Chapter 12--Information Security Management

A security threat is a challenge to the integrity of information systems that arises from one of three sources: human error and mistakes,malicious human activity,and natural events and disasters.
Pretexting occurs when someone deceives by pretending to be someone else.
Phishing-used for obtaining unauthorized data that uses pretexing via email.
Spoofing-is another term for someone pretending to be someone else.
Sniffing- is a technique for intercepting computer communications .
Drive-by sniffers- simply take computers with wireless communications through an area and search for unprotected wireless networks.
Hacking-occurs when a person gains unauthorized access to a computer system.
Usurpation-occurs when unauthorized programs invade a computer system and replace legitimate programs.
A security program has three components: senior-management involvement, safeguards of various kinds,and incident response.
A security policy has three elements: the first is a general statement of the organizations security program. The second is the issue specific-policy. The third is the system-specific policy.
Risk is the likelihood of an adverse occurrence.
Uncertainty- refers to the things we do not know that we do not know.
Technical safeguards involve the hardware and software components of an information system.
A smart card is a plastic card similar to a credit card.
Biometric authentication- uses personal physical characteristics such as fingerprints,facial features,and retinal scans to authenticate users.
Hashing is a method of mathematically manipulating the message to create a string of bits that characterize the message.
A virus is a computer program that replicates itself.
Trojan horses are viruses that masquerade as useful program or files.
Spyware programs are installed on the user's computer without the user's knowledge or permission.
Adware is similar to spyware in that it is installed without the user's permission and that it resides in the background and observes user behavior.
A botnet is a network of bots that is created and managed by the individual or organization that infected the network with the bot program.
Hardening a site means to take extraordinary measures to reduce a system's vulnerability.
A hot site is a utility company that can take over another company's processing with no forewarning.
A cold site provides computer and office space.

Chapter 11- Information Systems Management

The major function sof the information sustems department are :

• Plan the use of IS to accomplish organizational goals and strategy.
• Develop,operate,and maintain the organizations computing infrastructure
• Develop,operate,and maintain enterprise applications
  
• Protect information assets
  
• Manage outsourcing relationships

Chief information officer- is the title of the principal manger of the IS department,it varies from organization to organization.
A steering committee is a group of senior managers from the major business functions that work with the CIO to set the IS priorities and decide among major IS projects and alternatives.

There are three important task in managing the computing infrastructure:

• Create and maintain infrastructurre for end-user computing
• Create,operate,and maintain networks
• Create,operate,and maintain data centers,data warehouses,and data marts

Enterprise Application Integration-include intermediary layers of software,and possibly intermediary databases to enable the integration of disparate systems.
Data administration describes a function that pertains to all of an organization's data assets.
Data standards- are definitions,or metadata,for data items shared across the organization.
A data dictionary is a file or database that contains data definitions.
Outsourcing is the process of hiring another organization to perform a service.
Risk of outsourcing is loss of control,potential loss of intellectual capital,outsource vendor may change managementand the outsource vendor may change its pricing strategy over time.
Cloud computing is a form of hardware/software outsourcing in which organizations offer flexible plans for customers to lease hardware and software facilities.
A legacy information system is one that has outdated technologies and techniques but is still used,despite its age.
Virtualization is the process whereby multiple operating systems share the same computer hardware,usually a server.
Green computing -is environmentally conscious computing consisting of three major components:power management,virtualization,and e-waste management.

Chapter 10-- Managing Development

Systems development- is the process of creating and maintaining information systems.
Brooke's Law- adding more people to a late project make the project later.
Systems development life cycle(SDLC)- is the classic process used to develop information systems
Phases: 1. System definition 2. Requirements analysis 3. Component design 4. Implementation 5. System Maintenance
Feasibility has four dimensions:cost,schedule,technical,and organizational feasibility.
Systems analysts are IS professionals who understand both business and technology.
A test plan consists of sequences of actions that users will take when using the new system
Product quality assurance-construct the test plan with the advice and assistance of users.
Beta testing-process of allowing future system users to try out the new system on their own.
System conversion converting business activity from the old system to the new.
Pilot installation- organization implements the entire system on a limited portion of the business.
Phased installation-new system is installed in phases across the organization.
Parallel installation-new system runs in parallel with the old one until the new system is tested and fully operational.
Plunge installation- organization shuts off the old system and starts the new system.
Projects that spend so much time documenting requirements are sometimes said to be in analysis paralysis.
Trade-offs are balancing of three critical drivers,requirements,cost,and time.
Diseconomies of scale-situation that occurs when adding more resources creates inefficiencies,such as those that occur when adding more people to a late project.
Work-breakdown structure- is a hierarchy of the tasks required to complete a project.
Critical path is the sequence of activities that determine the earliest date by which the project can be completed.
Critical path analysis- is the process by which project managers compress the schedule by moving resources,typically people,from noncritical path tasks onto critical path tasks.
A function point is simply a feature or function of the new program.
The challenges of managing IS development projects arise from four different factors. 1. coordination2. diseconomies of scale 3. configuration control 4. unexpected events
Configuration control refers to a set of management policies,practices,and tools that developers uses to maintain control over the project's resources.
Requirements creep- the process by which users agree to one set of requirements,then add a bit more,then add a bit more,and so forth.

Chapter 9--Business Intelligence

Business Intelligence- information containing patterns,relationships,and trends
Business Intelligence system-an information system that employs business intelligence tools to produce and deliver information.
Business intelligence tool-is one or more computer programs that implement a particular BI technique.
Reporting tools-programs that read data from a variety of sources,process that data,format it into a structured reports,and deliver those reports to the user who need them.
Data mining-tools-process data using statistical techniques,many of which are sophisticated and mathematically complex.
Knowledge-management tools-are used to store employee knowledge and to make that knowledge available t0 employees,customers,vendors,auditors, and others who need it.
A business intelligence application-is the use of a tool on a particular type of data for a particular purpose.
A reporting application- is a BI application that inputs data from one or more sources and applies a reporting tool to that data to produce information
Reporting tools produce information from data using five basic operations: sorting,grouping,calculating,filtering,formatting
RFM analysis is a technique readily implemented using reporting tools is used to analyze and rank customers according to their purchasing patterns
Online analytical processing- a second type of reporting tool is more generic than RFM.
Unsupervised data mining- analysts do not create a model or hypothesis before running the analysis.
A decision tree is a hierarchical arrangement of criteria that predict a classification or a value.
To address these problems,many organizations choose to extract operational data into facilities called data warehouse and data marts.
Curse of dimensionality-the more attributes there are the easier its is to build a model that fits the sample data but that is worthless as a predictor.
Knowledge management is the process of creating value from intellectual capital and sharing that knowledge with employees,managers ,suppliers,customers,and others who need it.
Real simple syndication is a standard for subscribing to content sources.
Expert Systems- attempt to capture human expertise and put it into a format that can be used non experts.
A business intelligence application server- delivers those results in a variety of formats to devices for consumption by BI users.
Portal servers- are like web servers except that they have a customizable user interface.

Chapter 8-- E-Commerce and Web 2.0

E-commerce is the buying and selling of goods and services over public and private computer networks.
Merchant companies take title to the goods they sell. They buy goods and resell the,.
Non-merchant companies arrange for the purchase and sale of goods without ever owning or taking title to those goods.
Business-to-consumer e-commerce(B2C) concerns sales between supplier and a retail customer(the consumer).
Business-to-business e-commerce(B2B)- refers to sales between companies.
Business-to government e-commerce(B2G) refers to sales between companies and governmental organizations.
E-commerce auctions match buyers and sellers by using an e-commerce version of a standard auction.
Clearinghouses- Provides goods and services at a stated price and arrange for the delivery of the goods, but they never take title.
Electronic exchange- matches buyers and sellers; the business process is similar to that of a stock exchange.
Disintermediation-is the elimination of middle layers of distributors and suppliers.
Price Elasticity measures the amount that demand rises or falls with changes in price.
Companies need to consider the following economic factors:
1. Channel Conflict
2.Price Conflict
3.Logistics expense
4. Customer-Service expense
Hypertext transfer protocol(HTTP)-communication between the user and server computers
A webpage is a document coded in one of the standard page markup languages, that is transmitted using HTTP.
Web servers- are programs that run on a server tier computer and that manage Http traffic by sending and receiving web pages to and from clients.
A browser is a computer program on the client computer that processes web pages.
A commerce server is an application program that runs on a server tier computer.
Hypertext Markup Language(HTML)- is the most common language for defining the structure and layout of web pages.
An HTML tag is a notation used to define a data element for display or other purposes.
Hyperlinks are pointers to other web pages.
Attribute- is a variable used to provide properties about a tag.
A supply chain is a network of organizations and facilities that transforms raw materials into products delivered to customers.
Supply chain profitability is the difference between the sum of the revenue generated by the supply chain and the sum of the costs that all organizations in the supply chain incur to obtain that revenue.
Bullwhip effect is a phenomenon in which the variability in the size and timing of order increases at each stage up the supply chain,from customer to supplier.
Web 2.0-refers to a loose grouping of capabilities,technologies,business models, and philosophies.
Beta program- is a pre-lease version of software that is used for testing;it becomes obsolete when the final version is released.
In a social networking group is an association of SN members related to a particular topic,event,activity, or other collective interest.
A social networking application-is a computer program that interacts with and processes information in a social network.
Crowdsourcing- is the process by which organizations involve their users in the design and marketing of their products.

Chapter 7--Business Process Management

Business Process Management(BPM) - systematic process of creating,assessing,and altering business processes.
As-is Model- documents the current situation and then change that model to make adjustments necessary to solve process problems.
Functional Processes-involve activities with a single department or function
Islands of automation- work in isolation from one another.
Cross-functional processes- involve activities among several or even many,business departments.
Object Management Group(OMG)- created a standard set of terms and graphical notations for documenting business processes.
Process designers can increase the performance of a business process in three fundamental ways:
1. they can add or remove resources to a given process without changing.
2. designers can change the structure of a process without changing resource allocations
3. Designers can do both.
A functional application is a computer program that supports or possibly automates the major activities in a functional process.
Operations applications are especially prominent for non-manufacturers such as distributors.wholesalers, and retailers.
Order-entry application obtains customer contact and shipping data,verifies customer credit,validates payment method, and enter the order into a queue for processing.
Order-management applications track the order through the fulfillment process,arrange for and schedule shipping,and process expectations.
Inventory applications support inventory control and inventory management.
Manufacturing planning applications help businesses allocate inventory and equipment to manufacturing processes.
A bill of materials(BOM) is a list of the materials that comprise a product.
Materials requirements planning- an application that plans the need for materials and inventories of materials used in the manufacturing process.
Manufacturing resource planning- a follow-up to MRP that includes the planning of materials,personnel,and machinery.
A customer relationship management is a cross-functional application that tracks all interactions with the customer from prospect through follow-up service and support.
Customer life cycle: marketing,customer acquisition,relationship management, and loss/churn.
Service is a repeatable task that a business needs to perform.
Encapsulation places the logic in one place,which is exceedingly desirable.

Chapter 6--Data Communication

A computer network is a collection of computers that communicate with one another over transmission lines or wireless.
A local area network(LAN)- connects computers that reside in a single geographic location on the premises of the company that operates the LAN.
Wide area networks(WANs)- connect computers at different geographic locations.
An internet is a network of networks. The most famous internet is "the Internet"... which is the collection of networks that you can use send email or access a web site.
A protocol is a set of rules that two communicating devices follow. A switch is a special-purpose computer that receives and transmits messages on LAN.
Network interface card(NIC)- connects the devices circuitry to the cable. The computers, printers,switches,and other devices on LAN are connected using one of two media.
Connections between switches can use UTP cable, but if they carry a lot of traffic or are far apart UTP cable may be replaced by Optic fiber cables.
Bluetooth is designed for transmitting data over short distances, replacing cables.
Internet Service Provider(ISP)- three important functions:
1. provides you with legitimate Internet address
2. Serves as a gateway to the Internet
3. Pay for the internet.
DSL(Digital Subscriber Line)- operates on the same lines as voice telephones, but they operate so that their signals do not interfere with voice telephone service.
Cable modems provide high-speed data transmission using cable television lines
Narrowband lines typically have transmission speeds less than 56kbps. Broadband lines have speeds in excess of 256kbps.
A router is a special-purpose computer that moves network traffic from one node on a network to another.
Public switched data network(PSDN) network of computers and leased lines that is developed and maintained by a vendor that leases time on the network to other organizations.
A virtual private network(VPN) uses the internet to create the appearance of private point-to-point connections.
Tunnel- is a virtual, private pathway over a public or shared network from the VPN client to the VPN server.
Key-number used to encrypt the data.
Symmetric encryption-same key is used to encode and to decode
Asymmetric encryption-different keys are used
Firewall- a computing device that prevents unauthorized network access.
Packet-filtering firewall- examines each part of a message and determines whether to let that part pass.
Access control list(ACL)- encodes the rules stating which addresses are to be allowed and which are to be prohibited.
Presence- term that means you'll know who is on the system.