Information Security (Chapter 4)

Information Security

        

 

Define Information Security

Information security refers to all of the processes and policiesdesigned to protect an organization’s information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction.

·        Five Factors Increasing the Vulnerability of Information Resources

1.     Today’s interconnected, interdependent, wirelessly-networked business environment

2.     Smaller, faster, cheaper computers and storage devices

3.     Decreasing skills necessary to be a hacker

4.     Organized crime taking over cybercrime

5.     Lack of management support

·        Human mistakes and social engineering

Human mistakes are unintentional errors. However, employees can also make unintentional mistakes as a result of actions by an attacker.

Social Engineering is an attack where the perpetrator uses social skills to trick or manipulate a legitimate employee into providing confidential company information.

·        Types of deliberate attacks

1.     Espionage or Trespass

2.     Information extortion

3.     Sabotage or vandalism

4.     Theft of equipment or information

5.     Identity theft

6.     Compromises to intellectual property

7.     Soft ware attacks

8.     Alien soft ware

9.     Supervisory control and data acquisition (SCADA) attacks

10.               Cyberterrorism and cyberwarfare

•       Types of risk mitigation strategies

1.     Risk Acceptance. Accept the potential risk, continue operating with no controls, and absorb any damages that occur.

2.     Risk limitation. Limit the risk by implementing controls that minimize the impact of threat.

3.     Risk transference. Transfer the risk by using other means to compensate for the loss, such as purchasing insurance.

•       Types of controls

1.     Physical controls. Physical protection of computer facilities and resources.

2.     Access controls. Restriction of unauthorized user access to computer resources; use biometrics and passwords controls for user identification.

3.     Communications (network) controls. To protect the movement of data across networks and include border security controls, authentication and authorization.

Ethics and Privacy (Chapter 3)

 

 Ethics and Privacy

1.      Define ethics

Ethics refers to the principles of right and wronge that individuals use make choices that guide their behavior.

2.      Ethical Frameworks

There are many sources for ethical standards. The book has considered four widely used standards which are:

                               I.            Utilitarian approach: an ethical action is the one that provides the most good or does the least harm.

                            II.            Rights approach: ethical action is the one that best protects and respects the moral rights of the affected parties.

                         III.            Fairness approach: ethical actions treat all humans equally, or if unequally, then fairly, based on some defensible standard.

                         IV.            Common good approach: highlights the interlocking relationships that underlie all societies. 

 

3.      Code of ethics

A Code of Ethics is a collection of principles that are intended to guide decision making by members of an organization.

4.      Fundamental tenets of ethics

Fundamental tenets of ethics include responsibility, accountability and liability.

Responsibility means that you accept the consequences of your decisions and actions.

Accountability means a determination of who is responsible for actions that were taken.

Liability is a legal concept meaning that individuals have the right to recover the damages done to them by other individuals, organizations, or systems.

5.      · The Four Categories of Ethical Issues:

·         Privacy Issues involve collecting, storing and disseminating information about individuals.

·         Accuracy Issues involve the authenticity, fidelity and accuracy of information that is collected and processed.

·         Property Issues involve the ownership and value of information.

·         Accessibility Issues revolve around who should have access to information and whether they should have to pay for this access.

6.      Define privacy

Privacy is the right to be left alone and to be free of unreasonable personal intrusions.

7.      Threats to Privacy:

A.            Data aggregators, digital dossiers, and profiling

Data aggregators are companies that collect public data (e.g., real estate records, telephone numbers) andnonpublic data (e.g., social security numbers, financial data, police records, motor vehicle records) and integrate them to produce digital dossiers.

Digital dossier is an electronic description of you and your habits.

Profiling is the process of creating a digital dossier.

B.            Electronic Surveillance

Electronic Surveillance. The tracking of people‘s activities, online or offline, with the aid of computers.

C.            Personal Information in Databases

Personal Information in Databases. Information about individuals is being kept in many databases: banks, utilities co., govt. agencies, …etc.; the most visible locations are credit-reporting agencies.

D.            Information on Internet Bulletin Boards, Newsgroups, and Social Networking Sites

Social Networking Sites often include electronic discussions such as chat rooms. These sites appear on the Internet, within corporate intranets, and on blogs.

8.       Protecting Privacy:

Privacy Codes and Policies. An organization’s guidelines with respect to protecting the privacy of customers, clients, and employees.

Opt-out model of informed consent permits the company to collect personal information until the customer specifically requests that the data not be collected.

Opt-in model of informed consent means that organizations are prohibited from collecting any personal information unless the customer specifically authorizes it.  (Preferred by privacy advocates.)

International Aspects of Privacy. Privacy issues that international organizations and governments face when information spans countries and jurisdictions.

Electronic Commerce: Applications and Issues (Chapter 7)

Electronic Commerce: Applications and Issues

Overview of E-Business & E-Commerce:

o Electronic commerce (e-commerce, EC) describes the buying, selling, transferring or exchanging of products, services or information via computer networks, including the Internet.

o E-business is a broader definition of EC, including buying and selling of goods and services, and also servicing customers, collaborating with partners, conducting e-learning and conducting electronic transactions within an organization.

o Types of E-Commerce:

1. Business-to-Consumer (B2C)

2. Business-to-Business (B2B)

3. Consumer-to-Consumer (C2C)

4. Business-to-Employee (B2E)

5. E-Government

6. Mobile Commerce (m-commerce)

o Benefits of E-Commerce:

§ Benefits to organizations

          o Makes national and international markets more accessible.

          o Lowering costs of processing, distributing, and retrieving information.

§ Benefits to customers

o Access a vast number of products and services around the clock (24/7/365).

§ Benefits to Society

o Ability to easily and conveniently deliver information, services and products to people in cities, rural areas and developing countries.

o Limitations of E-Commerce:

§ Technological Limitations

          o Lack of universally accepted security standards

          o Insufficient telecommunications bandwidth

          o Expensive accessibility

§ Non-technological Limitations

          o Perception that EC is unsecure

          o Unresolved legal issues

          o Lacks a critical mass of sellers and buyers

· Business-to-Consumer (B2C) Electronic Commerce:

o An electronic storefront is a Web site that represents a single store.

o Electronic malls are collections of individual shops under a single Internet address.

o B2C electronic commerce is also known as e-tailing.

o Issues in E-Tailing:

§ Channel conflict occurs when manufacturers disinter mediate their channel partners, such as distributors, retailers, dealers, and sales representatives, by selling their products directly to consumers, usually over the Internet through electronic commerce.

§ Order fulfillment involves finding the product to be shipped; packaging the product; arrange for speedy delivery to the customer; and handle the return of unwanted or defective products.

· Business-to-Business (B2B) Electronic Commerce:

o In B2B e-commerce, the buyers and sellers are organizations.

o B2B Sell-Side Marketplace:

 § In the sell-side marketplace, organizations sell their products or services to other organizations electronically from their own Web site and/or from a third-party Web site.

　

　

o B2B Buy-Side Marketplace:

§ The buy-side marketplace is a model in which organizations buy needed products and services from other organizations electronically.

　

　

o Electronic Exchanges:

§ Exchanges have many buyers and many sellers.



　

　

· Electronic Payments:

o Electronic payment systems enable you to pay for goods and services electronically.

§ Electronic checks (e-checks)

§ Electronic credit cards

§ Purchasing cards

§ Electronic cash

          1. Stored-value money cards

          2. Smart cards

          3. Person-to-person payments

Networks (Chapter 6)

Networks

 

  I summarized the information I have learned from this chapter  as follow:

1.     Define the term computer network, and compare and contrast the two major types of networks.

A computer network is a system that connects computers and other devices via communications media so that data and information can be transmitted among them.

The two major types of networks:

A local area network connects two or more devices in a limited geographical region so that every device on the network can communicate with every other device.

A wide area networks are networks that cover large geographic area.

2.     Compare and contrast the two major signals:

Analog Signals are continuous waves that transmit information by altering the characteristics of the waves.

Digital Signals are discrete pulses that are either on or off, representing series of bits (0s and 1s). 

3.     Describe the differences among the three types of wireline communications media.

Twisted-pair wire, the most prevalent form of communications wiring, consists of stands of copper wire twisted in pairs.

Coaxial cable consists of insulated copper wire.

Fiber-optic cables consist of thousands of very thin filaments of glass fibers that transmit information via light pulses generated b lasers.

4.     Differentiate between the Internet and the World Wide Web.

The internet is a global network of computer networks, using a common communication, TCP/IP.

Transmission Control Protocol/Internet Protocol (TCP/IP) is a file transfer protocol that can send large files of information across sometimes unreliable networks with assurance that the data will arrive uncorrupted.

The World Wide Web (WWW) is a system that stores, retrieves, formats, and displays information accessible through a browser.

5.  Identify six major categories of network applications. 

•  Discovery allows users to browse and search data sources, in all topic areas, on the Web. Discovery tools include search engines, directories, and portals.
• Networks provide fast, inexpensive communications, via e-mail, call centers, chat rooms, voice communications, and blogs.
• Collaboration refers to efforts of two or more entities (individuals, teams, groups, or organizations) who work together to accomplish certain tasks.
• E-Learning refers to learning supported by the Web. Distance learning (DL) refers to any learning situation in which teachers and students do not meet face-to-face.
• Virtual universities are online universities in which students take classes from home or at an off-site location, via the internet.
• Telecommuting is the process where knowledge workers are able to work anywhere and anytime.

Managing Knowledge and Data (Chapter 5)

Managing Knowledge and Data



Managing Data

Difficulties in managing data:

•       Amount of data increasing exponentially

•       Data are scattered throughout organizations and collected by many individuals 

    using various methods and devices.

•       Data come from many sources.

•       Data security, quality, and integrity are critical.

•       Data degrade over time;

•       Data subject to data rot;

•       Data security, quality, and integrity are critical, yet easily jeopardized;

•       Information systems that do not communicate with each other can result in inconsistent data;

•       Federal regulations.

     Data Governance

Data governance is an approach to managing information across an entire organization.

Master data management is a process that spans all of an organization’s business processes

and applications.

Master data are a set of core data that span all of an enterprise’s information systems.

The Database Approach

Database management system (DBMS) minimize the following problems:

Data redundancy: The same data are stored in many places.

Data isolation: Applications cannot access data associated with other applications.

Data inconsistency: Various copies of the data do not agree.

DBMSs maximize the following issues:

Data security: Keeping the organization’s data safe from theft, modification,

     and/or destruction.

Data integrity: Data must meet constraints (e.g., student grade point averages

     cannot be negative).

Data independence: Applications and data are independent of one another.

     applications and data are not linked to each other, meaning that

     applications are able to access the same data.

Data Hierarchy

A bit is a binary digit, or a “0” or a “1”.

A byte is eight bits and represents a single character (e.g., a letter, number or symbol).

A field is a group of logically related characters (e.g., a word, small group of words, 

     or identification number).

A record is a group of logically related fields (e.g., student in a university database).

A file is a group of logically related records.

A database is a group of logically related files.

Designing the Database

The data model is a diagram that represents the entities in the database and their relationships.

An entity is a person, place, thing, or event about which information is maintained.

     A record generally describes an entity.

An attribute is a particular characteristic or quality of a particular entity.

The primary key is a field that uniquely identifies a record.

Secondary keys are other field that have some identifying information but typically do not

     identify the file with complete accuracy.

Entity-Relationship Modeling

Database designers plan the database design in a process called entity-relationship (ER) modeling.

ER diagrams consists of entities, attributes and relationships.

Entity classes are groups of entities of a certain type.

An instance of an entity class is the representation of a particular entity.

Entity instances have identifiers, which are attributes that are unique to that entity instance.

Database Management Systems

A database management system is a set of programs that provide users with tools to add, 

     delete, access, and analyze data stored in one location.

The relational database model is based on the concept of two-dimensional tables.

Structured query language allows users to perform complicated searches by using 

     relatively simple statements or keywords.

Query by example allows users to fill out a grid or template to construct a sample or

     description of the data he or she wants.

Normalization

Normalization is a method for analyzing and reducing a relational database to its most

streamlined form for minimum redundancy, maximum data integrity, and best processing

performance.

Data Warehousing and Data Marts

A data warehouse is a repository of historical data organized by subject to support

     decision makers in the organization.

Historical data in data warehouses can be used for identifying trends, forecasting, and making

     comparisons over time.

Online analytical processing (OLAP) involves the analysis of accumulated data by end users 

     (usually in a data warehouse).

In contrast to OLAP, online transaction processing (OLTP) typically involves a database, where

     data from business transactions are processed online as soon as they occur.

Benefits of Data Warehousing

End users can access data quickly and easily via Web browsers because they are located in one place.

End users can conduct extensive analysis with data in ways that may not have been possible before.

End users have a consolidated view of organizational data.

Knowledge Management

Knowledge management is a process that helps organizations manipulate important 

knowledge that is part of the organization’s memory, usually in an unstructured format.

Knowledge that is contextual, relevant, and actionable.

Intellectual capital is another term often used for knowledge.

Explicit knowledge: objective, rational, technical knowledge that has been documented.

     Examples: policies, procedural guides, reports, products, strategies, goals, core competencies

Tacit knowledge: cumulative store of subjective or experiential learning.

     Examples: experiences, insights, expertise, know-how, trade secrets, understanding, 

                     skill sets, and learning

Knowledge management systems refer to the use of information technologies to systematize,

enhance, and expedite intrafirm and interfirm knowledge management.

Best practices are the most effective and efficient ways of doing things.

Knowledge Management System Cycle