Chapter 10

Q1: What is the goal of information systems security?

Major elements of IS security is when person or organization seeks to obtain data or other assets illegally, without owner’s permission and often without owner’s knowledge. Vulnerability is the opportunity for threats to gain access to individual or organizational assets; for example, when you buy online, you provide your credit card data, and as data is transmitted over Internet, it is vulnerable to threats. Safeguard, measure individuals or organizations take to block threat from obtaining an asset; not always effective, some threats achieve their goal in spite of safeguards. Target is the asset desired by threat and sources of security threats. Human error examples: (1) employee misunderstands operating procedures and accidentally deletes customer records; (2) employee inadvertently installs an old database on top of current one while doing backing up; (3) physical accidents, such as driving a forklift through wall of a computer room. Computer crime is an intentional destruction or theft of data or other system components Natural disasters are fires, floods, hurricanes, earthquakes, tsunamis, avalanches, other acts of nature; includes initial loss of capability and service, and losses recovery costs. Unauthorized Data Disclosure are common threats associated with unauthorized data disclosure. Faulty service are problems caused by incorrect system operation Usurpation, occurs when computer criminals invade a computer system and replace legitimate programs with their own unauthorized ones that shut down legitimate application and substitute their own processing to spy, steal and manipulate data, or other purposes. Denial of service, humans inadvertently shut down a Web server or corporate gateway router by starting a computationally intensive application. Denial-of-service attacks first starts with malicious hacker intentionally floods a Web server with millions of bogus service requests; secondly, user unintentionally shuts down Web server or corporate gateway router by starting computationally intensive application. Goal of Information Systems Security finds appropriate trade-off between risk of loss and cost of implementing safeguards. In addition, make appropriate trade-offs to protect yourself and your business.

Q2: How big is the computer security problem?

Right now malicious insiders are an increasing problem. Many computer crime studies are based on dubious sampling techniques, and some seem to be written to promote a particular safeguard product.

Q3: How should you respond to security threats?

Computer security professionals run intrusion detection systems to detect attacks. An intrusion detection system (IDS) is a computer program that senses when another computer is attempting to scan or access a computer or network. IDS logs can record thousands of attempts each day so its encourage for companies to fix product vulnerabilities. Serve as educational forum for hackers, developers, manufacturers, and government agencies. Or what Dan recommends The right to be forgotten, “the right under certain conditions to ask search engines to remove links with personal information about them.”

Q4: How should organizations respond to security threats?

Senior management creates company-wide policies and manages risks: what sensitive data will be stored? How will data be processed? Will data be shared with other organizations? How can employees and others obtain copies of data stored about them? How can employees and others request changes to inaccurate data? Specifics of a policy depend on whether the organization is governmental or nongovernmental, publically held or private, organization’s industry, relationship of management to employees, and other factors. An easy way to remember information systems safeguards is to arrange them according to the five components of an information system. Understand the legal requirements, ethical considerations, and business consequences of data acquisition, storage, and dissemination. Use the knowledge of this class to demonstrate two possible ways that data could be stolen at a coffee shop. Then formulate personal principles with regard to data acquisition, storage, and dissemination. In addition, Large, reputable organizations are likely to endorse ethical privacy policy, and have strong and effective safeguards to support that policy. But individuals and small organizations might not.

Q5: How can technical safeguards protect against security threats?

Technical safeguards involve the hardware and software components of an information system or single Sign-on for Multiple Systems. Summary of how SSL/TLS works when you communicate securely with a Web site. Either, your computer obtains public key of Web site to which it will connect, your computer generates a key for symmetric encryption, your computer encodes key using Web site’s public key, then sends encrypted symmetric key to Web site. Also, web site decodes symmetric key using its private key or your computer and Web site communicate using symmetric encryption. With asymmetric encryption, two keys are used; one key encodes the message, and the other key decodes the message. Symmetric encryption is simpler and much faster than asymmetric encryption. Organizations normally use multiple firewalls. Perimeter firewall sits outside organizational network; is first device that Internet traffic encounters. Packet-filtering firewall examines each part of a message and determines whether to let that part pass. To make this decision, it examines source address, destination address(es), and other data. Packet-filtering firewalls can prohibit outsiders from starting a session with any user behind firewall, prohibit traffic from legitimate, but unwanted, addresses, such as competitors’ computers, and filter outbound traffic. No computer should connect to the Internet without firewall protection. Many ISPs provide firewalls for their customers. By nature, these firewalls are generic. Large organizations supplement such generic firewalls with their own. Most home routers include firewalls, and Microsoft Windows has a built-in firewall as well. Third parties also license firewall products. Payload is program code that causes unwanted activity. It can delete programs or data, or modify data in undetected ways. Spyware programs are installed on the user’s computer without the user’s knowledge or permission. It resides in background and, unknown to the user, observes user’s actions and keystrokes, monitors computer activity, and reports the user’s activities to sponsoring organizations. Some malicious spyware, called key loggers, captures keystrokes to obtain usernames, passwords, account numbers, and other sensitive information. Other spyware supports marketing analyses such as observing what users do, Web sites visited, products examined and purchased, and so forth. Most adware is benign in that it does not perform malicious acts or steal data. It does, however, watch user activity and produce pop-up ads. Adware can also change the user’s default window or modify search results and switch the user’s search engine. PRIDE with security in mind; PRIDE will store users’ privacy settings in a database, and it will develop all applications to first read the privacy settings before revealing any data in exercise reports. Most likely, PRIDE will design its programs so that privacy data is processed by programs on servers, which means data need be transmitted over the Internet only when it is created or modified. SQL injection attack SQL code becomes part of database commands issued and improper data disclosure, data damage and loss possible

Q6: How can data safeguards protect against security threats?

Data safeguards protect databases and other organizational data. Two organizational units are responsible for data safeguards. Data administration refers to an organization-wide function that is in charge of developing data policies and enforcing data standards. When organizations store databases in the cloud, all of the safeguards should be part of the service contract. Or a trusted party should have a copy of encryption key/key escrow.

Q7: How can human safeguards protect against security threats?

First thing is to separate duties and authorities, determine least privileges or document position sensitivity. Then Development of human safeguards for employees and need to be made aware of the security policies, procedures, and responsibilities they will have. Companies must establish security policies and procedures for the termination of employees. Public users web sites and other openly accessible information systems must have safeguards. Hardening is a special versions of operating system that lock down or eliminate operating systems features and functions not required by application. Protect such users from internal company security problems. Account management is to create new user accounts, modify existing account permissions, remove unneeded accounts. Improve your relationship with IS personnel by providing early and timely notification of needed account changes. Password management is where users should change passwords every 3 months or less. Help desk management helps set policy for means of authenticating a user. Definition and use of standardized procedures reduces likelihood of computer crime and other malicious activity by insiders. It also ensures system’s security policy is enforced. Security Monitoring Server activity logs or firewall log of Web activities and honeypots for computer criminals to attack.

Q8: How should organizations respond to security incidents?

Every organization should have an incident-response plan as part of the security program. No organization should wait until some asset has been lost or compromised before deciding what to do. The plan should include how employees are to respond to security problems, whom they should contact, the reports to make, and steps to reduce further loss. Finally, identify critical personnel and their off-hours contact information

Q9: 2026?

In 2026, APTs more common so the concern about balance of national security and data privacy could be high. Security on devices will be improved so the skill level of activity increases substantially. In addition, improved security at large organizations and big local “electronic” authorities.

Chapter 9

This chapter considers business intelligence (BI) systems: information systems that can produce patterns, relationships, and other information from organizational structured and unstructured social data as well as from external, purchased data. BI systems to identify patterns, relationships, and other information in organizational structured and unstructured social data, as well as purchased external data. In addition to this data, another rich source of knowledge is employees themselves. Including, vast amounts of collective knowledge exist in every organization’s employees. Business intelligence is the key technology supporting such marketing technology.

Q1: How do organizations use business intelligence (BI) systems?

BI systems are information systems that process operational and other data to identify patterns, relationships, and trends for use by business professionals and other knowledge workers. Five standard IS components are present in BI systems: hardware, software, data, procedures, and people. The boundaries of BI systems are blurry. Typical Uses for BI, identifying changes in purchasing patterns, important life events change what customers buy, entertainment and Netflix has data on watching, listening, and rental habits. Classify customers by viewing patterns, predictive policing and analyze data on past crimes - location, date, time, day of week, type of crime, and related data. Just-in-Time Medical Reporting, Example of real time data mining and reporting. Injection notification services, software analyzes patient’s records, if injections needed, recommends as exam progresses and blurry edge of medical ethics.

Q2: What are the three primary activities in the BI process?

These activities directly correspond to the BI elements and the four fundamental categories of BI analysis are reporting, data mining, BigData, and knowledge management. Push publishing delivers business intelligence to users without any request from the users; the BI results are delivered according to a schedule or as a result of an event or particular data condition. Pull publishing requires the user to request BI results. Data broker/aggregator acquires and purchases consumer and other data from public records, retailers, Internet cookie vendors, social media trackers, and other sources. Data for business intelligence to sell to companies and governments

Q3: How do organizations use data warehouses and data marts to acquire data?

For a small organization, the extraction may be as simple as an Access database. Larger organizations, however, typically create and staff a group of people who manage and run a data warehouse, which is a facility for managing an organization’s BI data. Functions of a data warehouse: obtain data from operational, internal and external databases. Also cleanse data, organize and relate data, catalog data using metadata. The components of a data warehouse. Programs read operational and other data and extract, clean, and prepare that data for BI processing. An organization might use Oracle for its operational processing, but use SQL Server for its data warehouse. Other organizations use SQL Server for operational processing, but use DBMSs from statistical package vendors such as SAS or SPSS in the data warehouse. Purchase of data about other organizations is not unusual or particularly concerning from a privacy standpoint.  However, some companies choose to buy personal, consumer data (like marital status) from data vendors like Acxiom Corporation. The data analysts who work with a data warehouse are experts at data management, data cleaning, data transformation, data relationships, and the like. However, they are not usually experts in a given business function. A data mart is a subset of a data warehouse. A date mart addresses a particular component or functional area of the business.

Q4: How do organizations use reporting applications?

A reporting application is a BI application that inputs data from one or more sources and applies reporting operations to that data to produce business intelligence. Create meaningful information from disparate data sources. Deliver information to user on time through basic operations: sorting, filtering, grouping, calculating and formatting. RFM considers how recently (R) a customer has ordered, how frequently (F) a customer ordered, and how much money (M) the customer has spent. Produce an RFM score, a program sorts customer purchase records by date of most recent (R) purchase, divides sorts into quintiles, and gives customers a score of 1 to 5. Process is repeated for Frequently and Money.

Q5: How do organizations use data mining applications?

Sources of discipline in data mining are AI machine learning, data management technology, sophisticated marketing, finance and other business professionals. Also cheap computer processing and storage, huge databases and statistical mathematics.  Unsupervised data mining consists of a hypothesis or model. Findings obtained solely by data analysis and hypothesized model created to explain patterns found. Cluster analysis is statistical technique to identify groups of entities with similar characteristics; used to find groups of similar customers from customer order and demographic data. Supervised data mining uses a priori model and prediction such as regression analysis. Market-basket analysis is an identify sales patterns in large volumes of data, identify what products customers tend to buy together. Computes probabilities of purchases, identify cross-selling opportunities and ssociation analysis important part in shopping basket data analysis. Basic idea of a decision tree is to select attributes most useful for classifying entities. Select attributes most useful for classifying “pure group” and hierarchical arrangement of criteria to predict a value or classification.

Q6: How do organizations use BigData applications?

Big Data is a term used to describe data collections that are characterized by huge volume, rapid velocity, and great variety. Huge volume is a petabyte and larger then rapid velocity is generated rapidly. Great variety is structured data, free-form text, log files, graphics, audio, and video. Technique for harnessing power of thousands of computers working in parallel. BigData collection is broken into pieces, and hundreds or thousands of independent processors search these pieces for something of interest. BigData has volume, velocity, and variation characteristics that far exceed those of traditional reporting and data mining. Experts are required to use it; you may be involved, however, in planning a BigData study or in interpreting results.

Q7: What is the role of knowledge management systems?

Knowledge Management (KM) is creating value from intellectual capital and sharing knowledge with those who need that capital. Preserving organizational memory by capturing and storing lessons learned and best practices of key employees. Benefits of Knowledge Management is to improve process quality, increase team strength. The goal is to nable employees to use organization’s collective knowledge. Expert systems are rule-based systems that encode human knowledge as If/Then rules and programs that process a set of rules. The few expert systems that have been successful have addressed more restricted problems than duplicating a doctor’s diagnostic ability. They address problems such as checking for harmful prescription drug interactions and configuring products to meet customer specifications. These systems require many fewer rules and are therefore more manageable to maintain. Content Management Systems Support management and delivery of documents, other expressions of employee knowledge.

Q8: 2026?

In 2026, exponentially more information about customers, better data mining techniques. As companies buy and sell your purchasing habits and psyche. Singularity are when computer systems adapt and create their own software without human assistance. In the end, Machines will possess and create information for themselves

Chapter 8

The chapter discusses rapid technological change is to learn and understand underlying principles. It also focuses on principles, conceptual frameworks, and models that will be useful to address the opportunities and risks of social media systems in early years of your professional career.

Q1: What is a social media information system (SMIS)?

Social media IT is for sharing content among networks of users, enables communities of practice and people related by a common interest. Social media information system (SMIS) is sharing content among networks of users. Social has several convergences of many disciplines such as psychology, sociology, computer science, MIS, marketing and organizational theory.  There are three SMIS roles that are consist within social media. Social Media Providers such as Facebook, Google+, LinkedIn, Twitter, Instagram, and Pinterest platforms are attracting, targeting demographic groups, users, individuals and organizations and communities. In addition, mutual interests that transcend familial, geographic, and organizational boundaries. Companies hire staff to maintain their SM presence, promote their products, build relationships, and manage their image. Depending on how organizations want to use SM, they can be users, providers, or both. Five components of SMIS and the SM User communities start with Community A - first-tier community of users with direct relationship to the site.  User 1 belongs to three communities — A, B, and C. Communities B–E - second-tier communities intermediates by a first-tier user.  Then the number of second and higher tier community members grows exponentially. After, exponential nature of relationships offers sponsoring organizations both a blessing and a curse. If social media site wants pure publicity, will need viral hook to relate to as many communities as possible.

Q2: How do SMIS advance organizational strategy?

Learn the relationship of information systems to organizational strategy because Strategy determines value chains, Value chains determine business processes, processes determine SMIS requirements. How do value chains determine dynamic processes? Dynamic process flows cannot be designed or diagrammed. SM fundamentally changes balance of power among users, communities, and organizations. Social media contributes to five primary value chain activities and to human resources support activity. General framework by which organizations can accomplish their strategy via a dynamic process supported by SMIS. Organizations controlled their relationships with customers using structured processes and related information systems. In fact, the primary purpose of traditional CRM was to manage customer touches. Customers search content, contribute reviews and commentary, ask questions, create user groups, and not centered on customer lifetime value. Social Media and Customer Service as many organizations struggle to make the transition from controlled, structured, traditional CRM processes to wide-open, adaptive, dynamic social CRM processes. Relationships emerge from joint activity, customers have as much control as companies. Product users freely help each other solve problems, selling to or through developer networks most successful. Peer-to-peer support risks loss of control. Social Media and Manufacturing and Operations Improves communication channels within organization and externally with consumers, design products, develop supplier relationships, and operational efficiency.

Q3: How do SMIS increase social capital?

The Value of social capital is number of relationships, strength of relationships, resources controlled and adds value in four ways: information, influence, social credentials, personal reinforcement, capital, investment of resources for future profit. The types of business capital are physical capital: produce goods and services. Human capital is human knowledge and skills investments. Social capital is social relations with expectation of marketplace returns. Relationships in social networks can: Provide information about opportunities, alternatives, problems, and other factors important to business professionals. Provide an opportunity to influence decision makers who are critical to your success. Be a form of social credential. Reinforce a professional’s image and position in an organization or industry and using Social Networking to increase the number of relationships growing social networks organizations have social capital just as humans do. Discuss how could a photographer use SM to communicate a wedding experience using text, pictures, and video instantly to everyone in your social network. Growing social networks uses organizations have social capital just as humans do. Discuss how could a photographer use SM to communicate a wedding experience using text, pictures, and video instantly to everyone in your social network, Strength of a relationship is the likelihood other entity will do something that benefits your organization. Positive reviews, post pictures using organization’s products or services, tweet about upcoming product releases, and so on. Strengthen relationships by asking someone to do you a favor. Frequent interactions strengthen relationships will weaken the strength social relationships by continually freeloading, declining requests for help, and failing to spend time with friends. Using Social Networks to connect to those with more resources Social Capital = Number of Relationships × Relationship Strength × Entity Resources. Huge network of people with few resources less valuable than a smaller network of people with substantial resources. Resources must be relevant and most organizations ignore value of entity assets.

Q4: How do (some) companies earn revenue from social media?

Processing time, data communication, and data storage may be cheap, but they still cost something. Hyper-social organization Transform interactions with customers, employees, and partners into mutually satisfying relationships with them and their communities. The two most common ways SM companies generate revenue are advertising and charging for premium services. Revenue models for social media Pay-per-click use to increases value. Freemium offers users a basic service for free, and then charges a premium for upgrades or advanced features. Also sales that use apps and virtual goods, affiliate commissions, donations. Conversion rate frequency someone clicks on ad makes a purchase, “likes” a site, or takes some other action desired by advertiser.

Q5: How do organizations develop an effective SMIS?

Focus on being cost leader or on product differentiation, industry-wide or segment focus and premeditated alignment of SMIS with organization’s strategy. Create a process of developing a practical plan to effectively use existing social media platforms. Success metrics or key performance indicators (KPI). Metrics are simply measurements used to track performance and don’t improve your decision making are commonly referred to as vanity metrics

Q6: What is an enterprise social network (ESN)?

ESN is a software platform uses SM to facilitate cooperative work of people within an organization. Improve communication, collaboration, knowledge sharing, problem solving, and decision making. Enterprise 2.0 uses of emergent social software platforms within companies, or between companies, partners or customers. The application of social media to facilitate cooperative work of people inside organizations. Can be used to enable people to share knowledge and problem-solving techniques. Communication channels within corporations changed in equally dramatic ways and using ESNs, employees can bypass managers and post ideas directly for CEO to read. Quickly identify each organization, still learning how to use and deploy ESNs. Develop strategic plan for using SM internally via same process as used for external social media use and assess likelihood of employee resistance.

Q7: How can organizations address SMIS security concerns?

Organizations and executives no longer plan and control organizational messaging. Such messaging emerges via a dynamic, SM-based process. Ask students what they think about that. Develop and publicize social media policy. Delineate employees’ rights and responsibilities: disclose, protect, use common Sense and managing the risk of Inappropriate content. Organizations should regularly monitor the site and remove objectionable material.  Monitoring can be done by employees or by companies, which offer services not only to collect and manage ratings and reviews, but also to monitor sites for irrelevant content. For example: User-generated content (UGC), problems from external sources, junk and crackpot contributions, inappropriate content, unfavorable reviews and mutinous movements. Its monitor by employees or use outsource service who are responding to Social networking problems responses are best reserved for when the problematic content has caused the organization to do something positive as a result. Comments by crackpots, have nothing to do with the site, or contains obscene or otherwise inappropriate content. Internal Risks from Social Media are threats to information security, increased organizational liability, decreased employee productivity Directly affect ability to secure information resources

Q8: 2026?

Social media means customers use all the vendor’s touch points they can find to craft their own relationships. New mobile devices with innovative mobile-device UX, coupled with dynamic and agile information systems based on cloud computing and dynamic virtualization. Organization the endoskeleton, supporting the work of people on the exterior. Employees craft own relationships with their employers. Big Data = Big Money, personal data illegally accessed by criminals and sold on black market to other nefarious characters; or legally accessed by companies and sold to other companies. Understand importance and value of personal brand, social media presence one component of a professional brand. Traditional sources of personal branding, like personal networks of face-to-face relationships, important.

Chapter 6

The chapter begins with why the cloud will be utilize more and more in the future. It will also discuss how technology makes the cloud work and the ways organizations can use it. The chapter goes overs local networks and how it functions with the web. This also includes the purpose of the cloud and its basic technologies. Finally, it will review how each organizations use the cloud, the basic steps of setting up the cloud and its security.
Q1: Why is the cloud the future for most organizations?

Organizations are moving their computing infrastructure to the cloud.  Leasing computing infrastructure from the cloud will become common practice. The cloud itself is an elastic leasing of pooled computer resources via Internet. Elastic means it automatically adjusts for unpredictable demand and limits financial risks. Now pooled is the same physical hardware itself or economies of scale, for instance like Amazon.com’s CloudFront. Without increase in servers, response time of seconds or more, is far too long to maintain attention of viewer. So economies of scale consider the average cost decreases as size of operation increases. The major cloud vendors operate enormous data centers such as web farms. The cloud is preferred to in-house hosting because of the small capital requirements, speedy development and known cost structure. This also includes no obsolescence, superior flexibility and adaptability to grow or fluctuating demand.  However, the negatives of the cloud are dependency on vendors, loss of control over data location and little security measures. The cloud is used now because of cheap processors, essentially free data communication and storage. The cloud also uses virtualization technology, internet-based standards enable flexible and standardized processing capabilities. The cloud doesn’t make sense when the law or standard industry practice require physical control or possession of the data. For instance, a financial institution is legally required to maintain physical control over its data.

Q2: What network technology supports the cloud?

There are four basic types of computer network technology that support the cloud. Personal area network helps devices connected around a single person. The local sear network are computers connected at a single physical site. Wide area network are computers connected between two or more separated sites. Finally, another basic type of network is the internet and internets which is networks of networks. For example, a typical small home office LAN like most computers today would support 10/100/1000 of Ethernet. There are thee various LAN Protocol with different speeds and connections, such as wired or wireless LAN. Also Bluetooth transmits data short distances and can connect to a computer, keyboard, mouse, printer, smartphones and cars. Communications speeds expressed in bits, memory sizes in bytes. For example, communications equipment can be represented by K(ilo) = 1,000, M(ega) = 1,000,000 and G(iga) = 1,000,000,000.  Connecting your LAN to the internet how important ISP functions. The three are to provide legitimate Internet address, provide gateway to Internet and pay access fees and other charges to telecoms. Gateway function is when a ISP receives the communications from your computer and passes them on to the Internet, and receives communications from the Internet and passes them to you.

Q3: How does the cloud work?

The cloud resides in the internet so assume you send a message to a server somewhere. The message is too big to travel in one piece, so it’s broken into packets and each packet passes along from WAN to WAN until it reaches destination. Once all packets arrive, message reconstructed, delivered to server for processing. All accomplished by computers and data communications devices that most likely have not interacted before. Now the hop is the movement from one network to another. Carriers are messages, broken into packets. These Packets move across the Internet, passing through networks owned by telecom carriers. So peering agreements are carriers that freely exchange traffic amongst themselves without paying access fees. Net neutrality principle considers all data is treated both equally however the problem is some people use more bandwidth than others.

IP Addresses and Domain Names:

There are two internet addressing, Public IP addresses and Private IP addresses. Public IP addresses Identifies a unique device on Internet and is assigned by ICANN (Internet Corporation for Assigned Names and Numbers. Private IP addresses identifies a device on a private network, usually a LAN and the assignment LAN is controlled. The purpose is these protocols manage traffic as it passes across an internet /Internet. Most important protocol in transport layer is TCP. Private/public IP address scheme two major benefits attackers cannot send attack packets to private IP addresses. Most common IP addresses format is IPv4. A domain name is a unique name affiliated with a public IP address, dynamic affiliation of domain names with IP addresses and can have multiple domain names for same IP address. A URL (Uniform Resource Locator) is an Internet address protocol, such as http:// or ftp:// followed by a domain name or public IP address. ICANN administers system for assigning names to IP addresses. Domain name a worldwide-unique name affiliated with a public IP address. Affiliation of domain names with IP addresses is dynamic. Owner of domain name can change affiliated IP addresses at its discretion.

Three Tier Architecture:

Almost all e-commerce applications use a three-tier architecture. First, user tier consists of computers, phones, other devices with browsers that request and process Web pages. Second, a server tier consists of computers running Web servers and application programs. Finally, a database tier consists of computers running a DBMS that processes SQL requests to retrieve and store data. So a commerce server is an application program that runs on server-tier computer. Receives requests from users via Web server, takes some action, and returns a response to users. Typical commerce server functions are to obtain product data from a database, manage items in a shopping cart, and coordinate checkout process. Only Internet protocols a business professional likely to encounter are at application layer. These are four standards that are used extensively for Web services and the cloud: WSDL, SOAP, XML and JSON. 

Four Standards of Web Services and Cloud

Web Services Description Language (WSDL) is the standard for describing services, inputs, outputs, other data supported by a Web service. Documents coded machine readable and used by developer tools for creating programs to access the service. SOAP is a protocol for requesting Web services and for sending responses to Web service requests. Extensible Markup Language is used for transmitting documents. Contains metadata to validate format and completeness of a document, includes considerable overhead. JavaScript Object Notation (JSON) is a markup language used for transmitting documents. Contains little metadata. Preferred for transmitting volumes of data between servers and browsers. While notation in format of JavaScript objects, JSON documents can be processed by any language

Q4: How do organizations use the cloud?

Organizations can use the cloud in several different ways. By far most popular, is to obtain cloud services from cloud service vendors. The three fundamental of cloud types are SaaS, PassS and laaS. Content delivery networks from cloud vendors stores user data in many different geographical locations and makes data available on demand. It also can have specialized type of PaaS, but usually considered in its own category, minimizes latency and is used to store and deliver content seldom changed.

Q5: How can Falcon Security use the cloud?

Absent some unknown factor such as a federal tax on Internet traffic. Individuals on iCloud or Google Grid, to small groups using Office 365, to Small companies like Falcon Security Parts using PaaS, to huge organizations using IaaS.

Q6: How can organizations use cloud services securely?

Organizations realize the benefits of cloud technology without succumbing to those threats. VPN technology uses public Internet to create appearance of a private connection on secure network. Virtual means something that appears to exist but, in fact, does not. Remote Access using VPN is an apparent connection as it appears to the remote user. Accessing a private cloud over a virtual private network is when a VPN client software encrypts messages so their contents are protected from invasions. Private clouds provide security within the organizational infrastructure but do not provide secure access from outside that infrastructure. In order to provide such access, organizations set up a VPN and users employ it to securely access the private cloud. Organization can store most sensitive data on own infrastructure, and store less sensitive data on VPC. Thus, organizations required to have physical control over some of their data can place it on own servers and locate rest on VPC.

Q7: 2026?

Cloud services new categories of work that is faster, more secure, easier to use, cheaper. Fewer organizations own their computing infrastructure. More pooling of servers across organizations and overall size of the cloud gets bigger. Individuals, small businesses, large organizations obtain elastic resources at very low cost. Remote action systems: Telediagnosis, Telesurgery and Telelaw enforcement which provide services in dangerous locations.

Chapter 7

Chapter 7 discusses the process and supporting on information systems in the levels of an organization. It explores the way organizations uses three types of processes and how they use information systems. The chapter talks about process quality and how it can improve the information system. Then explains information systems in one level of an organization and how it leads to problems in silos. Also how these silo problems can be solved at the next level of the organization. The chapter also goes into enterprise systems such as CRM, ERP and EAI. Then how these inter enterprise IS can solve enterprise level silos. Last, how the future in implications of mobility and the cloud of the future enterprise and interenterprise IS.

Q1: What are the basic types of processes?

First, they’re a network of activities that generate value by transforming inputs to outputs. The basic types of processes are human only processes, human processes with computer help, computer only processes. There’s a difference between structured processes and dynamic processes. Structured processes are formally defined, standardized processes involving day-to-day operations. This also includes accepting a return, placing an order, purchasing raw materials, and so forth. Dynamic processes are flexible, informal, and adaptive processes normally involving strategic and less structured managerial decisions and activities. Now processes that use the three levels of organizational are workgroups, enterprises and inter-enterprises. Workgroup help a workgroup to accomplish a goal.  Workgroup IS used to support one or more IS processes. Enterprise processes spanning multiple departments. Enterprise IS support enterprise processes. Inter-enterprise processes that require cooperation amongst different entities. The workgroups represent six of the nine value-added activities. There are various characteristics of information systems. Characteristics of departmental information systems are summarized in Workgroup. Often, procedures are formalized in documentation, and users frequently receive formal training in use of those procedures.

Q2: How can information systems improve process quality?

Processes are means people use to organize an activity to achieve organization’s goals. Two dimensions of process quality are efficiency and effectiveness. Information systems can improve by process efficiency which is the ratio of outputs to inputs. Better quality can be achieved by process effectiveness which is how well a process achieves organizational strategy. So processes can be improved either by change process structure, change process resources and change both. In addition, process quality can include performing an activity, meaning partially automated or completely automated. Also, augmenting human performing activity or controlling data quality to ensure data is complete and correct before continuing process activities.

Q3: How do information systems eliminate problems of information silos?

First what are the problems of information silos? The problems of information silos are data duplicated, data inconsistency, data isolated, disjointed processes, lack of integrated enterprise information., inefficiency: decisions made in isolation, increased cost for organization. The reason an information silo exist, is to isolate data in separated information systems. Information system silos arise when either IS supports departmental processes rather than enterprise-level processes. Also when personal and workgroup support applications are created over time. This includes growing organizations, especially by merger and acquisitions. The problems of information silos are duplicated or inconsistent data. Which may be separate supporting applications causing difficulty for two activities. These activities are to reconcile their data, getting approvals will be slow and possibly erroneous Another problem is the lack of integrated enterprise data as a consequence of disjointed systems. The problem of inefficiency results from making decisions in isolation. Finally, Information silos increase costs because of duplicated data, disjointed systems, limited information, and inefficiencies. Information silos solve problems in organizations by isolating data created by workgroup information systems and integrates using enterprise-wide applications. It also isolates data created by information systems at an enterprise level and are integrated into inter-enterprise systems using distributed applications. So it integrates into a single database, revise applications and allows isolation.

Q4: How do CRM, ERP, and EAI support enterprise processes?

Over time, three categories of enterprise applications have emerged: customer relationship management, enterprise resource planning and enterprise application integration. Business Process Reengineering (BPR) is supported by CRM, ERP and EAI because it integrates data. CRM, ERP and EAI uses enterprise processes systems to create stronger, faster, more effective linkages in value chains. It is also difficult, slow, exceedingly expensive to support enterprise processes. Key personnel determine how best to use new technology so it requires high-level expensive skills and considerable time. For instance, a business needs to determine how best to change its processes to take advantage of new capability. Enterprise Application Solutions uses inherent processes which can be consider “Industry Best Practices” and is a predesigned process for using application. Organizations can license software and obtain prebuilt procedures. Customer relationship management is the suite of applications, database, set of inherent processes. It also manages all interactions with customer through four phases of customer life cycle. This includes marketing, customer acquisition, relationship management, loss/churn and supports customer-centric organization. The customer life cycle is an application process of a common customer database. This system eliminates duplicated customer data and removes the possibility of inconsistent data. ERP Applications primary purpose is integration and are an IS based on ERP technology. ERP is a database and a set of inherent processes for consolidating business operations into a single, consistent, computing platform. Enterprise Application Integration connects systems, enables communicating and sharing data. It also provides integrated information, integrated layer on top of existing systems while leaving functional applications “as is and enables gradual move to ERP.

Q5: What are the elements of an ERP system?

There are 5 elements to an ERP system, which includes hardware, ERP application programs, ERP databases, business process procedures and consulting. ERP applications integrate supply chains, manufacturing, CRM, human resources and accounting. There are various ERP solution components such as applications and databases. ERP application programs configurable vendor applications compare to ERP databases. Vendor applications can be altered without changing program code. Set configuration parameters specifying how ERP application programs will operate. ERP databases uses a computer program within database to keep database consistent when certain conditions arise. ERP enforces business rules and stores business processes and procedures.

Q6: What are the challenges of implementing and upgrading enterprise information systems?

 There are five challenges to implementing and upgrading enterprise information systems. The challenges are collaborative management, requirement gaps, transition problems, employee resistance and New technology. Also, implementation is challenging, difficult, expensive, and risky. It is not unusual for enterprise system projects to be well over budget and a year or more late.

Q7: How do inter-enterprise IS solve the problems of enterprise silos?

Q8: 2026?

Companies want to move to lower costs of the cloud, but cannot plunge into new cloud-based solutions without causing considerable organizational turmoil, if not failure. Delicate balance between risk of loss and improvement to processes. Machines able to employ ERP system to schedule own maintenance. ERP customers store most of their data on cloud servers managed by cloud vendors and store sensitive data on their own servers

Chapter 2

Q2-1 What are the Two Key Characteristics of Collaboration?

The difference between cooperation and collaboration is cooperation handles group of people working together on the same task and accomplishing the same objective. Collaboration are groups of people working to achieve a common goal with feedback and iteration. Cooperation lacks those traits so it’s crucial for critical feedback. It’s important to figure out what collaboration characteristics you lack and are great at. The two key characteristics of collaboration is iteration and feedback.

Q2-2 What Are Three Criteria for Successful Collaboration?

The three primary criteria for considering a team’s success is by the outcome, growth in team capability and a meaningful and satisfying experience. Successful outcome is achieving the objectives, make decisions, solve a problem or create a work product. Next is improving the team’s capability overtime by improving overtime on task and asking did we get better? Finally, having a meaningful and satisfying experience by being recognition or having a blast.

Q2-3 What Are the Four Primary Purposes of Collaboration?

The four primary purposes of collaboration are becoming informed, making decisions, solving problems and managing projects. In order to become informed, its required to share data and communicate through interactions. Also to document the data being communicated.

Now decision making has three levels: operational, managerial, and strategic decisions. Operational decisions are about day to day interactions or activities. Managerial decisions decide on the allocation and utilization of resources and strategic decisions support a broad scope, organizational issues. Managerial decisions are sometimes collaborative and strategic decisions mainly are.  The decision process of information systems is classified as structure or unstructured. A structure decision process understands and accepts the method for making the decision. For example, a formula computing the quantity of a reorder item in inventory. Unstructured decision process includes one for which is no agreed on decision making method. For example, predicting the future of the economy or stock market.

Next primary purpose of collaboration is to solve problems; a problem is known as a perceived difference between what is against what ought to be. So it’s crucial to define the problem, identify alternative solutions, specify evaluation criteria, evaluate alternatives, select an alternative and implement solution. Finally, is to manage projects by doing the four phases, the major task of each kind of data a team needs to share. First is the starting phase, by stating the purpose, the roles and ground rules of the project. Second is the planning phase, which is to define activities of who will do what and by when; also the resources that are available. The doing phase are project task that are being accomplished. The finalize phase is to determine completion and write down all feedback or close down project.  

Chapter 1 The Importance of MIS

Chapter 1

Q1-1 Why Is Introduction to MIS the Most Important Class in the Business School

Computers used to be the thing people didn’t like or thought to be abnormal. Now technology is changing the business world fundamentally in its own way.

The Digital Revolution

The information age is a period where primary force in economy is through the production, distribution and control of information. Now the digital revolution is what we are experiencing because we are converting from mechanical devices to actual digital devices. Switching over to digital devices changed everything, from companies to individuals and some weren’t ready for that change. Bells law says these digital devices will evolve every 10 years and create new environments, platforms, programming and networks. Even though digital technology is growing and changing businesses so it’s important to understand what these devices will do. In order to understand the evolving capabilities of digital devices, is knowing every years something is always changing and affecting everything around it.

Fundamental Forces Changing Technology

Moore’s Law: “The number of transistors per square inch on an integrated chip doubles every 18 months” So Bell’s law was misunderstood and Moore’s law concluded that isn’t the computer evolving, its actually the processing power.

Metcalfe’s Law: says as digital devices grow and start to connect together, the network value in those devices will increase. The dramatic rise of the inter web is a great example.  

Nielsen’s Law: States network connections that are used by high speed users will increase by 50 percent a year.

Kryder’s Law: Claims the storage density on digital disks and memory will drastically increase.

This Is the Most Important Class in the School of Business:

If you ever want to become a future business professional, it’s important to know how to be able to access, evaluate and apply IT.

Q1-2 How Will MIS Affect Me?

First thing to know is that technology is changing at an accelerating rate. Since there is technological constantly changing it can affect your job security. So it’s important to develop non-routine cognitive skills and the ability to adapt. There’re 4 non-cognitive routine skills, abstract, systems, collaboration and ability to experiment. Abstract reasoning is constructing a model or representation, like a prototype or something. Systems thinking is when system components show how the components inputs and outputs relate to each other. Collaboration is developing ideas or plans with others and giving or receiving any feedback.  The ability to experiment creates or test using new alternatives and consistent with available resources.

Q1-3 What Is MIS?

Management information systems are used to manage information systems which help organizations help to achieve their strategies. Now information systems (IS) are hardware, software, data, procedures and people that produce information. Compare to information technology where it’s products, methods, inventions, and standards used for the purpose of producing technology. MIS has three key elements: management and use, information systems and strategies. The goals is to manage IS in order to achieve business strategies.

Computer of an Information System:

A system is group of components that interact to achieve some purpose and IS uses a group of components to interact in order to produce information. There are five components: computer hardware, software, data, procedures and people. For example, when you are writing a research for class, you utilize all 5 of these components. These five components are common among all systems and are to mean, develop and maintain.

Q1-4 How Can You Use the Five Component Model

The outermost components hardware, and people can take action and the software and procedure components are both set of instructions. Data is what bridges the gap between human side to computer side. The people or you are the important in the model because we produce the information and not manipulate it. Also another thing is that all component must work together and by using all five components you locate problems and find better solutions. However, going from the computer side of hardware and software to the human side of procedures and people; increases the degree of difficulty of change.

Q1-5 What Is Information?

The common definition is information comes from knowledge derived from data. However, it can also mean when information is presented in a meaningful context. Also information means processing data or data being processed by different means of operations. Lastly, information can be defined as a difference that makes a difference. Graphs are not information because it has data people perceive and use to conceive information.

Q1-6 What Are Necessary Data Characteristics?

The first data characteristic is accuracy, information that needs to be correct and completed data which is process correctly. Secondly, its required that data is timely so it’s available when needed and to keep up the information. Next the data must be relevant both to the context and to the subject. Fourth, it’s necessary to be just sufficient for its purpose but not overloading. Finally, data isn’t free so there cost for developing an IS and operating and maintaining that system.

Q7: 2026

By 2026 most the computer won’t look ordinary computers and smartphones will be changing. In addition, technology will grow so much people may be able to work at home, utilize new technology and access to vas amounts of data.