Professional Documents
Culture Documents
It Notes Cattolica
It Notes Cattolica
It Notes Cattolica
– We need to adapt and to learn just in time and not just in case
• The proliferation of mobile devices such as smart phones, tablets, and iPads are all around
us and affect every dimensions of our daily life.
• Changes in technology enables new organizational forms, new ways of working and
socializing
- People can complete their “working tasks” everywhere they have a cellphone signal
1
– The effect on work-life balance (work ‘smarter’ not harder)
– “This “ASAP culture” is thriving throughout the business world and imposing a
sense of immediacy and urgency on account of the instantaneous nature of
communications. This phenomenon is only compounded by the pressure imposed by
social media, where immediate responses are required all the time” (Garo, 2019)
- Employees demand devices that support both work and leisure time
1.Internet of things
A broad range of physical objects that can automatically share data over the Internet. In
2008 more devices were connected than there were people living on the Earth.
As the number of devices connected to the Internet grows, Internet of things tends to
become the Internet of everything, where any devices’ functionally is enhanced through
connectivity and intelligence.
2.Social Media
Most people use social media, companies also. Companies control the power of the crowd
by using social media to get people to participate in innovation and other activities.
Organisations also use social media to encourage employees’ collaboration.
3.Mobile devices
Thanks to the mobile devices we can say that we are living in the post PC era.
The main implications of Mobile Devices are:
- Consumerization of IT (Businesses use more and more of the same tech)
-Bring your own device (BYOD) to work is a major concern
-Security concerns
Also new costumers can be reached through mobile apps.
4.Cloud Computing
Web technologies enable using the Internet as the platform for applications and data.
Applications that used to be installed on individual computers are increasingly kept in the
cloud f.e. Google Docs, Gmail….
Can enable advanced analytics of massive amounts of Big Data.
5.Big Data
Big Data are typically described as extremely large and complex datasets, which are
characterized as being of high volume, variety (i.e., many different types of data), and
velocity (i.e., the data are being collected and analysed at ever-increasing rates).
Transformations of our social and work interactions encourage increase of Big Data.
2
+Artificial intelligence
+blockchain
INFORMATION SYSTEMS
IS = Combination of people and IT that create, collect, process, store, distribute data.
Information systems use information technology to collect, create, and distribute useful
data. They are made of data, people, organisations, and information technology.
Systems
3
Careers in Information Systems
• Examples of Careers in IS
– Systems analyst
– Systems programmer
– Systems operators
– Network administrators
– Database administrators
– IS audit
Ethical concerns are related to information privacy and intellectual property. A code of
ethical conduct can safeguard organizations’ private data and employees’ information.
The Digital Divide
4
-To gain access to world-class capabilities.
INNOVATIONS
Valuing Innovations
Example of MC Donalds
McDonald’s example
• In 1975 a group of potential McDonald's customers had a problem: They were soldiers
and, at that time, soldiers where they were located weren't permitted to get out of their
cars while wearing their fatigues
• After learning of this problem, McDonald's came up with an INNOVATIVE SOLUTION: add a
drive-thru.
• The first McDonald's drive-thru was located near military base Fort Huachuca in Sierra
Vista, Arizona to serve the soldiers there. Additional drive-thru locations in Georgia and
Oklahoma City soon followed. What followed is known.
• McDonald's became the leader in the fast food industry with their strong focus on
customer service, response to competition, and use of marketing techniques early on in
their development.
Types of innovation
• Product Innovation
– relates to a) either a completely new product (i.e. bitcoin currency) or b) a new
feature in an existing product (i.e. the introduction of camera features in a mobile
phone) or c) the enhancement of an existing product feature (i.e. higher resolution
version of the camera
– It is most often a result of new technology or new insights about customer need
• Process innovation
5
– Relates to how a product or service is produced or delivered to the client. It can be
a combination of methods, capabilities and technologies to produce, market, deliver
and support a product or provide a service.
– Examples: automated assembly line for car manufacturing, automated AI-based
chatbots to provide intelligent 24/7 support to their clients
• Organizational and Business Model Innovation
– More holistic and organization-wide transformation
– Relates to the ability to experiment with the way organizations operate their business
changing their existing business model
Radical innovation, aka disruptive innovation, use a markedly new or different technology to
access new costumer segment and greater benefits.
Successful innovation is often difficult
There are limits of using information system to gain or sustain a competitive advantage.
Information systems are often bought from or built by someone else. The information
systems are usually not proprietary technologies owned by the organisation.
4. Innovation is often fleeting (the space of change is fast and smart rivals quickly adopt any
advantage)
5. Innovation is often risky (competitive technologies result is a winner and loser)
6. Innovation choices are often difficult (it is difficult to predict which opportunities will
lead to success)
Wheeler (2002) has summarized this process as the disruptive innovation cycle = the model
holds that the key to success for modern organizations is the extent to which they use
information technologies and systems in timely, innovative ways. The vertical dimension
shows the extent to which an organization derives value from a particular information
technology and the horizontal shows time.
6
Matching technologies to opportunities
The organization matches the most promising
new technologies with current economic opportunities.
Executing business innovation for growth
It represents the process of selecting, among
myriad opportunities to take advantage of, those emerging technologies that have biggest
potential to address the current opportunities
Assessing value
The process of assessing the value of that use of technology, not only to
customers but also to internal clients
Everett Rogers theorised in his book “the diffusion of innovations” that the adoption of
innovations usually follows an S-shaped curve. When an innovation is brought to market,
initially only a small group “innovators” will adopt that innovation. After some time, sales pick
up as the innovators are followed by the “early adopters” and the increase in sales is
strongest. Then sales slowly level off when the “late majority” starts adopting the innovation.
Finally, sales stay level as only the “laggards” are left to adopt the innovation.
A business model is a summary of business strategic direction that shows how objectives
will be achieved. It describes how company try to create, organise and capture values.
It is related to the questions like What does a company do, How they reach, keep and grow
costumers, What are the costs?…
A Sharing Economy is defined as “an economic system in which assets or services are shared
between private individuals, free or for fee, typically by means of the Internet.
A revenue model describes how the firm will earn revenue, generate profits and produce
superior return on invested capital;
7
Affiliate marketing-paying businesses that bring or refer costumers to another business.
Revenue sharing is typically used (Amazon)
Advertising
Subscription-users pay a monthly or yearly fee for the use of the product ( Netflix)
This actually describes how information systems can be used for automation, organisational
learning and strategic advantage.
8
-Operational Level (Operational Employees, Foremen, Supervisors)
Who: Foremen and Supervisors
What: Automate routine and repetitive activities
Why: improve organisational efficiency
A functional area represents a discrete area of an organisation that focus on specific set of
activities. These organisational functional areas are designed to support the unique business
processes of specific functional area.
When you develop information system across organisational levels and functions there are 3
general ways of information system that provide values:
It helps to complete task faster, cheaper and more efficiently. Also, it helps costumer f.e. to
complete applications online, rather than manually. For example to complete and submit
some applications at home it takes 1.5 days, while online it takes only 15 minutes.
At operational level, automating helps in repetitive, but it can help also in the decision
making level.
The best way to use it is to support organisation’s strategy in order to gain competitive
advantages. Organisational strategy (firm plans to accomplish its mission and goals).
Organisations try to maximise business/IT aligning and this means to match the IT
investments to the strategy.
Companies that see the greatest competitive benefit are the ones that focus the business
process management on the value creation strategy.
Informational systems can help doing things faster. Here some examples:
9
• Firms have a competitive strategy
• Information systems should be implemented to support the organization’s strategy
– Identifying Where to Compete: analyzing Competitive Forces
• Application Software
– Software Tools
• Process automation
10
• Decision support
• Other business and user needs
• Databases
– Collections of data
– Organized to facilitate data searches
The main components are : Hardware, System Software, Storage, Networking ,Data Centers
The Software:
-Control computer hardware operations
•-Operating systems
– Examples: Windows, OS X, Ubuntu, Linux
– Manages hard drives and storage
– Manages keyboard, mouse, monitor, and printers
– Coordinates application access to computing resources
Networking:
• Both human and computer communication involve senders, a message to share, and
receivers.
Network requires:
• Sender and receiver • Transmission pathway • Rules/protocols for communication
• Servers – Host (serve up) data, databases, files applications, Web sites, video, and other
content for access over the network
11
• Clients – Consume hosted resources
• Peers (P2P) – Serve and consume resources, both a server and a client interacting with
similar computers
Types of networks
THE IP ADDRESS
• The Internet uses IP addresses – IPV4: Old style, 32-bit, running out of addresses – IPV6:
New style, 128-bit, huge address space • The WWW translates domain names into IP
addresses – www.arizona.edu translates to (IPV4) 128.196.134.37 – A URL could be
expressed directly as an IP address, although it’s more common to use it’s related domain
name
12
• Clients request Web page hosted on server
• Server breaks into packets
• Packets stream over Internet to client
• Client reassembles
• Client can request retransmission of any missing packets
• Web browser translates Web page into visible output
*Cloud Computing is a way to allocate resources much like a utility sells power
-Resource Pooling
-Rapid Elasticity
13
-Measured Service
-Availability/Reliability
- Scalability
- Viability
- Security, Privacy, and Compliance
-Diversity of offerings
-Openness
-Costs
E-COMMERCE
E-Commerce is the exchange of goods, services, and money among firms and their
costumers, and between costumers, supported by communication technologies and the
Internet.
Types of E-Commerce
14
E-Government
It allows interaction between federal, state and local governments and their constituents.
Some states are already working on e-voting initiatives, allowing citizens to vote online.
It’s the relationships between business and all levels of government. This includes e-
procurement, in which the government streamlines its supply chain by purchasing materials
directly from suppliers using its proprietary Internet-enabled procurement system.
It’s the electronic interactions between countries or between different levels of government
within a country. Government has provided comprehensive e- government tools that allow
foreign entities to find government-wide information related to business topic
E-FINANCE
• Finance: Big data analytics has brought about many radical changes for this industry
– using data analytics, the banking and finance industry is able to look at a customer’s credit
worthiness to determine the amount of loan the customer could handle
• E-finance is the use of information systems to provide financial services and markets
– E-banking and online brokerage
– Paying bills online using electronic bill pay
– People can turn to multiple sites to get the latest information about stock prices
• Fintech
– Refers to technologies that support activities in the financial sector
EC BUSINESS STRATEGIES
- Brick and mortar: companies that choose to operate in the traditional physical
markets. These companies approach business activities in a traditional manner by operating
physical locations such as retail stores and not offering their products or service online.
- Click only: virtual companies that conduct their business electronically in cyberspace, no
physical store locations, allowing them to focus purely on e- commerce.
15
- Click and mortar: companies that choose to utilize the Internet to extend their
traditional offline retail channels (bricks-and-clicks business strategy).
E-Tailing
E Tailing is Global platform where firms from across the world can effectively compete for
customers and gain access to new markets.
Capabilities
• Mass Customization: firms can tailor their products and services to meet
customer’s particular needs, linking online product configuration systems with just-
in-time production allows companies to assemble each individual product based on
the customers’ specifications, companies are able to provide individualized products
while at the same time reaping the economies of scale provided by mass production.
• Disintermediation: cutting out the “middleman” and reaching customers more
directly and efficiently, it creates both opportunities and challenges.
• Group Buying: if many people agree to purchase the product or service they get
significant discounts, the business offering the product or service uses these deals to
either reduce unsold inventory or to get new customers “into the door” (local
businesses face the danger of making significant losses on these deals).
Benefits
• Product benefits: with no store size and shelf space restrictions, companies can
sell a far wider variety of goods. Comparison shopping is much easier on Web, for
example Booking.com can force sellers to focus on relatively low prices; they
generate revenue by charging a small commission on transactions.
• Price benefits: online retailers are efficient, with high volumes and low overhead
allow for very competitive pricing also because virtual companies have no need to
rent expensive retail space or employ sales clerks.
• The long Tail: these benefits of e-tailing have enabled a form of business model
centered on the “long tails”, this concept refers to catering to niche markets in
addition to purely selling mainstream products. The distribution of consumers’ needs
and wants can be compared to a statical normal distribution: the center of the
distribution reflects the “mass market” characterized by relatively similar
“mainstream” needs and wants
16
Mobile E-Commerce
Services can be offered tailored to the persons’ needs based on their current location.
-Information on the Go
Costumers can get further information about the product wherever they are, including in
the store, but this can lead to ‘showrooming’
In order to attract the costumers and increase conversation rate, companies should follow
these recommendations.
2.The web site must motivate people to visit, to stay and to return.
Seo attempts to improve a page’s ranking in search engines like Google. Techniques include
having other pages link to the page, keeping content updated and including key words.
payments are:
17
3. Managing Risk—businesses are financially liable for fraudulent transactions, thus have to
look for these and sometimes have to reject risky transactions.
18
human resources. The different functional areas are highly interrelated because most
business processes cross the boundaries of business functions
• Core Business Processes
• Organizational Activities Along the Value Chain
• Value Systems: Connecting Multiple Organizational Value Chains
Every aspect of receiving an order, fulfilling it, and receiving payment for the same. It
involves multiple steps as well as multiple business functions to be completed successfully.
19
The Make-to-Stock and Maketo-Order Processes
In the make-to-stock process, goods are produced based on forecasts and are stocked in a
warehouse (push-based approach): customers' orders are then fulfilled from inventory.
20
Standalone systems
When organizations first started using information systems, they typically implemented
proprietary systems from multiple vendors on a department-by-department or process-by-
process basis This resulted in multiple information systems optimizing the practices of each
department or process independent of the rest of the organization, with a marked lack of
data flow between business departments or processes (this lack of continuous data flow
created large inefficiencies!!!) These older standalone systems are now typically referred to
as legacy systems, reflecting their advancing age and lack of
upgradability
21
Integrated enterprise system
Enterprise systems perform all the functions legacy systems used to perform, but with the
added benefit of being integrated across the value chain with a consolidated database. This
ensures that all departments and processes have access to both their internal information
and the information of upstream and downstream processes and functions. This integrated
approach streamlines operations across the entire value chain.
22
• Data stored on legacy systems is converted into a large, centralized database that stores
data related to the various business activities of an organization
• ERP systems make accessing data easier
– By providing a central repository
– Giving personnel access to accurate, up-to-date information throughout the
organization
– Example: inventory data is accessible not only to logistics and operations but also
to accounting, sales, purchasing and customer service personnel
The ERP core components are internally focused, dealing with activities and processes
within the organization.
• Financial management components support accounting, financial reporting,
performance management, and corporate governance
• Operations management components simplify, standardize, and automate
business processes related to logistics, product development, manufacturing, and
sales and service
• Human resource\management components support employee recruitment,
assignment tracking, performance reviews, payroll, and regulatory requirements
23
• ERP systems often require organizations to change their business processes
• Once implemented, a company is locked in
• Difficult and costly to make future changes
• Modifications require extra costly programming
• Most companies are depending on a steady source of key suppliers to produce their goods
or services; thus they are seeking long term B2B relationships with a limited number of
24
carefully selected suppliers or business partners, which are selected on product features but
also on suppliers’ characteristics (trustworthiness, commitment, viability)
• Business-to-Business (B2B) Electronic commerce
– 90% Of all Electronic Commerce in the United States
– Involve proprietary information (keep the secret is a strategic value)
– Before Internet, secure communication was facilitated by Electronic Data
Interchange (EDI), computer-computer communication without human intervention
– Now suppliers use Web-based EDI protocols – Companies also use extranets
(Chapter 3), Portals and Marketplaces to facilitate B2B EC
25
• Trade-offs
– Supply Chain Efficiency
• Minimizes cost, but increased risk of stock-outs
• May sacrifice customer service
– Supply Chain Effectiveness
• Maximizes likelihood of meeting objectives
• The megatrends mobile, social media, Big Data, cloud computing, and IoT have
tremendously changed the way organizations interact with their customers
• With social media a customer can post either a negative post or a positive one.
• The old adage is that if an organization has a positive impact on you, then you will tell 10
friends; but, if an organization does wrong, you will tell 100 friends.
Successful CRM strategies need to integrate the different facets of CRM functions. This
includes consistent policies and business processes, employee training, customer service,
and data collection and analysis.
Key Elements of a CRM Strategy
• Policies and Business Processes
– Reflect a customer-focused culture
• Customer Service
– Quality, satisfaction, enhanced customer experience
• Employee Training
– For employees from all areas
• Data Collection, Analysis, and Sharing
– Track all aspects of the customer experience
• A successful CRM strategy must carefully consider the ethical and privacy concerns of
customers’ data.
26
In a nutshell: the closer an organization is to the end customer, the more important CRM
becomes!
collaboration
Organizations require collaboration between employees of different departments as well as
outside business partners such as suppliers, customers, and other external stakeholders
• Collaboration is where two or more people are working together to achieve a common
goal
• A small company can collaborate very easily usually at a set time and place
• Global companies require effective and efficient communication channels for
collaboration
27
Categories of Collaboration Tools
Many different technologies have emerged over the years that are used for each category of
collaboration tools :
Virtual Teams
• Organizations typically strive to put together the right members of a team or task force to
solve challenging business problems, regardless of where they are located geographically
• Virtual teams are composed of members from different geographic areas and assembled
as needed to collaborate on a certain project
Groupware
• Groupware is a class of software that enables people to work together more effectively
• Groupware can be divided into synchronous and asynchronous tools, as well as into tools
that enhance working at the same location or across different locations
• Synchronous means at the same time, such as when two people are talking on the
telephone
• Asynchronous means disconnected in time, such as when someone reads an email a day
after it was sent
• Asynchronous groupware tools include e-mail, mailing lists, workflow automation systems,
intranets, group calendars, collaborative writing tools, and discussion forums
• Synchronous groupware tools include shared whiteboards, online chat, electronic meeting
systems, and video communication systems
Videoconferencing
• Today, organizations are routinely conducting videoconferences to replace traditional
meetings through:
• Desktop Videoconferencing (just a webcam, a speaker telephone, videoconferencing
software – Skype, FaceTime – and a high-speed Internet connection)
– Simple and low cost
– Internet based
• Dedicated Videoconferencing
28
– Located within an organizational conference rooms
– Multiple people and/or locations
– Highly realistic/excellent video and audio quality
– Can be extremely expensive, up to $500K
29
Evolving Social Interaction
• Now that users can readily share information as well as consume it, social media have
changed dramatically to take advantage of these capabilities and have changed how people
interact
– Online information at our fingertips
– Ability to express their opinion 24/7
• Explosion in the sharing of personal information, often very private
– About themselves
– About others
– Without thinking about the consequences
• Blogs
– Topical blogs of interest to customers
– Critics call blogs “amateurization of journalism”
• Microblogging
– Post news to customers
– An example is Twitter which is limited to 140 characters
• Instant Messaging
– Enables multiple participants to have conversations
– Example: WhatsApp allows group chat, free texts
30
references that can be accessed by other participants, who are also contributing to the pool
for the greater good
• Media Sharing – Via Flickr, Instagram, Vimeo, YouTube, SlideShare – Webcasting,
podcasting
• Tagging – Manually adding metadata to content
• Geotagging – Geospatial data added
• Social Bookmarking and Cataloging – Allows users to refine data (and their search) –
Creation of a categorization system by users
31
Organizational Issues
Various factors have to be taken into account when using social media applications within
an organization
A business case is, quite simply, a complete justification for making or continuing to make
an investment in a new or ongoing information system. It demonstrates how the investment
is justified and better than the possible alternatives.
• There is also a timing issue; many information systems take years to hit the bottom line, so
any measurement immediately after implementation may show no, or even a negative,
productivity impact
32
• Some industries have a limited size, so the first mover in the industry may get a bigger
slice of the pie, but overall it is a zero-sum game, so once everyone has implemented the
new technology to catch up, overall it looks like there is no improvement across the
industry.
• Finally, some IS implementations are the result of mismanagement and aren’t
appropriate, so the investment actually has a negative return.
33
translate hours saved planning each days sales stops to annual additional customer
contact hours.
• Measure What Is Important to Management
– Know management “hot-button” issues
– Describe how the system impacts them
34
– Off-the-Shelf systems can often be customized
– Off-the-Shelf systems may interact with open-source systems (e.g., the MySQL
open source database can be used to store data for a small business ERP system)
IS Development in Action
There are a variety of sources for any new information system initiative a company is
considering. Which one makes the most sense will depend on many factors, and a
structured approach is necessary to ensure a suitable solution is found and implemented
IS Development in Action
• System analysts design the system • System users know what is needed • System analysts
depend on system users • System users are key throughout the process
35
Note that this is a cyclical process. At any phase, you may return to an earlier phase. For
example, during design there may be the recognition that more analysis is needed.
COMPUTER CRIME
Computer crime is defined as the use of a computer to commit an illegal act. This broad
definition
includes: targeting a computer while committing an offense, using a computer to commit an
offense, and using a computer to support a criminal activity despite the fact that computer
are not
actually targeted.
Hacking and Cracking
• Those individuals who are knowledgeable enough to gain access to computer systems
without
authorization, motivated by curiosity and not by a desire to harm, have long been referred
to as
hackers (or “white hats”).
• Today, those who break into computer systems with the intention of doing damage or
committing
a crime are usually called crackers (or “black hats”).
• Some computer criminals attempt to break into systems or deface Web sites to promote
political
or ideological goals and they’re referred to as hacktivists.
Types of Computer Criminals and Crimes
Computer crimes are almost as varied as users who commit them. Some involve the use of a
computer to steal money or other assets, to steal and alter information, for cyberterrorism,
stalking,
and so on.
• WHO COMMITS COMPUTER CRIMES? Studies attempting yo categorize computer
criminals
show that they generally fall into one of the four following groups:
1. Current or former employees; most organizations report insider abuses as their most
common crime.
2. People with technical knowledge who commit business or information sabotage for
personal gain.
3. Career criminals who use computers to assist in crimes.
4. Outside crackers simply hoping to find information of value.
Frequently, computer criminal use sophisticated software such as
- vulnerability scanners that automatically test targeted systems for weaknesses
- pack sniffers to analyze network traffic and capture unencrypted passwords.
• UNAUTHORIZED ACCESS. It occurs whenever people who are not authorized to see,
manipulate, or otherwise handle information look through electronically stored information
for
interesting or useful data and intercept electronic information on the way to its destination.
36
=> The term insider treats refers to “trusted adversaries” who operate within an
organization’s boundaries and are a significant danger to both private and public sectors.
Insider threats include disgruntled employees or ex-employees, potential employees,
contractors, business partners, or auditors. The damage caused by an insider threat can
take many forms, including workplace violence, the introduction of a malware into
corporate
network, the theft of information and corporate secrets, and so on.
• INFORMATION MODIFICATION. It occurs when someone accesses information and then
changes the information in some ways, such as when crackers hack into government Web
sites
and change information or when employees give themselves electronic raises and bonuses.
• OTHER THREATS TO IS SECURITY. Many time, IS security is breached simply because
organizations and individuals do not exercise proper care in safeguarding information.
Some examples follow:
- employees keep passwords or access codes on slips of paper in plain sight.
- Individuals never install antivirus softwares.
- Employees are careless about letting outsiders view computer monitors.
- Organizations fail to limit access to company files and system resources and to install
effective firewalls.
Computer Viruses and Destructive Code
Malware (short for “malicious softwares, such as viruses, worms, and Trojan horses)
continue to
have tremendous economic impacts on the world, costing organizations more than 114$ US
billion
dollars to respond to and to enact countermeasures.
• COMPUTER VIRUSES. A virus is a destructive program that disrupts the normal functioning
of
computer systems. Viruses differ from other types of malicious code in that they can
reproduce
themselves. Some viruses are intended to be harmless pranks, but more often they do
damage
to a computer system by erasing files on the hard drive or by slowing computer processing
or
otherwise compromising the system. Viruses infect a single computer only, potentially
spreading
to other computers if infected files are shared.
• WORMS, TROJAN HORSES, AND OTHER SINISTER PROGRAMS.
- A worm, a variation of a virus that is targeted at network, is designed to spread by itself,
without the need for an infected host file to be shared. Worms take advantage of security
holes in operating systems and other software to replicate endlessly across the Internet.
- Trojan horses appear to be legitimate, being programs, but carry a destructive payload.
Trojan horses do not typically replicate themselves, but like viruses can do much damage.
When a Trojan horse is planted in a computer, its instructions remain hidden; the computer
appear to function normally, but in fact it is performing underlying functions dictated by the
intrusive code.
- Logic bombs or time bombs are variations of Trojan horses. They also do not reproduce
themselves, and are designed to operate witty disruption normal computer function.
37
Instead, they lie in wait for unsuspecting computer users to perform a triggering operation.
Time bombs are set off by specific dates and logic bombs are set off by certain types of
operations.
- Recently another type of malware has emerged, called ransomware. Ransomware holds a
user’s computer hostage by locking or taking control of the user’s computer, or encrypting
files or documents. Once infected, the scammers demand a ransom (= riscatto) to be paid
by a certain deadline in order to unlock the computer or decrypt the files.
• DENIAL OF SERVICE. Denial of service attacks occur when electronic intruders deliberately
attempt to prevent legitimate users of a service from using that service. To execute such
attacks,
intruders often create armies of zombie computers by infecting computers that are located
in
homes, schools and businesses with viruses and worms. The zombie computers, without
users’
knowledge or consent, are used to spread the malware to other computers and to launch
attacks
on popular Web sites.
• SPYWARE, SPAM, AND COOKIES. They are three additional ways in which information
systems can be threatened.
- Spyware. It is any software that covertly gathers information about a user through an
Internet connection without the users’s knowledge. Spyware can monitor your activity and
secretly transmit that information to someone else. Key-loggers can capture every
keystroke and thus gather information such as e-mail addresses, passwords, and credit
card numbers.
- Spam. It is electronic junk mail or junk newsgroup postings, usually for the purpose of
advertising for some product and/or service. In addition to being of nuisance and wasting
our time, spam also east up huge amounts of storage space and network bandwidth. Spam
includes attachments that carry destructive computer viruses. As a result, Internet service
providers and those who manage e-mail within an organization often use spam filters to
fight spam. In its worth form, spam is used for phishing, which are attempts to trick
financial account and credit card holders into giving away their authentication information,
usually by sending spam messages to literally millions of e-mail accounts. Spear phishing
is a more sophisticate fraudulent e-mail attack that targets a specific person or organization
by personalizing the message. One commonly used approach for preventing robots from
submitting forma is the use of CAPTCHAs. A CAPTCHA (Completely Automated Public
Turing Test to Tell Computers and Human Apart) typically consist of a distorted image
displaying a combination of letters and/or numbers that a user has to input into a form
before submitting it. As the image is distorted, only humans can interpret the letters/
numbers, preventing the use of automated robots for creating accounts or posting spam to
forums, blogs, or wikis.
- Cookies. A cookie is a small text file passed to a Web browser on a user’s computer by a
Web server. The browser than stores the message in a text file, and the message is sent
back to the server each time the user’s browser requests a page from that server. Cookies
are normally used for legitimate purposes, such as identifying a user in order to present
38
customized Web page or for authentication purposes.
• THE RISE OF BOTNETS AND THE CYBERATTACK SUPPLY CHAIN. Destructive software
robots, called bots, working toothier on a collection of zombie computers via the Internet,
called
botnets, have become the standard method of operation for professional cybercriminals.
• IDENTITY THEFT. It is the stealing of another person’s Social Security number, credit card
number, and other personal information for the purpose of using victim’s credit rating to
borrow
money, buy merchandise, and otherwise run up debts that are never repaid.
Cyberharassment, Cyberstalking, Cyberbullying, and Cybersquatting
The Internet has become a place where people utilize its anonymity to harass, stalk, and
bully
others.
- Cyberharassment, a crime in many states and countries, broadly refers to the use pf a
computer to communicate obscene, vulgar, or threatening content that causes a reasonable
person to endure distress.
- Repeated contacts with a custom are referred to as cyberstalking.
- While cyberstalking can take many forms and can go undetected, the intent of
cyberbullying is
to deliberately cause emotional distress in the victim.
- Online predators typically target vulnerable people, usually the young or old, for sexual or
financial purposes.
- Cybersquatting is another form of piracy, which is the dubious practice of registering a
domain name and then trying to sell the name for big bucks to the person, company, or
organization most likely to want it.
Software Piracy
Software developer and marketers want you to buy as many copies of their products as you
want,
of course. But vendors take a dim view of companies that buy one copy of a software
application
and then make many copies to distribute to employees. In fact, this practice is called
software
piracy.
Both patient and copyright laws can apply to software, which is a form of intellectual
property.
- Patents typically refer to process, machine, or material inventions (ex. amazon.com's “one-
click” business process).
- Copyright generally refers to cartoons of the mind such as music, literature, or software.
- => SOFTWARE PIRACY IS A GLOBAL BUSINESS. Worldwide loss due to piracy exceeded
US$63 billion in 2011.
Federal and State Laws
In the United States, there are two main federal laws against computer crime.
(1) The Computer Fraud and Abuse Act of 1986. It prohibits the following:
- Stealing or compromising data about national defense, foreign relations, atomic energy, or
39
other restricted information and prohibition of dissemination of computer viruses and other
harmful codes.
- Gaining unauthorized access to computers owner by any agency or department of the U.S.
government and violating data belonging to banks or other financial institutions.
- Interception or otherwise intruding on communications between states or foreign
countries.
- Threatening to damage computer systems in order to extort money or other valuables
from
persons, businesses, or institutions.
- Threatening the U.S. president, vice president, members of Congress, and other
administrative members (even if its just in a critical e-mail).
(2) The Electronic Communications Privacy Act of 1986, which makes it a crime to break into
any electronic communication service, including telephone services.
40
stability or infrastructure. Cyberterrorist could likely damage the machines tat control
traffic lights, power plants, dams, or airline traffic in order to create fear and panic.
Attacks launched in cyberspace could take many forms, such as viruses, denial of
service, destruction of government computers, stealing classified files, altering Web
pages content, deleting or corrupting information, disrupting media broadcasts, and
otherwise interrupting the flow of information.
- HOW THE INTERNET IS CHANGING THE BUSINESS OF TERRORISTS. Virtually all
modern terrorist groups utilize the Internet, which is a powerful tool for improving and
streamlining the business processes of modern terrorists.
- ASSESSING THE CYBERTERRORISM THREAT. Some experts claim that because of
the general openness of access, the Internet infrastructure is extremely vulnerable to
cyberterrorism. Each year, cyberattacks on critical infrastructure such as nuclear power
plants, dams, and power grids are increasing. Terrorists use the Internet for information
dissemination, data mining, fundraising, recruiting, networking, information sharing,
training, planning and coordinating, information gathering and location monitoring.
- RESPONDING TO GLOBAL CYBERTERRORISM THREATS. To be adequately
prepared, national governments along with industry partners must design coordinated
responses to various attack scenarios and they must improve their intelligence-gathering
capabilities so that potential attacks are stopped before they begin. Clearly, great
chances are ahed.
41
systems security is an ongoing process, consisting of:
1. Assessing risks
2. Developing a security strategy
3. Implementing controls and training
4. Monitoring security
1. Assessing risks: in order to obtain an understanding of the risks to the availability,
integrity
and confidentiality of data and systems.
Threats are defined as undesirable events that can cause harm, and can arise from actions
performed by agents internal or external to an organization.
Vulnerabilities are defined as weaknesses in an organization’s systems or security policies
that can be exploited to cause damage, and can encompass both known vulnerabilities and
expected ones.
- Risk reduction: taking active countermeasures to protect your systems
- Risk acceptance: implementing no countermeasures and simply absorbing any damages
that occur
- Risk transference: having someone else absorb the risk
- Risk avoidance: using alternate means, or not perform tasks that would cause risk
2. Developing a security strategy: once risks are assessed, a strategy should be formulated
that details what information systems controls should be implemented.
To be most effective, an IS security strategy should focus on:
- Preventive controls: to prevent any potentially negative event from occurring, such as by
preventing outside intruders from accessing a facility
- Detective controls: to assess whether anything went wrong, such as unauthorized access
attempts, and to limit damage
- Corrective controls: to mitigate the impact of any problem after it has arisen, such as
restoring compromised data.
In general policies and procedures that guide users’ decisions and establish responsibilities
are:
Cold backup site is like an empty warehouse with all necessary connections for power and
communication but nothing else
42
Hot backup site is a fully equipped backup facility, having everything from office chairs to a
one-to-
one replication of the most current data.
44