Bis202 - Final Exam.pdf

Transcript

Chapter 04
4.2 Information Security
Part 01

Downtime: period of time when a system is unavailable.
The cost of Downtime:
1. Financial performance: such as revenue recognition, cash flow, payment guarantees, credit rating, and stock
price.
2. Revenue: such as direct loss, compensatory payments, lost future revenue, billing losses, investment losses,
and lost productivity
3. Damage reputation: such as customers, suppliers, financial markets, banks, and business partners.
4. Other expenses: such as temporary employees, equipment rentals, overtime costs, extra shipping charges,
travel expenses, and legal obligations.

Cybersecurity: Involves prevention, detection, and response to cyberattacks that can have wide-ranging
effects on individuals, organizations, communities, and nations
Cyberattacks: Malicious attempts to access or damage a computer system. Cyberattacks have the following
attributes
Information security: A broad term encompassing the protection of information from accidental or
intentional misuse by persons inside or outside an organization.
 Chapter 04
4.2 Information Security
Part 02
Hackers: Experts in technology who use their Virus: Software written with malicious intent to
knowledge to break into computers and computer cause annoyance or damage.
networks, either for profit or simply for the Malware: Software that is intended to damage or
challenge disable computers and computer systems
Drive-by hacking: A computer attack in which an Botnets: Malware that causes a collection of
attacker accesses a wireless computer network, connected devices to be controlled by a hacker.
intercepts data, uses network services, and/or sends Botnets perform distributed denial-of-service
attack instructions without entering the office or attacks, steal data, send spam, and allow the hacker
organization that owns the network. to access devices without the owner's knowledge.
Bug bounty program: A crowdsourcing initiative that One of the most common forms of computer
rewards individuals for discovering and reporting vulnerabilities that can cause massive computer damage
software bugs is a virus.

Types of Hackers: Types of virus:
1. Black-hat hackers: break into other people's 1. Backdoor programs: open a way into the network for
computer systems and may just look around or may future attacks
steal and destroy information 2. Distributed denial-of-service attack (DDoS): targets
2. Crackers: have criminal intent when hacking. multiple computers and floods a website with so
3. Cyberterrorists: seek to cause harm to people or to many requests for service that it slows down or
destroy critical systems or information and use the crashes. A common type is the Ping of Death, in
Internet as a weapon of mass destruction which thousands of computers try to access a
4. Hacktivists: have philosophical and political reasons website at the same time, overloading it and shutting
for breaking into systems and will often deface the it down
website as a protest. 3. Polymorphic viruses and worms: change their form
5. Script kiddies or script bunnies: find hacking code on as they propagate
the Internet and click-and-point their way into 4. Trojan-horse virus: hides inside other software,
systems to cause damage or spread viruses. usually as an attachment or a downloadable file.
6. White-hat hackers: work at the request of the system 5. Denial-of-service attack (DoS): floods a website with
owners to find system vulnerabilities and plug the so many requests for service that it slows down or
holes. crashes.
7. Ethical Hackers: Not all hackers are bad. In fact, it 6. Ransomware: A form of malicious software that
can be a good business strategy to employ white-hat infects your computer and asks for money
hackers to find the bugs and vulnerabilities in a 7. Simplelocker: is a new ransomware program that
corporation encrypts your personal files and demands payment
A worm spreads itself not only from file to file but also for the files' decryption keys.
from computer to computer 8. Scareware: A type of malware designed to trick
The primary difference between a virus and a worm: victims into giving up personal information to
1. A virus must attach to something, such as an purchase or download useless and potentially
executable file, to spread. dangerous software
2. Worms do not need to attach to anything to spread
and can tunnel themselves into computers.
 Chapter 04
4.2 Information Security
Part 03

Hacker Weapons:
1. Elevation of privilege: is a process by which a user misleads a system into granting unauthorized rights,
usually for the purpose of compromising or destroying the system.
2. Hoaxes: attack computer systems by transmitting a virus hoax with a real virus attached. By masking the
attack in a seemingly legitimate message, unsuspecting users more readily distribute the message and send
the attack on to their co-workers and friends, infecting many users along the way
3. Malicious code: includes a variety of threats such as viruses, worms, and Trojan horses
4. Packet tampering: consists of altering the contents of packets as they travel over the Internet or altering
data on computer disks after penetrating a network, For example, an attacker might place a tap on a
network line to intercept packets as they leave the computer. The attacker could eavesdrop or alter the
information as it leaves the network.
5. sniffer: is a program or device that can monitor data traveling over a network. Sniffers can show all the data
being transmitted over a network, including passwords and sensitive information. Sniffers tend to be a
favorite weapon in the hacker's arsenal.
6. Spoofing: consists of forging the return address on an email so that the message appears to come from
someone other than the actual sender. This is not a virus but rather a way by which virus authors conceal
their identities as they send out viruses.
7. Splogs (spam blogs): are fake blogs created solely to raise the search engine rank of affiliated websites.
Even blogs that are legitimate are plagued by spam, with spammers taking advantage of the comment
feature of most blogs to comment with links to spam sites.
8. Spyware: is software that comes hidden in free downloadable software and tracks online movements mines
the information stored on a computer, or uses a computer's CPU and storage for some task the user knows
nothing about.

Insiders: Legitimate users who purposely or accidentally misuse their access to the environment and cause
some kind of business-affecting incident

A few forms of unethical scams used by hackers to gain information include:
1. Social engineering: Occurs when hackers use their social skills to trick people into revealing access
credentials or other valuable information.
2. Pretexting: A form of social engineering in which one individual lies to obtain confidential data about another
individual.
3. Dumpster diving: Occurs when a hacker looks through people's trash to obtain information
 Chapter 04
4.2 Information Security
Part 04
With all the unethical behavior that is constantly bombarding an organization, it is best to create policies that
prevent these types of scams:
1. Information security policies: Identify the rules required to maintain information security, such as requiring
users to log off before leaving for lunch or meetings, never sharing passwords with anyone, and changing
passwords every 30 days.
2. Information security plan: Details how an organization will implement the information security policies.

A few details managers should consider regarding information security policies include defining best practices
for the following:
1. Applications: allowed to be placed on the corporate network, especially various file-sharing applications (e.g.,
Kazaa, now defunct), IM software, and entertainment or freeware created by unknown sources (e.g., iPhone
applications).
2. Corporate computer equipment: used for personal reasons on personal network
3. Password creation and maintenance: including minimum password length, characters to be included while
choosing passwords, and frequency for password changes.
4. Personal computer equipment: allowed to connect to the corporate network.
5. Virus protection: including how often the system should be scanned and how frequently - the software should
be updated. This could also include if downloading attachments is allowed and practices for safe downloading
from trusted and untrustworthy sources.

Destructive agents: Malicious agents designed by spammers and other Internet attackers to farm email
addresses off websites or deposit spyware on machines
Phishing: A technique to gain personal information for the purpose of identity theft, usually by means of
fraudulent emails that look as though they came from legitimate businesses
Different forms of phishing include:
1. Phishing expedition: A masquerading attack that combines spam with spoofing.
2. Spear phishing: A phishing expedition in which the emails are carefully designed to target a particular person
or organization.
3. Vishing (or voice phishing): A phone scam that attempts to defraud people by asking them to call a bogus
telephone number to confirm their account information.
4. Pharming: Reroutes requests for legitimate websites to false websites. For example, if you were to type in
the URL to your bank, pharming could redirect to a fake site that collects your information.
5. Zombie: A program that secretly takes over another computer for the purpose of launching attacks on other
computers. Zombie attacks are almost impossible to trace back to the attacker
6. Zombie farm: A group of computers on which a hacker has planted zombie programs
7. Pharming attack: A zombie farm, often by an organized crime association, to launch a massive phishing
attack
8. Sock puppet marketing: is the use of a false identity to artificially stimulate demand for a product, brand, or
service. A false identity on the Internet is known colloquially as a sock puppet or catfish, depending upon the
level of detail attached to the false identity.
 Chapter 04
4.2 Information Security
Part 05

Authentication: is a method for confirming users identities.
Authorization: is the process of providing a user with permission, or The process of giving someone permission to
do or have something including access levels and abilities such as file access, hours of access, and amount of
allocated storage space.

Authentication and authorization techniques fall into three categories:
1. Something the user knows: such as a user ID and password, this is one of the most ineffective ways for
determining authentication.

2. Something the user has: using something the user has such as a smart card or token
Tokens: Small electronic devices that change user passwords automatically
Smart card: A device that is around the same size as a credit card, containing embedded technologies that can
store information and small amounts of software to perform some limited processing.
Tokens and smart cards are two of the primary forms of this type of authentication.

3. Something that is part of the user: such as a fingerprint or voice signature. something that is part of the user.
Biometrics (narrowly defined): is the identification of a user based on a physical characteristic, such as a
fingerprint, iris, face, voice, or handwriting
Voiceprint: is a set of measurable characteristics of a human voice that uniquely identifies an individual. These
characteristics, which are based on the physical configuration of a speaker's mouth and throat, can be
expressed as a mathematicalformula. Unfortunately, biometric authentication such as voiceprints can be
costly and intrusive.
The goal of authentication is to make it difficult for an unauthorized person to gain access to a system
because if one security level is broken, the attacker will still have to break through additional levels

1. Single-factor authentication: The traditional security process, which requires a user name and password.
2. Two-factor authentication: Requires the user to provide two means of authentication, what the user knows
(password) and what the user has (security token).
3. Multifactor authentication: Requires more than two means of authentication, such as what the user knows
(password), what the user has (security token), and what the user is (biometric verification).

Time bombs: Computer viruses that wait for a specific date before executing their instructions
Content filtering: Occurs when organizations use software that filters content, such as emails, to prevent
the accidental or malicious transmission of unauthorized information
Spam: A form of unsolicited email.
Encryption: Scrambles information into an alternative form that requires a key or password to decrypt.
Decrypt: To decrypt information is to decode it. It is the opposite of encrypt.
Cryptography: The science that studies encryption, which is the hiding of messages so only the sender
and receiver can read them.

Personally identifiable information (PII): is any data that could potentially identify a specific individual.
1. Non sensitive PIl: Information transmitted without encryption. This includes information collected from
public records, phone books, corporate directories, websites, etc. Non sensitive PlI is information that
does not harm an individual, such as an address
2. Sensitive PII: Information transmitted with encryption and, when disclosed, results in a breach of an
individual's privacy and can potentially cause the individual harm. Sensitive PlI includes biometric
information, financial information, medical information, and unique identifiers such as passport or Social
Security numbers.

Public key encryption (PKE): Uses two keys: a public key that everyone can have, and a private key for
only the recipient.
Certificate authority: A trusted third party, such as VeriSign, that validates user identities by means of
digital certificates.
Digital certificate: A data file that identifies individuals or organizations online and is comparable to a
digital signature.
firewall: is hardware and/or software that guards a private network by analyzing incoming and outgoing
information for the correct markings.
organizations typically place a firewall between a server and the Internet.

Antivirus software: Scans and searches hard drives to prevent, detect, and remove known viruses, adware,
and spyware. Antivirus software must be frequently updated to protect against newly created viruses.
 Chapter 04
4.2 Information Security
Part 06
Network behavior analysis: gathers an organization's computer network traffic patterns to identify unusual
or suspicious operations.

The removal of highly classified data files, or unauthorized user attempts. Detecting cybercriminals is a difficult
job because there are so many different types of criminals with various agendas, including:
1. Cyberwar: An organized attempt by a country's military to disrupt or destroy the information and
communication systems of another country.
2. Cyberterrorism: The use of computer and networking technologies against persons or property to intimidate
or coerce governments, individuals, or any segment of society to attain political, religious, or ideological
goals.
3. Cyberespionage: Includes governments that are after some form of information about other governments.
4. Cybervigilantes: Include individuals that seek notoriety or want to make a social or political point, such as
WikiLeaks.

Intrusion detection software (IDS): features full-time monitoring tools that search for patterns in network
traffic to identify intruders.
 Chapter 05
5.1 MIS Infrastructure
Part 01
MIS infrastructure: Includes the plans for how a firm will build, deploy, use, and share its data, processes, and
MIS assets.
Benefit of a solid MIS infrastructure:
1. Reduce costs.
2. Improve productivity.
3. Optimize business operations.
4. Generate growth.
5. Increase profitability.

Hardware: Consists of the physical devices associated with a computer system.
Software: The set of instructions the hardware executes to carry out specific tasks.
Network: A communications system created by linking two or more devices and establishing a standard
methodology in which they can communicate.
Client: A computer designed to request information from a server.
Server: A computer dedicated to providing information in response to requests.
Enterprise architect: A person grounded in technology, fluent in business, and able to provide the important
bridge between MIS and the business.

MIS Infrastructures:
The three primary areas of MIS infrastructure and their features are:
1. Information MIS Infrastructure: supports operations including backup, recovery, disaster recovery, business
continuity.
2. Planning: (Agile MIS Infrastructure): supports change including accessibility, availability, maintainability,
portability, reliability, scalability.
3. Usability:( Sustainable MIS Infrastructure): supports sustainability including grid computing, cloud
computing, and virtualization

The three primary areas of support provided by information infrastructure are:
1. Backup and recovery plan
Backup: An exact copy of a system's information.
Recovery: The ability to get a system up and running in the event of a system crash or failure that includes
restoring the information backup.
2. Disaster recovery plan
Disaster recovery plan: A detailed process for recovering information or a system in the event of a
catastrophic disaster.
3. Business continuity plan
Business continuity planning (BCP): Details how a company recovers and restores critical business
operations and systems after a disaster or extended disruption.
 Fault tolerance: is the ability for a system to respond to unexpected failures or system crashes as the
backup system immediately and automatically takes over with no loss of service.
Failover: a specific type of fault tolerance occurs when a redundant storage server offers an exact replica of
the real-time data, if the primary server crashes, the users are automatically directed to the secondary
server or backup server. This is a high-speed and high-cost method of backup and recovery.

What is the primary reason a company has a failover system?
To take down the primary system for maintenance while the secondary system activates to ensure continuous
operations

Failback: Occurs when the primary machine recovers and resumes operations, taking over from the
secondary server.
Hot site: A separate and fully equipped facility where the company can move immediately after a disaster
and resume business.
Cold site: A separate facility that does not have any computer equipment but is a place where employees can
move after a disaster
Warm site: A separate facility with computer equipment that requires installation and configuration.
Disaster recovery cost curve: Charts (1) the cost to the company of the unavailability of information and
technology and (2) the cost to the company of recovering from a disaster over time
Emergency: A sudden, unexpected event requiring immediate action due to potential threats to health and
safety, the environment, or property.
Emergency preparedness: Ensures that a company is ready to respond to an emergency in an organized,
timely, and effective manner.
Business continuity planning (BCP): Details how a company recovers and restores critical business
operations and systems after a disaster or extended disruption.
Business Impact Analysis: identifies all critical business functions and the effect that a specific disaster may
have on them.
A business continuity plan typically includes an emergency notification service.

Emergency Notification service: Infrastructure built for notifying people in the event of an emergency.
Radio stations' occasional tests of the national Emergency Alert System is Example of emergency notification
system.
technology failure: occurs when the ability of a company to operate is impaired because of a hardware,
software, or data outage
Technology failures can destroy large amounts of vital data, often causing incidents unplanned interruptions of
a service.

Incident management: The process responsible for managing how incidents are identified and corrected.
Technology recovery strategies: Focus specifically on prioritizing the order for restoring hardware, software,
and data across the organization that best meets business recovery requirements.
technology recovery strategy details: the order of importance for recovering hardware, software, data
centers, and networking (or connectivity)
The four technology recovery strategies and their examples are:
1. Hardware: servers, computers, and wireless devices.
2. Software: applications such as email, payroll, and instant messaging.
3. Networking: wireless, LAN, fiber, and cable.
4. Data Center: climate control, power supply, and security.

Agile MIS Infrastructure Characteristics:
1. Accessibility: Varying levels allow system users to access, view, or perform operational functions.
2. Availability: The system is operational during different time frames.
3. Maintainability: The system quickly transforms to support environmental changes.
4. Portability: The system is available to operate on different devices or software platforms.
5. Reliability: The system functions correctly and provides accurate information.
6. Scalability: The system can scale up or adapt to the increased demands of growth.
7. Usability: The system is easy to learn and efficient and satisfying to use.

Accessibility: Refers to the varying levels that define what a user can access, view, or perform when operating a
system.
Web accessibility: Allows people with disabilities to use the Web.
Administrator access: Unrestricted access to the entire system.

Top-level MIS employees require administrator access, or unrestricted access to the entire system. Administrator
access can perform functions such as resetting passwords, deleting accounts, and shutting down entire systems.

Web accessibility initiative (WAl): Brings together people from industry, disability organizations, government,
and research labs from around the world to develop guidelines and resources to help make the web accessible to
people with disabilities, including auditory, cognitive, neurological, physical, speech, and visual disabilities.
Availability: Refers to the time frames when the system is operational.
Unavailable: When it is not operating and cannot be used.
High availability: When a system is continuously operational at all times.
Maintainability (or flexibility): Refers to how quickly a system can transform to support environmental
changes.
Maintainability helps to measure how quickly and effectively a system can be changed or repaired after a failure.

Portability: Refers to the ability of an application to operate on different devices or software platforms, such as
different operating systems.
Reliability (or accuracy): Ensures that a system is functioning correctly and providing accurate information.
Vulnerability: is a system weakness that can be exploited by a threat.
Scalability: Describes how well a system can scale up, or adapt to the increased demands of growth.
Performance: Measures how quickly a system performs a process or transaction
Performance is a key component of scalability because systems that can't scale suffer from performance
issues
Capacity: Represents the maximum throughput a system can deliver; for example, the capacity of a hard
drive represents its size or volume
Capacity planning: Determines future environmental infrastructure requirements to ensure high-quality
system performance.
Usability: The degree to which a system is efficient, easy to learn, and satisfying to use.
Serviceability: How quickly a third party can change a system to ensure it meets user needs and the terms of
any contracts, including agreed-to levels of reliability, maintainability, or availability
 Chapter 06
6.1 Data Quality
Part 01

Data granularity: Refers to the extent of detail within the data (fine and detailed or coarse and abstract)
Organizational data has three primary areas:
1. levels.
2. formats.
3. granularities.

The four primary traits that help determine the value of data:
1. Data Type: Transactional and Analytical.
Transactional data: Encompasses all of the data contained within a single business process or unit of work, and
its primary purpose is to support the performing of daily operational tasks.
Examples of transactional data are: 1-sales receipt 2-airline ticket 3-packing slip

Analytical data: Encompasses all organizational data, and its primary purpose is to support the performing of
managerial analysis tasks.
Examples of analytical data are: 1-product statistics 2-sales projections 3-future growth, 4-trends.

2. Data Timeliness.
Timeliness: is an aspect of data that depends on the situation.
Real-time data: Immediate, up-to-date data.
Real-time system: Provides real-time data in response to requests.
3. Data Quality.
Data inconsistency: Occurs when the same data element has different values.
Data integrity issues: Occur when a system produces incorrect, inconsistent, or duplicate data.

If a manager identifies numerous data integrity issues, they should consider the reports generated from that
data as invalid and not use them when making decisions

Enterprise architect: A person grounded in technology, fluent in business, and able to provide the important
bridge between MIS and the business.

The Five Characteristics Common of High-Quality Data:
1. Accurate: Is there an incorrect value in the data? Example: Is the name spelled ?correctly? Is the dollar
amount recorded properly.
2. Complete: Is a value missing from the data? Example: Is the address complete ?including street, city, state,
and zip code.
3. Consistent: Is aggregate or summary data in agreement with detailed data? Example: Do in total columns
equal the true total of the individual item.
4. Timely: Is the data current with respect to business needs? Example: Is data ?updated weekly, daily, or
hourly
5. Unique: Is each transaction and event represented only once in the data? Example: Are there any duplicate
customers

The four Reason or sources for low-quality data:
1. Customers intentionally enter inaccurate data to protect their privacy.
2. Different entry standards and formats.
3. Operators enter abbreviated or erroneous data by accident or to save time.
4. Third party and external data contains inconsistencies, inaccuracies, and errors.

Understanding the Benefits of Using High-Quality Data:
Data steward: is Responsible for ensuring the policies and procedures are implemented across the
organization and acts as a liaison between the MIS department and the business.
Data stewardship: The management and oversight of an organization's data assets to help provide business
users with high-quality data that is easily accessible in a consistent manner.

Potential business effects resulting from low quality data include:
1. Inability to accurately track customers.
2. Difficulty identifying valuable customers.
3. Inability to build strong customer.
4. Marketing to nonexistent customers.
5. Inability to identify selling opportunities.
6. Difficulty tracking revenue.
4. Data Governance.
Data governance: Refers to the overall management of the availability, usability, integrity, and security of
company data.
Master data management (MDM): The practice of gathering data and ensuring that it is uniform, accurate,
consistent, and complete, including such entities as customers, suppliers, products, sales, employees, and
other critical entities that are commonly integrated across organizational systems.
Data validation: Includes the tests and evaluations used to determine compliance with data governance polices
to ensure correctness of data.

Database: Maintains data about various types of objects (inventory), events (transactions), people
(employees), and places (warehouses).
Database management system (DBMS): Creates, reads, updates, and deletes data in a database while
controlling access and security.

Two primary tools available for retrieving data from a DBMS include:
1. Structured query language (SQL): Asks users to write lines of code to answer questions against a database.
2. Query-by-example (QBE) tool: Helps users graphically design the answer to a question against a database.

Common Database Terms Table:
1. Data element (or data field): The smallest or basic unit of data
For Example: Data elements can include a customer's name, address, email, discount rate, preferred shipping
method, product name, quantity ordered, and so on.

2. Data models: Logical data structures that detail the relationships among data elements by using graphics or
pictures.
For Example: Each data element is given a description, such as Customer Name; metadata is provided for the
type of data (text, numeric, alphanumeric, date, image, binary value) and descriptions of potential predefined
values such as a certain area code; and finally the relationship is defined.

3. Metadata: Provides details about data
For Example: metadata for an image could include its size, resolution, and date created.
Metadata about a text document could contain document length, data created, author's name, and summary

4. Data dictionary: Compiles all of the metadata about the data elements in the data model
For Example: Looking at a data model, along with reviewing the data dictionary, provides tremendous insight into
the database's functions, purpose, and business rules.
 Chapter 06
6.1 Data Quality
Part 02
Storing Data Elements in Entities and Attributes:
Relational database model: Stores data in the form of logically related two-dimensional tables.
Relational database management system: Allows users to create, read, update, and delete data in a relational
database. The relationships in the relational database model help managers extract this data.
Attribute (field, column): The data elements associated with an entity.
Record: A collection of related data elements.

Creating Relationships through Keys:
Primary key: A field (or group of fields) that uniquely identifies a given entity in a table.
Foreign key: A primary key of one table that appears an attribute in another table and acts to provide a logical
relationship among the two tables.
It is a primary key of one table that appears as an attribute in another table and acts to provide a logical
relationship between the two tables.

Database Advantages from a Business Perspective Include:
1. increased flexibility.
2. increased scalability and performance.
3. reduced data redundancy.
4. increased data integrity. increased data security.

Scalability: Refers to how well a system can adapt to increased demands.
Performance: Measures how quickly a system performs a certain process or transaction.
Data latency: The time it takes for data to be stored or retrieved.
Data redundancy: The duplication of data, or the storage of the same data in multiple places.
Inconsistency: is one of the primary problems with redundant data.
Data integrity: measures the quality of data.
Integrity constraint: rules that help ensure the quality of data.

Relational integrity constraints: Rules that enforce basic and fundamental information-based constraints.
Business-critical integrity constraints: Enforce business rules vital to an organization's success and often
require more insight and knowledge than relational integrity constraints.

Databases offer many security features, including:
1. passwords: to provide authentication
2. Access levels: to determine who can access the data.
3. Access controls: to determine what type of access they have to the data.

Identity management: A broad administrative area that deals with identifying individuals in a system (such as a
country, a network, or an enterprise) and controlling their access to resources within that system by
associating user rights and restrictions with the established identity.
 Chapter 06
6.2 Data Warehouse and Blockchain
Part 01

Organizational data includes far more than simple structured data elements in a database.
The set of data also includes unstructured data such as voice mail, customer phone calls, text messages, and video
clips, along with numerous new forms of data, such as tweets from Twitter.

Data point: An individual item on a graph or a chart
Data integrity: A measure of the quality of data.
Data Analysis Cycle:
1. Collect: Identify data sources
2. Analyze: Ask the right questions
3. Communicate: Influence and persuade
4. Visualize: Craft your data story

The Problem: Data Rich, Information Poor
Many organizations find themselves in the position of being data rich and information poor. Even in today's
electronic world, managers struggle with the challenge of turning their business data into business intelligence.

The Solution: Data Aggregation
Dataset: An organized collection of data
Comparative analysis: Compares two or more datasets to identify patterns and trends.

A few examples of how managers can use BI to answer tough business questions:
1. Where has the business been? Historical perspective offers important variables for determining trends and
patterns.
2. Where is the business now? Looking at the current business situation allows managers to take effective action to
solve issues before they grow out of control.
3. Where is the business going? Setting strategic direction is critical for planning and creating solid business
strategies.

Competitive monitoring: Occurs when a company keeps tabs on its competitor's activities on the web using
software that automatically tracks all competitor website activities such as discounts and new products.
Source data: Identifies the primary location where data is collected.
Source data can include invoices, spreadsheets, time sheets, transactions, and electronic sources such as other
databases.

Raw data: Data that has not been processed for use.
What is another name for raw data that has undergone processing? cooked data.

Data aggregation: The collection of data from various sources for the purpose of data processing.
To gather data about particular groups based on specific variables such as age, profession, or income.
 Data warehouse: A logical collection of data, gathered from many different operational databases, that
supports business analysis activities and decision-making tasks
The primary purpose of a data warehouse is perform analytical process

Extraction, transformation, and loading (ETL): A process that extracts data from internal and external
databases, transforms the data using a common set of enterprise definitions, and loads the data into a data
warehouse.
Data mart: Contains a subset of data warehouse data.

The internal databases include:
1. Marketing.
2. Inventory.
3. Sales.
4. Billing.
The external databases include:
1. Competitor data.
2. Industry data.
3. Mailing lists.
4. stock market analysis.

Data cube: The common term for the representation of multidimensional data.
Data lake: A storage repository that holds a vast amount of raw data in its original format until the business
needs it
Dirty data: Erroneous or flawed data
Dirty Data Problems:
1. Inaccurate Data.
2. Non-integrated data.
3. Violates business rules data.
4. non-formatted data.
5. Incorrect data.
6. Misleading data
7. Duplicate data

Data cleansing or scrubbing: A process that weeds out and fixes or discards inconsistent, incorrect, or
incomplete data.
The steps that occur during data cleansing:
1. Missing records or attributes.
2. Redundant records.
3. Missing keys or other required data.
4. Erroneous relationships or references.
5. inaccurate or incomplete data.
Data quality audits: Determines the accuracy and completeness of its data.
 Data artist: A business analytics specialist who uses visual tools to help people understand complex
Analysis paralysis: occurs when there is not enough information to perform an analysis.
Data visualization: Describes technologies that allow users to "see' or visualize data to transform data into a
business perspective.

Data visualization tools: Move beyond Excel graphs and charts into sophisticated analysis techniques such as
pie charts, controls, instruments, maps, time-series graphs, and more.

Ledger: Records classified and summarized transactional data

Blockchain: A type of distributed ledger, consisting of blocks of data that maintain a permanent and tamper-
proof record of transactional data.
What are the three advantages of using blockchain technology?
1. Immutability
2. digital trust
3. Internet of things integration
Distributed computing: Processes and manages algorithms across many machines in a computing
environment.

Proof-of-work: A requirement to define an expensive computer calculation, also called mining, that needs to
be performed to create a new group of trustless transactions (blocks) on the distributed ledger or blockchain.

Bitcoin: A type of digital currency in which a record of transactions is maintained, and new units of currency
are generated by the computational solution of mathematical problems, and which operates independently of a
central bank
Ethereum: A decentralized, open source blockchain with smart contract functionality.

Blocks: Data structures containing a hash, previous hash, and data
Genesis block: The first block created in a blockchain.

Hash: A function that converts an input of letters and numbers into an encrypted outpu fixed length.
Hashes are the links in the blockchain

Proof-of-stake: A way to validate transactions and achieve a distributed consensus. It is still an algorithm, and
the purpose is the same as the proof-of-work, but the process to reach the goal is quite different.
 Chapter 07
7.1 Connectivity
Part 01

A network provides two principal benefits:
1. the ability to communicate.
2. the ability to share.

Local area network (LAN): Connects a group of computers in close proximity, such as in an office
building, school, or home.
Wide area network (WAN): Spans a large geographic area such as a state, province, or country.
Metropolitan area network (MAN): A large computer network usually spanning a city.

Mobile: Means the technology can travel with the user. For instance, users can download software, email
messages, and web pages onto a laptop or other mobile device for portable reading or reference.

Mobile business: The ability to purchase goods and services through a wireless Internet- enabled device.

Wireless: Refers to any type of operation accomplished without the use of a hardwired connection.
Wireless fidelity (Wi-Fi): A means by which portable devices can connect wirelessly to a local area
network, using access points that send and receive data via radio waves.

Wi-Fi infrastructure: Includes the inner workings of a Wi-Fi service or utility, including the signal
transmitters, towers, or poles and additional equipment required to send out a Wi-Fi signal.

Measuring Wireless Network Performance:
Bandwidth: The maximum amount of data that can pass from one point to another in a unit of time.
Bit: The smallest element of data and has a value of either 0 or 1.
Bit rate: The number of bits transferred or received per unit of time.

Bandwidth Speeds:
1. Kilobits “Kb”.
2. Megabit “Mb”.
3. Gigabit “Gb”.
 Chapter 07
7.1 Connectivity
Part 02

Personal area networks (PAN): Provide communication over a short distance that is intended for use with
devices that are owned and operated by a single user.
Bluetooth: Wireless PAN technology that transmits signals over short distances between cell phones,
computers, and other devices.

Wireless LANs:
1. Wireless LAN (WLAN): A local area network that uses radio signals to transmit and receive data over
distances of a few hundred feet
2. Access point: The computer or network device that serves an as interface between devices and the network.
3. Wireless access point: Enables devices to connect to a wireless network to communicate with each other.
4. Multiple-in/multiple-out technology: Multiple transmitters and receivers allowing them to send and receive
greater amounts of data than traditional networking devices.

Wi-Fi Networks:
Hotspots: Designated locations where Wi-Fi access points are publicly available
Wireless MAN (WMAN): A metropolitan area network that uses radio signals to transmit and receive data.
Worldwide Interoperability for Microwave Access (WiMAX): A communications technology aimed at providing
high-speed wireless data over metropolitan area networks.

Wireless WAN —Cellular Communication System:
Wireless WAN (WWAN): A wide area network that uses radio signals to transmit and receive data.
Radio access network (RAN): A technology that connects individual devices to other parts of a network
through radio connections.
Smart phones: Offer more advanced computing ability and connectivity than basic cell phones.
 Chapter 07
7.1 Connectivity
Part 03

5G Networks: Disruption in Cellular networks:
5G: The fifth-generation wireless broadband technology that will greatly increase the speed and responsiveness
of wireless networks.
Streaming: A method of sending audio and video files over the Internet in such a way that the user can view the
file while it is being transferred
Streaming data: Data that is generated continuously by thousands of data sources, which typically send in the
data records simultaneously, and in small sizes (order of kilobytes)

Wi-Fi 6: The next generation of Wi-Fi is expected to operate at 9.6 Gbps.

Satellite: A space station that orbits the Earth receiving and transmitting signals from Earth-based stations
over a wide area
Actor: An entity that is capable of participating in an action or a network
Bad actor: An entity that is participating with ill intentions.

Two technologies securing Wi-Fi networks include:
1. Wired equivalent privacy (WEP): An encryption algorithm designed to protect wireless transmission data
2. Wi-Fi protected access (WPA): A wireless security protocol to protect Wi-Fi networks

War chalking: The practice of tagging pavement with codes displaying where WiFi access is available.
War driving: Deliberately searching for Wi-Fi signals while driving by in a vehicle.

SSL Certificate: An electronic document that confirms the identity of a website or server and verifies that a
public key belongs to a trustworthy individual or company.
Secure hypertext transfer protocol (SHTTP or HTTPS): A combination of HTTP and SSL to provide encryption
and secure identification of an Internet server.
 Chapter 07
7.2 Mobility
Part 01

IT consumerization: The blending of personal and business use of technology devices and applications.
Pervasive computing: The growing trend of embedding computer capabilities into everyday objects to make
them effectively communicate and perform useful tasks in a way that minimizes the end user's needs to
interact with computers as computers.
Enterprise mobility management (EMM): An enterprise-wide security strategy to enforce corporate epolicies
while enabling employee use of mobile devices such as smart phones and tablets.

Three Primary Areas of an Enterprise Mobility Management Strategy:
1. Mobile device management
2. Mobile application management
3. Mobile information management

Mobile device management (MDM): A security strategy comprised of products and services that offer remote
support for mobile devices, such as smart phones, laptops, and tablets.
The three MDM Policies:
1. Bring Your Own Device or BY O D: Employees use their own device. Save company money. Zero control over
security, reliability, and compatibility.
2. Choose Your Own Device or CY O D: Employees choose a company approved and configured device. Costs
company money to purchase and maintain device. No personal use allowed. Complete control over security,
reliability, and compatibility.
3. Company-Issued, Personally Enabled or COPE: Employees provided with corporate devices. Costs company to
purchase and maintain devices. Partial control over security, reliability, and compatibility as employees can
use for personal use.

Mobile application management (MAM): A security strategy that administers and enforces corporate epolicies
for applications on mobile devices.
Mobile application development: The set of processes and procedures involved in writing software for use on
wireless devices.

Features of MAM:
1. Containerization (application sandboxing): Isolates corporate applications from personal applications on a
device.
2. Dual persona technology: Creates two completely separate user interfaces on the same device, one for work
and one for personal use.
3. Progressive web application (PWA): A website that looks and behaves as if it is a mobile application but is just a
normal website.
4. Accelerometer: A device that can measure the force of acceleration, whether caused by gravity or by
movement.
 Chapter 07
7.2 Mobility
Part 02

Mobile information management (MIM): A security strategy that involves keeping sensitive data encrypted and
allowing only approved applications to access or transmit it.
Fast data: The application of big data analytics to smaller data sets in near real or real time in order to solve a
problem or create business value.

Mobile Information Management Characteristics:
1. Data at rest: Refers to all data in computer storage. Data at rest: Refers to all data in computer storage.
2. Data in motion: A stream of data that is moving or being transported between locations within or between
computer systems.
What is another term for data in motion? Transit data, Flight data
3. Data in use: Data that is currently being updated, processed, erased, accessed, or read by a system

Digital divide: A worldwide gap giving advantage to those with access to technology.

Wireless Business Applications:
1. Radio frequency identification (RFID): Uses electronic tags and labels to identify objects wirelessly over short
distances.
RFID tag: An electronic identification device that is made up of a chip and antenna.
RFID reader (RFID interrogator): A transmitter/receiver that reads the contents of RFID tags in the area. An RFID
system is comprised of one or more RFID tags, one or more RFID readers, and two or more antennas.
2. Global positioning system (GPS): a satellite-based navigation system providing extremely accurate position,
time, and speed information.
3. Geographic information system (GIS): stores, views, and analyzes geographic data, creating multidimensional
charts or maps.

Asset tracking: Occurs when a company places active or semi-passive RFID tags on expensive products or assets
to gather data on the items' location with little or no manual intervention.
Automatic vehicle location (AVL): Uses GPS tracking to track vehicles.
Geocache: A GPS technology adventure game that posts the longitude and latitude location for an item on the
Internet for users to find
Geocoin: A round coin-sized object, is uniquely numbered and hidden in geocache.
Estimated time of arrival (ETA): The time of day of an expected arrival at a certain destination
Estimated time enroute (ETE): The time remaining before reaching a destination using the present speed.
 Chapter 07
7.2 Mobility
Part 03

Geographic information system (GIS): Consists of hardware, software, and data that provide location
information for display on a multidimensional map.
Cartography: The science and art of making an illustrated map or chart.
GIS map automation: Links business assets to a centralized system where they can be tracked and
monitored over time.
Spatial data: Identifies the geographic location of features and boundaries on Earth, such as natural or
constructed features, oceans, and more.
Geocoding: Spatial databases is a coding process that assigns a digital map feature to an attribute that
serves as a unique ID (tract number, node number) or classification (soil type, zoning category)
Location based services (LBS): Applications that use location information to provide a service.