Monday, March 22, 2010
Chapter 4: Ethics and Information Security
Ethics are the principles and standards that guide our behaviour towards other people. The ethical issues surround technology include:
> Intellectual property - the collection of rights that protect creative and intellectual effort.
> Copyright - the exclusive right to do, or omit to do, certain acts with intangible property such as a song, video game and some types of proprietary documents.
> Fair use doctrine - in certain situations, it is legal to use copyrighted material.
> Pirated software - the unauthorised use, duplication, distribution, or sale of copyrighted software.
> Counterfeit software - software that is manufactured to look like the real thing and sold as such.
> Privacy - the right to be left alone when you want to be, to have control over your own personal possessions, and not to be observed without your consent.
2. Describe the relationship between an 'email privacy policy' and an 'Internet use policy'.
An email privacy policy details the extent to which email messages may be read by others. Organisations can mitigate the risks of email and instant messaging communication tools by implementing and adhering to an email privacy policy. Organisations should have a policy that clearly sets out how employees may use email and the Internet for private and non-employment purposes. Email privacy policy stipulations include; describes the legitimate grounds for reading someone's email and the process required before such action can be taken, explains the backup procedure so users will know that at some point, even if a message is deleted from their computer, it will still be on the backup media, and it defines who legitimate email users are.
An Internet use policy contains general principles to guide the proper use of the Internet within an organisation. The policy describes available Internet services, defines the purpose and restriction of Internet access, complements the ethical computer use policy, describes users responsibilities and states the ramification for violations.
3. Summarise the five steps to creating an information security plan.
Step 1: Develop the information security policies - identify who is responsible and accountable for designing and implementing the organisation's information security policies. E.g policies requiring users to log off their systems before leaving the office.
Step 2: Communicate the information security policies - train all employees on the policies and establish clear expectations for following policies. E.g. Let employees know that they will receive a formal reprimand for leaving a computer unsecured.
Step 3: Identify critical information assets and risks - require the use of user IDs, password and antivirus software on all systems. Ensure any systems that contain links to external networks have the appropriate technical protections such as firewalls or intrusion detection software.
Step 4: Test and re-evaluate risks - continually perform security reviews, audits, background checks and security assessments.
Step 5: Obtain stakeholder support - gain the approval and support of the information security polices from the board of directors and all stakeholders.
4. What do the terms; authentication and authorization mean, how do they differ, provide some examples of each term.
Authentication is a method for confirming users' identities. Once a system determines the authentication of a user, it can then determine the access privileges (or authorisation) for that user. The most secure type of authentication involves: something the user knows, something the user has and something that is part of the user.
Authorisation is the process of giving someone permission to do or have something. In multiple-user computer systems, user access or authorisation determines such things as file access, hours of access and amount of allocated storage space.
5. What are the five main types of security risks, suggest one method to prevent the severity of risks?
The five main types of security risks are:
Human error - not malicious and done by humans. Acts include tailgating, carelessness with laptops and portable computing devices, poor password selection and opening questionable e-mails.
Natural disasters - such as floods, earthquakes and terrorist attacks.
Technical failures - software bugs and hardware crashes
Deliberate acts - sabotage and white collar crimes
Management failure - lack of procedure, documentation and training.
Sunday, March 21, 2010
Chapter 3: eBusiness
IP Address – an Internet Protocol (IP) address is a numerical tag that is assigned to devices in a computer network that uses the Internet Protocol to communicate between nodes (a connection point). There are two main functions of an IP address
- To network or host interface indentification
- To locate addressing (two types of addressing; logical and physical).
2. What is Web 2.0, how does it differ from 1.0?
Web 2.0 is a set of economic, social and technological trends that collectively form the basis for the next generation of the Internet, making it more mature, distinctive medium characterised by user participation, openness and network effects. Those who act on the Web 2.0 opportunity stand to gain an early-mover advantage in their markets.
Web 1.0 was created in 1991 and refers to the state of the Wide Web and any website design style used before the Web 2.0.
3. What is Web 3.0?
There have been many debates over how to define Web 3.0, with many people having mixed views on it. A suitable definition is "a highly specialised information silo that is moderated by a cult of personality, validated by the community, and put into context with the inclusion of meta-data through widget." (SOURCE) Web 3.0 encompasses one or more of the following:
> Transforming the web into a database;
> An evolutionary path to artifical intelligence;
> The realisation of semantic web and service-oriented architecture;
> Evolution towards 3D
4. Describe the different methods an organization can use to access information
There are three different methods an organization can use to access information: intranets, extranets and portals.
Intranet – private section of the internet used by companies for internal means. Eg HR forms, finance forms.
Extranet – like an intranet however an extranet you can invite fellow partners along the supply chain (producer to retailer) so you can share data easier between companies.
Portals – web page that combines many systems to appear on the one page. Various systems feeding data into one page. Information should be tailored to the person coming in.
5. What is eBusiness, how does it differ from eCommerce?
eBusiness is the conduct of business on the Internet, not only buying and selling but also servicing customers and collaborating with business partners. One of the first to use the term was IBM, when, in October, 1997, it launched a thematic campaign built around the term. eBusiness differs from eCommerce as eCommerce is the buying and selling of goods over the internet, where as eBusiness contains eCommerce and is the broader term.
6. List and describe the various eBusiness models
Business to Business (B2B) - Applies to businesses buying from and selling to each other over the internet.
Business to Consumer (B2C) - Applies to any business that sells its products or services to consumers over the Internet.
Consumer to Business (C2B) - Applies to any consumer that sells a product or service to a business over the Internet.
Consumer to Consumer (C2C) - Applies to sites primarily offering goods and services to assist consumers interacting with each other over the internet.
7. List 3 metrics would use if you were hired to assess the effectiveness and the efficiency of an eBusiness web site?
Three metrics that can assess the effectiveness and the efficiency of an eBusiness web site is number of page views, types of visitors and how long people spend on a site.
8. Outline 2 opportunities and 2 challenges faced by companies doing business online
Two opportunities are: 1) Your operation has gone from being open from 9am - 5pm, 5 days a week to being open 24 hours a day, 7 days a week. Not only is it open 24/7, It is also available to people world wide, not just in the area where your shop is located. 2) Your business can still operate even when no one is there, and you can save money on shop keeping expenses, such as wages and rent.
Two challenges face are: 1) Protecting your customers security. With people purchasing online, credit card details and passwords are used in nearly every transaction. Trying to keep these passwords and numbers safe can be very complicated. 2) It is very hard for the customer to return the goods if not satisfied, which is very easy to do if there is a physical shop. There can also be mix ups with currency, languages and taxation laws.
Chapter 2: Stategic Decision Making
1. Define TPS & DSS, and explain how an organisation can use these systems to make decisions and gain competitive advantages.
TPS - Transaction Processing Systems is a type of information system that collects, stores, modifies and retrieves the data transactions of an enterprise. The success of enterprises depend on the reliable processing of transactions to ensure that customer orders are met on time, that they can make payment and that partners and suppliers are paid.
DDS - Decision Support System is a class of information systems that support business and organizational decision-making activities. A properly designed decision support system is an interactive software-based system intended to help decision makers compile useful information from a combination of raw data, personal knowledge, documents, or business models to identity and solve problems and make decisions.
2. Describe the three quantitative models typically used by decision support systems.
Three quantitative models often used by DDS include:
1. Sensitivity analysis – study of the impact that changes in one (or more) parts of the model have on other parts of the model. Users change the value of one variable repeatedly and observe the resulting changes in other variables.
2. What-if analysis - checks the impact of a change in an assumption on the proposed solution.
3. Goal-seeking analysis - finds the inputs necessary to achieve a goal such as a desired level of output.
3. Describe a business processes and their importance to an organisation.
A business process is a standardised set of activities that accomplish a specific task, such as processing a customers order. Business processes transform a set of inputs into a set of outputs for another person or process by using peoples and tools.
4. Compare business process improvement and business process re-engineering.
Business Process Improvement - is paramount in order to stay competitive in today’s electronic marketplace. Organisations must improve their business processes because customers are demanding better products and services. Business process improvement attempts to understand and measure the current process and make performance improvements accordingly.
Business Process Re-engineering - the analysis and redesign of workflow within and between enterprises. BPR relies on a different school of thought than business process improvement. In the extreme, BPR assumes that the current process is irrelevant, does not work, or is broken and must be overhauled from scratch. Such a clean slate enables business process designers to disassociate themselves from today’s process and focus on a new process.
5. Describe the importance of business process modelling (or mapping) and business process models.
Business Process Modelling (or mapping) - is the activity of creating a detailed flowchart or process map of a work process, showing its inputs, tasks and activities in a structured sequence.
Business Process Model - is a graphic description of a process, showing the sequence of process tasks, which is developed for a specific purpose and from a selected viewpoint. A set of one or more process models details the many functions of a system or subject area with graphics and text. The purpose of a process model is to:
>Expose process detail gradually and in a controlled manner;
>Encourage conciseness and accuracy in describing the process model
>Focus attention on the process model interfaces;
>Provide a powerful process analysis and consistent design vocabulary.