BTE EXAM #2
Popular in Fundamentals of Business Technology and Innovation
Popular in Information System
This 20 page Study Guide was uploaded by Alyssa Rothfeld on Tuesday March 1, 2016. The Study Guide belongs to BTE 210 at University of Miami taught by Geraldine Perez in Spring 2016. Since its upload, it has received 216 views. For similar materials see Fundamentals of Business Technology and Innovation in Information System at University of Miami.
Reviews for BTE EXAM #2
Report this Material
What is Karma?
Karma is the currency of StudySoup.
You can buy or earn more Karma at anytime and redeem it for class notes, study guides, flashcards, and more!
Date Created: 03/01/16
Alyssa Rothfeld 03/01/2015 BTE EXAM #2 (chapters 4,7,8,9 & 2 cases) Ch. 4: INFORMATION SECURITY 4.1 Introduction to Information Systems Security–degree of protection against criminal activity, danger, and/or loss Information Security–protecting organization’s information resources from unauthorized access, use ,disclosure, disruption, modification or destruction Threat–any danger to which a system may be exposed Exposure– the harm, loss, or damage that can result if a threat compromise that resource Vulnerability–the possibility that the system will suffer harm by a threat 5 Factors Contributing to Vulnerability 1. Today’s interconnected, interdependent wireless networked business environment 2. Smaller, faster, cheaper computers and storage devices 3. Decreasing skills necessary to be a hacker 4. International organized crime taking over cybercrime 5. Lack of management support 4.2 Unintentional Threats to Information Systems Human Errors: Human Resources and Information Systems departments are where the most mishaps happen ● people are careless with their laptops (leaving them open) and portable devices, susceptible to hackers ● opening questionable emails and careless internet surfing ● poor password selection and using unmanaged devices ● higher level employees + greater access privilegegreater threat ● carelessness with discarded equipment Social Engineering: attackers use social skills to trick a legitimate employee into providing confidential company information such as passwords. (e.g., a hacker could dress as the janitor and slip into an area meant for only specific people or they could impersonate themselves online and get another employee to send them confidential info) ● Techniques: tailgating, shoulder surfing, facebook befriending 4.3 Deliberate Threats to Information Systems Espionage or Trespass– individual attempts to gain illegal access to organizational information ● Competitive Intelligence: legal information gathering ● Industrial Espionage: crosses the legal boundaries (e.g.,the case where SONY had all of their material stolen and the hacker wanted money to give them the information back) Information Extortionattacker demands payment for returning stolen info ● Ransomware Sabotage or Vandalism–occurs when an intruder maliciously alters a Web page by inserting or substituting provocative and frequently offending data Theft of Equipment or Informationmaller equipment is easier to steal but larger storage means more information lost ● Dumpster Diving: rummaging through trash to find discarded information Identity Theftdeliberate assumption of another person’s identity to access financial information or to frame another person for a crime using these techniques: 1. Phishing: impersonating a trusted organization in an electronic communication (eg., on Facebook people will create fake files that look and seem like you, but it’s not, in order to gain information about you and your friends) 2. Stealing from databases 3. Dumpster diving Intellectual Propertcreated by individuals or corporations 1. Trade secret:company secret, not public info 2. Patent: protect an invention or process for 20 years 3. Copyright: protects ownership of property for the life of the creator plus 70 years **Software Piracy: the warehouse in Bangkok that sells stolen softwares for $5** Software Attacks 1. Remote Attack Needing User Action ○ Virus:ttach to a host computer ○ Worm: can spread itself ○ Phishing Attack: an attack that uses deception to fraudulently acquire sensitive personal info by masquerading as an officiallooking email ○ Spear Phishing Attack:hishing attack on specific target 2. Remote Attack Without User Action ○ Denial of Service Attack (DoSbombarding and crashing a target computer with bogus request ○ Distributed DoS Attac uses hacked computers(zombies)to perform DoS attack Botnet–network of computers that have been compromised by and under control of a hacker who is callebotmaster 3. Attacks By Programmers ○ Trojan Horse: a software program containing a hidden function that presents a security risk disguised as an innocent program ○ Back Door or Trapdoor: allows unauthorized access to the program or system, bypassing security measures ○ Logic Bomb: segments of computer code embedded within an organization’s existing computer programs. activates at a certain date and time Alien Software/Pestware: programs installed on a computer without user’s consent or knowledge. Uses up valuable system resource and may report user activities back to creator 1. Adware : display popup advertisements on computer screens 2. Spyware : collects personal information about users without their content ○ Keystroke loggers: record keystrokes and web browsing history ○ Screen scrapers:record a continuous movie of activities on screen 3.pamware: create a launchpad for sending out spam emails 4 Cookies: small files stored on computer containing information about visited websites. *tracking cookies* Supervisory Control and Data Acquisition (SCADA) Attacks– SCADA systems control chemical, physical or transport processes. (e.g., sewage treatment plants) Cyberterrorism and Cyberwarfare– attack via the Internet to use a target’s computer system to cause physical, realworld harm (usually to carry out a political agenda) 4.4: What Organizations Are Doing to Protect Information Resources Difficulties of Protecting Information Systems: ● 100s of potential threats exist ● computer networks located outside of organizations are hard to protect ● many crimes go undetected ● people don’t follow security measures because they are inconvenient ● hacking is free & easy ● cost of preventing hazards is high (most companies cannot afford) Risk Management– identify, control, and minimize the impact of threats Risk–probability a threat will impact information resource Risk Analysis–prioritize assets (probability * value), and compare the costs of security breach vs. cost of control Risk Mitigation– organization acts against risk, implements controls, & develops recovery plan using these 3 strategies… 1. Risk Acceptance– accept potential risk, continue operating with no controls, and absorb any damages that occur 2. Risk Limitation–limit the risk by implementing controls that minimize impact of the risk 3. Risk Transference–t ransfer risk by using other means to compensate for loss (purchase insurance) 4.5: Information Security Controls Physical Controls–prevent unauthorized individuals from gaining access to a company’s facilities (e.g., walls, fences, gates, guards, alarms) Access Controls–restrict unauthorized user access omputer resources ● Authentication proof of identity. use something the user… ○ “Is” (biometrics) ○ “Has” (ID cards) ○ “Does” (voice, signature) ○ “Knows” (password passphrase) ● Authorization– permission to do certain activities Communication Controls– protect the movement ofdata across networks ● Firewalls enforces access control policy to prevent certain information from moving between untrusted and private networks ● AntiMalware Systems (AV): identify and eliminate malicious software ● Whitelisting allows acceptable software to run ● Blacklistingallows everything to run, unless it’s on the blacklist ● Encryption:converting an original message into a form that can only be read by the intended receiver ○ Public Key Encryption/Asymmetric Encryption– a type of encryption that uses 2 different keys, (a public key & a private key) ● Digital Certificat: electronic document attached to a file certifying that this file is from the organization it claims to be from and has not been modified from its original format context ● Virtual Private Networking (VPN) using logins and encryption to establish secure, private connection on a public network (the interntunnelprocess that encrypts each data packet to be sent and places each encrypted packet inside another packetfrom your organization's intranet to business partners. the intranet encrypts each data packet to be sent and places each encrypted packet inside another packet ● Secure Socket Layer (Transport Layer Security–TSL): n encryption standard for secure transactions such as credit card purchases and online banking ● Employee Monitoring Systems: monitor employee’s computers, email, and Internet activities (e.g., spectorsoft, websense) Healthcare Industry Study– business risk themes include loss of IP and the potential for inadequate care ● Threats (activists, malicious collaborators/partners, hackers, unintentional and malicious insider) →Information Risk Themes (loss of sensitive clinical trial info, loss of patient and employee sensitive info, internet distributed denial of service, stolen corporate sensitive info, integrity of manuf. operations) → Potential Impact (financial loss, brand damage, competitive disadvantage, noncompliance with regulations, loss of market share, operational impairment) ● Security incidents connected to current employees are the highest level in years Business Continuity Planning–purpose is to provide guidance to people who keep the business operating after a disaster occurs Business Continuity– the chain of events linking planning to protection and to recovery ● Hot Site a fully configured computer facility with all services, communication links, and physical plant operations ● Warm Site– has similar services and options as the hot site, may not include actual applications the company runs ● Cold Site–provides physical location and utilities without computer hardware or user workstations Information Systems Auditing– examination of information systems including inputs, outputs, and processing to ensure that they work properly Types of Auditors/Audits: ● Internal Auditor–part of accounting internal auditing ● External Auditors–review internal audit results and perform independent information systems audit How is Auditing Executed? ● Auditing around the computer: verify processing by checking for known outputs or specific inputs. bset used in systems with limited outputs ● Auditing through the computer: inputs, outputs and processing are checked. auditors review program logic and tests data ● Auditing with the computer: use a combination of client data, auditor software, and client and auditor hardware Other Terms: Certificate Authorit–3rd party that acts as a trusted intermediary between computers (and companies) by issuing digital certificates and verifying the worth and integrity of the certificates Demilitarized Zone (DMZ)– separate organizational LAN that is located b/w an organization’s internal network and external network (usually the internet) Distributed Denial of Service Attack (DDoS)–a denial of service attack that sends a flood of data packets from many compromised computers simultaneously Least Privilege–principle that users be granted the privilege for some activity only if there is a justifiable need to grant this authorization Worms –destructive programs that replicate themselves without requiring another program to provide a safe environment for replication Chapter 7: EBusiness and ECommerce Brick and Mortar–physical store Clicks and Mortar–mix of physical and digital, conducts ecommerce activity (e.g.,ordering a physical book from U Miami Bookstore) Virtual Organizations (pure play)all dimensions are digital, no physical presence Types of Ecommerce ● B2C–business to consumer, sellers are organizations and the buyers are individuals (e.g., amazon) ● B2B–business to business, both sellers and buyers are business organizations (CISCO youtube) large than b2c by volume ● C2C–consumer to consumer (e.g., craigslist, threadflip) ● B2E–business to employee, uses ecommerce internally to provide information and services to its employees (e.g., conduct training, buy discounted insurance and tickets) ● EGovernment– government to citizen G2C and governmenttobusiness G2B. use of internet to deliver info about public services to citizens, business partners, and suppliers ● Mobile Commerce (mCommerce)–ecommerce conducted in a wireless environment (e.g., iTunes) ● Major Ecommerce Mechanisms –mechanism through which businesses and customers can buy and sell on the internet Electronic Catalogs–backbone of most ecommerce sites, include product database, directory, search and presentation capabilities Electronic Auctions–auctions can be conducted from the seller’s site, the buyer’s site, or a third party’s site ● Forward Auctions– sellers place items at site for auction and buyers bid continuously (eg., Ebay) ● Reverse Auctions –buyer posts a request for quotation (RFQ) with info on desired purchase. suppliers study RFQ and submits bids electronically Estorefronts–a website that represents a single store Emalls–collection of individual shops under one internet address (associated with b2c e commerce) (e.g., Etsy) Emarketplace– central, virtual market space on Web where many buyers and many sellers can conduct ecommerce and ebusiness activities (associated with b2b ecommerce) Electronic Payment Mechanisms– Enable buyers to pay for goods and services 1. Electronic Checks –primarily used in B2B, need to establish an account at a bank institution to use this 2. Electronic Cards–virtual credit cards, storedvalue money cards 3. Digital Wallets–application used for making financial transactions 4. PersontoPerson Payments (e.g., Venmo) Ecommerce ● Benefits–national and international markets are more accessible, processing & distributing processes are lowered, can access numerous amounts of services/products 24/7 ● Limitations–ack of universally accepted security standards, telecomm bandwidth is insufficient in less developed countries– and accessing the web is expensive for them. people think it's’ unsecure, unresolved legal issues, privacy issues with tracking and sharing person info, eliminates the need for some company’s employees Cybersquatting –register domain names in the hope of selling them later at higher price Advertising–practice of disseminating information in an attempt to influence a buyer–seller transaction ● PopUnder Ad–an ad that is automatically launched by some trigger and appears underneath the active window ● PopUp Ad–an ad that is automatically launched by some trigger and appears in front of the active window ● Permission Marketing–ethod of marketing that asks consumers to give their permission to voluntarily accept online ads and email ● Viral Marketingonline word of mouth Banner–electronic billboard which typically contain a short text or graphicalmessage to promote a product or vendor Business Model–method by which a company generates revenue to sustain itself BuySide Marketplace–B2B model in which organizations buy needed products or services from other organization electronically, often through a reverse auction Channel Conflic–alienation of existing distributors when a company decides to sell to customers directly online Disintermediatio–elimination of intermediaries in electronic commerce Electronic Storefro–website of a single company with its own Internet address, at which orders can be placed EProcurement– using electronic support. uses reverse auctions, particularly group purchasing ● Group Purchasing–aggregation of purchasing from many buyers so that a volume discount can be obtained Public Exchanges–e marketplace which there are many sellers and many buyers and entry is open to all, frequently owned and operated by a third party Smart Cards–cards that contain a microprocessor (chip) which enables the card to store a considerable amount of info including stored funds and to conduct processing StoredValue Money Cardsa form of e cash on which a fixed amount of prepaid money is stored; amount reduced each time card is used Chapter 8: Wireless, Mobile Computing, and Mobile Commerce 8.1 Wireless Technologienot all wireless networks are mobile) ● 1922: radio telephone in Chicago 940s WW2, intercepting the German’s radio frequency to see their plans959: commercial model, telephone in cars→→ 1972 portable with battery phone983: the brick phone. very little memory to save phone #s→→1997:first “smartphone” there’s a stylus pen and applications. very expensive $700$1,000 device. for large companies to be more efficient not everyday communications006:“Simple” the flip phones and Samsungs everyone had. data was being captured→008: iPhones woo 3 Wireless Advantages ● small enough to carry or wear ● sufficient computing power to perform productive activities ● communicate wirelessly with internet and other devices 1 Disadvantage for Businesses ● workers can capture and transmit sensitive proprietary info Wireless Transmission Media Wireless Mediatransmit signals without wires Major Types ● Microwave–high volume, long distance, point to point communication ○ (+) high bandwidth, inexpensive ○ () must have unobstructed line of sight, environment interference ● Satellite– ○ (+) high bandwidth large coverage ○ () expensive, unobstructed line of sight, signals have delays, use encryption for security ● Radio ○ (+) high bandwidth, signals pass through walls, inexpensive and easy to install ○ () electrical interference programs, can have snooping unless encrypted ● Infrared ○ (+) low to medium bandwidth and short distance ○ () unobstructed line of sight GPS–wireless system utilizes satellites to enable users to determine their position on earth. supported by 24 MEO satellites. uses of gps. 3 additional GPS systems (GLONASS, Galileo, Beidou) 8.2 Wireless Computer Networks & Internet Access Short Range: 100 ft or less ● Bluetooth: link up to eight device within a 30 ft area, used in PANs transmit up to 2.1 mbps. chip technology that enables shortrange connection (data and voice) b/w wireless devices ● UltraWideband: highbandwidth wireless technology with transmission speeds in excess of 100 mbps; faster streaming data and imaging (e.g., healthcare remote monitoring of at home patients) ● NearField Communications: shortest range of any wireless network . embedded in mobile devices such as cell phones and credit cards Medium Range Wireless Network ● WIFI ○ WLAN ○ Wifi Direct organizations can use this with peers up to 800 feet. peer to peer com ○ Mifi–permanent wifi spot wherever you go ○ Super Wifi–creates long distance wireless internet connections. uses “white space” between broadcast TV channels ● Wireless Mesh Networks– use multiple Wifi access points to create a wide area network (e.g., U Miami has many wireless networks that makeup this mesh) WideArea Wireless Networks– connect users to each other and to the internet over geographically dispersed distances ● Cellular Radi: two way comm. over a cellular network of base situations ● Cells–adjacent geographic areas where cell phone communicates with radio antennas, or towers ● Antenna– middleman for passing info from local cell to the destination cell First generation (1G)–cellular networks used analog signals and had low bandwidth (capacity). Second generation (2G) uses digital signals primarily for voice communication; it provides data communication up to 10 Kbps. 2.5G uses digital signals and provides voice and data communication up to 144 Kbps. Third generation (3G) uses digital signals and can transmit voice and data up to 384 Kbps when the device is moving at a walking pace, 128 Kbps when it is moving in a car, and up to 2 Mbps when it is in a fixed location. 3G supports video, Web browsing, and instant messaging. Fourth generation (4G) is not one defined technology or standard. expected to provide a secure allIPbased mobile broadband system to all types of mobile devices. Many of the current “4G” offerings do not meet the ITU specified speeds, but they call their service 4G nonetheless. Longterm evolution (LTE) is a wireless broadband technology designed to support roam ing Internet access via smartphones and handheld devices. approximately 10 times faster than 3G networks. XLTE (advanced LTE) is designed to handle network congestion when too many people in one area try to access an LTE network. XLTE is designed to provide all users with no decrease in bandwidth. Fifth generation (5G) is expected to be deployed by 2020. 5G networks are predicted to be faster and more intelligent than previous generations of cellular networks. With 5G, wear able computers (e.g., Fitbit), smartphones, tablets, and other devices with sensors that are location and contextaware will work together with apps and services that you use. 8.3 Mobile Computing and Mobile Commerce Mobile Computing –refers to a real time connection between a mobile device and other computing environments, such as the Internet or an Intranet. Two major characteristics: 1. Mobility–users can initiate a real time contact with other systems from anywhere using a mobile device 2. Broad reach –can be reached instantly a. Ubiquity–connect anywhere regardless of user's location b. Convenience and Instant Connectivity c. Personalization– info can be customized and sent to individual customers (e.g., IP address) (when you get a text from one store when you walk into a competitors its’ because they want to bribe you with coupons to leave that competitor) d. Localization of Products and Services–k nowing a user’s location helps companies advertise their products and services Mobile Commerce –electronic commerce (EC) transactions conducted in a wireless environment, especially via the Internet. What enables mcommerce ● widespread availability of mobile devices ● declining prices of wireless devices ● bandwidth improvement LocationBased Application and Services: ● Location Based Advertising–sending user specific advertising messages concerning nearby shops, malls, and restaurants to consumers’ wireless devices (e.g., NAVTEG) ● Location Based Services–provide information that is specific to a given location (e.g., CMmap) Mobile Portal–aggregates and provides content and services for mobile users (e.g., Yahoo mobile) Voice Portal–voice equivalent of a Web portal, providing access to info through spoken commands and voice responses Telemetry–wireless transmission and receipt of data gathered from remote sensors (e.g., find my iphone, sync) 8.4 The Internet of Things–(IoT): system in which any object, natural or manmade, has a unique identity (own IP address) and is able to send and receive information over a network (the Internet) without human interaction. invisible “everywhere computing” embedded in objects around us (clock radio, kitchen appliances, smartphones, etc.) ● Wireless Sensor– underlying technology in the IoT. autonomous device that monitors its own condition, as well as physical and environmental conditions around it (e.g., temperature, sound, pressure, vibration, movement) can also control physical systems (opening and closing a valve and controlling the fuel mixture in your car) has processing storage and radio frequency antennas for gathering and sending information. if one sensor fails another picks up the info (examples: smarthome system which controls heating, lighting, door locks, computers, etc.) ● RFID(Radio Frequency Identification)– use tags with microchips containing data and antenna to transmit radio signals over a short distance to RFID reader ○ Active Tags–use internal batteries for power, they broadcast radio waves to a reader. contain batteries, so more expensive, can be read over greater distances. used primarily for more expensive items. ○ Passive Tags–rely entirely on readers for their power. less expensive, but they can be read only up to 20 feet so applied to less expensive merchandise. () negative: expense and the comparatively large size of the tags Barcode– UPC is made up of 12 digits batched in groups. () limitations: line of sight, pose problems in manuf. plant, warehouse, or shipping/receiving dock, identifies the manufacturer and product but not actual item, doesn't have a unique identifier QR Code –twodimensional code, readable by dedicated QR readers and camera phones. (+)improvements from traditional barcode: ● stores more info ● readable in any direction ● more damage resistant 8.5: Wireless Security Rogue Access Point –unauthorized access point to a wireless network. could be an innocent person in your organization who sets up an access point meaning no harm but fails to inform the IT department. ● Evil Twin Attack(more serious case): user connects to malicious access point where attacker could intercept confidential information. ○ Hotspot–small geographical perimeter within which a wireless access point provides service to a number of users (used in evil twin attack) War Driving–locating WLANs while driving around a city or elsewhere ● () Issue: If a WLAN has a range that extends beyond the building it is located an unauthorized might be able to intrude into the network and obtain free Internet connection/gain access to important data and other resources. Eavesdropping –efforts by unauthorized users to access data that are traveling over wireless networks RadioFrequency Jamming– person or device intentionally or unintentionally interferes with your wireless network transmissions Other Terms: Cell Phones–phones that provide two way radio communications over a cellular network of base stations with seamless handoffs Location Based Commerce –mobile commerce transactions targeted to individuals in specific locations at specific times Mobile Wallet–technology that allows users to make purchases with a single click from their mobile devices NearField Communications (NFC) – smallest of the short range wireless networks that is designed to be embedded in mobile devices such as credit cards and cell phones Personal Area network –computer network used for communication among computer devices close to one person Propagation Delay –any delay in communications from signal transmission time through a physical medium Radio Transmission –use radio wave frequencies to send data directly between transmitters and receivers Satellite Radio/Digital Radiwireless system that offers uninterrupted, near CDquality music that is beamed to your radio from satellites Satellite Transmission–wireless transmission system that uses satellites for broadcast communications Wireless–telecommunications in which electromagnetic waves carry signal b/w communicating devices Wireless Access Point –an antenna connecting a mobile device to a wired local area network Chapter 9: Social Computing Definition: Combines social behavior and information systems to create value. users rather than organizations produce control, use, and manage content via interactive communications and collaboration. human behaviors and decisions are influenced by their social context 9.1: Web 2.0 WEB 1.0– didn’t exist until web 2.0 emerged. the creation of Web sites and the commercialization of the Web. users had minimal interaction with Web 1.0 sites, they passively received information WEB 2.0– a loose collection of info technologies, apps, and websites which use them. new digital ecosystem that promotes creativity, connectivity, collaborations, convergence, and community Web 2.0 IT Tools: 1. Tagging: keyword or term that describes a piece of info (a picture, article, video clipping) allows users to place info in multiple, overlapping associations rather than in rigid categories ○ Folksonomies: user generated classifications that use tags to categorize and retrieve Web pages, photos, videos, and other Web content (tagging is the basis of this). ○ Geotagging: tagging information on maps (think of Instagram, you geotag where you were) 2.Real Simple Syndication (RSS): allows subscribers to receive customized information when they want it, without having to surf thousands of Web sites. subscribers receive a notification of the changes and information about the new content. subscribers can simply click a link to see the new content 3.Blogs (weblogs): site creator (blogger) expresses his or her feelings/opinions via series of chronological entries. personal web sites that are open to the public 4. Microblogging: form of blogging using short messages, image, or video (e.g., Twitter; useful because helps companies gather real time info and intelligence to hear feedback from consumers) 5. Wiki website made up entirely of content posted by userpromotes collaboration(e.g., Wikipedia) academias have concerns because nothing is fact checked 6. Social Network Websites: a Website that support activities for maintaining social network. creating profile page, blogging link, and media sharing. convenient connection to those with similar interests ● Social Graph–each member has one map of all relevant links or connections among the network’s members ● Social Capital– number of connections a person has within and between social networks 7. Enterprise Social Network– businessoriented social networks ● Business Oriented– LinkedIn which is owned and managed by independent company ● Corporate Social Networks– behind a firewall. meant for employees, former employees, business partners, customers. employees utilize these networks to create connections allowing virtual teams to be established, bring new employees up to speed, improve collaboration, increase employee retention by creating a community. Employees are able to interact with their coworkers on a level that is typically absent in large organizations or in situations where people work remotely. 8. Mashup– a website that takes different content from other Web sites and mixes them together to create a new kind of content (e.g., Google Maps is considered one because it can be posted on sites for selling cars, houses, anything that shows up on the images on the maps) 9.2 Fundamentals of Social Computing in Business Social Commerce: delivery of electronic commerce activities and transactions through social computing (info technology combining social behavior & information systems to create value).supports social interactions and user contri (e.g, Disney allows people to book tickets on Facebook without having to actually leave the site) ● Benefits to Customers(+)– 1. better & faster vendor responses to complaints, customers can assist other customers, 2. customer’s expectations can be met fully & quickly, 3. customers can easily search, link, chat, and buy while staying on a social network’s page ● Benefits to Businesses(+)– 1. can test new products & ideas quickly and inexpensively, 2. learn a lot about their customer, identify problems quickly & alleviate customer anger, 3. increase sales due to customers positive reviews, use low cost user generated content in marketing campaigns, 4. free ads through viral marketing, 5. identity influential brand advocates and reward them ● Risks(): 1. info concerns, 2. invasion of privacy possibly, 3. employees reluctant to participate, 4. bias quality of user generated content 9.3: Social Computing in Business (Shopping) Social Shopping–method of electronic commerce taking all of the key aspects of social networks (friends, groups, voting, comments, discussions, reviews, etc) and focuses them on shopping. helps shoppers connect with one another based on tastes, location, age, gender, and other selected attributes. Methods to Shopsocially: 1. Ratings/Reviews/Recommendations–c ollaborative; can post, see what’s posted, and interact a. Types: Customer ,Expert(from independent authoritySponsored( paid for), Conversational(converse through chat, blog discussion; yields rich data for market research) 2. Group Shopping– offer major discounts or special deals during a short time frame. closely associated with flash sales (e.g, Groupon) 3. Shopping Communities & Clubs–h ost sales for their members lasting a few days featuring luxury brands at heavily discounted prices. 37 sales per day, usually via email messages that entice club members to shop at more than 70 percent off retail—but quickly, before supplies run out. partner with luxury brands (they want to dispose of specialrun, sample, overstock, liquidation goods) exclusive, which prevents the brands’ images from being diminis(e.g.,Gilt) 4. Social Marketplaces & Direct Sales–act as online intermediaries to harness the power of social networks for introducing, buying, and selling products and services (e.g., Craigslist) 5. PeertoPeer Shopping Models–h ightech version of oldfashioned bazaars/ bartering systems. sell, buy, rent, or barter online with other individuals a. Collaborative Consumption(sharing economy)–e conomic model based on sharing, swapping, trading, or renting products and services, enabling access over ownership. result of the recession and it has an “environmentally green aspect” (encouraged by peertopeer) b. PersontoPerson Sharing– greatest concern associated is trust. have community rating systems, reputation on the line, create selfpolicing communities (e.g.,airbnb, zipcar) c. BusinesstoBusiness Sharing– (e.g., Marriott will rent out its space for other companies to use) Eopinons: ratings, reviews, and recommendations Social Marketplace: next generation in online business exchanges. it is the combination of social networking with a business platform. additionally social marketplaces have full media platforms and social news capabilities 9.4: Social Computing in Business (Marketing) Social Advertising– refers to the advertising formats that make use of the social context of the user viewing the ad. it is the first form of advertising to leverage forms of social influence such as peer pressure and friend recommendations and likes ● Viral Marketing wordofmouth advertising–lends itself especially well to social networking Market Research– social media users voluntarily provide demographics that help identify and target potential customers. merchants can easily find customers, see what they do online and learn who their friends are ● Conversational Marketing– feedback from customers provided to companies through social computing tools (e.g., blogs, wikis, online forums, and social networking sites) Conducting Market Research Using Social Networks customer sentiment expressed on sites is very valuable info for companies ● Social Intelligenc customer sentiment analytics, tracking customer activities ● Facebook for Market Research: obtain feedback from fans, testmarket your messages, use fb survey invitations ● Twitter for Market Research:onitor industryspecific keywords, solicit information from customers & interact with them ● Linkedin for Market Research:post a question regarding a topic/issue, may get better result if you go to a specific LinkedIn group 9.5: Social Computing in Business: Customer Relationship Management **Customers are more empowered than ever and their feedback is crucial to companies. Social computing is making this process better than ever for companies (able to respond quickly & efficiently)** example: Papa John’s had to fire a cashier who called an Asian woman a derogative name. the customer posted all over the internet what had happened and Papa John’s was quickly able to respond and solve the solution and send out a national apology 9.6: Social Computing in Business: HR Management Recruiting– recruiters scan social networks, blogs, and other resources to find information about potential employees. active online job seekers will be seen by recruiters. there are many passive job seekers (employed but would take a better job if one appeared) important for active and passive job seekers maintain online profiles accurately reflecting their background and skills. Finding a Job– fastest, least expensive, and most efficient method to connect employers with potential employee. locate listings for specific jobs, search keywords and phrases that you can pull from job descriptions and include in your resume, cover letters, and emails. use the language from a job description in your cover letter. benefits the employee by trying to meet company's goals Employee Development– HR managers know the best strategy to enable, encourage, and promote employee development is to build relationships. a number of HR professionals using enterprise social tools to tap into the wisdom of every employee. this connects employees to work efficiently across organizations & to collaborate on sales opportunities, campaigns, and projects. helps companies simplify workflows and capture new ideas. enabling HR managers to find subject matter experts within the organization, recommending relevant people for every project team, sales team, and other functions. then HR manager can better motivate and get employees engaged and excited about their work. employees can then be better rewarded for their expertise. Other Terms: Blogosphere– millions of blogs on the web Really Simple Syndication– technology allowing users to receive info they want, when they want, without having to surf thousands of websites CASES ON TEST (2) CH 8.4: Telemedicine at the Miami Children’s Hospital ● has highdef cameras and large monitors to enable patienttophysician and physiciantophysician communications as well as remote readings of diagnostic tests ● 3 models made; Mobile, Semi Static, and Extra Semi Static ○ Mobile–iPad app was created to act as a virtual examination room. families at home can make a $30 out of pocket appointment with physician and the physician has their own side of the app where they can ‘see who is in the waiting room’ and engage in a ncrypted video consult mostly for nonemergency symptoms (cold and sinus flu) can read & sign consent forms on the iPad as well as keep records and billing info. additionally things like blood pressure information is transferred from the instrument directly to ipad instead of having the nurse write down results ○ Semistatic–carts with videoconferencing abilities and clinical tools. $100 an hour to receive live consults at centers where physicians are able to be more mobile with the patients in the hospitals. carts are leased for $1000 not sold because they need to stay up to date with technology. ○ ExtraSemistatic– bring healthcare facilities to places like retailing areas (malls). no nurse or practitioner in person they are consulted from the kiosk over videoconference. all videos are recorded to reference back to. can be on airports and cruise ships too. intended for nonemergency patients Questions(no answers in book, you ask yourself): 1. Describe the (+) and () of the iPad mobile app for patients and (+) and () for medical carts and medical kiosks. 2. Describe the (+) and () of the iPad mobile app for Miami Children’s Hospital Chapter 9: “Youtube vs. Television” ● 1824 year olds show the most dramatic shift ● an open platform where anyone can upload content ● Youtube collects have of the revenue from all ads that run on the site ● more searches are conducted on Youtube than any other search engine ● on Youtube Creators develop shows designed to appeal to their audiences, rather than the middlemen who have traditionally purchased distribution rights to the content. ● the people making videos consider customer feedback when making new content ● interaction because of likes, comments, shares, can send videos back Questions(no answers in book, you ask yourself): 1. Describe the differences in how traditional television and YouTube provide online content to audiences. 2. If you were the CEO of a traditional television network, how would you combat YouTube? Chapter Summaries (from book) CH. 4 1. Identify 5 factors contributing to the increasing vulnerability of information resources, and provide a specific example of each one. ● Today’s interconnected, interdependent, wirelessly networked business (internet) ● smaller, faster, cheaper computers and storage devices ● decreasing skills necessary to be a hacker (information system hacking programs circulating) ● Int’l organized crime taking over cybercrime ● Lack of management support. 2. Compare and contrast human mistakes and social engineering, and provide a specific example of each one ● Human mistakes are unintentional errors. employees can make unintentional mistakes as a result of actions by an attacker (e.g., tailgating) ● Social engineering is an attack where the perpetrator uses social skills to trick or manipulate a legitimate employee into providing confidential company information (e.g., attacker calls an employee on the phone and company CEO) 3. Discuss the 10 types of deliberate attacks. ● Espionage or trespass: unauthorized individual attempts to gain illegal access to organizational information ● Information extortion: attacker threatens to steal, or actually steals information from a company and demands payment for not stealing info , for returning stolen info, or for agreeing not to disclose the information. ● Sabotage and vandalism: deliberate, involve defacing an organization’s Web site, causing image damage and confidence from customers ● Theft of equipment and info: becoming large problem b/c computing and storage devices are smaller yet more powerful with vastly increased storage, making these devices easier and more valuable to steal. ● Identity theft: taking someone’s ID to gain access to finances or frame person for crimes ● Compromises to intellectual property is a vital issue for people who make their livelihood in knowledge fields. hard when property is in digital form. ● Software attacks: malicious software penetrates an organization’s computer system. (profitdriven & Webbased) ● Alien software– software installed on your computer through duplicitous methods. use up valuable system resources (not as malicious as viruses, worms, or Trojan horses) ● SCADA System– refers to a largescale, distributed measurement and control system used to monitor or control chemical, physical, and transport processes. A attacks happen in order to cause damage to the realworld processes that the system control ● Cyberterrorism and Cyberwarfare–attackers use a target’s computer systems (particularly via the Internet) to cause physical, realworld harm or severe disruption, usually to carry out a political agenda. 4. Define 3 risk mitigation strategies, and provide an example of each one in the context of owning a home 1. Risk acceptance–accept potential risk & continues operating with no controls. absorbs any damages that occur (e.g., not insuring a home) 2. Risk limitation–limit the risk by implementing controls that minimize the impact of threats (e.g., putting in an alarm system) 3. Risk transference– transfers risk using other means to compensate for the loss (e.g., purchasing insurance) 5. Identify the three major types of controls that organizations can use to protect their information resources, and provide an example of each one. 1. Physical controls– walls,doors, fencing, etc. (more sophisticated physical controls include things like motion detectors) 2. Access controls–restrict unauthorized individuals from using information resources. (2 major functions: authentication which confirms ID and authorization which is based on least privledge) 3. Communications (network)– controls secure the movement of data across networks. (e.g.,firewalls, antimalware systems, etc.) CH 7. 1. Describe the six common types of electronic commerce. (B2C), (B2B), (C2C) , (B2E) , (G2C/G2B EC), Mobile commerce 2. Describe the various online services of businesstoconsumer (B2C) commerce, providing specific examples of each. ● Electronic banking/cyberbanking–conducting various banking activities anywhere but physical bank location ● Online securities trading– buying & selling securities over the Web ● Online job matching– promising environment for job seekers and for companies searching for hardtofind employees ● Online travel services– allow you to purchase airline tickets, reserve hotel rooms, and rent cars. sends you email messages about lowcost flights. ● Online advertising– advertising process made mediarich, dynamic, and interactive. 3. Describe the three business models for businesstobusiness electronic commerce 1. SellSide Marketplace Model– orgs. attempt to sell their products/services to other organizations from own private emarketplace. can use sell side auctions and thirdparty auction sites (to liquidate inventory) 2. BuySide Marketplace– orgs. attempt to buy needed products or services from other organizations electronically 3. Emarketplaces(public exchanges)– many sellers and buyers, open to all business organizations. frequently owned and operated by a third party. a. 3 basic types of public exchanges: vertical (connect buyers and sellers in given industry), horizontal(connects buyers and sellers across many industries), and functional(services on asneeded basis) 4. Identify the ethical and legal issues related to electronic commerce, providing examples. ● Ebusiness–threats to privacy.(a) most electronic payment systems know who the buyers are, need to protect buyers’ identities with encryption. (b) tracking individuals’ activities on the Internet by cookies ● Use of EC– eliminate the need for some of a company’s employees, brokers, and agents. can raise ethical issues regarding layoffs,retraining for new positions, how to compensate displaced workers CH 8. 1. Identify advantages and disadvantages of each of the three main types of wireless transmission media. ● Microwave Transmission–are used for highvolume(+), longdistance, lineofsight communication. ()transmission susceptible to environmental interference during severe weather ● Satellite Transmission – make use of comm. satellites, & they receive and transmit data via lineofsight. (+) enormous area reached by a satellite’s transmissions ()susceptible to environmental interference during severe weather ● Radio Transmission – use radiowave frequencies to send data directly b/w transmitters & receivers.(+) radio waves travel easily through normal office walls () adio transmissions are susceptible to snooping by people w/ similar equipment operating on same frequency 2. Explain how businesses can use shortrange, mediumrange, and longrange wireless networks, respectively. ● ShortRange–simplify the task of connecting one device to another, eliminating wires, & enabling people to move around while using devices. range of 100 feet or less. (e.g.,Bluetooth, ultrawideband, and nearfield communications) (Business Application: PLUS RealTime Location System, can locate multiple people and assets simultaneously) ● MediumRange– fast and easy Internet or intranet broadband access from public hotspots located at airports, hotels, offices, etc.(e.g.,WiFi networks) ● Wide–Area–connect users to the Internet over geographically dispersed territory. (a) cellular telephones; 2 way radio comm. over cellular network of base stations w/ seamless handoffs and (b) wireless broadband; range of up to 31 miles & data transfer rate of up to 75 Mbps. (b) WiMAX; longdistance broadband wireless access to rural areas and remote business locations. 3. Provide a specific example of how each of the five major mcommerce applications can benefit a business. ● LocationBased Services– information specific to a location. mobile user can: (1) request nearest ATM/restaurant, (2) receive traffic jam/accident alerts, (3) find a friend. marketers: can integrate the current locations and preferences of mobile users. send userspecific ads ● Mobile Financial Applications–convenient for customers to transact business any time or place (banking, wireless payments,money transfers, etc.) ● Intrabusiness Applications– companies can use nonvoice mobile services to assist in dispatch functions (assign jobs to mobile employees, along with detailed information about the job) ● Mobile Portals & Voice Portals– aggregate and deliver content in a form that will work within the limited space available on mobile devices. provide information anywhere and anytime to users ● Telemetry–wireless transmission & receipt of data gathered from remote sensors. Company technicians it to identify maintenance problems in equipment. (e.g., for remote vehicle diagnosis and preventive maintenance for cars) 4. Describe the Internet of Things and provide examples of how various organizations can utilize the Internet of Things. IoT is a system where any object (natural or manmade) has a unique ID & ability to send & receive info over Internet w/o human interaction. 5. Explain how the four major threats to wireless networks can damage a business. ● (a)Rogue Access Points; unauthorized access point to wireless network (b) War Driving; location WLANS driving around city or elsewhere (c) Eavesdropping; efforts to access data travelling over other networks (d) RFJamming; person/device unintentionally interferes w/ network transmissions CHECKPOINT Q’S (from class) 1. Online an authorization checkpoint happens before authentication checkpoint (T or F) 2. Accepting potential risk ,continue operations with no controls, and absorb any damages that occur is a strategy for risk mitigation (T or F) 3. Which is the most appropriate wireless techno for real time location of caregivers and mobile equip for healthcare providers? 4. What is the shortest range of any wireless network designed to be used with contactless credit cards? 5. Checkpoint Question Answers: (1. False; 2. True; 3. UltraWideband; 4. NearField Communications) Facts To Know ● Firewalls filter messages the same way as antimalware systems do ● GPS (supported by midrange) is a satellite based tracking system that enables user to determine a person’s position
Are you sure you want to buy this material for
You're already Subscribed!
Looks like you've already subscribed to StudySoup, you won't need to purchase another subscription to get this material. To access this material simply click 'View Full Document'