ITM 100 Final Notes PDF

ITM 100: Final Notes Class #7: Telecommunications, the Internet, and Wireless Technologies Telecommunication: transmission of information, as words, sounds, or images, usually over great distances, in the form of electromagnetic signals Networking and communication trends ○ Convergence Telephone networks and computer networks converging into single digital network using internet standards ○ Broadband More than 74% U.S. internet user have broadband access ○ Broadband wireless Voice, data communication are increasingly taking place over broadband wireless platforms Network: two or more connected computers major component in simple network ○ Network operating system (NOS): routes and manages communication on the network coordinates network resources ○ Hubs, switches, routers Hubs: are simple devices that connect network components, sending a packet of data to all other connected devices Switch: has more intelligence than a hub and other filter and forward data to a specified destination on the network Router: communication processor that routes packets of data through different networks, ensuring that the data sent get to the correct addresses Software-defined networking (SDN) ○ Networking approach in which many of these control functions of switches and routers managed by central program Networking in large companies ○ Hundreds of local area networks (LANs) linked to firm-wide corporate networks ○ Various powerful servers Website, corporate intranet, extranet Backend systems ○ Mobile wireless LANs (Wi-Fi networks) ○ Videoconferencing ○ Telephone network, wireless cell phones Client/server computing ○ Distributed computing model in which some of the processing power is located within small. Inexpensive client computers and resides on desktops or handheld devices ○ Clients linked through network controlled by server ○ Server sets rules of communication from network and provides every client with an address so others can find it on the network Packet switching ○ Method of slicing digital messages into parcels (packets) and sending packets along different communication paths as they become available ○ Reassembling packets at destination ○ Previous circuit-switched networks required assembly of complete point-to-point circuit ○ Packet switching more efficient use of network’s communications capacity ○ Pockets include information for directing the packet to the right address and for checking transmission errors along with the data Protocols ○ Rules and procedures that govern transmission of information between two points in a network Transmission control protocol/internet protocol (TCP/IP) ○ Common worldwide standard that is basis for the internet ○ Handles movement of data between computers ○ Establish connection between computers, sequences the transfer package, and acknowledges the packages sent Department of defense reference model for TCP/IP ○ Four layers Application layer: enables client application programs to access the other layers and defines the protocols that applications use to exchange data Transport layer: transport layer is responsible for providing the application layer with communication and packet services, includes TCP and other protocol Internet layer: responsible for addressing, routing, and packaging data packets called IP programs Network interface layer: bottom of reference model, network interface layer is responsible for placing packets on and receiving them from the other medium Signals: digital versus analog ○ Analog signal: represented by a continuous waveform that passes through a communications medium and has been used for audio communication ○ Digital signal: discrete, binary waveform rather than a continuous waveform (0 and 1) ○ Modem (modulator-demodulator): connect your computer to the internet using a cable network, and will convert digital signals into analog signals Modulation: convert from digital to analog signals Demodulation: convert from analog to digital signals Types of networks ○ Local area networks (LANs) Designed to connect personal computers and other digital devices within a half-mile or 500-meter radius Ethernet Client/server vs. peer-to-peer Treats all processors equally and is used primarily in small networks with ten or fewer users Wide area networks (WANs) ○ Span broad geographical distances - regions, states, continents, or the entire globe Metropolitan area networks (MANs) ○ Network that spans a metropolitan area, usually a city and its major suburbs (50-100 km) Campus area networks (CANs) ○ 5-10km to connect network on a campus Physical transmission media ○ Twisted pair wire (CAT5) ○ Coaxial cable ○ Fiber optics cable Wireless transmission media and devices ○ Satellites, cellular systems Calculate the BitRate of a pattern 1010010101 is transmitted in 10 ms ○ BitRate: # of bits transmitted / time taken = 10 / 10 x 10^-3 = 1000 bps The transmission capacity of a medium (bps) is dependent of its frequency, which is measured in hertz, or cycles per second Bandwidth: the difference between the highest and lowest frequencies that a channel can transmit Hertz: is equal to one cycle of the medium Internet service providers (ISPs) ○ Is a commercial organization with a permanent connection to the internet that sells temporary connections to retail subscribers ○ Provide connections ○ Types of internet connections Dial-up: 56.6 kbps Digital subscriber line (DSL/FIOS): 385 kbps-40 Mbps Operate over existing telephone lines to carry voice, data, and video Cable internet connections: 1-50 Mbps Provide cable television vendors use digital cable coaxial lines to deliver high-speed internet access to homes and businesses Satellite T1/T3 lines; 1.54-45 Mbps International telephone standards for digital communication Internet protocol (IP): consisting of a string of numbers Each device on internet assigned internet protocol (IP) address ○ 128 bit number, eg. 207.46.250.119 The domain name system (DNS) ○ Converts IP addresses to domain names ○ Hierarchical structure ○ Top-level domains Network service providers ○ Own trunk lines (high-speed backbone networks) Regional telephone and cable TV companies ○ Provide regional and local access Professional organizations and government bodies establish internet standards ○ IAB ○ ICANN ○ W3C Hypertext ○ Hypertext market language (HTML): formats documents and incorporates dynamic links to other documents and together objects stored in the same or remote computers ○ Hypertext transfer protocol (HTTP): communications standard that transfers pages on the web ○ Uniform resource locator (URL): url tells the browser software exactly where to look for the information Web sources ○ Software for locating and managing web pages ○ Locates web pages a user requests on the computer where are stored and delivers the web pages to the user’s computer Dark web: portion of the deep web, intentionally hidden for search engines, accessible with only special web browser in order to preserve anonymity Search engines ○ Attempt to solve the problem of finding useful information on the web nearly instantly, and arguably they are the killer app of the internet era ○ Started as simpler programs using keyword indexes ○ Google’s pagerank system Mobile search: 50% of all searched in 2016 ○ Mobile searched from smartphones and tablets makes up more than 50% of all the searches and will expand rapidly in the next few years Semantic search: way for search engines to become more discriminating and helpful to make search engine capable of understanding what we are really looking for ○ Goal is to build a search engine that can really human language and behavior Predictive search: this part of the search algorithm guesses what you are looking for and suggests search terms as type your search word Visual web: refers to websites like pinterest, where you can you can upload pictures to search for similar products Shopping bots: use intelligent agent software for searching the interest for shopping information Search engine marketing ○ Major sources of internet advertising revenue Search engine optimization (SEO) ○ Improving website quality and traffic to improve rankings in search engine results IPv6: old system based on 32-bit addresses is being replaced by a new version of IP addressing called IPv6 (internet version 6) ○ IPv6 is 128-bit addresses Internet2: advanced networking consortium serving 317 U.S. universities, 60 government agencies, 43 regional and state education networks etc. ○ 100 Gbps network Internet Services ○ E-mail: allow message to be exchanged from person to person Capabilities for routing messages to multiple recipients Forwarding messages Attaching documents ○ Chatting and instant messaging: allows people to communicate with each other instantly through video chat, and messaging Interactive conversions ○ Newsgroups: worldwide discussion groups posted on internet electronic bulletin boards on which people share information and ideas on a defined topic Discussion groups on electronic bulletin boards ○ Telnet: logging on to one computer system and doing work in another ○ File transfer protocol (FTP): transferring files from computer to computer ○ World wide web: retrieving, formatting, and displaying information (including audio, text, graphics, video) by using hypertext links Voice over IP (VoIP) ○ Digital voice communication using IP, packet switching ○ Avoids tolls ○ Providers: cable providers, google, skype Unified communications ○ Communications systems that integrate voice, data, e-mail, conferencing ○ Integrates disparate channels for voice communications, data communications, instant messaging, email, and electronic conferencing Virtual private network (VPN) ○ Secure, encrypted, private network run over internet ○ PPTP (point-to-point tunneling protocol), tunneling Website: collection of web pages linked to a home page Sharing information on the web ○ Blog: personal website that typically contains a series of chronological entries by its author and links related web pages ○ Microblogging: used in twitter or other platforms with serious space or size constraints, is a type of blogging that features very small elements of content such as short sentences, individual images, or video links ○ RSS (rich site summary or really simple syndication): pulls content from websites and feeds it automatically to users’ computers ○ Wikis: collaborative websites on which visitors can add, delete, or modify content, including work of previous authors ○ Social networking: sites enable users to build communities of friends and professional colleagues Web 2.0 ○ Enabling collaboration, sharing information, and creating new services online ○ Features: interactivity, real time user control, social participation (sharing), user generated content Web 3.0 and the future web ○ More tools to make sense of trillions of pages on the internet ○ Pervasive web ○ Internet of things: is based on billions of internet-connected sensors throughout our physical world ○ Internet of people Cellular systems ○ Cellular network standards and generations ○ Mobile wireless standards for web access ○ 3G networks: with transmission speeds from 144 Kbps for mobile users, to more than 2 Mbps for stationary users ○ 4G networks: have higher speeds up to 100 Mbps download and 50 Mbps upload ○ 5G networks: designed to support transmission of very large amounts of data in the gigabit range, fewer transmission delays and the ability to connect many more devices at once Bluetooth: wireless networking standard which is useful for creating small personal area networks (PANs), links up 8 devices within 10m area using low power, radio based communication can transmit up to 722 Kbps in the 2.4-Ghz band Wi-Fi and wireless internet access: can transmit 11 Mbps in the unlicensed 2.4-Ghz band and has effective distance of 30 to 50m Hotspots: locations with one or more access points providing wireless internet access and are often in public places WiMax (worldwide interoperability for microwave access): wireless access range of up to 31 miles and transmission speed of 30-40 Mbps (1 Gbps for fixed stations) Wireless Sensor Networks (WSNs) ○ Networks of hundreds of thousands of interconnected wireless devices that are embedded in the physical environment to provide measurements of many points over large spaces ○ Used to monitor building security, detect hazardous substances in air, monitor environmental changes, traffic, or military activity ○ Devices have built-in processing, storage, and radio frequency sensors and antennas ○ Require low-power, long-lasting batteries and ability to endure in the field without maintenance ○ Major sources of “big data” and feuling “internet of things” Radio Frequency Identification (RFID) ○ Provide powerful technology for tracking the movement of goods throughout the supply chain ○ Use tiny tags with microchip containing data about an item and location ○ Tag antennas to transmit radio signals over short distances to special RFID readers ○ Near field communication (NFC): short-range wireless connectivity standard that uses electromagnetic radio fields to enable two compatible devices to exchange data when brought within a few centimeters of each other (eg. apple pay) ○ Passive RFID: doesn’t have a battery, the reader walks by and makes it active ○ Active RFID: has a battery and is always active sending radio frequencies, the radio will collect information from the radio frequency Class #8: E-commerce, Digital Markets and Digital Goods E-commerce ○ Use of the internet and web to transact business ○ Digitally enabled commercial transactions between and among organizations and individuals ○ Began in 1995 an grew exponentially ○ Still stable in a recession ○ Online e-commerce has been a success, growing 12-15% New e-commerce platform ○ The online workhorse of online marketing was the display ad, and it is being replaced by video ads ○ Emphasis in online marketing has shifted from a focus on eyeballs to a focus on participating in customer-oriented conversations ○ Consumer purchase decisions are increasingly driven by the conversations, choices, tastes, and opinions of their social network The Growth of E-commerce: Technology Foundations ○ Wireless internet connections Wi-Fi, 4G smartphones ○ Powerful smartphones and tablet Web surfing, stramling ○ Wearable computers Fitbit, apple watch ○ Social networking apps 1.65 billion users ○ Cloud computing, SaaS Ubiquity ○ internet/web technology available everywhere, work, home, etc. and anytime ○ Allows you to shop from anywhere ○ Marketplace: extended beyond traditional boundaries and removed from a temporal and geographic location ○ Ubiquity reduces transaction costs - cost of participating in a market Global reach ○ Transactions cross cultural and national boundaries → conveniently and cost effectively Universal standards ○ One set of technology standards: internet standards ○ Technical standards for conducting e-commerce are universal standards ○ Universal technical standards of the internet and e-commerce greatly reduce marke t entry costs ○ Market entry costs: cost merchants pay simply to bring their goods to market ○ universal standards reduce search costs ○ Search costs: effort required to find suitable products Richness ○ Richness: complexity and content of a message ○ Traditional markets, national forces, and small retail stores have great richness, they can provide personal, face-to-face service, using aural and visual cues when making a scale ○ Supports video, audio, and text messages Interactivity ○ Using a chat window to interact with technical support at Bell ○ Interactivity allows an online merchant to engage a consumer in whats similar to a face-to-face experience but on a massive, global scale Information density ○ Vast increases in information density - the total amount and quality of information available to all participants, consumers, and merchants alike ○ E-commerce technologies reduce information collection, storage, processing, and communication costs while greatly increasing the currency, accuracy, and timeliness of information ○ Price transparency: refers to the ease with which consumers can find out the variety of prices in a market ○ Cost transparency: ability of consumers to discover the actual cost merchants pay for products ○ Price discrimination: selling the same goods, or nearly the same goods, to different targeted groups at different prices Personalization/customization ○ Technology permits modification of messages, goods ○ E-commerce permits personalization based on the person’s clickstream, behaviour, name, interests, and past purchases ○ Customization: changing the delivered product or service based on a user’s preferences or prior behaviour Social technology ○ Promotes user consent generation and social networking Eg. uploading videos to youtube ○ The new internet and e-commerce empower users to create and distribute content on a large scale and permit users to program their own content consumption Information asymmetry reduced ○ One party in a transaction has more information that is important for the transaction than the other party ○ Information helps determine their relative bargaining power Costs reduced ○ Menu costs: merchants’ costs of changing prices, greater price discrimination, and the ability to change prices dynamically based on market conditions ○ Dynamic pricing: price of a product varies depending on the demand characteristics of the customer or the supply situation of the seller ○ Search costs: the effort to find suitable products ○ Transaction costs: the cost of participating in a market Dynamic pricing enabled: price of a product varies depending on the demand characteristics of the customer or the supply situation of the seller Disintermediation enabled: removal of organizations or business process layers responsible for intermediary steps in a value chain ○ The new digital markets can either reduce or increase switching costs, depending on the nature of the product or service being sold ○ Digital markets provide opportunities to sell directly to the consumer, bypassing distributors or retail outlets Benefits of Disintermediation to the Customer ○ Manufacturer → distributor → retailer → customer - price per sweater = $48.50 ○ Manufacturer → retailer → customer - price per sweater = $40.34 ○ Manufacturer → customer - price per sweater = $20.45 Digital goods ○ Goods that can be delivered over a digital network ○ Cost of producing first unit is almost entire cost of product ○ Costs of delivery over the internet very low ○ Marketing costs remain the same, price highly variable ○ Industries with digital goods are undergoing revolutionary changes (publishers, record labels, etc.) Business-to-consumer (B2C): retailing of products and services directly to consumers ○ Eg. amazon, dell Business-to-business (B2B): sales of goods and services to other businesses ○ Eg. IBM. GE Consumer-to-consumer (C2C): consumers selling directly to consumers ○ Eg. eBay, kijiji Mobile commerce or m-commerce: use of handheld wireless devices for purchasing goods and services from any location Business model ○ Describes the method of doing business by which a company generates revenue an e-commerce business model leverages the unique qualities of internet ○ Lack of a sound business model was amazon reason of failures for many dot coms E-commerce roles ○ Portal: gateways to the web and are often defined as those sites that users set as their home page ○ E-trailer: online retailers, come in all sizes, from giant Amazon to a tiny local stores that have websites Is similar to typical brick and mortar storefront, expect it is done digitally ○ Content provider: e-commerce has become a global channel Content is defined broadly to include all forms of intellectual property Intellectual property: tangible and intangible products of the mind for which the creator claims a property right Value proposition of online content providers is that consumers can conveniently find a wide range of content online and purchase content inexpensively to be played or viewed on multiple devices or smartphones Podcasting: method of publishing audio or video broadcasts through the internet, allowing subscribers to download audio or video files onto their personal devices Streaming: publishing method for music and video files that flows continuous stream of content to a user’s device without being stored locally on the device ○ Transition broker: processes transactions for consumers normally handled in person, by phone, or by email ○ Market creator: build digital environment in which buyers and sellers can meet, display products, search for products, and establish prices ○ Service provider: offer services online Photo sharing and online sites for data backup and storage all use a service provider business model ○ Community provider: sites that create a digital online environment where people with similar interests can transact (buy and sell products), share interests, photos, and videos, communicate with like-minded people, receive interest-related information, etc. Revenue model: describes how the firm will earn revenue, generate profits, and produce a superior return on investment Advertising revenue model: website generates revenue by attracting a large audience of visitors who can then be exposed to advertisements Sales revenue model: companies derive revenue by selling goods, information, or services to customers ○ Micropayment systems: provide content providers with a cost-effective method for processing high volumes of very small monetary transactions (from 25 cents to $5 transactions) Subscription revenue model: website offering content or services charges a subscription fee for access to some or all of its offerings on an ongoing basis Free/freemium revenue model: forms offer basic services or content for free and charge a premium for advanced or special features Transaction fee: company receives a fee for enabling or executing a transaction ○ FinTech: start-up financial technology firms Affiliate revenue model: send visitors to other websites in return for a referral fee or percentage of the revenue from any resulting sales ○ Referral fees are also known as lead generation fees Behavioural targeting ○ Techniques to increase the effectiveness of banners, rich media, and video ads ○ Tracking online behavior of individuals ○ Behavioural targeting takes place at two levels: at individual websites or from within apps, and on various advertising networks that track users across thousands of websites ○ All websites collect data on visitor browser activity and store it in a database Programmatic advertising ○ Use of software to purchase digital advertising Native advertising ○ Involves placing ads in social network news feeds or within traditional editorial content, such as newspaper article ○ Organic advertising Social network marketing ○ Social networks in the offline world are collections of people who voluntarily communicate with one another over an extended period of time ○ Social e-commerce is based on the idea of digital social graph ○ Social graph: mapping of all significant online social relationships ○ Seeks to leverage individuals’ influence over others ○ Targeting a social network of people sharing interests and advice Communities ○ Social networks have huge audiences Social shopping sites ○ Swap shopping ideas with friends (kaboodle, pinterest) ○ Facebook offers the “like” button to let your friends know you admire a product, service or content and, in some space purchase something online Wisdom of crowds/crowdsourcing ○ Large numbers of people can make better decision about topic and products than a single person or even a small committee of experts ○ Crowdsourcing: firms can can be actively helped in solving some business problems by using crowdsourcing Private industrial networks ○ Private exchanges ○ Large firm using a secure website to link to suppliers and partners, and other key business partners ○ Buyer owns the network, and it permits the firm and designate suppliers, distributors and other business partners to share product design and development, marketing, production scheduling, inventory management, and unstructured communication Net marketplaces (e-hubs) ○ Provide single digital marketplace based on internet technology for many buyers and sellers ○ May focus of direct or indirect goods ○ May be vertical or horizontal marketplaces ○ Industry owned or operate as independent intermediaries between buyers and sellers ○ Generate revenue from purchase and sale transactions and other services provided to clients ○ Direct goods: used in a production process, like sheet steel for auto body production ○ Indirect goods: other goods not directly involved in the production process, such as office supplies or products of maintenance and repair Exchanges ○ Independently owned third-part net marketplaces that connect many suppliers and buyers for spot purchasing Main areas of growth ○ Mass market retailing (amazon, ebay, etc) ○ Sales of digital content (music, tv, etc.) ○ In-app sales to mobile devices Financial account management apps ○ Banks, credit card companies Location-based services: include geosocial, geoadvertising, and geoinformation services ○ Used by 74% of smartphone owners Geosocial: can tell you where friends are meeting Geoadvertising: can tell you what shops are nearby Send ads to users based on their GPS location Geoinformation: can tell you the price of house you are passing Mobile advertising market ○ Ads embedded in games, videos, and mobile apps Most important management challenges ○ Developing clear understanding of business objectives ○ Knowing how to choose the right technology to achieve those objectives Develop an e-commerce presence map ○ E-commerce has moved from being a PC-centric activity on the web to a mobile and tablet-based activity ○ Four areas: website, e-mail, social media, office media Website Platform: traditional, mobile, tablet Activity: search, display apps, affiliates, sponsorships Email Platform: internal lists, purchased lists Activity: newsletters, updates, sales Social media Platform: facebook/instagram, twitter, blogs Activity: conversation, engagement, sharing, advice Offline media Platform: print, tv & radio Activity: education, exposure, branding Develop a timeline: milestones ○ Breaking a project into discrete phases Phase 1: Planning Envision web presence, determine personal → web mission statement Phase 2: website development Acquire content, develop a site design, arrange for hosting the site → website plan Phase 3: web implementation Develop keywords and metatags, focus on search engine optimization, identify potential sponsors → a functional website Phase 4: social media plan Identify appropriate social platforms and content for your products and services → a social media presence Phase 5: social media implementation Develop facebook, twitter and pinterest presence → function social media presence Phase 6: mobile plan Develop a mobile plan, consider options for porting you website to smartphones → a mobile plan Class #9: Securing Information Systems Security: policies, procedures, and technical measures used to prevent unauthorized access, alteration, theft, or physical damage to information system Controls: methods, policies, and organizational procedures that ensure the safety of the organization’s assets, the accuracy and reliability of its records, and operational adherence to management standards Information systems are mission critical for many organizations ○ Failed computer systems can lead to significant or total loss of business function Information and systems are very vulnerable ○ Confidential personal and financial data, trade secrets, new products, strategies Without proper security measures, these systems would be next to impossible to use and benefit from ○ A security breach may cut into a firm’s market value almost immediately ○ Inadequate security also brings forth issues of liability Hardware problems ○ Breakdowns, configuration errors, damage from improper use or crime Software problems ○ Programming errors, installation errors, unauthorized changes Physical damage to infrastructure ○ Use of networks/computers outside of firm’s control Software vulnerabilities ○ Software errors pose a constant threat to information system, cursing untold losses in the productivity and sometimes endangering people who use or depend on system ○ Commercial software contain flaws that create security vulnerabilities Bugs (program code defects) Main source of boys is the complexity of decision making code Small program of several hundred lines will contain tens of decisions leading to hundreds or even thousands of paths Zero defects cannot be achieved because complete testing is not possible with large programs Flaws can open networks to industries, eg buffer overflow defeat that could cause a system to crash and league the with heightened privileges Zero-day vulnerabilities: which are holes in the software unknown to its creator Called zero day because the author of the software has zero days after learning about it to path the code before it can be exploited in an attack ○ Patches: repair the flaws without disturbing the proper operation of the software Computer crime: most hacker activities are criminal offense, and the vulnerabilities of systems we have just described make them targets for other types of computer crime ○ Violation of criminal law that involves a knowledge of technology for perpetration, investigation, or prosecution Computer as a target of crime ○ Breaching confidentiality of protected computerized data ○ Accessing a computer system without authority Computer as an instrument of crime ○ Theft of trade secrets ○ Using e-mail for threats or harassment Network open to anyone: network communication is intercepted in an attempt to obtain key data, eg. person-in-the-middle The internet is so huge that when abuses do occur, they can have an anomaly widespread impact Wireless security challenges ○ Bluetooth, and Wi-Fi networks are susceptible to hacking by eavesdroppers ○ Local area networks (LANs) ○ Hackers use these tools to detect unprotected networks, monitor network traffic, and, in some cases gain accesses to the internet or to corporate networks ○ SSIDs (service set identifiers) Identify access points, broadcast multiple times, can be identified by sniffer programs ○ War driving Eavesdroppers drive by buildings and try to detect SSID and gain access to network and resources Once access point is breached, intruder can gain access to networked drives and files Rogue software programs ○ Attempts to bypass appropriate authorization and/or perform unauthorized function ○ Attach to other programs in order to be executed ○ Usually without user knowledge or permission Deliver a “Payload” ○ Copy themselves from one computer to another sometimes through email attachments ○ May steal data or files ○ Permit eavesdropping ○ Destroy data Worms ○ Independent computer programs that copy themselves from one computer to another over networks ○ Unlike viruses, worms can operate on their own without attaching to other computer program files and rely less on human behavior to spread rapidly from computer to computer ○ Drive-by downloads: consisting of malware that comes with a downloaded file that a user intentionally or unintentionally requests Trojan Horses ○ A software program that appears to be benign, but then does something unexpected ○ Not a virus because it doesn’t replicate ○ Often “Transports” a virus into a computer system ○ Name is based on greek rude during trojan war SQL injection attacks ○ Hackers submit data to web forms that sends rogue SQL query to database to perform malicious acts (eg. delete segments of the database) ○ Exploit vulnerabilities in poorly coded web application software to introduce malicious program code into a company's systems ○ Ransomware: profiting on both desktop and mobile devices Tires to extort money from users by taking control of their computers, blocking access to files, or displaying annoying pop-up message Spyware ○ Small programs install themselves surreptitiously on computers to monitor user web-surfing activity and serve up advertising ○ Keyloggers: record every keystroke make on a computer to steal serial numbers for software, to launch internet attacks, gain access to email accounts, obtain passwords to protected internet attacks, or to pick up personal information such as credit cards number or bank account numbers Hackers ○ Individuals who attempt to gain unauthorized access to a computer system Cracker ○ A hacker with criminal intent Cyber vandalism ○ Intentional disruption, defacement, or even destruction of a website or corporate information system Identity theft ○ A crime in which the imposter obtains key prices of personal information such as social security number, driver’s license number etc. Password guessing ○ Obvious Phishing ○ Setting up fake websites or sending email messages that look legitimate, and using them to ask for confidential personal data ○ Spear phishing: target form of phishing, messages appear to come from a trusted source, such as an individual within the recipient’s own company or a friend Evil twins ○ Are wireless networks that pretend to offer trustworthy Wi-Fi connections to the internet, such as airport lounges, hotels, coffee shops etc ○ Bogus network looks identical to a legitimate public network Pharming ○ Redirecting users to a bogus website Back door ○ Unauthorized access to anyone who knows it exists Cyberterrorism and cyberwarfare ○ Exploitation of systems by terrorists ○ State-sponsored activity designed to cripple and defeat another state or nation by penetrating its computers or networks to cause damage and disruption Spoofing ○ Involve redirecting a web link to an address different from the intended one ○ Masquerading as someone else, or redirecting a web link to an unintended address Sniffing ○ An eavesdropping program that monitors information travelling over a network ○ Enables hackers to steal proprietary information as e-mail, company files and so on DoS ○ Hackers flood a server or web with false communications or requests in order to crash the system Disturbed DoS Attack (DDoS) ○ Uses numerous computers to launch a DoS ○ Cause website to shutdown Often use Botnets ○ Hackers create botnets by infecting other people’s computers with bot malware that open back door through which an attacker can give instructions to the infected computer ○ Deliver 90% of world spam, 80% of world malware ○ Pushdo: spamming botnet infected computers sent as many as 7.7 billion spam messages per day Click fraud: occurs when an individual or computer program fraudulently clicks an online ad without any intention of learning more about the advertiser or making purchase General data protection regulation (GDPR): for retention and storage if electronic records as well as for privacy protection Health insurance portability and accountability act (HIPAA): 1996 - outlines security and privacy rules and procedures for simplifying the administration of healthcare billing and automating the transfer of healthcare data between healthcare providers, payers, and plans Gramm-leach-bliley act: 1999 - requires financial institutions to ensure the security and confidentiality of customer data ○ Data must be stores on a secure medium, and special measures must be enforced to protect such data on storage media and during transmittal Sarbanes-oxley act: designed to protect investors in public companies ○ Fundamentally about ensuring that internal controls are in place to govern the creation and documentation of information in financial statements Internal Treats: Employees ○ Security threats often originate inside an organization ○ Inside knowledge ○ Sloppy security procedures User lack of knowledge ○ Social engineering Tricking employees into revealing their passwords by pretending to be legitimate members of the company in need of information ○ Both end users and information systems specialists are sources of risk Security: Policies, procedures, and technical measures used to prevent unauthorized access, alteration, theft, or physical damage to information systems Security measures are a special case of organizational controls ○ Methods, policies, and organizational procedures that ensure safety of organization’s assets; accuracy and reliability of its accounting records; and operational adherence to management standards Electronic Evidence and Computer Forensics ○ Security, control, and electronic records management have become essential for responding to legal action ○ Computer forensics: the scientific collection, examination, authentication, preservation, and analysis of data held on or used as evidence in a court of law It deals with the following problems Recovering data from computers while preserving evidential integrity Securely storing and handling recovered electronic data Finding significant information in a large volume of electronic data Presenting the information to a court of law General controls ○ Govern design, security, and use of computer programs and security of data files in general throughout organization’s information technology infrastructure ○ Software controls, hardware controls, computer operations controls, data security controls, system development controls, administrative controls Application controls ○ Controls unique to each computerized application ○ Include both automated and manual procedures that ensure that imply authorized data are completely and accurately processed by that application ○ Application controls: Input controls, processing controls, output controls ○ Input controls: check for data for accuracy and completeness when they enter the system ○ Processing controls: establish thy data are complete and accurate during updating ○ Output controls: ensure that the results of computer processing are accurate, complete, and properly distributed Software patches ○ Small pieces of software to repair flaws ○ Exploits often created faster than patches can be released and implemented Identity management software ○ Automates keeping track of all users and their system privileges ○ Authenticated users, protecting identities, controlling access Authentication ○ Ability to know that a person is who he or she claims to be ○ Password systems ○ Tokens: physical device similar to an identification card, that is designed to prove the identity of a single user Small gadgets that typically fit on key rings and display passcodes that change frequently ○ Smart cards: a card that contains a chip formatted with access permission and other data ○ Biometric authentication: uses systems that read and interpret individual human traits, like fingerprints, irises, and voices to grant or deny access ○ Two-factor authentication: increases security by validating users through a multistep process Preventing Unauthorized Access ○ Guidelines for passwords Easy to remember, hard to guess Don’t use family or pet names Use combination uppercase and lowercase letters, digits and special characters Don’t leave computer when logged in Don’t ever tell anyone Don’t include in an email Don't use the same password in lots of places Firewall ○ Combination of hardware and software the prevents unauthorized users from accessing private networks ○ Control flow of incoming and outgoing network traffic ○ Technologies include packet filtering ○ Pocket filtering: examines selected fields in the headers of data packets flowing back and forth between the trusted network and the internet, examining individual packets in isolation ○ Stateful inspection: provides additional security by determining whether packets are part of an ongoing dialogue between sender and receiver Sets up state of tables to track information over multiple packets Packets are accepted or rejected based on whether they are part of an approved conversion or attempting to establish a legitimate connection Network address translation (NAT): can provide layer of protection when static packet filtering and stateful inspection are employed Application proxy filtering: examines application content of packets Stops data originating outside the organization, inspects them, and passes a proxy to the other side of the firewall Intrusion detection system ○ Feature full-time monitoring tools placed at the most vulnerable points or hot spots of corporate networks to detect and deter intruders continually ○ Monitors hot spots on corporate networks to detect and deter intruders Antivirus and antispyware software ○ Checks computers for presence of malware and can often eliminate it as well ○ Requires continual updating Unified threat management systems ○ Help businesses reduce costs and improve manageability, security vendors have combines into a single appliance various security tools, including firewalls, virtual private networks, intrusion detection system, and web content filtering and anti-spam software ○ Available for all sizes of networks Cryptography ○ The field of study related to encoded information (comes from greek work for “secret writing”) Encryption ○ The process of converting plaintext into ciphertext that cannot be read by anyone other than the sender and the intended receiver ○ Data encrypted using a secret numerical code, called an encryption key, that transforms plain data into cipher text Secure sockets layer (SSL): SSL and its successor, transport layer security (TLS), enable client and server computers to manage encryption and decryption activities and they communicate with each other during a secure web session Secure hypertext transfer protocol (S-HTTP): protocol used for encrypting data flowing over the internet, but is limited to individual messages, whereas SSL and TLS are designed to establish a secure connection between two computers Public key encryption: secure form of encryption - uses two keys: one shares (or public) and one totally private Digital certificates: data files used to establish the identity of users and electronic assets for protection of online transactions Public key infrastructure (PKI): use of public key cryptography working with a CA Description ○ The process of converting ciphertext into plaintext Cipher ○ An algorithm used to encrypt and decrypt text Encrypt: information cannot be read Decrypted: Information can be read Key ○ Set of parameters that guide a cipher ○ Neither is any good without the other Substitution cipher ○ A cipher that substitutes one character with another Public-key cryptography ○ An approach in which each user has related keys, one public and one private ○ One’s public key is distributed freely ○ A person encrypts an ongoing message, suing the receiver’s public key ○ Only the receiver’s private key can decrypt the message WEP (wired equivalent privacy) security ○ Provides margin of security ○ Static encryption keys are relatively easy to crack ○ Improved if used in conjunction with VPN WPA2 specification ○ Replaces WEP with stronger standards ○ Continually changing, longer encryption keys Security in the Cloud ○ Responsibility for security resides with company owning the data ○ Firms must ensure providers provide adequate protection Where the data are stored Meeting corporate requirements, legal privacy laws Segregation of data from other clients Audits and security certifications ○ Managing security and privacy for cloud services is similar to managing traditional IT infrastructure Risk assessment ○ Determines level of risk to firm if specific activity or process is not properly controlled Types of threat Probability of occurrence during year Potential losses, value of threat Expected annual loss ○ Goal is to minimize vulnerability to threats that put a system at the most risk Security policy ○ Ranks information risks, identifies acceptable security goals, and identifies mechanisms for achieving these goals ○ Drives other policies Acceptable use policy (AUP) Defines acceptable uses of firm’s information resources and computing equipment, including desktop and laptop computers, mobile devices, telephones, and the internet Defines unacceptable and acceptable actions for every user and specific consequences for noncompliance ○ Identify management Identifying valid users Controlling access Disaster recovery planning ○ Services plans for restoration of disrupted computing and communications services ○ Focus on technical issues involved in keeping systems up and running Business continuity planning ○ Focuses on restoring business operations after disaster ○ Identifies critical business processes and determines action plans for handling mission-critical functions if systems go down Both types of plans needed to identify most critical systems ○ Business impact analysis to determine impact of an outage ○ Management must determine which systems restored first Information systems audit ○ Examines firm’s overall security environment as well as controls governing individuals information systems ○ Auditor should trace the flow of sample transactions through the system and perform tests, using automated audit software ○ Also examine data quality ○ Security audits review technologies, procedures, documentation, training, and personnel Security audits ○ Review technologies, procedures, documentation, training, and personnel ○ May even simulate disaster to test responses List and rank control weaknesses and the probability of occurrence Assess financial and organizational impact of each threat Blockchain: is a chain of digital “blocks” that contain before and after, and the blockchains are continually updated and kept in sync Online transaction processing: transaction entered online are immediately processed by the computer ○ Multitudinous changes to databases, reporting, and requests for information occur each instant Fault-tolerant computer systems: contain redundant hardware, software, and power supply components that create an environment that provides continuous, uninterrupted service Downtime: refers to periods of time in which a system is not operational Walkthrough: review of a specific or design document by a small group of people carefully selected based on the skills needed for the particular objectives being tested Debugging: when errors are discovered , the source is found and eliminated Security outsourcing ○ Small businesses, lack resources or expertise to provide a secure high-availability computing environment on their own ○ They can outsource many security function to managed security service providers (MSSPs) Digital resiliency: firms embracing concept of digital resiliency to deal with the realities of this new digital environment ○ Deals with how to maintain and increase the resilience of an organization and its business processes in an all-pervasive digital environment Class #10: Emerging Technologies and AI The mobile digital platform ○ Smartphones ○ Netbooks ○ Tablet computers ○ Digital e-book readers (kindle) ○ Wearable devices New mobile digital computing platforms have emerged as alternatives to PCs and larger computers Mobile platform included small lightweight netbooks optimized for wireless communication and internet access, tablet computers like ipad, and digital e-book readers such amazon’s kindle with some web access capabilities Consumerization ○ Technology emerges on the consumer market and then spreads into business organizations BYOD: bring your own device ○ Forces businesses and IT departments to rethink how IT equipment and services are acquired and managed ○ BYOD (bring your own device): is one aspect of the consumerization of IT, in which new information technology that first emerges in the consumer market spreads into business organizations Virtualization: the process of presenting a set of computing resources (such as computing power or data storage) so that they can all be accessed in ways that are not restricted by physical configuration or geographic location Software-defined storage (SDS): which separates the software for managing data storage from storage hardware Cloud computing ○ Off load peak demand for computing power to remote, large scale data processing centers ○ Pay only for the computing power they us, as with an electrical utility ○ Excellent for firms with spiked demand curves caused by seasonal variations in consumer demand (eg. holiday shopping) ○ Saves firms from purchasing excessive levels of infrastructure ○ Data permanently stored in remote servers, accessed and updates over the internet by users ○ A cloud can be private or public A public cloud is owned and maintained by a service provider Amazon web service (AWS) A private cloud is operates only for an organization ○ Concerns include Security Availability Users become dependent on the cloud provider ○ Cloud computing enables companies and individuals to perform all of their computing work using a virtualized IT infrastructure in a remote location ○ On demand self service: consumers can obtain computing capabilities such as server time or network storage as needed automatically on their own ○ Ubiquitous network access: cloud resources can be accessed using standard network and internet devices, including mobile platforms ○ Location independent resource pooling: computing resources are pooled to serve multiple users, with different virtual resources dynamically assigned according to user demand. The user generally does not know where the computing resources are located ○ Rapid elasticity: computing resources can be rapidly provisioned, increased, or decreased, or to meet changing user demand ○ Measured service: charges for cloud resources are based on amount of resources actually used ○ Cloud computing consists of three different types of services Infrastructure as a service (IaaS): customers use processing, storage, networking, another computing resources from cloud service providers to run their information systems Software as a service (SaaS): customer use software by the vendor on the vendor’s cloud infrastructure and delivered as a service over a network Platform as a series (PaaS): customers use infrastructure and programming tools supported by the cloud service provider to develop their own applications ○ Public cloud: owned and maintained by a cloud service provider, such as amazon web services, and made available to the general public or industry group Often used for website with public information and product descriptions, one time large computing projects, developing and testing new application and consumer services like online storage data, music and photos ○ Private cloud: operated solely for an organization, may be managed by the organization or a third party and may be hosted either internally or externally ○ On demand computing: purchase their computing services from remote providers and pay only for the amount of computing power they actually use (utility computing) or are billed on a monthly or annual subscription basis ○ Hybrid Cloud: computing model where they use their own infrastructure for their most essential core activities and adopt public cloud computing for less critical systems or for additional processing capacity during peak business periods Multicore processor: integrates circuit to which two or more processor cores have been attached for enhanced performance, reduced power consumption, and more efficient simultaneous processing of multiple tasks ○ This technology allows two or more processing engines with reduced power requirements and heat dissipation to perform tasks faster than a resource hungry chip with a single processing core Edge computing: method of optimizing cloud computing systems by performance some data processing on a set of linked servers at the edge of the network, near the source of the data ○ Reduces amount of data flowing back and forth between local computers and other devices and the central cloud data center Green computing (green IT): refers to practises and technologies for designing, manufacturing, using, and disposing of computers, servers, associated devices such as monitors, printers, storage devices, and networking and communications systems to minimize impact on the environment Quantum computing: uses the principles of quantum physics to represent data and perform operations on these data ○ Can process units of data 0,1, or both simultaneously ○ Quantum computer would gain enormous processing power through this ability to be in multiple states at once, allowing it to solve some scientific and business problems millions of times faster than can be done today Open source software ○ Open Source software is free and can be modified by users ○ Developed and maintained by a worldwide network of programmers and designers under the management of user communities Eg. apache web server, mozilla firefox browser, openoffice Linux is the most widely used open-source software program. Linus is an operating system derived from unix Web building application ○ Java: one of the most prominent OO languages, both PC and mobile environments Java virtual machine Used to convert java code to the native language of a computer ○ Python Used for building cloud computing applications ○ Objective C Predecessor to swift ○ Swift One of the most popular mobile app languages for IOS Hypertext markup language (HTML) ○ The language used to create or build a web page Markup language ○ A language that uses tags to annotate the information in a document Tag ○ The synthetic element in a markup language that annotate the information in a document Web browser: easy to use software tool with a graphical user interface for displaying web pages and for accessing the web and other internet resources HTML5: solves this problem by making it possible to embed images, audio, video, and other elements directly into a document without processor intensive display devise Javascript: another core technology for making web pages more interactive Apps ○ Small pieces of software that can run on the internet, on your computer, or on your smartphone ○ Generally delivered over the internet Mashups ○ Combines of two or more online applications, such as combining mapping software (google maps) with local content Service oriented architecture (SOA) ○ Set of self contained services that communicate with each other to create a working software application ○ Software developers reuse these services in other combinations to assemble other applications as needed Web services: software components that exchange information using web standards and languages ○ XML: extensive markup language A language that allows the user to describe the content of a document HTML describes how a document should look XML describes a document’s meaning ○ More powerful and flexible than HTML ○ Tagging allows computers to process data automatically Three external sources for software ○ Software packages and enterprise software Prewritten commercially available set of software Software outsourcing Cloud-based software services and tools ○ salesforce.com ○ Service level agreements (SLAs): formal agreement with service providers Software package: prewritten commercially available set of software programs that eliminates the need for a firm to write its own software programs for certain functions, such as payroll processing or order handling Software outsourcing: enables a firm to contract custom software development or maintenance of existing legacy programs to outside firms Service level agreements (SLA): formal contract between customers and their service providers that defines the specific responsibilities of the service provider and the level of service expected by the customer Grand Vision ○ Computer hardware and software systems that are as “smart” as humans ○ So far, this vision has eluded computer programmers and scientists Realistic vision ○ Systems that take data inputs, process them, and produce outputs (like all software programs) and that can perform many complex tasks that would be difficult or impossible for humans to perform Expert systems: represent the knowledge of experts as a set of rules that can be programmed so that a computer can assist human decision making Machine learning: software that can identify patterns in very large databases without explicit programming although with significant human training Neural networks and deep learning: loosely based on human neurons, algorithms that can be trained to classify objects into known categories based on data inputs, deep learning used multiple layers of neural networks to reveal the underlying patterns in data, and in limited cases identify patterns without human training ○ Deep learning: more complex, many layers of transformation of the input data to produce a target output Natural language processing: algorithms based loosely on evolutionary natural selection and mutation, commonly used to generate high-quality solutions to optimization and search problems Computer vision systems: systems that can view and extract information from real-world images Robotics: use of machines that can substitute for human movements as well as computer systems for their control and information processing Intelligent agents: software agents that use built-in or learned knowledge to perform specific tasks or services for an individual Expert systems ○ Developed in 1970s, and were the first large-scale applications of AI in business and other organizations ○ Account for 20% of all AI systems today ○ An intelligent technique for capturing tacit knowledge in a very specific and limited domain of human expertise Capture the knowledge of skilled employees in the form of a set rules in a software system that can be used by others in the organization Knowledge based system ○ Software uses a specific set of information from which it extracts and processes particular pieces Inference engine ○ Works by searching through the rules and firing those rules that are triggered by facts the user gathers and enters Expert system ○ A software system based on the knowledge of human experts; it is a Rule based system: a software based on a set of if-then rules Inference engine: the software that processes rules to draw conclusions Machine learning ○ How computer programs improve performance without explicit programming Accomplished by neural networks, deep learning networks, and genetic algorithms, with the main focus on recognizing patterns in data, and classifying data inputs into known (and unknown) outputs Supervised: in which system in trained by providing specific examples of desired inputs and outputs identified by humans in advance Unsupervised learning: same procedures are followed, but humans don’t feed the system examples ○ System is asked to process the development database and report whatever patterns it finds Genetic algorithms: are useful for finding the optimal solution for a specific problem by examining a very large number of alternative solution for that problem Neural network ○ Find patterns and relationships in massive amounts of data too complicated for humans to analyze ○ “Learn” patterns by searching for relationships, building models, and correcting over and over again ○ Humans “train” network by feeding it data inputs for which outputs are known, to help neural network learn solution by example from human experts ○ Used in medicine, science, and business for problems in pattern classification, prediction, financial analysis, and control and optimization ○ Neural networks are pattern detection programs Artificial neural network ○ Each processing element in an artificial neural network is analogous to a biological neuron An element accepts a certain number of input values (dendrites) and produces a single value (axon) of either 0 or 1 Associates with each input value is a numeric weight (synapse) ○ Training The process of adjusting the weights and threshold values in a neural net How does it work Given one output value per pixel, train network to produce an output value of 1 for every pixel that contributes to the act and 0 for every one that doesn't Natural Language Processing ○ Makes it possible for a computer to understand and analyze natural language ○ Understand, and speak in natural language. Read natural language and translate ○ Typically today based on machine learning, aided by very large databases of common phrases and sentences on a given language ○ Eg. google translate Computer vision systems ○ Deal with how computers can emulate the human visual system and extract information from real-world images ○ Digital image systems that create a digital map of an image (like a face, or a street sign), and recognize this image in large data bases of images in near real time ○ Every image has a unique pattern of pixels ○ Facebook’s deepface can identify friends in photos across their system, and the entire web ○ Autonomous vehicles can recognize signs, road markers, people, animals, and other vehicles with good reliability Robotics ○ Design, construction, and operation of machines that can substitute for humans in many factory, office, and home applications (home vacuums) ○ Generally programmed to perform specific and detailed actions in limited domains (eg. robots spray paint autos, and assemble certain parts, welding, heavy assembly movement) ○ Used in dangerous situations like bomb disposal ○ Surgical robots are expanding their capabilities ○ Used mostly in manufacturing environments Intelligent agents ○ Software programs that work without direct human intervention to carry out repetitive, predictable tasks Deleting junk e-mail Finding cheapest airfare ○ Use limited built-in or learned knowledge base Some are capable of self-adjustment, for example: siri ○ Chatbots Are software agents designed to simulate a conversation with one or more human users via textual or auditory methods ○ Agents based modelling applications Model behaviour of consumers, stock markets and supply chains, used to predict spread of epidemics Class #11: Information Systems, Organizations, and Strategy Micheal Porter’s competitive forces model ○ Provided general view of firm, its competitors, and environment Five competitive forces shape fate of firm ○ Traditional competitors All firms share market space with competitors who are continuously devising new, more efficient way to produce by introducing new products, services efficiencies, and switching costs ○ New market entrants Some industries have high barriers to entry, for example, computer chip business Advantages New companies have new equipment, younger workers (which are less expensive and innovative) Disadvantages Depend on outside financing for new plants/equipment, less-experienced workforce, little brand recognition New companies are always entering the new marketplace ○ Substitute products and services Substitutes products customers might use when you prices become too high, for example, iTunes substitutes for CDs More substitute product and services in your industry, the less you can control pricing and the lower you profit margins ○ Customers Can customers easily switch to competitor’s products? Can they force businesses to compete on price alone in a transparent marketplace? Profitable company depends in large measure on its ability to attract and retain customers ○ Suppliers Market power if suppliers when firm cannot raise prices as fast as suppliers The more different suppliers a firm has, the greater control it can exercise over suppliers in terms of price, quality, and delivery schedules Low-cost leadership ○ Offering products and services at lower price than competitors ○ Use information systems to achieve the lowest operational costs and the lowest prices ○ Efficient customer response system: links consumer behaviour to distribution and production and supply chains ○ Example: walmart’s efficient customer response system Product differentiation ○ Enable new products or services, greatly change customer convince and experience ○ Use information systems to enable new products and services or greatly change the customer convenience in using your existing products and services ○ Continual stream of innovations flowing from big tech companies ensures their products are unique and difficult to copy ○ Example: google, nike ○ Mass customization Ability to offer individually tailored products or services using the same production resources as mass production ○ Customer experience management More companies are differentiating their products not just by the features of the products themselves but also by the entire experience of buying and using the product Focus on market niche ○ Use information systems to enable a focused strategy on a single market niche; specialize ○ Information systems support this strategy by producing and analyzing data for finely tuned sales and marketing techniques ○ Information systems enable companies to analyze customer buying patterns, tastes, and campaigns to smaller and smaller target markets ○ Example: hilton hotels’ and O n Q system Strengthen customer and supplier intimacy ○ Use information systems to develop strong ties and loyalty with customers and suppliers ○ Increase switching costs Strong linkages to customers and suppliers increase switching costs and loyalty to your firm ○ Examples: toyota, amazon The Internet’s Impact on Composite Advantage ○ Because of the internet the traditional competitive forces are still at work, but competitive rivalry has become much more intense ○ Internet technology is based on universal standards that any company can use, making it easy for rivals to compete on price alone and for ne competitors to enter the market ○ The internet nearly destroyed some industries and has severely threatened more ○ The internet has also created new markers ○ Transformation or threat to some industries Examples: travel agency printed encyclopedia, media ○ Competitive forces still at work, but rivalry more intense ○ Universal standards allow new rivals, entrants to market ○ New opportunities for building brands and loyal customer bases Internet of things (I of T) ○ Growing use of internet-connected sensors in products Smart products ○ Fitness equipment health trackers Expand product differentiation opportunities ○ Increasing rivalry between competitors Raise searching costs Inhibit new entrants May decrease power of suppliers Business value chain ○ Highlights specific activist in the business where competitive strategies can best be applied and where information systems are most likely to have a strategic impact ○ Business value chain model views the firm as a series or chain of basic activities that add a margin of value to a firm’s products or services ○ Firm as series of activities that add value to products or services ○ Highlights activities where competitive strategies can be applied Primary activities: relate directly to the value created in a product or service which create value for the customer Operations transforms inputs into finished products Support activities: make it possible to for the primary activities to exist and remain coordinated Benchmarking: involves comparing the efficiency and effectiveness of your business processes against strict standards and then measuring performance against those standards Best practices: identified by consulting companies, research organizations, government agencies, and industry associations as the most successful solutions or problem-solving methods for consistently and effectively achieving a business objective Value chain ○ Firm’s value chain is linked to value chains of suppliers, distributors, customers ○ Collection of independent firms using highly synchronized IT to coordinate value chains to produce product or service collectively ○ More customer driven, less linear operation than traditional value chain Value web: is a collection of independent firms that use information technology to coordinate their value chains to produce a product or service for a market collectively Synergies ○ When output of some units are used as inputs to others, or organizations pool markets and expertise, these relationships lower costs and generate profits ○ One use of information technology in these synergy situations is to tie together the operations of disparate business units so they can act as a whole Core competency: is activity for which a firm is a world-class leader ○ May involve being the world’s best miniature parts designer Network-Based Strategies ○ Take advantage of firm’s abilities to network with on another Network economics Market situations where the economic value being produced depends on the number of people using a product Marginal cost of adding new participant almost zero, with much greater marginal gain Value of community grows with size Value of software grows as installed customer base grows Compare to traditional economics and law of diminishing returns Virtual company model Network-based strategy use the model of a virtual company to create a competitive business Links people, assets and ideas Creates networks to ally with other companies Creates and distributes products without being limited by traditional organizational boundaries or physical locations Business ecosystems Internet and the emergence of digital foam call for some modification of the industry competitive force model Industry sets of forms providing related services and products Business ecosystem: another terms for those loosely coupled but interdependent networks of suppliers, distributors, outsourcing firms, transportation service firms and technology manufacturers ○ Typically have one or only a few keystone firms that dominate the ecosystem and create the platforms used by other niche firms Sustaining competitive advantage ○ Competitive advantages that strategic systems confer do not necessarily last long enough to ensure long-term profitability ○ Competitor can retaliate and copy systems ○ Systems may become tools for survival ○ Internet can make competitive advantages disappear very quickly because virtually all companies can use technology Aligning IT with business objectives ○ Research on IT and business performance has found that The more successfully a firm can align information technology with its goals, the more profitable it will be Only one-quarter of firms achieve alignment of IT with the business ○ Performing strategic systems analysis ○ Structure of industry ○ Firm value chains Class #12: Ethical and Social Issues in Information Systems Ethics: refers to the principles of right and wrong that individuals, acting as free moral agents, use to make choices to guide their behaviour ○ Ethical issues in information systems have been given new urgency by the rise of the internet and e-commerce ○ Internet and digital technologies make it easier than ever to assemble, integrate, and distribute information, unleashing new concerns about the appropriate use of customer information the protection of personal privacy and the protection of intellectual property Dark Side of big data ○ Stories Predictive policing Insurance rate ○ Problem Opportunities from new technology Undeveloped legal environment ○ Solutions Develop big data strategy Develop privacy policies Develop big data predictive models Develop big data mining technology Develop big data analytics tools and predictive modeling systems Ethics and information systems ○ Principles of right and wrong that individuals, acting as free moral agents, use to make choices to guide their behaviour ○ Information systems raise new ethical questions because they create opportunities for Intense social change, threatening existing distributions of power, money, rights, and obligations New kinds of crime Computing power: doubles every 18 months ○ Critical operations are done using computer systems ○ Made it possible for most organizations to use information systems for their core production processes ○ This caused our dependence on systems and our vulnerability to system errors and poor data quality to increase Data storage: costs rapidly decline ○ Detailed databases on individuals are easily maintained ○ Maintained by private and public organizations ○ Enormous data storage systems for terabytes and petabytes of data are now available on-site or as online services for firms of all sizes to use in identifying customers Data analysis: advances ○ Developed detailed profiles of individual behaviour ○ With contemporary data management tools, companies assemble and combine hybrid pieces of information about you stores on computers much more easily than in the past Networking: advances ○ Access personal data remotely ○ Profiling: the use of computers to combine data from multiple sources and crate digital dossiers of detailed information on individuals ○ Companies purchase relevant personal information from sources to help them more finely target their marketing campaigns Mobile device: growth impact ○ Tracking individual cell phones without user consent Cookies ○ Identify browser and track visits to site ○ Small text files deposited on a computer hard drive when a user visits website Web beacons (web bugs) ○ Tiny graphics embedded in emails and web pages ○ Tiny software programs that keep a record of users; online clickstream ○ They report this data back to whoever owns the tracking file Spyware ○ Surreptitiously installed on user’s computer ○ May transmit user’s keystrokes or display unwanted ads ○ Secretly install on an internet user’s computer by piggybacking on larger applications ○ Once installed, it calls out to websites to send banner ads and other unsolicited material to the user, and it can report the user’s movements on the internet to other computers Google ○ Services and behavioral targeting (doubleclick) The united states businesses to gather transaction information and use this for other marketing purposes Informed consent ○ US allowed businesses to gather transaction information generates in the marketplace and then use that information for other marketing purposes without obtaining informed consent of the individual whose information is being used Opt-out vs. opt-in model ○ Opt-out: allows of personal information unless the consumer requests otherwise ○ Opt-in: must take action to approve collection and use of personal information Solutions include ○ Email encryption ○ Anonymity tools ○ Anti-spyware tools ○ Overall, technical solutions have failed to protect users from being tracked form on site to another ○ Browser features “Private” browsing “Do not track” options Profiling ○ Combine data from multiple sources to create dossiers of detailed information on individuals Non Obvious relationship awareness (NORA) ○ Combining data from multiple sources to find obscure hidden connections that might help identify criminals or terrorists ○ has given both the government and the private sector even more powerful rolfing capabilities ○ Can take information about people from many disparate sources, such as employment applications, telephone records, customer listings, and wanted lists, and correlate relationships to find obscure connections that might help identify criminals or terrorists ○ Can and extracts information as the data are being generated Responsibility ○ Accepting the potential costs, suits, and obligations for decisions Accountability ○ Mechanisms for identifying responsible parties ○ Key element of ethical action ○ Means that you accept the potential costs, duties, and obligations for the decisions you make ○ Feature of systems and social institutions, means that mechanisms are in place to determine who took action and who is responsible ○ Systems and institutions in which it is impossible to find out who took what action are inherently incapable of ethical analysis or ethical action Liability ○ Permits individuals (and firms) to recover damages done to them ○ Extends the concept of responsibility further to the area of laws ○ Feature of political systems in which a body of laws is in place that permits individuals to recover the damages done to them by other actors, systems, or organizations Due process ○ Laws are well-known and understood, with an ability to appeal to higher authorities ○ Related feature of law-governed societies and is a process in which laws are known and understood, and ability exists to appeal to higher authorities to ensure that the laws are applied correctly Five step process for ethical analysis ○ Identify and clearly describe the facts Find how who did what to whom and where, when, and how ○ Define the conflict or dilemma and identify the higher-order values involved Ethical, social, and political issues always reference higher values Typically an ethical issue involves a dilemma Two diametrically opposed courses of action that support worthwhile values ○ Identify the stakeholders Every ethical, social and political issue has stakeholders Players in the dame who have an interest in the outcome, who have invested in the situation, and usually who have vocal opinions ○ Identify the options that you can reasonably take You may find that none of the options satisfy all the interests involved but that some options so a better job than others Sometimes arriving at a good or ethical solution may not always be a balancing of consequences to stakeholders ○ Identify the potential consequences of you options Some options may be ethically correct but disastrous from other points of view Golden rule ○ Do unto others as you would have them unto you Immanual Kant’s categorical imperative ○ If an action is not right for everyone to take, it is not right for anyone Descartes’ rule of change (slippery slope rule) ○ If an action cannot be taken repeatedly, it is not right to take at all ○ An action may bring about a small change now that is acceptable, but if it is repeated, it would bring unacceptable changes in the long run Utilitarian Principle ○ Take the action that archives the higher or greater value ○ This rule assumes you can prioritize values in a rank order and understand the consequences of various courses of action Risk aversion principle ○ Take the action that produces the least harm or potential cost ○ Some actions have extremely high failure costs of very low probability or extremely high failure costs of moderate probability ○ Avoid actions that have extremely high failure costs, focus on reducing the probability of accidents occurring Ethical “no free lunch” rule ○ Assume that virtually all tangible and intangible objects are owned by someone unless there is a specific declaration otherwise ○ If something someone else has created is useful to you it has value, and you should assume the creator wants compensation for this work Privacy ○ Claim if individuals to be left alone, free form surveillance or interference from other individuals, organizations, or state ○ Claim to be able to control information about yourself ○ Information technology as systems threaten individual claims to privacy by making the invasion of privacy cheap, profitable, and effective Fair information practices ○ Set of principles governing the collection and use of information about individuals ○ Based on the notion of mutuality of interest between the record holder and the individual ○ The individual has an interest in engaging in a transaction, asn the record keeper, usually a business or government agency ○ Basis of most U.S. and European privacy laws ○ Used to drive changes in privacy legislation ○ COPPA - parental permission before collecting children information ○ Do-not-track online act of 2011 - to have an opt-in capability FTC FIP principles ○ Used as guide line to drive changes in privacy legislation ○ Notice/ awareness (core principle): websites must disclose practices before collecting data ○ Choice/ consent (core principle): consumers must be able to choose how information is used for secondary purposes ○ Access/ participation: consumers must be able to review, contest accuracy of personal data ○ Security: data collectors must take steps to ensure accuracy, security of personal data ○ Enforcement: must be mechanism to enforce FIP principles General data protection regulation (GDPR): the most important privacy legislation in the last 20 years since the FTC’s fair information practices principles Applies to all firms and organizations that collect, store or process personal information of EU citizens Use of data requires informed consent of customer ○ Informed consent: consent given with knowledge of all the facts needed to make a rational decision EU member nations cannot transfer personal data to countries without similar privacy protection Stricter enforcements under considerations ○ Right of access ○ Right to be forgotten Safe harbor framework ○ A private, self-regulating policy and enforcement mechanism that meets the objectives government regulators and legislation but does not involve government regulation or enforcement ○ Businesses would be allowed to use personal data from EU countries if they develop privacy protection policies that meet EU standards. Enforcement would occur in the united states (or canada) suing self policing, regulation, and government enforcement of fair trade statues Intellectual property ○ intangible/ tangible property of any kind created by individuals or corporations Three main ways that intellectual property is protected ○ Trade secret: intellectual work or product belonging to busine

ITM 100 Final Notes PDF

Document Details

Tags

Related

Summary

Full Transcript

Upgrade to continue