1.

DEFINITION AND CONCEPT OF INFORMATION SYSTEMS

Data Item - Raw facts
Information - Data organized so that they have meaning and value to the recipient.
Knowledge - Data and/or information organized and processed to convey
understanding
Information Technology Architecture - A high-level map or plan of the
information assets in an organization, which guides current operations and is a blueprint
for future directions
Information Technology Infrastructure - The physical facilities, IT components,
IT services and IT management that support an entire organization.

2. THREATS OF WIRELESS NETWORKS, INFORMATION SECURITY AND

MECHANISMS USED TO PROTECT INFORMATION SYSTEMS STAGES OF
GLOBALIZATION (page 81)
Security -degree of protection against criminal activity, danger, damage and/or loss
Information security - processes and policies designed to protect an organizations
information systems (IS) from unauthorized access, use, disclosure, disruption,
modification or destruction.
Threat - any danger to which a system may be exposed
Exposure - harm, loss, or damage that can result if a threat compromises that
resources
Vulnerability - possibility system will be harmed by a threat connected,
interdependent, wireless networked

5 KEY FACTORS ARE CONTRIBUTING INCREASING VULNERABILITY OF

ORGANIZATIONAL INFORMATION RESOURCES:
Todays interconnected, interdependent, wirelessly networked business
environment
Smaller, faster, cheaper computers and storage devices
Decreasing skills necessary to be a computer hacker
International organized crime taking over cybercrime
Lack or management concept

TYPES OF THREATS TO IS
Unintentional acts
Human errors
Deviations in quality of service by service providers (e.g., utilities)
Environmental hazards (e.g., dirt, dust, humidity)
Tailgating
Shoulder surfing
Carelessness with laptops and portable computing devices
Opening questionable e-mails
Careless Internet surfing
Poor password selection and use
Social engineering
is an attack where the attacker uses social skills to trick a legitimate
employee into providing confidential company information such as passwords.
is a typically unintentional human error on the part of an employee, but it is
the result of a deliberate action on the part of an attacker.
Natural disasters
Technical failures
Management failures
Deliberate acts
Espionage or trespass - Competitive intelligence consists of legal
information-gathering techniques. Industrial espionage crosses the legal
boundary.
 Information extortion - when an attacker either threatens to steal, or
actually steal information from a company- demands payment for not
stealing/returning/disclose information
Sabotage or vandalism - involve defacing an organizations website,
possibly causing the organization to lose its image and loss customers
confidence
Theft of equipment or information - larger problem because computing
devices and storage devices are becoming smaller , valuable to steal
ID theft - deliberate assumption of another person ID, to gain financial
information for a crime
Compromises to intellectual property
Intellectual property. Property created by individuals or corporations
who are protected under trade secret, patent, and copyright laws.
Trade secret. Intellectual work, such as a business plan, that is a
company secret and is not based on public information.
Patent. Document that grants the holder exclusive rights on an invention
or process for 20 years.
Copyright. Statutory grant that provides creators of intellectual property
with ownership of the property for life of the creator plus 70 years.
Piracy. Copying a software program without making payment to the
owner.
Software attacks
(1) Remote Attk Requiring User Action
Virus - is a segment of computer code that performs malicious
actions by attaching to another computer program
Worm - is a segment of computer code that spreads by itself and
performs malicious actions without requiring another computer program
Phishing attacks
Use deception to acquire sensitive personal information by
masquerading as official-looking e-mails or instant messages.
The phishing slideshow presents a nice demonstration of how
phishing works.
The phishing quiz presents a variety of e-mails. You must decide
either legitimate or phishing attempts.
The phishing examples show actual phishing attempts.
(2) Remote Attk Needing No User Action
Denial of Service Attack
Distributed denial-of-service attacks the attacker first takes over
many computers. These computers are called zombies or bots.
Together, these bots form a botnet.
(3) Attack by programmer developing a system
Trojan horse is a software program that hides in other computer
programs and reveal its designed behavior only when it is activated. A
typical behavior is to capture your sensitive information and send them to
the creator of the trojan horse
Back Door / trap door- a password known only to the attacker,
allow to access computer system without security procedures
Logic Bomb is a segment of computer code that is embedded
within an organizations existing computer programs and is designed to
activate and perform a destructive action at certain time and date
Alien Software
Clandestine software that is installed on your computer through
duplicitous methods
Adware - software causes pop-up advertisement on screen
Spyware - collects personal information about users without their
consent. Two types of spyware are keystroke loggers (keyloggers) and screen
 scrapers. Keystroke loggers record your keystrokes and your Web
browsing history. Screen scrapers record a continuous movie of what you
do on a screen.
Spamware - is alien software that is designed to use your computer as a
launchpad for spammers. Spam is unsolicited e-mail.
Cookies - are small amounts of information that Web sites store on your
computer.
Supervisory control and data acquisition (SCADA) attacks
A supervisory control and data acquisition (SCADA) system is a
large-scale, distributed, measurement and control system.
SCADA systems are the link between the electronic world and the
physical world.

3. PROTECTING INFORMATION RESOURCES

Information Security Control
(1) Physical controls physical protection of computer facilities and resources. Prevent
unauthorized individuals access to companys facilities. Examples; walls, doors, fencing,
gates, locks, badges, guards and alarm systems
(2) Access controls restrictions of unauthorized user access to computer resources :
use biometrics and passwords controls for user identification
Authentication
Determine which actions, rights or privileges the person has based on his
verified identity
Something the user is (biometrics)
Video on biometrics
The latest biometric: gait recognition
The Raytheon Personal Identification Device
Something the user has eg ID, smart card
Something the user does eg. Voice, signature
Something the user knows
passwords
passphrases
Authorization permission issued to individuals and group to do certain activities
with information resources, based on verified identity
Privilege is a collection of related computer system operations that can
be performed by users of the system
Least privilege is a principle that users be granted the privilege for some
activity only if there is a justifiable need to grant this authorization
(3) Communications (network) controls to protect the movement of data across
networks and include border security controls, authentication and authorization
Firewalls system that enforces access-control policy between two networks
An organizational firewall has the following components:
external firewall facing the Internet
a demilitarized zone (DMZ) located between the two firewalls; the DMZ
contains company servers that typically handle Web page requests and e-
mail.
an internal firewall that faces the company network

Anti-malware systems (also called antivirus software) are software packages

that attempt to identify and eliminate viruses, worms, other malicious software.
Whitelisting (is a process in which a company identifies the software that it will
allow to run and does not try to recognize malware) and Blacklisting (is a process in
which a company allows all software to run unless it is on the blacklist)
Encryption process of converting an original message into a form that cannot
 be read by anyone except the intended receiver
Virtual private networking is a private network that uses a public network
(usually the Internet) to connect users
Secure Socket Layer (SSL) (now transport layer security) is an encryption
standard used for secure transactions such as credit card purchases and online
banking
Employee monitoring systems monitor employees computers, email
activities and internet surfing activities
Intrusion detection systems are designed to detect all types of malicious
network traffic and computer usage that cannot be detected by a firewall
Vulnerability management systems (security on demand) extend the security
perimeter that exists for the organizations managed devices , to unmanaged,
remote devices

(4) Business continuity planning

Hot Site is fully configured computer facility, with all services, communications
links and physical plant operations.
Warm Site provides many of the same services and options of the hot site, but it
typically does not include the actual applications the company runs
Cold Site provides only rudimentary services and facilities and so does not supply
computer hardware or user workstations

(5) Information systems auditing

Information systems auditing is an independent or unbiased observers task to
ensure that information systems work properly
Audit is an examination of information systems, their inputs, outputs and
processing
Types of Auditors and Audits
Internal performed by corporate internal auditors
External reviews internal audit as well as the inputs, processing and outputs
of information systems

(6) Application controls protect specific applications

4. MICHAEL PORTER'S COMPETITIVE FORCES MODEL

Companies uses Porters model to develop strategies to increase their competitive

edge.
The model demonstrates how IT can make a company more competitive.
Porters model identifies 5 major forces that could either endanger or enhance a
company in a given industry.
The internet has changed the nature of competition and overall impact to increase
competition.
5. CONCEPTS AND CHARACTERISTICS OF DATA WAREHOUSING
or enterprise data warehouse (DW, DWH, or EDW) is a database used for
reporting and data analysis.
Is a repository of historical data organized by subject to support decision makers
in the organization.
Data warehouses are organized by business dimension or subject.
Data warehouses are multidimensional.
Data warehouses are historical that can be used for identifying trends, forecasting
and making comparisons over time.
Data warehouses use online analytical processing.
OnLine Analytical Processing (OLAP) involves the analysis of accumulated
data by end users (usually in a data warehouse)
OnLine Transaction Processing (OLTP) typically involves a database, where
data from business transactions are processed online as soon as they occur.

E-COMMERCE
7. LEGAL ISSUES PERTAINING TO E-COMMERCE
Ethical Issues
Privacy - ecommerce provides opportunities for businesses and employers to
track individual activities on the WWW using cookies or special spyware. This allows
private/personal information to be tracked, compiled, and stored as an individual
profile. This profile can be used or sold to other businesses for target marketing or by
employees to aide in personnel management decisions (i.e., promotions, raises,
layoffs).
Disintermediation - middlemen or intermediaries (1) provide information, and
(2) perform value-added services such as consulting. The first function can be fully
automated, and the second can be partially automated through e-marketplaces and
portals for free thereby causing job loss among intermediaries.
Legal Issues
Fraud on the Internet eg. Stocks, investment, business opportunities, auctions
Domain Names problems with competition
Domain Tasting is a practice of registrants using the 5-day grace period at the
beginning of a domain registration to profit from pay-per-click ad.
Cybersquatting refers to practice of registering domain names solely for the
purpose of selling them later at higher price
Taxes and other Fees when and where (whether) electronic sellers should pay
business license taxes, franchise fees, gross-receipts taxes, excise taxes etc.
Copyright protecting intellectual property in EC and enforcing copyright laws is
extremely difficult

MAJOR E-COMMERCE MECHANISMS

Auctions - Is a competitive process in which either a seller solicits consecutive bids
from buyers or a buyer solicits consecutive bids from sellers . Types of auctions :
Forward Auctions - Use sellers use this auction as a channel to many potential
buyers.
Reverse Auctions - One buyer, usually an organization wants to buy a product
or service. The buyer posts a request for quotation (RFQ) on web sit. The RFQ
contains detailed information on the desired purchase. Suppliers study the RFQ and
summit bids, and the lowest bid wins the auction
8. TYPES OF WIRELESS MEDIA COMMONLY
Microwave transmission
Transmit data via electromagnetic waves. Used for high volume, long distance,
LOS communication
Advantage - high bandwidth and relatively inexpensive
Disadvantage - must have unobstructed LOS and susceptible to environmental
inteference
Satellite transmission
Use communication satellite. 3 types of satellite Geostationary (GEO), Medium
Earth Orbit (MEO) and Low Earth Orbit (LEO). Receive and transmit data via LOS
Example: GPS
Advantage - high bandwidth and large coverage area
Disadvantage - expensive, must have unobstructed LOS, signals experience
propagation delay and must use encryption for security
Radio transmission
Use radio wave frequencies to send data directly between transmitter and
receiver
Advantage - high bandwidth, signals pass through walls, inexpensive and easy to
install
Disadvantage - creates electrical interference problems, susceptible to snooping
unless encryted
Infrared
Red light usually not visible to human eyes.
 Example : remote control for TV,VCD
Advantage - low to medium bandwidth, short distance
Disadvantage - must have unobstructed LOS

10. ETHICAL ISSUES IN INFORMATION TECHNOLOGY

Ethics a branch of philosophy that deals with what is considered to be right
and wrong
Code of Ethics is a collection of principles that are intended to guide
decision making by members of an organization
Fundamental Tenets of Ethics
Responsibility means that you accept the consequences of your decisions
and actions
Accountability means a determination of who is responsible for actions that
were taken
Liability is a legal meaning that individuals have the right to recover the
damages done to them by other individuals, organization or systems
The Four Categories of Ethical Issues
Privacy Issues involve collecting, storing and disseminating information
about individuals
Accuracy Issues involve the authenticity, fidelity and accuracy of
information that is collected and processed
Property Issues involve the ownership and value of information
Accessibility Issues revolve around who should have access to information
and whether they should have to pay for this access

13. DEFINE PERVASIVE COMPUTING AND DESCRIBE TWO

TECHNOLOGIES UNDERLYING THIS TECHNOLOGY(P217)
a. Also called ubiquitous computing means that virtually every object has
processing power with wireless or wired connections to a global network
b. Is invisible everywhere computing that is embedded in the objects
around us-the floor, the lights, our cars, washing machine, cell phones, our
clothes
c. For example in a smart home, your home computer, television, lighting and
heating controls, home security system
d. Two technologies provide pervasive computing
(1) Radio Frequency Identification (RFID)- wireless technology that
allows manufacturers to attach tags with antennas and computer chips to
goods and then track their movement through radio signals
(2) Wireless Sensor Networks (WSNs) - networks of interconnected,
battery powered, wireless sensors placed in the physical environment