Sunday, May 22, 2011

CH.12: INFORMATION SECURITY MANAGEMENT


       An information security management system (ISMS) is a set of policies concerned with information security management or IT related risks. Unauthorized data disclosure can occur by human error when someone inadvertently releases data in violation of a policy. Employees who place restricted data on Web sites that can be reached by search engines may mistakenly publish proprietary or restricted data over the Web. Pretexting, also called email spoofing, occurs when someone deceives by pretending to be someone else. A common scam involves a telephone caller who pretends to be from a credit card company and claims to be checking the validity of credit card numbers. Phishing is a similar technique for obtaining unauthorized data that uses pretexting via email. The phisher pretends to be a legitimate company and sends an email requesting confidential data. Spoofing is another term for someone pretending to be someone else. IP spoofing occurs when an intruder uses another site’s IP address as if it were that other site. Sniffing is a technique for intercepting computer communications. Drive-by sniffers simply take computers with wireless connections through an area and search for unprotected wireless networks. Even protected wireless networks are vulnerable. Other forms of computer crime include breaking into networks to steal data such as customer lists, product inventory data, employee data, and other proprietary and confidential data. Faulty service includes problems that result because of incorrect system operation. Faulty service could include incorrect data modification, as previously described. It also could include systems that work incorrectly, by sending the wrong goods to the customer or the ordered goods to the wrong customer, incorrectly billing customers, or sending the wrong information to employees. Faulty service can also result from mistakes made during the recovery from natural disasters. Senders use a key to encrypt a plaintext message and then send the encrypted message to a recipient, who then uses a key to decrypt the message. With symmetric encryption, both parties use the same key. With asymmetric encryption, the parties use two keys, one that is public and one that is private. Secure Socket Layer (SSL) is a protocol that uses both asymmetric and symmetric encryption. With SSL, asymmetric encryption transmits a symmetric key. Both parties then use that key for symmetric encryption for the balance of that session. SSL version 1.0 had problems, most of which were removed in version 3.0, which is the version Microsoft endorsed. A later version, with more problems fixed, was renamed Transport Layer Security (TLS). Digital signatures ensure that plaintext messages are received without alterations. Data safeguards are measures used to protect databases and other organizational data. Business requirements may necessitate opening information systems to nonemployee personnel-temporary personnel, vendors, partner personnel (employees of business partners), and the public. In the case of temporary, vendor, and partner personnel, the contracts that govern the activity should call for security measures appropriate to the sensitivity of the data and IS resource involved.  Companies should require vendors and partners to perform appropriate screening and security training.

CH.11 INFORMATION SYSTEMS MANAGEMENT

There are many types of information management systems in the market that provide a wide range of benefits for companies. Strategic information management system, customer relation management systems and enterprise resource planning systems are some of them. The following are some of the benefits that can be attained for different types of information management systems. Advantages of information management systems (1) The company is able to highlight their strength and weaknesses due to the presence of revenue reports, employee performance records etc. The identification of these aspects can help the company to improve their business processes and operations. (2) The availability of the customer data and feedback can help the company to align their business processes according to the needs of the customers. The effective management of customer data can help the company to perform direct marketing and promotion activities. (3) Information is considered to be an important asset for any company in the modern competitive world. The consumer buying trends and behaviors can be predicted by the analysis of sales and revenue reports from each operating region of the company. Outsourcing is an allocation of specific business processes to a specialist external service provider. Most of the times an organization cannot handle all aspects of a business process internally. Additionally some processes are temporary and the organization does not intend to hire in-house professionals to perform the tasks. Once the task is assigned to the service provider, he will take the responsibility of carrying out the tasks and maintaining the organization’s assets. However prior to outsourcing any component of your business to a third-party vendor, it is essential to understand the advantages and disadvantages of outsourcing. Although outsourcing presents a variety of benefits to your organization, it could also pose difficulties if not outsourced to the right service provider. The key factors which have led to a growing trend of outsourcing are: Lack of expert-labor in some portions of the business process, availability of cheaper labor, whilst not comprising on the quality of output ability and feasibility to concentrate on the other crucial business process. These factors have specifically contributed to most of the outsourced partners originated from India. Expertise in communication capabilities, technical expertise and favorable financial packages are the most important advantages of outsourcing to India. Cloud computing refers to the on-demand provision of computational resources (data, software) via a computer network, rather than from a local computer. Users or clients can submit a task, such as word processing, to the service provider, without actually possessing the software or hardware. A cloud can be private or public. A public cloud sells services to anyone on the Internet. (Currently, Amazon Web Services is the largest public cloud provider.) A private cloud is a proprietary network or a data center that supplies hosted services to a limited number of people. When a service provider uses public cloud resources to create their private cloud, the result is called a virtual private cloud. Private or public, the goal of cloud computing is to provide easy, scalable access to computing resources and IT services.


Friday, May 20, 2011

CH.10 MANAGING DEVELOPMENT


 Systems development, or systems analysis and design is the process of creating and maintaining information systems. Information systems are never off the shelf. The single most important principle for information systems success is for users to take ownership of their systems. There are five major challenges to systems development, which are: difficulty of determining requirements, changes in requirements, difficulties involving scheduling and budgeting, changing technology, and diseconomies of scale. Diseconomies of scale includes Brooks’ Law, adding more people to a late project makes the project later.
The systems development life cycle (SDLC) is a conceptual model used in project management that describes the stages involved in an information system development project, from an initial feasibility study through maintenance of the completed application. Various SDLC methodologies have been developed to guide the processes involved, including the waterfall model (which was the original SDLC method); rapid application development (RAD); joint application development (JAD); the fountain model; the spiral model; build and fix; and synchronize-and-stabilize. Frequently, several models are combined into some sort of hybrid methodology. Documentation is crucial regardless of the type of model chosen or devised for any application, and is usually done in parallel with the development process. Some methods work better for specific types of projects, but in the final analysis, the most important factor for the success of a project may be how closely the particular plan was followed. In general, an SDLC methodology follows the following steps: 1. The existing system is evaluated. Deficiencies are identified. This can be done by interviewing users of the system and consulting with support personnel.  2. The new system requirements are defined. In particular, the deficiencies in the existing system must be addressed with specific proposals for improvement. 3. The proposed system is designed. Plans are laid out concerning the physical construction, hardware, operating systems, programming, communications, and security issues. 4. The new system is developed. The new components and programs must be obtained and installed. Users of the system must be trained in its use, and all aspects of performance must be tested. If necessary, adjustments must be made at this stage. 5. The system is put into use. This can be done in various ways. The new system can phased in, according to application or location, and the old system gradually replaced. In some cases, it may be more cost-effective to shut down the old system and implement the new system all at once. 6. Once the new system is up and running for a while, it should be exhaustively evaluated. Maintenance must be kept up rigorously at all times. Users of the system should be kept up-to-date concerning the latest modifications and procedures. The challenges of managing IS development projects happen from four different factors which are coordination, diseconomies of scale, configuration control and unexpected events.

CH. 9: BUSINESS INTELLIGENCE SYSTEMS

Business Intelligence is information containing patterns, relationships, and trends. What Business intelligence does, is that it provides technologies that provide historical, current and predictive views of business operations. Common functions are reporting, online analytical processing, data mining, process mining, and business performance. It aims to support better business decision making. In which a BI system can be called a decision support system. This analyzes mostly internal, structured data and business processes while competitive intelligence gathers, analyzes and disseminates information with a topical focus on company competitors. Reporting tools are programs that read data from a variety of sources, process that data, format it into structured reports, and deliver those reports to the users who need them. RFM Analysis is a technique readily implemented using reporting tools and used to analyze and rank customers according to their purchasing patterns. Online analytical processing is a part of the broader category of business intelligence, which also encompasses relational reporting and data mining. The typical applications of OLAP include business reporting for sales, marketing, management reporting, business process management, budgeting and forecasting. Market Basket Analysis is a modelling technique based upon the theory that if you buy a certain group of items, you are more or less likely to buy another group of items. For example, if you are at a Bar and you buy a pint of beer and don't buy a bar meal, you are more likely to buy chips at the same than somebody who didn't buy beer. The set of items a customer buys is referred to as an itemset, and market basket analysis seeks to find the relationships between purchases. The probability that a customer will buy beer without a bar meal is referred to as the support for the rule. The condiditonal probability that a customer will purchase crisps is referred to as the confidence. Knowledge management is the process of creating value from intellectual capital and sharing that knowledge with employees, managers, suppliers, customers, and others that need it. While reporting and data mining are used to create new information from data, knowledge-management systems concern sharing of knowledge that is known to exist. Santosus and Surmacz cite five primary benefits to KM: KM fosters innovation by encouraging the free flow of ideas; KM improves customer service by streamlining response time; KM boosts revenues by getting products and services to market faster; KM enhances employee retention rates by recognizing the value of employees’ knowledge and rewarding them for it; KM streamlines operations and reduces costs by eliminating redundant pr unnecessary processes.