Exam Study Guide Flashcards

Management Information Systems IS 300 Spring 2026 Information Security & Technology Guide #2

Chapter 1: Case on Social Engineering

  • Social Engineering: Manipulative tactics used to trick individuals into revealing confidential information.

  • Digital Transformation: The process of using digital technologies to fundamentally change how operations and services are delivered.

  • Evolution of the IS Function:

    • Traditional: Focused on maintaining IT systems and providing technical support.

    • Consultative: Engages with business strategy, emphasizing strategic alignment with organizational goals.

  • Data vs. Information vs. Knowledge:

    • Data: Raw facts and figures without context (e.g., numbers, dates).

    • Information: Data that has been processed and organized to make it meaningful (e.g., sales reports).

    • Knowledge: Insights and understanding derived from information, allowing for decision-making (e.g., business strategies based on sales trends).

  • Types of Information Systems within the Organization:

    • Functional Area Information System (FAIS)

    • Enterprise Resource Planning (ERP)

    • Management Information Systems (MIS)

    • Decision Support Systems (DSS)

    • Executive Information Systems (EIS)

Chapter 2: BPI, BPR, BPM

  • BPI (Business Process Improvement): A methodology for improving existing processes.

  • BPR (Business Process Reengineering): A radical rethinking of business processes to achieve dramatic improvements.

  • BPM (Business Process Management): A systematic approach to managing and improving business processes.

  • Phases of BPI (Correct Order): 1. Identify processes needing improvement 2. Analyze the current process 3. Design the improved process 4. Implement changes 5. Monitor results.

  • Market Pressures: Competitive forces requiring businesses to adapt (e.g., cost pressures).

  • Technology Pressures: Rapid advancements that create new obsolescence risks and opportunities.

  • Societal, Political, and Legal Pressures: Changes in policies, regulations, and social expectations influencing business practices.

  • Globalization: The process of increasing economic integration and interdependence among countries.

  • Porter's Competitive Forces Model - Entry Barriers:

    • High capital requirements

    • Strong brand loyalty

    • Government regulations

  • Strategies companies use in Porter's Competitive Forces Model:

    • Cost Leadership: Offering products at the lowest cost.

    • Differentiation: Offering unique product features to stand out.

    • Focus Strategy: Targeting a specific market segment.

Organizational Strategy, Competitive Advantage, Ethics & Privacy

  • Porter's Value Chain Model: An analytical framework for identifying business operations contributing to competitive advantage.

  • Key Activities: Inbound logistics, operations, outbound logistics, marketing and sales, and service.

Chapter 3: Ethical Frameworks

  • Five Widely Used Ethical Standards:

    1. Utilitarian Approach: Focus on outcomes and maximizing overall happiness.

    2. Rights-Based Approach: Ensuring fundamental rights are respected.

    3. Fairness or Justice Approach: Ensuring equal treatment or justice.

    4. Common Good Approach: Emphasizing community and the public good.

    5. Virtue Ethics: Focus on developing moral character.

  • Privacy, Accuracy, Property, Accessibility Issues:

    • Privacy Issues: Concerns with data collection and consent.

    • Accuracy Issues: Importance of maintaining accurate and up-to-date information.

    • Property Issues: Ownership rights regarding data.

    • Accessibility Issues: Ensuring information is usable and available to those who need it.

  • Conflict Between Free Speech and Privacy: Identifying how the Internet can facilitate free expression but potentially compromise personal privacy.

Chapter 4 & Technology Guide #2

  • ** Social Engineering**: Techniques used to deceive individuals for sensitive information.

  • Human Errors: Mistakes leading to security vulnerabilities (e.g., phishing).

  • Supply Chain Attacks: Targeting weaknesses in an organization’s supply chain.

  • Five Key Factors Increasing Vulnerability of Systems:

    1. Increasing interconnectedness.

    2. Smaller, cheaper computing devices.

    3. Decreased skills needed for hacking.

    4. Rise of organized cybercrime.

    5. Lack of management support for security.

  • Information Security Controls:

    • Authentication: Verifying user identity.

    • Authorization: Determining user privileges.

  • Deliberate Threats to Information Systems:

    • Espionage, extortion, sabotage, identity theft, and intellectual property compromises.

  • Software Attacks Requiring User Action:

    • Viruses, worms, Trojan horses, key loggers, and ransomware.

  • Trusted Networks vs. Untrusted Networks: Trusted networks are internal while untrusted networks are external to the organization.

  • Access Control Functions: Authentication and authorization are crucial in securing systems.

  • Firewalls: Monitor and control incoming and outgoing network traffic.

  • VPNs: Create secure connections over public infrastructure.

Risk Management

  • Goal: Protecting organizational assets while managing risks.

  • Three Major Processes: 1. Risk Identification 2. Risk Assessment 3. Risk Mitigation.

Open Source Software**

  • Software available for use and modification by anyone. High-quality and flexible but may have vulnerabilities.

  • Application Software vs. Systems Software: Application software performs tasks (e.g., word processors), while systems software manages hardware-resource communication (e.g., operating systems).

  • DevOps: Combines development and operations to improve product delivery speed.

Final Review Tips

  • Focus on understanding concepts rather than memorization.

  • Create visual aids or mind maps for complex ideas.

  • Review real-world examples to illustrate theoretical concepts.