Chapter 10

Q1: What is the goal of information systems security?

Major elements of IS security is when person or organization seeks to obtain data or other assets illegally, without owner’s permission and often without owner’s knowledge. Vulnerability is the opportunity for threats to gain access to individual or organizational assets; for example, when you buy online, you provide your credit card data, and as data is transmitted over Internet, it is vulnerable to threats. Safeguard, measure individuals or organizations take to block threat from obtaining an asset; not always effective, some threats achieve their goal in spite of safeguards. Target is the asset desired by threat and sources of security threats. Human error examples: (1) employee misunderstands operating procedures and accidentally deletes customer records; (2) employee inadvertently installs an old database on top of current one while doing backing up; (3) physical accidents, such as driving a forklift through wall of a computer room. Computer crime is an intentional destruction or theft of data or other system components Natural disasters are fires, floods, hurricanes, earthquakes, tsunamis, avalanches, other acts of nature; includes initial loss of capability and service, and losses recovery costs. Unauthorized Data Disclosure are common threats associated with unauthorized data disclosure. Faulty service are problems caused by incorrect system operation Usurpation, occurs when computer criminals invade a computer system and replace legitimate programs with their own unauthorized ones that shut down legitimate application and substitute their own processing to spy, steal and manipulate data, or other purposes. Denial of service, humans inadvertently shut down a Web server or corporate gateway router by starting a computationally intensive application. Denial-of-service attacks first starts with malicious hacker intentionally floods a Web server with millions of bogus service requests; secondly, user unintentionally shuts down Web server or corporate gateway router by starting computationally intensive application. Goal of Information Systems Security finds appropriate trade-off between risk of loss and cost of implementing safeguards. In addition, make appropriate trade-offs to protect yourself and your business.

Q2: How big is the computer security problem?

Right now malicious insiders are an increasing problem. Many computer crime studies are based on dubious sampling techniques, and some seem to be written to promote a particular safeguard product.

Q3: How should you respond to security threats?

Computer security professionals run intrusion detection systems to detect attacks. An intrusion detection system (IDS) is a computer program that senses when another computer is attempting to scan or access a computer or network. IDS logs can record thousands of attempts each day so its encourage for companies to fix product vulnerabilities. Serve as educational forum for hackers, developers, manufacturers, and government agencies. Or what Dan recommends The right to be forgotten, “the right under certain conditions to ask search engines to remove links with personal information about them.”

Q4: How should organizations respond to security threats?

Senior management creates company-wide policies and manages risks: what sensitive data will be stored? How will data be processed? Will data be shared with other organizations? How can employees and others obtain copies of data stored about them? How can employees and others request changes to inaccurate data? Specifics of a policy depend on whether the organization is governmental or nongovernmental, publically held or private, organization’s industry, relationship of management to employees, and other factors. An easy way to remember information systems safeguards is to arrange them according to the five components of an information system. Understand the legal requirements, ethical considerations, and business consequences of data acquisition, storage, and dissemination. Use the knowledge of this class to demonstrate two possible ways that data could be stolen at a coffee shop. Then formulate personal principles with regard to data acquisition, storage, and dissemination. In addition, Large, reputable organizations are likely to endorse ethical privacy policy, and have strong and effective safeguards to support that policy. But individuals and small organizations might not.

Q5: How can technical safeguards protect against security threats?

Technical safeguards involve the hardware and software components of an information system or single Sign-on for Multiple Systems. Summary of how SSL/TLS works when you communicate securely with a Web site. Either, your computer obtains public key of Web site to which it will connect, your computer generates a key for symmetric encryption, your computer encodes key using Web site’s public key, then sends encrypted symmetric key to Web site. Also, web site decodes symmetric key using its private key or your computer and Web site communicate using symmetric encryption. With asymmetric encryption, two keys are used; one key encodes the message, and the other key decodes the message. Symmetric encryption is simpler and much faster than asymmetric encryption. Organizations normally use multiple firewalls. Perimeter firewall sits outside organizational network; is first device that Internet traffic encounters. Packet-filtering firewall examines each part of a message and determines whether to let that part pass. To make this decision, it examines source address, destination address(es), and other data. Packet-filtering firewalls can prohibit outsiders from starting a session with any user behind firewall, prohibit traffic from legitimate, but unwanted, addresses, such as competitors’ computers, and filter outbound traffic. No computer should connect to the Internet without firewall protection. Many ISPs provide firewalls for their customers. By nature, these firewalls are generic. Large organizations supplement such generic firewalls with their own. Most home routers include firewalls, and Microsoft Windows has a built-in firewall as well. Third parties also license firewall products. Payload is program code that causes unwanted activity. It can delete programs or data, or modify data in undetected ways. Spyware programs are installed on the user’s computer without the user’s knowledge or permission. It resides in background and, unknown to the user, observes user’s actions and keystrokes, monitors computer activity, and reports the user’s activities to sponsoring organizations. Some malicious spyware, called key loggers, captures keystrokes to obtain usernames, passwords, account numbers, and other sensitive information. Other spyware supports marketing analyses such as observing what users do, Web sites visited, products examined and purchased, and so forth. Most adware is benign in that it does not perform malicious acts or steal data. It does, however, watch user activity and produce pop-up ads. Adware can also change the user’s default window or modify search results and switch the user’s search engine. PRIDE with security in mind; PRIDE will store users’ privacy settings in a database, and it will develop all applications to first read the privacy settings before revealing any data in exercise reports. Most likely, PRIDE will design its programs so that privacy data is processed by programs on servers, which means data need be transmitted over the Internet only when it is created or modified. SQL injection attack SQL code becomes part of database commands issued and improper data disclosure, data damage and loss possible

Q6: How can data safeguards protect against security threats?

Data safeguards protect databases and other organizational data. Two organizational units are responsible for data safeguards. Data administration refers to an organization-wide function that is in charge of developing data policies and enforcing data standards. When organizations store databases in the cloud, all of the safeguards should be part of the service contract. Or a trusted party should have a copy of encryption key/key escrow.

Q7: How can human safeguards protect against security threats?

First thing is to separate duties and authorities, determine least privileges or document position sensitivity. Then Development of human safeguards for employees and need to be made aware of the security policies, procedures, and responsibilities they will have. Companies must establish security policies and procedures for the termination of employees. Public users web sites and other openly accessible information systems must have safeguards. Hardening is a special versions of operating system that lock down or eliminate operating systems features and functions not required by application. Protect such users from internal company security problems. Account management is to create new user accounts, modify existing account permissions, remove unneeded accounts. Improve your relationship with IS personnel by providing early and timely notification of needed account changes. Password management is where users should change passwords every 3 months or less. Help desk management helps set policy for means of authenticating a user. Definition and use of standardized procedures reduces likelihood of computer crime and other malicious activity by insiders. It also ensures system’s security policy is enforced. Security Monitoring Server activity logs or firewall log of Web activities and honeypots for computer criminals to attack.

Q8: How should organizations respond to security incidents?

Every organization should have an incident-response plan as part of the security program. No organization should wait until some asset has been lost or compromised before deciding what to do. The plan should include how employees are to respond to security problems, whom they should contact, the reports to make, and steps to reduce further loss. Finally, identify critical personnel and their off-hours contact information

Q9: 2026?

In 2026, APTs more common so the concern about balance of national security and data privacy could be high. Security on devices will be improved so the skill level of activity increases substantially. In addition, improved security at large organizations and big local “electronic” authorities.

Chapter 9

This chapter considers business intelligence (BI) systems: information systems that can produce patterns, relationships, and other information from organizational structured and unstructured social data as well as from external, purchased data. BI systems to identify patterns, relationships, and other information in organizational structured and unstructured social data, as well as purchased external data. In addition to this data, another rich source of knowledge is employees themselves. Including, vast amounts of collective knowledge exist in every organization’s employees. Business intelligence is the key technology supporting such marketing technology.

Q1: How do organizations use business intelligence (BI) systems?

BI systems are information systems that process operational and other data to identify patterns, relationships, and trends for use by business professionals and other knowledge workers. Five standard IS components are present in BI systems: hardware, software, data, procedures, and people. The boundaries of BI systems are blurry. Typical Uses for BI, identifying changes in purchasing patterns, important life events change what customers buy, entertainment and Netflix has data on watching, listening, and rental habits. Classify customers by viewing patterns, predictive policing and analyze data on past crimes - location, date, time, day of week, type of crime, and related data. Just-in-Time Medical Reporting, Example of real time data mining and reporting. Injection notification services, software analyzes patient’s records, if injections needed, recommends as exam progresses and blurry edge of medical ethics.

Q2: What are the three primary activities in the BI process?

These activities directly correspond to the BI elements and the four fundamental categories of BI analysis are reporting, data mining, BigData, and knowledge management. Push publishing delivers business intelligence to users without any request from the users; the BI results are delivered according to a schedule or as a result of an event or particular data condition. Pull publishing requires the user to request BI results. Data broker/aggregator acquires and purchases consumer and other data from public records, retailers, Internet cookie vendors, social media trackers, and other sources. Data for business intelligence to sell to companies and governments

Q3: How do organizations use data warehouses and data marts to acquire data?

For a small organization, the extraction may be as simple as an Access database. Larger organizations, however, typically create and staff a group of people who manage and run a data warehouse, which is a facility for managing an organization’s BI data. Functions of a data warehouse: obtain data from operational, internal and external databases. Also cleanse data, organize and relate data, catalog data using metadata. The components of a data warehouse. Programs read operational and other data and extract, clean, and prepare that data for BI processing. An organization might use Oracle for its operational processing, but use SQL Server for its data warehouse. Other organizations use SQL Server for operational processing, but use DBMSs from statistical package vendors such as SAS or SPSS in the data warehouse. Purchase of data about other organizations is not unusual or particularly concerning from a privacy standpoint.  However, some companies choose to buy personal, consumer data (like marital status) from data vendors like Acxiom Corporation. The data analysts who work with a data warehouse are experts at data management, data cleaning, data transformation, data relationships, and the like. However, they are not usually experts in a given business function. A data mart is a subset of a data warehouse. A date mart addresses a particular component or functional area of the business.

Q4: How do organizations use reporting applications?

A reporting application is a BI application that inputs data from one or more sources and applies reporting operations to that data to produce business intelligence. Create meaningful information from disparate data sources. Deliver information to user on time through basic operations: sorting, filtering, grouping, calculating and formatting. RFM considers how recently (R) a customer has ordered, how frequently (F) a customer ordered, and how much money (M) the customer has spent. Produce an RFM score, a program sorts customer purchase records by date of most recent (R) purchase, divides sorts into quintiles, and gives customers a score of 1 to 5. Process is repeated for Frequently and Money.

Q5: How do organizations use data mining applications?

Sources of discipline in data mining are AI machine learning, data management technology, sophisticated marketing, finance and other business professionals. Also cheap computer processing and storage, huge databases and statistical mathematics.  Unsupervised data mining consists of a hypothesis or model. Findings obtained solely by data analysis and hypothesized model created to explain patterns found. Cluster analysis is statistical technique to identify groups of entities with similar characteristics; used to find groups of similar customers from customer order and demographic data. Supervised data mining uses a priori model and prediction such as regression analysis. Market-basket analysis is an identify sales patterns in large volumes of data, identify what products customers tend to buy together. Computes probabilities of purchases, identify cross-selling opportunities and ssociation analysis important part in shopping basket data analysis. Basic idea of a decision tree is to select attributes most useful for classifying entities. Select attributes most useful for classifying “pure group” and hierarchical arrangement of criteria to predict a value or classification.

Q6: How do organizations use BigData applications?

Big Data is a term used to describe data collections that are characterized by huge volume, rapid velocity, and great variety. Huge volume is a petabyte and larger then rapid velocity is generated rapidly. Great variety is structured data, free-form text, log files, graphics, audio, and video. Technique for harnessing power of thousands of computers working in parallel. BigData collection is broken into pieces, and hundreds or thousands of independent processors search these pieces for something of interest. BigData has volume, velocity, and variation characteristics that far exceed those of traditional reporting and data mining. Experts are required to use it; you may be involved, however, in planning a BigData study or in interpreting results.

Q7: What is the role of knowledge management systems?

Knowledge Management (KM) is creating value from intellectual capital and sharing knowledge with those who need that capital. Preserving organizational memory by capturing and storing lessons learned and best practices of key employees. Benefits of Knowledge Management is to improve process quality, increase team strength. The goal is to nable employees to use organization’s collective knowledge. Expert systems are rule-based systems that encode human knowledge as If/Then rules and programs that process a set of rules. The few expert systems that have been successful have addressed more restricted problems than duplicating a doctor’s diagnostic ability. They address problems such as checking for harmful prescription drug interactions and configuring products to meet customer specifications. These systems require many fewer rules and are therefore more manageable to maintain. Content Management Systems Support management and delivery of documents, other expressions of employee knowledge.

Q8: 2026?

In 2026, exponentially more information about customers, better data mining techniques. As companies buy and sell your purchasing habits and psyche. Singularity are when computer systems adapt and create their own software without human assistance. In the end, Machines will possess and create information for themselves

Chapter 8

The chapter discusses rapid technological change is to learn and understand underlying principles. It also focuses on principles, conceptual frameworks, and models that will be useful to address the opportunities and risks of social media systems in early years of your professional career.

Q1: What is a social media information system (SMIS)?

Social media IT is for sharing content among networks of users, enables communities of practice and people related by a common interest. Social media information system (SMIS) is sharing content among networks of users. Social has several convergences of many disciplines such as psychology, sociology, computer science, MIS, marketing and organizational theory.  There are three SMIS roles that are consist within social media. Social Media Providers such as Facebook, Google+, LinkedIn, Twitter, Instagram, and Pinterest platforms are attracting, targeting demographic groups, users, individuals and organizations and communities. In addition, mutual interests that transcend familial, geographic, and organizational boundaries. Companies hire staff to maintain their SM presence, promote their products, build relationships, and manage their image. Depending on how organizations want to use SM, they can be users, providers, or both. Five components of SMIS and the SM User communities start with Community A - first-tier community of users with direct relationship to the site.  User 1 belongs to three communities — A, B, and C. Communities B–E - second-tier communities intermediates by a first-tier user.  Then the number of second and higher tier community members grows exponentially. After, exponential nature of relationships offers sponsoring organizations both a blessing and a curse. If social media site wants pure publicity, will need viral hook to relate to as many communities as possible.

Q2: How do SMIS advance organizational strategy?

Learn the relationship of information systems to organizational strategy because Strategy determines value chains, Value chains determine business processes, processes determine SMIS requirements. How do value chains determine dynamic processes? Dynamic process flows cannot be designed or diagrammed. SM fundamentally changes balance of power among users, communities, and organizations. Social media contributes to five primary value chain activities and to human resources support activity. General framework by which organizations can accomplish their strategy via a dynamic process supported by SMIS. Organizations controlled their relationships with customers using structured processes and related information systems. In fact, the primary purpose of traditional CRM was to manage customer touches. Customers search content, contribute reviews and commentary, ask questions, create user groups, and not centered on customer lifetime value. Social Media and Customer Service as many organizations struggle to make the transition from controlled, structured, traditional CRM processes to wide-open, adaptive, dynamic social CRM processes. Relationships emerge from joint activity, customers have as much control as companies. Product users freely help each other solve problems, selling to or through developer networks most successful. Peer-to-peer support risks loss of control. Social Media and Manufacturing and Operations Improves communication channels within organization and externally with consumers, design products, develop supplier relationships, and operational efficiency.

Q3: How do SMIS increase social capital?

The Value of social capital is number of relationships, strength of relationships, resources controlled and adds value in four ways: information, influence, social credentials, personal reinforcement, capital, investment of resources for future profit. The types of business capital are physical capital: produce goods and services. Human capital is human knowledge and skills investments. Social capital is social relations with expectation of marketplace returns. Relationships in social networks can: Provide information about opportunities, alternatives, problems, and other factors important to business professionals. Provide an opportunity to influence decision makers who are critical to your success. Be a form of social credential. Reinforce a professional’s image and position in an organization or industry and using Social Networking to increase the number of relationships growing social networks organizations have social capital just as humans do. Discuss how could a photographer use SM to communicate a wedding experience using text, pictures, and video instantly to everyone in your social network. Growing social networks uses organizations have social capital just as humans do. Discuss how could a photographer use SM to communicate a wedding experience using text, pictures, and video instantly to everyone in your social network, Strength of a relationship is the likelihood other entity will do something that benefits your organization. Positive reviews, post pictures using organization’s products or services, tweet about upcoming product releases, and so on. Strengthen relationships by asking someone to do you a favor. Frequent interactions strengthen relationships will weaken the strength social relationships by continually freeloading, declining requests for help, and failing to spend time with friends. Using Social Networks to connect to those with more resources Social Capital = Number of Relationships × Relationship Strength × Entity Resources. Huge network of people with few resources less valuable than a smaller network of people with substantial resources. Resources must be relevant and most organizations ignore value of entity assets.

Q4: How do (some) companies earn revenue from social media?

Processing time, data communication, and data storage may be cheap, but they still cost something. Hyper-social organization Transform interactions with customers, employees, and partners into mutually satisfying relationships with them and their communities. The two most common ways SM companies generate revenue are advertising and charging for premium services. Revenue models for social media Pay-per-click use to increases value. Freemium offers users a basic service for free, and then charges a premium for upgrades or advanced features. Also sales that use apps and virtual goods, affiliate commissions, donations. Conversion rate frequency someone clicks on ad makes a purchase, “likes” a site, or takes some other action desired by advertiser.

Q5: How do organizations develop an effective SMIS?

Focus on being cost leader or on product differentiation, industry-wide or segment focus and premeditated alignment of SMIS with organization’s strategy. Create a process of developing a practical plan to effectively use existing social media platforms. Success metrics or key performance indicators (KPI). Metrics are simply measurements used to track performance and don’t improve your decision making are commonly referred to as vanity metrics

Q6: What is an enterprise social network (ESN)?

ESN is a software platform uses SM to facilitate cooperative work of people within an organization. Improve communication, collaboration, knowledge sharing, problem solving, and decision making. Enterprise 2.0 uses of emergent social software platforms within companies, or between companies, partners or customers. The application of social media to facilitate cooperative work of people inside organizations. Can be used to enable people to share knowledge and problem-solving techniques. Communication channels within corporations changed in equally dramatic ways and using ESNs, employees can bypass managers and post ideas directly for CEO to read. Quickly identify each organization, still learning how to use and deploy ESNs. Develop strategic plan for using SM internally via same process as used for external social media use and assess likelihood of employee resistance.

Q7: How can organizations address SMIS security concerns?

Organizations and executives no longer plan and control organizational messaging. Such messaging emerges via a dynamic, SM-based process. Ask students what they think about that. Develop and publicize social media policy. Delineate employees’ rights and responsibilities: disclose, protect, use common Sense and managing the risk of Inappropriate content. Organizations should regularly monitor the site and remove objectionable material.  Monitoring can be done by employees or by companies, which offer services not only to collect and manage ratings and reviews, but also to monitor sites for irrelevant content. For example: User-generated content (UGC), problems from external sources, junk and crackpot contributions, inappropriate content, unfavorable reviews and mutinous movements. Its monitor by employees or use outsource service who are responding to Social networking problems responses are best reserved for when the problematic content has caused the organization to do something positive as a result. Comments by crackpots, have nothing to do with the site, or contains obscene or otherwise inappropriate content. Internal Risks from Social Media are threats to information security, increased organizational liability, decreased employee productivity Directly affect ability to secure information resources

Q8: 2026?

Social media means customers use all the vendor’s touch points they can find to craft their own relationships. New mobile devices with innovative mobile-device UX, coupled with dynamic and agile information systems based on cloud computing and dynamic virtualization. Organization the endoskeleton, supporting the work of people on the exterior. Employees craft own relationships with their employers. Big Data = Big Money, personal data illegally accessed by criminals and sold on black market to other nefarious characters; or legally accessed by companies and sold to other companies. Understand importance and value of personal brand, social media presence one component of a professional brand. Traditional sources of personal branding, like personal networks of face-to-face relationships, important.