Chapter 8

SECURING INFORMATION SYSTEMS

1. Why systems are vulnerable
Information systems face vulnerabilities due to various factors:

1. Network Accessibility: Open networks provide easy access, making them vulnerable to unauthorized
misuse.
2. Hardware Issues: Breakdowns, configuration errors, and physical damage, whether from improper use
or crime, pose risks.
3. Software Issues: Errors in programming or installation, as well as unauthorized modifications, can
weaken security.
4. Disasters: Natural events like floods or power outages may disrupt system operations.
5. External Network Use: Utilizing networks or devices outside the organization makes it challenging to
maintain control and security.
6. Loss and Theft of Devices: Portable devices such as laptops and phones are susceptible to being lost or
stolen, putting sensitive information at risk.

2. Types of malicious software

Malicious software, or malware, is software designed to harm a computer, network, or server, or to steal
sensitive information. Cybercriminals, also known as hackers, develop malware to gain access to a
network and its devices.
Here are sentences using the types of malicious software (malware):
1. Viruses: The computer became infected with a virus after downloading an email attachment from
an unknown source.
2. Worms: A worm spread through the company's network, causing severe disruptions to all
connected devices.
3. Trojan Horses: The Trojan horse disguised itself as a legitimate software update but secretly
installed harmful programs.
4. Spyware: The device was infected with spyware, which secretly tracked and recorded the user's
browsing activities.
5. Keyloggers: A keylogger was found on the employee's computer, capturing sensitive information
like login credentials.
6. Ransomware: The company’s files were encrypted by ransomware, and the attackers demanded
a large sum of money for the decryption key.
 7. SQL Injection Attacks: The hacker used an SQL injection attack to exploit vulnerabilities in the
website's database and steal customer data.
8. Adware: The user’s device was slowed down by adware, which kept displaying pop-up ads even
when not browsing the internet.

3. Types of hacking activities

Hacking is the act of gaining unauthorized access to a computer system or network to exploit
vulnerabilities. Hacking is not always a malicious act, but it is most commonly associated with illegal
activity and data theft by cyber criminals.
Here are sentences using the common types of hacking activities:
1. System Intrusion: The hacker gained system intrusion by exploiting a vulnerability in the
software, stealing sensitive customer data.
2. System Damage: The cybercriminal caused system damage by deploying a malicious script that
corrupted critical files.
3. Cybervandalism: The group engaged in cybervandalism, defacing the company’s homepage
with offensive messages.
4. Spoofing: Misrepresenting oneself by using fake e-mail addresses or masquerading as someone
else– Redirecting Web link to address different from • Sniffer intended one, with site
masquerading as intended destination
5. Sniffing: The hacker was caught using sniffing tools to capture sensitive data, such as passwords
and credit card numbers, from the network.
6. Denial-of-Service (DoS) Attacks: The website went offline due to a Denial-of-Service (DoS)
attack, which overwhelmed the server with requests.
7. Distributed Denial-of-Service (DDoS) Attacks: A Distributed Denial-of-Service (DDoS) attack
caused the online store’s website to crash, leaving it inaccessible to customers.
8. Phishing: The company warned its employees about phishing emails, which trick users into
revealing their login credentials.
9. Pharming: The cybercriminal used pharming to redirect users to fake bank websites, where they
unknowingly entered their personal information.
10. Click Fraud: The marketer was accused of click fraud after his ads were repeatedly clicked by
automated bots to inflate ad revenue.

4. What is computer crime

“any violations of criminal law that involve a knowledge of computer technology for their perpetration,
investigation, or prosecution”
– Computer may be target of crime, e.g.:
• Breaching confidentiality of protected computerized data
• Accessing a computer system without authority
– Computer may be instrument of crime, e.g.:
• Theft of trade secrets
• Using e-mail for threats or harassment

5. Tools and technologies for protecting information systems security.

Protecting information systems security is crucial to safeguard sensitive data, maintain trust, and ensure
business continuity. Tools and technologies help prevent unauthorized access, detect threats, and
minimize risks like data breaches, system failures, or financial losses.
1) Identity management software–
 Automates keeping track of all users and privileges–
 Authenticates users, protecting identities, controlling access

2) Authentication–
 Password systems
 Tokens
 Smart cards
 Biometric authentication

3) Firewall:
Combination of hardware and software that prevents unauthorized users from accessing private networks
Technologies include:
 Static packet filtering
 Network address translation (NAT)
 Application proxy filtering

4) Intrusion detection systems:

 Monitor hot spots on corporate networks to detect and deter intruders
 Examines events as they are happening to discover attacks in progress

5) Antivirus and antispyware software:

 Checks computers for presence of malware and can often eliminate it as well
 Require continual updating
6) Unified threat management (UTM) systems

7) Securing wireless networks:

—WEP security can provide some security by-
 Assigning unique name to network's SSID and not broadcasting SSID
 Using it with VPN technology

—Wi-Fi Alliance finalized WAP2 specification, replacing WEP with stronger standards
  Continually changing keys
 Encrypted authentication system with central server

8) Encryption:
—Transforming text or data into cipher text that cannot be read by unintended recipients
—Two methods for encryption on networks
 Secure Sockets Layer (SSL) and successor Transport Layer Security (TLS)
 Secure Hypertext Transfer Protocol (S-HTTP)
9) Two methods of encryption
— Symmetric key encryption
 Sender and receiver use single, shared key
— Public key encryption
 Uses two, mathematically related keys: Public key and private key
 Sender encrypts message with recipient's public key
 Recipient decrypts with private key

10) Digital certificate:

 Data file used to establish the identity of users and electronic assets for protection of online
transactions
 Uses a trusted third party, certification authority (CA), to validate a user's identity
 CA verifies user's identity, stores information in CA server, which generates encrypted digital
certificate containing owner ID information and copy of owner's public key
11) Public key infrastructure (PKI)
 Use of public key cryptography working with certificate authority
 Widely used in e-commerce
 Chatpter 09

 1. How does enterprise system work?

 Enterprise systems use connected software modules and a central database. This setup allows
different parts of a business to share data and work together more easily across the whole
organization.

Centralized Databasae

Finance &
Accounting
• Cash on hand
• Accounts receivable
• Customer credit
Sales & • Revenue Human
Marketing Resources
• Orders Centralized • Hours worked
• Sales forecasts Database  .Labor cost
• Return requests • Job skills
• Price changes

Manufacturing &
Production
• Materials
• Production schedules
• Shipment dates
• Production capacity
. Purchases

 2. How does supply chain work?

 Supply chain: – Network of organizations and processes for:
 • Procuring raw materials
 • Transforming them into products
 • Distributing the products
 • Upstream supply chain: – Firm’s suppliers, suppliers’ suppliers, processes for managing
relationships with them
 • Downstream supply chain: – Organizations and processes responsible for delivering products
to customers

3. Supply chain management system

Supply chain management systems help suppliers, buyers, distributors, and delivery companies
share information automatically about orders, production, inventory, and deliveries. This helps
them get materials, make products, and deliver goods more efficiently. These systems connect
different companies, making it easier to share information across company lines.

 4. Push and pull model.

 The **Push and Pull Models** in supply chain management are two different ways products
move through the supply chain, based on when and why they are made and sent out.
 1. **Push Model (Build-to-Stock)**:
 - In the push model, products are made based on expected demand. Companies estimate how
much of a product people will want, then make and store it in advance.
 - This model "pushes" products from production to storage and finally to distribution centers
or stores.
 - **Benefits**: Allows for making products in bulk, often lowering costs per unit.
 - **Challenges**: If the demand predictions are wrong, it can lead to too much inventory or
not enough, causing waste or missed sales.

 2. **Pull Model (Demand-Driven)**:
 - In the pull model, products are made only after a customer places an order. This means the
company "pulls" products through the supply chain based on real orders instead of predictions.
 - This model depends on quick responses to customer orders and adjustments to supply chain
activities.
 - **Benefits**: Helps reduce extra inventory and storage costs and better matches production
with current demand.
 - **Challenges**: Requires a flexible supply chain and can cause delays if there are any hold-
ups or if materials aren’t immediately available.

 Sometimes companies use a **hybrid approach**, where they make some products in advance
(push) but only produce more customized or time-sensitive items when ordered (pull). This mix
combines the predictability of the push model with the flexibility of the pull model to meet

demand efficiently.

 5. Explain CRM system.
 Knowing the customer
 – In large businesses, too many customers and too many ways customers interact with firm
 Customer relationship management (CRM) systems
 – Capture and integrate customer data from all over the organization
 – Consolidate and analyze customer data
 – Distribute customer information to various systems and customer touch points across
enterprise
 – Provide single enterprise view of customer



 6. CRM software capabilities.
 CRM SOFTWARE CAPABILITIES The major CRM software products support business processes in
sales, service, and marketing, integrating customer information from many different sources.
Included are support for both the operational and analytical aspects of CRM.


 7. Operational and analytical CRM.
 **Operational and Analytical CRM** are two main types of Customer Relationship Management
(CRM) systems:

 1. Operational CRM:
 - Focuses on customer-facing activities, such as sales, customer service, and marketing.
 - It includes tools for **sales force automation** (managing sales contacts and tracking sales),
**call center and customer service support** (handling customer issues and requests), and
**marketing automation** (managing marketing campaigns).
 - The goal of operational CRM is to streamline and improve direct interactions with customers,
making day-to-day tasks easier for employees who interact with customers.

 2. Analytical CRM
 - Analyzes customer data collected from various sources, including operational CRM.
 - Uses data warehouses and analytical tools to gain insights into customer behavior,
preferences, and buying patterns.
 - Helps in identifying trends, understanding customer needs, and making better business
decisions.
 - Analytical CRM is focused on using data to improve overall customer satisfaction and
enhance marketing and sales strategies by predicting customer needs and preferences.

Chapter : 12
1.Types of decision characteristics?
ANSWER: Types of decisions :
Unstructured: Decision maker must provide judgment, evaluation, and insight to solve problem.
Structured: Repetitive and routine; involve definite procedure for handling so they do not have
to be treated each time as new.
Semistructured: Only part of problem has clear-cut answer provided by accepted procedure.

Senior managers:Make many unstructured decisions

E.g. Should we enter a new market?

Middle managers:Make more structured decisions but these may include unstructured
components
E.g. Why is order fulfillment report showing decline in Minneapolis?

Operational managers, rank and file employeesMake more structured decisions

E.g. Does customer meet criteria for credit?
2. Decision making process?
ANSWER: The 4 stages of the decision making process
Intelligence Discovering, identifying, and understanding the problems occurring in the
organization
DesignIdentifying and exploring solutions to the problem
Choice Choosing among solution alternatives
ImplementationMaking chosen alternative work and continuing to monitor how well solution is
working

3,Business Intelligence Environment?

ANSWER: Six elements in the business intelligence environment

1. Data from the business environment

2. Business intelligence infrastructure

3. Business analytics toolset

4. Managerial users and methods

5. Delivery platform - MIS, DSS, ESS

6. User interface
4.Managerial Role and Supporting Information System?

ANSWER:

1. Interpersonal Roles

Roles: Figurehead (representing the organization), Leader (guiding and motivating

staff), Liaison (building networks).

o Supporting Systems: Telepresence systems (virtual meetings), Smartphones

(instant communication), Social Networks (relationship building).
2. Informational Roles
o Roles: Nerve Center (gathering information), Disseminator (sharing information
internally), Spokesperson (sharing information externally).
o Supporting Systems: MIS (Management Information Systems for reports), ESS
(Executive Support Systems for insights), Webinars, Telepresence (virtual
presentations).
3. Decisional Roles
o Roles: Entrepreneur (initiating change), Disturbance Handler (solving problems),
Resource Allocator (managing resources), Negotiator (reaching agreements).
o Supporting Systems: Business Intelligence (analyzing data for decisions).
5.Balance scorecard method?
ANSWER: Balanced scorecard method:
Measures outcomes on four dimensions:
1. Financial
2 .Business process
3 Customer.
4. Learning & growth
Key performance indicators (KPIs) measure each dimension
Balanced scorecard method:
• A framework for operationalizing a firm's strategic plan.
 Chapter : 13
1. Types of organizational change?
Answer:
Structural organizational changes enabled by IT
1. Automation
• Increases efficiency
• Replaces manual tasks
2. Rationalization of procedures
• Streamlines standard operating procedures
• Often found in programs for making continuous
quality improvements
Total quality management (TQM)
Six sigma
Structural organizational changes enabled by IT
3. Business process redesign
• Analyze, simplify, and redesign business processes
• Reorganize workflow, combine steps, eliminate repetition
4. Paradigm shifts
• Rethink nature of business
• Define new business model
• Change nature of organization
2.System development process?

Answer: System Development Process: The six core activities in developing a system are:

 Systems Analysis: Identifying the problem, specifying solutions, and determining

information requirements.
 Systems Design: Crafting the system's technical and functional specifications.
 Programming: Translating design specifications into software code.
 Testing: Ensuring functionality and reliability (e.g., unit testing, system testing,
acceptance testing).
 Conversion: Transitioning from the old system to the new one using strategies like
parallel, direct cutover, pilot study, or phased approach.
 Production and Maintenance: Operating the system, reviewing for improvements, and
maintaining it to address issues or new requirements
3. Different strategy of conversion?

Answer: Parallel Strategy: Running both the old and new systems simultaneously until
confidence in the new system is achieved.

Direct Cutover: Completely replacing the old system with the new one on a specific date.
Pilot Study: Implementing the system in a limited part of the organization initially.
Phased Approach: Introducing the new system in stages, either by function or organizational
unit.
4. Principal methodology for designing (structure)?
Answer:

5. Alternative method of building information system?

Answer:  Traditional Systems Life-Cycle: A phased, waterfall approach suitable for large,
complex systems.

Prototyping: Rapidly building an experimental system for evaluation and iterative

refinement.
End-User Development: Enabling end-users to create systems with minimal technical help.
Application Software Packages: Using pre-developed software tailored to specific needs.
Outsourcing: Employing external providers to design, create, or host systems