing the virus does to your system)-Can spread via e-mail
1) They are programs that copy themselves from one computer to another over networks2) They can destroy data/programs, and halt operation of computer networks
-A software program that appears to be benign, but then does something unexpected.-"Transpports" a virus into a computer system
- Rogue software that attach to other programs in order to be executed, usually without user knowledge or permission-Delivers a "payload" (the bad thing the virus does to your system)-Can spread via e-mail
Malicious damage to computer equipmentTheft of data, computer time, equipment, softwareManipulation of data input or processingVirusesDeliberately overwhelming the system, denying access (DDOS)Labour strikes, or sabotage.
Individuals who attempt to gain unauthorized access to a computer system.
Intentional disruption, defacement, or destruction of a website or system.
-Masquerading as someone else, or redirecting a Web link to an unintended address.
Denial of Service
-An eavesdropping program that monitors information travelling over a network.
A Denial of Service attack happens when hackers flood a server with false communications in order to crash the system.
A violation of criminal law that involves a knowledge of technology for perpetration, investigation, or prosecution.Identify Theft (a crime in which an imposter obtains pieces of personal info)Phishing(Setting up fake websites or sending email messages that look legit, enticing people to submit confidential data)Pharming(redirects user to a bogus website)Click Fraud(bogus clicks to drive up pay-per-clicks)Cyberterrorism and Cyberwarfare(Exploitation of systems by terrorists)
A hacker with criminal intent.
1) ERM - Electronic Records Management2) CSOX - Canadian Rules for Sarbanes-Oxley which are internal controls that govern information in financial statements
A DoS that uses numerous computers to crash the network.
Determine level of risk to the firm in the case of improper controls.
They can do the damage remotely on a variety of computers.
Business Continuity Planning is about getting the business up and running after a disaster and involves safeguarding people as well as machines. There must be documented business processes so that you don't have to rely on people how may be unavailable (might have to let them handle personal issues first)Characteristics:- Fault-tolerant computer systems- High-availability computing- Recovery-oriented computing- Security outsourcing if necessary
27)
Disaster Recovery Plan
It involves formally documenting actions in case of a pre-identified disasters, and identifying, evaluating, and monitoring risks. There is sometimes a legal requirement for a DRP (such as with banks), but other business also have a need to be able to provide uninterrupted customer service.
Chief Security Officer (dude in charge of security)
Authorization Policies:-Different levels of access for different usersAuthorization Management Systems-Control Access to corporate websites and databases.
- Password- Token (physical device)- Smart card (ID card)- Biometric authentication (eyes, fingerprint)
What: Hardware and software controlling flow of incoming and outgoing network traffic.How:1) Packet Filtering - examines headers and filters accordingly2) Network Address Translation (NAT) - conceals internal IP addresses3) Application proxy filtering - examines application content of incoming packets.
33)
Acceptable Use Policy-Acceptable uses and users of information and computers.
Full-time monitoring tools placed at the most vulnerable points of the corporate networks to detect and deter intruders
The ability to be certain that the message being sent arrives at the proper destination without being copied or changed.- digital signatures/certificates- Public Key Infrastructure (PKI)
Encryption: Coding and scrambling of messages to prevent unauthorized access to, or understanding of, the data being transmitted.Two methods are:Secure Socket Layer () and its successor Transport Layer Security (TLS)Secure Hypertext Transfer Protocol (S-HTTP)
Uses two different keys, one public and one private.The keys are mathematically related so that data can be encrypted with one key and decrypted with the other.
A date file used to establish the identity of users and protect online transactions and handles public keys. It uses a trusted third party, a Certificate Authority (CA) to validate identity.
- Identification- Authentication- Privacy- Integrity - keeping information in its original form- Non-repudation - preventing parties from denying actions they have taken
Uses two different keys, one public and one private.The keys are mathematically related so that data can be encrypted with one key and decrypted with the other.
Pros:- save money (sometimes)- better quality/expertise- lack of availability of necessary resources in house- build an alliance relationship- frees employee time- reduce headcountCons:- contracts are difficult to make iron clad- lose control, can't oversee work being done- difficult to switch back to insourcing- out sourcers don't know your business as well as you- may be more expensive- existing staff may lose their jobs- could end up with a bad relationship- communication issues (time zones)
Solution: eliminate manual tracking of instruments, implement database, and allow for instruments to be budgeted for and trackingExample: Alex gold software increased efficiency and reduced errors in instrument tracking process.
- if IT is your core business- if it is "soft" (i.e. strategy, architecture, planning), coding and debugging is okay- when cost savings aren't guaranteed- when you will lose control
AutomationRationalization for proceduresBusiness process reengineering Paradigm shift
- long contracts (8-10 years), but technology changes approx every 2 years- can't have shorter contracts because of: set up costs, switching costs, etc- can't in source after already out sourcing because all your people and systems are out of date
Mechanizing procedures to speed up the performance of existing tasks
- what are the responsibilities of each party?- the performance requirements, existence of bonuses/penalties- want it be both iron clad and flexible/evolutionary- clarification of standards for quality- up times/down times, how often will they be available?- degree of development control that is shared- cost savings, must be calculated by a disinterested 3rd party- suppliers must be stable/high quality, can't go out of business later- matching of corporate cultures
- you want to focus on your core business (IT is not core)- if there is no/minimal risk from loss of control and flexibility- if its not a critical system to your business- when the skills don't exist internally- when systems are highly structured, clearly defined, or low maintenance- when your firm is behind and needs to catch up- when you are employees are confident enough to not panic
The streamlining of standard operating procedures
Redesign of business processes to reorganize workflows and reduce waste and repetitive tasks
Identify the inputs and out puts to a businessIdentify the flow of products and/or servicesidentify the network of activities and buffers in the processIdentify process actors and decisions makersIdentify the information structure and flowIdentify the process ownersUnderstand how much processes cost and tie to performThink about how IT can be used to improve processes
Radical reconceptualization of the nature of both the business and the organization
53)
Total Quality Management. Quality is the responsibility of all people and functions within an organization.
Systems analysis-Establishing information requirementsSystem design-How the system will meet requirementsCompleting the development process-Programming, Testing, Conversation-Products and Maintenance
Business Process Management. It is the methodology and tools for revising processes in order to enable continual improvement.- Workflow Management- Business process modeling- Quality Management- Change management
Studying a current business system and its problems to determine what the system is supposed to do, defining business needs and requirements, evaluating alternative solutions.Conduct a feasibility study to determine whether the solution is achievable
Measure of quality (i.e. 3.4 defects per million opportunities)
1) Programming - translating the system specifications prepared during the design stage into program code2) Testing - Determine whether the system produces the desired results under know conditions3) Types of testing - unit (testing each program separately), system (testing the system as a whole), acceptance (final certification that the system is ready4) Conversion - planning the conversion, preparing documentation, training users/staff5) Production and maintenance - operate, evaluate, and modify system
Any abstract representationStructured methodologies, process oriented including data flow diagrams (DFD) and Input Process Output Model (IPO) structure chartObject oriented developmentComputer-aided software engineering (CASE) tools
- Traditional Systems Development Life Cycle (SDLC) (waterfall, spiral, etc)- End-user development- Prototyping- Application Software Packages- Outsourcing
How an information system will fulfill the objective determined during systems analysisUsers must have sufficient control over the analysis and design process to ensure that the system reflects their business priorities and information needs
UpperCASE (front end) tools: requirements, analysis, DFD, ERD, designLowerCASE (back end) tools: detailed design, code generation, test cases, ties to 4GL(4th generation language) or to front end toolsInformation repository stores data structures, processing logic, business rules, source code, other documentation and ties to data dictionaryData dictionaryConsistency checkerReport Generator, screen generatorExamples: Rational Rose, Case Analyst, MagicDraw UML
Automating development of large applications in conjunction with structured programming techniquesSoftware that does systems development for the human {or at least helps}Used by developers rather than users
64)
Systems Development Lifecycle, works on the idea of methodical systems development.
It is a sequential design process where things are seen as flowing down to the final completion stage.
A software prototype is a work-in-progress systemAn iterative process to test assumptions and gather feed back about:-User requirements-Application Design-Program LogicQuick and relatively inexpensive method for system development
- Disciplined approach (best practices)- Modularity (divide and conquer)- Reliability (few errors)- Efficient use of resources (cost effectiveness/increased productivity)*emphasis on the early stages to catch errors early so they're cheaper to correct*
First: hardware, machine languageSecond: assemblerThird: proceduralFourth: non-proceduralFifth: artificial intelligenceExamples: , Visual Basic, PowerBuilder
- Waterfall- Agile (iterative, incremental, more concurrent designing throughout whole process)- RAD (rapid prototyping)- Code-and-fix- Spiral (risk driven, large scale in-house only, can work in or out of the spiral)- Synchronize-and-stabilize- JAD (joint application development) - collaborative, intense workshops, 5-10 days out of office- Evolution tree- Open-source (generally for personal use, not businesses, free, collaborative by disconnected individuals)
70s - SDLC, evolved from a craft to a structured process80s - 4GL - 4th generation programming language90s - BPR (business process re-engineering) and ERP (enterprise resource planning)2000s - internet-based, web services
3rd Generation Language-Programmer instructs computer through structured processes (C,Java, Fortran)4th Generation Language-Some processing built in (, Visual Basic, PowerBuilder)5th Generation Language-Computers can do some processing
-Manage computer operations, systems development, systems development projects, and IS personnel-Budget for the department and others in the organization who use computers.-Plan for operational level systems and for the IS department's operations-Justify financial investment in systems
4GL is more than a computer language, it can be many programming environmentsEnabled development by end usersFacilitated use of different development methods, such as prototypingFocus on problem-solving and system design rather than laborious 'coding'May include automated coding
Sets policy and priorities for the IS departmentApproves budgets for major projectsReviews progress reports for major projects
75)
Information Resource ManagementIRM is a the process of managing information systems - including hardware, software, data and databases, telecommunications, people and the facilities that house these information system(IS) components
76)
Chief Information OfficerThe strategic level manager for information systemsA member of senior managementEnsures that all IS plans, systems, and operations support the organization's overall strategy
Systems operators-run hardware, ensure backups are completedData entry operators-Enter data in computer-readable formatNetwork managersWebmasters
-IS projects often run over budget-How to justify financial investments in IS
Application of knowledge, skills, tools and techniques to achieve specific targets within specified budget and time constraints
-Non computer scientists find careers with IS departments-IS professionals demand high salaries-Skilled Canadians being hired by U.S. companies-Difficulty of keeping skills up-to-date
- Linking systems projects to business plan - Piroritize, CIO part of top management-Critical success factors -The few key areas of the business that absolutely must go right-Portfolio Analysis with benefits and risks
-Cost overruns-Time slippage-Technical shortfalls impairing performance-Failure to obtain anticipated benefits
The payback methodRate of return on investment (ROI)Net present valueInternal rate of return (IRR)Real Options Pricing Models
Benefits/Risk:High/High - Cautiously ExamineHigh/Low - Identify and developLow/High - AvoidLow/Low - Routine Projects
Rate of return on investmentInternal rate of returnThe rate of return or how fast a company gets its money back on its investment
-A quick and sometimes compelling method for arriving at a decision on alternative systems-The most important outcome of a scoring model is not the score but agreement on the criteria-Best practice is to cycle through the scoring model several times, changing the criteria and weights, to see how sensitive the outcome is to reasonable changes in criteria.-Requires experts who understand the tradeoffs
Financial models do no included social and organizational disruptions and benefits should also be includedCon: End user training costs, lost productivity with new learning curve, management time overseeing new system changesPro: More timely decisions, enhanced employee learning and expertise
88)
Scope is work included or not included in a project
-Often, major changes need to be managed-End user involvement from the start-Top management support and commitment-Large-scale challenges for business process reengineering, enterprise applications, and mergers and acquisitions.
Usually financially based decisions, so often IS is ignoredTarget company may have fallen behind in IS or systems are totally incompatibleCreate an inventory of assets (TPS (transaction processing system), MIS, strategic systems and infrastructure) and establish the value of these systemsThe options are keep your systems, keep target company systems, or integrate them
Project Size (cost, staff, time, number of departments)Project Structure (Clarity, simplicity, changing requirementsExperience with Technology (Project team, IS staff)
92)
Customer Relationship Management System
- Cultural particularism (regionalism, language difference, etc)- Social expectations (brand-name expectations, work hours, etc)- Political laws (privacy laws, commercial regulations, etc)- Standards (different EDI, telecomm, etc)- Reliability (phone networks not uniformly reliable, etc)- Speed (slower data transfer speeds, etc)- Personnel (shortages of skilled workers, etc)
Global communication and transportation technologiesGlobal culture and social norms created by shared media - TV, movies, internetPolitical stability encourages businessGlobal knowledge base - shared education, science, industrial skills
Global MarketsGlobal production and operations requiring global coordinationGlobal Workforce - distributed, virtualGlobal economies of scale to find the cheapest economies of scale to find the cheapest production and maximum revenue world-wide
1) Domestic Exporter - most corporate activities in home country2) Multinational - finance at home with production, sales, marketing elsewhere3) Franchiser - created and controlled at home, but sold globally4) Transnational - no national borders, many regional headquarters
Global communication and transportation technologiesGlobal culture and social norms created by shared media - TV, movies, internetPolitical stability encourages businessGlobal knowledge base - shared education, science, industrial skills
A company based in Canada and operating in Europe now wants to expand to AsiaProduction and marketing regional and nationalOnly financial controls and reporting are globalHodgepodge of hardware, software, processesdifferent manufacturing, marketing, sales and HREmail and communications systems don't matchLocal and foreign groups will resist co-ordination
1) Centralized - totally controlled at home (most often "domestic exporter")2) Duplicated - development at home with global copies of home systems (most often "franchiser)3) Decentralized - each foreign unit designs and develops its own system (most often "multinational)4) Networked - systems development and operations occur globally and all work is shared and integrated (most often "transnational")
Agree on common user requirementsIntroduce changes in business processesCoordinate applications developmentCoordinate software releasesEncourage local users to support global systems
- Technology - integration of computing platforms/systems, connectivity, appropriate software- Managing global software development - offshore outsourcing
Suite of integrated software modules and a common central databaseThe database collects data from different departments and processes in a firmInformation collected from an process can be accessed and use by other processes
- Define the core business processes- Identify the core system to coordinate centrally- Choose an approach (incremental, grand design, evolutionary)- Make the benefits clear- Look at the results of the capital budgeting analysis
- A more uniform organization- More efficient operations and customer driven business processes- Firm wide information for improved decision making
A network of organizations and business processes for procuring raw material, transforming these materials into intermediate an finished products, and distributing the finished products to customersLinks suppliers, manufacturing, distribution, retail and customersMaterials, information and payments flow through the SC in both directions
When a customer places an order, or when minor fluctuations or changes occur downstream in supply chain, they can cause large problems for suppliers/manufacturers/etc. The problems escalate.
- Define the core business processes- Identify the core system to coordinate centrally- Choose an approach (incremental, grand design, evolutionary)- Make the benefits clear- Look at the results of the capital budgeting analysis
Order commitmentsFinal productionReplenishmentDistribution managementReverse distribution
Order planningadvanced scheduling and manufacturing planningdemand planningdistribution planningtransportation planning
A Customer Relationship Management System examines customers from a multifaceted perspective. - Use a set of integrated applications to address all aspects of the customer relationship, including customer service, sales and marketing.- Capture and integrate customer data from across organization- Consolidate the data- Analyze the data- Distribute the results to various systems and customer ouch points across the enterprise
Push model involves forecasting demand and pushing your product to customers, convincing them to buy your productPull model involves customers coming to you to order what they want
112)
Supply chain management.
- Partner Relationship Management- Employee Relationship Management (identifies employee performance, compensation, etc)- Sales Force Automation (focuses on most profitable customers)
Middleware and software tools to tie ERP to seperate financial systems or to legacy systems, for example:1. More flexible, web-enabled, integrated with other systems; enterprise solutions/suites, such as mySAP, Oracle E-business suite2. Service platforms integrate multiple applications to make them look like one system
- Wireless internet- Rich Site Summary or Really Simple Syndication (RSS)- Computing and networking component prices continue to fall- New internet-based models of computing expand B2B opportunities
Ubiquity- can be found everywhereGlobal Internet reachUniversal standardsRichness: video, audio and textInteractivityInformation density: plentiful, cheap and accuratePersonalization/customization: individuals, groups
117)
Really Simple Syndication, a method of feeding data.
118)
A method of interaction with customers (the point of interaction)-Telephone, email, conventional mail-Customer service desk-Website-Wireless notification-Retail store
- Information asymmetry and transparency (purchasers can know now costs of suppliers)- Lower menu costs (seller's cost of changing prices decreases)- Dynamic pricing (supply and demand, prices can fluctuate easily)- Disintermediation (allows you to remove the middle man)
Digital goods:Zero marginal cost/unitHigh(most of the cost) of production costApproximately zero copying costlow delivery costlow inventory costvariable marketing costvariable pricingTraditional Goods:High, greater than zero marginal unit costVariable production costhigh copying cost(greater than zero)high delivery costhigh inventory costvariable marketing costfixed pricing, based on unit cost
- Virtual storefront: sells goods/services online (i.e. chapters)- Information broker: provides information on products/services (i.e. Edmunds (cars))- Transaction broker: provides online transactions facility (expedia)- Online marketplace: provides a trading platform for individuals/firms (eBay)- Content provider: creates revenue by providing content (yahoo)- Online service provider: provides services...- Virtual community: (facebook, youtube)- Portal: initial point of entry to Web, specialized content, services (msn.ca)
Banner ads: graphic display used for advertising; user clocks to go to ad sitePop-ups ads: users clicks to get red of adSocial networking sites: mutual business or personal connections (LinkedIn)Kaboodel shares shopping sites and tipsFlixster, a social movie review site
- clickstream tracking (pages visited, purchases, etc)- interactive marketing/personalization- customer self-service (answer questions on website/email, i.e. air canada updates, or post tracking)
Digital goods is anything that is information that can be converted to data.Some examples of digital goods are music, video, newspaper, software, e-booksOriginal cost of digital goods is almost the total cost of product because inventory and distribution costs are next to zeroMarginal cost for second and subsequent copies is also next to zero
125)
A series of chronological entries with links to related sitesCorporate blogs can present information about new products; readers are invited to comment, building customer relationshipsMarketing people can watch and analyze a variety of public blogs to see what is being said about their company's products
- Business to Business- Procurement: sourcing, negotiating, purchasing, delivery, etc- Have a private network and an extranet to selected suppliers/distributers- Net marketplaces: multiple buyers can purchase from multiple sellers- Exchanges: independently owned net marketplaces, often for a single industry
Content and location-based services - search for restaurants, movies, weather, train schedules; Air Canada flight delays and cancellationsBankin and financial services - changes, updates and most banking from mobile deviceWireless advertising - Harvey's CouponGames and entertainment - download games, movies, television, news to cell phone
Business-to-customer (B2C): Retailing of products and services directly to individual customers (Chapters.indigo.ca)Business-to-business (B2B): sales of goods and service to other business (ChemConnect)Consumer-to-consumer (C2C): Individuals using the Web for private sales or exchange (eBay.ca)M-commernce: mobile commerce
- Digital credit card payment systems- Digital wallet- micropayment systems (under $10)- digital cash- peer-to-peer payment systems (PayPal)- digital chequing (eCheque)
- Keyboard and screens are tiny- Slow data transfer speed- Expensive to download and pay per minute- Limited memory- Limited power, battery life
- Unstructured decisions (novel, non-routine decisions requiring judgment and insights, i.e. approve capital budget, corporate objectives)- Structured decisions (routine decisions with definite procedures, i.e. restock inventory, coupons)- Semi-structured decisions (only part of decision has clear-cut answers provided by accepted procedures, i.e. allocate resources to managers, developing marketing plans)
Classical: Intelligence, design, and choice (1960)Rational: Goal, problem, criteria, all possible alternatives, selectPractical: Choose from 1 or 2 possibilitiesPersonal: Irrational, intuition, faith, tradition, social psychologyGarbage Can: No goals, organized anarchy, inconsistent, ill-definedDecision Support: Software tools for management (1971 PhD thesis)
Classical Model of Management: Planning, organizing, coordinating, deciding, controllingBehavioural Models of Management: Less systematic, more informal, less reflective, more reactive, less well-organizedManagement by walking around (MBWA)
- Information quality, management filters (selective attention, variety of bias, etc), organizational culture (resistance to change, politics, etc)
- often available on an intranet- structured problems and solutions- fixed, regularly scheduled reports- reports can be generated on demand by users
136)
Decision Support SystemComputer-based systems that help decision makers confront ill-structerd problems through direct interaction with data and analysis.Can model "what-if" analysis
- Uses 'what-if' questions repeatedly to determine the impact on outcomes of changes in one or more factors (i.e. what if we raise the price by $X, etc)
- Accuracy, integrity, consistency, completeness, validity, timeliness (available when needed), accessibility
Data, dialogue, models
Executive Support SystemAn ESS can be viewed as a DSS that provides access to summary performance data, uses graphs to display and visualize the data in an easy-to-use fashion, and has analysis to "drill down" in summary data to examine components.Flexible, easy to use, company performance data (sales, production, earnings, budgets, forecasts, etc.), internal communications and environmental scanning (government laws, competition, financial and economic views)Executive digital dashboard
- Group Decision Support Systems- interactive system, unstructured problems and solutions, set of decision makers working together- More than GSS (group support system) because it has tools for Data Management as well as communication- more people can participate, brainstorm, provide anonymous feedback, etc
-An intangible corporate asset, that requires organizational resources. Value increases as more people share it which also increases organizational learning.- Successfully transferring knowledge is 90% organizational culture and 10% technology.
- Analyzes large amounts of order information based on region, payment method, amount of purchase, time of day, product purchased, etc- Then categorizes and summarizes data in two or more dimensions- If you had a small list of sales, could check patterns visually, but impossible with large amounts, so pivot tables help
1) Knowledge acquisition2) Knowledge storage3) Knowledge dissemination4) Knowledge application
Hardware - collaborative conference facilities, electronic display boards, etcSoftware - questionnaires, idea generators/organizers, priority setting, etcPeople - participants, facilitators, hardware/software support staff
- Data: flow of events/transactions, etc- Information: organized/processed data into categories of understanding- Knowledge: patterns, rules, and contexts that provide a framework for using information (can be tacit (undocumented) or explicit)- Wisdom: the collective and individual experience of applying knowledge to the solution of a problem (knowing when, where and how to apply knowledge)
1. Knowledge creation and capture - either build in-house or acquire it externally2. Organization and categorization - best practices knowledge bases3. Distribution and access - push info out and allow pull access through networks4. Absorption and reuse - learning and applying to new situations
- Human capital (knowledge, skills, innovation of employees, etc)- Structural capital (hardware, software, databases, patents, etc)- Customer capital (strength of relationships/networks with associates, can be human (personal relations) or structural (company products used))
Enterprise Wide KM Systems: Corporate SharingKnowledge Work Systems (KWS): Specialized knowledge for professionalsIntelligent Techniques: Tools for discovering knowledge such as data mining and expert systems.
- Structured knowledge system: information includes formal documents and the type of knowledge is structured- Semi-structured knowledge system: information includes emails, voicemail, memos, bulletins, etc, type of knowledge is semi-structured- Knowledge network system: information includes expertise of individuals, and type of knowledge is network (tacit), it provides an online directory of corporate experts, solutions are documented as they happen, solutions can be categorized and stored in a FAQ or best practices repository