IS FINAL Flashcards
What is a transaction? + 3 examples
any business event that generates data worthy of being captured and stored in a data- base. Examples of transactions are a product manufactured, a service sold, a person hired, and a payroll cheque generated. In another example, when you are checking out of Walmart, each time the cashier swipes an item across the bar code reader is one transaction.
What does a transaction processing system (TPS) do?
supports the monitoring, collection, storage, and processing of data from the organization’s basic business transactions, each of which generates data.
In the modern business world, TPSs are ________ for the ___________ ____ information systems and ________ __________systems, as well as business operations such as customer relationship management, knowledge management, and e-commerce
Inputs, functional area, business intelligence
How do transaction processing systems manage data?
- Business event/transaction
- TPS
2a. Detailed reports - Organization’s database, where FAIS, DSS, BI, Dashboards, and ES occur
When more than one person or application program can access the database at the same time, the database has to be protected from errors resulting from overlapping updates. The most common error is…
Losing the results of one of the updates
TPS handle the complexities if transactional data by…
•Protect database from errors resulting from overlapping updates
•Protection against inconsistencies arising from a failure of any component at any time. Does this ATM communicate with other connected devices in the bank?)
•System must be able to reverse or make corrections or adjustments to transactions
•All transactions plus corrections, reversals or adjustments need to have an audit trail
What are the 2 ways to process data in TPS?
Batch processing and online processing
What is batch processing?
The firm collects data from transactions as they occur, placing them in groups orbatches. The system then prepares and processes the batches periodically (say, every night).
What is online transaction processing?
business transactions are processed online as soon as they occur. For example, when you pay for an item at a store, the system records the sale by reducing the inventory on hand by one unit, increasing sales figures for the item by one unit, and increasing the store’s cash position by the amount you paid. The system performs these tasks in real time by means of online technologies.
What is a functional area information systems?
Functional Area Information Systems (FAIS) provide support for the various functional areas in an organization by increasing each area’s internal efficiency and effectiveness.
Where do fais get data?
Corporate databases
Thw 2 Problems of inventory management are
Excessive inventory
Insufficient inventory
Economic solution for inventory management is
Economic order quantity
Technological solution for managing inventory
VMI (vendor managed),
Its real time and AI powered
Inventory systems that use an EOQ approach are designed for items that are _________ _____
Completely independent
Why does HR need IS and how can they solve those problems?
- electronic transfer of money to employees’ account
- payroll prep
Can use FAIS to automate this routine
Why can fais be ineffective?
Lack of communication between departments
What does an ERP do?
An ERP corrects a lack of communication among the functional area ISs. ERP systems resolve this problem by tightly integrating the functional area IS via a common database.
What are the two main objectives of the ERP systems
Tightly integrate the functional areas of the organization and to enable information to flow seamlessly across them
What are ERP II systems?
Interorganizational systems that are Capable of providing web-enabled links between a company’s key business systems and its customers, suppliers,distributors, and others.
What are the 3 core ERP Modules
Accounting and finance, Manufacturing and production, human resources
What are the four extended Erp II modules
Supply chain management, business intelligence, E business, customers relationship management
What are the major benefits of ERP systems
Organizational flexibility and agility
Decision support
Quality and efficiency
What are the major limitations of ERP systems
- Business process and ERP often pre-defined by the best practises that the ERP vendor has developed
- Complex, expensive, time consuming
What are the major causes of ERP implementation failure?
- Failure to involve affected employees in the planning and development phases and in change management processes
- Trying to accomplish too much too fast in the conversion process
- Insufficient training in the new work tasks required by the ERP system
- Failure to perform proper data conversion and testing for the new system
What are the 3 strategic approaches to implementing an on premise eps system
Vanilla approach
Custom approach
Best of breed approach
What is the vanilla approach?
Pros and cons
approach, a company implements a standard ERP package, using the package’s built-in configuration options. When the system is implemented in this way, it will deviate only minimally from the package’s standardized settings. The vanilla approach can enable the company to perform the implementation more quickly. However, the extent to which the software is adapted to the organization’s specific processes is lim- ited. Fortunately, a vanilla implementation provides general functions that can support the firm’s common business processes with relative ease, even if they are not a perfect fit for those processes.
What is the custom approach?
Pros and cons
In this approach, a company implements a more customized ERP system by developing new ERP functions designed specifically for that firm. Decisions con- cerning the ERP’s degree of customization are specific to each organization. To use the custom approach, the organization must carefully analyze its existing business processes to develop a system that conforms to the organization’s particular characteristics and pro- cesses. Customization is also expensive and risky because computer code must be written and updated every time a new version of the ERP software is released. Going further, if the customization does not perfectly match the organization’s needs, then the system can be very difficult to use.
What is the best of breed approach?
Pros and cons
Modify vanilla approach
What is SAAS ERP?
Lease ERP software that is cloud-based normally using the vanilla approach
What are 3 prominent examples of cross-departmental processes
- procurement (need to buy -> send payment
- fulfillment process (customer request to buy -> recieve payment)
- production process (need to produce -> recieve finished goods)
In what departments does the procurement process occur?
Warehouse, Purchasing, Accounting
What are the 3 main departments of the order fullfillment process?
Sales, warehouse, accounting
Does the production occur in all companies?
No, because not all companies produce physical goods
What do SCM and CRM processes do?
Help multiple firms in an industry coordinate activities such as the production-to-scale of goods and services.
What do ERP SCM systems do?
Have the capability to place automatic requests to buy fresh perishable products from suppliers in real-time.
What do ERP CRM systems do?
Generate forcasting analyses of product consumption based on critical variables such as geographical area, season, day of the week, and type of customer
What are Ad hoc reports
Ad hoc (or on-demand) reports: Nonroutine reports that often contain special information that is not included in routine reports.
What are comparative reports?
Reports that compare performances of different business units or times.
What is an enterprise application integration (EAI) system?
A system that integrates existing systems by providing layers of software that connect applications together.
What are comparative reports?
Reports that compare performances of different business units or times.
What are drill-down reports?
Reports that show a greater level of details than is included in routine reports.
What are exception reports
Reports that include only information that exceeds certain threshold standards.
What are key indicator reports?
Reports that summarize the performance of critical activities.
What is the order fulfillment process?
A cross-functional business process that originates when the company receives a customer order, and it concludes when it receives a payment from the customer.
What is a procurement process?
A cross-functional business process that originates when a company needs to acquire goods or services from external sources, and it concludes when the company receives and pays for them.
What is a production process?
A cross-functional business process in which a company produces physical goods.
Today, supply chain management is an integral part of all organizations and can improve _______ _____ and reduce ______ ______
Customer service, oprtating costs
What is customer relationship management (CRM)
a customer-focused and customer-driven organizational strategy. That is, organizations concentrate on assessing customers’ require- ments for products and services and then provide a high-quality, responsive customer experi- ence.
The CRM process begins with
marketing efforts, through which the organization solicits prospects from a target population of potential customers.
An organization’s overall goal is to maximize the ________ ______ of a customer, which is that customer’s potential revenue stream over a number of years.
Lifetime Value
Over time all organizations inevitably lose a certain percentage of customers, a process called…
Customer churn
Although CRM varies according to circumstances, all successful CRM policies share two basic elements:
(1) The company must identify the many types of customer touch points, and (2) it needs to consolidate data about each customer.
Who use low-end crm systems?
Enterprises with many small customers (i.e. amazon)
Who uses high-end crm systems
Enterprises with a few large customers i.e. bentley
What are customer touch points?
Diverse interactions organizations have with their customers
What is a reason customer touch points can lead to channel conflicts?
All touch points may not be in sync
What is omni-channel marketing?
an approach to customers that creates a seamless experience regardless of the chan- nel (or device) used to “touch” the business. Many businesses are now creating omni-channel strategies to drive this cohesive experience for their customers.
What are Collaborative CRM systems? And what leads to them?
•Info. sharing leads to collaborative CRM.
•Collaborative CRM systems provide effective and efficient interactive communication with the customer throughout the entire organization.
•Collab. CRM integrate communications between the organization and its customers in all aspects of marketing, sales, and customer support.
Customer-related data is available to every unit of the business because of….
Modern interconnected systems built around a data watehouse
A complete data set on each customer is called…
A 360 degree view of that customer
2 reasons having a 360 degree view is good for the company
•A360°view enhances company’s relationship with its customers and ultimately make more productive and profitable decisions.
What are operational CRM systems?
The component
of CRM that supports the front-office business processes that directly interact with customers (i.e., sales, marketing, and service).
What 3 benefits do operational crm systems provide?
- Efficient, personalized marketing, sales, and service
- A 360o view of each customer
- The ability of sales and service employees to access a complete history of customer inter- action with the organization, regardless of the touch point
What objectives can be accomplished with CRM tools (5)?
- Improve sales and account management by optimizing the information shared by mul- tiple employees and by streamlining existing processes (e.g., taking orders using mobile devices)
- Form individualized relationships with customers, with the aim of improving customer sat- isfaction and maximizing profits
- Identify the most profitable customers, and provide them with the highest level of service
- Provide employees with the information and processes necessary to know their customers
- Understand and identify customer needs, and effectively build relationships among the company, its customer base, and its distribution partners
What is a customer-facing CRM application?
In customer-facing CRM applications, an organization’s sales, field service, and customer interaction centre representatives interact directly with customers. These applications include customer service and support, salesforce automation, marketing, and campaign management.
What are 7 types of customer touching applications
Search and comparison Technical information and services Customized products and services Personalized webpages FAQs Email and automated response Loyalty programs
What are the four types of customer facing applications
Customer service and support
Sales (salesforce automation)
Marketing
Campaign management
What is salesforce automation
Salesforce automation (SFA) is the component of an oper- ational CRM system that automatically records all of the components in a sales transaction process.
What is cross-selling
the marketing of additional related products to customers based on a pre- vious purchase.
What is bundling
Bundling is a form of cross-selling in which your business sells a group of products or services together at a lower price and their combined individual prices
What do campaign management applications do
Campaign management applications help organizations plan campaigns that send the right messages to the right people through the right channels.
What are analytical CRM systems?
Analytical CRM systems provide business intelligence by analyzing customer behaviour and perceptions
What are some reasons why analytical CRM systems analyze consumer data?
- Designing and executing targeted marketing campaigns
- Increasing customer acquisition, cross-selling, and upselling
- Providing input into decisions relating to products and services (e.g., pricing and product development)
- Providing financial forecasting and customer profitability analysis
What is the relationship between operational CRM’s and analytical CRM
Need Operational for analytical
What is a supply chain?
The flow of materials, information, money, and services from raw material suppliers, through factories and warehouses, to the end customers. A supply chain also includes the organizations and processes that create and deliver products, information, and services to the end customers.
What is supply chain visibility?
Supply chain visibility refers to the ability of all organizations within a supply chain to access or view relevant data on purchased materials as these materials move through their suppliers’ production processes and transportation networks to their receiving docks.
What were the three segments of the supply chain
Upstream
Internal
Downstream
What is the upstream segment of a supply chain?
Soucing/procurement from external suppliers occurs
Supply chain managers select suppliers to deliver things company needs to produce the final good or service
supply chain managers develop the pricing, delivery, and payment processes between a company and its suppliers. Included here are processes for managing inventory, receiving and verifying shipments, transferring goods to manufacturing facilities, and authorizing payments to suppliers.
What is the internal segment of a supply chain?
Packaging, assembly, or manufacturing takes place
 Supply chain managers schedule the activities necessary for production, testing, packaging, and preparing goods for delivery. They also monitor quality levels, production output, and worker productivity.
What is the downstream segment of a supply chain?
Distribution takes place, frequently by external distributors
In this segment, supply chain managers coordinate the receipt of orders from custom- ers, develop a network of warehouses, select carriers to deliver products to customers, and implement invoicing systems to receive payments from customers
What is the tier of suppliers?
Tier 3: basic i.e. glass, rubber
Tier 2: windshields, tires
Tier 1: dashboards, cars
What are the 3 types of flows in a supply chain?
Material, information, financial
What is the function of supply chain management?
To improve the processes a company uses to acquire the raw materials it needs to produce a product or service and then deliver that product or service to its customers
What are the five basic components of SCM supply chain management
Plan Source Make Deliver Return
What is the push model?
Also known as made-to-stock
Starts with a forecast of customer demand
Company thenproduces the number of products in the forecast, typically by using mass production, and sells, or “pushes,” those products to consumers.
Usually incorrect!
What is the pull model?
Also known as make to order
Begins with an order then is produced
Not all companies can use the pull model
What are the 3 main sources of problems along the supply chain?
Uncertainties
The need to coordinate multiple activities, internal units, and business partners
Bullwhip effect
What is the bullwhip effect?
erratic shifts in orders up and down the supply chain
2 problems that occur with the bullwhip effect
Hoarding
Stockpiling
What is vertical integraton?
a business strategy in which a company purchases its upstream suppliers to ensure that its essential supplies are available as soon as the company needs them.
What is just in time inventory system?
Getting inventory right when you need it
What is vendor managed inventory?
supplier, rather than the retailer, manages the entire inventory process for a particular product or group of products
What 3 technologies provide support for supply chain management/IOSs
Electronic data interchange
Extranets
Portals and exchanges
What is electronic data interchange (edi)?
Electronic data interchange (EDI) is a communication standard that enables business partners to exchange routine documents, such as purchasing orders, electronically
How does EDI provide benefits?
Minimizes data entry errors, shorter length of message, message security, reduce the cycle time, increases productivity, enhances customer service, minimizes paper
Disadvantages of EDI
Business processes and sometimes be restricted to fit idiot requirements, many EDI standards
What are extranets?
They link business partners over the Internet by providing them access to certain areas of each other’s corporate Intranets
Extranets use_____to make communication over the Internet more secure
VPN
What are the two basic types of corporate portals
Procurement portals and distribution portals
What is a procurement portal
Automate the business processes involved in purchasing or procuring products between a single buyer and multiple sellers
What is a Distribution portal
Automate The business process involved in selling or distributing products from a single supplier to multiple buyers
What is a computer network?
A system that connects computers and other devices via communications media so that data and information can be transmitted among them
What are front offuce processes
front-office processes Processes that directly interact with customers; that is, sales, marketing, and service.
What is bandwidth
The transmission capacity of a network, stated in bits per second
What is broadband
The transmission capacity of a communications medium that is faster than 25 Mbps.
What is a domain name system (dns)
The system administered by the Internet Corporation for Assigned Names and Numbers (ICANN) that assigns names to each site on the Internet.
What is a domain name
The name assigned to an Internet site, which consists of multiple parts, separated by dots, that are translated from right to left.
What is an extranet
network that connects parts of the intranets of different organizations.
What is a fibre optic cable
A communications medium consisting of thousands of very thin filaments of glass fibres, surrounded by cladding, that transmit information through pulses of light generated by lasers.
What is an intranet
A private network that uses Internet software and TCP/IP protocols
What is a local area. Etwork (LAN)
A network
that connects communications devices in
a limited geographic region, such as a building, so that every user device on the network can communicate with every other device.
What are network access points (naps)
Computers that act as exchange points for Internet traffic and determine how traffic is routed.
What is peer to peer processing
A type of client/server distributed processing that allows two or more computers to pool their resources, making each computer both a client and a server.
What is a protocol
The set of rules and procedures that govern transmission across a network.
What is a router
A communications processor that routes messages from a LAN to the Internet, across several connected LANs, or across a wide area network such as the Internet.
What is Transmission Control Protocol/Internet Protocol (TCP/IP)
A file transfer protocol that can send large files of information across sometimes unreliable networks with the assurance that the data will arrive uncorrupted.
What is Hypertext Transport Protocol (HTTP)
The communications standard used to transfer pages across the WWW portion of the Internet; it defines how messages are formulated and transmitted.
MAN
MANs are relatively large networks that cover a metropolitan area. MANs fall between LANs and WANs in size.
Types of computer networks small to large
PAN LAN MAN WAN Internet
Although it is not required, many LANs have a…
File server or network server
WAN
A wide area network (WAN) is a network that covers a large geographical area. WANs typically connect multiple LANs. They are generally provided by common carriers such as tele- phone companies and the international networks of global communications services providers.
WANs contain
Routers
Enterprise network
Interconnected networks with multiple lans and wans
Backbone networks
Are high-speed central networks to which multiple smaller networks (such as LANs and smaller WANs) connect
What is a communications channel
A pathway to communicate data. It is made up of two types of media: cable (twisted- pair wire, coaxial cable, or fibre-optic cable) and broadcast (microwave, satellite, radio, or infrared).
What is wireline/cable media
Wireline media or cable media use physical wires or cables to transmit data and infor- mation
Twisted pair wire
most prevalent form of communications wiring— twisted-pair wire—is used for almost all business telephone wiring. As the name suggests, it consists of strands of copper wire twisted in pairs
3 basic functionS of TCP
(1) It manages the movement of data packets (see further on) between computers by establishing a connection between the computers,
(2) it sequences the transfer of packets, and
(3) it acknowledges the packets that have been transmitted
Function of internet protocol IP
The Internet Protocol (IP) is responsible for disassembling, delivering, and reassembling the data during transmission.
Before data are transmitted over the Internet, they are divided into small, fixed bundles called
Packets
What are the 4 layers of the TCP/IP reference model?
Application
Transport
Internet
Network interface
The transmission technology that breaks up blocks of text into packets is called
Packet switching
Why do organizations use packet switching?
The main reason is to achieve reliable end-to- end message transmission over sometimes-unreliable networks that may have short-acting or long-acting problems.
Application layer TCP/IP + example
application layer enables client application programs to access the other lay- ers, and it defines the protocols that applications use to exchange data. One of these application protocols is the Hypertext Transfer Protocol (HTTP), which defines how messages are formulated and how they are interpreted by their receivers.
Transport layer of TCP/IP and one protocol in it
transport layer provides the application layer with communication and packet services. This layer includes TCP and other protocols.
Internet layer and one protocol in it
Internet layer is responsible for addressing, rout- ing, and packaging data packets. The IP is one of the protocols in this layer.
Network interface layer TCP/IP
the network interface layer places packets on, and receives them from, the network medium, which can be any networking technology.
T or F: Two computers using TCP/IP can communicate even if they use different hardware and software.
T
Distributed processing + common type of it
- divides work processing work among 2 or more computers
- enables computers in different locations to communicate w/ one another through telecommunication links
- Common type is client/server computer
Client/server computing + 2 types of clients
Client/server computing links two or more computers in an arrangement in which some machines, called servers, provide computing services for user PCs, called clients
- Fat Client: Large storage + Processing power
- Thin Client: No local storage + Limited processing power ( of little value when network not functioning)
3 types of peer to peer processing
- Accesses unused CPU power among network computers (open source projects)
- Real-time, person to person collab (google docs)
- Advanced search and file sharing (like bit torrent)
What is the internet
The Internet (“the Net”) is a global WAN that connects approximately 1 million organizational computer networks in more than 200 countries on all continents.
What are the 6 internet connection methods
Dial-up DSL (broadband through phone company) Cable modem (cable tv) Satellite (radio wave satellite network) Wireless (WIFI) Fibre to the home (broadband via fibre optic)
What is a network access point
Exchange points for internet traffic that determine how it’s routed
2 IP addressing schemes
IPv4: most widely used, 32 bits (135.32.456.74)
IPv6: developed cause we ran out of IPv4. 32 bits.
NAPs are replaced by
IXP
Www, McGill, and ca in www.Mcgill.ca
Www = sub-domain
McGill = second-level domain
Ca - top level domain
T or F: the world wide web is the internet
False
Www.microsoft.com is an example of a
Url
Ex of a search engine
Unified communicayions
Unified communications (UC) simplifies and integrates all forms of communications— voice, voice mail, fax, chat, email, instant messaging, short message service, presence (location) services, and videoconferencing—on a common hardware and software platform
Crowdsourcing
One type of collaboration is crowdsourcing, in which an organization outsources a task to an undefined, generally large group of people in the form of an open call
Benefits of crowdsourcing
- fast and low cost to explore probs
- wider range of talent
- firsthand insight into customers
- looks into global world of ideas
Advantages of microwave trans
High bandwidth
Relatively inexpensive
Wireless devices provide three major advantages to users:
- They are small enough to easily carry or wear.
- They have sufficient computing power to perform productive tasks.
- They can communicate wirelessly with the Internet and other devices.
3 major types of wireless media
Microwave
Sattelite
Radio
Micowave transmission + 3 criteria for use
Microwave transmission systems transmit data through electromagnetic waves. These systems are used for high-volume, long-distance, line-of-sight communication. Line-of-sight means that the transmitter and receiver are in view of each other.
Disadvantages of microwave trans
Unobstructed line of sught
Susceptible to environmental interference
Advantages of sattelite
High bandwidth
Large coverage area
Disadvantages of sattelite
Expensive
Must have clear line of sight
Signals experience propagation delay
Must use encryption for security
Advantages of radio trans
High bandwidth
Signals pass through walls Inexpensive and easy to install
Disadvantages of radio trans
Creates electrical interference problems Susceptible to snooping unless encrypted
Sattelite communication and 3 types
Satellite transmission systems make use of communication satellites. Currently, there are three types of satellites circling Earth: geostationary-earth-orbit (GEO), medium-earth-orbit (MEO), and low-earth-orbit (LEO). Each type has a different orbit, with GEO being farthest from Earth and LEO being the closest
Geo sattelite use + Characteristics
TV SIGNAL
Satellites stationary relative to point on Earth Few satellites needed for global coverage
Transmission delay (approximately 0.25 second)
Most expensive to build and launch
Longest orbital life (many years)
MEO satellite use and characteristics
GPS
Satellites move relative to point on Earth Moderate number needed for global coverage Requires medium-powered transmitters Negligible transmission delay
Less expensive to build and launch
Moderate orbital life (6 to 12 years)
LEO satellite use and characteristics
TELEPHONE
Satellites move rapidly relative to point on Earth
Large number needed for global coverage Requires only low-power transmitters
Negligible transmission delay
Least expensive to build and launch Shortest orbital life (as low as 5 years) Satellites move rapidly relative to point on Earth
Large number needed for global coverage Requires only low-power transmitters
Negligible transmission delay
Least expensive to build and launch
Shortest orbital life (as low as 5 years)
If the satellite is higher, its footprint is…
Bigger
Radio transmission
It uses radio wave frequencies (longest wavelengths) to send data directly between transmitters and receivers, can travel through walls
Do we need to know wireless security 8.1
3 basic short range networks
Bluetooth
Ultra wideband (UWB)
Near field communications (NFC)
Bluetooth
industry specification used to cre- ate small personal area networks. A personal area network is a computer network used for communication among computer devices (e.g., telephones, personal digital assistants, smart- phones) located close to one person. Bluetooth uses low-power, radio-based communication.
Ultra-Wideband (UWB)
high-bandwidth wireless technology with transmission speeds in excess of 100 Mbps
Near-field communication (NFC)
has the smallest range of any short-range wireless network. It is designed to be embedded in mobile devices such as cell phones and credit cards. I.E. Tap, apple pay
4 types of med. range wireless networks, and what type of LAN are they
They are WLANs Wi-Fi Wifi-Direct (hotspot) MiFi (portable router) LiFi (plane)
2 Types of wide area networks
Cellular radio Wireless broadband (wimax)
1-4G describe
1st Generation of networks (voice only – using analog signals)
2nd Generation (digital signals – voice communications + data – text and smiles)
3G (digital + video, web, instant messaging, higher bandwidth) uses packet switching
4G is the 4th Generation of broadband cellular network technology
Secure mobile broadband, gaming services, high-definition mobile TV, video conferencing,… basically a hand-held computer
Key differences between 4 and 5 g
- peak capacity of 5G UWB sector is in gbps compared to 4G in mbps
- latency, or the time that passes from the moment information is sent from a device until it is used by a receiver, will be greatly reduced on 5G networks, allowing for faster upload and download speeds.
- bandwidth size: 5G should be able to support many more devices of the future, in addition to the network demands of connected vehicles and other devices in the Internet of Things.
Wireless Broadband (WiMAX)
Worldwide Interoperability for Microwave Access, popularly known as WiMAX
• has a wireless access range of up to 50 kilometres, compared with 100 metres for Wi-Fi
• has a data-transfer rate of up to 75 Mbps
• a secure system, offers features such as voice and video
• antennas can transmit broadband Internet connections to antennas on homes and businesses several kilometres away
• provides long-distance broadband wireless access to rural areas and other locations that are not currently being served
Define and list the 5 threats to wireless networks
- Rogue access point: unauthorized access point to a WLAN
- Evil twin attack: an imposter with a computer connects to your computer, pretending to be your normal (or other) access point
- War driving : walking around to find unsecure WLANs to connect to
- Eavesdropping: efforts by unauthorized users to try to access data traveling over wireless networks.
- RF (Radio frequency) jamming: a person or a device intentionally or unintentionally interferes with your wireless network transmissions.
Information security
information security refers to all of the processes and policies designed to protect an organization’s information and information systems (IS) from unauthorized access, use, disclosure, disruption, modification, or destruction
Define security
Security can be defined as the degree of protection against criminal activity, danger, damage, or loss.
Threat definition
A threat to an information resource is any danger to which a system may be exposed.
Exposure definition
The exposure of an information resource is the harm, loss, or damage that can result if a threat compromises that resource.
Vulnerability definition
An information resource’s vulnerability is the possibility that a threat will harm that resource.
5 key factors that are contributing to increasing vulnerability
- Today’s interconnected, interdependent, wirelessly networked business environment
- Smaller, faster, inexpensive computers and storage devices
- Decreasing skills necessary to be a computer hacker
- International organized crime taking over cybercrime
- Lack of management support
What are the 2 major categories of threats
Unintentional and deliberate
T or F: the higher the level of employee, the greater the threat they pose to informa- tion security
T
Human mistakes examples:
- Carelessness with laptops and other computing devices
- Opening questionable e-mails
- Careless Internet surfing
- Poor password selection and use
- Carelessness with one’s office
- Carelessness using unmanaged devices
- Carelessness with discarded equipment
- Careless monitoring of environmental hazards
Social engineering
Social engineering is an attack in which the perpetrator uses social skills to trick or manipulate legitimate employees into providing confidential company information such as passwords. The most common example of social engineering occurs when the attacker impersonates someone else on the telephone, such as a company manager or an IS employee
3 social engineering techniques
Impersonation
Tailgating
Shoulder surfing
Name 4 deliberate threats to IS
- Espionage/trespass
- Theft of equipment/info
- Identity theft
- Software attacks
When does espionage/trespass occur
Espionage or trespass occurs when an unauthorized individual attempts to gain illegal access to organizational information.
2 categories of espionage/trespass
- Competitive intelligence: legal info gathering techniques (i.e. studying a company’s Web site > Hiring page > new projects)
- Industrial espionage: crosses legal boundary (i.e. theft of confidential data)
Remote attacks requiring user action and their descriptions
- Virus: Segment code that performs malicious actions by attaching to another computer program.
- Worm: Segment of code that performs malicious actions and will replicate by itself (without requiring another computer program).
- Phishing attack: Uses deception to acquire sensitive personal information by masquerading as official looking emails or instant messages.
- Spear phishing
Targets large groups of people. The perpetrators find out as much information as they can about an individual, tailoring their phishing attacks to improve the chances that they will obtain sensitive, personal information.
remote attacks needing no user action
- Denial-of-service attack
An attacker sends so many information requests to a target computer system that the target cannot handle them successfully and typically crashes (ceases to function). - Distributed denial-of-service attack
An attacker first takes over many computers, typ- ically by using malicious software. These com- puters are called zombies or bots. The attacker uses these bots—which form a botnet—to deliver a coordinated stream of information requests to a target computer, causing it to crash.
Attacks by a programmer developing a system + descriptions
- Trojan horse
Software programs that hide in other computer programs and reveal their designed behaviour only when they are activated. - Back door
Typically a password, known only to the attacker, that allows them to access a computer system at will, without having to go through any security procedures (also called a trap door). - Logic bomb
A segment of computer code that is embedded within an organization’s existing computer pro- grams and is designed to activate and perform a destructive action under specific conditions, such as at a certain time or date.
Ransom ware
Malicious software that blocks access to a computer system or encrypts an
org.’s data until the organization pays a sum of money.
Potential target for ransom ware
Any internet-connected device
Ransom ware-as-a-service
Some ransomware developers distribute ransomware to any hacker who wants to use it. This process
is called ransomware-as-a-service.
the original creators publish the software on the Dark Web, allowing other criminals to use the
code in return for receiving 40-50% of each ransom paid.
Cyberterrorism/cyber fare
Cyberterrorism and cyberwarfare refer to malicious acts in which attackers use a target’s computer systems, particularly via the Internet, to cause physical real-world harm or sever disruption, usually to carry out a political agenda
3 processes of risk management
risk analysis, risk mitigation, and controls evaluation.
What is the goal of risk management
The goal of risk management is to identify, control, and minimize the impact of threats. In other words, risk management seeks to reduce risk to acceptable levels
3 steps of risk analysis
Risk analysis involves three steps: (1) assessing the value of each asset being protected, (2) estimating the probability that each asset will be compromised, and (3) comparing the prob- able costs of the asset’s being compromised with the costs of protecting that asset. The organi- zation then considers how to mitigate the risk.
2 functions of risk mitigation (+ risk. MIT. Definition)
In risk mitigation, the organization takes concrete actions against risks. Risk mitigation has two functions: (1) implementing controls to prevent identified threats from occurring, and (2) developing a means of recovery if the threat becomes a reality
3 most common risk-mitigation strategies and what they mean
- Risk acceptance: Accept the potential risk, continue operating with no controls, and absorb any damages that occur.
- Risk limitation: Limit the risk by implementing controls that minimize the impact of the threat.
- Risk transference: Transfer the risk by using other means to compensate for the loss, such as by purchasing insurance.
Controls evaluation
in controls evaluation, the organization identifies security deficiencies and calcu- lates the costs of implementing adequate control measures to compare against the value of those control measures. If the costs of implementing a control are greater than the value of the asset being protected, the control is not cost effective.
Purpose of controls
The purpose of controls or defence mechanisms (also called countermeasures) is to safe- guard assets, optimize the use of the organization’s resources, and prevent or detect errors or fraud.
Physical Controls:
Physical controls: Stop unauthorized individuals from accessing company
facilities. (doors, locks, badges, guards, alarm systems, pressure sensors, and motion detectors.)
General controls and example
General controls apply to more than one functional area. For example, passwords are general controls.
Application controls
Controls specific to one application, such as payroll, are application controls.
3 categories of general controls
Physical
Access
Communications
A guard, or building door, is a
Physical control
Access controls + 2 types
Access controls restrict unauthorized individuals from using information resources. Access controls can be physical controls or logical controls.
Logical controls and example
Logical controls are implemented by software. For example, access control programs limit users to acceptable login times and acceptable login locations.
Name and describe the 2 major functions of access controls
- Authentication: confirms the identity of the person requiring access. After the person is authenticated (identified), the next step is authorization. 2. Authorization determines which actions, rights, or privileges the person has, based on their verified identity. Good control systems limit authoriza- tion to tasks needed to accomplish a person’s job.
Communications controls + examples
Communication/network controls: can data securely move across your network?
A system (either hardware, software, or a combination of both) that prevents a specific type of information from moving between untrusted networks, such as the Internet, and private networks, such as your company’s network.
firewalls, anti-malware systems, whitelisting and blacklisting, encryption, VPNs, transport layer security (TLS), and employee monitoring systems.
An ID card system is what type of control
Physical and access
What is encryption
Encryption is the process of converting an original message into a form that cannot be read by anyone except the intended receiver.
All encryption systems use a …
key, which is the code that scrambles and then decodes the messages.
Symmetric key algorithms
Encryption algorithms which use the same key for both encryption and decryption
Asymmetric key algorithms
use a pair of keys (keypair) a public key and a private key.
Public keys are used for encryption or signature verification;
Private keys decrypt and sign.
Organization firewall system
Internet-> external firewall -> servers (demilitarized zone) -> internal firewall -> corporate LAN intranet
firewall system for a home computer
Internet -> internet service provider -> broadband connection (dsl, cable modem, 4g, 5G) -> home computer (software firewall)
In public-key/asymmetric cryptography, it starts with the ____
Receiver:
1. 2. 3. 4. 5. Harrison creates the pair of keys Harrison sends the public key to Hannah Hannah uses the Public key to encrypt the message and sends it over Harrison uses his private key to decrypt the message It STARTS with the receiver.
Digital certificate
A digital certificate is an electronic document attached to a file that cer- tifies that the file is from the organization it claims to be from and has not been modified from its original format
Role of certificate authority
issues digital certificates
verifies the integrity of the certificates.
3 types of application controls
Input controls: to edit input data for errors]
Processing controls: to monitor operation of an application.
Output controls: to edit output data for errors and that output goes to the intended
Business continuity planning or disaster recovery plan
The chain of events linking planning to protection to recovery.
Business continuity planning or disaster recovery plan objectives
To provide guidance to people who keep the business operating after a disaster happen To restore the business to normal operations as quickly as possible after an attack.
To ensure that business functions continue
4 strategies in case a major disaster happens:
hot sites: a fully-configured computer facility… a duplication of key resources,
warm sites: It includes computing equipment (e.g., servers) but not all actual applications
and user workstations.
cold sites: only rudimentary services and facilities like a building or a room
off-site data and program storage: a duplicate of company data and its software programs
to be transferred to another computer elsewhere
What is cloud computing
type of computing that delivers convenient, on-demand, pay-as-you-go access for multiple customers to a shared pool of configurable computing resources (e.g., servers, networks, storage, applications, and services) that can be rapidly and easily accessed over the Internet
What is on premise computing
they own their IT infrastructure (their software, hard- ware, networks, and data management) and maintain it in their data centres.
Cons of on premise computing
New needs, new investment in new systems.
On-premise computing can actually inhibit an organization’s ability to respond quickly and appropriately to today’s rapidly changing business environments.
Organizations infrastructure consists of…
IT components and IT services
IT Components
Hardware software database network
IT services
developing information systems, managing security and risk, and managing data
Stages of evolution of infrastructure (tg 3.1?)
Cloud computing characteristics
Cloud Computing Provides On-Demand Self- Service (access needed computing resources automatically: elasticity and flexibility)
Cloud Computing Encompasses the Characteristics of Grid Computing
Cloud Computing Encompasses the Characteristics of Utility Computing
Cloud Computing Uses Broad Network Access
Cloud Computing Pools Computing Resources
Cloud Computing Often Occurs on Virtualized Servers
Grid computing
Grid computing pools various hardware and software components to create a single IT envi- ronment with shared resources. Grid computing shares the processing resources of many geo- graphically dispersed computers across a network.
Benefits of grid computing
Grid computing enables organizations to use their computing resources more efficiently.
Grid computing provides fault tolerance and redundancy, meaning that there is no single point of failure, so the failure of one computer will not stop an application from executing.
Grid computing makes it easy to scale up—that is, to access increased computing resources (i.e., add more servers)—to meet the processing demands of complex applications.
Grid computing makes it easy to scale down (remove computers) if extensive processing is not needed.
What is utility computing
A service provider makes computing resources and infrastructure management available to a customer as needed.
The provider then charges the customer for its specific usage rather than a flat rate.
Utility computing enables companies to efficiently meet fluctuating demands for computing power by lowering the costs of owning the hardware infrastructure.
Server virtualization
Server virtualization uses software-based partitions to create multiple virtual servers— called virtual machines—on a single physical server
Major benefit of server virtualization
each server no longer has to be dedicated to a particular task
How does server virtualization increase server usage
First, they do not have to buy additional servers to meet peak demand. •Second, they reduce their utility costs because they are using less energy.
Cloud types
Public
Private
Hybrid
Public cloud
Public clouds are shared, easily accessible, multicustomer IT infrastructures that are available nonexclusively to any entity in the general public (individuals, groups, and organizations).
Public cloud vendors provide applications, storage, and other computing resources as services over the Internet.
These services may be free or offered on a pay-per-usage model.
Private cloud
Private clouds/internal clouds/corporate clouds
IT infrastructures that can be accessed only by a single entity or by an exclusive group of related entities that share the same purpose and requirements, such as all of the business units within a single organization.
Private clouds provide IT activities and applications as a service over an intranet within an enterprise.
Enterprises adopt private clouds to ensure system and data security. For this reason, these systems are implemented behind the
corporate firewall.
Hybrid clouds
Hybrid clouds are composed of public and private clouds that remain unique entities, but are nevertheless tightly integrated.
Arrangement of hybrid clouds offers users benefits of
Multiple deployment models
Hybrid clouds deliver services based on
security requirements, the mission-critical nature of the applications, and other company-established policies.
Why would a customer choose a hybrid cloud
customers may need to maintain some of their data in a private cloud for security and privacy reasons while storing other, less-sensitive data in a public cloud because it is less expensive.
Vertical cloud
A vertical cloud is a set of cloud computing services optimized for use in a particular industry.
3 industries where vertical clouds are used
Construction business, •finance, or
•insurance businesses.
Cloud computing services are based on three models
infrastructure-as-a-service (IaaS), platform-as-a-service (PaaS), and software-as-a-service (SaaS).
Infrastructure as a service
Infrastructure to run software and store data
With the IaaS model, cloud computing providers offer remotely accessible servers, networks, and storage capacity.
They supply these resources on demand from their large resource pools, which are located in their data centres.
Platform as a service
Platforms to develop applications
Software as a service
Software applications to process their data
What type of customers might use infrastructure as a service
IaaS customers are often technology companies with IT expertise. These companies want access to computing power, but they do not
want to be responsible for installing or maintaining it.
Companies use the infrastructure to run software or simply to store data. Think Shopify (www.shopify.ca) or Amazon
Platform as a service allows customer to both
run existing applications and to develop and test new applications.
Advantages of platform as a service
Underlying computing and storage resources automatically scale to match application demand.
Operating system features can be upgraded frequently.
Geographically distributed development teams can work together on software development projects.
PaaS services can be provided by diverse sources located throughout the world.
Initial and ongoing costs can be reduced by the use of infrastructure services from a single vendor rather than maintaining multiple hardware facilities that often perform duplicate functions or suffer from incompatibility problems.
Software as a service is the most _______ ______ service model and provides a ______ ______ of software applications
Widely used, broad range
Software applications reside in __________
The cloud
Software as a service is highly scalable. This means:
applications can run on as many servers as is necessary to meet changing demands.
Benefits of cloud computing
Cloud computing has a positive impact on employees
Cloud computing can save money
Cloud computing can improve organizational flexibility and competitiveness
Concerns and risks with cloud computing
Legacy IT Systems: These systems cannot easily be transferred to the cloud because they must first be untangled and simplified.
Reliability
Privacy
Security
The Regulatory and Legal Environment
European Union prohibits consumer data from being transferred to nonmember countries without the consumers’ prior consent and approval.
Criminal Use of Cloud Computing
The huge amount of information stored in the cloud makes it an attractive target for data thieves. Also, the distributed nature of cloud computing makes it very difficult to catch criminals.
Web services
Web services are applications delivered over the Internet (the cloud) that MIS profession- als can select and combine through almost any device, from personal computers to mobile phones
Web service applications allow
different systems to “talk” with one another
share data and services
The collection of web services that are used to build a firm’s IT
applications constitutes a
service-oriented architecture (SOA).
Benefits of web services
- The organization can use the existing Internet infrastructure without having to implement any new technologies.
- Organizational personnel can access remote or local data without having to understand the complexities of this process.
- The organization can create new applications quickly and easily.
Where can web services be employed
They can be employed in a variety of environments: over the Internet, on an intranet inside a corporate firewall, or on an extranet set up by business partners.
Name the 4 key protocols that web services are based on
XML, SOAP, WSDL, and UDDI
XML definition and what does it stand for
Extensible markup language (XML): a computer language that makes it easier to exchange data among a variety of applications and to validate and interpret these data.
Where HTML is limited to describing how data should be presented in the form of web pages, XML can present, communicate, and store data
HTML
HTML is a page-descrip- tion language for specifying how text, graphics, video, and sound are placed on a web page document.
What does HTML stand for
Hypertext markup language
Jane Smith Bell Canada (416) 614-4664 is an example of
XML
what does SOAP stand for and what does it mean
Simple object access protocol (SOAP) is a set of rules that define how messages can be exchanged among different network systems and applications through the use of XML. These rules essentially establish a common protocol that allows different web services to interoperate
Wdsl what does it mean/stand for
The web services description language (WSDL) is used to create the XML document that describes the tasks performed by the various web services.
UDDI meaning and what it stands for
Universal description, discovery, and integration (UDDI) allows MIS professionals to search for needed web services by creating public or private searchable directories of these services.
HTML5
A page-description language that makes it possible to embed images, audio, and video directly into a document without add-ons. Also makes it easier for web pages to function across different display devices, including mobile devices as well as desktops. It supports the storage of data offline.
Server farms
Massive data centres, which may contain hundreds of thousands of networked computer servers.
Goal of AI
Build machines that mimic human intelligence
Turing test
Man and computer both pretend to be human and interviewer has to find real one
Strong AI
Hypothetical AI that matches or exceed human intelligence
Preservation of knowledge, NI vs AI
NI: Perishable from an organizational point of view
AI: Permanent
NI vs AI: Duplication and dissemination of knowledge in a computer
NI: Difficult, expensive, takes time
AI: Easy, fast, and inexpensive
NI vs AI: Total cost of knowledge
NI: Can be erratic and inconsistent, incomplete at times
AI: Consistent and thorough
NI vs AI: Documentation of process and knowledge
NI: Difficult, expensive
AI: Fairly easy, inexpensive
NI vs AI: Creatibity
NI: Can be very high
AI: low, uninspired
NI vs AI: Use of sensory experiences
NI: Direct and rich in possibilities
AI: Must be interpreted first; limited
NI vs. AI: Recognizing patterns and relationships
NI: Fast, easy to explain
AI: Machine learning still not as good as people in most cases, but in some cases better than people
NI vs. AI: reasoning
NI: Makes use of wide context of experiences
AI: Good only in narrow, focused, and stable domains
Weak AI + examples
performs a useful and specific function that once required human intelligence to perform, and does so at human levels or better (for example, character recognition, speech recognition, machine vision, robotics, data mining, medical informatics, automated investing, and many other functions).
4 technological advancements that have led to advancements in AI
- Advancements in chip technology
- Big data
- The internet and cloud computing
- Improved algorithms
First stage of AI applications
Recommendation systems, i.e. next up on youtube
Second stage AI applications
Analyze data that traditional companies have collected and labeled in the past
Third stage applications
Analyze additional data from smart devices and sensors
Fourth stage AI applications
Integrate 1-3 and enable machines to sense and respond to the world around them i.e. autonomous cars
Expert systems
Expert systems (ESs) are computer systems that attempt to mimic human experts by apply- ing expertise in a specific domain. Expert systems can either support decision makers or com- pletely replace them.
Problems of expert systems (3)
- transferring domain expertise from human experts to expert system can be hard because humans can’t always explain how they know/what they know (not always aware of complete reasoning process)
- even if domain experts can explain the reasoning process, automating it may not be possible (difficult to program all the possible decision paths in an expert system)
- in some contexts, potential liability from use of expert systems, i.e. medical treatment
Machine Learning
machine learning (ML) is the ability to accurately perform new, unseen tasks, built on known properties learned from training or historical data that are labelled.
In banking, automated fraud detection systems use _________ ________ to identify behaviour patterns that could indicate fraudulent payment activity.
Machine Learning
Deep learning
Deep learning is a subset of machine learning in which the system discovers new patterns without being exposed to labelled historical or training data
Example applications of deep learning include
speech recognition, image recognition, natural language processing, drug discovery and toxicology, and customer relationship management.
Neural Network
A neural network is a set of virtual neurons or central processing units (CPUs) that work in par- allel in an attempt to simulate the way the human brain works, although in a greatly simplified form. The neural network assigns numerical values, or weights, to connections between the neurons.
6 steps of neural network image processing
- Each layer of the neural network manages a different level of abstraction.
- To process an image, the first layer is fed with raw images.
- That layer notes aspects of the images such as the brightness and colors of individual pixels, and how those properties are distributed across the image.
- The next layer analyzes the first layer’s observations into more abstract categories, such as identifying edges, shadows, and so on.
- The next layer analyzes those edges and shadows, looking for combinations that signify features such as eyes, lips, and ears.
- The final layer combines these observations into a representation of a face
Deep neural network
DL automates much of the feature extraction piece of the process.
Eliminates some of the manual human intervention.
Enables the use of large data sets
4 main components of neural network
Inputs, weights, bias/threshold, output
Layers of processing sound in neural network
- the first layer of processors learns the smallest unit of speech sound, called a phoneme.
- The next layer finds combinations of sound waves that occur more often than they would by chance alone.
- The next layer looks for combinations of speech sounds such as words,
- and the final layer can recognize complete segments of speech.
Computer vision
Computer vision refers to the ability of information systems to identify objects, scenes, and activities in images. Computer vision applications are designed to operate in unconstrained environments.
Natural language processing
Natural language processing refers to the ability of information systems to work with text the way that humans do. For example, these systems can extract the meaning from text and can generate text that is readable, stylistically natural, and grammatically correct.
Speech recognition
Speech recognition focuses on automatically and accurately transcribing human speech. This technology must manage diverse accents, dialects, and background noise.
Intelligent agent + 3 types
An intelligent agent is a software program that assists you, or acts on your behalf, in per- forming repetitive computer-related tasks.
three types of agents: information agents, monitoring and surveillance agents, and user or personal agents.
Information agents + ex
Information agents search for information and display it to users. The best-known information agents are buyer agents. A buyer agent, also called a shop- ping bot, helps customers find the products and services they need on a website
I.e. • The information agents for Amazon.com display lists of books and other products that customers might like, based on past purchases.
Monitoring and surveillance agents + example
Monitoring and surveillance agents, also called predictive agents, constantly observe and report on some item of interest.
I.e. • Monitoring and surveillance agents can watch your competitors and notify you of price changes and special offers
User agents + example
User agents, also called personal agents, take action on your behalf.
I.e. • Check your email, sort it according to your priority rules, and alert you when high-value emails appear in your inbox.
Ethics
Ethics refers to the principles of right and wrong that individuals use to make choices that guide their behaviour
5 widely used ethical frameworks
Utilitarian Rights Fairness Common good Deontology
Utilitarian approach
an ethical action is the one that provides the most good or does the least harm
Rights approach
an ethical action is the one that best protects and respects the moral rights of
the affected parties. (who has what right? Can we list them all and agree upon them?)
Fairness approach
ethical actions treat all humans equally, or if unequally, then fairly, based on
some defensible standard (all humans are equal)
common good approach
respect and compassion for all others is the basis for ethical actions. (welfare for everyone, free education for all)
Deontology approach
morality of an action is based on whether that action itself is right or wrong under a series of rules - not based on consequences of the action (forget about self-defense)
3 fundamental tenets of ethics
- Responsibility means that you accept the consequences of your decisions and actions.
- Accountability refers to determining who is responsible for actions that were taken.
- Liability is a legal concept that gives individuals the right to recover the damages done to them by other individuals, organizations, or systems
4 steps of traditional approach + a question in each one
- Recognize an ethical issue
• Could this decision or situation damage someone or some group?
• Does this decision involve a choice between a good and a bad alternative?
• Is this issue about more than what is legal? If so, how? - Get the facts
• What are the relevant facts of the situation?
• Do I know enough to make a decision?
• Which individuals and/or groups have an important stake in the outcome?
• Have I consulted all relevant persons and groups? - Evaluate alternative actions
• Which option will produce the most good and do the least harm? (the utilitarian approach)
• Which option best respects the rights of all stakeholders? (the rights approach)
• Which option treats people equally or proportionately? (the fairness approach)
• Which option best serves the community as a whole, and not just some members? (the common good approach) - Make a decision and test it
• Considering all the approaches, which option best addresses the situation?
• Act and reflect on the outcome of your decision
• How can I implement my decision with the greatest care and attention to the concerns of all stakeholders?
• How did my decision turn out, and what did I learn from this specific situation?
Giving Voice to Values Approach steps and questions
- Identify an ethical issue
• What are the different issues that give rise to this ethical issue?
• What are the values of the individuals or organizations underlying this ethical issue?
• Is there a possibility of action to resolve the ethical issue? - Purpose and choice
• What personal choices do you have in reacting to this ethical issue?
• What is your most appropriate professional choice, being guided by professional rules, and what would be a “good” choice? - Stakeholder analysis
• Who is affected by the ethical issue?
• How are they affected, considering if I do give voice to resolving the issue?
• How are they affected, considering if I do not give voice to resolving the issue?
• How can I connect with the stakeholders to best deal with the ethical issue? - Powerful response
• Who is my audience?
• What types of things could I say to provide a response to the ethical issue?
• What are some inhibiting arguments that would prevent me from acting?
• What could I say in response to the inhibiting arguments (called an enabling argument)?
• What external arguments (called levers) support my enabling arguments?
• What external research supports or refutes my arguments? - Scripting and coaching
• What words (script) could I use when talking about the ethical issue? (consider both positive and negative responses)
• Who can I practise with?
• How would I approach my audience to provide the best opportunity for discussing the ethical issue?
The diversity and ever-expanding use of IT applications have created a variety of ethical issues. These issues fall into four general categories:
Privacy issues involve collecting, storing, and disseminating information about individuals.
2. Accuracy issues involve the authenticity, fidelity, and correctness of information that is col-
lected and processed.
3. Property issues involve the ownership and value of information.
4. Accessibility issues revolve around who should have access to information and whether they should pay a fee for this access.
Privacy issues questions
What information about oneself should an individual be required to reveal to others?
What kinds of surveillance can an employer use on its employees?
What types of personal information can people keep to themselves and not be forced to reveal to others?
What information about individuals should be kept in databases, and how secure is the information there?
Accuracy issues questions
Who is responsible for the authenticity, integrity, and accuracy of the information collected?
How can we ensure that the information will be processed properly and presented accurately to users?
How can we ensure that errors in databases, data transmissions, and data processing are accidental and not intentional?
Who is to be held accountable for errors in information, and how should the injured parties be com- pensated?
Property issues questions
Who owns the information?
What are the just and fair prices for its exchange?
How should we handle software piracy (illegally copying copyrighted software)?
Under what circumstances can one use proprietary databases?
Can corporate computers be used for private purposes?
How should experts who contribute their knowledge to create expert systems be compensated? How should access to information channels be allocated?
Accessibility issues questions
Who is allowed to access information?
How much should companies charge for permitting access to information? How can access to computers be provided for employees with disabilities? Who will be provided with the equipment needed for accessing information?
What information does a person or an organization have a right to obtain, under what conditions, and with what safeguards?
Privacy
privacy is the right to be left alone and to be free of unreasonable personal intru- sions
Information privacy
Information privacy is the right to determine when, and to what extent, information about you can be gathered or communicated to others.
Code of ethics
a collection of principles that are intended to guide decision making by members of an organization.
Who can privacy rights apply to
individuals, groups, and institutions.
Court decisions have followed 2 rules for defining privacy:
Right of privacy is not absolute. Your privacy must be balanced against the needs of society.
Public’s right to know supersedes the individual’s right of privacy.
Digital dossier
an electronic profile of you and your habits.
Profiling
The process of forming a digital dossier
Electronic surveillance
Using technology to monitor individuals as they go about their daily routines
Data aggregation
Process of gathering data and presenting it in a h
summarized format.
Personal information is being kept in
Databases
Privacy policies/privacy codes
Privacy policies or privacy codes are an organization’s guidelines for protecting the privacy of its customers, clients, and employees.
Opt-out model
The opt-out model of informed consent permits the company to collect personal information until the customer specifically requests that the data not be collected.
Opt-in model
Privacy advocates prefer the opt-in model of informed consent, which prohibits an organization from collecting any personal information unless the customer specifically authorizes it.
What do data aggregators do
Data Aggregators collect public and non-public data (e.g. social insurance numbers and financial data) then integrate these data to form digital dossiers on most adults in North America.
3 privacy policy guidelines
Data collection
Data accuracy
Data confidentiality
Privacy policy guidelines help to
Codify requirements for employees
Provide a standard set of procedures
Protect organizations from litigation
Can be used as a measurement tool if disciplinary action is required