Transcript Technology

Final Exam Review
Intro to Managing IT
Information Technology’s Impact on
Business Operations
Figure 1.2 (source CIO Magazine)
Q: What may explain that only 17% of the Info Security effectiveness depend on Technology?
3
PTP
 Information Security involves people, technology, and
policies/procedures
 People




Employees/users
Customers, suppliers
Guests, and unauthorized users
Etc.
 Technology




Antivirus
Firewalls
Intrusion detection systems
Computers, application software, OS, etc.
 Policies/Procedures




Work procedures
Fair-use policy
Password, login policy
Etc.
4
IS as PTP
Every information system has the following
key components:
 People
 Technology
 Procedures
Technology:
Hardware
Software
Databases
Networks
5
IT & Competitive Advantage
COMPETITIVE ADVANTAGE
To survive and thrive an organization must
have a competitive advantage
 a strategic advantage one business has over its
rivals within its competitive industry.
 an attribute (or combination of attributes)
acquired or developed by a business allowing it to
outperform its competitors.
 Examples:
—distinctive product that customers place a greater value in
—Unique service that stands out
—Access to rare natural resources
—highly skilled workers, etc.
7
GAINING COMPETITIVE ADVANTAGE
Organizations watch their competition through
environmental scanning
 e.i., the acquisition and analysis of events and trends in the
environment external to an organization
Socrates Technology-based Competitive Strategy
system (1983-1990)
SWOT analysis – Strengths, Weaknesses, Opportunities,
Threats (Stanford Research Institute 1960-70)
Porter’s Five-Force Model
 Porter, M.E. (1979) How Competitive Forces Shape Strategy,
Harvard business Review, March/April 1979
 Porter, Michael (1985) Competitive Advantage, Free Press,
New York.
8
PORTER’S FIVE FORCES MODEL
Threat of New Entrants
 Entry barriers
- Customers’ switching cost
- Capital Requirements
- Access to distribution channels
- Economies of scale
 Industry Growth rate
Suppliers Power
 Suppliers concentration
 Cost of switching supplier
 Substitute inputs
 Threat of forward integration
Rivalry
# of competitors &
industry concentration
Buyers volume
Market growth
Exit barriers
Buyers’ switching cost
Buyers Power
 Buyers’ switching Cost
 Buyers concentration
 Threat of backward integration
 Threat of forward integration
 Buyers volume
Threat of Substitutes
 Relative quantity of substitutes
 Relative price of substitutes
 Buyers’ switching cost
9
Generic Competitive Strategies
Three basic strategies for pursuing
competitive advantage
 Cost leadership
– Exploiting all sources of cost advantage while
complying with industry norms
 Differentiation
– Offering unique and distinctive product/service
through innovation
 Focus
– Targeting segments (niche markets) and exploiting the
under-performance of broad competitors in the
segments through cost leadership or differentiation
A good business strategy has to be sustainable for the long term and unique
10
Diffusion of Innovations
Rogers, E. M. (2003). Diffusion of innovations (5th edition). New York, NY: Free Press
 5 qualities for innovations’ spread
- Relative advantage (economic advantage,
prestige, convenience, etc.)
-
Compatibility with values, practices, etc.
Simplicity & ease of use
Trialability
Observability (visible results)
11
Adopters segments
Innovations’ adopters can be broken into 5 segments
Adopter
category
Definition
First individuals to adopt an innovation. Innovators are willing to take risks, often have great financial liquidity,
Innovators
and have closest contact to scientific sources and interaction with other innovators. Risk tolerance has them
adopting technologies which may ultimately fail.
This group appreciates and recognize the value brought on by new ideas and technologies and are willing to
Early adopters suffer an inconvenience of failing. They are not idea generators but rely on intuition to make decisions. They
trust their gut.
This group is more practically minded although slightly comfortable with new ideas and technologies. However,
Early Majority
they will not try a new product until someone has tried it first.
This group is also practically minded. Practical factors matter more and will not try something until someone
Late Majority
else has tried it first.
This group usually only accepts new technologies or ideas because they have no other options. These are the
Laggards
people who are using touch-phones because rotary phones are no longer available. Laggards typically tend to
be focused on "traditions“.
12
Info. Systems in Organizations
Decision Making
IS & Hierarchical Organizational structure
• .
14
Administrative Information Systems
• Transaction Processing Systems (TPS)
– Basic business system that serves the operational level
(including analysts) in organizations
– Capture & process data generated during day-to-day activities
• Office Automation Systems (OAS)
– Systems designed to help office workers in doing their job.
• Decision Support Systems (DSS)
– Systems designed to support middle managers and business
professionals during the decision-making process
• Executive Information Systems (EIS) or Executive
Support Systems (ESS)
– Specialized DSS that help senior level executives make decisions.
• GDSS: computer-based systems that facilitate solving
of unstructured problems by set of decision makers
15
Decision Making process
Simon’s decision-making process model




Intelligence
Design
Choice
(Implementation)
Simon, H. (1955), A Behavioral Model of Rational Choice, Quarterly Journal of Economics, vol. 69, 99–188
Newell, A., and Simon, H. A. (1972). Human problem solving Englewood Cliffs, Prentice-Hall, New Jersey.
16
Intelligence Phase
 Scan the environment for
a problem.
 Determine if problem is
real, important enough,
solvable
 Determine if problem
within their scope of
influence?
 Fully define the problem
by gathering more
information.
Data source
Scan Environment for
problem to be solved
or decision to be made
Problem ?
No
Organizational
IS & external
data
END
Yes
Problem within
scope of influence?
No
END
Yes
Gather more information
about the problem
Internal &
External
data
17
Design Phase
Develop a model
of the problem.
 Determine type of
model.
Verify model.
Develop and
analyze potential
solutions.
Develop a model of
problem to be solved
Verify that the
model is accurate
Develop potential
solutions
18
Choice Phase
Evaluate solutions and select the solution
to implement.
 More detailed analysis of selected solution
might be needed.
 Verify initial conditions.
 Analyze proposed solution against real-world
constraints.
19
DSS structure
Systems designed to help middle
managers make decisions
Major components
– Data management subsystem
• Internal and external data sources
– Analysis subsystem
User
Interface
Analysis
- Sensitivity Analysis
- What-if Analysis
- Goal-seeking Analysis
-Data-driven tools
-> Data mining
-> OLAP*
• Typically mathematical in nature
– User interface
• How the people interact with the DSS
• Data visualization is the key
– Text
– Graphs
– Charts
Data Management
-
Transactional Data
Data warehouse
Business partners data
Economic data
20
* OLAP: OnLine Analytical Processing
DSS Analysis Tools
Simulation is used to examine proposed solutions
and their impact
– Sensitivity analysis
– Determine how changes in one part of the model influence other
parts of the model
– What-if analysis
– Manipulate variables to see what would happen in given scenarios
– Goal-seeking analysis
– Work backward from desired outcome
Determine monthly payment given various
interest rates.
21to
Works backward from a given monthly payment
determine various loans that would give that payment.
Executive Information Systems
 Specialized DSS that supports senior level
executives within the organization
 Most EISs offer the following capabilities:
 Consolidation – involves the aggregation of
information and features simple roll-ups to complex
groupings of interrelated information
 Drill-down – enables users to get details, and
details of details, of information
 Slice-and-dice – looks at information from different
perspectives
 Digital dashboards are common features
22
Database & Data Warehouse
Basic Concepts in Data Management
 A Primary key could be a single field like in these tables
Primary key
AccountID
Customer
Type
Balance
660001
John Smith
Checking
$120.00
660002
Linda Martin
Saving
$9450.00
660003
Paul Graham
Checking
$3400.00
 Primary key could be a composite key, i.e. multiple fields
24
Traditional File Systems
Early attempt to computerize manual filling system
System of files that store groups of records used by
a particular software application
Simple but with a cost
– Inability to share data
– Inadequate security
– Difficulties in maintenance and expansion
– Allows data duplication (e.g. redundancy)
Application 1
Application 2
Program 1
Program 2
Program 1
Program 2
File 1
File 1
File 1
File 1
File 2
File 2
File 2
File 2
File 3
File 3
File 3
File 3
25
Traditional File System Anomalies
Insertion anomaly
– Data needs to be entered more than once if
located in multiple file systems
Modification anomaly
– Redundant data in separate file systems
– Inconsistent data in your system
Deletion anomaly
– Failure to simultaneously delete all copies of
redundant data
– Deletion of critical data
26
DBMS Functions
Create database structure (tables,
relationships, schema, etc.)
Transform data into information (reports, ..)
Provide user with different logical views of
actual database content
Provide security: password authentication, access control
– DBMSs control who can add, view, change, or
delete data in the database
Physical view
ID Name Amt
01 John 23.00
02 Linda 3.00
03 Paul 53.00
Logical views
ID
02
Name
Paul
Name
Linda
Amt
53.00
ID Name Amt
01 John 23.00
02 Linda 3.00
27
DBMS Functions (cont.)
Allowing multi-user access with control
– Control concurrency of access to data
– Prevent one user from accessing data that
has not been completely updated
• When selling tickets online, Ticketmaster allows
you to hold a ticket for only 2 minutes to make your
purchase decision, then the ticket is released to
sell to someone else – that is concurrency control
28
Data Warehouse
A logical collection of information gathered
from many different operational databases
Supports business analysis activities and
decision-making tasks
The primary purpose of a data warehouse
is to aggregate information throughout an
organization into a single repository for
decision-making purposes
29
Data Warehouse Fundamentals
 Many organizations need internal, external, current, and
historical data
 Data Warehouse are designed to, typically, store and
manage data from operational transaction systems,
Web site transactions, external sources, etc.
30
Multidimensional Analysis
 Data mining – the process of analyzing data to extract
information not offered by the raw data alone
 Data-mining tools use a variety of techniques (fuzzylogic, neural networks, intelligent agents) in order to
 find patterns and relationships in large volumes of data
 and infer rules that predict future behavior and guide decision
making
 Other analytical tools: query tools, statistical tools, etc.
used to
 Analyze data, determine relationships, and test hypotheses
about the data
31
Data Warehouse Fundamentals
 Extraction, transformation, and loading (ETL) – a process that extracts
information from internal and external databases, transforms the information
using a common set of enterprise definitions, and loads the information into
a data warehouse.
Information Cleansing or Scrubbing
Organizations must maintain high-quality
data in the data warehouse
Information cleansing or scrubbing
– a process that weeds out and fixes or
discards inconsistent, incorrect, or incomplete
information
– first, occurs during ETL. Then, when the data
is in the Data Warehouse using Information
cleansing or scrubbing tools.
33
Networking & Telecom
Why Networking ?
•
Resource sharing
– Sharing hardware (printers, processors, etc.)
– Sharing software (programs, data files)
•
High reliability
– Can set automatic backup of programs and data at
different locations
– Fault tolerance (if one server is down, others can provide
service. If a disk fails, data available through mirror or
RAID-3 disks)
•
Possible cost savings
•
Communication tool
– Internal email service
– Remote Access service
35
Network scope
• Local area network (LAN): computer network
where the nodes are all in close proximity
spanning a room, building, or campus
• Metropolitan area network (MAN): network that
serves an area of 3 to 30 miles - approximately
the area of a typical city.
• Wide area network (WAN): a large network that
encompasses parts of states, multiple states,
countries, and the world
36
Wireless transmission media
Infrared light
 Has many of the same characteristics as
visible light
 Travels in straight lines
 Cannot penetrate solid objects
Radio waves
 Travel in straight lines
 Can penetrate through nonmetallic objects
 Can travel long distances
37
Protocols
•
An agreed upon set of rules that govern
communication in a network
•
All computers on a network must use same
protocol for effective communication
•
Example of protocols:
•
•
•
Ethernet (for communication in a LAN)
Token Ring (for communication in a LAN)
TCP/IP suite (for communication in a LAN and the Internet)
Computer 1
Rules for Task 1
Rules for Task 2
Rules for Task 3
Rules for Task 4
Rules for Task 5
Computer 2
Rules for Task 1
Rules for Task 2
Rules for Task 3
Rules for Task 4
Rules for Task 5
Network Topologies
• The configurations of network components
– How physically the network looks like
– How logically data is transferred on the network
• Types of network topologies:
– Bus
– Star
– Ring
39
Bus Network Topology
• Most simple network topology
• All devices connected to a common central
cable called a “bus”
• Inexpensive
• If cable fails, the entire network will shut
down
40
Star Network Topology
• Centered around
central device called
a hub or a switch
• All network nodes
connect to the
hub/switch
• Easy to install and
update
• If hub fails, network
fails
41
Ring Topology
• Node connected to a
logical ring in a central
device called MAU
• More reliable than bus or
star
– Only one node sends at a
time (no collisions)
• Expensive and limited
speed
42
Networks communication models
and operation
• Define how the processing takes place on
the network
• Define the roles of each participating
computer
• Two primary models:
– Client-server
– Peer-to-peer (P2P)
43
Client-server model
• Computers are either clients or servers
• Clients use services
• Servers provide services
– File service
– E-mail service
– Printing service
– Database service
– Etc.
• Client software on client node cooperates
with server software on server node
– The WWW is the largest client/server network 44
Peer-to-Peer network
•
•
•
•
No dedicated server
Computer are equal (peers)
Computers can all receive and provide service
Multiple P2P models over the years
– Pure P2P
– P2P Viral network
– P2P with index server
45
Pure P2P network
•
•
•
Each computer must have the appropriate type of protocol & software for interaction
with others
Each computer must have a network connection to others
Each computer can connect to any participating computer to get service (e.g.
download files)
• What can be the major issues associated with P2P networks?
46
Pure P2P viral network
Init or
search msg
Init or
search msg
Client 2
Client 3
Client 1
Note: Response to Init and
Seach msg not shown
Client 5
Client 4
•
•
•
•
•
Client connects to another client, which connects to several others, and so forth
When client first connects, it sends initiation msg to introduce itself via viral
networking
Searches sent by a client are also passed to others through viral networking
When file is found, actual file downloads are done using direct (not viral)
communication
Companies offering P2P viral networking service, put in place super clients that are
always on with permanent IP addresses
47
Information Security & Privacy
TCP/IP-based Communications
• Requesting a web page from eiu.edu:
http://www.eiu.edu
Computer 1 (User PC)
Get index.php in default folder from eiu.edu
Web browser
Formatting Prg. 010100100010000010001000100100010010
From: 123.12.2.1:1234
To: 139.67.14.54:80
Packet Creator
010100100010000…….
Signal Generator
Transmission media
Computer 2 (web server)
49
TCP/IP Packet
• TCP/IP Packets or computer messages have two
parts:
– Communications protocols
– Actual message to be delivered
Source IP Address: 123.12.2.1
Source Program: Web Browser 1234
Destination IP Address: 139.67.14.54
Destination Program: Server Program 80
Formatting scheme: ASCII
Get index.php
From: server eiu.edu
Location: Home directory
Message to be delivered
Protocols tell the receiving computer:
- Sender’s ID
- How to read the message
50
Test Your TCP/IP knowledge
•
You have received an email from a potential business
partner who pretends to be overseas. Which of the
following could help determine the location of the
computer he/she used to send the message?
a) Check the domain name that appears after @ in the sender’s email
address
b) The destination IP address
c) The Source IP address that appears in the communication protocols’
part of the email
From: [email protected]
To: [email protected]
Subject: meeting
____________________
Hi,
I couldn’t make it to the meeting because I am overseas in business.
51
• Scanning
Attack strategy
– Ping messages (To know if a potential target exist, is connected to the
network, and is responsive)
– Supervisory messages (To know if victim available)
– Tracert, Traceroute (to know about the route that leads to target)
– Check the Internet (e.g. www.cert.org) for latest systems vulnerabilities
• Password Guessing
– Trying different usernames and passwords in an attempt to “break” a
password and gain an unauthorized access.
• Password Guessing, Dictionary attack, Brute Force attack
– Guessing passwords and stealing password file and using password cracking
tools to break the password
• Use Social engineering strategy to get other information
– By tricking employees to provide passwords, keys and other info. over the
telephone
– By phishing i.e. misleading people to provide confidential info through
52
emails, fake websites, etc.
Test Your Attacks Strategy Knowledge
•
An attacker is preparing an attack. He got the IP address of a
potential target. Which of the following could he use in
order to determine whether or not the potential target exist,
is connected to the network, and is maybe responsive?
a)
b)
c)
d)
•
Do some scanning using the connected command
Use the tracert command
Do some scanning by sending ping messages to the target computer
None of the above
Which of the following has more chance of succeeding?
a)
An attack launched by a hacker using a computer that is not part of
the target corporate network.
b) An attack launched by a hacker using a computer that is part of the
target corporate network.
c) a and b have the same chance of succeeding
53
Major security threats
• Denial of Service (DoS) attacks
• The attacker makes a target (usually a server) crash in
order to deny service to legitimate users
• Content attack / Malware attack
• Sending messages with illicit or malicious content
• System intrusion
• Getting unauthorized access to a network
54
Content attacks / Malware attacks
• Incoming messages with:
– Malicious content (or malware)
• Viruses (infect files on a single computer)
• Worms (Propagate across system by themselves)
• Trojan horses (programs that appear to be benign, but do
damage or take control of a target computer)
– Illicit content
• Pornography
• Sexually or racially harassing e-mails
• Spams (unsolicited commercial e-mails)
Q: Besides through emails, how can a computer system be a victim of a
virus, worm, or Trojan horse attack?
55
Trojan horse
• A computer program
– That appears as a useful program like a game, a
screen saver, etc.
– But, is really a program designed to do damage or to
open the door for a hacker to take control of the
host computer
• When executed, a Trojan horse could
– Format disks
– Delete files
– Allow a remote computer to take control of the host
computer. This kind of Trojan is called Back Door.
• NetBus and SubSeven used to be attackers’
favorite programs for target remote control
56
Review Questions
•
What is a type of malware that spreads itself, not just from file
to file, but also from computer to computer?
a)
b)
c)
d)
•
Computer virus
Worm
Trojan horse
None of the above
What is a malware that opens a way into the network for
future attacks?
a)
b)
c)
d)
Open Door
Worm
Back Door
Trojan horse
57