BIA Exam 3

Structured processes

Support operational and structured managerial decisions and activities, standardized, usually formally defined and documented, exceptions rare and not (well) tolerated, process structure changes slowly and with organizational agony (ex. customer returns, order entry, purchasing, payroll)

Dynamic Processes

Support strategic and less structured managerial decision and activities, less specific, fluid, usually informal, exceptions frequent and expected, adaptive processes that change structure rapidly and readily (collaboration, social networking, ill-defined, ambiguous situations)

Workgroup

Support one or more processes, 10-100 users, procedures often formalized, problem solutions within group, can duplicate data, somewhat difficult to change (doctor's office, medical practice)

Enterprise

Support one or more processes, 100-1,000+ users, procedures formalized, problem solutions within group, eliminate workgroup data duplication, difficult to change (hospital)

Inter-enterprise

Support one or more processes, 1,000+ users, systems procedures formalized, problem solutions affect multiple organizations, can resolve problems of duplicated enterprise data, very difficult to change

Change process structure, change process resources

How can we improve efficiency or effectiveness in a process?

Information systems

Performs activities (automation), augments a human performing an activity, controls data quality and process flow

Information silos

When data is isolated in separate systems, data is isolated in islands of automation, different department goals, different personal and workgroup needs, duplicate data as organization grows, results in data integrity problems, disjointed business process

Data duplication, data inconsistency, disjointed processes, limited information and lack of integrated information, isolated decisions lead to organizational inefficiencies, increased expense

Problems created by information silos

Business Process Reengineering

Enterprise systems enabled creation of more efficient or more effective processes, integrated data, enterprise systems create stronger, faster, more effective linkages in value chains, difficult, slow, exceedingly expensive

Standardization

Inherent processes with predesigned procedures for using software products based on "industry best practices"

Customer relationship management (CRM)

Suite of applications, database, and set of inherent processes that manage all interactions with customer through four phases of customer life cycle, supports customer-centric organization

Marketing, Customer acquisition, relationship management, loss/churn

4 phases of customer life cycle

Enterprise Resource Planning

Suite of applications, database, and inherent processes that consolidates business operations into a single, consistent computing platform, CRM plus accounting, manufacturing, inventory, and Human Resources applications, SAP offers industry-specific customized packages

Enterprise Application Integration

Connects system "islands," enables communicating and sharing data, provides integrated information, provides integrated layer on top of existing systems while leaving functional applications "as is", enables less expensive, gradual move to ERP

Careful planning, substantial training, senior management involvement

How to reduce challenges?

Employee resistance

Change requires effort and engenders fear, threat to self-efficacies, requirements gaps, expect it

New technology

The Cloud, mobile technology, risks and potential outside control of organization resources

Security concerns

IS design involves constant trade-offs, threat of focused attack, inter-enterprise system connects competitors, security in the cloud

Collaborative management, requirements gaps, transition problems, employee resistance, new technology

What are the challenges of integrating?

Section 230 of the Communications Decency Act

No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.

Social media (SM)

IT to support content sharing among networks of users, enables communities of practice (people related by common interest), content that is uploaded

Social media information system (SMIS), or Social Networking sites

IS for sharing content among networks of users

Providers, users, communities/sponsors

Three roles for Social Networking Sites

Application Providers

Costs to develop, implement, manage social networking procedures

Enterprise SNs

Internal networks using SharePoint for wikis, discussion board, photo sharing (Yammer, Slack)

Constantly changing balance of power with customers (dynamic), Users can build on each other (solve issues, complaints, reviews, market), employee recruitment/use

Benefits and Uses of Social Media

Sales and marketing

Outward to prospects, social CRM, peer-to-peer sales, loss of credibility, bad PR

Customer service

Outward to customers, peer-to-peer support, loss of control

Inbound logistics

Upstream supply chain providers, problem solving, privacy

Outbound logistics

Downstream supply chain shippers, problem solving, privacy

Manufacturing and operations

Outward for user design, inward to operations and manufacturing, user-guided design, industry relationships, operational efficiencies, efficiency/effectiveness

Human Resources

Employment candidates, employee communications, employee prospecting, recruiting, and evaluation SharePoint for employee-to-employee communication, error, loss of credibility

Hyper-social organization

Use SM to transform interactions with customers, employees, and partners into mutually satisfying relationships with them and their communities

You Are the Product

"If you're not paying, you're the product.", renting your eyeballs to an advertiser

Advertising, Freemium, Sales

Revenue Models for Social Media

Advertising

Pay-per-click, use increases value

Freemium

Offers users a basic service for free, then charges a premium for upgrades or advanced features

Sales

Apps and virtual goods, affiliate commissions, donations

Edward Tufte

"There are only two industries that call their customers 'users': illegal drugs and software"

12.3 billion

By 2022, number of mobile devices to reach ?

$141B, 75%

Mobile ad spending should reach ?, and account for ? of total digital ad spending

3.75%, 2.29%

Average click-through rate of smartphones is ?, but just ? on PCs

Conversion rate

Frequency someone clicks on ad makes a purchase, "likes" a site, or takes some other action desired by advertiser, on smartphones is 2.25%, but 4.84% on PCs

69%

Use of ad-blocking software is growing by ? per year.

User-generated content (UGC)

Content on your SM site that is contributed by users

Problems from external sources

Junk and crackpot contributions, inappropriate content, unfavorable reviews, mutinous movements

Leave it, respond to it, delete it

How to respond to social networking problems?

Never wrestle with a pig; you'll get dirty and the pig will enjoy it

General rule for responding to social networking problems?

Disclose, Protect, Use Common Sense

3 Rules of Engagement for Responding to Social Networking Problems

Disclose

Your presence in social media must be transparent

Protect

Take extra care to protect both Intel and yourself

Use Common Sense

Remember that professional, straightforward and appropriate communication is best

Review employee sites when hiring and after hired, don't post on sites about work

How to manage employees SN use?

Social capital

investment in social relations with the expectation of returns in the marketplace, people benefit from it through information, influence, social credentials, and personal reinforcement

Internal Risk

Can include threats to information security, increased organizational liability, and decreased employee productivity

Hardware

Desktops, laptops, mobile devices

Software

Browsers and clients applications, NoSQL

Data

Content (data and responses to data that are contributed by users) and connections (relationships)

Procedures

Informal, evolving and socially oriented

Organizational strategy

Social networking procedures are more formalized and aligned with the organization's strategy, develop procedures for creating content, managing user responses, removing obsolete or objectionable content, and extracting value from content, anyone who uses his or her position in a company to speak for an organization needs to be trained on both SMIS user procedures and the organization's social networking policy

People

users of social media do what they want to do depending on their goals and their personalities

To balance the trade-off

What is the goal of information systems security?

Human Error

mistakenly give out information, mistakes overwriting data

Computer crime

Intentional destruction of data, viruses

Natural disaster

fires, hurricanes

The Art of Deception by Mitnick and Simon

Lady wants a divorce, husband puts all money in a different account, wants to know where assets are, find out what information you need to know, call to get credit information

Pretexting, Spoofing, Phishing, Sniffing, Wardriving

Types of Security Loss (Unauthorized data disclosure)

Pretexting

Creating a scenario to get people to divulge

Spoofing

Pretending to be an authorized person

Phishing

Emailing purporting to be a reputable company

Sniffing

Intercepting through a wired connection

Wardriving

Driving around to connect to available Wi-Fi

Hacking

breaking into computers to steal data

Ransomware

Encrypts data until ransom paid

Incorrect data modification

Setup internal controls

Faulty service

System mistakes, sending wrong information somewhere

Loss of infrastructure

Loss of property, theft of intellectual property

Denial of service

Overloading servers with requests

Technical Safeguards

Identification and authorization, encryption, firewalls, malware protection, application design (hardware and software)

Data Safeguards

Data rights and responsibilities, passwords, encryption, backup and recovery, physical security (data), define data policies, rights enforced by user accounts authenticated by passwords

Human Safeguards

Hiring, Training, Education, Procedure Design, Administration, Assessment, Compliance, Accountability (Procedures and People), take security seriously, create strong passwords, use multiple passwords, send no valuable data via email or IM, use https at trusted, reputable vendors, remove high-value assets from computers, clear browsing history, temporary files, and cookies, regularly update antivirus software, demonstrate security concern to your fellow workers, follow organizational security directives and guidelines, consider security for all business initiatives

Viruses

Payload, Trojan horses, worms, spyware, adware (slow system startup, sluggish system performance, many pop-up advertisements, suspicious browser homepage changes, suspicious changes to the taskbar and other system interfaces, unusual hard-disk activity)

Malware Safeguards

Install antivirus and anti spyware software, scan your computer frequently, update malware definitions, open email attachments only from known sources, promptly install software updates from legitimate sources, browse only reputable web sites

Human Safeguards for Nonemployee Personnel

Temporary personnel, vendors, partner personnel (employees of business partners), and public, hardening to reduce vulnerabilities, require vendors and partners to perform appropriate screening and security training, contract specifies security responsibilities, least privilege accounts and passwords, remove accounts as soon as possible

Responding to Security Incidents

Have a plan in place, centralized reporting, specific responses (speed, preparation pays, don't make problem worse), practice

Human error, computer crime, natural events and disasters

Three sources of threats

Unauthorized data disclosure, incorrect data modification, faulty service, denial of service, and loss of infrastructure

5 types of security loss

Incorrect data modification

Incorrectly increasing a customer's discount or incorrectly modifying an employee's salary, earned days of vacation, or annual bonus

Identification

The process whereby an information system identifies a user by requiring the user to sign on with a username and password

Authentication

The process whereby an information system verifies (validates) a user

Smart card

Plastic cards similar to credit cards that have microchips. The microchip, which holds much more data than a magnetic strip, is loaded with identifying data. Normally requires a PIN.

Personal identification number (PIN)

A form of authentication whereby the user supplies a number that only he or she knows

biometric authentication

The use of personal physical characteristics, such as fingerprints, facial features, and retinal scans, to authenticate users

encryption

The process of transforming clear text into coded, unintelligible text for secure storage or communication

encryption algorithms

Algorithms used to transform clear text into coded, unintelligible text for secure storage or communication

key

A string of bits used to encrypt data. The encryption algorithm applies this to the original message to produce the coded message. Decoding (decrypting) is similar; this is applied to the coded message to recover the original text

symmetric encryption

An encryption method whereby the same key is used to encode and to decode the message

asymmetric encryption

An encryption method whereby different keys are used to encode and to decode the message; one key encodes the message, and the other key decodes the message, is slower and more complicated than symmetric encryption

public key encryption

A special version of asymmetric encryption that is popular on the Internet. With this method, each site has a public key for encoding messages and a private key for decoding them