Full Transcript

Chapter 04 4.2 Information Security Part 01 Downtime: period of time when a system is unavailable. The cost of Downtime: 1. Financial performance: such as rev...

Chapter 04 4.2 Information Security Part 01 Downtime: period of time when a system is unavailable. The cost of Downtime: 1. Financial performance: such as revenue recognition, cash flow, payment guarantees, credit rating, and stock price. 2. Revenue: such as direct loss, compensatory payments, lost future revenue, billing losses, investment losses, and lost productivity 3. Damage reputation: such as customers, suppliers, financial markets, banks, and business partners. 4. Other expenses: such as temporary employees, equipment rentals, overtime costs, extra shipping charges, travel expenses, and legal obligations. Cybersecurity: Involves prevention, detection, and response to cyberattacks that can have wide-ranging effects on individuals, organizations, communities, and nations Cyberattacks: Malicious attempts to access or damage a computer system. Cyberattacks have the following attributes Information security: A broad term encompassing the protection of information from accidental or intentional misuse by persons inside or outside an organization. Chapter 04 4.2 Information Security Part 02 Hackers: Experts in technology who use their Virus: Software written with malicious intent to knowledge to break into computers and computer cause annoyance or damage. networks, either for profit or simply for the Malware: Software that is intended to damage or challenge disable computers and computer systems Drive-by hacking: A computer attack in which an Botnets: Malware that causes a collection of attacker accesses a wireless computer network, connected devices to be controlled by a hacker. intercepts data, uses network services, and/or sends Botnets perform distributed denial-of-service attack instructions without entering the office or attacks, steal data, send spam, and allow the hacker organization that owns the network. to access devices without the owner's knowledge. Bug bounty program: A crowdsourcing initiative that One of the most common forms of computer rewards individuals for discovering and reporting vulnerabilities that can cause massive computer damage software bugs is a virus. Types of Hackers: Types of virus: 1. Black-hat hackers: break into other people's 1. Backdoor programs: open a way into the network for computer systems and may just look around or may future attacks steal and destroy information 2. Distributed denial-of-service attack (DDoS): targets 2. Crackers: have criminal intent when hacking. multiple computers and floods a website with so 3. Cyberterrorists: seek to cause harm to people or to many requests for service that it slows down or destroy critical systems or information and use the crashes. A common type is the Ping of Death, in Internet as a weapon of mass destruction which thousands of computers try to access a 4. Hacktivists: have philosophical and political reasons website at the same time, overloading it and shutting for breaking into systems and will often deface the it down website as a protest. 3. Polymorphic viruses and worms: change their form 5. Script kiddies or script bunnies: find hacking code on as they propagate the Internet and click-and-point their way into 4. Trojan-horse virus: hides inside other software, systems to cause damage or spread viruses. usually as an attachment or a downloadable file. 6. White-hat hackers: work at the request of the system 5. Denial-of-service attack (DoS): floods a website with owners to find system vulnerabilities and plug the so many requests for service that it slows down or holes. crashes. 7. Ethical Hackers: Not all hackers are bad. In fact, it 6. Ransomware: A form of malicious software that can be a good business strategy to employ white-hat infects your computer and asks for money hackers to find the bugs and vulnerabilities in a 7. Simplelocker: is a new ransomware program that corporation encrypts your personal files and demands payment A worm spreads itself not only from file to file but also for the files' decryption keys. from computer to computer 8. Scareware: A type of malware designed to trick The primary difference between a virus and a worm: victims into giving up personal information to 1. A virus must attach to something, such as an purchase or download useless and potentially executable file, to spread. dangerous software 2. Worms do not need to attach to anything to spread and can tunnel themselves into computers. Chapter 04 4.2 Information Security Part 03 Hacker Weapons: 1. Elevation of privilege: is a process by which a user misleads a system into granting unauthorized rights, usually for the purpose of compromising or destroying the system. 2. Hoaxes: attack computer systems by transmitting a virus hoax with a real virus attached. By masking the attack in a seemingly legitimate message, unsuspecting users more readily distribute the message and send the attack on to their co-workers and friends, infecting many users along the way 3. Malicious code: includes a variety of threats such as viruses, worms, and Trojan horses 4. Packet tampering: consists of altering the contents of packets as they travel over the Internet or altering data on computer disks after penetrating a network, For example, an attacker might place a tap on a network line to intercept packets as they leave the computer. The attacker could eavesdrop or alter the information as it leaves the network. 5. sniffer: is a program or device that can monitor data traveling over a network. Sniffers can show all the data being transmitted over a network, including passwords and sensitive information. Sniffers tend to be a favorite weapon in the hacker's arsenal. 6. Spoofing: consists of forging the return address on an email so that the message appears to come from someone other than the actual sender. This is not a virus but rather a way by which virus authors conceal their identities as they send out viruses. 7. Splogs (spam blogs): are fake blogs created solely to raise the search engine rank of affiliated websites. Even blogs that are legitimate are plagued by spam, with spammers taking advantage of the comment feature of most blogs to comment with links to spam sites. 8. Spyware: is software that comes hidden in free downloadable software and tracks online movements mines the information stored on a computer, or uses a computer's CPU and storage for some task the user knows nothing about. Insiders: Legitimate users who purposely or accidentally misuse their access to the environment and cause some kind of business-affecting incident A few forms of unethical scams used by hackers to gain information include: 1. Social engineering: Occurs when hackers use their social skills to trick people into revealing access credentials or other valuable information. 2. Pretexting: A form of social engineering in which one individual lies to obtain confidential data about another individual. 3. Dumpster diving: Occurs when a hacker looks through people's trash to obtain information Chapter 04 4.2 Information Security Part 04 With all the unethical behavior that is constantly bombarding an organization, it is best to create policies that prevent these types of scams: 1. Information security policies: Identify the rules required to maintain information security, such as requiring users to log off before leaving for lunch or meetings, never sharing passwords with anyone, and changing passwords every 30 days. 2. Information security plan: Details how an organization will implement the information security policies. A few details managers should consider regarding information security policies include defining best practices for the following: 1. Applications: allowed to be placed on the corporate network, especially various file-sharing applications (e.g., Kazaa, now defunct), IM software, and entertainment or freeware created by unknown sources (e.g., iPhone applications). 2. Corporate computer equipment: used for personal reasons on personal network 3. Password creation and maintenance: including minimum password length, characters to be included while choosing passwords, and frequency for password changes. 4. Personal computer equipment: allowed to connect to the corporate network. 5. Virus protection: including how often the system should be scanned and how frequently - the software should be updated. This could also include if downloading attachments is allowed and practices for safe downloading from trusted and untrustworthy sources. Destructive agents: Malicious agents designed by spammers and other Internet attackers to farm email addresses off websites or deposit spyware on machines Phishing: A technique to gain personal information for the purpose of identity theft, usually by means of fraudulent emails that look as though they came from legitimate businesses Different forms of phishing include: 1. Phishing expedition: A masquerading attack that combines spam with spoofing. 2. Spear phishing: A phishing expedition in which the emails are carefully designed to target a particular person or organization. 3. Vishing (or voice phishing): A phone scam that attempts to defraud people by asking them to call a bogus telephone number to confirm their account information. 4. Pharming: Reroutes requests for legitimate websites to false websites. For example, if you were to type in the URL to your bank, pharming could redirect to a fake site that collects your information. 5. Zombie: A program that secretly takes over another computer for the purpose of launching attacks on other computers. Zombie attacks are almost impossible to trace back to the attacker 6. Zombie farm: A group of computers on which a hacker has planted zombie programs 7. Pharming attack: A zombie farm, often by an organized crime association, to launch a massive phishing attack 8. Sock puppet marketing: is the use of a false identity to artificially stimulate demand for a product, brand, or service. A false identity on the Internet is known colloquially as a sock puppet or catfish, depending upon the level of detail attached to the false identity. Chapter 04 4.2 Information Security Part 05 Authentication: is a method for confirming users identities. Authorization: is the process of providing a user with permission, or The process of giving someone permission to do or have something including access levels and abilities such as file access, hours of access, and amount of allocated storage space. Authentication and authorization techniques fall into three categories: 1. Something the user knows: such as a user ID and password, this is one of the most ineffective ways for determining authentication. 2. Something the user has: using something the user has such as a smart card or token Tokens: Small electronic devices that change user passwords automatically Smart card: A device that is around the same size as a credit card, containing embedded technologies that can store information and small amounts of software to perform some limited processing. Tokens and smart cards are two of the primary forms of this type of authentication. 3. Something that is part of the user: such as a fingerprint or voice signature. something that is part of the user. Biometrics (narrowly defined): is the identification of a user based on a physical characteristic, such as a fingerprint, iris, face, voice, or handwriting Voiceprint: is a set of measurable characteristics of a human voice that uniquely identifies an individual. These characteristics, which are based on the physical configuration of a speaker's mouth and throat, can be expressed as a mathematicalformula. Unfortunately, biometric authentication such as voiceprints can be costly and intrusive. The goal of authentication is to make it difficult for an unauthorized person to gain access to a system because if one security level is broken, the attacker will still have to break through additional levels 1. Single-factor authentication: The traditional security process, which requires a user name and password. 2. Two-factor authentication: Requires the user to provide two means of authentication, what the user knows (password) and what the user has (security token). 3. Multifactor authentication: Requires more than two means of authentication, such as what the user knows (password), what the user has (security token), and what the user is (biometric verification). Time bombs: Computer viruses that wait for a specific date before executing their instructions Content filtering: Occurs when organizations use software that filters content, such as emails, to prevent the accidental or malicious transmission of unauthorized information Spam: A form of unsolicited email. Encryption: Scrambles information into an alternative form that requires a key or password to decrypt. Decrypt: To decrypt information is to decode it. It is the opposite of encrypt. Cryptography: The science that studies encryption, which is the hiding of messages so only the sender and receiver can read them. Personally identifiable information (PII): is any data that could potentially identify a specific individual. 1. Non sensitive PIl: Information transmitted without encryption. This includes information collected from public records, phone books, corporate directories, websites, etc. Non sensitive PlI is information that does not harm an individual, such as an address 2. Sensitive PII: Information transmitted with encryption and, when disclosed, results in a breach of an individual's privacy and can potentially cause the individual harm. Sensitive PlI includes biometric information, financial information, medical information, and unique identifiers such as passport or Social Security numbers. Public key encryption (PKE): Uses two keys: a public key that everyone can have, and a private key for only the recipient. Certificate authority: A trusted third party, such as VeriSign, that validates user identities by means of digital certificates. Digital certificate: A data file that identifies individuals or organizations online and is comparable to a digital signature. firewall: is hardware and/or software that guards a private network by analyzing incoming and outgoing information for the correct markings. organizations typically place a firewall between a server and the Internet. Antivirus software: Scans and searches hard drives to prevent, detect, and remove known viruses, adware, and spyware. Antivirus software must be frequently updated to protect against newly created viruses. Chapter 04 4.2 Information Security Part 06 Network behavior analysis: gathers an organization's computer network traffic patterns to identify unusual or suspicious operations. The removal of highly classified data files, or unauthorized user attempts. Detecting cybercriminals is a difficult job because there are so many different types of criminals with various agendas, including: 1. Cyberwar: An organized attempt by a country's military to disrupt or destroy the information and communication systems of another country. 2. Cyberterrorism: The use of computer and networking technologies against persons or property to intimidate or coerce governments, individuals, or any segment of society to attain political, religious, or ideological goals. 3. Cyberespionage: Includes governments that are after some form of information about other governments. 4. Cybervigilantes: Include individuals that seek notoriety or want to make a social or political point, such as WikiLeaks. Intrusion detection software (IDS): features full-time monitoring tools that search for patterns in network traffic to identify intruders. Chapter 05 5.1 MIS Infrastructure Part 01 MIS infrastructure: Includes the plans for how a firm will build, deploy, use, and share its data, processes, and MIS assets. Benefit of a solid MIS infrastructure: 1. Reduce costs. 2. Improve productivity. 3. Optimize business operations. 4. Generate growth. 5. Increase profitability. Hardware: Consists of the physical devices associated with a computer system. Software: The set of instructions the hardware executes to carry out specific tasks. Network: A communications system created by linking two or more devices and establishing a standard methodology in which they can communicate. Client: A computer designed to request information from a server. Server: A computer dedicated to providing information in response to requests. Enterprise architect: A person grounded in technology, fluent in business, and able to provide the important bridge between MIS and the business. MIS Infrastructures: The three primary areas of MIS infrastructure and their features are: 1. Information MIS Infrastructure: supports operations including backup, recovery, disaster recovery, business continuity. 2. Planning: (Agile MIS Infrastructure): supports change including accessibility, availability, maintainability, portability, reliability, scalability. 3. Usability:( Sustainable MIS Infrastructure): supports sustainability including grid computing, cloud computing, and virtualization The three primary areas of support provided by information infrastructure are: 1. Backup and recovery plan Backup: An exact copy of a system's information. Recovery: The ability to get a system up and running in the event of a system crash or failure that includes restoring the information backup. 2. Disaster recovery plan Disaster recovery plan: A detailed process for recovering information or a system in the event of a catastrophic disaster. 3. Business continuity plan Business continuity planning (BCP): Details how a company recovers and restores critical business operations and systems after a disaster or extended disruption. Fault tolerance: is the ability for a system to respond to unexpected failures or system crashes as the backup system immediately and automatically takes over with no loss of service. Failover: a specific type of fault tolerance occurs when a redundant storage server offers an exact replica of the real-time data, if the primary server crashes, the users are automatically directed to the secondary server or backup server. This is a high-speed and high-cost method of backup and recovery. What is the primary reason a company has a failover system? To take down the primary system for maintenance while the secondary system activates to ensure continuous operations Failback: Occurs when the primary machine recovers and resumes operations, taking over from the secondary server. Hot site: A separate and fully equipped facility where the company can move immediately after a disaster and resume business. Cold site: A separate facility that does not have any computer equipment but is a place where employees can move after a disaster Warm site: A separate facility with computer equipment that requires installation and configuration. Disaster recovery cost curve: Charts (1) the cost to the company of the unavailability of information and technology and (2) the cost to the company of recovering from a disaster over time Emergency: A sudden, unexpected event requiring immediate action due to potential threats to health and safety, the environment, or property. Emergency preparedness: Ensures that a company is ready to respond to an emergency in an organized, timely, and effective manner. Business continuity planning (BCP): Details how a company recovers and restores critical business operations and systems after a disaster or extended disruption. Business Impact Analysis: identifies all critical business functions and the effect that a specific disaster may have on them. A business continuity plan typically includes an emergency notification service. Emergency Notification service: Infrastructure built for notifying people in the event of an emergency. Radio stations' occasional tests of the national Emergency Alert System is Example of emergency notification system. technology failure: occurs when the ability of a company to operate is impaired because of a hardware, software, or data outage Technology failures can destroy large amounts of vital data, often causing incidents unplanned interruptions of a service. Incident management: The process responsible for managing how incidents are identified and corrected. Technology recovery strategies: Focus specifically on prioritizing the order for restoring hardware, software, and data across the organization that best meets business recovery requirements. technology recovery strategy details: the order of importance for recovering hardware, software, data centers, and networking (or connectivity) The four technology recovery strategies and their examples are: 1. Hardware: servers, computers, and wireless devices. 2. Software: applications such as email, payroll, and instant messaging. 3. Networking: wireless, LAN, fiber, and cable. 4. Data Center: climate control, power supply, and security. Agile MIS Infrastructure Characteristics: 1. Accessibility: Varying levels allow system users to access, view, or perform operational functions. 2. Availability: The system is operational during different time frames. 3. Maintainability: The system quickly transforms to support environmental changes. 4. Portability: The system is available to operate on different devices or software platforms. 5. Reliability: The system functions correctly and provides accurate information. 6. Scalability: The system can scale up or adapt to the increased demands of growth. 7. Usability: The system is easy to learn and efficient and satisfying to use. Accessibility: Refers to the varying levels that define what a user can access, view, or perform when operating a system. Web accessibility: Allows people with disabilities to use the Web. Administrator access: Unrestricted access to the entire system. Top-level MIS employees require administrator access, or unrestricted access to the entire system. Administrator access can perform functions such as resetting passwords, deleting accounts, and shutting down entire systems. Web accessibility initiative (WAl): Brings together people from industry, disability organizations, government, and research labs from around the world to develop guidelines and resources to help make the web accessible to people with disabilities, including auditory, cognitive, neurological, physical, speech, and visual disabilities. Availability: Refers to the time frames when the system is operational. Unavailable: When it is not operating and cannot be used. High availability: When a system is continuously operational at all times. Maintainability (or flexibility): Refers to how quickly a system can transform to support environmental changes. Maintainability helps to measure how quickly and effectively a system can be changed or repaired after a failure. Portability: Refers to the ability of an application to operate on different devices or software platforms, such as different operating systems. Reliability (or accuracy): Ensures that a system is functioning correctly and providing accurate information. Vulnerability: is a system weakness that can be exploited by a threat. Scalability: Describes how well a system can scale up, or adapt to the increased demands of growth. Performance: Measures how quickly a system performs a process or transaction Performance is a key component of scalability because systems that can't scale suffer from performance issues Capacity: Represents the maximum throughput a system can deliver; for example, the capacity of a hard drive represents its size or volume Capacity planning: Determines future environmental infrastructure requirements to ensure high-quality system performance. Usability: The degree to which a system is efficient, easy to learn, and satisfying to use. Serviceability: How quickly a third party can change a system to ensure it meets user needs and the terms of any contracts, including agreed-to levels of reliability, maintainability, or availability Chapter 06 6.1 Data Quality Part 01 Data granularity: Refers to the extent of detail within the data (fine and detailed or coarse and abstract) Organizational data has three primary areas: 1. levels. 2. formats. 3. granularities. The four primary traits that help determine the value of data: 1. Data Type: Transactional and Analytical. Transactional data: Encompasses all of the data contained within a single business process or unit of work, and its primary purpose is to support the performing of daily operational tasks. Examples of transactional data are: 1-sales receipt 2-airline ticket 3-packing slip Analytical data: Encompasses all organizational data, and its primary purpose is to support the performing of managerial analysis tasks. Examples of analytical data are: 1-product statistics 2-sales projections 3-future growth, 4-trends. 2. Data Timeliness. Timeliness: is an aspect of data that depends on the situation. Real-time data: Immediate, up-to-date data. Real-time system: Provides real-time data in response to requests. 3. Data Quality. Data inconsistency: Occurs when the same data element has different values. Data integrity issues: Occur when a system produces incorrect, inconsistent, or duplicate data. If a manager identifies numerous data integrity issues, they should consider the reports generated from that data as invalid and not use them when making decisions Enterprise architect: A person grounded in technology, fluent in business, and able to provide the important bridge between MIS and the business. The Five Characteristics Common of High-Quality Data: 1. Accurate: Is there an incorrect value in the data? Example: Is the name spelled ?correctly? Is the dollar amount recorded properly. 2. Complete: Is a value missing from the data? Example: Is the address complete ?including street, city, state, and zip code. 3. Consistent: Is aggregate or summary data in agreement with detailed data? Example: Do in total columns equal the true total of the individual item. 4. Timely: Is the data current with respect to business needs? Example: Is data ?updated weekly, daily, or hourly 5. Unique: Is each transaction and event represented only once in the data? Example: Are there any duplicate customers The four Reason or sources for low-quality data: 1. Customers intentionally enter inaccurate data to protect their privacy. 2. Different entry standards and formats. 3. Operators enter abbreviated or erroneous data by accident or to save time. 4. Third party and external data contains inconsistencies, inaccuracies, and errors. Understanding the Benefits of Using High-Quality Data: Data steward: is Responsible for ensuring the policies and procedures are implemented across the organization and acts as a liaison between the MIS department and the business. Data stewardship: The management and oversight of an organization's data assets to help provide business users with high-quality data that is easily accessible in a consistent manner. Potential business effects resulting from low quality data include: 1. Inability to accurately track customers. 2. Difficulty identifying valuable customers. 3. Inability to build strong customer. 4. Marketing to nonexistent customers. 5. Inability to identify selling opportunities. 6. Difficulty tracking revenue. 4. Data Governance. Data governance: Refers to the overall management of the availability, usability, integrity, and security of company data. Master data management (MDM): The practice of gathering data and ensuring that it is uniform, accurate, consistent, and complete, including such entities as customers, suppliers, products, sales, employees, and other critical entities that are commonly integrated across organizational systems. Data validation: Includes the tests and evaluations used to determine compliance with data governance polices to ensure correctness of data. Database: Maintains data about various types of objects (inventory), events (transactions), people (employees), and places (warehouses). Database management system (DBMS): Creates, reads, updates, and deletes data in a database while controlling access and security. Two primary tools available for retrieving data from a DBMS include: 1. Structured query language (SQL): Asks users to write lines of code to answer questions against a database. 2. Query-by-example (QBE) tool: Helps users graphically design the answer to a question against a database. Common Database Terms Table: 1. Data element (or data field): The smallest or basic unit of data For Example: Data elements can include a customer's name, address, email, discount rate, preferred shipping method, product name, quantity ordered, and so on. 2. Data models: Logical data structures that detail the relationships among data elements by using graphics or pictures. For Example: Each data element is given a description, such as Customer Name; metadata is provided for the type of data (text, numeric, alphanumeric, date, image, binary value) and descriptions of potential predefined values such as a certain area code; and finally the relationship is defined. 3. Metadata: Provides details about data For Example: metadata for an image could include its size, resolution, and date created. Metadata about a text document could contain document length, data created, author's name, and summary 4. Data dictionary: Compiles all of the metadata about the data elements in the data model For Example: Looking at a data model, along with reviewing the data dictionary, provides tremendous insight into the database's functions, purpose, and business rules. Chapter 06 6.1 Data Quality Part 02 Storing Data Elements in Entities and Attributes: Relational database model: Stores data in the form of logically related two-dimensional tables. Relational database management system: Allows users to create, read, update, and delete data in a relational database. The relationships in the relational database model help managers extract this data. Attribute (field, column): The data elements associated with an entity. Record: A collection of related data elements. Creating Relationships through Keys: Primary key: A field (or group of fields) that uniquely identifies a given entity in a table. Foreign key: A primary key of one table that appears an attribute in another table and acts to provide a logical relationship among the two tables. It is a primary key of one table that appears as an attribute in another table and acts to provide a logical relationship between the two tables. Database Advantages from a Business Perspective Include: 1. increased flexibility. 2. increased scalability and performance. 3. reduced data redundancy. 4. increased data integrity. increased data security. Scalability: Refers to how well a system can adapt to increased demands. Performance: Measures how quickly a system performs a certain process or transaction. Data latency: The time it takes for data to be stored or retrieved. Data redundancy: The duplication of data, or the storage of the same data in multiple places. Inconsistency: is one of the primary problems with redundant data. Data integrity: measures the quality of data. Integrity constraint: rules that help ensure the quality of data. Relational integrity constraints: Rules that enforce basic and fundamental information-based constraints. Business-critical integrity constraints: Enforce business rules vital to an organization's success and often require more insight and knowledge than relational integrity constraints. Databases offer many security features, including: 1. passwords: to provide authentication 2. Access levels: to determine who can access the data. 3. Access controls: to determine what type of access they have to the data. Identity management: A broad administrative area that deals with identifying individuals in a system (such as a country, a network, or an enterprise) and controlling their access to resources within that system by associating user rights and restrictions with the established identity. Chapter 06 6.2 Data Warehouse and Blockchain Part 01 Organizational data includes far more than simple structured data elements in a database. The set of data also includes unstructured data such as voice mail, customer phone calls, text messages, and video clips, along with numerous new forms of data, such as tweets from Twitter. Data point: An individual item on a graph or a chart Data integrity: A measure of the quality of data. Data Analysis Cycle: 1. Collect: Identify data sources 2. Analyze: Ask the right questions 3. Communicate: Influence and persuade 4. Visualize: Craft your data story The Problem: Data Rich, Information Poor Many organizations find themselves in the position of being data rich and information poor. Even in today's electronic world, managers struggle with the challenge of turning their business data into business intelligence. The Solution: Data Aggregation Dataset: An organized collection of data Comparative analysis: Compares two or more datasets to identify patterns and trends. A few examples of how managers can use BI to answer tough business questions: 1. Where has the business been? Historical perspective offers important variables for determining trends and patterns. 2. Where is the business now? Looking at the current business situation allows managers to take effective action to solve issues before they grow out of control. 3. Where is the business going? Setting strategic direction is critical for planning and creating solid business strategies. Competitive monitoring: Occurs when a company keeps tabs on its competitor's activities on the web using software that automatically tracks all competitor website activities such as discounts and new products. Source data: Identifies the primary location where data is collected. Source data can include invoices, spreadsheets, time sheets, transactions, and electronic sources such as other databases. Raw data: Data that has not been processed for use. What is another name for raw data that has undergone processing? cooked data. Data aggregation: The collection of data from various sources for the purpose of data processing. To gather data about particular groups based on specific variables such as age, profession, or income. Data warehouse: A logical collection of data, gathered from many different operational databases, that supports business analysis activities and decision-making tasks The primary purpose of a data warehouse is perform analytical process Extraction, transformation, and loading (ETL): A process that extracts data from internal and external databases, transforms the data using a common set of enterprise definitions, and loads the data into a data warehouse. Data mart: Contains a subset of data warehouse data. The internal databases include: 1. Marketing. 2. Inventory. 3. Sales. 4. Billing. The external databases include: 1. Competitor data. 2. Industry data. 3. Mailing lists. 4. stock market analysis. Data cube: The common term for the representation of multidimensional data. Data lake: A storage repository that holds a vast amount of raw data in its original format until the business needs it Dirty data: Erroneous or flawed data Dirty Data Problems: 1. Inaccurate Data. 2. Non-integrated data. 3. Violates business rules data. 4. non-formatted data. 5. Incorrect data. 6. Misleading data 7. Duplicate data Data cleansing or scrubbing: A process that weeds out and fixes or discards inconsistent, incorrect, or incomplete data. The steps that occur during data cleansing: 1. Missing records or attributes. 2. Redundant records. 3. Missing keys or other required data. 4. Erroneous relationships or references. 5. inaccurate or incomplete data. Data quality audits: Determines the accuracy and completeness of its data. Data artist: A business analytics specialist who uses visual tools to help people understand complex Analysis paralysis: occurs when there is not enough information to perform an analysis. Data visualization: Describes technologies that allow users to "see' or visualize data to transform data into a business perspective. Data visualization tools: Move beyond Excel graphs and charts into sophisticated analysis techniques such as pie charts, controls, instruments, maps, time-series graphs, and more. Ledger: Records classified and summarized transactional data Blockchain: A type of distributed ledger, consisting of blocks of data that maintain a permanent and tamper- proof record of transactional data. What are the three advantages of using blockchain technology? 1. Immutability 2. digital trust 3. Internet of things integration Distributed computing: Processes and manages algorithms across many machines in a computing environment. Proof-of-work: A requirement to define an expensive computer calculation, also called mining, that needs to be performed to create a new group of trustless transactions (blocks) on the distributed ledger or blockchain. Bitcoin: A type of digital currency in which a record of transactions is maintained, and new units of currency are generated by the computational solution of mathematical problems, and which operates independently of a central bank Ethereum: A decentralized, open source blockchain with smart contract functionality. Blocks: Data structures containing a hash, previous hash, and data Genesis block: The first block created in a blockchain. Hash: A function that converts an input of letters and numbers into an encrypted outpu fixed length. Hashes are the links in the blockchain Proof-of-stake: A way to validate transactions and achieve a distributed consensus. It is still an algorithm, and the purpose is the same as the proof-of-work, but the process to reach the goal is quite different. Chapter 07 7.1 Connectivity Part 01 A network provides two principal benefits: 1. the ability to communicate. 2. the ability to share. Local area network (LAN): Connects a group of computers in close proximity, such as in an office building, school, or home. Wide area network (WAN): Spans a large geographic area such as a state, province, or country. Metropolitan area network (MAN): A large computer network usually spanning a city. Mobile: Means the technology can travel with the user. For instance, users can download software, email messages, and web pages onto a laptop or other mobile device for portable reading or reference. Mobile business: The ability to purchase goods and services through a wireless Internet- enabled device. Wireless: Refers to any type of operation accomplished without the use of a hardwired connection. Wireless fidelity (Wi-Fi): A means by which portable devices can connect wirelessly to a local area network, using access points that send and receive data via radio waves. Wi-Fi infrastructure: Includes the inner workings of a Wi-Fi service or utility, including the signal transmitters, towers, or poles and additional equipment required to send out a Wi-Fi signal. Measuring Wireless Network Performance: Bandwidth: The maximum amount of data that can pass from one point to another in a unit of time. Bit: The smallest element of data and has a value of either 0 or 1. Bit rate: The number of bits transferred or received per unit of time. Bandwidth Speeds: 1. Kilobits “Kb”. 2. Megabit “Mb”. 3. Gigabit “Gb”. Chapter 07 7.1 Connectivity Part 02 Personal area networks (PAN): Provide communication over a short distance that is intended for use with devices that are owned and operated by a single user. Bluetooth: Wireless PAN technology that transmits signals over short distances between cell phones, computers, and other devices. Wireless LANs: 1. Wireless LAN (WLAN): A local area network that uses radio signals to transmit and receive data over distances of a few hundred feet 2. Access point: The computer or network device that serves an as interface between devices and the network. 3. Wireless access point: Enables devices to connect to a wireless network to communicate with each other. 4. Multiple-in/multiple-out technology: Multiple transmitters and receivers allowing them to send and receive greater amounts of data than traditional networking devices. Wi-Fi Networks: Hotspots: Designated locations where Wi-Fi access points are publicly available Wireless MAN (WMAN): A metropolitan area network that uses radio signals to transmit and receive data. Worldwide Interoperability for Microwave Access (WiMAX): A communications technology aimed at providing high-speed wireless data over metropolitan area networks. Wireless WAN —Cellular Communication System: Wireless WAN (WWAN): A wide area network that uses radio signals to transmit and receive data. Radio access network (RAN): A technology that connects individual devices to other parts of a network through radio connections. Smart phones: Offer more advanced computing ability and connectivity than basic cell phones. Chapter 07 7.1 Connectivity Part 03 5G Networks: Disruption in Cellular networks: 5G: The fifth-generation wireless broadband technology that will greatly increase the speed and responsiveness of wireless networks. Streaming: A method of sending audio and video files over the Internet in such a way that the user can view the file while it is being transferred Streaming data: Data that is generated continuously by thousands of data sources, which typically send in the data records simultaneously, and in small sizes (order of kilobytes) Wi-Fi 6: The next generation of Wi-Fi is expected to operate at 9.6 Gbps. Satellite: A space station that orbits the Earth receiving and transmitting signals from Earth-based stations over a wide area Actor: An entity that is capable of participating in an action or a network Bad actor: An entity that is participating with ill intentions. Two technologies securing Wi-Fi networks include: 1. Wired equivalent privacy (WEP): An encryption algorithm designed to protect wireless transmission data 2. Wi-Fi protected access (WPA): A wireless security protocol to protect Wi-Fi networks War chalking: The practice of tagging pavement with codes displaying where WiFi access is available. War driving: Deliberately searching for Wi-Fi signals while driving by in a vehicle. SSL Certificate: An electronic document that confirms the identity of a website or server and verifies that a public key belongs to a trustworthy individual or company. Secure hypertext transfer protocol (SHTTP or HTTPS): A combination of HTTP and SSL to provide encryption and secure identification of an Internet server. Chapter 07 7.2 Mobility Part 01 IT consumerization: The blending of personal and business use of technology devices and applications. Pervasive computing: The growing trend of embedding computer capabilities into everyday objects to make them effectively communicate and perform useful tasks in a way that minimizes the end user's needs to interact with computers as computers. Enterprise mobility management (EMM): An enterprise-wide security strategy to enforce corporate epolicies while enabling employee use of mobile devices such as smart phones and tablets. Three Primary Areas of an Enterprise Mobility Management Strategy: 1. Mobile device management 2. Mobile application management 3. Mobile information management Mobile device management (MDM): A security strategy comprised of products and services that offer remote support for mobile devices, such as smart phones, laptops, and tablets. The three MDM Policies: 1. Bring Your Own Device or BY O D: Employees use their own device. Save company money. Zero control over security, reliability, and compatibility. 2. Choose Your Own Device or CY O D: Employees choose a company approved and configured device. Costs company money to purchase and maintain device. No personal use allowed. Complete control over security, reliability, and compatibility. 3. Company-Issued, Personally Enabled or COPE: Employees provided with corporate devices. Costs company to purchase and maintain devices. Partial control over security, reliability, and compatibility as employees can use for personal use. Mobile application management (MAM): A security strategy that administers and enforces corporate epolicies for applications on mobile devices. Mobile application development: The set of processes and procedures involved in writing software for use on wireless devices. Features of MAM: 1. Containerization (application sandboxing): Isolates corporate applications from personal applications on a device. 2. Dual persona technology: Creates two completely separate user interfaces on the same device, one for work and one for personal use. 3. Progressive web application (PWA): A website that looks and behaves as if it is a mobile application but is just a normal website. 4. Accelerometer: A device that can measure the force of acceleration, whether caused by gravity or by movement. Chapter 07 7.2 Mobility Part 02 Mobile information management (MIM): A security strategy that involves keeping sensitive data encrypted and allowing only approved applications to access or transmit it. Fast data: The application of big data analytics to smaller data sets in near real or real time in order to solve a problem or create business value. Mobile Information Management Characteristics: 1. Data at rest: Refers to all data in computer storage. Data at rest: Refers to all data in computer storage. 2. Data in motion: A stream of data that is moving or being transported between locations within or between computer systems. What is another term for data in motion? Transit data, Flight data 3. Data in use: Data that is currently being updated, processed, erased, accessed, or read by a system Digital divide: A worldwide gap giving advantage to those with access to technology. Wireless Business Applications: 1. Radio frequency identification (RFID): Uses electronic tags and labels to identify objects wirelessly over short distances. RFID tag: An electronic identification device that is made up of a chip and antenna. RFID reader (RFID interrogator): A transmitter/receiver that reads the contents of RFID tags in the area. An RFID system is comprised of one or more RFID tags, one or more RFID readers, and two or more antennas. 2. Global positioning system (GPS): a satellite-based navigation system providing extremely accurate position, time, and speed information. 3. Geographic information system (GIS): stores, views, and analyzes geographic data, creating multidimensional charts or maps. Asset tracking: Occurs when a company places active or semi-passive RFID tags on expensive products or assets to gather data on the items' location with little or no manual intervention. Automatic vehicle location (AVL): Uses GPS tracking to track vehicles. Geocache: A GPS technology adventure game that posts the longitude and latitude location for an item on the Internet for users to find Geocoin: A round coin-sized object, is uniquely numbered and hidden in geocache. Estimated time of arrival (ETA): The time of day of an expected arrival at a certain destination Estimated time enroute (ETE): The time remaining before reaching a destination using the present speed. Chapter 07 7.2 Mobility Part 03 Geographic information system (GIS): Consists of hardware, software, and data that provide location information for display on a multidimensional map. Cartography: The science and art of making an illustrated map or chart. GIS map automation: Links business assets to a centralized system where they can be tracked and monitored over time. Spatial data: Identifies the geographic location of features and boundaries on Earth, such as natural or constructed features, oceans, and more. Geocoding: Spatial databases is a coding process that assigns a digital map feature to an attribute that serves as a unique ID (tract number, node number) or classification (soil type, zoning category) Location based services (LBS): Applications that use location information to provide a service.

Use Quizgecko on...
Browser
Browser