IT Infrastructure
platform that supports all information systems;
5 major components:
Computer hardware,
Computer software - both system and application,
Data management - manages and processes business data such as customer and vendor info,
Networking and telecommunicatio
Types of computers
Smartphones/tablets, laptops/notebooks, personal computers/microcomputers, Minicomputers, mainframes, supercomputers
Types of PCs
Workstations - more powerful processing capabilities than PC
Servers - optimized to support computer network
Storage devices
Magnetic disk
like hard drives, RAID (Redundant Array of Inexpensive Disks);
-Optical disks
like CD-ROM, CD-RW, DVD;
-Magnetic tape
-Solid state likeUSB flash drives
-Storage networking: SANs
Connect multiple storage devices on a separate high-speed netwo
Input devices
gather data and convert them into electronic form.
-Keyboard
-Computer mouse
-Digital scanner
Output devices
display data after they have been processed.
-Monitor
-Printer
-Audio output
Name and describe 7 computers
Smartphones, tablets - limited functionality, highly portable;
Laptops, notebooks - designed for portability, fewer peripherals;
Personal computers/microcomputers - designed for needs of single user or small work group;
Workstations - more powerful proces
3 Computer architectures
Centralized -
all processing on central computer
high degree of control but promotes inflexibility;
Decentralized -
each group has own system with little or no sharing of resources
can result in data duplication;
Distributed -
involves distributing inform
Hardware trends
-Mobile platform:
Based on handheld hardware like smartphones, netbooks;
-Cloud Computing:
Obtain computing resources and applications over the Internet;
-Green computing
Minimize impact on environment (such as multicore processors that use less power)
CPU - central processing unit
measured in capacity and speed (GHz)
Intel i3/i5/i7, AMD Opteron
RAM - random access memory
temporary storage area for current work.
Measured in GB
Operating system
The software that manages and controls the computer's activities
Interface technologies
GUI - graphical user interface - features extensive use of icons
Multitouch - such as on iPhone
Java
Operating system-independent, processor-independent, object-oriented programming language
Hypertext markup language (HTML):
Page description language for specifying how elements are placed on a Web page and for creating links to other pages and objects
Open source software
Linux, Apache, UNIX
Cloud computing
Google Apps, Office Web Apps, 365
Mashups
Interchangeable software components (FaceForce)
Apps
Small pieces of software that run over the Internet
Software as a Service (SaaS)
like Salesforce.com
Capacity planning
Ensuring firm has enough computing power for current and future needs;
Factors include:
Maximum number of users
Impact of current, future software
Performance measures
Scalability
Ability of system to expand to serve large number of users without breaking down
PC Operating Systems
-Microsoft Windows 8/7, Vista, and XP
-UNIX:
Designed by Bell Labs in 1969 for networking various machines
Is open-source (users get access to program code) and often used on workstations and servers
-Linux:
Designed in early 1990's to be compact, reliabl
Software packages and desktop productivity tools
Word processing software
Spreadsheet software
Data management software
Presentation graphics
Software suites
Web browsers
Total Cost of Ownership Model (TCO)
Used to analyze direct and indirect costs to help determine the actual cost of owning a specific technology.
Direct costs: hardware, software purchase costs.
Indirect costs: ongoing administration costs, upgrades, maintenance, technical support, training,
Outsourcing
Using external provider to run networks, manage Web site, develop software
Requires Service Level Agreements (SLAs)
laptops and notebooks
1990's - As component parts got smaller and smaller, so did the computers. A new operating system, called Linux, was introduced. Not only was Linux open-source, but it was also given away at no charge
smartphones/tablets
2000s - They are highly portable and have substantial computing capabilities, although their functionality is somewhat limited.
UNIVAC
1950's - Created by the makers of ENIAC, the first commercial (that is, mass produced) computer.
mainframe computers
1960's - mostly from IBM, teletype, batchmode
Spoofing
Misrepresenting oneself by using fake e-mail addresses or masquerading as someone else.
Redirecting Web link to address different from intended one, with site masquerading as intended destination
Sniffing
Eavesdropping program that monitors information traveling over network.
Enables hackers to steal proprietary information such as e-mail, company files, and so on
Technology service providers
Outsourcing:
Using external provider to run networks, manage Web site, develop software.
Requires Service Level Agreements (SLAs).
Cloud services:
"Rent" infrastructure to avoid expenses of maintaining hardware and software.
Mobile platforms:
Balance expe
ENIAC
1940's - ENIAC ("Electronic Numerical Integrator and Calculator") was built at the University of Pennsylvania between 1943 and 1945.The precursor of today's all-electronic digital computers - filled a 20 by 40 foot room, weighed 30 tons, and used more tha
minicomputers
1970's - PDP-12 computer of 1969. These "minis" ran the open-source UNIX operating system from AT&T and allowed smaller businesses to have their own computing machines.
Microcompters
1980's - (and thanks to integrated circuits and Intel company's microprocessors), computers were small enough, reliable enough and inexpensive enough to be bought for personal use. This microcomputer (known as the PC-AT) was produced by IBM and ran the MS
Laptops/notebooks
1990's -As component parts got smaller and smaller, so did the computers. A new operating system, called Linux, was introduced. Not only was Linux open-source, but it was also given away at no charge
Smartphones/tablets
2000's - They are highly portable and have substantial computing capabilities, although their functionality is somewhat limited.
Security
Policies, procedures, and technical measures used to prevent unauthorized access, alteration, theft, or physical damage to information systems
Controls
Methods, policies, and organizational procedures that ensure safety of organization's assets; accuracy and reliability of its accounting records; and operational adherence to management standards
Why Systems Are Vulnerable
-Hardware problems:
Breakdowns, configuration errors, damage from improper use or crime
-Software problems:
Programming errors, installation errors, unauthorized changes
-Disasters:
Power failures, flood, fires, and so on
-Use of networks and computers ou
Internet vulnerabilities
Network open to anyone
Size of Internet means abuses can have wide impact
Use of fixed Internet addresses with permanent connections to Internet eases identification by hackers
E-mail attachments could harbor malicious software
E-mail used for transmittin
Malware
malicious software;
software that is written with intent to cause annoyance or damage
Types of Malware
1. Viruses:
Software that attaches itself to other software programs or data files in order to be executed
Can destroy data, clog memory, reformat hard drive
Can't hurt your hardware
2. Worms;
Independent programs that copy themselves from one computer to
Hackers
persons who gain unauthorized access to a computer system.
Crackers - hackers with criminal intent
Activities include:
System intrusion and Cybervandalism which is
intentional disruption, defacement, destruction of Web site or corporate information system
Spoofing
Misrepresenting oneself by using fake e-mail addresses or masquerading as someone else.
Redirecting Web link to address different from intended one, with site masquerading as intended destination
Phishing
Form of spoofing that involves setting up fake Web sites or sending e-mail messages that look like legitimate businesses to ask users for confidential personal data
Pharming
Redirects users to a bogus Web page, even when individual types correct Web page address into his or her browser
Denial-of-service attacks (DoS)
Flooding server with thousands of false requests to crash the network. DoS attacks don't destroy data or access restricted data, but they can cause Web sites to shut down so legitimate users can't log on
Distributed denial-of-service attacks (DDoS)
Use of numerous computers to launch a DoS
Computer crime
Defined as "any violations of criminal law that involve a knowledge of computer technology for their perpetration, investigation, or prosecution"
Computer may be target of crime: Breaching confidentiality of protected computerized data or
Accessing a comp
Internal Threats
Security threats often originate inside an organization. Employees are often the biggest problem
Social engineering:
Tricking employees into revealing their passwords by pretending to be legitimate members of the company in need of information
Software Vulnerability
Commercial software contains flaws that create security vulnerabilities.
-Hidden bugs (program code defects)
-Flaws can open networks to intruders
Patches:
-Vendors release small pieces of software to repair flaws.
-Hackers can exploit holes faster than p
Value of IS Security
Failed computer systems can lead to significant or total loss of business function.
Firms now more vulnerable than ever.
A security breach may cut into firm's market value almost immediately.
Inadequate security and controls also bring forth issues of lia
Security Policy
Ranks information risks, identifies acceptable security goals, and identifies mechanisms for achieving these goals
Acceptable use policy (AUP)
Defines acceptable uses of firm's information resources and computing equipment
Authorization policies
Determine
Business continuity planning
focuses on restoring business operations after disaster
Disaster recovery planning
devises plans for restoration of disrupted services; part of BCP
Both types of plans needed to identify firm's most critical systems
Business impact analysis to determine impact of an outage
Management must determine which systems restored first
Access Control
Policies and procedures to prevent improper access to systems by unauthorized insiders and outsiders
Authentication
verification of identity
Password systems
Tokens - small devices that display passcodes
Smart cards - contain chips formatted with access permission
Biometric authentication - read human traits (fingerprints, irises) to grant access
Firewall
Combination of hardware and software that prevents unauthorized users from accessing private networks
Acts like a gatekeeper who examines each user's credentials before granting access
Intrusion detection systems
Monitor hot spots on corporate networks to detect and deter intruders
Antivirus and antispyware software
Check computers for presence of malware and can often eliminate it as well
Encryption
Transforming data into cipher text that cannot be read by unintended recipients
Name 3 types of encryption techniques
1. Secure Sockets Layer (SSL), which manages encryption and decryption during a secure Web session
2. Secure Hypertext Transfer Protocol (S-HTTP), which is limited to individual messages
3. Symmetric key encryption, where sender and receiver use single, s
What is a digital certificate and how does it play into encryption?
Data file used to establish the identity of users and electronic assets for protection of online transactions.
Uses a trusted third party, certification authority (CA), to validate a user's identity.
CA verifies user's identity, stores information in CA s
Public key infrastructure (PKI)
Use of public key cryptography working with certificate authority
Widely used in e-commerce
Information systems raise new ethical questions because they create opportunities for:
Intense social change, threatening existing distributions of power, money, rights, and obligations and
New kinds of crime
Technology Trends that Raise Ethical Issues
-Doubling of computer power
More organizations depend on computer systems for critical operations
-Rapidly declining data storage costs
Organizations can easily maintain detailed databases on individuals
-Networking advances and the Internet
Copying data
Ethics
Principles of right and wrong that
individuals
use to make choices to guide their behaviors
Morals
Society's
view of acceptable behavior
Ethical dilemma
Situation that requires action but is not clear on right and wrong
Response is determined by:
Your basic ethical structure
The Ethical Principles that you apply
Ethical Principles
1. Golden Rule
2. Immanuel Kant's Categorical Imperative
3. Descartes' Rule of Change
4. Utilitarian Principle
5. Risk Aversion Principle
6. Ethical "No Free Lunch" Rule
Descartes' Rule of Change
If an action cannot be taken repeatedly, it is not right to take at all.
Immanuel Kant's Categorical Imperative
If an action is not right for everyone to take, it is not right for anyone.
Ethical "No Free Lunch" Rule
Assume that virtually all tangible and intangible objects are owned by someone unless there is a specific declaration otherwise.
Risk Aversion Principle
Take the action that produces the least harm or least potential cost.
Five Moral Dimensions
1. Information rights and obligations (Privacy)
2. Property rights and obligations
3. Accountability and control
4. System quality
5. Quality of life
Privacy
Claim of individuals to be left alone, free from surveillance or interference from other individuals, organizations, or state. Claim to be able to control information about yourself.
In the United States, privacy protected by:
First Amendment (freedom of
Fair information practices:
Set of principles governing the collection and use of information
Used to drive changes in privacy legislation
Fair Credit Reporting Act
FERPA
Internet Challenges to Privacy
Cookies
Tiny files downloaded by Web site to visitor's hard drive.
Identify visitor's browser and track visits to site.
Allow Web sites to develop profiles on visitors.
Spyware
Surreptitiously installed on user's computer
May transmit user's keystrokes or
Intellectual property
intangible property of any kind created by individuals or corporations
Three main ways that intellectual property is protected
Trade secret: intellectual work or product belonging to business, not in the public domain
Copyright: statutory grant protecting
Digital media different from physical media:
Ease of replication
Ease of transmission
Compactness
Difficulties in establishing uniqueness
Digital Millennium Copyright Act (DMCA)
Makes it illegal to circumvent technology-based protections of copyrighted materials
Fair Use Doctrine
May use copyrighted
Accountability and Control
Basic concepts for ethical analysis
Responsibility:
Accepting the potential costs, duties, and obligations for decisions
Accountability:
Mechanisms for identifying responsible parties
Liability:
Permits individuals (and firms) to recover damages done to t
System Quality
data quality and system errors
What is an acceptable, technologically feasible level of system quality?
Three principal sources of poor system performance:
Software bugs, errors
Hardware or facility failures
Poor input data quality (most common source of
Quality of Life
1. Negative social consequences of systems
Dependence and vulnerability: organizations ever more dependent on computer systems
2. Computer crime and abuse
Computer crime: commission of illegal acts through use of computer or against a computer
Computer ab
How do moral dimensions come into play in the information age and legislation
...