Monday, December 19, 2016

Chapter 10

WHAT IS THE GOAL OF IS SECURITY?
Threat: a person or org that seeks to obtain or alter data or other IS assets illegally, without the owner’s permission and often without the owner’s knowledge.
1.Hacker wants to steal your bank login credentials
2.Employee posts sensitive data to public google+ group
Vulnerability: an opportunity for threats to gain access to individual or organization assets.
1.Hacker creates a phising site nearly identical to your online banking site
2. Public access to not-secure group
Safeguard: some measure that individuals or org take to block the threat from obtaining the asset.
1. Only access sites using httpd
2. Passwords procedures employees training

Result: No loss, loss of login credentials, loss of sensitive data

Explanation: 1. ineffective safeguard, 2. ineffective safeguard

Target: the asset that is desired by the threat.
SOURCES OF THREATS
Sources of threats:  human error, computer crime, natural events and disasters.
WHAT TYPES OF SECURITY LOSS EXISTS?
Types of security loss:
-unauthorized data disclosure: Pretexting> occurs when someone deceives by pretending to be some1 else. Phising> a similar technique for obtaining unauthorized data that uses pretexting via email. Phisher> pretends to be legit company and sends an email requesting confidential data. Spoofing> someone pretending to be someone else. Sniffing> a technique for intercepting computer communication.

-incorrect data modification: incorrectly increasing a customer’s discount or incorrectly modifying an employee’s salary, earned days of vacation, or annual bonus. Procedure incorrectly designed or not followed. Placing incorrect data on company website. Cause improper internal controls on systems, system errors, and faulty recovery actions after a disaster.
-Faulty service: problems that result because of of incorrect system operation.
-Incorrect data modification
-Systems working incorrectly
-Procedural mistakes
-Programming errors
-IT installation errors
-Denial of service (unintentional)
-Denial of service (intentional)
-Usurpation: occurs when computer criminals invade a computer system and replace legit programs with their own, unauthorized ones that shut down legit apps and substitute their own processing to spy, steal, and manipulate, or achieve other purposes.
-denial of service: humans can inadvertently shut down a web server or corporate gateway router by starting a computationally intensive apps.

Loss of infrastructure: bulldozer cutting a conduit of fiber-optic cables and a floor buffer crashing into a rack of web servers. Humans accident, theft and terrorist events, disgruntled or terminated employee, natural disasters
-Advanced persistent threat (APT): long running computer hack that is perpetrated by large, well-funded org such as government

-Intrusion detection system (IDS): a computer program that senses when another computer is attempting to scan or access a computer network.
-Brute force attack: the password cracker tried every possible combo of chars. Can crack 6 char pass in about 5 min.
-cookies: small files that browser receives when you visit web sites
-technical safeguards: involve the hardware and software components of an information system.
-smart card: plastic card similar to credit card.
- Biometric authentication: personal physical characteristics such as fingerprints, facial features, and retinal scans to authenticate users.
-Encryption: process of transforming clear text into coded, unintelligible text for secure storage or communication.
-Key: a string of bits used to encrypt the data.

-symmetric encryption: the same key is used to encode and to decode.
-Asymmetric encryption: two keys are used; one key encodes the message, and the other to decodes the message. Symmetric encryption is simpler and much faster than asymmetric encryption.
-Secure sockets layer or transport layer security: uses a combo of public key  encryption and symmetric encryption.
-Firewalls: a computing device that prevents unauthorized network access.
-Perimeter firewall: sits outside the org network> first device that internet traffic encounters
-Internal firewalls: inside the org network
-Packet filtering firewall: exams each part of a message and determines whether to let that part pass.
MALWARE PROTECTION
-Virus: a computer program that replicates itself. Unchecked replication is computed cancer.
-Payload: can delete programs or data or even worse, modify data in undetected ways.
-Trojan horses: viruses that masquerade as useful programs or files.
-Worm: a virus that self propagates using the internet or other computer network. Spread faster than viruses because they can replicate itself.
-Spyware: programs are installed on the user’s computer without the user’s knowledge or permission. <key loggers: malicious spyware
-Adware: similar to spyware in that it is installed without the user’s permission and resides in the background and observes user behavior. Most are benign.
Ransomware: malicious software that blocks access a system or data until money is paid to the attacker.
MALWARE SAFEGUARDS:
  1. Install antivirus and antispyware programs on your computer
  2. Set up your antimalware programs to scan your computer frequently
  3. Update malware definition.
  4. Open emails attachments only from known sources
  5. Promptly install software updates from legit sources.
  6. Browse only reputable web sites.
Design for secure app:
SQL injection attack: occurs when users enter a SQL statement into a form in which they are supposed to enter a name or other data.
Key escrow: safety procedures to have a copy of encryption key
SECURITY SAFEGUARDS AND THE 5 COMPONENTS
Technical safeguards: ID and authorization encryption firewalls malware protection apps design. (Hardware and software)
Data safeguards: data rights and responsibility, passwords, encryption backup and recovery, physical security. (data)

human safeguards: ( people and procedure ) result when authorized users follow appropriate procedures for system use and careful user account management. Positive> job tasks and responsibility. EX> no individual should should be allowed to both approve expenses and write checks
Human safeguards for non-employees: temporary personnel, vendors, partner personnel, and the public. Require vendors and partners to perform appropriate screening and security training. Contact specifies security responsibility. Provide accts and pass with least privilege and remove accts asap.


PUBLIC USERS: websites and other openly accessible IS
Hardening: special versions of operating system, lock down or eliminate operating systems features and functions not required by apps. Protect such users from internal company security problems. sites means to take great measures to reduce a system’s vulnerability.
SECURITY MONITORING
-Employ utilities to assess vulnerabilities
-Honeypots: false targets for computer criminals to attack.
-Investigate security incidents
-Constantly monitor to determine adequacy of existing policy and safeguards.

PRISM: the intelligence program by which the national security agency requested and received data about internet activities from major internet providers.
Privacy: freedom from being observed by other people
Security: state of being free from danger.
GOAL OF IS SECURITY: find appropriate trade-off between risk of loss and cost of implementing safeguards. Protective actions ( use antivirus software delete browser cookies, make appropriate tradeoffs to protect yourself and your business.
ACCOUNT ADMINISTRATION:
-Account management: standards for new user acc, modification of account permissions, removal of unneeded accts.
-Pass management: users change pass frequently
-Help desk policies: provide means of authenticating users.
SYSTEM PROCEDURES:
-normal  op: system users> use the system to perform job tasks, with security app to sensitivity. Op personnel> operate data center equip manage networks, run WEB server and do related op task
-Backup :system users> prepare for loss of system functionality. Op personnel> back up web sites resources, databases, admin data, acct and pass data, and other data.
-Recovery: system users> accomplish job tasks during failure. Know tasks to do during system recovery. Op personnel> recovers systems from backed up data. Perform role of help desk during recovery

Chapter 9

BUSINESS INTELLIGENCE SYSTEM: information system that process operational, social and other data to identify patterns, relationships, and trends for use by business professionals and other knowledge workers.
Project management>problem solving> deciding> informing
USES FOR BI:
-identify changes in purchasing patterns ( important life events change what customers buy), -entertainment (netflix has data watching,listening, and rental habits)
-predictive policing ( analyze data on past crimes - location,date, time, day of week, type of crime,and related data.)
JUST IN TIME MEDICAL REPORTING:
-example of real time data mining and reporting
-injection notif services (software analyzes patient’s record, if injections needed, recommends as exam progresses
-blurry edge of medical ethics.
WHAT ARE THE 3 PRIMARY ACT PROCESS?
Decision support systems: a synonym for decision making BI systems.
Data sources: op databases, social data, purchased data, employee knowledge.
-Data acquisition: the process of obtaining, cleaning, organizing, cataloging source
*extracted order data> query (Sales, Units, Part) customer name, contact title, bill year, number orders, units, rev, ect)
-Perform analysis: reporting, data mining, big data, knowledge, management
-Publish results: print, web servers, reports servers, automation
Push: delivers business intel to users without any request from users
Pull: requires users to request BI results


BI analysis: The process of creating business intelligence
Data broker or data agggegator: acquires and purchases consumer and other data from public records, retailers, internet cookie vendors, social media trackers,and other sources.
HOW DO ORG USE DATA WAREHOUSE AND DATA MARTS TO ACQUIRE DATA
-Data warehouse: a facility for managing an organization’s BI data . Function: obtain data, cleanse data, organize and relate data, catalog data
Granularity: level of detail represented by the data


HOW DO ORG USE REPORTING APP?
-Create meaningful info from disparate data sources, deliver info to user on time
-a BI app that input data from one or more sources and applies -reporting operations to that data to produce business intelligence.
-sorting, filtering, grouping, calculating, formatting
RECENTLY FREQUENTLY MONEY: ANALYSIS


RFM: a technique readily implemented with basic reporting operations, is used to analyze and rank customers according to their purchasing patterns.


-Online analytical process (OLAP): a second type of reporting application, is more generic than RFM. OLAP provides the ability to sum, count, average, and perform other simple arithmetic  
-Operation on groups of data. OLAP report has measures and dimensions.
Measure: the data item of interest. Ex: total sales, average sales, average costs
Dimension: char. Of a measure. Ex: purchase date, customer type, customer location, and sales region are all examples of dimensions.
-Drill down in the data: further divide the data into more details.
-Data mining: the app of statistics techniques to find patterns and relationship among data for classification and prediction.
UNSUPERVISED DATA MINING:
-No prior hypothesis or model
-finding obtained sole by data analysis
-hypothesized model created to explain patterns found.
EX: Cluster analysis: unsupervised technique. Find  groups of similar customers from customer order and demographic data.


SUPERVISED DATA MINING
-data miners develop a model prior to analysis and apply statistical techniques to data to estimate parameters of the model.
-Regression analysis: measure the effect of a set variables on another variable
-EX: cellphone weekend minutes (12+cus age) (NUm monthsof acc)


-Neutral networks: another popular supervised data mining app used to predict values and make classification such as good prospect or poor prospect.


MARKET BASKET ANALYSIS: Identify the following:
-an unsupervised data mining technique for determining sales patterns.
-sales pattern in large volume of data
-what products cus tend to buy together
-computes probability of purchases
-cross selling opp


Cross- selling: in marketing transaction, customers who buy product X also buy product Y creates a cross sell opportunity.
Support: probability that two items will be purchased together.
Confidence: conditional probability


DECISION TREE
-a hierarchical arrangement of criteria that predict a classification or a value.
-Unsupervised data mining technique.
-Basic idea
-Create decision rules


Big data: describe data collections that are characterized by huge volume, rapid velocity, and great variety.
Mapreduce: a technique for harnessing the power of thousands of computers working in parallel.
KNOWLEDGE MANAGEMENT (KM):
-process of creating value from intellectual capital and sharing that knowledge with employees, managers, suppliers, customers, and others who need that capital.
-Benefits: improve process quality, increase team strength, goals: enable employees to use org collective knowledge


EXPERT SYSTEM: rule based systems that encode human knowledge in form of IF then rules. Ex: if patient SEX=’Male’ THEN add 3 to cardiacriskfactor
-challenge: difficult and expensive to develop, difficult to maintain, don’t live up to expectations.
Expert systems shell: program that process a set of rules.

CONTENT MANAGEMENT SYSTEMS (CMS): IS that support the management and delivery of documents including reports.
Challenges: huge databases, dynamic content, documents refer to one another perishable contents, in many languages
Alternatives: In house custom development, off the shelf, public search engine.
HOW DO HYPER SOCIAL ORG MANAGE KNOWLEDGE?
Hyper-social knowledge management: the app of social media and related app for the management and delivery of org knowledge resources.
Hyper- org theory: framework for understanding KM, focus shift from knowledge and content to foster authentic relationship among knowledge creators


Rich directory: an employee directory that includes not only the standard name, email, phone, and address but also org structure and expertise.
Static report: BI docs that are fixed at the time of creation and do not change
Dynamic reports: BI documents that are updated at the time they are requested.

Chapter 8

WHAT IS SOCIAL MEDIA IS (SMIS)
-Social media: the use of info tech to support the sharing of content among networks of users
-Social media info system: an important system that supports the sharing of content among networks of users
3 SMIS ROLES
-Communities of practice: groups of people related by a common interest.
-Social media providers: provide platforms that enable the creation of social networks, or social relationship among people with common interests. The growth of SM over the past few years has been tremendous.FB, GOOGLE PLUS, IG, ECT
-Users: both individuals and organizations that use SM sites to build social relationships,
Virtual hook: inducement such as prize or reward for passing communication along through the tiers.

5 SMIS COMPONENTS: hardware, software, data, procedures, people.

HOW DO SMIS ADVANCE ORG STRATEGY
-strategy determined value chains: value chains determine bus processes, >determine SMIS requirements
-how do value chains determine dynamic processes? Dynamic process flows cannot be designed or diagrammed.
-SM fundamentally changes balance of power among users, communities, and org.
Content data: data and response to data that are contributed by users
Connection data: data about relationship

SOCIAL MEDIA AND THE SALES AND MARKETING ACTIVITY
-Social CRM: a dynamic, SM based CRM process
-customer craft own relationship> wikis, blogs, discussion lists frequently, asked question
-customer search content, contribute review and commentary, ask questions, create user group.
-Not centered on customer lifetime values.
SM AND INBOUND AND OUTBOUND LOGISTICS
-Benefits: numerous solution ideas and rapid evaluation of them, better solutions to complex supply chain problems, facilitates user created content and feedback among network needed for problem solving.
-Loss of privacy: open discussion of problems definitions, causes, and solutions constraints, problem solving in front of your competitors.
SM AND MANUF AND OPERATIONS
f returns in the market place. Adds value in four ways:

-info: provide opportunities and alternatives, problems and other factors important to business professionals. On a personal level, this could come in the form of a friend telling you about a new job posting or the best teacher to take for business law.
-influence: provide opportunity to influence decision makers at your employer or in other org who are critical to your success. Playing golf with CEO every sat can increase your chance of getting promotion.
-social credentials: being linked to a network of highly regarded contacts is a form of social credential.
-personal reinforcement: reinforces a professional's identity,image, and position in an org or industry. For example being friends with bankers, financial planners, and investors may reinforce your  identity as a financial professional.

-Value of social capital: determined by the number of relationships in a social networks
Strengths of a relationship: the likelihood that the other entity in the relationship will do something that benefits the organization. Strong relationship if you write positive reviews about it.
-If you’re not paying, you are the product
Use increases value: the more people use a site, the more value it has, the more people will visit.
Freemium: revenue model offers users a basic service for free and then charges premium for upgrades or advanced features.

Porter’s model: define your goals>identify success metrics>identify target audience>define your value> make personal connections> gather and analyze data.
Key performance indicators (KPI): measurements used to track perf

COMMON SM STRATEGIC GOALS
-Brand awareness: extent that users recognize a brand. Ex: org’s brand mentioned in a tweet
-Conversion rates: measures the frequency that someone takes a desired action. Ex: likes the org’s fb page
-Web site traffic: quantity, frequency, duration, and depth of visits to a web site. Ex: traffic from google+ post mentioning the org’s site
-User engagement: Extend to which users interact with a site, app, or other media. Ex: user regular comments on org’s linkedln posts.

-Vanity metrics: metrics that don’t improve your decision making
-Bounce rate: the % if people who visit your web site then immediately leave
-Competitive analysis: identify weakness and strengths in your competitor's use of SM

ENTERPRISE SOCIAL NETWORK (ESN): a software platform that uses social media to facilitate cooperative work of people within an org. IMPROVE COMMUNICATION COLLABORATION, PROBLEM SOLVING

SM PLAN DEVELOPMENT
Define your goals>identify success metric>identify target audience> define your value>make personal connection>gather and analyze data.

-Communication channels: means of delivering messages
-Best practices: methods that have been shown to produce successful results in prior implementations.
-Social media policy: a statement that delineates employees’ rights and responsibility.

THE 3 KEY PILLARS:  of Intel’s policy in 2015 are: disclose, protect, use common sense.

MANAGING RISK OF INAPPROPRIATE CONTENT
-User-generated content ( UGC) : content on your SM site that is contributed by users is the essence of SM relationships.
The major sources of UGC problems are: junk and crackpot contribution, inappropriate content, unfavorable reviews, mutinous movements.
INTERNAL RISKS OF SM
-threats to info security increased org liability, decreased employee productivity.
-directly affect ability to secure info resources
-leaked info Ex: tell ppl your bday
-increase corporate liability