New User Special Price Expires in

Let's log you in.

Sign in with Facebook


Don't have a StudySoup account? Create one here!


Create a StudySoup account

Be part of our community, it's free to join!

Sign up with Facebook


Create your account
By creating an account you agree to StudySoup's terms and conditions and privacy policy

Already have a StudySoup account? Login here


by: Karianne Lemke
Karianne Lemke
GPA 3.53

Nathan Stout

Almost Ready


These notes were just uploaded, and will be ready to view shortly.

Purchase these notes here, or revisit this page.

Either way, we'll remind you when they're ready :)

Preview These Notes for FREE

Get a free preview of these Notes, just enter your email below.

Unlock Preview
Unlock Preview

Preview these materials now for free

Why put in your email? Get access to more of this material and other relevant free materials for your school

View Preview

About this Document

Nathan Stout
Class Notes
25 ?




Popular in Course

Popular in Management Information Systems

This 21 page Class Notes was uploaded by Karianne Lemke on Monday October 26, 2015. The Class Notes belongs to MIS 2113 at University of Oklahoma taught by Nathan Stout in Fall. Since its upload, it has received 8 views. For similar materials see /class/229306/mis-2113-university-of-oklahoma in Management Information Systems at University of Oklahoma.


Reviews for Computer


Report this Material


What is Karma?


Karma is the currency of StudySoup.

You can buy or earn more Karma at anytime and redeem it for class notes, study guides, flashcards, and more!

Date Created: 10/26/15
Chapter 2 0 Business processes must work together as an integrated system 0 Business processes must obtain payment for goods and services cover costs and make a pro t 0 Business process a network of activities resources facilities and information that interact to achieve some business function 0 Business processes are integrated systems sometimes referred to as business systems 0 Examples inventory management processes manufacturing processes sales and support processes 0 3 types of business processes Management processes Operational Processes Supporting processes 0 Components of a business process 0 Activities transform resources and information of one type into resources and information of another type Follow rules and procedures Can be manual automated or combination of the two 0 Resources items of value such as customers suppliers employees distributors they are external to the organization Facilities structures used within resources places where things are produced or O stored or equipment buildings or machines Ex inventories databases 0 Information used by activities determine how to transform inputs to outputs 0 Information has many de nitions Knowledge derived from information that came from organizing data Data processed and presented in meaningful context Data processedorganized by summing ordering averaging grouping comparing or other similar operations Information is quota difference that makes a differencequot 0 Characteristics ofgood information o Accurate Correct and complete Crucial for management companies should cross check information to ensure accuracy 0 Timely must be produced in time for intended use 0 Relevant should be relevant to both the context and the subject 0 Just Barely Efficient Suf cient for purpose for which generated But do not need too much or extraneous information 0 Worth it Cost Needs to be an appropriate relationship between cost and value because information systems cost money to develop maintain and use Must be worth the cost time and money 0 Role of Information in Business Processes 0 Business processes generate information by giving context to data 0 Process gives context to data 0 May turn lowlevel information into highlevel information 0 Useful for management and strategy decisions o How Information Systems Support Business Processes 0 IS supports activities in a business process 0 Several activities may use one information system 0 Activity may have own information system 0 Activity may use several information systems 0 Systems designers determine relationship of activities to information systems 0 Relationships are determined during systems development 0 Automating a process activity 0 An Automate Process Transfers work done by people to computers means that people follow procedures instructions and computers follow software instructions 0 IS support counter sales fully automated computer communicates with another computer that host inventory database programs record sales and make changes 0 IS support payment mostly manual system because using a computer to process exceptionschanges requires expensive programming and is ineffective 0 IS support purchasing balance work between automated and manual processes because searching database is repetitive uses Automated process but Selecting suppliers is complicated use Manual process Importance of understanding business processes 0 To understand the need for business processes the importance of process design and the role that information systems play in support of such processes 0 A seemingly simple business process can be unexpectedly complex People s roles in business processes people s minds and thinking are the most important components of information systems 0 The quality ofyour thinking is a large part of the quality of the information system 0 You can dramatically improve the quality of your thinking ifyou are able to use information systems effectively A problem is a perceived difference between what is and what ought to be Egocentric vs Emphatic Thinking 0 When you enter the business world being able to discern and adapt to the perspectives and goals ofthose with whom you work will make you much more effective 0 Egocentric thinking centers on self egocentric people consider their view as the correct one o Emphatic thinking people consider their view as one possible solution take time to learn what others think Chapter Extension 3 0 Decisions in organizations occur at 3 levels 0 Operational decisions concern day to day activities include transaction processing systems TPS which are IS that support operational decision making o Managerial decisions concern the allocation and utilization of resources include management information systems MIS which support managerial decision making 0 Strategic decision concern broaderscope organizational issues involve executive information systems EIS that support strategic decision making 0 Levels of information systems 2 decision processes 0 Structured decision an understood and accepted method for making a decision Ex formula for computer the reorder quantity of an item in inventory a standard method for allocating furniture and equipment to employees 0 Unstructured decision there is no agreedon decisionmaking method Ex predicting future of stock market 0 Relationship between Decision levels and Decision Processes o Operationallevel decisions usually fairly structured and short time horizon o Midlevel control and tactical managementlevel decisions usually semistructured and medium time horizon o Strategiclevel decisions usually highly unstructured and long time horizon Automation versus Augmentation 0 Automated information systems the hardware and software components to most of the work Augmentation info systems humans do most ofthe work the IS exists to support 0 work done by people Ex Is that uses email instant messaging and videoconferencing Why does it matter 0 Goal of MIS class help you be a better consumer of IS and IT 0 Knowing type of decisions can help you determine type of information system that can help and save company millions S supports Decision steps 0 Intelligence gathering decision makers determine what is to be decided what the decision criteria will be and what data are available Alternatives formulation decision makers lay out plausible alternatives 0 0 Choice step selecting the nal decision after analyzing alternatives and original 0 Review step reviewing results of the decision may lead to another decision Chapter 3 0 Data Flow Diagrams DFDs 0 used to perform structured analysis to determine logical requirement 0 A graphical tool useful for communicating with users managers and other S personnel 0 Useful for analyzing existing as well as proposed systems 0 A relatively simple technique to learn and use DFD Don39t I BLACK HOLES I MIRACLES I Let it get too COMPLEX 7 t 2 processes I Leave things UNLABELED or have labels without meaning I Data stores that are SOURCES or quotSINKSquot I Data flows that are UNASSOCIATED with a PROCESS I Expect your diagram to be quotperfectquot the first time 0 Types of DFDs I multiple DFDs are required to represent a system I DFDs are created at increasing levels of detail context diagrams level 0 diagrams level N diagrams and primitive diagrams o SourcesSinks external entities Any class of people an organization or another system which exists outside the system you are studying 0 Form the boundaries of the system 0 The info system and external entities exchange data in the form of data flows 0 Must be named and titles are preferred to names of individuals 0 Data flows o Entities are either 39sources of39 or 39sinks39 for data input and outputs ie they are the originators or terminators for data flows 0 Data flows from Entities must flow into Processes 0 Data flows to Entities must come from Processes o Processes and Data Stores must have both input and outputs What goes in must come out 0 Inputs to Data Stores only come from Processes o Outputs from Data Stores only go to Processes o Processes o transform incoming data flows into outgoing data flows 0 represented with a bubble or rounded square or 0 Should be named with a strong verbobject combination 0 Data Stores 0 data at rest 0 represents holding areas for collection of data processes add or retrieve data from these stores 0 name using a noun do not use 39 le39 0 only processes are connected to data stores data ows are NOT 0 should show ONLY net flow of data between data store and process not the request 0 Context Diagram de nes the scope ofthe system by identifying the system boundary 0 contains I one process which represents the entire system I all sourcessinks external entities I data flows linking the process to the sources and sinks external entities Functional Decomposition iterative process of breaking the description ofa system into ner and ner detail to create a set of charts in which one process on a given chart is explained in greater detail on another chart 0 referred to as exploding partitioning or leveling 0 similar to a series of more detailed maps Entity Relation Diagrams ERD a specialized graphic that illustrates the interrelationships between entities in a database 0 Often use symbols to represent three different types of information I Boxes are commonly used to represent entities I Diamonds are normally used to represent relationships I Ovals are used to represent attributes How Organizational Strategy determines IS structure 0 Information systems exist to help organizations achieves goals and objectives 0 Goals and objectives determined by competitive strategy 0 Competitive strategy determines structures features and functions of every information system 0 Organizations examine industry structure to determine a competitive strategy 0 Strategy determines value chains and business processes Five Forces Model put forth by Michael Porter ve competitive forces determine industry profitability o Bargaining power of customers 0 Threat of substitutions o Bargaining power of suppliers 0 Threat of new entrants o Rivalry among existing rms Competitive Strategy organization chooses one of four competitive strategies to respond to structure of the industry the goals objectives culture and activities ofthe organization must be consistent with the chosen competitive strategy 0 Broad cost leadership across industry most ef cient 0 Narrow cost leadership focused on particular industry segment most ef cient o Broad differentiation across industry most effective 0 Narrow differentiation focused on particular industry segment most effective Value Chain a network of valuecreating activities with linkages between activities consists of 5 primary activities and 3 support activities 0 Primary Activities accumulates costs and adds value to the product directly I Marketing and sales inducing buyers to purchase the product and providing a means for them to do so nbound logistics receiving storing and distributing inputs to the product Operations transforming inputs into the nal product Outbound logistics collecting storing and physically distributing the product to buyers Service assisting customer s use of the product and thus maintaining and enhancing the product39s value 0 Support Activities contribute indirectly to the production sale and service of the product the value and marginnet bene t gained is often intangible Firm infrastructure general management finance accounting legal government affairs Human resources training recruiting compensation of employees Technology Research amp Development developing new techniques methods procedures Procurement nding raw materials thru vendors setting up contractual arrangements negotiating prices and ordering product spread throughout the firm 0 Linkages Interactions that occur between value activities and are Sources of ef ciencies Readily supported by information systems Often used to reduce inventory costs 0 Porter s Value Chain led to business process design BMD and is used to Create integrated crossdepartmental business systems Create new more ef cient processes rather than automating existing ones Focus is on Creating integrated activities across entire value chain Eliminating redundant processes and creating new more efficient processes 0 How do Value Chains Determine Business processes and IS 0 Each value chain is supported by one or more business processes 0 The processes and systems used must create suf cient value and more than cover their cost if not the net bene t of the systems will be negative and the company must make changes by increasing the value or reducing the costs ofthe value chain 0 IS provide competitive advantages via products and via business processes 0 Competitive advantage via product Creating m products or services Enhancing existing product or services Differentiating product or services 0 By cost 0 By quality 0 Competitive advantage via Business Processes Lock in customers 0 By creating high switching costs Lock in suppliers 0 Make it easy to connect to and work with your organization Create entry barriers 0 Make it dif cult expensive for new competitors to enter the market 0 Examples Banks package delivery services I Establish alliances 0 Establish standards with productsbrands 0 Promote product awareness I Reduce costs 0 To increase pro t margins and profitability Chapter 7 0 Business Process Management BPM the systematic process of creating assessing and altering business processes 0 Does not only involve pro tmaking organizations nonprofit and government organizations use BPM too 0 BPM has 4 stages I Create a model ofthe business process 0 Users review and adjust model 0 quotAsis model documents current process it is changed to solve process problems I Create system components Uses ve elements of IS hardware software data procedures people I Implement business process Create policy for ongoing assessment of process effectiveness 0 Adjust and repeat cycles 0 Why is Business Process Management important to organizations 0 Tasks for Processing an Order I Learn Customer Intent I Verify Credit I Remove product from inventory I Charge credit I Pack and ship item I Record transaction 0 The IS and processing an order cross departmental boundaries may even extend to other companies 0 Business processes and IS must evolve with the business to remain competitive and productive o BPM varies with the scope ofthe business process 3 kinds of scopes 0 Functional I Single department I BPM easier at this level I Creates one problem may lead to quotislands of automationquot because they work independently of one another isolated processes cannot produce productivity and efficiency o Crossfunctional I Goal Eliminatereduce isolated systems and data I Uses committees to resolve conflicts between departments 0 Interorganizational I Most dif cult to do due to companies having different managers and owners I Requires negotiation contracts litigation to resolve con icts between organizations Ways to increase process performance 0 Brute force approach add people or equipment to existing way of doing business 0 Change process structure without changing resource allocations 0 Do both Roles of IS in Business Processes 0 Implement business process activities 0 May be entirely manual using Word processorExcel automated via Internet purchases or mixed information systems Service repeatable task a business performs Ex Check space available on a river trip enroll client on a trip bill client39s credit card Service Oriented Architecture SOA standard techniques to model every activity as a service and interactions among services Enterprise Architecture EA A company s plans for building deploying using sharing the data processes and IT assets 0 Standardizes hardwaresoftware and meshes them to business strategy EA is not static it is exible and can be considered living because it is altered so much EA manages IT systems and the structure of the organization EA can I Decrease costs 000 I Increase standardization I Promote reuse of IT assets I Speed development of new systems 0 Has 3 basic components I Information Architecture encompasses 0 Backup and Recovery 0 Disaster Recovery 0 Information Security I Infrastructure Architecture must have Flexibility Scalability Reliability Availability Performance I Application Architecture includes 0 Web Services 0 Open Systems 0 Goals of EA are to reduce costimprove productivity improve customer satisfaction create competitive advantage generate growth generate new revenue stream and optimize the supply chain 0 Grid Computing Bringing together many geographically dispersed T components 0 Virtualization a framework or methodology ofdividing the resources of a computer into multiple execution environments Chapter Extension 11 0 Functional processes 0 Processes that support a single organizational function Organizational functions Accounts payable sales leadtracking customer support business processes Organization acquires functional application software and adapt it to support functional processes by creating functional information systems 0 Functionalapplication o A computer program that support or possibly automates the major activities in a functional process 0 Requires adapting functional processes 000 0 Functional process includes 0 Model of quotasisquot functional process 0 Create component I Evaluate functional applications and select one that provides closest fit 0 Implement processesapplication I Build remaining component of information system 0 Functions and Types of Sales and Marketing Applications 0 Purpose Find and transform prospects into customers and sell more product to existing customers 0 Sales systems I Obtain prospect I Turn prospect into customers I Used for managing customers 0 Marketing systems I Used for product and brand management I Used for assessing effectiveness of marketing messages advertising and promotions 0 Lead Generation Applications 0 company generates prospects send postal mailings and email and use web sites to send product information and white papers for contact information o Leadtrackingapplications o maintain customer name product interests past purchases history of contacts with customer 0 Purpose Turn prospects into customers Track leads and record customer responses and contacts Prioritize contacts Coordinate lead tracking among multiple salespeople First order turns prospect to customer and candidate for customer management 0 Customermanagementapplications 0 Obtain additional sales from existing customers 0 Maintain customer contact and orderhistory data 0 May track customer credit status 0 Product and brand management applications 0 Used to compare past sales records with projections and sales estimates These comparisons are used to assess effectiveness of promotions and sales channels 0 Used to assess desirability of product to different market segments 0 Used to manage product through lifecycles 0 Functions of Operation Applications 0 Manage finishedgoods inventory and movement of goods to customer 0 Used primarily by nonmanufacturers distributors wholesalers retailers o Principle operations applications Finishedgoods inventory management Order entry Order management Customer service 0 Functions of Manufacturing Applications 0 Facilitate production of goods 0 Manufacturing applications include Inventory applications 0 Support inventory control management and policy 0 Cover inventory control track goods and materials into out of and between inventories 0 Inventory applications help 0 Implement inventory philosophy 0 Find balance between inventory cost and item availability 0 Compute Return on Investments ROI 0 Report effectiveness of current inventory policy 0 Evaluate alternative policies by performing whatif analyses Inventorymanagement applications 0 Use past data to compute stocking levels and reorder levels and reorder quantities according to inventory policy 0 Computing inventory count and losses I Manufacturing Planning Applications 0 Bill of materials BOM 0 List of materials that comprise subassemblies to be manufactured 0 Schedule equipment people and facilities 0 May be augmented to show labor and equipment requirement I Manufacturing Scheduling Applications 0 Generate master production schedule MP5 0 Analyzes past sales to estimate future sales 0 Three philosophies of manufacturing 0 Pull manufacturing process I Products are pulled through manufacturing by demand Produced in response to signals from customers or other production processes Demand side method JIT 0 Push manufacturing process I Analyze past sales levels make estimates of future sales create master production schedule Produce and push into sales Supplyside method 0 Combined push and pull systems 0 Materials requirement planning MRP 0 Application that plans need for materials and inventories used in manufacturing process 0 Manufacturing resource planning MRP II 0 Includes planning of materials personnel machinery o Capability to perform quotwhatifquot analyses on variances in schedules raw materials availabilities personnel and other resources I Manufacturing Operations 0 Control of machinery and production processes 0 Linked to manufacturingscheduling systems 0 Inventory Policy 2 schools of thought 0 Inventories viewed as asset I Large inventories cost are justified because they minimize operations disruptions and lost sales due to outage I Increase sales by offering greater selection and availability 0 Inventories viewed as liabilities I Keep inventories small eliminate if possible I Justintime inventory policy JIT production input arrive at manufacturing site just as they are needed 0 Functions of Human Resources Applications 0 HR Functions Support I Recruitment I Compensation pensions bonuses and so on in liaison with Payroll I Training and Development I Assessment 0 Functions of Accounting Applications 0 Costaccounting applications determine marginal cost and profitability Accounts receivable includes receivables payment and collections Cash management is the process of scheduling payments and planning use of cash Financial reporting applications produce nancial statements General ledgers show asset and liabilities Account payable systems reconcile payments against purchasers Budgeting applications allocate and schedule revenues and expenses 0 Treasury applications concern management and investment 000000 0 Problems with Functional Processes 0 Data is duplicated because each functional application has its own database 0 Business processes disjointed because supporting applications separated I Difficult for activities to reconcile data and increases chances oferrors 0 Lack of integrated enterprise information o Inefficiency 0 Increased cost due to duplicated data disjointed systems limited information and inefficiencies Chapter Extension 12 0 Procedures for a Cross Functional BPM 0 Learn notation 0 Pick modeling tool 0 Document asis processes 0 Examine bottlenecks and inefficiencies and designing new processes to fix them 0 Scope may be expanded 0 Problems with Cross Functional BPM 0 Employees resist change 0 Time Consuming o Purchased Package applicationsInherent Processes Software contains inherent builtin processes that integrate activities across functional systems 0 Bene tsDisadvantages of Inherent Processes I Bene ts 0 Saves time identifying needed processes 0 Saves money 0 Reduces agony of process design 0 Enables company to quickly benefit I Disadvantages 0 May require drastic changes that disrupt operations and upset employees 0 Customer Relationship Management CRM Applications 0 Store data in single database Customerservice activities can be linked via database Tracks all interactions with customer from prospect through customer service Integrates all primary activities of value chain Supports four phases of customer life cycle I Marketing Marketing sends messages to target market I Customer Acquisition Customer prospects order and need to be supported I Relationship Management Support and resale processes increase value to existing customers I Losschurn Winback processes categorize customers according to value and attempt to win back highvalue customers 0 SalesManagement Applications 0 Support sales to existing customers 0 Prioritize by purchase history 0 Goal Ensure sales managers have information to prioritize and allocate time and effort 0 Determine cost of lost customers 000 o OrderManagement Applications 0 Allow customers to track order status and returns status 0 Track customer problems and resolutions 0 Make customer problem history available to other support representatives 0 Enterprise Resource Planning ERP Applications 0 Integrate primary value chain activities with human resources and accounting 0 Represented ultimately in crossfunctional systems I Track customers process orders manage inventory pay employees and provide general ledger payable receivables and necessary accounting functions 0 Outgrowth of MRP II o Entire organization is collection of interrelated activities and crossfunctional processes 0 Formal approach based on documented tested business models 0 Process blueprint documents each process with diagrams using standard symbols 0 Centralized database 0 Problems with ERP I Can be slow to implement I Often VERY expensive 0 Potential Benefits of ERP O O O O O O O 0 Ef cient business processes Improved customer service Reduce inventories sometimes dramatically Reduce lead times in responding to new orders or order changes Deliver goods to customers faster Customer and order data readily available Companywide data readily available for business analysis Lower costs yield higher profitability o ERP Implementation uses 3 steps 0 O 0 Determine current and ERP models Remove inconsistencies Implement the ERP Application 0 Characteristics of Enterprise Application Integration EAI Applications 0 O O O O O Connects system islands via a new layer of applications Enables existing applications to communicate and share data Provides integrated information between isolated applications Leverages existing systems leaving functional legacy applications as is but providing an integration layer over the top Enables a gradual move to ERP Has no centralized database 0 Bene ts of EAI O O O O 0 Lower cost compared to ERP Less disruptive to operations Can be targeted to selected parts of company those most inef cient Allows stepwise implementation Can lead to eventual ERP o EAI Implementation 0 0 O 0000 ea 0 O 0 Identify sources of major isolation problems Specify the scope of the EAI implementation Develop and implement selected EAI systems Assess the benefits of EAI Decide whether to stop further EAI development expand EAI efforls or switch to ERP listic Near Future Role of BPM in CrossFunctional Processes within Businesses Most organizations will adopt BPM in principle Endorse overarching concept of four stages of BPM cycle Will not embark on a project to model all of their processes but will redesign process as problems occur using BPM principles Q Will likely accept any inherent processes in CRM or ERP applications as a given and model new process activities around those inherent processes 0 Will endorse serviceoriented components from their CRM and ERP application vendors Chapter 12 o Responsible Computer Use 0 Guidelines In area of ethics we rely on guidelines to guide behavior These guidelines can come from many organizations 0 The Computer Ethics Institute developed these guidelines for ethical computer use that prohibit the following behaviors I Using a computer to harm others I Interfering with other people s computer work I Snooping in other people s les I Using a computer to steal I Using a computer to bear false witness I Copying or using proprietary software without paying for it I Using other people s computer resources without authorization or compensation I Appropriating other people s intellectual output 0 Electronic Communications Privacy Act ECPA 1986 I Regulates I interception of communications I Accessing disclosure of stored communications I Extended government restrictions on wire taps I Weakened by USA Patriot Act I Weak language not easily enforced 0 USA Patriot Act 2001 I Stands for Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001 I Eases restrictions on foreign intelligence in US I Expands authority to regulate nancial transactions I Enhances ability to deportdetain immigrants I Expands terrorism to include domestic acts I Expands to voice communication 0 Health Insurance Portability and Accountability Act HIPAA 1996 o Protects Health Insurance coverage COBRA o Prevent fraud abuse in health care industry 0 Standards for electronic transactions in the health industry 0 Institutes privacy provisions for patients 0 Assessing Risk 0 Security Audit identi es all aspects of information systems and business processes that use them 0 Risk Analysis assesses the value of assets being protected 0 Controlling Access 0 Keeping information safe by only allowing access to those that require it to do their jobs 0 Authentication verifying identity before granting access eg passwords 0 Access Control Granting access to only those system areas where the user is authorized eg accouting 0 Sources of Security Threat 0 Human errors and mistakes I Accidental problems deletions copyovers operating errors I Poorly written programs I Poorly designed procedures I Physical accident driving forklift through computer room wall 0 Malicious human activity I Intentional destruction of programs hardware and data by employees I Insider attacks from disgruntled employees I Hackers I Virus and worm writers I Criminals inside and outide I Terrorist 0 Natural event and disasters I Fires floods hurricanes earthquakes tunamis avalanches tornados I Initial losses of capability I Loss of sales and services purchase and payment data software and hardware I Secondary losses from recovery actions 0 Secondam losses I Cost of replacing and recovering data reconstructing facilities lost customers law suitlegal costs 0 Types of Security Threat o Unauthorized Data Disclosure I Human error Posting private information in public place Placing restricted information on searchable Web sites Inadvertent disclosure during recovery I Malicious release Pretexting pretending to be someone else via phone call Phishing pretexting using email Spoo ng disguising as a different IP address or different email sender o SniffingDriveby snif ng searching for unprotected or WEP wireless networks 0 Network Tap breaking into networks slicing into cables using a client on network 0 Incorrect Data Modifications I Human errors 0 Incorrect entries and information 0 Procedural problems I Incorrect data modi cations 0 Systems errors I Hacking I Faulty recovery actions 0 Faulty Service I Incorrect systems operations I Incorrect data modification I Incorrectly sending wrong goods to customer or goods to wrong customer I Incorrect billing I Programming errors I Errors in hardware software program data installation I Usurpation unauthorized program or update replaces legitimateapproved program 0 Denial of Service DOS I Human error 0 Inadvertently shut down Web server gateway router with computationally intensive application I Malicious denialofservice attacks 0 Flood Web server with millions of requests for Web pages 0 Computer worms 0 Natural disasters 0 Loss of Infrastructure I Accidental o Bulldozer cutting fiberoptic cable oor buffer bangs Web server 0 Water line breaks damage hardware I Theft 0 Disgruntled employee steals hardware I Terrorist o Bombs computer center I Natural disasters 0 Floods tornadoes hurricanes fire earthquakes o Viruses 0 Computer programs that replicates themselves 0 Take unwanted and harmful actions 0 Consume computer resources 0 Payload causes unwanted activity 0 Trojan horses 0 Viruses that masquerade as useful programs or files such as games MP3s and so on 0 Macro viruses 0 Attach to Word Excel and so on to infect document 0 Place themselves in startup files 0 Infect every le the application creates or processes 0 Worms 0 Viruses that propagate using Internet or network 0 Specifically programmed to spread o Actively use networks to spread 0 Prevention ofViruses Trojans and Worms 0 Patches way of updating existing piece of software to a new release 0 Vendorprovided security fixes for programs 0 Automatic updates or regular checks for patches 0 Types of Malware 0 Spyware programs I Install without user s knowledge I Reside in background monitor user actions keystrokes computer activity I Used for marketing analysis 0 Adware I Similar to spyware without malicious intent I Watches users activity produces popup ads changes window modi es search result I Can slow computer performance I Can be removed with antispyware antiadware programs 0 Security Measures Preventative Detective Corrective 0 Elements of a Security Program 0 Senior management involvement I Must establish security policy I Manage risk 0 Balancing costs and benefits of security program 0 Safeguards I Protections against security threat 0 Incident response I Must plan for prior to security incidents 0 Protection against Security Threats thru Technical Safeguards 0 Identification and authentication I User names and passwords O O O o Identi cation user name 0 Authentication password I Smart card 0 Microchip embedded with identifying data 0 Authentication by personal identi cation number PIN I Biometric authentication 0 Fingerprints facial scans retina scans I Single signon for multiple systems 0 Authenticate to network and other servers Encryption and Virtual Private Network I VPN Virtual Private Network 0 Called a secure tunnel o Dynamically generated network connection to connect users or nodes 0 This approach uses both authentication and encryption 0 Used extensively for remote access by employees I Encryption The process ofencoding messages before they enter the network or airwaves and then decoding at the receiving end 0 Public Key known and used to scramble messages SSL 0 Private Key not known and used by receiver to descramble 0 Certificate Authority a third party that issues keys Firewalls I Computer device that prevent unauthorized network access I May be specialpurpose computer or program on a generalpurpose computer I Organizations may have multiple rewalls I Access control list ACL encodes rules stating which IP addresses are allowed into or prohibited from the network Malware protection I Install antivirus and antispyware programs I Set antimalware programs to scan frequently 0 Scan hard drive and email I Update malware de nitions regularly I Open email attachment only from known sources 0 90 of all viruses spread by email attachments I Install updates promptly and only from legitimate sources I Browse only reputable Internet neighborhoods Design for secure applications Be sure that your company designs and builds systems with security as a requirement Data Safeguards O 0 Define data policies I quotWe do not share identifying customer data with any organizationquot Data right and responsibilities 0 Right enforced by user accounts authenticated by passwords Protect sensitive data with encryption I Key escrow copy of encryption key held by trust party 0 Backup and recovery procedures 0 Physical security 0 0 Protection against Security Threats thru Data Safeguards 0 Data administration I Organizationwide function I Develops data policies I Enforces data standards 0 Database administration I Ensures procedures exist for orderly multiuser processing I Controls changes to database structure I Protect the database 0 Protection against Security Treat thru Human Safeguards 0 Human Safeguards for employees I Position definitions 0 Define job tasks and responsibility 0 Separate duties and authorities 0 Grant quotleast possible privileges 0 Document security sensitivity risk analysis 0 Hiring and screening employees 0 Dissemination and enforcement 0 Termination I Establish security policy and procedures I Standard human resources policies for quotfriendlyquot terminations 0 Remove accounts passwords on last work day 0 Recover all keys for encrypted data 0 Recover all door keys and pass cards D badges I Unfriendlyterminations 0 Remove accounts passwords prior to notifying employee of termination 0 Security officer cleans out person s desk or watches 0 Accompany person off premises 0 AccountAdministration 0 Account management procedures I Creation of new accounts modification of existing accounts removal of terminated account I Users need to provide early timely notification of account change needs I Users and business manager need to inform IT to remove accounts 0 Password management I Usersigned acknowledgment forms I Change passwords frequently 0 Helpdesk policies I Authentication of users who have lost password I Password should not be emailed 0 IS Safety Procedures 0 Procedure types I Normal operations I Backup I Recovery 0 Each procedure type should be standardized 0 Procedures exist for users and operations personnel I Procedures vary by duties and responsibilities 0 Security Monitoring 0 Activity log analyses I Firewall logs DBMS login records Web server logs 0 Security testing Inhouse and external security professionals 0 Investigation of incidents How did the problem occur 0 Learn from incidences I Indication of potential vulnerability and needed corrective actions 0 Review and update security and safeguard policies 0 DisasterPreparedness 0 Disaster Substantial loss of infrastructure caused by acts of nature crime or terrorism 0 Best safeguard is choose appropriate location for infrastructure I Avoid placing where prone to oods earthquakes tornadoes hurricanes avalanches cartruck accident I Place in unobtrusive buildings basements backrooms within physical perimeter I Fireresistant buildings Backup processing centers in geographically removed site Create backups for critical resources 0 O


Buy Material

Are you sure you want to buy this material for

25 Karma

Buy Material

BOOM! Enjoy Your Free Notes!

We've added these Notes to your profile, click here to view them now.


You're already Subscribed!

Looks like you've already subscribed to StudySoup, you won't need to purchase another subscription to get this material. To access this material simply click 'View Full Document'

Why people love StudySoup

Steve Martinelli UC Los Angeles

"There's no way I would have passed my Organic Chemistry class this semester without the notes and study guides I got from StudySoup."

Allison Fischer University of Alabama

"I signed up to be an Elite Notetaker with 2 of my sorority sisters this semester. We just posted our notes weekly and were each making over $600 per month. I LOVE StudySoup!"

Jim McGreen Ohio University

"Knowing I can count on the Elite Notetaker in my class allows me to focus on what the professor is saying instead of just scribbling notes the whole time and falling behind."


"Their 'Elite Notetakers' are making over $1,200/month in sales by creating high quality content that helps their classmates in a time of need."

Become an Elite Notetaker and start selling your notes online!

Refund Policy


All subscriptions to StudySoup are paid in full at the time of subscribing. To change your credit card information or to cancel your subscription, go to "Edit Settings". All credit card information will be available there. If you should decide to cancel your subscription, it will continue to be valid until the next payment period, as all payments for the current period were made in advance. For special circumstances, please email


StudySoup has more than 1 million course-specific study resources to help students study smarter. If you’re having trouble finding what you’re looking for, our customer support team can help you find what you need! Feel free to contact them here:

Recurring Subscriptions: If you have canceled your recurring subscription on the day of renewal and have not downloaded any documents, you may request a refund by submitting an email to

Satisfaction Guarantee: If you’re not satisfied with your subscription, you can contact us for further help. Contact must be made within 3 business days of your subscription purchase and your refund request will be subject for review.

Please Note: Refunds can never be provided more than 30 days after the initial purchase date regardless of your activity on the site.