BMGT301 Quiz 4 Security policies procedures and technical measures used to prevent unauthorized access alteration theft or physical damage to information Problems with IT system include o Hardware problems breakdowns configuration errors damage from o Software problems programming errors installation errors unauthorized improper use or crime changes o Disasters power failures flood fires o Use of networks and computers outside of a firm s control with domestic or offshore outsourcing vendors Malware software used or created by attackers to disrupt computer operation o Viruses Harmful software program that attaches itself to other software programs or data files in order to be executed o Worms Independent computer programs that copy themselves from one computer to other computers over a network o Spyware Small programs install themselves on computers to monitor user Web surfing activity and serve up advertising o Key loggers Record every keystroke on computer to steal serial numbers passwords launch Internet attacks Computer Crime o Denial of service attacks DoS flooding server with thousands of false o Distributed denial of service attacks DDoS Use of numerous computers requests to crash the network to launch a DoS o Identity theft theft of personal information to impersonate someone else o Phishing setting up fake Web sites or sending e mail messages that look like legitimate businesses to ask users for confidential personal data o Pharming redirects users to a bogus Web page even when individual types correct Web page address into his or her browser Internal threats security threats often originate inside an organization o Inside knowledge sloppy security procedures user lack of knowledge social engineering tricking employees into revealing their passwords by pretending to be legitimate members of the company in need of information Security Policy ranks information risks identifies acceptable security goals and identifies mechanisms for achieving these goals It drives other policies o Acceptable use policy AUP defines acceptable uses of firm s information resources and computing equipment o Authorization policies determines differing levels of user access to There are 3 key techniques to analyzing large databases and accessing data from o Data warehouse Data Mining and Tools for accessing internal databases information assets multiple systems through the Web Data warehouse stores current and historical data from many core operational transactions systems consolidates and standardizes information for use across enterprise but data cannot be altered System will provide query analysis and reporting tools Data Marts subset of a data warehouse it is a summarized or highly focused portion of firm s data for use by a specific population of users and it typically focuses on single subject or line of business Business Intelligence Tools for consolidating analyzing and providing access to vast amounts of data to help users make better business decisions Ex Harrah Entertainment analyzing customers through data mining and OLAP o OLAP Online analytical processing supports multidimensional data analysis Enables rapid online answers to ad hoc queries Data Mining more discovery driven than OLAP finds hidden patterns relationships in large databases and infers rules to predict future behavior Predictive analysis using data mining techniques historical data and assumptions about future conditions to predict outcomes of events Text mining extracts key elements from large unstructured data sets Data administration firm function responsible for specific policies and procedures to manage data Data governance policies and processes for managing availability usability integrity and security of enterprise data especially as it relates to government regulations Database administration defining organizing implementing maintaining database performed by database design and management group More than 25 of critical data in Fortune 1000 company databases are inaccurate or incomplete o Most problems stem from faulty input GIGO o Before new database is put in place you must identify and correct faulty data and establish better routines for editing data once the new database is in operation Data quality audit Structured survey of the accuracy and level of completeness of the data in an information system Data cleansing Software to detect and correct data that are incorrect incomplete improperly formatted or redundant o Enforces consistency Critical success factors for web based commerce o Add Value o Focus on Niche o Maintain Flexibility o Segment Geographically o Get the Technology Right o Manage Critical Perceptions o Understand the Internet Culture E commerce is different because of 6 unique features o Ubiquity global reach richness interactivity personalization and social technology Digital markets reduce information asymmetry search costs and transaction costs Digital markets enable dynamic pricing disintermediation and price discrimination Information asymmetry when the bargaining power of two parties in a transaction is determined by one party possessing more information Search costs the time and money spent locating a suitable product or service Transaction cost cost associated with completing a transaction Dynamic pricing Pricing of items based on real time interactions between buyers and sellers that determine what an item is worth at any particular moment Disintermediation the removal of business process layers Price discrimination Selling the same goods or nearly the same goods to different targeted groups at different prices o B2B business to business B2C business to consumer or C2C consumer Types of e commerce to consumer E commerce revenue models o Advertising google sales amazon subscription WSJ or Free Freemium linkedin Transaction fee Auction Reverse Auction like paypal Affiliate Model provides purchase opportunities wherever people may be surfing It does this by offering financial incentives in the form of a percentage of revenue to affiliated partner sites The affiliates provide purchase point click through to the merchant It is a pay for performance model if an affiliate does not generate sales it represents no cost to the merchant One of the main reasons for the relatively low electronic commerce adoption today is the lack of trust o System Dependent uncertainty associated with potential technological problems and the lack of clear legal norms To reduce this you must focus on the
View Full Document