Introduction to management of Information Technologies

Download Report

Transcript Introduction to management of Information Technologies

Exam 2 Review
June 9, 2014
Info. Systems in Organizations
Decision Making
IS & Hierarchical Organizational structure
• .
3
Administrative Information Systems
• Transaction Processing Systems (TPS)
– Basic business system that serves the operational level
(including analysts) in organizations
– Capture & process data generated during day-to-day activities
• Office Automation Systems (OAS)
– Systems designed to help office workers in doing their job.
• Decision Support Systems (DSS)
– Systems designed to support middle managers and business
professionals during the decision-making process
• Executive Information Systems (EIS) or Executive
Support Systems (ESS)
– Specialized DSS that help senior level executives make decisions.
• GDSS: computer-based systems that facilitate solving
of unstructured problems by set of decision makers
4
Organization & IS: another view
Types of Information Systems:
Top
Management
Office
workers
Office
workers
- Transaction Processing Systems
- Office Automation Systems
- Knowledge Worker Systems
- Management Information Systems
- Decision Support Systems
- Executive Information Systems
Middle Management
Office
workers
Knowledge
workers
Questions
Office
workers
Lower Management
Operational workers
Q: What kind of IS are designed to provide help for decision makers?
5
Decision Making process
Simon’s decision-making process model




Intelligence
Design
Choice
(Implementation)
Herbert Simon (1955), A Behavioral Model of Rational Choice, Quarterly Journal of Economics, vol. 69, 99–188
Newell, A., and Simon, H. A. (1972). Human problem solving Englewood Cliffs, Prentice-Hall, New Jersey.
6
Intelligence Phase
• Scan the environment for
a problem.
• Determine if decisionmaker can solve the
problem.
– Within their scope of
influence?
• Fully define the problem
by gathering more
information about the
problem.
Data source
Scan Environment for
problem to be solved
or decision to be made
Problem ?
No
Organizational
IS
END
Yes
Problem within
scope of influence?
No
END
Yes
Gather more information
about the problem
Internal &
External
data
7
Design Phase
• Develop a model of
the problem.
– Determine type of
model.
• Verify model.
• Develop and
analyze potential
solutions.
Develop a model of
problem to be solved
Verify that the
model is accurate
Develop potential
solutions
8
Choice Phase
• Select the solution to implement.
– More detailed analysis of selected solutions
might be needed.
– Verify initial conditions.
– Analyze proposed solution against real-world
constraints.
Questions
9
DSS structure
Systems designed to help middle
managers make decisions
Major components
– Data management subsystem
• Internal and external data sources
– Analysis subsystem
User
Interface
Analysis
- Sensitivity Analysis
- What-if Analysis
- Goal-seeking Analysis
-Data-driven tools
-> Data mining
-> OLAP*
• Typically mathematical in nature
– User interface
• How the people interact with the DSS
• Data visualization is the key
– Text
– Graphs
– Charts
Data Management
-
Transactional Data
Data warehouse
Business partners data
Economic data
10
* OLAP: OnLine Analytical Processing
DSS Analysis Tools
Simulation is used to examine proposed solutions
and their impact
– Sensitivity analysis
– Determine how changes in one part of the model influence other
parts of the model
– What-if analysis
– Manipulate variables to see what would happen in given scenarios
– Goal-seeking analysis
– Work backward from desired outcome
Determine monthly payment given various
interest rates.
11to
Works backward from a given monthly payment
determine various loans that would give that payment.
Executive Information Systems
 Specialized DSS that supports senior level
executives within the organization
 Most EISs offer the following capabilities:
 Consolidation – involves the aggregation of
information and features simple roll-ups to complex
groupings of interrelated information
 Drill-down – enables users to get details, and
details of details, of information
 Slice-and-dice – looks at information from different
perspectives
 Digital dashboards are common features
12
Artificial Intelligence (AI) systems
Common categories of AI systems:
1. Expert system – computerized advisory programs that
imitate the reasoning processes of experts in solving
difficult problems
2. Neural Network – attempts to emulate the way the human
brain works
–
–
Analyses large quantities of info to establish patterns and
characteristics in situations where logic or rules are unknown
Uses Fuzzy logic – a mathematical method of handling imprecise or
subjective information
3. Genetic algorithm – an artificial intelligent system that
mimics the evolutionary, survival-of-the-fittest process to
generate increasingly better solutions to a problem
4. Intelligent agent – special-purposed knowledge-based
information system that accomplishes specific tasks on
behalf of its users
13
Expert Systems
Artificial Intelligence systems that codify human
expertise in a computer system
– Main goal is to transfer knowledge from one person to
another
– Wide range of subject areas
• Medical diagnosis
• Computer purchasing
– Knowledge engineer elicits the expertise from the expert
and encodes it in the expert system
14
Expert Systems Components
 Knowledge base: database of the expertise, often in IF THEN rules.
 Inference engine: derives recommendations from knowledge base and problem-specific
data
 User interface: controls the dialog between the user and the system
 Explanation system: Explain the how and why of recommendations
User
Domain
Expert
Expertise
Knowledge
Engineer
Encoded
expertise
Knowledge
base
Example of rules
User
Interface
Inference
Engine
Explanation
System
System
Engineer
IF
family is albatross AND
color is white
THEN
bird is laysan albatross.
IF
family is albatross AND
color is dark
THEN
bird is black footed albatross
- Knowledge engineer codify the human expert’s expertise into the systems’
knowledge base.
- System engineer is the IT professional who develop the user interface, the
inference engine, and the explanation system.
15
Database & Data Warehouse
Basic Concepts of Database systems
Accounts table
AccountID
Customer
Type
Balance
660001
John Smith
Checking
$120.00
660002
Linda Martin
Saving
$9450.00
660003
Paul Graham
Checking
$3400.00
Each table has:



Fields
Records
1 Primary key
 Table
– Two-dimensional structure composed of rows and columns
 Field
– Like a column in a spreadsheet
 Field name
– Like a column name in a spreadsheet
– Examples: AccountID, Customer, Type, Balance
 Field values
– Actual data for the field
 Record
– Set of fields that describe an entity (a person, an account, etc.)
 Primary key
– A field, or group of fields, that uniquely identifies a record
17
Basic Concepts in Data Management
 A Primary key could be a single field like in these tables
Primary key
AccountID
Customer
Type
Balance
660001
John Smith
Checking
$120.00
660002
Linda Martin
Saving
$9450.00
660003
Paul Graham
Checking
$3400.00
 Primary key could be a composite key, i.e. multiple fields
18
Traditional File Systems
System of files that store groups of records
used by a particular software application
Simple but with a cost
– Inability to share data
– Inadequate security
– Difficulties in maintenance and expansion
– Allows data duplication (e.g. redundancy)
Application 1
Application 2
Program 1
Program 2
Program 1
Program 2
File 1
File 1
File 1
File 1
File 2
File 2
File 2
File 2
File 3
File 3
File 3
File 3
19
Traditional File System Anomalies
Insertion anomaly
– Data needs to be entered more than once if
located in multiple file systems
Modification anomaly
– Redundant data in separate file systems
– Inconsistent data in your system
Deletion anomaly
– Failure to simultaneously delete all copies of
redundant data
– Deletion of critical data
20
Database Advantages
Database advantages from a business
perspective include
– Ease of data insertion
• Example: can insert a new address once; and the address is
updated in all forms, reports, etc.
– Increased flexibility
• Handling changes quickly and easily
– Increased scalability and performance
• Scalability: how the DB can adapt to increased demand
– Reduced information redundancy & inconsistency
– Increased information integrity (quality)
• Can’t delete a record if related info is used in other container
– Increased information security
Desktop
Types of DBMSs
Server / Enterprise
Desktop
Handheld
– Designed to run on desktop computers
– Used by individuals or small businesses
– Requires little or no formal training
– Does not have all the capabilities of larger
DBMSs
– Examples: Microsoft Access, FileMaker
22
Types of DBMSs
(Cont.)
Server / Enterprise
– Designed for managing larger and complex databases
by large organizations
– Typically operate in a client/server setup
– Either centralized or distributed
• Centralized – all data on one server
– Easy to maintain
– Prone to run slowly when many simultaneous users
– No access if the one server goes down
• Distributed – each location has part of the database
– Very complex database administration
– Usually faster than centralized
– If one server crashes, others can still continue to operate.
– Examples: Oracle Enterprise, DB2, Microsoft SQL
Server
23
Types of DBMSs (Cont.)
Handheld
– Designed to run on handheld devices
– Less complex and have less capabilities than
Desktop or Server DBMSs
– Example: Oracle Database Lite, IBM’s DB2
Everywhere.
24
DBMS Functions
Create database structure (tables,
relationships, schema, etc.)
Transform data into information (reports, ..)
Provide user with different logical views of
actual database content
Provide security: password authentication, access control
– DBMSs control who can add, view, change, or
delete data in the database
Physical view
ID Name Amt
01 John 23.00
02 Linda 3.00
03 Paul 53.00
Logical views
ID
02
Name
Paul
Name
Linda
Amt
53.00
ID Name Amt
01 John 23.00
02 Linda 3.00
25
DBMS Functions (cont.)
Allowing multi-user access with control
– Control concurrency of access to data
– Prevent one user from accessing data that
has not been completely updated
• When selling tickets online, Ticketmaster allows
you to hold a ticket for only 2 minutes to make your
purchase decision, then the ticket is released to
sell to someone else – that is concurrency control
26
Database Models
Database model = a representation of the
relationship between structures (e.g. tables) in a
database
Common database models
– Flat file model
– Relational model (the most common, today)
– Object-oriented database model
27
Flat File Database model
Stores data in basic table structures
 No relationship between tables
 Used on PDAs for address book

28
Relational Database Model
 Multiple two-dimensional tables related by common fields
 Uses controlled redundancy to create fields that provide
linkage relationships between tables in the database
– These fields are called foreign keys – the secret to a
relational database
– A foreign key is a field, or group of fields, in one table
that is the primary key of another table
 Handles One-to-Many and One-to-One
relationships
29
Object-Oriented Database model
Needed for multimedia applications that
manage images, voice, videos, graphics,
etc.
Used in conjunction with Object-oriented
programming languages
Slower compared to relational DBMS for
processing large volume of transactions
Hybrid object-relational Databases are
emerging
30
Data Warehouse
A logical collection of information gathered
from many different operational databases
Supports business analysis activities and
decision-making tasks
The primary purpose of a data warehouse
is to aggregate information throughout an
organization into a single repository for
decision-making purposes
31
Data Warehouse Fundamentals
 Many organizations need internal, external, current, and
historical data
 Data Warehouse are designed to, typically, store and
manage data from operational transaction systems,
Web site transactions, external sources, etc.
32
Multidimensional Analysis
 Data mining – the process of analyzing data to extract
information not offered by the raw data alone
 Data-mining tools use a variety of techniques (fuzzylogic, neural networks, intelligent agents) in order to
 find patterns and relationships in large volumes of data
 and infer rules that predict future behavior and guide decision
making
 Other analytical tools: query tools, statistical tools, etc.
used to
 Analyze data, determine relationships, and test hypotheses
about the data
33
Data Warehouse Fundamentals
 Extraction, transformation, and loading (ETL) – a process that extracts
information from internal and external databases, transforms the information
using a common set of enterprise definitions, and loads the information into
a data warehouse.
Information Cleansing or Scrubbing
Organizations must maintain high-quality
data in the data warehouse
Information cleansing or scrubbing
– a process that weeds out and fixes or
discards inconsistent, incorrect, or incomplete
information
– first, occurs during ETL. Then, when the data
is in the Data Warehouse using Information
cleansing or scrubbing tools.
35
Data Mart
Subset of data warehouses that is highly
focused and isolated for a specific population of
users
Example: Marketing data mart, Sales data mart,
etc.
36
Database vs. Data Warehouse
Databases contain information in a series
of two-dimensional tables
In a Data Warehouse and data mart,
information is multidimensional, it contains
layers of columns and rows
Total annual sales
of TV in U.S.A.
Date
2Qtr 3Qtr
4Qtr
sum
U.S.A
Canada
Mexico
sum
37
Country
TV
PC
VCR
sum
1Qtr
Networking & Telecom
Why Networking ?
•
Resource sharing
– Sharing hardware (printers, processors, etc.)
– Sharing software (programs, data files)
•
High reliability
– Can set automatic backup of programs and data at
different locations
– Fault tolerance (if one server is down, others can provide
service. If a disk fails, data available through mirror or
RAID-3 disks)
•
Possible cost savings
•
Communication tool
– Internal email service
– Remote Access service
39
Computer Network
Once connected to the network,
the computer (or another device)
becomes a network node
• An interconnection of computers and
computing equipment using either wires
or wireless transmission media over small
or large geographical distances.
DEF
GHI
“Connect to GHI”
ABC
JKL
MNO
40
Network scope
• Local area network (LAN): computer network
where the nodes are all in close proximity
spanning a room, building, or campus
• Metropolitan area network (MAN): network that
serves an area of 3 to 30 miles - approximately
the area of a typical city.
• Wide area network (WAN): a large network that
encompasses parts of states, multiple states,
countries, and the world
41
Physical
Transmission Media
• Physical media
Wireless
– Transmission media used to physically connect nodes
to the network
– Transmits electrical or optical signals
– Could be copper wire or fiber optic cable
42
Transmission Media (Continued)
• Twisted Pair
Category
Use
Signal
Data rate
Distance
Problem
Category 1
Telephone
Analog/Digital
<100Kbps
3-4 miles
Security, noise
Category 2
T1, ISDN
Digital
<2 Mbps
3-4 miles
Security, noise
Category 3
LANs
Digital
10 Mbps
100 m
Security, noise
Category 4
LANs
Digital
20 Mbps
100 m
Security, noise
Category 5
LANs
Digital
100 Mhz
100 m
Security, noise
Category 6
LANs
Digital
250 Mhz
100 m
Security, noise
Category 7
LANs
Digital
600 Mhz
100 m
Security, noise
• Fiber optic
–
–
–
–
Source
Thin glass fibers surrounded by coating
Uses laser or light for data transmission
Very fast (10+ Gbps, 100 miles without any repeater)
Very secure
Photo diode
(LED or LD)
Photo receptor
Fiber optic cable (LED or LD)
Destination
43
Wireless transmission media
• Infrared light
– Has many of the same characteristics as
visible light
– Travels in straight lines
– Cannot penetrate solid objects
• Radio waves
– Travel in straight lines
– Can penetrate through nonmetallic objects
– Can travel long distances
44
Wireless Media issues
•
•
•
Use electromagnetic waves or electromagnetic radiation for data
transmission
Propagation through space, and indirectly, through solid objects
Many problems:
Electromagnetic
Interference (EMI) from
Other stations,
Microwave ovens, etc
Radio waves tend to bounce
off objects. Receiver can
receive 2 or more signals.
Thick objects can block the direct
path. So, Receiver will be in a
Shadow zone where it cannot well
receive.
Shadow
Zone
Multipath
Interference
Laptop
Comm.
Tower
Insecure:
Easier to
“intercept”
messages
+ Much more attenuation: Inverse Square law
45
Computing Equipment
• Network interface card (NIC): Device that
– provides a computer with unique address
– Converts data into signal for transmission
• Hub / Switch: Central collection point for
transmission media that interconnect computers
• Modem
– Converts digital data into analog signal and back again
• Router
– special hardware that determines optimal routing path
for data packets
– Usually used to connect a LAN to a WAN
• Bridge
– Forwards messages between LANs
46
Hub operation
1.
Station A transmits
to the Hub
2.
Hub broadcasts
to all stations
(Except sending station)
Station C must wait,
or its signal will
collide with Station A's
signal
Station
A
Station
B
Station
C
Station
A
Station
B
Station
C
Hubs split available bandwidth among computers, i.e. with a 100 Mbps hub, the network
speed will be 100 Mbps / n (where n is the number of computers)
Active hubs include repeater capabilities for regenerating signals.
Passive hubs don't regenerate signals. Limited to a 30meter distance apart from computers.
Switch operation
Switch
Switching table
MAC Address
A1-44-D55-1F-AA-4C
B2-CD-13-5B-E4-65
C3-2D-55-3B-A9-4F
;
1 2 3 4 5 6
Switch Sends
Signal out a
Single Port
Station A
Transmits
to Station C
Station
A
Port
1 (Station A)
2 (Station B)
5 (Station C)
;
Station B
Transmits
Simultaneously
Station to Station D
B
Station
C
Station
D
Switches send out a single port: destination port.
Most switches can efficiently handle simultaneous transmissions
Switches provide a full bandwidth to all connected computers.
Network Software
• Network operating system
– Used on servers
– Used for managing network resources
– Examples: Novell NetWare, Windows Server
2008
• Workstation operating system
– Used on client PCs
– Used to manage local resources & access
network resources
• Network monitoring software
– Packet sniffers – allow seeing data as it moves
over network
– Keystroke monitors – allow seeing what users 49
Protocols
•
An agreed upon set of rules that govern
communication in a network
•
All computers on a network must use same
protocol for effective communication
•
Example of protocols:
•
•
•
Ethernet (for communication in a LAN)
Token Ring (for communication in a LAN)
TCP/IP suite (for communication in a LAN and the Internet)
Computer 1
Rules for Task 1
Rules for Task 2
Rules for Task 3
Rules for Task 4
Rules for Task 5
Computer 2
Rules for Task 1
Rules for Task 2
Rules for Task 3
Rules for Task 4
Rules for Task 5
Network Topologies
• The configurations of network components
– How physically the network looks like
– How logically data is transferred on the network
• Types of network topologies:
– Bus
– Star
– Ring
51
Bus Network Topology
• Most simple network topology
• All devices connected to a common central
cable called a “bus”
• Inexpensive
• If cable fails, the entire network will shut
down
52
Star Network Topology
• Centered around
central device called
a hub or a switch
• All network nodes
connect to the
hub/switch
• Easy to install and
update
• If hub fails, network
fails
53
Ring Topology
• Node connected to a
logical ring in a central
device called MAU
• More reliable than bus or
star
– Only one node sends at a
time (no collisions)
• Expensive and limited
speed
54
Network Architectures/Models
• Defines how the
processing takes
place on the network
• Two primary models
– Client-server
– Peer-to-peer (P2P)
55
Client-server model
• Nodes are either clients or servers
• Clients use services
• Servers provide services
– File service
– E-mail service
– Printing service
– Database service
• Client software on client node cooperates
with server software on server node
– The WWW is the largest client server
application
56
Peer-to-Peer model
• All nodes on the network are equal.
• Any node can be both a client and a server.
57
Security & Privacy
TCP/IP Packet
• TCP/IP Packets or computer messages have
two parts:
– Communications protocols
– Actual message to be delivered
Source IP Address: 123.12.2.1
Source Program: Web Browser 1234
Destination IP Address: 139.67.14.54
Destination Program: Server Program 80
Formatting scheme: ASCII
Get index.php
From: server eiu.edu
Location: Home directory
Message to be delivered
Protocols tell the receiving computer:
- Sender’s ID
- How to read the message
59
Received: from hotmail.com (bay103-f21.bay103.hotmail.com [65.54.174.31])
by barracuda1.eiu.edu (Spam Firewall) with ESMTP id B10BA1F52DC
for <[email protected]>; Wed, 18 Feb 2009 18:14:59 -0600 (CST)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
Wed, 18 Feb 2009 16:14:58 -0800
Message-ID: <[email protected]>
Received: from 65.54.174.200 by by103fd.bay103.hotmail.msn.com with HTTP;
Thu, 19 Feb 2009 00:14:58 GMT
X-Originating-IP: [192.30.202.14]
X-Originating-Email: [[email protected]]
X-Sender: [email protected]
In-Reply-To: <10E30E5174081747AF9452F4411465410C5BB560@excma01.cmamdm.enterprise.corp>
X-PH: V4.4@ux1
From: <[email protected]>
To: [email protected]
X-ASG-Orig-Subj: RE: FW: Same cell#
Subject: RE: FW: Same cell#
Date: Thu, 19 Feb 2009 00:14:58 +0000
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
X-OriginalArrivalTime: 19 Feb 2009 00:14:58.0614 (UTC) FILETIME=[DCA31D60:01C62D0D]
X-Virus-Scanned: by Barracuda Spam Firewall at eiu.edu
X-Barracuda-Spam-Score: 0.00
Hi,
I just wanted to let you know that I have received the packet you sent.
60
Attack strategy
• Scanning
– Ping messages (To know if a potential target exist, is connected to
the network, and is responsive)
– Supervisory messages (To know if victim available)
– Tracert, Traceroute (to know about the route that leads to target)
– Check the Internet (e.g. www.cert.org) for latest systems
vulnerabilities
• Use Brute Force attack or Dictionary attack
– Trying different usernames and passwords in an attempt to
“break” a password and gain an unauthorized access.
• Use Social engineering strategy to get other
information
• By tricking employees to provide passwords, keys and other info.
over the telephone
• By phishing i.e. misleading people to provide confidential info 61
through emails, fake websites, etc.
Major security threats
• Denial of Service (DoS) attacks
• The attacker makes a target (usually a server)
crash in order to deny service to legitimate users
• Content attack
• Sending messages with illicit or malicious content
• System intrusion
• Getting unauthorized access to a network
62
Single message attacks: Ping of
Death
• Ping of Death attacks take advantage of
– Some operating systems’ inability to handle packets
larger than 65 536 bytes
• Attacker sends request messages that are larger
than 65,536 bytes (i.e. oversized packets)
• Most operating systems have been fixed to
prevent this type of attack from occurring.
– But attacks occurred recently on Win Server 2003
systems
63
Defense against DoS attacks
• Most DoS attack messages
– Include protocol settings with fake IP
addresses or program numbers that do not
match the type of message
Program number not
consistent with the message
supposed to be delivered.
Spoofing: using fake
source IP address
Source IP Address: 10.1.2.1
Source Program: Web Browser 1234
Destination IP Address: 139.67.14.54
Destination Program: Server Program 80
Formatting scheme: ASCII
Get index.php
From: server eiu.edu
Location: Home directory
Defense systems for protecting against DoS attacks are
designed to check messages’ protocols part for fake or
inconsistent settings. Could be Packet
Firewalls
64
Content attacks
• Incoming messages with:
– Malicious content (or malware)
• Viruses (infect files on a single computer)
• Worms (Propagate across system by themselves)
• Trojan horses (programs that appear to be benign, but do
damage or take control of a target computer)
– Illicit content
• Pornography
• Sexually or racially harassing e-mails
• Spams (unsolicited commercial e-mails)
Q: Besides through emails, how can a computer system be a victim of a
virus, worm, or Trojan horse attack?
65
Trojan horse
• A computer program
– That appears as a useful program like a game,
a screen saver, etc.
– But, is really a program designed to do damage
or to open the door for a hacker to take control
of the host computer
• When executed, a Trojan horse could
– Format disks
– Delete files
– Allow a remote computer to take control of the
host computer. This kind of Trojan is called
Back Door.
• NetBus and SubSeven used to be attackers’
66
favorite programs for target remote control
Open Mail Server
• Most content attack messages are sent through Open Mail
Servers
– Improperly configured Mail Servers that accept fake outgoing
email addresses)
Protocol Part
Message
Protection against content attacks
• Antivirus controls
– PC-based antivirus control
– Network antivirus control
• Application Firewalls
– Catch every incoming message to check for illicit
content in the Message part
– If illicit content detected, message is blocked
Checked Message
Legitimate Message
Illicit Message
Attacker
Application
Firewall
Target
68
System Intrusion
• System intrusion: Gaining unauthorized access to a
computer system by an intruder
• A hacker is an intruder who breaks into a computer
system without authorization.
• [supposedly] Not causing damage
• [supposedly] Not stealing information
• A cracker is an intruder who breaks into a computer
system to cause damage and/or to steal information
• Script kiddies are young people with little programming
skills who use publicly available software to breach into
systems
See Hacker vs Cracker controversy at
http://en.wikipedia.org/wiki/Hacker_definition_controversy#Hacker_definition_controversy
69