NAU 2020 Fall Semester > ISM 360 > Flashcards
ISM 360 Flashcards
A thermostat reaches a certain temperature and sends a signal to the air conditioner to begin cooling the room. Sending the signal to the air conditioner is known as what?
Feedback
Data
Control
Information
A process
e. control
Decision making involves choosing alternatives. Making this choice requires ____________.
researching every available source
information about the alternatives
reviewing unsolicited information
full knowledge of all available options
input from management
c. information about the alternatives
All of the following are tips for evaluating an applicant’s resume except:
Seek out additional references through contacts within the organization
Perform a Web search of the candidate
Hire a company to conduct background searches on all of your applicants
Look for inconsistencies
Ask the applicant for specific dates of employment and verify these dates
Hire a company to conduct background searches on all your applicants
Stephanie has put together a list of guests as well as the gifts each guest brought to both her wedding shower and wedding. What is the best method for her to store this data?
Spreadsheet
Database
Filing cabinet
Document
PowerPoint
Database
Netflix has countless copies of the newest movies released, as well as countless members that are willing to rent the newest movie. What type of relationship would this example mostly likely be?
One to one
One to many
One to two
Recursive
Many to many
many to many
To be useful, information is ______ and ________ , which leads to knowledge.
understood, explained
interpreted, applied
complete, evaluated
reviewed, approved
identified, dissected
b. interpreted, applied
Because of traffic congestion near campus, a local taxi company has purchased rickshaws to transport students around the area. This is the first company to do this at your campus. What strategy of the 7S framework is being implemented here?
Positioning for speed
Simultaneous and sequential strategic thrusts
Shifting the rules of competition
Signaling strategic intent
Superior stakeholder satisfaction
shifting the rules of competition
Considering information quality costs, when purchasing which of the following would you most likely want to consider “high quality” information?
Office supplies
Computer
Store front sign
New office building
Telephone
New office building
A new Gelato business has opened next to campus, and has a Facebook and Twitter page that it monitors for customer requests, suggestions, and trends for new flavors and/or services. What strategy of the 7S framework is being implemented here?
Positioning for speed
Positioning for surprise
Signaling strategic intent
Strategic soothsaying
Superior stakeholder satisfaction
Strategic soothsaying
People in __________________ careers use systems to retrieve, report on and analyze information contained in systems.
information systems
information research
information analysis
insurance adjusters
accounting and finance
information analysis
Chapter 1 The Value of Information
Information technology:
hardware, software and media used to store, organize, retrieve and communicate information
Information system:
organized combination of hardware, software, infrastructure, data and people used to accomplish a specified organizational or personal objective
DIK Hierarchy
Data –> Information –>Knowledge,
DIK curve the Wisdom
Connectedness
information requires connecting data elements to give them context and meaning.
Usefulness
information that is interpreted and applied is useful, leading to knowledge.
Information Literacy
Know when information is needed Be able to locate, evaluate and effectively use that information
Business Uses of Information
Communication Support processes Decision making Some businesses also use information as a product.
Bélanger
Business Process
Business process: • set of coordinated activities that lead to a specific goal or outcome
Chapter 2 Introduction to Information Systems
Information system (IS):
combination of technology, data, people and processes that is directed towards the collection, manipulation, storage, organization, retrieval, and communication of information.
System:
set of interacting components, working together to form a complex, integrated whole in order to achieve some goal by taking inputs and processing them to produce outputs.
A system has a goal or purpose and is made up of different pieces, called components.
Components can take many different forms ranging from human organs to computer software.
Components work together, they are inter-related
Open system:
interacts with its environment.
Equifinality
many different potential paths to the final outcome.
Foundations of Information Systems
Input:
Collection of data and their conversion into a form that allows processing.
Processing:
Manipulation and transformation of data.
Storage:
Holding place for data so that they can be retrieved at a later time.
Output
: Transformation of processed data into a form that can be understood by its eventual user.
Control:
Enforcement of correct processing procedures.
Elements of an Information System
data, people, produres, media, software (Systems software • Application software), hardware
Information systems . . .
let us gather large amounts of data quickly, easily and reliably allow businesses to store and organize very large amounts of data perform their data manipulations quickly, accurately and consistently let us retrieve and output information in a variety of forms, depending on what is useful to users
IS and Organizational Change
IS can generate organizational change Process improvements Customer self service (ATM) Automation Online ordering (Amazon.com) Control Prerequisite check for course registration Information flow Changing course grade when required
Common Information Systems
Personal applications Help make individuals’ work more efficient and effective. Transaction processing systems Collect, monitor, process and store large volumes of data that are created by business processes Functional and management information systems Focus on functional areas of the organization, such as financial management systems, sales force automation systems, or human resources administration systems Integrated enterprise systems Integrated, enterprise-wide, impact multiple functional areas Interorganizational systems Span organizational boundaries to connect companies to suppliers and customers. Global systems Systems across national boundaries
individual –> entire organization –> multiple organization
Chapter 3 Evaluating Information
Information Overload
Being faced with more information than one can effectively process.
The more information we have to sift through, the less attention we have to devote to other tasks.
It reduces productivity, increases stress, and can lead to physical health problems.
Dealing with Information Overload
Withdrawal:
disconnecting from sources of information (e.g., not checking email, turning off the TV, not surfing the Web)
Filtering:
knowing what information we need and what information merits attention and use Requires knowing how to evaluate information, a critical skill in today’s information rich world
Information Quality
Bad information can lead to bad decisions “Garbage in, garbage out”
Dimensions of information quality
Intrinsic quality: important dimensions of quality regardless of the context or how the information is represented.
Contextual quality: dimensions that may be viewed differently depending on the task at hand. Representational quality: how the information is provided to the user.
Accessibility quality: whether authorized users can easily access the information.
Information Quality Dimensions
Information Quality Intrinsic Dimension
Accurate: Correct, free from error and reliable
Believable: Regarded as true and credible
Objective: Free from bias
Understandable: Easily comprehended
Consistent: Compatible with previous information
Information Quality Contextual Dimension
Relevant: Applicable and useful for the task at hand
Timely: Available in time to perform the task at hand
Complete: Of sufficient depth and breadth for the task at hand
Current: Sufficiently up-to-date for the task at hand
Information Quality vs. Costs
Context of information quality matters
For example, stock price information is often delayed for free information services; this is acceptable to casual investors but devastating for a day trader
High quality information, however, is costly
The goal is information that is of sufficient quality to carry out tasks effectively
Evaluating Information
Is the information useful?
•Relevant •Appropriate •Curren
Is the information believable?
•Credible •Objective •Supported •Comprehensive
Evaluating Usefulness of Information
Relevance:
degree to which the information is pertinent to the task at hand. There are varying degrees of relevance, which are context-dependent
Appropriateness
degree to which the information is suitable for your purpose. Needs an assessment of the level of detail and depth of information needed; which are context-dependent
Currency:
degree to which the information is up-to-date. Requires deciding how current the information needs to be
Credibility:
whether the source of information can be trusted. Formal publications, widely published authors, tend to have more credibility
Objectivity:
whether the source of information appears unbiased. Language that is more fact-based and neutral is more likely to be objective
Supported claim:
whether the information provided is supported and whether this support is of good quality. Involves looking at the reasonableness of the claim and whether it is testable
Comprehensiveness:
depth and breadth of the information. Breadth: whether all aspects of a topic are covered Depth: the level of detail provided.
Chapter 4 Gaining Strategic Value from Information
Strategic Information Systems
Designed and implemented to enable creation and appropriation of value (competitive advantage) No need for proprietary IT: Technology alone does not determine added value.
Strategic IS Planning Process
Strategic planning
: a structured set of steps, in an iterative process.
Goal:
identification of strategic information systems initiatives.
Information Systems Strategic Planning Process
- Strategic Business Planning
- Information Systems Assessment
- information systems vision
- Information Systems Architecture
- Strategic Initiatives Identification
2 and 3 can go back 1
4 and 4 can go back 3
Step 1: Strategic Business Planning
Know Who You Are
Identify the organization’s: Mission Strategies (How to achieve the mission) Goals and objectives
Bélanger
Step 2: Information Systems Assessment
Know Where You Start
Assessment of the organization’s current IS resources and how well they fulfill the needs of the organization But… IS resources IT resources Technical resources Data and information resources Human resources
Step 3: Information Systems Vision
Know Where You Want To Go
Broad statement of how the organization should use and manage its information systems for strategic purposes
Information Systems Vision —> Firm’s Business Strategy (aligned and reflect)
Step 4: Information Systems Architecture
Know How You Are Going To Get There
How IS resources should be used and how they should work together.
Architectural guidelines can include statements about all information resources hardware, software, networks
Step 5: Strategic Initiatives Identification
Know What You Need
Proposals Long-term (two to five year) Identify new systems, new projects, or new directions for the organization
Frameworks IS SWOT Analysis Porter Five Competitive Forces Model Porter’s Value Chain Virtual Value Chain
Advantages of IS Strategic Planning Process
Improved Communication
Improved Coordination
Shared mental image of initiatives
Clear responsibilities agreed upon
Improved Decision Making
Clear guidelines and criteria
Consistent decisions making over time
Information Systems SWOT Analysis
Strengths
What gives the organization advantages over others in their industry?
leadership position in online retailing
Weaknesses
What creates disadvantages for the organization relative to others in their industry?
Increased size of the company requires more investments
Opportunities
What activities or factors could help the organization get new advantages over others in their industry?
Expand to services instead of just retailing
Threats
What activities or factors could create disadvantages or troubles for the organization relative to others in their industry?
Increasing global competition from online retailers
Porter’s Five Competitive Forces Model
Analysis of how competitive an industry. Can determine if a particular market could be attractive for an organization to consider.
Bélanger
- potential threat of new entrants
- bargaining power of buyers
- potential threat of substitutes
- bargaining power of supplies
1-4 cause industry competitive rivarity
Porter’s Value Chain
Two types of activities:
primary and support
Competition can come from two sources:
Lowering cost to perform an activity
Adding value to product or service
Primary Activities
Inbound Logistics -> Manufacturing Assembly
->Outbound Logistics ->Marketing and Sales -> Service
Support Activities
Human Resources -> Information Technology ->Administrative Support -> Procurement
Virtual Value Chain
- Gathering Data & Information
- Organizing Data & Information
- Selecting Information
- Synthesizing Information
- Distributing Information
Evaluating Strategic Initiatives
Cannot implement all initiatives
Therefore, evaluate them with tools like:
Critical Success Factors:
Important considerations to be achieved for organizational survival and success
Not focused on technology!
Aligned with business vision and mission
Only a few critical success factors
Priority Matrix
Priority Matrix
y:Potential Returns (Revenues, market, etc.)
x:Ease of Implementation (Low cost, effort, etc.)
evaluate: high y and low x
stay away: low y and low x
quick wins: low y and high x
imparitives: high y and high y
D’Aveni’s 7Ss for Hyper-competition
Superior stakeholder satisfaction:
Maximizing customer satisfaction by adding value strategically.
Strategic soothsaying
Using new knowledge to predict or create new windows of opportunity.
Positioning for speed
Preparing the organization to react as fast as possible.
Positioning for surprise
Preparing the organization to respond to the marketplace in a manner that will surprise competitors.
Shifting the rules of competition
Finding new ways to serve customers, transforming the industry.
Signaling strategic intent
Communicating intentions in order to stall responses by competitors.
Simultaneous and sequential strategic thrusts
Taking steps to stun and confuse competitors in order to disrupt or block their efforts.
Chapter 5 Storing and Organizing Information
Database:
organized collection of data.
Relational database:
organizes data in connected two-dimensional tables; dominant type of database for business.
Database management system
(DBMS): provides means for creating, maintaining, and using databases.
Multi-tiered Architecture
application requests data from and sends datas updates database; database sends requested data
Spreadsheets vs. Databases
Spreadsheets Issues
Unnecessary duplication Inconsistent data Difficulty in data retrieval and search Poor data integrity Errors
Good for analyzing and displaying information visually
Database Issues
Requires more planning and designing
Good for storing and organizing information
Relational Database
organizes data in connected two-dimensional tables; dominant type of database for business.
Relational Databases - Terminology
Record:
set of fields that all pertain to the same thing
Field:
some characteristic of the thing
Primary key (PK):
unique identifier Each table in a database has a primary key.
Composite primary key:
PK made up of more than one field.
Foreign keys:
fields that reference a primary key in a related table. This cross-referencing of tables is a relationship.
Normal Forms
Rules that govern relational database
to ensure data consistency by eliminating unnecessary redundancy.
A particular row in a table can be related to at most one row in a related table.
For example, in most businesses a specific order can only be related to one customer.
A customer can have multiple orders (1:many)
Relationships
Relational databases store one-to-many relationships (1:many)
Many-to-many relationships also exist
In these relationships, a specific row can be related to multiple rows in a related table.
This is true in both directions (many:many).
Many-to-many relationships require creating a new table that links the two related tables.
These are called linking or intersection tables.
One-to-One Relationships
Although they are more unusual, one-to-one relationships also exist.
A specific row in a table can be related to at most one row in a related table (1:1)
This is true in both directions of the relationship
Database Diagrams
Using actual data to show the structure of a database only works for very small databases. For larger databases, we use database schema diagrams.
Entity-relationship diagrams (ERD)
Database schemas 数据库模式
Online Databases
These databases serve a different purpose than databases we discussed earlier Very useful for performing research Contain pointers to sources of information Most of these are available through libraries
Big Data
Vast amount of data created and stored that ahs grown beyond the capabilities of traditional data processing tools and applications.
Often in terabytes or petabytes
Can be designed with traditional relational databases, or via alternative methods
Big Data Challenges
How should the data be stored?
Data is unstructured, unlike relational data Network-attached storage (NAS)
Uses a series of file servers that can easily expand to grow capacity and high-speed connections between them
Direct-attached storage (DAS)
Keeps data more centralized for faster access time for processing; limits scalability of data size
Hybrid approaches: store data with NAS; access temporary data with DAS
Data lakes: huge volumes of data in original format with unique identifiers and tags describing what data is about.
In most data repositories data structure and requirements are defined up front.
In data lake, data structures and requirements are not defined until the data are needed.
How do data from various sources integrate with one another?
Big data uses E/T/L process (extract, transform, load)
How are data retrieved and disseminated?
If structured data: SQL
If unstructured: NoSQL (“Not only SQL”) Greater scalability and efficiency in storing and retrieving data. Dynamic creation of a table per query Allows ad hoc queries
Data Analytics: Interpretation of the data regardless of how it is stored
Here are the main points discussed in the chapter 1:
- Data are raw symbols or unconnected facts.
- Information is processed data that is useful.
- Knowledge is information that is applied to a decision or action.
- Information literacy is an important professional and personal skill.
- Being information literate requires being able to efficiently and effectively determine information needs and then acquire, evaluate, use, and manage that information ethically.
- Businesses use information for communication, process support, and decision making.
- Information-related knowledge is important to virtually all careers.
- There are many careers that involve designing, building, supporting, managing, and analyzing information.
chapter 1 GLOSSARY
Business process: Set of coordinated activities that lead to a specific goal or outcome.
Data: Raw symbols (unconnected facts).
Decision making: Process of choosing among alternative courses of action.
Information: Data that has been processed so that it is useful.
Information literacy: The ability to know when information is needed, and to be able to locate, evaluate, and effectively use that information.
Information system (IS): A combination of technology, data, people, and processes that is directed toward the collection, manipulation, storage, organization, retrieval, and communication of information.
Information technology (IT): The hardware, software, and media used to store, organize, retrieve, and communicate information.
Knowledge: Information that is applied to a decision or action.
Wisdom: The use of knowledge for the greater good.
Here are the main points discussed in the chapter 2:
- Information systems combine technology, data, people, and processes to help collect, manipulate, store, organize, retrieve, and communicate information. • In today’s information-rich business environment, business professionals must be skilled at dealing with a variety of information systems.
- Systems are made up of components that work together to achieve a goal by taking inputs and processing them into outputs.
- The information processing cycle consists of input, processing, storage, output, and control.
- Information systems are made up of six critical elements: data, hardware, software, communication media, procedures, and people.
- Information systems help managers deal with information by improving how data are collected, organized, manipulated, and output.
- Information systems can help enforce business rules. • Information systems facilitate organizational change through improving, automating, and controlling processes and improving information flow.
- Categories of common information systems include personal applications, transaction processing systems, functional and management information systems, integrated enterprise systems, and global systems.
chapter 2 glossary
Business rule: A statement that defines or constrains an aspect of a business with the intent of controlling behaviors within the business.
Control: A set of functions intended to ensure the proper operation of a system.
Electronic data interchange (EDI): A B2B e-business model focusing on the electronic exchange of information between two or more organizations using a standard format.
Equifinality: The idea that in an open system, there are many different potential paths to the final outcome.
Feedback: A process by which a system regulates itself by monitoring its own output.
Information system (IS): A combination of technology, data, people, and processes that is directed toward the collection, manipulation, storage, organization, retrieval, and communication of information.
Open system: A system that interacts with its environment.
Subsystem: A system that is part of a larger system.
System: A set of interacting components that work together to form a complex whole by taking inputs and processing them to produce outputs.
Transaction processing system (TPS): A system that collects, monitors, processes, reports, and stores data generated by an organization’s transactions.
Here are the main points discussed in the chapter 3:
- Being able to evaluate information is a key element of information literacy, which is an important skill for both our professional and personal lives.
- Career and personal success depends, in part, on the outcomes of the decisions we make. Our ability to evaluate the information we use to make these decisions affects the quality of our decisions.
- Information overload occurs when we are faced with more information than we can effectively process.
- Increasing our information evaluation skills helps us deal with information overload by reducing the amount of attention and time we devote to low-quality or nonuseful information.
- Intrinsic dimensions of information quality include accuracy, believability, objectivity, understandability, and consistency.
- Contextual dimensions of information quality include relevance, timeliness, completeness, and currency.
- Evaluating information concerns determining whether the information is useful and believable.
- Useful information is relevant, appropriate, and sufficiently current for the task at hand.
- Believable information is credible, objective, well supported, and comprehensive.
chapter 3 GLOSSARY
Accurate (information): The degree to which information is correct and free from error.
Believable (information): The degree to which information is regarded as true and credible.
Comprehensive (information): The degree to which information is of sufficient depth and breadth for the task at hand.
Consistent (information): The degree to which information is compatible with previous information.
Current (information): The degree to which information is sufficiently upto-date for the task at hand.
Information evaluation: The systematic determination of the merit and worth of information.
Information overload: Being faced with more information than one can effectively process.
Information quality: The degree to which information is suitable for a particular purpose.
Objective (information): The degree to which information is free from bias.
Relevant (information): The degree to which information is applicable and useful for the task at hand.
Timely (information): The degree to which information is available in time to perform the task at hand.
Understandable (information): The degree to which information is easily comprehended.
Here are the main points discussed in the chapter 4:
• There are five main steps in the strategic planning process:
- Strategic business planning
- Information systems assessment
- Information systems vision
- Information systems architecture
- Strategic initiatives identification
- We discussed four frameworks that can be used to identify strategic information systems initiatives. The SWOT analysis is used for managers to identify strengths, weaknesses, opportunities, and threats for the organization. Porter’s Five Competitive Forces Model helps managers analyze the organization’s competitive position by looking at five major forces in the firm’s competitive environment: threats of new entrants, threats of substitutes, bargaining power of buyers, bargaining power of suppliers, and industry rivalry. Porter’s value chain helps managers identify all the activities that the organization must perform to conduct its business. Finally, the virtual value chain looks at activities that turn raw data into useful information instead of looking at activities that turn raw materials into a final product like in manufacturing organizations.
- We discussed two methods for evaluating strategic initiatives: the critical success factors method, and the priority matrix. Critical success factors (CSFs) are those few important considerations that must be achieved for the organization to survive and be successful (i.e., achieve its mission). The priority matrix allows managers to evaluate potential initiatives and prioritize them along two key dimensions: the ease of implementation and the potential returns.
- Hypercompetition is when competitors rapidly erode competitive advantages; in this case, organizations should focus on market disruptions instead of trying to sustain competitive advantages.
chapter 4 GLOSSARY
Bargaining power of buyers: In Porter’s Five Competitive Forces Model, determines the ability of the organization’s buyers (customers) to reduce the organization’s competitive position.
Bargaining power of suppliers: In Porter’s Five Competitive Forces Model, determines what is the ability of the organization’s suppliers to reduce its competitive position.
Critical success factors (CSFs): The few important considerations that must be achieved for the organization to survive and be successful (i.e., achieve its mission).
Evaluate: In a priority matrix, the initiatives that need to be discussed and evaluated thoroughly by managers.
Hypercompetition: When competitive advantages are rapidly eroded by competitors and organizations should focus on market disruptions instead of trying to sustain competitive advantages.
Imperatives: In a priority matrix, the initiatives that should be relatively easy to implement and have the potential to bring high returns to the organization.
Industry competitive rivalry: In Porter’s Five Competitive Forces Model, determines the current level of competition in the industry.
Information systems architecture: Specifies how information systems resources should be used and how they should work together.
Information systems assessment: The step of planning process where the organization identifies the current state of information systems resources in the organization.
Information systems vision: A broad statement of how the organization should use and manage its information systems for strategic purposes.
Opportunities: In a SWOT analysis, determines the activities or factors that could help the organization get new advantages over others in its industry.
Porter’s Five Competitive Forces Model: Framework to help managers analyze the organization’s competitive position by looking at five major forces in the firms’ competitive environment: threats of new entrants, threats of substitutes, bargaining power of buyers, bargaining power of suppliers, and industry rivalry.
Porter’s value chain analysis: Framework to help managers identify all the activities that the organization must perform to conduct its business.
Positioning for speed: In D’Aveni’s 7 Ss framework, a strategy about preparing the organization to react as fast as possible.
Positioning for surprise: In D’Aveni’s 7 Ss framework, a strategy about preparing the organization to respond to the marketplace in a manner that will surprise competitors.
Potential threat of new entrants: In Porter’s Five Competitive Forces Model, determines how easy is it for new companies to enter the market in which the organization operates.
Potential threat of substitutes: In Porter’s Five Competitive Forces Model, determines the likelihood that other products of equal or superior value are available.
Priority matrix: Framework that allows managers to evaluate potential initiatives and prioritize them along two key dimensions: the ease of implementation and the potential returns.
Quick wins: In a priority matrix, the initiatives that do not have much upside potential but are easy to implement.
Shifting the rules of competition: In D’Aveni’s 7 Ss framework, a strategy about finding new ways to serve customers, thereby transforming the industry. 、
Signaling strategic intent: In D’Aveni’s 7 Ss framework, a strategy about communicating intentions in order to stall responses by competitors.
Simultaneous and sequential strategic thrusts: In D’Aveni’s 7 Ss framework, a strategy about taking steps to stun and confuse competitors in order to disrupt or block their efforts.
Strategic information systems: Information systems specifically meant to provide organizations with competitive advantages.
Strategic information systems initiatives: Detailed (usually two- to fiveyear) plans for implementation of systems that may result in a new strategic direction for the organization.
Strategic planning process: Structured set of steps to identify strategic information systems.
Strategic soothsaying: In D’Aveni’s 7 Ss framework, a strategy about using new knowledge to predict or create new windows of opportunity.
Stay away: In a priority matrix, the initiatives that would be difficult to implement and would have limited potential returns.
Strengths: In SWOT analysis, asks what gives the organization advantages over others in its industry.
Superior stakeholder satisfaction: In D’Aveni’s 7 Ss framework, a strategy about maximizing customer satisfaction by adding value strategically.
SWOT analysis: Framework used by managers to identify strengths, weaknesses, opportunities, and threats for the organization.
Threats: In SWOT analysis, determines what activities or factors could create disadvantages or troubles for the organization relative to others in its industry.
Virtual value chain: Framework that looks at activities that turn raw data into useful information instead of looking at activities that turn raw materials into a final product like in manufacturing organizations.
Weaknesses: In SWOT analysis, determines what activities create disadvantages for the organization relative to others in its industry.
Here are the main points discussed in the chapter 5:
- Database management systems provide the means for creating, maintaining, and using databases.
- Spreadsheets are good for storing simple lists of information. However, they have a number of limitations that render them less effective for more complex data management.
- A relational database stores data in the form of connected tables. Tables are made up of records and fields.
- In a relational database, a record is a set of fields that all pertain to the same thing, while the fields represent some characteristic of the thing. • In a relational database, foreign keys are fields that reference the primary keys in related tables.
- A database diagram shows the logical structure of a relational database, including its tables, fields, and relationships among tables. Primary and foreign keys are also indicated.
- There are many online databases that store a vast array of information. These databases include article databases, market and economic databases, and databases of demographic and governmental information, among other topics. Examples include LexisNexis Academic (article database), Federal Reserve Economic Data service (economic data), and Monster.com (employment database).
- Big Data provides a new opportunity to analyze information and identify trends that can help businesses make better-informed decisions.
chapter 5 GLOSSARY
Big Data: The vast amount of data that are created and stored that have grown beyond the capabilities of traditional data processing tools and application.
Database: An organized collection of data.
Database management system (DBMS): A set of programs that control the creation, maintenance, and use of databases.
Field: In a relational database, stores data about a single characteristic of a record.
Foreign key: In a relational database, a field (or fields) that references the primary key of a related table.
Primary key: In a relational database, the unique identifier of a record.
Record: In a relational database, a set of related fields.
Relational database: A data store that organizes data in connected twodimensional tables.
Chapter 6
CHAPTER SUMMARY
Here are the main points discussed in the chapter:
• Good decision making requires good information and good decision making skills, processes, and tools.
- Decision-making skills are critical to a successful business career. These skills are highly sought after by business employers.
- Decision-making skills become increasingly important as one moves to higher levels of responsibility in a business. This is because decisions made at higher levels are more complex and have greater impacts.
- Making good decisions requires good information. Insufficient, inaccurate, or untimely information hurts decision making.
- Information impacts the following with respect to decision making: the constraints that limit the number of alternatives, the alternatives themselves, the forecast of the potential outcomes from each alternative, and the means for comparing and selecting among the alternatives.
- Structured decisions are routine and repetitive and often have welldefined procedures for making them. Unstructured decisions are novel; we do not know exactly how to go about making them, what information is needed, or how to use that information. Semistructured decisions have elements of both structured and unstructured decisions.
- Decision making can be done by completing the following steps: 1. Identify and clearly define the problem. 2. Define the requirements and goals of the decision. 3. Identify alternatives. 4. Define the decision criteria. 5. Select the appropriate decision-making tools. 6. Evaluate the alternatives using the criteria. 7. Check that the solution solves the problem.
- Many information analysis tools exist, including tools for information retrieval, information analysis, knowledge management, and communication.
- Information retrieval tools include database management systems, reporting tools, and document management tools.
- Information analysis tools include electronic spreadsheets, statistical software, and data visualization tools.
GLOSSARY
Data visualization:
A visual representation of data with the goal of clearly communicating or better understanding the meaning of the data.
Decision:
A choice among alternatives.
Decision alternative:
A method for transforming the current condition into the desired state.
Decision criteria:
Objective measures of decision requirements and goals that discriminate among the alternatives.
Decision goal:
Desired decision solution requirements that go beyond the minimum, essential requirements.
Document management system:
A system that assists with managing, locating, retrieving, and tracking documents.
Goal-seek analysis:
An analysis that determines the value of a particular input variable that will produce the desired output (the goal).
Reporting tools: Information systems tools that allow users to create reports without knowing special commands.
Requirement (decision):
A condition that any acceptable solution must provide.
Semistructured decision:
A decision for which some elements are structured and others are unstructured.
Structured decision:
A decision that is routine and repetitive and often has well-defined procedures for making the decision.
Unstructured decision:
A decision that is novel and therefore has no agreedupon, well-understood procedure for making the decision.
“What-if” analysis:
An analysis that involves seeing how changes in one or more input variables impact the value of one or more outcome variables. Also known as sensitivity analysis.
chapter 7 summary
- A network is a collection of interconnected devices that allow users and systems to communicate and share resources. The network requires connecting devices such as routers, bridges, or switches. Each device on the network requires a network interface card (NIC, or network adapter). Repeaters and hubs can be used to regenerate signals on networks.
- Networks can be classified as wired (using physical connections) or wireless (using airwaves for connections). Wireless networks include Wi-Fi, microwave signals, satellite signals, infrared signals, and radio signals, including cellular networks and Bluetooth. Networks can also be classified as local area networks (LANs), which connect devices in a limited geographical area, or wide area networks (WANs), which connect devices over a large geographic area like a city, a country, or the world. Other networks include metropolitan area networks (MANs), personal area networks (PANs), home area networks (HANs), virtual private networks (VPNs), and backbone networks (BBNs).
- The Internet is a publicly accessible worldwide network of networks. It uses routers to interconnect the various networks together, and every host or computer that is a full participant (permanently connected) on the Internet has a unique address called an IP (Internet Protocol) address. The Internet is a network, not an application. The many applications that can make use of the Internet include the Web, which is a graphical interface to worldwide resources, as well as electronic mail, instant messaging, voice over IP (Internet telephony), desktop videoconferencing, peer-to-peer file sharing, online application sharing, file transfers (FTP), newsgroups, and many more.
- Network architectures describe how devices are supposed to work together. Every architecture has its advantages and disadvantages in terms of ease of implementation, flexibility and interoperability, control, scalability, and security and reliability. The main networking architectures we discussed include client/server architecture, where processing and storage tasks are shared and distributed between clients and servers; peer-to-peer architecture, where systems are equal in sharing their resources with one another; wireless architecture, which defines how devices are to be connected to the wireless network; service-oriented architecture (SOA), which allows data from heterogeneous systems to be used to create reusable services; the software as a service (SaaS) model, where software is acquired via a subscription model; cloud computing architecture, which allows an organization to acquire computing resources from providers instead of having its own locally managed hardware and software; and the virtualization model, where one physical device can operate as if it is several machines.
- Web 2.0 refers to the second generation of applications on the Internet where the user becomes a participant in the interaction. Web 2.0 technologies include wikis, which allow individuals to jointly create and edit Web pages about a chosen topic; instant messaging and presence awareness, which allow several individuals to communicate via realtime text-based messages with presence awareness indicating when colleagues are currently online and connected; collaborative content, which allows several individuals to contribute to and share stored data and documents; Web conferencing, which allows individuals to conduct live meetings via the Internet; social networking, which allows individuals to participate in a community of users connected with each other; blogs, which allow individuals to write commentaries or opinions on anything they want on websites others can read; mashups, which allow users or developers to combine data or applications from several sources to create new ways to view data or new aggregated results; Twitter, which allows individuals to write short text messages of up to 140 characters on their user page for others to “follow”; and RSS, which allows individuals to receive frequently updated information like blogs or news headlines directly on their personal computers.
GLOSSARY
Backbone network (BBN): A network that serves to interconnect other networks (like LANs) or network segments (subnetworks).
Blog (Web log): A website that allows an individual to write commentaries or opinions on anything for anyone to read.
Bluetooth: A wireless network that uses short-wavelength radio transmissions to connect devices such as wireless mice, keyboards, or headphones.
Cellular networks: Networks that use radio communication over local antennas to relays calls from one area to the next.
Client/server architecture: A computing model where the processing and storage tasks are shared and distributed between clients and servers.
Clients: Processes that request services from servers.
Cloud computing: A computing model where an organization acquires or rents computing resources from providers instead of having its own locally managed hardware and software. Also known as on-demand or utility computing.
Collaborative content: A situation in which several individuals contribute to and share stored data and documents.
Crowdsourcing: Mass collaboration of information to solve a problem. Also known as wikinomics.
Desktop videoconferencing: A system allowing individuals in different locations communicate via voice and video on personal computers.
Electronic mail (email): Applications used to send and receive messages through computer networks.
File Transfer Protocol (FTP): A system allowing users to move files back and forth between nodes on the network.
Home area network (HAN): A LAN used within a home office, allowing PCs to share devices such as printers, routers, or scanners.
Hub: A form of repeater that has multiple ports to connect many devices together.
Instant messaging: A system allowing multiple users to communicate synchronously by sending and receiving short text messages online.
Instant messaging and presence awareness: A system allowing several individuals to communicate via real-time text-based messages with presence awareness indicating when colleagues are currently online and connected.
Internet: The publicly accessible worldwide network of networks.
Internet Assigned Numbers Authority (IANA): The organization responsible for assigning IP addresses.
Internet of Things: The connection of physical everyday objects to the Internet that allows them to communicate with one another and other computers.
Internet2: A consortium of research and education institutions, industry leaders, and government agencies that operates the Internet2 network.
Internet2 network: A fiber optics–based network used for high-speed transfers between research institutions and for testing and researching networking technology.
Intranet: The use of Internet technologies and related applications inside an organization.
Internet Protocol Version 4 (IPv4): An older IP addressing scheme that uses 4 bytes for addresses (such as 128.192.68.1) that ran out of addresses to allocate.
Internet Protocol Version 6 (IPv6): A new IP addressing scheme that uses 16 bytes.
Local area network (LAN): A network to connect devices in a limited geographical area (usually fewer than five kilometers).
Mashup: A situation in which users or developers combine data or applications from several sources to create new ways to view data or create new aggregated results.
Mass collaboration: More than one individual gathering information. Also known as wikinomics or crowdsourcing.
Metropolitan area network (MAN): A network that spans a city or a large campus.
Network: A collection of interconnected devices that allow users and systems to communicate and share resources.
Network architecture: The layout or blueprint for how devices are supposed to work together.
Network infrastructure: The actual hardware, software, and networking components that support the processing and transfer of information.
Network interface card (NIC, or network adapter): Provides physical access to a device because it has a unique ID written on a chip that is mounted on the card.
Online application sharing: A system allowing users to share documents, calendars, or other applications using websites.
Peer-to-peer architecture: A computing model where all systems are equal (acting as both clients and servers), sharing their resources with one another.
Peer-to-peer file sharing: File sharing between specific individuals or systems across the Internet.
Personal area network (PAN): A network connecting personal devices to a personal computer (e.g., mouse, microphone, printer) over a very short distance.
Really Simple Syndication (RSS): A format allowing individuals to receive frequently updated information like blogs or news headlines directly on their personal computers.
Repeater: A device that retransmits a data signal that it receives after eliminating noise in the signal and regenerating it for strength.
Router: An intelligent device that controls the flow or transmissions in and
out of a network.
Scalability: The ability to grow or reduce the size of the network as required.
Servers: Processes that provide services to clients by responding to their requests.
Service-oriented architecture (SOA): A computing model or set of design principles of how to take data from heterogeneous systems and create reusable services.
Social networking: Individuals participating in a community of users connected with one another.
Software as a service (SaaS): An architecture or model of computing where the acquisition (or rental) of software is done via a subscription model.
Twitter: A technology allowing individuals to write short text messages of up to 140 characters on their user pages for others to “follow.”
Unified communications (UC): A framework for the integration of the various modes of communication used by an organization, including email, voice mail, videoconferencing, instant messaging, texting, and voice over IP.
Virtualization: A computing model that allows one physical device, such as a server or computer, to operate as if it is several machines.
Voice over IP (Internet telephony): Voice data sent over an IP-based network, such as the Internet.
Web 2.0: The second generation of applications on the Internet where the user becomes a participant in the interaction.
Web 3.0: Computer systems that understand the meaning (semantics) of information and data, resulting in more intelligent searches and more personalized results. Also known as the semantic Web. Web conferencing: A technology allowing individuals to conduct live meetings via the Internet.
Wide area networks (WANs): A network connecting devices over a large geographic area, such as a city, a country, or the world. Wi-Fi: The network name owned by the Wi-Fi Alliance; a wireless network
that uses radio technology.
Wikinomics: A term to describe when individuals voluntarily come together to solve a problem online. Also known as crowdsourcing. Wikis: Web pages individuals jointly create and edit about a chosen topic.
Wired network: A network that makes use of physical cables (copper wires, coaxial, or fiber-optic cables) for connections.
Wireless network: A network that makes use of frequencies to transmit signals. World Wide Web (the Web): The graphical interface to worldwide resources available on the Internet.
chapter 8
summary
- There are three main categories of information security threats: denial of service, unauthorized access, and theft and fraud. Denial-of-service threats are those that render a system inoperative, limit its capability to operate, or make data unavailable. They include intentional acts, such as viruses, malware, and email bombings; careless behavior, such as a lack of backups; and natural disasters. Unauthorized access threats refer to someone accessing systems and/or data illegally. Theft and fraud threats are related to the loss of systems or data due to theft or fraudulent activities, including illegal downloading or copying of software and theft of data using small hardware devices.
- There are three main goals that security tools and policies are meant to address: confidentiality, integrity, and availability (CIA). Confidentiality involves making sure that only authorized individuals can access information or data. Integrity involves making sure that the data are consistent and complete. Availability involves ensuring that systems and/or data are available when they are needed. Two additional goals are authentication (or authenticity) and nonrepudiation. Authentication means making sure that the parties involved are who they say they are and that transactions, data, or communications are genuine. Nonrepudiation refers to making sure one cannot renege on his or her obligations—for example, by denying that he or she entered into a transaction with a Web merchant.
- Security solutions and tools (also called security controls) can be classified as the preventive, detective, or corrective controls. The goal of preventive controls is to stop or limit the security threat from happening in the first place. The goal of detective controls is to find or discover where and when security threats occurred. The goal of corrective controls is to repair damages after a security problem has occurred. Security controls can also be classified as physical or logical. Physical access controls are those security solutions that involve protecting physical access to systems, applications, or data, whereas logical access controls include security solutions that protect access to systems, applications, or data by ensuring users or systems are authenticated and allowed to have such access. Physical access controls can include locks for laptops, locked computer rooms, and secured rooms for backup storage. Logical access controls include user profiles, biometrics, firewalls, encryption, virus protection, and wireless security.
- There are many security solutions. The security solution of user profiles requires users to be assigned profiles that consist of a user identification (self-selected or assigned by the organization) and a set of privileges. Biometrics use human traits and characteristics to recognize individuals to grant them access or to identify them among other individuals. Firewalls are computers or routers that control access in and out of the organization’s networks, applications, and computers. Encryption, also known as cryptography, is the use of mathematical algorithms to convert a message or information into a scrambled message or information that makes it unreadable. Antivirus software looks for virus signatures (patterns) in files and systems to prevent them from being executed. Wireless security is mostly done through encryption such as WEP and WPA.
- Security policies describe what the general security guidelines are for an organization, including procedures, enforcement mechanisms, objectives, and also list actions for the enforcement of procedures.
- Risk management is the process of identifying, assessing, and prioritizing the security risks an organization may face and deciding whether to accept the risks, mitigate the risks, or share the security risks by buying insurance.
GLOSSARY
Active content: Executable files on websites.
Antivirus software: Programs that look for virus signatures or variations of them in files and systems.
Application-level firewall: A firewall that verifies access to applications by requiring users to log into the firewall before they can access applications inside the organization (from outside).
Asymmetrical security warfare: One party must do everything to protect itself, while the other party (the attacker) only needs to find the one security weakness.
Asymmetric encryption: A type of encryption that uses two keys: a public key for encrypting and a private key for decrypting.
Audit logs: Software programs that can scan for unexpected actions to detect potential hackers.
Authentication: A process by which the identity of a transacting party is verified.
Authentication (biometrics): A type of security that matches the individual with his or her stored biometric data.
Availability: System and/or data are available when needed.
Backdoors: Ways for hackers to reaccess the compromised system at will.
Behavioral-based antivirus protection tools: Programs that look for suspicious behaviors in programs instead of just a virus’s signature.
Behavioral biometrics: Biometrics that use human behaviors.
Biometrics: Technologies that use human features to recognize individuals and grant them access.
Cipher: An algorithm used to encrypt and decrypt plaintext.
Ciphertext: An encrypted (unreadable) message.
Confidentiality: Making sure that only authorized individuals can access information or data.
Corrective controls: Controls meant to repair damages after a security problem has occurred.
Decryption: Converting ciphertext back to plaintext.
Decryption key: A key used to convert the unreadable text into its original form.
Defense in depth: Multiple layers of security protections in place.
Denial-of-service threats: Threats that render a system inoperative or limit its capability to operate, or make data unavailable.
Detective controls: Controls meant to find or discover where and when security threats occur.
Dictionary attack: When all words of several dictionaries in multiple languages are tested as passwords with numbers before and after the words.
Disaster recovery: Procedures and tools to recover systems affected by disasters and destruction.
Distributed denial-of-service attacks (DDOS): When many computers are being used for DOS attacks.
DNA recognition: A type of security that analyzes segments from an individual DNA.
Dynamic firewall: Manages the requests as they occur, deciding on both denials and permissions as they arrive.
Dynamic signature recognition: A type of security that analyzes not only the signature but how it is written using pressure points.
Ear recognition: A type of security that analyzes the shape of the ear.
Email bombing: Sending a large number of requests, emails, or synchronization (SYN) messages to fill a target’s mailboxes, systems, communication ports, or memory buffers with the intent of blocking legitimate messages from entering the systems or overloading the system to make it crash.
Encryption: The application of a mathematical algorithm to a message or information that scrambles that message or information to make it unreadable.
Encryption key: A key used to convert the text into an unreadable form. External firewall: A firewall used to protect access to the internal network and computers of the organization.
Facial recognition: A type of security that analyzes facial features or patterns (faceprints). Finger geometry recognition: A type of security that analyzes 3D geometry of the finger.
Fingerprint recognition: A type of security that analyzes ridges and valleys (minutiae) on the surface tips of human fingers. Firewall: A computer or a router that controls access in and out of the organization’s networks, applications, and computers. Firewall appliance: The hardware and software to perform firewall function.
Gait recognition: A type of security that analyzes the walking style or gait of individuals. Hactivism: A type of hacking in which hackers that try to find information that, if revealed, will advance human causes.
Hand geometry recognition: A type of security that analyzes geometric features of the hand, such as length of fingers and width of the hand. Host firewall: A firewall installed on a computer. Identification (biometrics): Identifying an individual from an entire population of individuals with stored biometric data.
Information security: A set of protections put in place to safeguard information systems and/or data from security threats such as unauthorized access, use, disclosure, disruption, modification, or destruction.
Integrity: When data are consistent and complete. Internal firewall: A firewall used inside an organization, between departments or divisions. Iris/retina recognition: A type of security that analyzes features (eyeprints) in the iris or the patterns of veins in the back of the eye (retina).
Key pair: A linked public key and private key. Keystroke capture programs: Software that logs all information entered into a computer. Keystroke recognition: A type of security that analyzes the rhythm and patterns of individuals’ keystrokes on keyboards. Knowledge (in security access): When an individual needs to know something to gain access.
Logical access controls: Security solutions that protect access to systems, applications, or data by ensuring users or systems are authenticated and allowed to have such access. Nonrepudiation: Making sure a party cannot renege on obligations—for example, by denying that he or she entered into a transaction with a Web merchant. Odor recognition: A type of security that analyzes an individual’s odor to determine identity.
Packet-level firewall: A firewall that controls access by looking at the source and destination addresses in data packets. Also called a screening level firewall. Packets: Small units of data that flow through networks, allowing for the transmission of messages. Password crackers: Software used to recover forgotten passwords.
Personal firewall: A firewall installed on a given personal computer. Physical access controls: Controls that involve protecting physical access to systems, applications, or data. Physiological biometrics: Using physical traits to identify individuals. Plaintext: Original message before it is encrypted. Possession: When an individual owns a form of identification.
Preventive controls: Controls meant to stop or limit the security threat from happening in the first place. Principle of least privilege: A form of access control in which users are only given permission to access the minimum amount of information required to complete their jobs.
Risk management: The process of identifying, assessing, and prioritizing the security risks an organization may face and deciding whether to accept, mitigate, or share the security risks. Rootkits: Software that allows hackers to have unfettered access to everything on the system, including adding, deleting, and copying files. Security: Protection against security threats.
Security levels: The layers of protection technologies and policies used to secure stored information. Security policies: Statements describing what the general security guidelines are for an organization. Security procedures: Specific statements describing how to implement the security policies.
Security threats: Broadly categorized as denial of service, unauthorized access, and theft and fraud. Smurfing: When a hacker uses an innocent third party to multiply the messages being sent to the intended target. Sniffer: Software that monitors transmissions, capturing unauthorized data of interest.
Social engineering: Tricking individuals into giving out security information. Sometimes called phishing. Software ports: Applications installed and running on a computer. Spamming: Sending emails to many individuals at once, sending unsolicited commercial email to individuals, or targeting one individual computer or network and sending thousands of messages to it. Spoofing: Pretending to be someone else (or another computer) to enter a system or gain attention.
Spyware: A form of virus that logs everything users do on their computers, unbeknownst to them. Static firewall: A firewall that has predetermined ways of dealing with transmission requests. Static signature recognition: A security measure that compares scanned or ink signatures with stored signatures. Stealth virus: A more advanced virus that changes its own bit pattern to become undetectable by virus scanners. Symmetric encryption: A form of encryption where the same key is used to encrypting and decrypting data.
Target-of-opportunity threats: Threats (such as viruses) sent out to find any
victim possible. Theft and fraud threats: Threats related to the loss of systems or data due to theft or fraudulent activities. Traits: Physical or behavioral human characteristics needed to gain access to systems or data.
Trojan horses: Viruses embedded into a legitimate file. Unauthorized access threats: Individuals who access systems and/or data illegally. User profile: Assigned profiles that consist of a user identification, a password, and a set of privileges. Virtual private network (VPN): A connection that makes use of an open wired network such as the Internet but that provides a secured channel through encryption and other security features.
Virus: A computer program designed to perform unwanted events. Virus hoaxes: False virus alerts sent and resent by individuals. Virus signature: Bit patterns of the virus that can be recognized. Voice recognition (speaker recognition): A security measure that analyzes voice to determine the identity of a speaker; different from speech recognition (determining what is being said).
Wi-Fi Protected Access (WPA): A recent and powerful encryption algorithm for wireless security. Wired Equivalent Privacy (WEP): A protocol that uses encryption established via a preshared key known to the router and the wireless device or computer on a wireless network.
chapter 9
summary
- There are four main categories of threats to information privacy: data collection, unauthorized secondary use of data, improper access to data, and errors in data.
- We identified several technologies used to infringe on and/or protect information privacy, such as cookies, cookie managers, privacy statements and policies, trust seals, and government regulations.
- Information privacy is one of the four components of the PAPA ethical framework, which includes privacy, accuracy, property, and accessibility. The framework can be used to identify concerns about the use of information.
- Information privacy and information security are related concepts, since it is mandatory for the information to be secured before it can be private. The reverse is not necessarily true, since information that is protected from a security standpoint can still be shared with others, infringing on the privacy of the information.
- Ethical decision making considers standards of behavior when making decisions.
GLOSSARY
Accessibility: Refers to who has access to the information systems and the data that they hold. Accuracy: When data are what they are supposed to be and do not include errors.
Children’s Internet Protection Act of 2001 (CIPA): A law that regulates access to offensive content over the Internet on school and library computers.
Children’s Online Privacy Protection Act of 1998 (COPPA): A law that prevents websites from collecting personally identifiable information from children without parental consent. Clickstream data: Tracking of online browsing behaviors.
Cookie manager: A software application that allows you to view which cookies are stored on your computer and what’s in them and gives you the ability to delete them. Cookies: Small text files located on your computer to store information about you, your accounts, and your computer.
Data collection threat: A privacy threat resulting from the fact that data can be collected, aggregated, and analyzed at a faster pace and in larger volumes than ever, without individuals’ awareness. Data Protection Directive: A law that regulates how personal data are processed and protected in the European Union.
Electronic Communications Privacy Act of 1986 (ECPA): A law that regulates access, use, disclosure, interception, and privacy protections of electronic communications.
Errors in data: A privacy threat where there are inaccuracies in data. Fair information practices principles (FIPPs): Guidelines for how to deal with personal information, which include notice/awareness, choice/consent, access/participation, integrity/security, and enforcement/redress.
Family Educational Rights and Privacy Act (FERPA): A law that protects the privacy of student education records. Federal Trade Commission (FTC): A government agency responsible for (among other things) ensuring that privacy policies are respected.
Gramm-Leach-Bliley Financial Services Modernization Act of 1999 (GLBA): A law that provides regulations to protect consumers’ personal financial information held by financial institutions.
Health Insurance Portability and Accountability Act (HIPAA): A law that provides regulations to protect personal health information held by covered entities and gives patients an array of rights with respect to that information. Identity theft: Using another person’s personal information for fraudulent activities.
Improper access to data: A privacy threat where unauthorized individuals have access to one’s private information. Opt-in: A privacy option where individuals state they agree that their data can be shared with others or used for other purposes, often to receive special deals or information from partner companies. Opt-out: A privacy option where individuals must state that they do not want their data to be shared with others or used for other purposes.
PAPA framework: A framework that identifies four major categories of concerns about the use of information: privacy, accuracy, property, and accessibility. Privacy: One’s ability to control information about oneself.
Privacy policy: A statement that describes what the organization’s practices are with respect to the privacy of its customers. Privacy seal: A seal that a business can post on its website to show its commitment to privacy. Property: Refers to who has ownership of the data. Reputation seal: A seal that a business can post on its website to show its commitment to trustworthiness.
Seal program: A program offered by an organization that posts a set of rules that companies must follow to be a part of the seal program. Security seal: A seal that a business can post on its website to show its commitment to security.
Self-regulation: An attempt by industry leaders to avoid government regulations by suggesting (rather than requiring) that companies have privacy policies—for example, with privacy seals and privacy policies. Unauthorized secondary use of information: A privacy threat resulting from the use of data for purposes other than those for which they were originally collected.
chapter 10
• Software development methodologies provide discipline to the development process by defining processes, roles, and deliverables. • The traditional systems development life cycle (SDLC) is a semisequential, phased approach. There are different versions of the traditional SDLC. • The SDLC described in this chapter consists of five phases: planning, requirements, development, implementation, and maintenance. • Alternatives to the traditional SDLC include prototyping, rapid application development, and the spiral model. • The decision of whether to build custom software or purchase commercial, off-the-shelf software is complex. • Open source software allows users to access the underlying source code for the application, which allows users to modify the program. • Open source software is usually free, although some companies charge a fee for ongoing support. • Outsourcing occurs when an outside organization provides IT services that were previously provided internally. • Outsourcing models include full (complete), process-based, personnel, project-based, and application outsourcing. • There are both benefits and risks associated with outsourcing. • Factors affecting the outsourcing decision include the maturity of the system, the system’s significance to the organization’s competitive
advantage, the organization’s IT capability, and cost. • Offshore outsourcing occurs when an organization receives services from a company outside the organization’s geographic region. • Nearshore outsourcing occurs when an organization receives services from a company within the organization’s geographic region but outside its home country. • Onshore outsourcing occurs when an organization receives services from a company in the same country.
GLOSSARY
Application outsourcing: An outsourcing arrangement that involves a service provider handling activities related to a specific software application.
Functional requirements: Describes how a system should interact with users and other systems. Nearshore outsourcing: Using a vendor that provides services from a location close the client’s location.
Nonfunctional requirements: Constraints on a system. Offshore outsourcing: Using a vendor that provides services from a location outside the client organization’s region.
Onshore outsourcing: Outsourcing to a firm located in the same country. Open source software: Software that allows users to access the underlying source code for an application.
Outsourcing: An arrangement in which an organization contracts with a service provider to provide IT-related services. Personnel outsourcing: An outsourcing arrangement in which a service provider places workers into an organization on a temporary contract basis.
Process-based outsourcing: An arrangement in which an organization outsources a particular function or business process.
Project-based outsourcing: An outsourcing arrangement that involves contracting with a service provider to complete a specific project. Prototype: A small-scale mock-up of a system or a portion of a system. Requirements elicitation: Gathering system requirements from various stakeholders.
Selective (partial) outsourcing: An outsourcing arrangement in which only certain aspects of IT are outsourced to a service provider. Software development methodology: a framework for planning, structuring, and controlling software development projects. Source code: Text-based computer programming language statements that can be read by humans.
Systems development life cycle (SDLC): A semisequential, phased approach to systems development. Use case: Describes a series of actions that results in an outcome for an actor.
After reviewing table after table of data for your marketing research project, you can no longer make much sense of most of the information. What type of tool would be able to help you uncover trends in the data?
Dedicated statistical software
DBMS
Document management software
Reporting tools
Data visualization software
Data visualization software
A ________ helps users locate and retrieve information stored in documents, such as memos and policy documents.
document management system
spreadsheet
goal seeking analysis
“what if” analysis
reporting tool
document management system
A study published in 2009 shows that ____________ methods for stealing personal information are more popular than _______________ methods.
technology driven, low-tech
high-tech, social
advanced, remedial
low-tech, technology-driven
natural, fake
low-tech, technology driven
What is one of the core characteristics of the Internet that has contributed to its rapid growth?
addressing
Internet Protocol
IPv4
fiber optics
interoperability
Interoperability
Recognizable bit patterns of a virus are known as what?
Virus signature
Zero-day viruses
Stealth viruses
Trojan horses
Virus fingerprints
A faculty member receives a phone call from the parent of a student. The parent inquires about the grade of the student on the last exam. If the instructor discloses any information, that instructor would violate what privacy act?
CIPA
FERPA
COPPA
HIPAA
GLBA
1 points
QUESTION 7
Auto makers spend a significant amount of time and money developing new automobiles. Often these auto makers create a working mock up for display and testing. What methodology are these automakers using?
Modeling
Maintenance
Spiral Model
Off the shelf
Prototyping
1 points
QUESTION 8
What is the human-readable form of a software program?
Source code
Executable code
Custom-built software
Open source software
Compiled code
1 points
QUESTION 9
Most antivirus programs are __________, which means that they detect viruses after an infection.
proactive
reactive
reactionary
demonstrative
descriptive
1 points
QUESTION 10
What is the main difference between the initial set of web applications and Web 2.0?
speed
bandwidth requirements
software requirements
technology
interactivity
1 points
QUESTION 1
What type of tool represents the mental mode of an expert’s knowledge?
Decision table
Decision tree
Cognitive map
Wiki
None of the above
0.6 points
QUESTION 2
Sara just began working for a new company and her boss has given her a flow chart to study so that she can better understand the processes of the organization. What function has the organization completed to have such a chart?
SDLC
Registration
Gantt chart
Process modeling
Contracting
0.6 points
QUESTION 3
Which of the following best describes a system that helps an organization manage multiple interactions with its customers?
Customer Intelligence
Customer Management System
Customer order Management
Customer Relationship Management
Customer enterprise warehouse
0.6 points
QUESTION 4
In terms of e-business, what is another term for marketplace?
Trading floor
Clearinghouse
Market
Auction house
Exchange
0.6 points
QUESTION 5
What is the process of analyzing data to identify trends, patterns, and other useful information?
Digging agent
Data mining
Database modeling
Querying
Clustering
0.6 points