Monday, August 8, 2016

Chapter 11: Information Systems Management





What Are the Functions and Organization of the IS Department?

  • Plan how to use IS to accomplish organizational goals and strategy.
  • Manage outsourcing relationships.
  • Protect information assets.
  • Develop, operate, and maintain organization's computing infrastructure.
  • Develop, operate, and maintain enterprise applications.


How Is the IS Department Organized?


Chief Information Officer (CIO)-a common title for the principal manager of the IS department though it varies from organization.
  • Other common titles: Vice President of Information Services, Director of Information Services, and less commonly, Director of Computer Services.
Chief Technology Officer (CTO)-often heads the technology group.
  • Evaluates new technologies, new ideas, and new capabilities and identifies those that are most relevant to the organization.
  • Job requires deep knowledge of information technology and the ability to envision and innovate applications for the organization.
Chief Security Officer (CSO)-manages security for all of the organization's assets: physical plant and equipment, employees, intellectual property, and digital. The CSO reports to the CEO.

Chief Information Security Officer (CISO)-manages security for the organization's information systems and information. The CISO reports to the CIO.

What IS-Related Job Positions Exist?






























How Do Organizations Plan the Use of IS?
  • Align information systems with organizational strategy; maintain alignment as organization changes.
  • Communicate IS/IT issues to executive group.
  • Develop/enforce IS priorities within the IS department.
  • Sponsor steering committee.
    • Steering committee-is a group of senior managers from the major business functions that works with the CIO to set the IS priorities and decide among major IS projects and alternatives.
What Are the Advantages and Disadvantages of Outsourcing?

Outsourcing-is the process of hiring another organization to perform a service.
  • Done to save costs, to gain expertise, and to free management time.
Popular Reasons for Outsourcing IS Services

IS/IT Outsourcing Alternatives

Outsourcing Risks

What Are Your User Rights and Responsibilities?

User Information Systems Rights and Responsibilities

2026?
  • Most organizations will move their internal hardware infrastructure into the cloud.
  • Rise of mobile devices at work.
    • Cheaper, more powerful, with dynamic, maybe even gamelike user experiences.
  • Organizations develop BYOD (Bring Your Own Device) policies that meet their needs and strategies, and many will encourage employees to bring their own devices to work.
  • IoT (the Internet of Things) will offer the opportunity for innovation in operations, manufacturing, and supply chain management.
  • Organizations will use social media inside the organization in true Enterprise 2.0 style.
  • Organizational culture


  











Chapter 10: Information Systems Security

 

Information Systems Security-A Trade-off Between Security and Freedom
  • Example: Organizations can increase the security of their information systems by taking away users' freedom to choose their own passwords and force them to choose stronger passwords that are difficult for hackers to crack.
  • Goal: Find an appropriate trade-off between the risk of loss and the cost of implementing safeguards.
  • Threat- is a person or organization that seeks to obtain or alter data or other IS assets illegally, without the owner's permission and often without the owner's knowledge.
  • Vulnerability- is an opportunity for threats to gain access to individual or organizational assets.
    • Example of Vulnerability: Making an online purchase using a credit card, the credit card data is transmitted over the Internet and it vulnerable to threats.
  • Safeguard- is some measure that individuals or organizations take to block the threats from obtaining the asset.
  • Target- is the asset that is desired by the threat.
    • Sources: Human errors and mistakes, Computer crime, and Natural events and disasters.


What Types of Security Loss Exist?
  • Unauthorized data disclosure
    • Pretexting- occurs when someone deceives by pretending to be someone else.
    • Phishing- is a similar technique for obtaining unauthorized data that uses pretexting via email.
      • Phisher- pretends to be a legitimate company and sends an email requesting confidential data.
        • Examples: Account numbers, Social Security numbers, Account passwords, etc.
    • Spoofing- is another term for someone pretending to be someone else.
      • IP spoofing- occurs when an intruder uses another site's IP address to masquerade as that other site.
      • Email spoofing- is a synonym for phishing.
    • Sniffing- is a technique for intercepting computer communications.
      • Wired networks: Sniffing requires a physical connection to the network.
      • Wireless networks: No such connection is required.
        • Wardrivers- simply take computers with wireless connections through an area and search for unprotected wireless networks.
    • Hacking-breaking into computers, servers, or networks to steal data such as customer lists, product inventory data, employee data, and other proprietary and confidential data.
    • Natural disasters
  • Incorrect data modification
      • Examples: Incorrectly increasing a customer's discount, Incorrectly modifying an employee's salary, earned days of vacation, or annual bonus.
    • Can occur through human error when employees follow procedures incorrectly or when procedures have been designed incorrectly.
      • System Error- "lost-update problem"
    • Hacking
    • Natural Disasters
  • Faulty service
    • Can include incorrect data modification
    • Can include systems that work incorrectly by sending the wrong goods to a customer or the ordered goods to the wrong customer, inaccurately billing customers, or sending the wrong information to employees.
    • Human can make procedural mistakes.
      • System developers can write programs incorrectly or make errors during the installation of hardware, software programs, and data.
    • Usurpation- occurs when computer criminals invade a computer system and replace legitimate programs with their own, unauthorized ones that shut down legitimate applications and substitute their own processing to spy, steal and manipulate data, or archive other purposes.
    • When service is improperly restored during recovery from natural disasters.
  • Denial of service (DoS)
      • Example: Humans can inadvertently shut down a Web server or corporate gateway router by starting a computationally intensive application.
Example of DoS

  • Loss of infrastructure
    • Theft and Terrorist events
    • Natural Disasters present the largest risk, these can destroy data centers and all that contain them.
      • Examples: Fire, Flood, Earthquake
    • Advanced Persistent Threat (APT)- is a sophisticated, possibly long-running computer hack that is perpetrated by large, well-funded organizations such as governments.
      • Can be a means to engage in cyberwarfare and cyberespionage.

How Big Is the Computer Security Problem?

    • No One Really Knows because...
      • There are no standards for tallying crime costs.
      • All the studies on the cost of computer crime are based on surveys.
        • The most that can be done is to look for trends and compare year-to-year data, assuming the same methodology is used by the various types of survey respondents. 


According to the textbook, Using MIS, the 2014 Cost of Computer Crime Study resulted in the following:

  • Malicious insiders are an increasingly serious security threat.
  • Business disruption and data loss are principal costs of computer crime.
  • Survey respondents believe negligent employees, personal devices connecting to the corporate network, and the use of commercial cloud-based applications pose a significant security threat.
  • Security safeguards work. (pg 394)
How Should You Respond to Security Threats?
  • Intrusion Detection Systems (IDS)- is a computer program that senses when another computer is attempting to scan or access a computer or network. 
    • If these come from outside the country, there is nothing you can do about them except use reasonable safeguards.
  • Brute force attack- in which the password cracker tries every possible combination of characters.
    • Use long passwords with no words, 10 or more characters, and a mix of letters, numbers, and special characters.
    • Use different passwords for different sites.
    • Never send passwords, credit card data, or any other valuable data in email or IM.
  • Cookies- are small files that your browser receives when you visit Web sites.
    • The best safeguard is to remove your browsing history, temporary files, and cookies form your computer and to set your browser to disable history and cookies.
      • CCleaner- a free, open source product that will do a thorough job of securely removing all such data. 
        • Make a backup of your computer before using CCleaner. 



How Should Organizations Respond to Security Threats?

Senior management needs to address two critical security functions: Security Policy and Risk Management.

  • At a minimum, the policy should stipulate:
    • What sensitive data the organization will store.
    • How it will process that data.
    • Whether data will be shared with other organizations.
    • How employees and others can obtain copies of data stored about them.
    • How employees and others can request changes to inaccurate data.
  • Risk Management
    • Risk cannot be eliminated
      • Manage risk means to proactively balance the trade-off between risk and cost.
        • This trade-off varies from industry to industry and from organization to organization. 
          • Example: Financial institutions (Higher investment) vs. Bowling alley (Lower investment). 



How Can Technical Safeguards Protect Against Security Threats?
  • Technical safeguards
    • Involve the hardware and software components of an information system.
      • Identification- "User"name identifies the user
      • Authentication- "password" authenticates that user.
      • Smart card- a plastic card similar to a credit card.
        •  Instead of a magnetic strip, the smart card has a microchip which holds far more data.   
        • Users of smart cards are required to enter a personal identification number (PIN)  to be authenticated.
      • Biometric authentication- uses personal physical characteristics.
        • Examples: Fingerprints, facial features, and retinal scans to authenticate users.
        • Provides strong authentication, but the required equipment is expensive.
        • It is also in the early stages of adoption.
      • Encryption- is the process of transforming clear text into coded, unintelligible text for secure storage or communication.
        • Considerable research has gone into developing encryption algorithms (procedures for encrypting data) that are difficult to break.
          • Common methods: DES, 3DES, and AES
        • Key- is a string of bits used to encrypt the data. It "unlocks" a message, but it is a string of bits, expressed as numbers or letters, used with an encryption algorithm.
      • Decrypting (decoding)- the key is applied to the coded message to recover the original text.
      • Symmetric encryption- the same key is used to encode and decode.
      • Asymmetric encryption- two keys are used, one encodes the message and the other key decodes the message.
          • Symmetric encryption is much simpler and faster than asymmetric.
          • Public key encryption- a special asymmetric encryption.
              • used on the Internet, each site is a "public key" for encoding messages and a "private key" for decoding them. 
          • https- most secure communication over the Internet uses this protocol.
            • With https, data are encrypted using a protocol Secure Sockets Layer (SSL),  also known as Transport Layer Security (TLS).
              • Both use a combination of public key encryption and symmetric encryption. 
      • Firewall- is a computing device that prevents unauthorized network access, simply a filter.
        • Can be a special-purpose computer.
        • Can be a program on a general-purpose computer or on a router.
      • Perimeter firewall- sits outside the organizational network; it is the first device that Internet traffic encounters.
      • Internal firewalls- inside the organizational network.
      • Packet-filtering firewall- examines each part of a message and determines whether to let that part pass. To make this decision, it examines the source address, the destination address(es), and other data.
        • Can prohibit outsiders from starting a session with any user behind the firewall.
        • Can disallow traffic from particular sites, such as known hacker addresses.
        • Packet-filtering firewalls are the simplest type of firewall.
        • No computer should connect to the Internet without firewall protection.

   
Spyware and Adware Symptoms
  • Slow system startup
  • Sluggish system performance
  • Many pop-up advertisements
  • Suspicious browser homepage changes
  • Suspicious changes to the taskbar and other system interfaces
  • Unusual hard-disk activity
Malware definitions- patterns that exist in malware code should be downloaded frequently.

SQL injection attack- occurs when users enter a SQL statement into a form in which they are supposed to enter a name or other data.
  • If the program is improperly designed, it will accept this code and make it part of the database command that it issues.
  • Improper data disclosure and data damage and loss are possible consequences.
  • A well-designed application will make such injections ineffective.
How Can Data Safeguards Protect Against Security Threats?
  • Data safeguards- protect databases and other organizational data.
    • Two organizational units are responsible for data safeguards.
      • Data administration- refers to an organization-wide function that is in charge of developing data policies and enforcing data standards.
      • Database administration- refers to a function that pertains to a particular database.
        • Example: ERP, CRM, and MRP
      • Key escrow- a safety procedure, when data are encrypted and a trusted party should have a copy of the encryption key.

How Can Human Safeguards Protect Against Security Threats?

Human safeguards- involve the people and procedure components of information systems.
  • In general, these result when authorized users follow appropriate procedures for system use and recovery. 


How Should Organizations Respond to Security Incidents?


2026?


As of June 2015, privacy advocates were outraged at the existence of PRISM,  the intelligence program by which the National Security Agency (NSA) requested and received data about Internet activities from major Internet providers.
  • They claimed their privacy, or freedom from being observed by other people, was being destroyed in the name of security, or state of being free from danger.
"We can hope the revelation of existence of PRISM will spark a public conversation on the balance of national security and data privacy" (Using MIS, pg 414).

           
CAUTION! We will still be exposed to computer crimes!

Tuesday, August 2, 2016

Chapter 9: Business Intelligence Systems


  • Business intelligence (BI) systems- are information systems that process operational, social, and other data to identify patterns, relationships, and trends for use by business professionals and other knowledge workers.
  • Business intelligence- Are the patterns, relationships, trends, and predictions.
  • BI application- The software component of a BI system.

How Do Organizations Use BI?
  • Project Management
  • Problem Solving
  • Deciding
  • Informing
What Are the Three Primary Activities in the BI Process?
  • Data acquisition- is the process of obtaining, cleaning, organizing, relating, and cataloging source data.
  • BI analysis- is the process of creating business intelligence.
    • Four Fundamental Categories 
      • Reporting
      • Data Mining
      • BigData
      • Knowledge Management
  • Publish results- is the process of delivering business intelligence to the knowledge workers who need it.
  • Push publishing- delivers business intelligence to users without any request from the users; the BI results are delivered according to a schedule or as a result of an event or particular data condition.
  • Pull publishing- requires the user to request BI results
    • Publishing media include print as well as online content delivered via Web servers, specialized Web servers known as report servers, and BI results that are sent via automation to other programs.

How Do Organizations Use Data Warehouses and Data Marts to Acquire Data?
  • Data warehouse- is a facility for managing an organization's BI data.
    • Functions
      • Obtain Data
      • Cleanse Data
      • Organize and Relate Data
      • Catalog Data
  • Data mart- is a data collection, smaller than the data warehouse, that addresses the needs of a particular department or functional area of the business.
Components of a Data Warehouse

Possible Problems with Operational Data
 

 
  • Data broker/ Data aggregator- a company that acquires and purchases consumer data and other data from public records, retailers, Internet cookie vendors, social media trackers, and other sources and uses it to create business intelligence that it sells to companies and the government.
    • Prominent Data Brokers
      • Datalogix
      • Acxiom Corporation
    • Federal law provides strict limits on gathering and using medical and credit card, meanwhile other data is unlimited.
    • In theory, data brokers enable you to view the data is stored about you.
    • In practice, it is difficult to learn how to request your data.
  • Granularity- a term that refers to the level of detail represented by the data.
    • It is possible to capture the customer's clicking behavior in what is termed clickstream data. 
      • Great- to study consumer behavior
      • Bad- it can be overwhelming data if all an organization wants to know is track consumer behavior, millions and millions of clicks will have be to thrown away.

How Do Organizations Use Reporting Applications?
  • Reporting application- is a BI application that inputs data from one or more sources and applies reporting operations to that data to produce business intelligence.
    • Five Reporting Operations
      1. Sorting
      2. Filtering
      3. Grouping
      4. Calculating
      5. Formatting
  • RFM analysis- a technique readily implemented with basic reporting operations. It is used to analyze and rank customers according to their purchasing patterns.
    • Considers how recently (R) a customer has ordered, how frequently (F) a customer ordered, and how much money (M) the customer has spent.


  • Online Analytical Processing (OLAP)- a second type of reporting application, is more generic than RFM. 
    • Provides the ability to
      • Sum
      • Count
      • Average
      • Perform other simple arithmetic operations on groups of data
    • Measure- is the data item of interest. The item that is to be summed or averaged or otherwise processed in the OLAP report.
      • Examples: Total sales, average sales, and average cost
    • Dimension- is a characteristic of a measure.
      • Examples: Purchase data, customer type, customer location, and sales region.
    • OLAP cube/Cube- some software products display OLAP by using three axes, like a cube in geometry. 
    • OLAP report- Same as OLAP cube
      • Drill down- to further divide the data into more detail.


How Do Organizations Use Data Mining Applications?
  • Data mining- is the application of statistical techniques to find patterns and relationships among data for classification and prediction. Sometimes people use the term, knowledge discovery in database (KDD) as a synonym for data mining.
    • Unsupervised data mining- analysts do not create a model or hypothesis before running the analysis. 
      • Analysts create hypothesis after the analysis, in order to explain the patterns found.
      • Cluster analysis- a common unsupervised technique. Statistical techniques identify groups of entities that have similar characteristics. Commonly used to find groups of similar customers from customer order and demographic data.
      • Decision Tree- is a hierarchical arrangement of criteria that predict a classification or a value.
        • Analyst sets up the computer program and provides the data to analyze, and the decision tree program produces the tree.
        • Common business application: to classify loans by likelihood of default. Sometimes, financial institutions sell a group of loans to one another, loan portfolio. 
        • Decision Trees are easy to understand and easy to implement using decision rules. Sometimes organizations can use decision trees to select variables that are then used by other types of data mining tools.

    • -Supervised data mining- data miners develop a model prior to the analysis and apply statistical techniques to data to estimate parameters of the model.
      • Regression analysis- measures the effect of a set of variables on another variable.
      • Neural networks- a popular supervised data mining application used to predict values and make classifications such as "good prospect" or "poor prospect" customers. 

  • Market-Based Analysis- is an unsupervised data mining technique for determining sales patterns.
    • Shows the products that customers tend to buy together. 
      • Cross-selling- opportunity for marketing transactions " If they're buying X, sell them Y" or "If they're buying Y, sell them X."
      • Support- is the probability that two items will be purchased together.
        • Confidence- a conditional probability.
        • Lift- the ratio of confidence to the base probability of buying an item.
                          

How Do Organizations Use BigData Applications?
  • BigData/ Big Data- is a term used to describe data collections that are characterized by huge volume, rapid velocity, and great variety.
    • Generally BigData:
      • Data sets are at least a perabyte in size, and usually larger.
      • Is generated rapidly
      • Has structured data, free-form text, log files, possibly graphics, audio, and video.
  • MapReduce- is a technique for harnessing the power of thousands of computers working in parallel.
    • Hadoop-  is an open source program supported by the Apache Foundation that implements MapReduce on potentially thousands of computers. 
      • Pig- Hadoop's query language




How Is the Role of Knowledge Management Systems?

  • Knowledge management (KM)- is the process of creating value from intellectual capital and sharing that knowledge with employees, managers, suppliers, customers, and others who need the capital.
    • KM benefits organizations 
      1. Improve Process Quality
      2. Increase Team Strength
    • Modern KM ascribes to hyper-social organization theory.
  • Expert systems- are rule-based systems that encode human knowledge in the form of If/Then rules.
    • If/Then Rules- are statements that specify if a particular condition exists, then to take some action.
    • Expert system shells- the programs that process a set of rules.


  • Content Management Systems (CMS)- are information systems that support the management and delivery of documents including reports, Web pages, and other expressions of employee knowledge. 
    • Typical users of CMS are companies that sell complicated products and want to share their knowledge of those products with employees and customers.
    • Challenges of Content Management
      1. Most content databases are huge.
      2. CMS content is dynamic.
      3. Documents do not exist in isolation from each other.
      4. Document contents are perishable.
      5. Content is provided in many languages.
    • Content Management Application Alternatives
      1. In-house custom
      2. Off-the-shelf
      3. Public search engine



  • Hyper-social knowledge management- is the application of social media and related applications for the management and delivery of organizational knowledge resources.
    • Example: when an employee in customer support who writes a daily blog on current, common customer problems is expressing authentic opinions on the company's products, positive and possibly negative.
      • If perceived as authentic- customers will comment upon blog entries and, in the process, teach others how they solved those problems themselves.
    • Rich directory- is an employee directory that includes not only the standard name, email, phone, and address but also organizational structures and expertise.
      • Particularly useful in large organizations where people with particular expertise are unknown. 
Resistance to Knowledge Sharing

  • Employees can be reluctant to exhibit their ignorance.
    • Fear of appearing incompetent, employees may not submit entries to blogs or discussion groups. 
      • Strategy: Provide a private media that can be acessed only by a smaller group of people who have an interest in a specific problem.
  • Employee competition
    • A hyper-social KM application may be ill-suited to a competitive group. 
    • The company may be able to restructure rewards and incentives to foster sharing of ideas among employees.
      • Example: Giving a bonus to the group that develops the best idea.

What Are the Alternatives for Publishing BI?
  • Static reports- are BI documents that are fixed at the time of creation and do not change.
    • Example: Printed sales analysis
      • Most static reports are published as PDF documents.
  • Dynamic reports- are BI documents that are updated at the time they are requested.
    • Example: Sales report that is current at the time the user accessed it on a Web server.
  • Subscriptions- are user requests for particular BI results on a particular schedule or in response to particular events.
    • Example: User subscribes to a daily sales report, requesting that it be delivered each morning.
  • BI server- is a Web sever application that is purpose-built for the publishing of  business intelligence.
    • Most popular one: Microsoft SQL Server Report Manager (part of Microsoft SQL Server Reporting Services).
    • Two major functions: management and delivery
  • Today, the expectation is that BI results can be delivered to "any" device. 
    • In practice, "any" is interpreted to  mean computers, smartphones, tablets, applications such as Microsoft Office, and SOA Web services. 


Future in 2026?

   Image result for Data mining in the future        
Some companies will know more about  your purchasing psyche than you, your mother, or your analyst.
  • The Singularity- is the point at which computer systems become sophisticated enough that they can adapt and create their own software and hence adapt their behavior without human assistance.