Tuesday, May 12, 2015

Chapter 4 Summary



Security:
The degree of protection against criminal activity, danger, damage and loss.



Information Security:

All the process and policies designed to protect an organization's information and information systems (IS) from unauthorized access, use, disclosure, disruption, modification or destruction. 

Threats to Information Security:

  • Today’s interconnected, interdependent, wirelessly-networked business environment
  • Smaller, faster, cheaper computers and storage devices (flash drives)
  • Decreasing skills necessary to be a computer hacker
  • International organized crime turning to cybercrime
  • Lack of management support

Unintentional Threats to Information Systems:

Human Errors:
  • Carelessness with laptops and portable computing devices
  • Opening questionable e-mails
  • Careless Internet surfing
  • Poor password selection
Social Engineering:
  • Tailgating
  • Shoulder surfing

Deliberate Threats to Information Systems:

  • Espionage or trespass
  • Information extortion
  • Sabotage or vandalism
  • Theft of equipment or information
  • Identity theft
  • Compromises to Intellectual Property (IP)
     
Alien Software:
  • Spyware
  • Spam ware
  • Cookies

Cybercrime:
  • Supervisory Control and Data Acquisition (SCADA) Attacks
  • Cyber-terrorism and Cyber-warfare

What Organizations Are Doing to Protect Information Resources:

Risk:
The probability that a threat will impact an information resource.
 
Risk management:
To identify, control and minimize the impact of threats.
 
Risk analysis:
To assess the value of each asset being protected, estimate the probability it might be compromised, and compare the probable costs of it being compromised with the cost of protecting it.
 
Risk mitigation:
Is when the organization takes concrete actions against risk. It has two functions:
  • Implement controls to prevent identified threats from occurring.
  • Develop a means of recovery should the threat become a reality.

Risk Mitigation Strategies:

Risk Acceptance:
Accept the potential risk, continue operating with no controls, and absorb any damages that occur.

Risk limitation:
Limit the risk by implementing controls that minimize the impact of threat. 
  
Risk transference:
Transfer the risk by using other means to compensate for the loss, such as purchasing insurance and having off-site backups.

Information Security Controls:

  • Controls evaluation
  • Physical controls
  • Access controls
  • Communications (network) controls
  • Application controls

Access Controls:


Authentication:
Determines/confirms the identity of the person requiring access. Include:
Something the user is:
Access controls that examine a user's physiological or behavioral characteristics
 
Biometrics 
 
Something the user has:
These access controls include regular ID cards, smart cards
 
Something the user does:
These access controls include voice and signature recognition
Something the user knows
  • Password : a private combination of characters that only the user should know
  • Passphrases: a series of characters that is longer than a password but can be memorized easily.
Authorization:
Determines which actions, rights or privileges the person has to do certain activities with information resources, based on his/her verified identity.
  • Privilege
  • Least privilege


Communication / Network Controls:

 






How Digital Certificates Work?

 
 



Information Systems Auditing:

Independent or unbiased observers task to ensure that information systems work properly. 
Audit:
Examination of information systems, their inputs, outputs and processing.
*Types of Auditors and Audits:
Internal: Performed by corporate internal auditors.External: Reviews internal audit as well as the inputs, processing and outputs of information systems.







Chapter 3 Summary

Ethics: Deal with what is right and what is wrong.                       
Code of ethic: Organization Ethical value.
  • It is a principle to guide decision making by members on the organization.
  • Connection of roles on the organization.

Ethical Frameworks:


Utilitarian Approach: Ethical Action that provide most good or least harm.
 
 Rights Approach:
Ethical Action that protect and respect the moral rights.
 
Moral Rights:
  • The right to make your own choices
  • The right to be told the truth
  • The right of privacy 
 
Fairness Approach:
Ethical Action that keep all human are equally/ fairly based on defensible standard.
 
Common good Approach:
Ethical Action that underline the relationship in all societies.
 

Fundamental Tenets of Ethics:

See this video
                                                                         
Responsibility:                                                            
Create the decision and actions by yourself.

Accountability:
Determine who is responsible for action.

Liability:
Individual that have the rights to recover damages to them by other individual/ organization or system.

Privacy: 

Privacy Issues:
Privacy: Right to be left alone and to be free of unreasonable personal intrusions.

Accuracy Issues:
Involve fidelity and accuracy of information that is collected and processed

Property Issues:  
Involve the ownership and value of information.
Accessibility Issues:
Revolve around who should have access to information and whether they should have to pay for this access.

Threats to Privacy:

  • Data aggregators
  • Digital dossiers 
  • Profiling
  • Electronic Surveillance
  • Personal Information in Databases
  • Social Networking Sites
 
NORA:                               



Protecting Privacy:

 
Privacy Codes and Policies
Opt-out Model:
Keep the permission to the company to collect the information about you.
 
Opt-in Model:
Tell the company to does not collect the information about you if you don not ask.

P3P: Is a standard to give users more control over personal information.
 
  
  
 

Chapter 7 Summary

 
E-Commerce (EC):  Is trade by the internet.          

E-business:  Is a broader definition of EC.

Brick-and-mortar:  purely physical organizations
 
Click-and-mortar:  Organizations are those that conduct some EC activities, yet their business is primarily done in the physical world [multichannneling]
 
 Pure Play:  Organizations that are engaged only in EC.

Types of E-Commerce:                                

Business-to-Consumer (B2C):
The sellers are organizations and the buyers are individuals
 
Business-to-Business (B2B):
Both the sellers and buyers are business organizations
 
Consumer-to-Consumer (C2C):
Both the sellers and buyers are individuals.
 
Business-to-Employee (B2E):  
An organization uses e-commerce internally to provide information and services to its employees.

E-Government (E-Gov.): 
The use of Internet technology to deliver information about public services to citizens (Government-to-Citizen [G2C]), business partners and suppliers (called government-to-business [G2B]) and between governments [G2G].
 
Mobile Commerce (m-commerce): 
E-commerce that is conducted using a mobile phone.
 

E-Commerce Business Models:

Online Direct Marketing:  manufacturers sell directly to customers.
 
Electronic Tendering System:  Businesses (or governments) request quotation from suppliers [uses B2B or G2B]
 E-auction :  An auction which is held over the Internet.

Name-your-own-price:  Customers decide how much they want to pay.
 
Find-the-best-price:  Customers specify a need and an intermediary compares providers and shows the lowest price.
 
Affiliate marketing: Vendors ask partners to place logos or banners on partner’s site.

Viral marketing: Receivers send information about your product to their friends.
 
Group purchasing:  Small buyers aggregate demand to get a large volume discount.
 
Product customization: Customers use the Internet to self-configure products or services.

Deep discounters: Company offers deep price discounts. Appeals to customers who consider only price in their purchasing decisions
Membership: Only members can use the services provided, including access to certain information, conducting trade.

Benefits of E-Commerce:        

      See this video  

                                                  Click here

 
 
Benefits to organizations:
  • Makes national and international markets more accessible
  • Lowering costs of processing, distributing, and retrieving information
Benefits to customers:
  • Access a vast number of products and services around the clock (24/7/365).
Benefits to Society:
  • Ability to easily and conveniently deliver information, services and products to people in cities, rural areas and developing countries.

Limitations of E-Commerce:

Technological Limitations:
  • Lack of universally accepted security standards
  • Insufficient telecommunications bandwidth
  • Expensive accessibility

Non-technological Limitations: 
  • Perception that EC is unsecure
  • Unresolved legal issues
  • Lacks a critical mass of sellers and buyers.

Business-to-Consumer B2C:           

 
Electronic retailing (E-tailing): the direct sale of products and services through the Internet
  • E-marketplace
  • E-storefront
  • E-mall/ Cybermall

 

Online Service Industries:




 
  

Business-to-Business (B2B):

In B2B e-commerce, the buyers and sellers are organizations
There are several business models for B2B applications:
  • B2B Sell-Side Marketplace
  • B2B Buy-Side Marketplace
  • Electronic Exchanges

Electronic Payments :

Implementing EC typically requires E-payment  
E-payment systems enable you to pay for goods and services electronically.
  • E-check
  • E-credit card
  • Purchasing card
  • Electronic cash


Ethical and Legal Issues:

  • Privacy:
  • Fraud on the Internet 
  • Domain Name Competition
  • Cybersquatting
  • Taxes and other Fees
  • Copyright



      

Chapter 6 Summary

 

Computer Network:                               

A system that connects computers and other devices (e.g. printers, smart phones) via communications media so that data can be transmitted among them.

Bandwidth:  Is for capacity and speed.

Broadband: Is multi signal capability.

 
Types of Computer Networks:

Local Area Networks (LAN):
connect two or more devices in limited region in the same building.
Every device can communicate with other  devices.
Trade-offs between:
  • Speed
  • Distance
  • Cost
* To connect to the LAN Network/ must we have NIC Card.
* NIC Card allows the computer to connect with LAN communication.

Network Server: Control the computers in LAN communication.
* Server give us the speed.
* Server connect all the computers.


 Wide Area Networks (WAN):
  • Will be in a large reign/ not limited.
  • Have large capacity.
  • It has a routers. ( device or modem that read the message and make a part of working).
* Example of WAN Network: Telecommunication companies and Internet.


Enterprise Networks:

Is in the organization. Example: SQU Net.
It include a complex of LAN and WAN networks.

Backbone Network: Is a speed in central network.

Networks transmit information with two types of signals:

Analog Signals: Continuous waves.                                

Have two parameters:
1- How is high
2- How is closed.

Digital Signals: Discrete pulses that are either ON or OFF , representing a series of bits (0s and 1s).

Modem:  Include moving from:
  • Digital signal to analog signal (Modulator)
  • Analog signal to Digital signal (Demodulator)      

 

See this video




Communication Media and Channels:

Link between two computers.

1.Wireline Media (Cable):
  • Twisted-Pair Wire: Transmission will be slow and very cheap.
  • Coaxial Cable: Expensive than Twisted.
  • Fiber: More expensive and very fast/ use glass for wire.
2.Wireless Media (Broadcast):
  • Microwave: Linking computer with country.
  • Satellite: Linking computers.
  • Radio: Linking computers.
  • Infrared: Data can transfer from one to another/ connect to our computer and device.

Transmission Technologies:

Digital Subscriber Line (DSL):
Is a technology that provides high speed transmission of digital data . 40 Mbps.
Asynchronous Transfer Mode (ATM):
More fast than DSL, use fiber cable and it is more expensive than DSL.

Network Protocol:

Rules of network (sharing data).
Ethernet: In local network.

Transmission Control Protocol / Internet Protocol (TCP/IP): Role for using Internet.

Packet Switching: When we have a huge message we divide it into small packets.
Each packet has number to distance. Then packet get into routes.

 
Types of Network Processing:

Distributed Processing: Divide processing between two or more computers.
Client-Server Computing: Client and server sharing their work.

Peer-to-peer (P2P) processing: Each computer act both client and server.

 
The Internet and the World Wide Web:

  • The Internet (“the Net”)
  • Internet Service Provider (ISP)
  • Addresses on the Internet
  • The Internet Corporation for Assigned Names (ICANN) 
  • The Web / World Wide Web / WWW/ W3
  • Website
  • Webpage
  • Home Page
  • Webmaster

Network Applications:

Discovery: To search and browse data source. Example: search engine.    



Communication:
  • Electronic mail (e-mail)
  • Web-based call centers 
  • Electronic chat room
  • Voice Communication
  • Unified Communications

Collaboration: Group of people work in one site.
  • Work group
  • Virtual group (team)
  • Virtual collaboration
  • Workflow technologies
  • Groupware:
  • Teleconferencing
  • Videoconference
  • Web conferencing
  •  Real-time collaboration tools.
Web services: Site that we can upload and download from it.

Telepresence Systems:

  • The latest version of videoconferencing
  • enable participants to seamlessly share data, voice, images, graphics, video, and animation electronically.

E-Learning:

learning supported by the Web.
Benefits:
  • Students have the flexibility of learning from any place at any time at their own pace.
  •  Online materials deliver high-quality, current content.
  •  Training costs can be reduced.
Drawbacks:
  • Instructors may need training to be able to teach electronically.
  • Students must be computer literate.
  • There are issues with assessing students’ work.


Telecommuting/ Teleworking:                            

Allows workers to work anytime and anyplace.
Benefits:
For employee:
  • Reduced stress, improved family life
  • Employment opportunities for single parents and persons with disabilities.
For Employers:
  •  Increased productivity
  • Ability to retain skilled employees
Drawbacks:
For employee:
  • Feelings of isolation
  • No workplace visibility
  • Potential for slower promotions
For employers:
  • Difficulties in supervising work
  • Potential information security problems
  • Additional training costs
 

 

 

Chapter 5 Summary


Difficulties in Managing Data:

  • Increase rapidly.
  • Are scattered.
  • Are come from many sources.
  • Data security quality are critical.
  • Some information systems are not communicate with each other.
  • Data Degrades overtime.
  • Data rot.
 
To solve this difficulties of data we use DBMS
- Data management system will minimize:
  • Data repeated.
  • Separate Data/ not linking data.
  • Data isolation.
  • Data inconsistency
- Data management system will maximize:
  • Safety of data/ data security.
  • Data integrity.
  • Data Independence.



 Data Hierarchy:        
 

                      See this video                      


Bit: smallest unit of data a computer can handle.

Byte: eight bits and represents a single character

Field: is a group of related characters/ the heading of the columns.

Record:  a group of logically related fields.

File: a group of related records.

Database: a group of related files.







Data model:

A diagram that represents the entities in the database and their relationships.

 
Foreign Key; A field in one table that uniquely identifies a row (record) of another table. It is used to establish and enforce a link between two tables.

 ER diagrams: consists of entities, attributes and relationships.
 
  • One-to-One [1:1]
  • One-to-Many [1:M]
  • Many-to-Many [M:M]

 


Requesting Data from a database:


Structured Query Language (SQL):
Allows users to perform complicated searches (request information) by using relatively simple statements or keywords. 

Query by Example (QBE): 
Allows users to fill out a grid or template to construct a sample or description of the data he or she wants.

Data Dictionary:


  • Defines the format necessary to enter the data into the database.
  • Provides information on each attributes. 
  • Provides information on how often the attribute should be updated . 

Normalization & Non-Normalization:

Normalization: Organize table and use the information according to the name of table. (separate)

Non-Normalization: Does not organize the table and use all the information together/ different information. (mixed)



  The profits of Normalization:           

  • Reduce redundancy.
  • Increase Data integrity.
  • Best processing.








Data warehouse:


Data is stored in one big place. Collection of current and historical data.

Benefits of data warehouse:
  • The users can access and process data on line, easily and quickly.
  • Analysis data in way that is not possible before.
  • Get the all results or report from the organization.
Problems with data warehouse:
  • very expensive to build.
  • Keep the system difficult.
  • Don not keep people to share data with other department.

Data mart:

A small data warehouse, designed for the end-user needs in a strategic business unit (SBU) or a department.

Benefits of data mart:
  • less costly than a data warehouse (around R.O. 40, 000)
  • Can be implemented more quickly (around 3 months)
  • More rapid response and easier to learn and navigate.


Knowledge management (KM):

Is a process supported by IS. (Transfer knowledge from individual knowledge to organization knowledge).
 Benefits of KM:

  • Free flow of idea.
  • better way to solving problems.
  • Achieve revenue.
  • Develop retention  rate.

KM cycle:






 

Wednesday, May 6, 2015

Chapter 2 Summary

New concepts for me:

Business Process:
a collection activities that produce a product or a service to the organization.

Business Process Reengineering (BPR):
Change of business process to become efficient and effectiveness.


Business Process management (BPM):
The technique or method that support the design, analyze, management and optimization of E-process.


Business Pressures:
The business environment is the combination of social, legal, economic, physical, and political factors that affect business activities.

There are three types of Business Pressures:   

 market pressures:
Change business from local to global/ sell and sold.
Include: The Global Economy and Strong Competition, The Changing Nature of the Workforce and
Powerful Customers.

technology pressures:
Change in technology from old to new.
Include: technological Innovation and Obsolescence and
Information Overload.

Societal pressures:
Include:
Social Responsibility, Government Regulation and Deregulation, Protection Against Attacks / Natural disaster and Ethical Issues.

Organization Responses:

Each organization want to be success by:
1- Strategic systems:
  • achieve profit.
  • better negotiate with suppliers.
  • prevent business from competitors.
2- Customer Focus:
 Search for competitors and be different from them to attract customers.

3- Make to order and mass customization:
 Mass production: create identical product.

 Mass customization: make what customer want.
                                   make customer happy.

4- E-business and E-commerce:
 B to B
 B to C
 C to C

We have first E-business then E-commerce going to work.
So, E-business and E-commerce not the same.

Competitive Advantage :

How can I make my business better than others. There are many factors to do that: Cost, Quality and Speed.

Cost Strategy: Produce with low cost.
Differentiate Strategy: Search for what you can do different than others.
Innovation Strategy: Create or produce something special.
Customer-orientation Strategy: Do anything to make customer happy.


 
Porter’s Competitive Forces Model






  • Buyer Power is very high if there is many suppliers.
  • There is substitute of product and service if there is threats.
  • There will be new entrants if there is threats.



 
  

Chapter 1 Summary



The difference between information system and information technology.

IT: Use all forms of technology to create, store, exchange and use information.
IS: Is where technology is use to produce and manage the information.


New concepts for me:

Modern Organization: Is like model/ new organization.
Digital Society: Is the place where we use technology.
Digital Firm: Is the place where company use the technology.


The difference between Data, Information and Knowledge:




See this video:                                Click here



Data: Is include Facts, Texts, number with out meaning.
Record it with out organize it.

Information: When we process the data we get information with meaning.
Record it with organization in structure.

Knowledge: when we process the information we get knowledge with more understanding.

There is two type of knowledge:

Explicit knowledge: Provide information that we can demonstrate and trans sphere.
Example, Fact machine.

Tacit knowledge: provide information that we can not trans sphere.
Example, Experience.

There is six components to develop information system:


1- Hardware
2- Software
3- Database
4- People
5- Procedures
6- Net work

The facilities of information system:

  • fast
  • accurate
  • provide communication
  • high volume
  • less expensive
  • allow quick
  • increase effectiveness and efficiency.

Types of information system:


1- IT infrastructure: Include IT components, IT personal and IT service.



IT components: The six components that develop information system.
IT personal: Personal use IT components to provide IT services.
IT service: Include data management
managing security and risk, and systems development.




2- Functional area information systems
 (FAIS): Is system of the department of the organization. Support particular functional areas entire the organization.

3- Enterprise resource planning (ERP) systems: Is used to link all the department information system.
 
4- Transaction processing systems (TPS): Is the basic of information system. Monitoring, collection, storage, and processing of data.

 
5- Interorganizational information: Used to link between two or more organizations.

6- office automation systems (OAS): Is used to develop documents, schedule resources, and communicate.

7- Business intelligence systems (BI): provides computer-based support for complex, non-routine systems.

8- Expert System: Is used to duplicate the work of human experts by applying reasoning capabilities, knowledge, and expertise within a specific domain.

9- Dashboards: Support all managers by providing rapid access to timely information and direct access to structured information in the form report.

 

* There are different types of information system in each organization. Why?
Because each system works different in different part of organization.

* The high information technology  will eliminate jobs. How?

Because If we have more technology we don't need many people.

 


 

Ergonomic:

The science of designing machines and work settings that minimize injury and illness.