Information system: Interrelated components working together to collect, process, store, and disseminate information.
Includes a feedback mechanism to monitor and control its operation.
Used to accomplish work-related tasks and everyday living activities.
Enables the analysis of large amounts of data.
Competitive advantage:
Generates more sales.
Achieves superior profit margins.
Gained through cost leadership, differentiation, focus.
Requires considerable effort to sustain.
Managers’ key role: Identify and use information systems to gain a competitive advantage.
Used to introduce new systems into the workplace.
Aims to lower stress, encourage teamwork, and increase successful implementation.
Highlights four key components:
People: The most important element of information systems.
Technology infrastructure: Resources including hardware, software, databases, networks, facilities, and services.
Processes: Structured set of activities that take input, adds value, and creates an output.
Structure: Defines relationships between organization members, roles, responsibilities, and lines of authority.
Personal Information System: Improves productivity of individual users for stand-alone tasks.
Workgroup Information System: Enables effective collaboration among team members.
Enterprise Information System: Addresses organization-wide business needs.
Interorganizational IS: Enables sharing of information across organizational boundaries.
Definition: Managerial process to identify initiatives and projects for organizational objectives.
Recognizes that the organization and surroundings are in constant flux.
Benefits include providing a framework for decision-making and effective use of resources.
Key considerations in strategy: Long-term impacts, risks, required resources, and competitive reactions.
Cost Center/Service Provider: Inward looking and focused on controlling/reducing IS costs.
Business Partner/Business Peer: Improve IS/business partnership.
Game Changer: Use IS for competitive advantage and drive innovation.
Chief Information Officer (CIO): Achieves organization’s goals using IS department’s resources.
Software Developer: Creates and maintains applications and operating systems.
IS Security Analyst: Plans and implements security measures for systems and data.
Systems Analyst: Defines requirements for new information systems.
Programmer: Translates program design into working software.
Web Developer: Designs and manages web sites.
Business Analyst: Evaluates and solves business challenges.
Components: CPU, memory, bus, and input/output devices.
Random Access Memory (RAM): Temporary volatile storage.
Varieties: SRAM, DRAM, DDR SDRAM.
Cache Memory: High-speed memory that processors can access more rapidly than main memory.
Read-Only Memory (ROM): Nonvolatile and permanently stores data and instructions.
ROM Varieties:
Programmable read-only memory (PROM): Holds data and instructions that can never be changed.
Electrically erasable programmable read-only memory (EEPROM): User-modifiable read-only memory that can be erased and reprogrammed repeatedly through the application of higher-than-normal electrical voltage. Flash memory: A type of EEPROM that is faster and more efficient, commonly used in USB drives and SSDs.
Special-purpose computers: Used for limited applications.
General-purpose computers: Three classes include portable, nonportable, and multi-user systems.
Definition: Small enough to carry easily.
Categories:
Smartphones: Mobile devices that combine a phone and computing functionalities.
Laptops: Portable computers that provide a balance of performance and portability, suitable for a wide range of tasks.
Notebooks: Smaller and lighter than laptops, designed primarily for basic tasks.
Tablets: Touchscreen devices that offer portability and often run mobile operating systems.
Low-cost, centrally managed computers
No internal or external attached drives for data storage.
Single-user computer systems.
Highly versatile.
Provide sufficient computing power, memory, and storage for most business computing tasks.
Very small, inexpensive desktop computer.
Used for Internet access, email, accessing web-based applications, document processing, and audio/video playback.
Require one-tenth the amount of power.
More powerful than personal computers.
Small enough to fit on a desktop.
Support engineering and technical users.
Server: Supports multiple users to perform specific tasks.
Mainframes: Large, powerful computers shared by many users.
Backward compatibility: Key feature allowing current mainframes to run software created decades ago
Supercomputers: Designed for extensive computational capabilities.
OS Definition: Programs controlling a computer’s hardware and managing tasks.
Kernel: Core component regulating operations.
Personal: Microsoft Windows, Mac OS X.
Workgroup: Microsoft Windows Server.
Enterprise: Linux, UNIX.
Server Virtualization: Logically dividing a single physical server’s resources to create multiple logical servers.
Virtual Machine: Acts as its own dedicated machine.
A virtual server program that controls the host processor and resources, allocates the necessary resources to each virtual machine, and ensures that they do not disrupt each other.
Improving hardware utilization by logically dividing the resources of a physical server.
Proprietary Software: Tailored for specific organizations.
Off-the-shelf Software: Common solutions for general needs.
Delivery through third-party hosting and accessible via the Internet.
Workgroup Application Software: Designed to support teamwork regardless of team members' location.
Web-based Software: Ideal for group use.
Personal Application Software: Can extend into the workgroup application arena.
Enterprise Application: Software for organization-wide business needs that shares data with other enterprise applications used within the organization.
Major Considerations When Selecting Enterprise Software:
Total cost.
Ease of installation.
Level of training and support required.
Integration with other enterprise applications.
End User License Agreement (EULA): A legal agreement between the software manufacturer and the user of the software that stipulates the terms of usage.
Three Primary Types of End User Licenses:
Single-user license.
Individual/multiuser licenses.
Network/multiuser licenses.
Typically free and supports modifications.
Examples include Linux, Apache HTTP Server, and MySQL.
Star Network: Central hub connects devices.
Bus Network: Devices on a shared backbone.
Mesh Network: Multiple access points connecting devices.
PAN: Personal Area Network.
LAN: Local Area Network.
MAN: Metropolitan Area Network.
WAN: Wide Area Network.
Twisted-pair wire: Widely available, limited speed.
Coaxial cable: Cleaner data transmission.
Fiber-optic cable: High speed and low distortion.
NFC: Very short-range technology.
Bluetooth: Short-range device connectivity.
Wi-Fi: Wireless networking standard.
IP Address: Unique identifier for computers. 32-bit number
MAC Address: Hardware identification.
Network Interface Card (NIC): Circuit board or card installed into a hardware device. Specific MAC address is “burned” into a NIC’s read-only memory (ROM)
Network Hardware
Switch
Maintains a log of the MAC addresses of all connected devices.
Identifies the port to which a frame of data should be sent.
Router
Routes data packets to external networks until they reach their final destination.
Routing
Employs dynamic routing to transport packets.
Packets may arrive at the destination device in a different order than they were sent.
The Internet
The framework that supports the Web, comprising computers, network hardware, software, communication media, and TCP/IP protocols.
The World Wide Web (Web)
A combination of server and client software, the hypertext transfer protocol (HTTP), standards, and markup languages.
All elements work together to provide information
Client/Server Model: Many clients request services from servers.
Domain Name System (DNS): Maps website names to IP addresses.
Uniform Resource Locator (URL): Web address specifying the exact location of a Web page using letters and words that map to an IP address and a location on the host
Search Engines: Facilitate web information retrieval.
Intranets vs. Extranets: Secure internal vs. business partner networks.
Virtual private network (VPN): Secure connection between two Internet points, Encapsulates traffic using IP packets, Sends packets over the Internet
Careless insider: Unintentionally causes security breaches.
Cybercriminals: Aim for financial gain through hacking.
Hacktivists: Promote political ideologies through cyber means.
Malicious employees: An insider who deliberately attempts to gain access to and/or disrupt a company’s information systems and business operations
Lone Wolf Attacker: An individual who maliciously breaches computer or Internet security for personal gain or illegal purposes.
Cyberterrorist: An individual or group, often state-sponsored, that seeks to dismantle the infrastructure of governmental bodies, financial institutions, corporations, utilities, and emergency response services.
Advanced Persistent Threat: A network intrusion where an attacker infiltrates a network and remains undetected over time with the purpose of stealing data.
Blended Threat: A sophisticated cyber threat that amalgamates characteristics of viruses, worms, Trojan horses, and other malicious software into a single payload.
Phishing: The fraudulent utilization of email to entice recipients into revealing personal information.
Rootkit: A collection of software that allows a user to obtain administrator-level access to a computer surreptitiously, without the consent or awareness of the user. Once in place, the attacker can gain full control over the system and can obscure the rootkit's presence from genuine administrators.
Smishing: A form of phishing that employs text messaging.
Social Engineering: The manipulative use of deception to persuade individuals to disclose sensitive information, thereby facilitating access to information systems or networks.
Spam: The practice of dispatching unsolicited emails to numerous recipients.
Trojan Horse: A malicious program disguised as a benign application; victims are often tricked into executing it under the impression that it is legitimate software.
Virus: Malware code disguised as a legitimate item that causes a computer to malfunction in unpredictable, usually harmful ways.
Vishing: A variant of smishing where victims receive voicemail prompting them to call a specific phone number or visit a website.
Worm: A harmful application that operates in a computer's active memory, self-replicating and distributing copies without human assistance, typically via email.
Direct Impact: Value of stolen assets, business disruptions, and recovery costs.
Reputation Damage: Loss of customer trust.
Confidentiality, Integrity, Availability: Components ensuring secure systems.
Risk Assessment: Identify and prioritize organizational threats.
Authentication Methods: Use credentials for secure access.
Encryption: Secure data communication to authorized parties only.
User Credentials:
Something You Know: This often includes passwords or PINs. It is the most common form of authentication.
Something You Possess: This refers to physical items such as smart cards, security tokens, or mobile devices that generate one-time codes.
Something You Are: This involves biometrics, such as fingerprints, facial recognition, or iris scans, which uniquely identify individuals based on physiological or behavioral characteristics.
Two-Factor Authentication (2FA):
This is an additional layer of security that requires not only a password and username but also something that only the user has on them. For example, after entering a password, a user might need to enter a code sent to their mobile device.
Biometric Authentication:
Uses unique biological traits for verification. It may involve physiological measurements (like fingerprints or facial features) or behavioral measurements (like typing patterns or voice recognition). This often requires a reference model of the unique characteristics that are stored digitally.
Encryption:
The process of converting plaintext (readable data) into ciphertext (encoded data) to ensure that only authorized parties can read the information.
An encryption key is necessary for both encrypting data into ciphertext and decrypting it back into readable plaintext.
Encryption Algorithms:
There are two types:
Symmetric Algorithms: The same key is used for both encryption and decryption (e.g., Advanced Encryption Standard (AES), which is widely used).
Asymmetric Algorithms: Uses a pair of keys, a public key for encryption and a private key for decryption.
Transport Layer Security (TLS):
A critical communications protocol that provides privacy and data integrity between applications and users on the Internet. Ensures secure data transmission.
Proxy Servers and Virtual Private Networks (VPN):
Proxy Servers: Act as intermediaries between a client's web browser and other Internet servers. They make requests to websites on behalf of clients, helping to hide user identities and improve security and access control.
VPN: A secure connection that allows remote users to access a network as if they were directly connected to it, thereby enabling secure access to files and resources over the internet while keeping data private and protected.