ISM 360 Flashcards

Question

Storage:

Answer 1

Holding place for data so that they can be retrieved at a later time.

Answer 2

: Transformation of processed data into a form that can be understood by its eventual user.

Answer 3

Enforcement of correct processing procedures.

Answer 4

data, people, produres, media, software (Systems software • Application software), hardware

Answer 5

 let us gather large amounts of data quickly, easily and reliably  allow businesses to store and organize very large amounts of data  perform their data manipulations quickly, accurately and consistently  let us retrieve and output information in a variety of forms, depending on what is useful to users

Answer 6

IS can generate organizational change  Process improvements Customer self service (ATM)  Automation Online ordering (Amazon.com)  Control Prerequisite check for course registration  Information flow Changing course grade when required

Answer 7

 Personal applications Help make individuals’ work more efficient and effective.  Transaction processing systems Collect, monitor, process and store large volumes of data that are created by business processes  Functional and management information systems Focus on functional areas of the organization, such as financial management systems, sales force automation systems, or human resources administration systems  Integrated enterprise systems Integrated, enterprise-wide, impact multiple functional areas  Interorganizational systems Span organizational boundaries to connect companies to suppliers and customers.  Global systems Systems across national boundaries individual --> entire organization --> multiple organization

Answer 8

Being faced with more information than one can effectively process.  The more information we have to sift through, the less attention we have to devote to other tasks.  It reduces productivity, increases stress, and can lead to physical health problems.

Answer 9

disconnecting from sources of information (e.g., not checking email, turning off the TV, not surfing the Web) 

Answer 10

knowing what information we need and what information merits attention and use Requires knowing how to evaluate information, a critical skill in today’s information rich world

Answer 11

 Bad information can lead to bad decisions  “Garbage in, garbage out”

Answer 12

Intrinsic quality: important dimensions of quality regardless of the context or how the information is represented. Contextual quality: dimensions that may be viewed differently depending on the task at hand. Representational quality: how the information is provided to the user. Accessibility quality: whether authorized users can easily access the information.

Answer 13

Accurate: Correct, free from error and reliable Believable: Regarded as true and credible Objective: Free from bias Understandable: Easily comprehended Consistent: Compatible with previous information

Answer 14

Relevant: Applicable and useful for the task at hand Timely: Available in time to perform the task at hand Complete: Of sufficient depth and breadth for the task at hand Current: Sufficiently up-to-date for the task at hand

Answer 15

For example, stock price information is often delayed for free information services; this is acceptable to casual investors but devastating for a day trader High quality information, however, is costly The goal is information that is of sufficient quality to carry out tasks effectively

Answer 16

 Is the information useful? •Relevant •Appropriate •Curren  Is the information believable? •Credible •Objective •Supported •Comprehensive

Answer 17

degree to which the information is pertinent to the task at hand. There are varying degrees of relevance, which are context-dependent

Answer 18

degree to which the information is suitable for your purpose. Needs an assessment of the level of detail and depth of information needed; which are context-dependent

Answer 19

degree to which the information is up-to-date. Requires deciding how current the information needs to be

Answer 20

whether the source of information can be trusted. Formal publications, widely published authors, tend to have more credibility

Answer 21

whether the source of information appears unbiased. Language that is more fact-based and neutral is more likely to be objective

Answer 22

whether the information provided is supported and whether this support is of good quality. Involves looking at the reasonableness of the claim and whether it is testable

Answer 23

depth and breadth of the information. Breadth: whether all aspects of a topic are covered Depth: the level of detail provided.

Answer 24

 Designed and implemented to enable creation and appropriation of value (competitive advantage)  No need for proprietary IT: Technology alone does not determine added value.

Answer 25

: a structured set of steps, in an iterative process.

Answer 26

identification of strategic information systems initiatives.

Answer 27

1. Strategic Business Planning 2. Information Systems Assessment 3. information systems vision 4. Information Systems Architecture 5. Strategic Initiatives Identification 2 and 3 can go back 1 4 and 4 can go back 3

Answer 28

Know Who You Are Identify the organization’s: Mission Strategies (How to achieve the mission) Goals and objectives Bélanger

Answer 29

Know Where You Start  Assessment of the organization’s current IS resources and how well they fulfill the needs of the organization  But… IS resources IT resources  Technical resources  Data and information resources  Human resources

Answer 30

Know Where You Want To Go  Broad statement of how the organization should use and manage its information systems for strategic purposes Information Systems Vision ---> Firm’s Business Strategy (aligned and reflect)

Answer 31

Know How You Are Going To Get There How IS resources should be used and how they should work together. Architectural guidelines can include statements about all information resources  hardware, software, networks

Answer 32

Know What You Need  Proposals Long-term (two to five year) Identify new systems, new projects, or new directions for the organization  Frameworks  IS SWOT Analysis  Porter Five Competitive Forces Model  Porter’s Value Chain  Virtual Value Chain

Answer 33

 Improved Communication  Improved Coordination Shared mental image of initiatives Clear responsibilities agreed upon  Improved Decision Making Clear guidelines and criteria Consistent decisions making over time

Answer 34

Strengths What gives the organization advantages over others in their industry? leadership position in online retailing Weaknesses What creates disadvantages for the organization relative to others in their industry? Increased size of the company requires more investments Opportunities What activities or factors could help the organization get new advantages over others in their industry? Expand to services instead of just retailing Threats What activities or factors could create disadvantages or troubles for the organization relative to others in their industry? Increasing global competition from online retailers

Answer 35

Analysis of how competitive an industry.  Can determine if a particular market could be attractive for an organization to consider. Bélanger 1. potential threat of new entrants 2. bargaining power of buyers 3. potential threat of substitutes 4. bargaining power of supplies 1-4 cause industry competitive rivarity

Answer 36

primary and support

Answer 37

Lowering cost to perform an activity | Adding value to product or service

Answer 38

Inbound Logistics -> Manufacturing Assembly | ->Outbound Logistics ->Marketing and Sales -> Service

Answer 39

Human Resources -> Information Technology ->Administrative Support -> Procurement

Answer 40

1. Gathering Data & Information 2. Organizing Data & Information 3. Selecting Information 4. Synthesizing Information 5. Distributing Information

Answer 41

 Cannot implement all initiatives  Therefore, evaluate them with tools like: Critical Success Factors: Important considerations to be achieved for organizational survival and success Not focused on technology! Aligned with business vision and mission Only a few critical success factors Priority Matrix

Answer 42

y:Potential Returns (Revenues, market, etc.) x:Ease of Implementation (Low cost, effort, etc.) evaluate: high y and low x stay away: low y and low x quick wins: low y and high x imparitives: high y and high y

Answer 43

Superior stakeholder satisfaction: Maximizing customer satisfaction by adding value strategically. Strategic soothsaying Using new knowledge to predict or create new windows of opportunity. Positioning for speed Preparing the organization to react as fast as possible. Positioning for surprise Preparing the organization to respond to the marketplace in a manner that will surprise competitors. Shifting the rules of competition Finding new ways to serve customers, transforming the industry. Signaling strategic intent Communicating intentions in order to stall responses by competitors. Simultaneous and sequential strategic thrusts Taking steps to stun and confuse competitors in order to disrupt or block their efforts.

Answer 44

organized collection of data.

Answer 45

organizes data in connected two-dimensional tables; dominant type of database for business.

Answer 46

(DBMS): provides means for creating, maintaining, and using databases.

Answer 47

application requests data from and sends datas updates database; database sends requested data

Answer 48

Spreadsheets Issues  Unnecessary duplication  Inconsistent data  Difficulty in data retrieval and search  Poor data integrity  Errors Good for analyzing and displaying information visually

Answer 49

 Requires more planning and designing Good for storing and organizing information

Answer 50

organizes data in connected two-dimensional tables; dominant type of database for business.

Answer 51

set of fields that all pertain to the same thing

Answer 52

some characteristic of the thing

Answer 53

unique identifier  Each table in a database has a primary key.

Answer 54

PK made up of more than one field.

Answer 55

fields that reference a primary key in a related table.  This cross-referencing of tables is a relationship.

Answer 56

 Rules that govern relational database to ensure data consistency by eliminating unnecessary redundancy.  A particular row in a table can be related to at most one row in a related table. For example, in most businesses a specific order can only be related to one customer. A customer can have multiple orders (1:many)

Answer 57

 Relational databases store one-to-many relationships (1:many)  Many-to-many relationships also exist In these relationships, a specific row can be related to multiple rows in a related table. This is true in both directions (many:many).  Many-to-many relationships require creating a new table that links the two related tables. These are called linking or intersection tables.

Answer 58

 Although they are more unusual, one-to-one relationships also exist.  A specific row in a table can be related to at most one row in a related table (1:1)  This is true in both directions of the relationship

Answer 59

Using actual data to show the structure of a database only works for very small databases. For larger databases, we use database schema diagrams.  Entity-relationship diagrams (ERD)  Database schemas 数据库模式

Answer 60

 These databases serve a different purpose than databases we discussed earlier  Very useful for performing research  Contain pointers to sources of information  Most of these are available through libraries

Answer 61

 Vast amount of data created and stored that ahs grown beyond the capabilities of traditional data processing tools and applications.  Often in terabytes or petabytes  Can be designed with traditional relational databases, or via alternative methods

Answer 62

 How should the data be stored? Data is unstructured, unlike relational data Network-attached storage (NAS) Uses a series of file servers that can easily expand to grow capacity and high-speed connections between them Direct-attached storage (DAS) Keeps data more centralized for faster access time for processing; limits scalability of data size Hybrid approaches: store data with NAS; access temporary data with DAS Data lakes: huge volumes of data in original format with unique identifiers and tags describing what data is about. In most data repositories data structure and requirements are defined up front. In data lake, data structures and requirements are not defined until the data are needed. How do data from various sources integrate with one another? Big data uses E/T/L process (extract, transform, load) How are data retrieved and disseminated? If structured data: SQL If unstructured: NoSQL (“Not only SQL”) Greater scalability and efficiency in storing and retrieving data. Dynamic creation of a table per query Allows ad hoc queries Data Analytics: Interpretation of the data regardless of how it is stored

Answer 63

* Data are raw symbols or unconnected facts. * Information is processed data that is useful. * Knowledge is information that is applied to a decision or action. * Information literacy is an important professional and personal skill. * Being information literate requires being able to efficiently and effectively determine information needs and then acquire, evaluate, use, and manage that information ethically. * Businesses use information for communication, process support, and decision making. * Information-related knowledge is important to virtually all careers. * There are many careers that involve designing, building, supporting, managing, and analyzing information.

Answer 64

Business process: Set of coordinated activities that lead to a specific goal or outcome. Data: Raw symbols (unconnected facts). Decision making: Process of choosing among alternative courses of action. Information: Data that has been processed so that it is useful. Information literacy: The ability to know when information is needed, and to be able to locate, evaluate, and effectively use that information. Information system (IS): A combination of technology, data, people, and processes that is directed toward the collection, manipulation, storage, organization, retrieval, and communication of information. Information technology (IT): The hardware, software, and media used to store, organize, retrieve, and communicate information. Knowledge: Information that is applied to a decision or action. Wisdom: The use of knowledge for the greater good.

Answer 65

* Information systems combine technology, data, people, and processes to help collect, manipulate, store, organize, retrieve, and communicate information. • In today’s information-rich business environment, business professionals must be skilled at dealing with a variety of information systems. * Systems are made up of components that work together to achieve a goal by taking inputs and processing them into outputs. * The information processing cycle consists of input, processing, storage, output, and control. * Information systems are made up of six critical elements: data, hardware, software, communication media, procedures, and people. * Information systems help managers deal with information by improving how data are collected, organized, manipulated, and output. * Information systems can help enforce business rules. • Information systems facilitate organizational change through improving, automating, and controlling processes and improving information flow. * Categories of common information systems include personal applications, transaction processing systems, functional and management information systems, integrated enterprise systems, and global systems.

Answer 66

Business rule: A statement that defines or constrains an aspect of a business with the intent of controlling behaviors within the business. Control: A set of functions intended to ensure the proper operation of a system. Electronic data interchange (EDI): A B2B e-business model focusing on the electronic exchange of information between two or more organizations using a standard format. Equifinality: The idea that in an open system, there are many different potential paths to the final outcome. Feedback: A process by which a system regulates itself by monitoring its own output. Information system (IS): A combination of technology, data, people, and processes that is directed toward the collection, manipulation, storage, organization, retrieval, and communication of information. Open system: A system that interacts with its environment. Subsystem: A system that is part of a larger system. System: A set of interacting components that work together to form a complex whole by taking inputs and processing them to produce outputs. Transaction processing system (TPS): A system that collects, monitors, processes, reports, and stores data generated by an organization’s transactions.

Answer 67

* Being able to evaluate information is a key element of information literacy, which is an important skill for both our professional and personal lives. * Career and personal success depends, in part, on the outcomes of the decisions we make. Our ability to evaluate the information we use to make these decisions affects the quality of our decisions. * Information overload occurs when we are faced with more information than we can effectively process. * Increasing our information evaluation skills helps us deal with information overload by reducing the amount of attention and time we devote to low-quality or nonuseful information. * Intrinsic dimensions of information quality include accuracy, believability, objectivity, understandability, and consistency. * Contextual dimensions of information quality include relevance, timeliness, completeness, and currency. * Evaluating information concerns determining whether the information is useful and believable. * Useful information is relevant, appropriate, and sufficiently current for the task at hand. * Believable information is credible, objective, well supported, and comprehensive.

Answer 68

Accurate (information): The degree to which information is correct and free from error. Believable (information): The degree to which information is regarded as true and credible. Comprehensive (information): The degree to which information is of sufficient depth and breadth for the task at hand. Consistent (information): The degree to which information is compatible with previous information. Current (information): The degree to which information is sufficiently upto-date for the task at hand. Information evaluation: The systematic determination of the merit and worth of information. Information overload: Being faced with more information than one can effectively process. Information quality: The degree to which information is suitable for a particular purpose. Objective (information): The degree to which information is free from bias. Relevant (information): The degree to which information is applicable and useful for the task at hand. Timely (information): The degree to which information is available in time to perform the task at hand. Understandable (information): The degree to which information is easily comprehended.

Answer 69

• There are five main steps in the strategic planning process: 1. Strategic business planning 2. Information systems assessment 3. Information systems vision 4. Information systems architecture 5. Strategic initiatives identification * We discussed four frameworks that can be used to identify strategic information systems initiatives. The SWOT analysis is used for managers to identify strengths, weaknesses, opportunities, and threats for the organization. Porter’s Five Competitive Forces Model helps managers analyze the organization’s competitive position by looking at five major forces in the firm’s competitive environment: threats of new entrants, threats of substitutes, bargaining power of buyers, bargaining power of suppliers, and industry rivalry. Porter’s value chain helps managers identify all the activities that the organization must perform to conduct its business. Finally, the virtual value chain looks at activities that turn raw data into useful information instead of looking at activities that turn raw materials into a final product like in manufacturing organizations. * We discussed two methods for evaluating strategic initiatives: the critical success factors method, and the priority matrix. Critical success factors (CSFs) are those few important considerations that must be achieved for the organization to survive and be successful (i.e., achieve its mission). The priority matrix allows managers to evaluate potential initiatives and prioritize them along two key dimensions: the ease of implementation and the potential returns. * Hypercompetition is when competitors rapidly erode competitive advantages; in this case, organizations should focus on market disruptions instead of trying to sustain competitive advantages.

Answer 70

Bargaining power of buyers: In Porter’s Five Competitive Forces Model, determines the ability of the organization’s buyers (customers) to reduce the organization’s competitive position. Bargaining power of suppliers: In Porter’s Five Competitive Forces Model, determines what is the ability of the organization’s suppliers to reduce its competitive position. Critical success factors (CSFs): The few important considerations that must be achieved for the organization to survive and be successful (i.e., achieve its mission). Evaluate: In a priority matrix, the initiatives that need to be discussed and evaluated thoroughly by managers. Hypercompetition: When competitive advantages are rapidly eroded by competitors and organizations should focus on market disruptions instead of trying to sustain competitive advantages. Imperatives: In a priority matrix, the initiatives that should be relatively easy to implement and have the potential to bring high returns to the organization. Industry competitive rivalry: In Porter’s Five Competitive Forces Model, determines the current level of competition in the industry. Information systems architecture: Specifies how information systems resources should be used and how they should work together. Information systems assessment: The step of planning process where the organization identifies the current state of information systems resources in the organization. Information systems vision: A broad statement of how the organization should use and manage its information systems for strategic purposes. Opportunities: In a SWOT analysis, determines the activities or factors that could help the organization get new advantages over others in its industry. Porter’s Five Competitive Forces Model: Framework to help managers analyze the organization’s competitive position by looking at five major forces in the firms’ competitive environment: threats of new entrants, threats of substitutes, bargaining power of buyers, bargaining power of suppliers, and industry rivalry. Porter’s value chain analysis: Framework to help managers identify all the activities that the organization must perform to conduct its business. Positioning for speed: In D’Aveni’s 7 Ss framework, a strategy about preparing the organization to react as fast as possible. Positioning for surprise: In D’Aveni’s 7 Ss framework, a strategy about preparing the organization to respond to the marketplace in a manner that will surprise competitors. Potential threat of new entrants: In Porter’s Five Competitive Forces Model, determines how easy is it for new companies to enter the market in which the organization operates. Potential threat of substitutes: In Porter’s Five Competitive Forces Model, determines the likelihood that other products of equal or superior value are available. Priority matrix: Framework that allows managers to evaluate potential initiatives and prioritize them along two key dimensions: the ease of implementation and the potential returns. Quick wins: In a priority matrix, the initiatives that do not have much upside potential but are easy to implement. Shifting the rules of competition: In D’Aveni’s 7 Ss framework, a strategy about finding new ways to serve customers, thereby transforming the industry. 、 Signaling strategic intent: In D’Aveni’s 7 Ss framework, a strategy about communicating intentions in order to stall responses by competitors. Simultaneous and sequential strategic thrusts: In D’Aveni’s 7 Ss framework, a strategy about taking steps to stun and confuse competitors in order to disrupt or block their efforts. Strategic information systems: Information systems specifically meant to provide organizations with competitive advantages. Strategic information systems initiatives: Detailed (usually two- to fiveyear) plans for implementation of systems that may result in a new strategic direction for the organization. Strategic planning process: Structured set of steps to identify strategic information systems. Strategic soothsaying: In D’Aveni’s 7 Ss framework, a strategy about using new knowledge to predict or create new windows of opportunity. Stay away: In a priority matrix, the initiatives that would be difficult to implement and would have limited potential returns. Strengths: In SWOT analysis, asks what gives the organization advantages over others in its industry. Superior stakeholder satisfaction: In D’Aveni’s 7 Ss framework, a strategy about maximizing customer satisfaction by adding value strategically. SWOT analysis: Framework used by managers to identify strengths, weaknesses, opportunities, and threats for the organization. Threats: In SWOT analysis, determines what activities or factors could create disadvantages or troubles for the organization relative to others in its industry. Virtual value chain: Framework that looks at activities that turn raw data into useful information instead of looking at activities that turn raw materials into a final product like in manufacturing organizations. Weaknesses: In SWOT analysis, determines what activities create disadvantages for the organization relative to others in its industry.

Answer 71

* Database management systems provide the means for creating, maintaining, and using databases. * Spreadsheets are good for storing simple lists of information. However, they have a number of limitations that render them less effective for more complex data management. * A relational database stores data in the form of connected tables. Tables are made up of records and fields. * In a relational database, a record is a set of fields that all pertain to the same thing, while the fields represent some characteristic of the thing. • In a relational database, foreign keys are fields that reference the primary keys in related tables. * A database diagram shows the logical structure of a relational database, including its tables, fields, and relationships among tables. Primary and foreign keys are also indicated. * There are many online databases that store a vast array of information. These databases include article databases, market and economic databases, and databases of demographic and governmental information, among other topics. Examples include LexisNexis Academic (article database), Federal Reserve Economic Data service (economic data), and Monster.com (employment database). * Big Data provides a new opportunity to analyze information and identify trends that can help businesses make better-informed decisions.

Answer 72

Big Data: The vast amount of data that are created and stored that have grown beyond the capabilities of traditional data processing tools and application. Database: An organized collection of data. Database management system (DBMS): A set of programs that control the creation, maintenance, and use of databases. Field: In a relational database, stores data about a single characteristic of a record. Foreign key: In a relational database, a field (or fields) that references the primary key of a related table. Primary key: In a relational database, the unique identifier of a record. Record: In a relational database, a set of related fields. Relational database: A data store that organizes data in connected twodimensional tables.

Answer 73

Here are the main points discussed in the chapter: • Good decision making requires good information and good decision making skills, processes, and tools. * Decision-making skills are critical to a successful business career. These skills are highly sought after by business employers. * Decision-making skills become increasingly important as one moves to higher levels of responsibility in a business. This is because decisions made at higher levels are more complex and have greater impacts. * Making good decisions requires good information. Insufficient, inaccurate, or untimely information hurts decision making. * Information impacts the following with respect to decision making: the constraints that limit the number of alternatives, the alternatives themselves, the forecast of the potential outcomes from each alternative, and the means for comparing and selecting among the alternatives. * Structured decisions are routine and repetitive and often have welldefined procedures for making them. Unstructured decisions are novel; we do not know exactly how to go about making them, what information is needed, or how to use that information. Semistructured decisions have elements of both structured and unstructured decisions. * Decision making can be done by completing the following steps: 1. Identify and clearly define the problem. 2. Define the requirements and goals of the decision. 3. Identify alternatives. 4. Define the decision criteria. 5. Select the appropriate decision-making tools. 6. Evaluate the alternatives using the criteria. 7. Check that the solution solves the problem. * Many information analysis tools exist, including tools for information retrieval, information analysis, knowledge management, and communication. * Information retrieval tools include database management systems, reporting tools, and document management tools. * Information analysis tools include electronic spreadsheets, statistical software, and data visualization tools.

Answer 74

Data visualization: A visual representation of data with the goal of clearly communicating or better understanding the meaning of the data. Decision: A choice among alternatives. Decision alternative: A method for transforming the current condition into the desired state. Decision criteria: Objective measures of decision requirements and goals that discriminate among the alternatives. Decision goal: Desired decision solution requirements that go beyond the minimum, essential requirements. Document management system: A system that assists with managing, locating, retrieving, and tracking documents. Goal-seek analysis: An analysis that determines the value of a particular input variable that will produce the desired output (the goal). Reporting tools: Information systems tools that allow users to create reports without knowing special commands. Requirement (decision): A condition that any acceptable solution must provide. Semistructured decision: A decision for which some elements are structured and others are unstructured. Structured decision: A decision that is routine and repetitive and often has well-defined procedures for making the decision. Unstructured decision: A decision that is novel and therefore has no agreedupon, well-understood procedure for making the decision. “What-if” analysis: An analysis that involves seeing how changes in one or more input variables impact the value of one or more outcome variables. Also known as sensitivity analysis.

Answer 75

* A network is a collection of interconnected devices that allow users and systems to communicate and share resources. The network requires connecting devices such as routers, bridges, or switches. Each device on the network requires a network interface card (NIC, or network adapter). Repeaters and hubs can be used to regenerate signals on networks. * Networks can be classified as wired (using physical connections) or wireless (using airwaves for connections). Wireless networks include Wi-Fi, microwave signals, satellite signals, infrared signals, and radio signals, including cellular networks and Bluetooth. Networks can also be classified as local area networks (LANs), which connect devices in a limited geographical area, or wide area networks (WANs), which connect devices over a large geographic area like a city, a country, or the world. Other networks include metropolitan area networks (MANs), personal area networks (PANs), home area networks (HANs), virtual private networks (VPNs), and backbone networks (BBNs). * The Internet is a publicly accessible worldwide network of networks. It uses routers to interconnect the various networks together, and every host or computer that is a full participant (permanently connected) on the Internet has a unique address called an IP (Internet Protocol) address. The Internet is a network, not an application. The many applications that can make use of the Internet include the Web, which is a graphical interface to worldwide resources, as well as electronic mail, instant messaging, voice over IP (Internet telephony), desktop videoconferencing, peer-to-peer file sharing, online application sharing, file transfers (FTP), newsgroups, and many more. * Network architectures describe how devices are supposed to work together. Every architecture has its advantages and disadvantages in terms of ease of implementation, flexibility and interoperability, control, scalability, and security and reliability. The main networking architectures we discussed include client/server architecture, where processing and storage tasks are shared and distributed between clients and servers; peer-to-peer architecture, where systems are equal in sharing their resources with one another; wireless architecture, which defines how devices are to be connected to the wireless network; service-oriented architecture (SOA), which allows data from heterogeneous systems to be used to create reusable services; the software as a service (SaaS) model, where software is acquired via a subscription model; cloud computing architecture, which allows an organization to acquire computing resources from providers instead of having its own locally managed hardware and software; and the virtualization model, where one physical device can operate as if it is several machines. * Web 2.0 refers to the second generation of applications on the Internet where the user becomes a participant in the interaction. Web 2.0 technologies include wikis, which allow individuals to jointly create and edit Web pages about a chosen topic; instant messaging and presence awareness, which allow several individuals to communicate via realtime text-based messages with presence awareness indicating when colleagues are currently online and connected; collaborative content, which allows several individuals to contribute to and share stored data and documents; Web conferencing, which allows individuals to conduct live meetings via the Internet; social networking, which allows individuals to participate in a community of users connected with each other; blogs, which allow individuals to write commentaries or opinions on anything they want on websites others can read; mashups, which allow users or developers to combine data or applications from several sources to create new ways to view data or new aggregated results; Twitter, which allows individuals to write short text messages of up to 140 characters on their user page for others to “follow”; and RSS, which allows individuals to receive frequently updated information like blogs or news headlines directly on their personal computers.

Answer 76

Backbone network (BBN): A network that serves to interconnect other networks (like LANs) or network segments (subnetworks). Blog (Web log): A website that allows an individual to write commentaries or opinions on anything for anyone to read. Bluetooth: A wireless network that uses short-wavelength radio transmissions to connect devices such as wireless mice, keyboards, or headphones. Cellular networks: Networks that use radio communication over local antennas to relays calls from one area to the next. Client/server architecture: A computing model where the processing and storage tasks are shared and distributed between clients and servers. Clients: Processes that request services from servers. Cloud computing: A computing model where an organization acquires or rents computing resources from providers instead of having its own locally managed hardware and software. Also known as on-demand or utility computing. Collaborative content: A situation in which several individuals contribute to and share stored data and documents. Crowdsourcing: Mass collaboration of information to solve a problem. Also known as wikinomics. Desktop videoconferencing: A system allowing individuals in different locations communicate via voice and video on personal computers. Electronic mail (email): Applications used to send and receive messages through computer networks. File Transfer Protocol (FTP): A system allowing users to move files back and forth between nodes on the network. Home area network (HAN): A LAN used within a home office, allowing PCs to share devices such as printers, routers, or scanners. Hub: A form of repeater that has multiple ports to connect many devices together. Instant messaging: A system allowing multiple users to communicate synchronously by sending and receiving short text messages online. Instant messaging and presence awareness: A system allowing several individuals to communicate via real-time text-based messages with presence awareness indicating when colleagues are currently online and connected. Internet: The publicly accessible worldwide network of networks. Internet Assigned Numbers Authority (IANA): The organization responsible for assigning IP addresses. Internet of Things: The connection of physical everyday objects to the Internet that allows them to communicate with one another and other computers. Internet2: A consortium of research and education institutions, industry leaders, and government agencies that operates the Internet2 network. Internet2 network: A fiber optics–based network used for high-speed transfers between research institutions and for testing and researching networking technology. Intranet: The use of Internet technologies and related applications inside an organization. Internet Protocol Version 4 (IPv4): An older IP addressing scheme that uses 4 bytes for addresses (such as 128.192.68.1) that ran out of addresses to allocate. Internet Protocol Version 6 (IPv6): A new IP addressing scheme that uses 16 bytes. Local area network (LAN): A network to connect devices in a limited geographical area (usually fewer than five kilometers). Mashup: A situation in which users or developers combine data or applications from several sources to create new ways to view data or create new aggregated results. Mass collaboration: More than one individual gathering information. Also known as wikinomics or crowdsourcing. Metropolitan area network (MAN): A network that spans a city or a large campus. Network: A collection of interconnected devices that allow users and systems to communicate and share resources. Network architecture: The layout or blueprint for how devices are supposed to work together. Network infrastructure: The actual hardware, software, and networking components that support the processing and transfer of information. Network interface card (NIC, or network adapter): Provides physical access to a device because it has a unique ID written on a chip that is mounted on the card. Online application sharing: A system allowing users to share documents, calendars, or other applications using websites. Peer-to-peer architecture: A computing model where all systems are equal (acting as both clients and servers), sharing their resources with one another. Peer-to-peer file sharing: File sharing between specific individuals or systems across the Internet. Personal area network (PAN): A network connecting personal devices to a personal computer (e.g., mouse, microphone, printer) over a very short distance. Really Simple Syndication (RSS): A format allowing individuals to receive frequently updated information like blogs or news headlines directly on their personal computers. Repeater: A device that retransmits a data signal that it receives after eliminating noise in the signal and regenerating it for strength. Router: An intelligent device that controls the flow or transmissions in and out of a network. Scalability: The ability to grow or reduce the size of the network as required. Servers: Processes that provide services to clients by responding to their requests. Service-oriented architecture (SOA): A computing model or set of design principles of how to take data from heterogeneous systems and create reusable services. Social networking: Individuals participating in a community of users connected with one another. Software as a service (SaaS): An architecture or model of computing where the acquisition (or rental) of software is done via a subscription model. Twitter: A technology allowing individuals to write short text messages of up to 140 characters on their user pages for others to “follow.” Unified communications (UC): A framework for the integration of the various modes of communication used by an organization, including email, voice mail, videoconferencing, instant messaging, texting, and voice over IP. Virtualization: A computing model that allows one physical device, such as a server or computer, to operate as if it is several machines. Voice over IP (Internet telephony): Voice data sent over an IP-based network, such as the Internet. Web 2.0: The second generation of applications on the Internet where the user becomes a participant in the interaction. Web 3.0: Computer systems that understand the meaning (semantics) of information and data, resulting in more intelligent searches and more personalized results. Also known as the semantic Web. Web conferencing: A technology allowing individuals to conduct live meetings via the Internet. Wide area networks (WANs): A network connecting devices over a large geographic area, such as a city, a country, or the world. Wi-Fi: The network name owned by the Wi-Fi Alliance; a wireless network that uses radio technology. Wikinomics: A term to describe when individuals voluntarily come together to solve a problem online. Also known as crowdsourcing. Wikis: Web pages individuals jointly create and edit about a chosen topic. Wired network: A network that makes use of physical cables (copper wires, coaxial, or fiber-optic cables) for connections. Wireless network: A network that makes use of frequencies to transmit signals. World Wide Web (the Web): The graphical interface to worldwide resources available on the Internet.

Answer 77

* There are three main categories of information security threats: denial of service, unauthorized access, and theft and fraud. Denial-of-service threats are those that render a system inoperative, limit its capability to operate, or make data unavailable. They include intentional acts, such as viruses, malware, and email bombings; careless behavior, such as a lack of backups; and natural disasters. Unauthorized access threats refer to someone accessing systems and/or data illegally. Theft and fraud threats are related to the loss of systems or data due to theft or fraudulent activities, including illegal downloading or copying of software and theft of data using small hardware devices. * There are three main goals that security tools and policies are meant to address: confidentiality, integrity, and availability (CIA). Confidentiality involves making sure that only authorized individuals can access information or data. Integrity involves making sure that the data are consistent and complete. Availability involves ensuring that systems and/or data are available when they are needed. Two additional goals are authentication (or authenticity) and nonrepudiation. Authentication means making sure that the parties involved are who they say they are and that transactions, data, or communications are genuine. Nonrepudiation refers to making sure one cannot renege on his or her obligations—for example, by denying that he or she entered into a transaction with a Web merchant. * Security solutions and tools (also called security controls) can be classified as the preventive, detective, or corrective controls. The goal of preventive controls is to stop or limit the security threat from happening in the first place. The goal of detective controls is to find or discover where and when security threats occurred. The goal of corrective controls is to repair damages after a security problem has occurred. Security controls can also be classified as physical or logical. Physical access controls are those security solutions that involve protecting physical access to systems, applications, or data, whereas logical access controls include security solutions that protect access to systems, applications, or data by ensuring users or systems are authenticated and allowed to have such access. Physical access controls can include locks for laptops, locked computer rooms, and secured rooms for backup storage. Logical access controls include user profiles, biometrics, firewalls, encryption, virus protection, and wireless security. * There are many security solutions. The security solution of user profiles requires users to be assigned profiles that consist of a user identification (self-selected or assigned by the organization) and a set of privileges. Biometrics use human traits and characteristics to recognize individuals to grant them access or to identify them among other individuals. Firewalls are computers or routers that control access in and out of the organization’s networks, applications, and computers. Encryption, also known as cryptography, is the use of mathematical algorithms to convert a message or information into a scrambled message or information that makes it unreadable. Antivirus software looks for virus signatures (patterns) in files and systems to prevent them from being executed. Wireless security is mostly done through encryption such as WEP and WPA. * Security policies describe what the general security guidelines are for an organization, including procedures, enforcement mechanisms, objectives, and also list actions for the enforcement of procedures. * Risk management is the process of identifying, assessing, and prioritizing the security risks an organization may face and deciding whether to accept the risks, mitigate the risks, or share the security risks by buying insurance.

Answer 78

Active content: Executable files on websites. Antivirus software: Programs that look for virus signatures or variations of them in files and systems. Application-level firewall: A firewall that verifies access to applications by requiring users to log into the firewall before they can access applications inside the organization (from outside). Asymmetrical security warfare: One party must do everything to protect itself, while the other party (the attacker) only needs to find the one security weakness. Asymmetric encryption: A type of encryption that uses two keys: a public key for encrypting and a private key for decrypting. Audit logs: Software programs that can scan for unexpected actions to detect potential hackers. Authentication: A process by which the identity of a transacting party is verified. Authentication (biometrics): A type of security that matches the individual with his or her stored biometric data. Availability: System and/or data are available when needed. Backdoors: Ways for hackers to reaccess the compromised system at will. Behavioral-based antivirus protection tools: Programs that look for suspicious behaviors in programs instead of just a virus’s signature. Behavioral biometrics: Biometrics that use human behaviors. Biometrics: Technologies that use human features to recognize individuals and grant them access. Cipher: An algorithm used to encrypt and decrypt plaintext. Ciphertext: An encrypted (unreadable) message. Confidentiality: Making sure that only authorized individuals can access information or data. Corrective controls: Controls meant to repair damages after a security problem has occurred. Decryption: Converting ciphertext back to plaintext. Decryption key: A key used to convert the unreadable text into its original form. Defense in depth: Multiple layers of security protections in place. Denial-of-service threats: Threats that render a system inoperative or limit its capability to operate, or make data unavailable. Detective controls: Controls meant to find or discover where and when security threats occur. Dictionary attack: When all words of several dictionaries in multiple languages are tested as passwords with numbers before and after the words. Disaster recovery: Procedures and tools to recover systems affected by disasters and destruction. Distributed denial-of-service attacks (DDOS): When many computers are being used for DOS attacks. DNA recognition: A type of security that analyzes segments from an individual DNA. Dynamic firewall: Manages the requests as they occur, deciding on both denials and permissions as they arrive. Dynamic signature recognition: A type of security that analyzes not only the signature but how it is written using pressure points. Ear recognition: A type of security that analyzes the shape of the ear. Email bombing: Sending a large number of requests, emails, or synchronization (SYN) messages to fill a target’s mailboxes, systems, communication ports, or memory buffers with the intent of blocking legitimate messages from entering the systems or overloading the system to make it crash. Encryption: The application of a mathematical algorithm to a message or information that scrambles that message or information to make it unreadable. Encryption key: A key used to convert the text into an unreadable form. External firewall: A firewall used to protect access to the internal network and computers of the organization. Facial recognition: A type of security that analyzes facial features or patterns (faceprints). Finger geometry recognition: A type of security that analyzes 3D geometry of the finger. Fingerprint recognition: A type of security that analyzes ridges and valleys (minutiae) on the surface tips of human fingers. Firewall: A computer or a router that controls access in and out of the organization’s networks, applications, and computers. Firewall appliance: The hardware and software to perform firewall function. Gait recognition: A type of security that analyzes the walking style or gait of individuals. Hactivism: A type of hacking in which hackers that try to find information that, if revealed, will advance human causes. Hand geometry recognition: A type of security that analyzes geometric features of the hand, such as length of fingers and width of the hand. Host firewall: A firewall installed on a computer. Identification (biometrics): Identifying an individual from an entire population of individuals with stored biometric data. Information security: A set of protections put in place to safeguard information systems and/or data from security threats such as unauthorized access, use, disclosure, disruption, modification, or destruction. Integrity: When data are consistent and complete. Internal firewall: A firewall used inside an organization, between departments or divisions. Iris/retina recognition: A type of security that analyzes features (eyeprints) in the iris or the patterns of veins in the back of the eye (retina). Key pair: A linked public key and private key. Keystroke capture programs: Software that logs all information entered into a computer. Keystroke recognition: A type of security that analyzes the rhythm and patterns of individuals’ keystrokes on keyboards. Knowledge (in security access): When an individual needs to know something to gain access. Logical access controls: Security solutions that protect access to systems, applications, or data by ensuring users or systems are authenticated and allowed to have such access. Nonrepudiation: Making sure a party cannot renege on obligations—for example, by denying that he or she entered into a transaction with a Web merchant. Odor recognition: A type of security that analyzes an individual’s odor to determine identity. Packet-level firewall: A firewall that controls access by looking at the source and destination addresses in data packets. Also called a screening level firewall. Packets: Small units of data that flow through networks, allowing for the transmission of messages. Password crackers: Software used to recover forgotten passwords. Personal firewall: A firewall installed on a given personal computer. Physical access controls: Controls that involve protecting physical access to systems, applications, or data. Physiological biometrics: Using physical traits to identify individuals. Plaintext: Original message before it is encrypted. Possession: When an individual owns a form of identification. Preventive controls: Controls meant to stop or limit the security threat from happening in the first place. Principle of least privilege: A form of access control in which users are only given permission to access the minimum amount of information required to complete their jobs. Risk management: The process of identifying, assessing, and prioritizing the security risks an organization may face and deciding whether to accept, mitigate, or share the security risks. Rootkits: Software that allows hackers to have unfettered access to everything on the system, including adding, deleting, and copying files. Security: Protection against security threats. Security levels: The layers of protection technologies and policies used to secure stored information. Security policies: Statements describing what the general security guidelines are for an organization. Security procedures: Specific statements describing how to implement the security policies. Security threats: Broadly categorized as denial of service, unauthorized access, and theft and fraud. Smurfing: When a hacker uses an innocent third party to multiply the messages being sent to the intended target. Sniffer: Software that monitors transmissions, capturing unauthorized data of interest. Social engineering: Tricking individuals into giving out security information. Sometimes called phishing. Software ports: Applications installed and running on a computer. Spamming: Sending emails to many individuals at once, sending unsolicited commercial email to individuals, or targeting one individual computer or network and sending thousands of messages to it. Spoofing: Pretending to be someone else (or another computer) to enter a system or gain attention. Spyware: A form of virus that logs everything users do on their computers, unbeknownst to them. Static firewall: A firewall that has predetermined ways of dealing with transmission requests. Static signature recognition: A security measure that compares scanned or ink signatures with stored signatures. Stealth virus: A more advanced virus that changes its own bit pattern to become undetectable by virus scanners. Symmetric encryption: A form of encryption where the same key is used to encrypting and decrypting data. Target-of-opportunity threats: Threats (such as viruses) sent out to find any victim possible. Theft and fraud threats: Threats related to the loss of systems or data due to theft or fraudulent activities. Traits: Physical or behavioral human characteristics needed to gain access to systems or data. Trojan horses: Viruses embedded into a legitimate file. Unauthorized access threats: Individuals who access systems and/or data illegally. User profile: Assigned profiles that consist of a user identification, a password, and a set of privileges. Virtual private network (VPN): A connection that makes use of an open wired network such as the Internet but that provides a secured channel through encryption and other security features. Virus: A computer program designed to perform unwanted events. Virus hoaxes: False virus alerts sent and resent by individuals. Virus signature: Bit patterns of the virus that can be recognized. Voice recognition (speaker recognition): A security measure that analyzes voice to determine the identity of a speaker; different from speech recognition (determining what is being said). Wi-Fi Protected Access (WPA): A recent and powerful encryption algorithm for wireless security. Wired Equivalent Privacy (WEP): A protocol that uses encryption established via a preshared key known to the router and the wireless device or computer on a wireless network.

Answer 79

* There are four main categories of threats to information privacy: data collection, unauthorized secondary use of data, improper access to data, and errors in data. * We identified several technologies used to infringe on and/or protect information privacy, such as cookies, cookie managers, privacy statements and policies, trust seals, and government regulations. * Information privacy is one of the four components of the PAPA ethical framework, which includes privacy, accuracy, property, and accessibility. The framework can be used to identify concerns about the use of information. * Information privacy and information security are related concepts, since it is mandatory for the information to be secured before it can be private. The reverse is not necessarily true, since information that is protected from a security standpoint can still be shared with others, infringing on the privacy of the information. * Ethical decision making considers standards of behavior when making decisions.

Answer 80

Accessibility: Refers to who has access to the information systems and the data that they hold. Accuracy: When data are what they are supposed to be and do not include errors. Children’s Internet Protection Act of 2001 (CIPA): A law that regulates access to offensive content over the Internet on school and library computers. Children’s Online Privacy Protection Act of 1998 (COPPA): A law that prevents websites from collecting personally identifiable information from children without parental consent. Clickstream data: Tracking of online browsing behaviors. Cookie manager: A software application that allows you to view which cookies are stored on your computer and what’s in them and gives you the ability to delete them. Cookies: Small text files located on your computer to store information about you, your accounts, and your computer. Data collection threat: A privacy threat resulting from the fact that data can be collected, aggregated, and analyzed at a faster pace and in larger volumes than ever, without individuals’ awareness. Data Protection Directive: A law that regulates how personal data are processed and protected in the European Union. Electronic Communications Privacy Act of 1986 (ECPA): A law that regulates access, use, disclosure, interception, and privacy protections of electronic communications. Errors in data: A privacy threat where there are inaccuracies in data. Fair information practices principles (FIPPs): Guidelines for how to deal with personal information, which include notice/awareness, choice/consent, access/participation, integrity/security, and enforcement/redress. Family Educational Rights and Privacy Act (FERPA): A law that protects the privacy of student education records. Federal Trade Commission (FTC): A government agency responsible for (among other things) ensuring that privacy policies are respected. Gramm-Leach-Bliley Financial Services Modernization Act of 1999 (GLBA): A law that provides regulations to protect consumers’ personal financial information held by financial institutions. Health Insurance Portability and Accountability Act (HIPAA): A law that provides regulations to protect personal health information held by covered entities and gives patients an array of rights with respect to that information. Identity theft: Using another person’s personal information for fraudulent activities. Improper access to data: A privacy threat where unauthorized individuals have access to one’s private information. Opt-in: A privacy option where individuals state they agree that their data can be shared with others or used for other purposes, often to receive special deals or information from partner companies. Opt-out: A privacy option where individuals must state that they do not want their data to be shared with others or used for other purposes. PAPA framework: A framework that identifies four major categories of concerns about the use of information: privacy, accuracy, property, and accessibility. Privacy: One’s ability to control information about oneself. Privacy policy: A statement that describes what the organization’s practices are with respect to the privacy of its customers. Privacy seal: A seal that a business can post on its website to show its commitment to privacy. Property: Refers to who has ownership of the data. Reputation seal: A seal that a business can post on its website to show its commitment to trustworthiness. Seal program: A program offered by an organization that posts a set of rules that companies must follow to be a part of the seal program. Security seal: A seal that a business can post on its website to show its commitment to security. Self-regulation: An attempt by industry leaders to avoid government regulations by suggesting (rather than requiring) that companies have privacy policies—for example, with privacy seals and privacy policies. Unauthorized secondary use of information: A privacy threat resulting from the use of data for purposes other than those for which they were originally collected.

Answer 81

• Software development methodologies provide discipline to the development process by defining processes, roles, and deliverables. • The traditional systems development life cycle (SDLC) is a semisequential, phased approach. There are different versions of the traditional SDLC. • The SDLC described in this chapter consists of five phases: planning, requirements, development, implementation, and maintenance. • Alternatives to the traditional SDLC include prototyping, rapid application development, and the spiral model. • The decision of whether to build custom software or purchase commercial, off-the-shelf software is complex. • Open source software allows users to access the underlying source code for the application, which allows users to modify the program. • Open source software is usually free, although some companies charge a fee for ongoing support. • Outsourcing occurs when an outside organization provides IT services that were previously provided internally. • Outsourcing models include full (complete), process-based, personnel, project-based, and application outsourcing. • There are both benefits and risks associated with outsourcing. • Factors affecting the outsourcing decision include the maturity of the system, the system’s significance to the organization’s competitive advantage, the organization’s IT capability, and cost. • Offshore outsourcing occurs when an organization receives services from a company outside the organization’s geographic region. • Nearshore outsourcing occurs when an organization receives services from a company within the organization’s geographic region but outside its home country. • Onshore outsourcing occurs when an organization receives services from a company in the same country.

Answer 82

Application outsourcing: An outsourcing arrangement that involves a service provider handling activities related to a specific software application. Functional requirements: Describes how a system should interact with users and other systems. Nearshore outsourcing: Using a vendor that provides services from a location close the client’s location. Nonfunctional requirements: Constraints on a system. Offshore outsourcing: Using a vendor that provides services from a location outside the client organization’s region. Onshore outsourcing: Outsourcing to a firm located in the same country. Open source software: Software that allows users to access the underlying source code for an application. Outsourcing: An arrangement in which an organization contracts with a service provider to provide IT-related services. Personnel outsourcing: An outsourcing arrangement in which a service provider places workers into an organization on a temporary contract basis. Process-based outsourcing: An arrangement in which an organization outsources a particular function or business process. Project-based outsourcing: An outsourcing arrangement that involves contracting with a service provider to complete a specific project. Prototype: A small-scale mock-up of a system or a portion of a system. Requirements elicitation: Gathering system requirements from various stakeholders. Selective (partial) outsourcing: An outsourcing arrangement in which only certain aspects of IT are outsourced to a service provider. Software development methodology: a framework for planning, structuring, and controlling software development projects. Source code: Text-based computer programming language statements that can be read by humans. Systems development life cycle (SDLC): A semisequential, phased approach to systems development. Use case: Describes a series of actions that results in an outcome for an actor.

Answer 83

Data visualization software

Answer 84

document management system

Answer 85

low-tech, technology driven

Answer 86

Interoperability

Answer 87

QUESTION 1 What type of tool represents the mental mode of an expert’s knowledge? Decision table Decision tree Cognitive map Wiki None of the above 0.6 points QUESTION 2 Sara just began working for a new company and her boss has given her a flow chart to study so that she can better understand the processes of the organization. What function has the organization completed to have such a chart? SDLC Registration Gantt chart Process modeling Contracting 0.6 points QUESTION 3 Which of the following best describes a system that helps an organization manage multiple interactions with its customers? Customer Intelligence Customer Management System Customer order Management Customer Relationship Management Customer enterprise warehouse 0.6 points QUESTION 4 In terms of e-business, what is another term for marketplace? Trading floor Clearinghouse Market Auction house Exchange 0.6 points QUESTION 5 What is the process of analyzing data to identify trends, patterns, and other useful information? Digging agent Data mining Database modeling Querying Clustering 0.6 points