Information Systems Chapter 11 Quiz

Questions and Answers

Which of the following is not a general approach to acquiring information processing functionalities?

• System selection and acquisition
• Custom design and development
• End-user development
• Open source development (correct)

What are the key steps during the implementation phase of the Systems Development Life Cycle (SDLC)?

• Programming, Testing, Installation
• Investigation, Installation, Operations
• Installation, Operations, Maintenance (correct)
• Design, Development, Deployment

Which phases of the systems development life cycle (SDLC) differ most substantially from the system selection process?

• Build
• Testing
• Definition
• A and B (correct)

What is one of the principal risks associated with information system outsourcing?

Hidden coordination costs (C)

How does technology change influence an organization over time?

It impacts structure and strategy. (D)

What is an overlooked aspect that can critically affect business success?

Information systems functionality (C)

Which is a challenge typically faced in coordinating with an outsourced provider?

Hidden coordination costs (B)

What is one key benefit of purchasing off-the-shelf software?

Faster roll-out and implementation process (A)

Which phase follows the definition phase in the software selection process?

Build phase (A)

In the parallel installation approach, how are the old and new systems managed?

They are run simultaneously for a limited time (B)

What is the main goal of knowledge infusion by software vendors?

To incorporate best practices into application code (A)

What is true about the pilot installation approach?

It involves a test run in a single business unit before wider rollout (A)

What approach is described as the most radical during software installation?

Direct (D)

Which term refers to creating a model to gather user input for interface design?

Prototyping (C)

One significant benefit of end-user development is:

Increased speed of development (C)

What is one benefit of end-user development for end-users?

They can be more satisfied with the results. (B)

Which risk is associated with unreliable quality standards in end-user development?

Inexperienced end-users might not follow rigorous development stages. (C)

What is meant by the term 'make and buy' in software development?

Configuring or customizing off-the-shelf software before implementation. (A)

How can end-user development increase the pressure on the IS function?

End-users create more requests for development support. (C)

What is the primary goal of technical feasibility analysis?

To ensure the system's viability from a technology standpoint. (D)

Which analysis ensures that a proposed new system is justifiable based on a cost benefit analysis?

Economic feasibility analysis. (A)

What is a risk associated with the high incidence of errors in end-user developed applications?

End-users may overlook documentation and testing. (A)

What is a potential continuity risk in end-user development?

The original developer may be the only one capable of maintaining the software. (A)

What is the primary goal of Customer Relationship Management (CRM)?

To analyze customer behavior using data (A)

What advantage does open source software have regarding costs?

Lower switching costs compared to proprietary software (A)

Which of the following is a disadvantage of open source applications?

Security vulnerabilities due to open access to the code (D)

What does behavioral feasibility assess in a new system?

The likelihood of user adoption and acceptance (A)

What characteristic commonly associated with enterprise systems could pose challenges?

Complex integration processes (B)

Why should security be a consideration for managers?

Is likely to remain underfunded (A)

What does the term 'Robustness' mean in the context of open source applications?

Refers to enhancements made by individual developers (D)

What is a potential issue with the support of open source software?

Support quality can vary significantly (D)

What distinguishes a Trojan Horse from other types of malware?

It delivers a hidden, malicious payload after installation. (A)

Which principle of Fair Information Practices emphasizes the right of individuals to know how their data is used?

Notice (D)

What is the primary function of worms in the context of computer security?

To replicate themselves and overwhelm network resources. (C)

Which of the following best describes spyware?

Software that monitors behavior and may transfer personal information. (B)

What is the goal of a Denial-of-Service Attack?

To overwhelm an online service and force it offline. (C)

The principle of harm minimization in an Ethics Code of Conduct is primarily focused on which aspect?

Reducing potential negative impacts on stakeholders. (B)

Which principle of Fair Information Practices relates to individuals’ ability to correct their records?

Access (C)

What is a key characteristic of an Information Systems Ethics Code of Conduct?

It identifies ethical principles relevant to the firm. (D)

What is the primary purpose of firewalls in an organization?

To control access to and from the company network (D)

Which of the following is a typical use of encryption in organizations?

Securing sensitive data like financial transactions (C)

What challenge is often faced regarding information system ethics?

Determining ownership of digital data (C)

Which of the following correctly describes the role of IT and IS?

IT is a technological infrastructure, while IS is a sociotechnical system (A)

Moore’s Law states that the cost of storage continues to increase by what percentage?

25% (B)

What is an example of a first degree change associated with the introduction of new technology?

Replacing an existing technology with a new one (C)

What level of organizational change does automating processes represent?

First order change (B)

Which of the following is a consequence of outsourcing call center operations?

Potential job loss for local employees (A)

Flashcards

IS Outsourcing Risks

Outsourcing information systems can present challenges like hidden coordination costs and a deceptive underestimation of its importance.

System Acquisition Approaches

Acquiring information systems can use custom design, selecting existing systems, or end-user development.

SDLC Implementation Steps

The implementation phase of the system development life cycle (SDLC) includes installation, operations, and maintenance.

Manager Involvement in SDLC

During the system development life cycle (SDLC), managers are most involved in the definition and implementation phases.

Difference Between SDLC & System Selection

System selection and the system development life cycle (SDLC) differ most noticeably during the definition and build phases.

Steering Committee and TCO

The relationship between the steering committee and the total cost of ownership (TCO) of an IS project is significant.

IS Funding Methods

Methods for funding information systems include various approaches with varying advantages and disadvantages.

SDLC phases

The general phases of a system life-cycle process include definition, build, and implementation.

Faster Roll-Out

Software that dramatically reduces the time to obtain and implement software.

Knowledge Infusion

Software vendors incorporating best practices into their applications.

Economically Attractive

Purchasing pre-built applications to benefit from vendor's economies of scale.

High Quality

Software from large companies, tested extensively, likely with many users.

Software Installation Approaches

Parallel, Direct, Phased, Pilot are different ways to replace old systems with new ones.

Prototyping in SDLC

Using prototypes to gather user feedback and design user interfaces during the SDLC.

Off-the-Shelf Application Selection

A selection process similar to the SDLC, with an additional vendor selection phase after definition and before build.

Behavioral Feasibility

Evaluates the likelihood of users accepting and using a new system. It assesses the impact on employees, work processes, and overall acceptance.

CRM (Customer Relationship Management)

A strategic approach to managing customer interactions, using data to understand customer needs and behaviors. It aims to improve customer satisfaction and loyalty.

Open Source Applications Advantages

Offer flexibility, cost savings, community support, and security due to open code review and contributions.

Open Source Applications Disadvantages

Potential for compatibility issues, unpredictable costs, and varying levels of support due to community-driven development.

Risk Audit

A systematic assessment of potential threats and vulnerabilities to identify risks and prioritize areas for improvement.

Security's Importance for Managers

Managers must prioritize security due to its potential impact on the organization's operations, reputation, and finances.

Enterprise Systems

Integrated software applications that support various business functions, such as finance, supply chain, and human resources.

Open Source Applications Defined

Software with publicly accessible source code, allowing users to modify and distribute it freely.

Trojan Horse

A program disguised as useful, but secretly contains harmful code that activates after installation.

Worm

Malicious code that spreads through network vulnerabilities to infect multiple computers, causing network overload.

Spyware

Software that secretly tracks computer activity, collects data, and sends it to others, often slowing down the computer.

Denial-of-Service Attack

An attack that floods a network with traffic, overwhelming it and making it unusable, often as a distraction for other attacks.

Notice (Fair Information Practice)

The right to be informed when personal data is collected and how it will be used.

Choice (Fair Information Practice)

The ability to be informed about and consent to data usage across different organizations.

Access (Fair Information Practice)

The right to access and correct personal information held by organizations.

Security (Fair Information Practice)

Organizations must protect personal information from unauthorized access and keep it safe.

End-User Development: Benefits

End-user development empowers users to build their desired functionalities, leading to higher satisfaction with the result as they can customize features according to their needs.

End-User Development: Reduced IS Burden

End-user development can limit the number of requests received by IT departments, allowing them to focus on projects that require their expertise.

Make or Buy vs. Make and Buy

Make and Buy refers to the modern approach of using readily available software and customizing it before implementation. It contrasts with the traditional 'make or buy' decision between building software in-house or purchasing a ready-made solution.

Risks of End-User Development: Quality

End-user development can lead to unreliable quality standards due to the lack of structured development processes, testing, and documentation that experienced developers follow.

Risks of End-User Development: Errors

End-user development is often focused on rapid implementation, which can increase the chances of errors due to the lack of rigorous testing and attention to detail.

Risks of End-User Development: Continuity

Lack of standardized documentation and development practices in end-user development can make it challenging to update, repair, or use the software for anyone other than the original developer.

Risks of End-User Development: IS Overburden

Even though end-user development aims to reduce IS burden, it can sometimes increase it as users may require assistance throughout the development process and for managing the software after release.

Feasibility Analysis: Purposes

Feasibility analysis evaluates the viability of an IT investment. Technical feasibility assesses the technical aspects, Economic feasibility analyzes cost-benefit, and Behavioral feasibility considers the user's acceptance and adoption of the proposed system.

Firewall

A security system that acts as a barrier between your computer network and the external world. It controls the flow of data in and out of your network, blocking unauthorized access.

Where Firewalls are used

Firewalls are typically placed at the edge of an organization's network, where it connects to the internet, to protect against external threats. They can also be installed on individual computers.

Encryption

The process of converting data into an unreadable format (ciphertext) that can only be accessed with a key. This helps protect sensitive information from unauthorized access.

Encryption Uses

Encryption is used in many ways, such as:

• Secure communication: Encrypting emails, messages, and online transactions.
• Data storage: Protecting sensitive databases and files at rest.
• Online banking: Ensuring secure access to accounts and transactions.

Information System Ethics

The moral principles and guidelines that govern the use and development of information systems. It addresses issues like privacy, security, intellectual property, and accountability.

Challenges of IS Ethics

Examples of challenges include:

• Privacy: Protecting personal data from unauthorized access and misuse.
• Security: Ensuring systems are protected from hacking and data breaches.
• Intellectual property: Protecting software, patents, and copyrights.

First Order Change

A minor change in how a task is performed, with minimal impact on the underlying process or system. It is often easier to manage and implement.

Second Order Change

A significant change that affects the process or system itself. It requires a deeper understanding and more extensive effort to implement.

Study Notes

Change Requirements

• Technological and business changes affect organizations over time.
• Coordination efforts between firms and outsourced providers are costly.
• Firms often underestimate the crucial role of information systems in business success.

Essay Questions

• Describe the relationship between the steering committee and the total cost of ownership of an IS project.
• Describe the drivers and risks of IS outsourcing.
• Describe typical IS systems funding methods, including advantages and disadvantages of each method. Provide 2 examples.

Chapter Eleven: Creating Information Systems

Multiple Choice Questions

• General approaches to acquiring information processing functionalities include: Custom design and development, System selection and acquisition, End-user development, Open source development.

• Open source development is NOT one of these approaches.

• Implementation phase steps of the Systems Development Life Cycle (SDLC) include Programming, Testing, and Installation

Additional Questions

• General or functional managers are most involved in the implementation phase.

• System selection and SDLC differ substantially during the implementation phase.

• The three generic phases of a system life-cycle process are Definition, Design, and Implementation.

• The Systems Development Life Cycle Methodology is often referred to as the waterfall model because phases are sequential and iteration (or going back) should be avoided.

• System selection process involves compiling an RFP, developing a vendor short list, and soliciting proposals.

• Approaches to acquiring information processing functionalities include: Custom Design, Custom Development, System Selection and Acquisition, End-user Development, and Open Source Development.

• The advantages of making your own systems include: Unique Tailoring, Flexibility, Control, but not Faster Roll-Out.

• The advantages of purchasing off-the-shelf systems include: Faster Roll-Out, Knowledge Infusion, Economical Attractiveness, and High Quality but not Unique Tailoring.

• The Systems Development Life Cycle has three major phases: Definition, Build, and Implementation..

• IS department workers who are experts in both technology and business processes are called IS specialists.

• The SDLC stage where a "go" or "no-go" decision is made is Feasibility Analysis.

• Migration approaches for upgrading computer systems include Parallel, Direct, Phased, and Pilot.

• The Build phase of the SDLC isn't used to ensure software integration.

• SDLC and Prototyping are not the same methodologies.

• Off-the-shelf systems enhance organizational knowledge infusion.

• End-user development is where non-IT specialists create applications.

• Custom software development is a systems approach that emphasizes design and development projects.

• System analysts create the structure of a system, based on requirements documents.

• Two advantages of custom software development include Unique Tailoring and Flexibility and Control.

• Two advantages of purchased software are Faster Roll-Out and reduced implementation time.

• Principle phases of the SDLC include Definition, Build, and Implementation.

• Software installation approaches include Parallel, Direct, Phased, and Pilot approaches.

• Prototyping is used in an SDLC to get user requirements.

• End-user development leads to increased speed of development due to faster independent completion.

• End-user development risks include Unreliable Quality Standards, High Incidence of Errors, Continuity Risks, and Increased Pressure on the IS function.

• End-user development can result in positive user satisfaction and reduces IS workload by letting users design their own features.

• "Make or Buy" is the idea that off-the-shelf software is frequently configured and adjusted before deployment.

Chapter 12 (Irrelevant)

Chapter 13 (Security, Privacy, and Ethics)

• Risk Audit is the basis for Risk Analysis.

• Security is a concern for managers because of underfunding.

• Security is a negative deliverable because it lacks revenue.

• Mitigation strategies include Acceptance, Avoidance, Reduction, and Transference (with increased potential for failure associated with avoidance).

• Insurance costs are most strongly associated with risk Transference.

• Risk mitigation is about matching the appropriate response to security threats with a desired level of security and cost.

• Strategies for security threats include Acceptance, Avoidance, Reduction, and Transference..

• Internal security threats include disgruntled or negligent employees.

• External threats include intrusion, social engineering, phishing, security weaknesses, backdoors, and malicious code.

• Examples of malicious code include viruses, Trojan horses, and worms.

• IT risk management involves identifying, measuring, and devising optimal mitigation strategies for information system security risks..