Exam 1 Added Info

Chapter 1: Information Systems: People, Technology, Processes, and Structure

What is an Information System

• Information system: Interrelated components working together to collect, process, store, and disseminate information.

• Includes a feedback mechanism to monitor and control its operation.

• Used to accomplish work-related tasks and everyday living activities.

• Enables the analysis of large amounts of data.

Information Systems—A Means to Achieve Competitive Advantage

• Competitive advantage:

  • Generates more sales.

  • Achieves superior profit margins.

  • Gained through cost leadership, differentiation, focus.

• Requires considerable effort to sustain.

• Managers’ key role: Identify and use information systems to gain a competitive advantage.

Managers’ Role in Implementing Successful Information Systems

Leavitt’s Diamond Model

• Used to introduce new systems into the workplace.

• Aims to lower stress, encourage teamwork, and increase successful implementation.

• Highlights four key components:

  • People: The most important element of information systems.

  • Technology infrastructure: Resources including hardware, software, databases, networks, facilities, and services.

  • Processes: Structured set of activities that take input, adds value, and creates an output.

  • Structure: Defines relationships between organization members, roles, responsibilities, and lines of authority.

Types of Information Systems

• Personal Information System: Improves productivity of individual users for stand-alone tasks.

• Workgroup Information System: Enables effective collaboration among team members.

• Enterprise Information System: Addresses organization-wide business needs.

• Interorganizational IS: Enables sharing of information across organizational boundaries.

Strategic Planning

• Definition: Managerial process to identify initiatives and projects for organizational objectives.

• Recognizes that the organization and surroundings are in constant flux.

• Benefits include providing a framework for decision-making and effective use of resources.

• Key considerations in strategy: Long-term impacts, risks, required resources, and competitive reactions.

Information System Strategic Planning

• Cost Center/Service Provider: Inward looking and focused on controlling/reducing IS costs.

• Business Partner/Business Peer: Improve IS/business partnership.

• Game Changer: Use IS for competitive advantage and drive innovation.

Typical Information System Roles

• Chief Information Officer (CIO): Achieves organization’s goals using IS department’s resources.

• Software Developer: Creates and maintains applications and operating systems.

• IS Security Analyst: Plans and implements security measures for systems and data.

• Systems Analyst: Defines requirements for new information systems.

• Programmer: Translates program design into working software.

• Web Developer: Designs and manages web sites.

• Business Analyst: Evaluates and solves business challenges.

Chapter 4: Hardware and Software

Anatomy of a Computer

• Components: CPU, memory, bus, and input/output devices.

RAM and Cache

• Random Access Memory (RAM): Temporary volatile storage.

  • Varieties: SRAM, DRAM, DDR SDRAM.

• Cache Memory: High-speed memory that processors can access more rapidly than main memory.

• Read-Only Memory (ROM): Nonvolatile and permanently stores data and instructions.

  • ROM Varieties:

    • Programmable read-only memory (PROM): Holds data and instructions that can never be changed.

    • Electrically erasable programmable read-only memory (EEPROM): User-modifiable read-only memory that can be erased and reprogrammed repeatedly through the application of higher-than-normal electrical voltage. Flash memory: A type of EEPROM that is faster and more efficient, commonly used in USB drives and SSDs.

Computer System Classes

• Special-purpose computers: Used for limited applications.

• General-purpose computers: Three classes include portable, nonportable, and multi-user systems.

Portable Computers

• Definition: Small enough to carry easily.

• Categories:

  1. Smartphones: Mobile devices that combine a phone and computing functionalities.

  2. Laptops: Portable computers that provide a balance of performance and portability, suitable for a wide range of tasks.

  3. Notebooks: Smaller and lighter than laptops, designed primarily for basic tasks.

  4. Tablets: Touchscreen devices that offer portability and often run mobile operating systems.

Nonportable, Single-User Computers

Thin Clients

• Low-cost, centrally managed computers

• No internal or external attached drives for data storage.

Desktop Computers

• Single-user computer systems.

• Highly versatile.

• Provide sufficient computing power, memory, and storage for most business computing tasks.

Nettop Computer

• Very small, inexpensive desktop computer.

• Used for Internet access, email, accessing web-based applications, document processing, and audio/video playback.

• Require one-tenth the amount of power.

Workstations

• More powerful than personal computers.

• Small enough to fit on a desktop.

• Support engineering and technical users.

Servers, Mainframes, and Supercomputers

• Server: Supports multiple users to perform specific tasks.

• Mainframes: Large, powerful computers shared by many users.

  • Backward compatibility: Key feature allowing current mainframes to run software created decades ago

• Supercomputers: Designed for extensive computational capabilities.

Operating Systems (OS)

• OS Definition: Programs controlling a computer’s hardware and managing tasks.

• Kernel: Core component regulating operations.

Current Operating Systems

• Personal: Microsoft Windows, Mac OS X.

• Workgroup: Microsoft Windows Server.

• Enterprise: Linux, UNIX.

Running Multiple Operating Systems with Server Virtualization

• Server Virtualization: Logically dividing a single physical server’s resources to create multiple logical servers.

• Virtual Machine: Acts as its own dedicated machine.

Hypervisor

• A virtual server program that controls the host processor and resources, allocates the necessary resources to each virtual machine, and ensures that they do not disrupt each other.

Virtualization Benefits

• Improving hardware utilization by logically dividing the resources of a physical server.

Software Overview

• Proprietary Software: Tailored for specific organizations.

• Off-the-shelf Software: Common solutions for general needs.

Software as a Service (SaaS)

• Delivery through third-party hosting and accessible via the Internet.

Workgroup Application Software

• Workgroup Application Software: Designed to support teamwork regardless of team members' location.

• Web-based Software: Ideal for group use.

• Personal Application Software: Can extend into the workgroup application arena.

Enterprise Application Software

• Enterprise Application: Software for organization-wide business needs that shares data with other enterprise applications used within the organization.

• Major Considerations When Selecting Enterprise Software:

  • Total cost.

  • Ease of installation.

  • Level of training and support required.

  • Integration with other enterprise applications.

Software Licenses

• End User License Agreement (EULA): A legal agreement between the software manufacturer and the user of the software that stipulates the terms of usage.

• Three Primary Types of End User Licenses:

  • Single-user license.

  • Individual/multiuser licenses.

  • Network/multiuser licenses.

Open-Source Software

• Typically free and supports modifications.

• Examples include Linux, Apache HTTP Server, and MySQL.

Chapter 7: Networks: An Interconnected World

Network Topology

• Star Network: Central hub connects devices.

• Bus Network: Devices on a shared backbone.

• Mesh Network: Multiple access points connecting devices.

Network Types

• PAN: Personal Area Network.

• LAN: Local Area Network.

• MAN: Metropolitan Area Network.

• WAN: Wide Area Network.

Communications Media

• Twisted-pair wire: Widely available, limited speed.

• Coaxial cable: Cleaner data transmission.

• Fiber-optic cable: High speed and low distortion.

Wireless Transmission

• NFC: Very short-range technology.

• Bluetooth: Short-range device connectivity.

• Wi-Fi: Wireless networking standard.

How the Internet Works

• IP Address: Unique identifier for computers. 32-bit number

• MAC Address: Hardware identification.

• Network Interface Card (NIC): Circuit board or card installed into a hardware device. Specific MAC address is “burned” into a NIC’s read-only memory (ROM)

• Network Hardware

  • Switch

    • Maintains a log of the MAC addresses of all connected devices.

    • Identifies the port to which a frame of data should be sent.

  • Router

    • Routes data packets to external networks until they reach their final destination.

  • Routing

    • Employs dynamic routing to transport packets.

    • Packets may arrive at the destination device in a different order than they were sent.

How the World Wide Web Works

• The Internet

  • The framework that supports the Web, comprising computers, network hardware, software, communication media, and TCP/IP protocols.

• The World Wide Web (Web)

  • A combination of server and client software, the hypertext transfer protocol (HTTP), standards, and markup languages.

  • All elements work together to provide information

Client/Server Architecture

• Client/Server Model: Many clients request services from servers.

• Domain Name System (DNS): Maps website names to IP addresses.

• Uniform Resource Locator (URL): Web address specifying the exact location of a Web page using letters and words that map to an IP address and a location on the host

Internet Applications

• Search Engines: Facilitate web information retrieval.

• Intranets vs. Extranets: Secure internal vs. business partner networks.

• Virtual private network (VPN): Secure connection between two Internet points, Encapsulates traffic using IP packets, Sends packets over the Internet

Chapter 2: Secure Information Systems

Perpetrators of Cyberattacks

• Careless insider: Unintentionally causes security breaches.

• Cybercriminals: Aim for financial gain through hacking.

• Hacktivists: Promote political ideologies through cyber means.

• Malicious employees: An insider who deliberately attempts to gain access to and/or disrupt a company’s information systems and business operations

• Lone Wolf Attacker: An individual who maliciously breaches computer or Internet security for personal gain or illegal purposes.

• Cyberterrorist: An individual or group, often state-sponsored, that seeks to dismantle the infrastructure of governmental bodies, financial institutions, corporations, utilities, and emergency response services.

Cyberattack Vectors

• Advanced Persistent Threat: A network intrusion where an attacker infiltrates a network and remains undetected over time with the purpose of stealing data.

• Blended Threat: A sophisticated cyber threat that amalgamates characteristics of viruses, worms, Trojan horses, and other malicious software into a single payload.

• Phishing: The fraudulent utilization of email to entice recipients into revealing personal information.

• Rootkit: A collection of software that allows a user to obtain administrator-level access to a computer surreptitiously, without the consent or awareness of the user. Once in place, the attacker can gain full control over the system and can obscure the rootkit's presence from genuine administrators.

• Smishing: A form of phishing that employs text messaging.

• Social Engineering: The manipulative use of deception to persuade individuals to disclose sensitive information, thereby facilitating access to information systems or networks.

• Spam: The practice of dispatching unsolicited emails to numerous recipients.

• Trojan Horse: A malicious program disguised as a benign application; victims are often tricked into executing it under the impression that it is legitimate software.

• Virus: Malware code disguised as a legitimate item that causes a computer to malfunction in unpredictable, usually harmful ways.

• Vishing: A variant of smishing where victims receive voicemail prompting them to call a specific phone number or visit a website.

• Worm: A harmful application that operates in a computer's active memory, self-replicating and distributing copies without human assistance, typically via email.

Consequences of Cyberattacks

• Direct Impact: Value of stolen assets, business disruptions, and recovery costs.

• Reputation Damage: Loss of customer trust.

CIA Security Triad

• Confidentiality, Integrity, Availability: Components ensuring secure systems.

Implementing Security Strategies

• Risk Assessment: Identify and prioritize organizational threats.

• Authentication Methods: Use credentials for secure access.

• Encryption: Secure data communication to authorized parties only.

Authentication Methods

1. User Credentials:

   • Something You Know: This often includes passwords or PINs. It is the most common form of authentication.

   • Something You Possess: This refers to physical items such as smart cards, security tokens, or mobile devices that generate one-time codes.

   • Something You Are: This involves biometrics, such as fingerprints, facial recognition, or iris scans, which uniquely identify individuals based on physiological or behavioral characteristics.

2. Two-Factor Authentication (2FA):

   • This is an additional layer of security that requires not only a password and username but also something that only the user has on them. For example, after entering a password, a user might need to enter a code sent to their mobile device.

3. Biometric Authentication:

   • Uses unique biological traits for verification. It may involve physiological measurements (like fingerprints or facial features) or behavioral measurements (like typing patterns or voice recognition). This often requires a reference model of the unique characteristics that are stored digitally.

Implementing CIA at the Network Level

1. Encryption:

   • The process of converting plaintext (readable data) into ciphertext (encoded data) to ensure that only authorized parties can read the information.

   • An encryption key is necessary for both encrypting data into ciphertext and decrypting it back into readable plaintext.

2. Encryption Algorithms:

   • There are two types:

     • Symmetric Algorithms: The same key is used for both encryption and decryption (e.g., Advanced Encryption Standard (AES), which is widely used).

     • Asymmetric Algorithms: Uses a pair of keys, a public key for encryption and a private key for decryption.

3. Transport Layer Security (TLS):

   • A critical communications protocol that provides privacy and data integrity between applications and users on the Internet. Ensures secure data transmission.

4. Proxy Servers and Virtual Private Networks (VPN):

   • Proxy Servers: Act as intermediaries between a client's web browser and other Internet servers. They make requests to websites on behalf of clients, helping to hide user identities and improve security and access control.

   • VPN: A secure connection that allows remote users to access a network as if they were directly connected to it, thereby enabling secure access to files and resources over the internet while keeping data private and protected.