Exam 1 Flashcards
Computer-based information systems (CBIS)
An information system that uses computer technology to perform some or all of its intended tasks.
data items
An elementary description of things, events, activities, and transactions that are recorded, classified, and sorted but are not organized to convey any meeting.
enterprise resource planning (ERP) systems
information systems that correct a lack of communication among the functional area ISs by tightly integrting the functional area ISs via common database
functional area information systems (FAISs)
ISs that support a particular functional area within the organization
hardware
a device such as a processor, monitor, keyboard, or printer Together these devices accept, process, and display data and information.
information
data that have been organized so that they have meaning
information systems (IS)
collects, processes, stores, analyzes, and disseminates information for a specific purpose
information technology (IT)
relates to any computer-based tool that people use to work with information and support the information and information-processing needs of an organization
information technology components
hardware, software, databases, and networks
interorganizational information systems (IOS)
information systems that connect two or more organizations
knowledge
data and/or info that have been organized and processed to convey understanding, experience, accumulated learning, and expertise as they apply to a current problem.
knowledge workers
professional employees such as financial and marketing analysts, engineers, lawyers, and accountants, who are expert in a particular subject area and create information and knowledge, which they integrate into business.
procedures
the set of instructions for combining hardware, software, database, and network components in order to process info and generate the desired output.
software
a program or collection of programs that enable the hardware to process data
transaction processing system (TPS)
supports the monitoring, collection, storage, and processing of data from the organization’s basic business transaction, each of which generates data.
business environment
the combination of social, legal, economic, physical, and political factors in which businesses conduct their operations.
business-information technology alignment
the tight integration of the IT function with the strategy, mission, and goals of the organization.
business process
a collection of related activities that produce a product or service of value to the organization, its business partners, and or its customers.
business process management (BPM)
a management technique that includes methods and tools to support the design, analysis, implementation, management, and optimization of business processes.
business process reengineering (BPR)
a radical redesign of a business process that improves its efficiency and effectiveness, often by beginning with a “clean sheet”
competitive forces model
a business framework devised by Michael Porter that analyzes competitiveness by recognizing five major forces that could endanger a company’s position.
cross-functional business process
a process in which no single functional area is responsible for its completion; multiple functional areas collaborate to perform the function
digital divide
the gap between those who have access to information and communications technology and those who do not
entry barrier
product or service feature that customers expect from organizations in a certain industry; an organization trying to enter this market must provide this product or service at a minimum to be able to compete
globalization
the integration and interdependence of economic, social, cultural, and ecological facets of life, enabled by rapid advances in information technology
mass customization
a production process in which items are produced in large quantities but are customized to fit the desires of each customer
organizational social responsibility
efforts by organizations to solve various social problems.
primary activities
those business activities related to the production and distribution of the firm’s products and services, thus creating value
strategic information systems (SIS)s
systems that help an organization gain a competitive advantage by supporting its strategic goals and or increasing performance and productivity.
support activities
business activities that do not add value directly to a firm’s product or service under consideration but support the primary activities that do add value
value chain model
model that shows the primary activities that sequentially add value to the profit margin; also shows the support activities
value system
includes the producers, suppliers, distributors, and buyers, all with their value chains
code of ethics
a collection of principles intended to guide decision making by members of an organization
digital dossier
an electronic description of an individual and his or her habits
information privacy
the right to determine when, and to what extent, personal information can be gathered by and or communicated by others.
liability
a legal concept that gives individuals the right to recover the damages done to them by other individuals, organizations, or systems
opt-in model
a model of informed consent in which a business is prohibited from collecting any personal information unless the customer specifically authorizes it
opt-out model
a model of informed consent that permits a company to collect personal information until the customer specifically requests that the data not be collected.
profiling
the process of forming a digital dossier
responsibility
a tenet of ethics in which you accept the consequences of your decisions and actions
access controls
controls that restrict unauthorized individuals from using information resources and are concerned with user identification
adware
alien software designed to help pop-up advertisements appear on your screen.
alien software
clandestine software that is installed on your computer through duplicitous methods
anti-malware systems
software packages that attempt to identify and eliminate viruses, worms, and other malicious software
audit
an examination of information systems, their inputs, outputs, and processing
back door
typically a password, known only to the attacker, that allows the attacker to access the system without having to go through any security proceedures
biometrics
the science and technology of authentication by measuring the subject’s physilogic or behavioral characteristics
blacklisting
a process in which a company identifies certain types of software that are not allowed to run in the company environment
certificate authority
a third party that acts as a trusted intermediary between computers by issuing digital certificates and verifying the worth and integrity of the certificates
cold site
a backup location that provides only rudimentary services and facilities
controls
defense mechanisms
cookie
small amounts of information that Web sites store on your computer, temporarily or more or less permanently
copyright
a grant that provides the creator of intellectual property with ownership of it for a specified period of time, currently the life of the creator plus 70 years.
cybercrime
illegal activities executed on the internet
cyberterrorism
can be defined as a premeditated, politically motivated attack against information, computer systems, computer programs, and data that results in violence against noncombatant targets by subnational groups
cyberwarfare
war in which a country’s information systems could be paralyzed from a massive attack by destructive software
demilitarized zone (DMZ)
a separate organizational local area network that is located between an organization’s internal network and an external network, usually the internet.
denial-of-service attack
a cyber attack in which an attacker sends a flood of data packets to the target computer, with the aim of overloading its resources.
distributed denial-of-service (DDoS) attack
attack that sends a flood of data packets from many compromised computers simultaneously
digital certificate
an electronic document attached to a file certifying that this file is from the organization it claims to be from and has not been modified from its original format of content.
exposure
the harm, loss, or damage that can result if a threat compromises an information resource
firewall
a system that prevents a specific type of information from moving between untrusted networks, such as the internet and private networks, such as tour company’s network.
hot sites
a fully configured computer facility, with all information resources and services, communications links, and physical plant operations, that duplicated your company’s computing resources and provides near real-life recovery of IT operations.
information security
protecting an organization’s information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction.
intellectual property
the intangible property created by individuals or corporations, which is protected under trade secret, patent, and copyright laws.
least privilege
a principle that users be granted the privilege for some activity only if there is a justifiable need to grant this authorization
logic bombs
segments of computer code embedded within an organization’s existing computer programs
malware
malicious software such as viruses or worms
phishing attack
an attack that uses deception to fraudulently acquire sensitive personal information by masquerading as an official-looking email.
physical controls
controls that restrict unauthorized individuals from gaining access to a company’s computer facilities
piracy
copying a software program without making payment to the owner
privilege
a collection of related computer system operations that can be performed by users of the system.
public-key encryption
a type of encryption that uses two different keys, a public key and a private key.
risk acceptance
a strategy in which the organization accepts the potential risk, continues to operate with no controls, and absorbs any damages that occur.
risk analysis
the process by which an organization assesses the value of each asset being protected, estimates the probability that each asset might be compromised and compares the probable costs of each being compromised with the costs of protecting it
risk limitation
a strategy in which the organization limits its risk by implementing controls that minimize the impact of a threat.
risk management
a process that identifies, controls, and minimizes the impact of threats, in an effort
risk mitigation
a process whereby the organization takes concrete actions against risks, such as implementing controls and developing a disaster recovery plan
risk transference
a process in which the organization transfers the risk by using other means to compensate for a loss such as purchasing insurance
secure socket layer (SSL)
an encryption standard used for secure transactions such as credit card purchases and online banking
security
the degree of protection against criminal activity, danger, damage, and or loss
social engineering
getting around security systems by tricking computer users inside a company into revealing sensitive information or gaining unauthorzed
spam
unsolicited email
spamware
alien software that uses your computer as a launch platform for spammers
spyware
alien software that can record your keystrokes and or capture your passwords
trade secret
intellectual work, such as a business plan, that is a company secret and is not based on public information
Trojan horse
a software program containing a hidden function that presents a security risk
tunneling
a process that encrypts packet inside another packet
virtual private network (VPN)
a private network
viruses
malicious software that can attach itself to other computer programs without the owner of the program being aware of the infection
vulnerability
the possibility that an information resource will be harmed by a threat
whitelisting
a process in which a company identifies acceptable software and permits it to run, and either prevents anything else from running or lets new software run in a quarantined environment until the company can verify its validity
worms
destructive programs that replicate themselves without requiring another program to provide a safe environment for replication
Identify several ways in which you depend on information technology in your daily life
texting, email, research, shop, pay bills
What are three ways in which information technology can impact managers
- may reduce middle managers
- less time to make decisions
- increase likelihood of having to supervise geographically
What are three ways in which information technology can impact nonmanagerial workers
- may eliminate jobs
- may cause employees to feel a loss of identity
- cause job stress and repetitive stress injury
List three positives and three negatives societal effects of the increased use of IT
positive: 1. opportunities for disabled people 2. work flexibility 3. improvements in healthcare
negative: 1. cause health problems 2. place employees on constant call 3. misinform patients about their health problems
List and provide examples of the three types of business pressures, and describe one IT response to each.
- Market pressures: powerful customers
- Technology pressures: info overload
- societal/political/legal pressures: social responsibility (environment)
Identify 5 competitive forces
- threat of new competitors
- bargaining power of suppliers
- bargaining power of customers
- threat of substitute products
- rivalry amongst existing firms in industry
5 strategies to counter competitive forces
- cost leadership strategy- lowest cost
- differentiation strategy- different products or services
- innovation strategy- introduce new products and services
- operational effectiveness strategy- improve internal business processes
- customer-orientation strategy- focus on customer’s happiness
List 3 fundamental tenets of ethics
- responsibility
- accountability
- liability
List 4 categories of ethical issues related to information technology
- privacy
- accuracy
- property
- access to information
Identify three places that store data and discuss one personal threat to the privacy of the data stored there.
databases, forums, and social networking sites. the threat is you might post too much that unknown people can see.
Identify 5 factors that contribute to vulnerability of information resources and provide an example of each
- interconnected, wirelessly networked-internet
- smaller, faster, cheaper, computers and storage devices- ipads thumbdrives
- decreasing skills necessary to hack-hacking programs on the internet
- international organized crime taking over cybercrime-cartels
- lack of management support
10 types of deliberate attacks
- espionage or trespass
- information extortion
- sabotage and vandalism
- theft of equipment
- identity theft
- protecting intellectual property
- software attacks
- alien software
- supervisory control and data acquisition
- cyberterrorism or cyberwarfare
Identify three major types of controls that organization can use to protect their information resources.
- physical controls
- access controls
- communication controls
