Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
203 Cards in this Set
- Front
- Back
|
The primary purpose of a POS system us ub the technological area oa:
|
Transaction processing
|
|
|
One technique to share computing resources on a network efficiently is known as:
|
Load balancing
|
|
|
The ability of a computer system to configure itself to changing conditions or self-heal
|
Autonomic computing
|
|
|
Source code that is available to the public is known as
|
Open source
|
|
|
On the web, this tehcnology is designed to process document requets and is a repository for content and data
|
Web server
|
|
|
The general manager for a retail clothing outlet recently was cited as saying "IT is the cornerstone of our company. All of our decisions are based on the sophisticated systems that we have deployed throughout our organization. IT drives our decisions." What position should the manager hold regarding IT and its influence on decision making?
|
Business strategy should drive IS decision making
|
|
|
What does CRM stand for?
|
Customer relationship management
|
|
|
What is the backbone (main) system for any organizationthat is in the business of selling physical space?
|
PMS
|
|
|
Why is it important for business and functional managers tocollaborate and form partnerhsips with IT professionals?
|
Managers muse make sound decisions about IS with the aid of IT experts
|
|
|
Grid comupting is a form of what type of computing?
|
Distributed computing
|
|
|
What are the steps of the problem solving process?
|
Feedback, problem identification, solution design, implementation, soultion evaluation and c
|
|
|
This is like the plans for a building-- unchangeable in some area, but subject to interpretation in others
|
IS architecture
|
|
|
This infrastructure employs a large central computer that could handle all of the functionality of an information system
|
Mainframe
|
|
|
This consists of physical componenets, chosen and assembled in a manner that bests suits the plan
|
IS Infrastructure
|
|
|
AlphaBeta Enterprises recently acquired another company that has a very weak IT architecture. In order to bring the architecture up to corporate standards, AlphaBeta should consider a complete overhaul of the acquired company starting with what step?
|
Defining the strategic goals
|
|
|
Marketing has repeatedly asked the IT department about the possibility of aligningthe new marketing plan with the company's website. They would like the new web site to be able to support more active content and permit customers to query an online catalog. You let them known that this is currently being considered and seeing if this new business strategy can be translated into a viable plan of action. This would be part of which ONE of the following? IT Architecture---IT Infrastructure---System Upgrades---Server Systems---Marketing business changes
|
IT architecture
|
|
|
A web mashup can…
|
Combine two or more online applications to create a new application or service
|
|
|
Web 1.0 was an environment that was …
|
static and a read-only environment
|
|
|
Which of the following is a type of enterprise storage system that is an architecture for building dedicated networks that allow rapid and reliable access to storage devices by multiple servers? Redundant array of independent disks---Storage area networks---Network-attached storage---Secondary storage---Primary storage
|
Storage area network
|
|
|
"Trusting users as co-developers" is a characteristic of which web generation?
|
Web 2.0
|
|
|
True/False: An optical storage device is a form of secondary storage decide on which data are recorded by laser and read by laser in a computer's disk drive.
|
TRUE
|
|
|
True/False: The information systems strategy triangle is primarily concerned with mapping IS strategy with organizational strategy.
|
FALSE
|
|
|
True/False: In the Royal Hotel case study, the problems with the new IS system included the IT, the business process, the people, and the organizational structure.
|
TRUE
|
|
|
True/False: The social context should be considered when designing IS
|
TRUE
|
|
|
True/False: IT is becoming accessible to more and more people
|
TRUE
|
|
|
True/False: General managers are never end users
|
FALSE
|
|
|
True/False: DVD disks have higher storage capacities than CD-ROMS
|
TRUE
|
|
|
True/False: Information strategy is the same as an IS Goal
|
FALSE
|
|
|
True/False: A company's infrastructure is always determined before its architecture
|
FALSE
|
|
|
True/False: Data is NOT one of the basic components to be considered when developing a framework for transforming business strategy into architecture and then into infrastructure.
|
FALSE
|
|
|
Code written by a programmer in a high-level language and readable by people but not computers
|
Source code
|
|
|
The term used to describe information that might help to address the current state or make future projections
|
business intellignce
|
|
|
The functional system that keeps track of the credit transactions with clients or guests is known as
|
accounting
|
|
|
What term is used to describe how well an infrastructure component can adapt to increased, or in some cases decreased, demands?
|
scalability
|
|
|
Software that integrates work on a single project by several users on separate computers simultaneously is known as
|
Groupware
|
|
|
Business strategy
|
Long term goal
|
|
|
Organizational Strategy
|
Plan for implementing actionaable goals
|
|
|
Company mission
|
A company's purpose
|
|
|
IS Goal
|
Specific actionable goal for the use of a technology
|
|
|
Knowledge
|
Information with a human interpretation
|
|
|
True/False: The rapid proliferation of easy-to-use computing devices has resulted in less digitization-- the process by which content and processes become expressed and performed in digital form.
|
FALSE
|
|
|
True/False: The CIO must have a broad understanding of how the company is positioned toexecute its strategy
|
TRUE
|
|
|
True/False: The external environment is one of the four fundamental componenets of IS
|
FALSE
|
|
|
Which one of the following is NOT part of the IT infrastructure components? Hardware---Software---Networking---Personnel---Data
|
Personnel
|
|
|
Which of the following is NOT a business objective of an information system? Operational excellence---Course Correction---Competitive advantage---Improved decision making---Survival
|
Course Correction
|
|
|
A functional manager is always a…
|
Knowledge worker in charge of an area or team
|
|
|
The Information System Strategy Triangle consists of three strategies. Which strategy focuses on where the organization seeks to go and how it expects to get there? Business process---Technology Strategy---Organization strategy---Information strategy---Business Strategy
|
Business strategy
|
|
|
The interdependence of the different componenets of a system where the change in one component affects all other componenets is known as.
|
Systemic effects
|
|
|
When talking about information systems and organizational change, the type of change that occurs when people, technology, and business processes are involved is known as
|
Informate
|
|
|
When talking about information systems and organizational change, the type of change that occurs when the culture and practices within the organization are involved is known as
|
Transform
|
|
|
In the STM, which form of the Social Context directly influences an information system?
|
Immediate
|
|
|
What are the four steps in developing an IS solution?
|
Define and understand the problem---Develop alternative solutions---Choose the best solution---Implement the solution
|
|
|
Which steps of the IS solution development process are part of the system analysis?
|
Define and understand the problem
|
|
|
What is part of "defining and understanding the problem" in the IS solution development process?
|
Define the problem, identify causes, identify solution objecties, odentify information requirements.
|
|
|
What is part of "choose the best solution" in the IS solution development process?
|
Evaluate the alternatives, choose the best solution
|
|
|
What is part of the "implement the solution" in the IS solution development process?
|
Create detailed design specifics, acquire hardware, develop/acquire software, test and convert the system, prepare training procedures and documents, evaluate the system solution
|
|
|
Financial issues of a new system?
|
Tangible benefits, intangible benefits, capital budgesting methods
|
|
|
Non-financial issues of a new system?
|
Strategic advantages, information systems plan, portfolio analysis, scoring model
|
|
|
What is a information systems plan?
|
"A roadmap indicating the direction of systems development – the rationale, the current situation, the management strategy, the implementation plan and the budget.
|
|
|
What is a portfolio analysis?
|
The portfolio of potential applications within a firm to determine the risks and benefits and to select among alternatives for information systems.
|
|
|
What is scoring model?
|
A quick method for deciding among alternative systems based on a system of ratings for selected objectives.
|
|
|
Why should companies examine their portfolio of projects in terms of potential benefits and likely risks. Why?
|
Certain kinds of projects should be avoided altogether and others developed rapidly. There is no ideal mix. Companies in different industries have different information systems needs.
|
|
|
What are the new system challenges?
|
User interface design, costs to implement or run, user involvement and influence, management support and commitment, level of complexity and risk, and quality of project management.
|
|
|
How can you manage change successfully?
|
Outsourcing and external consultants, formal planning and control tools, user education and training, ergonomics, organizational impact analysis
|
|
|
What is the "Waterfall Approach" to the System Development Life Cycle?
|
The SDLC partitions development into formal stages, with each stage requiring completion before the next stage can begin.
|
|
|
What are the steps to the traditional SDLC approach?
|
Planning---System Analysis---System Design---Testing---Conversion---Production and Maintenance
|
|
|
What are the traditional SDLC characteristics?
|
Oldest method for building IS's, phased approach with formal stages, Waterfall Approach, Formal division of labor, used for building larger complex systems, time consuming and expensive to use
|
|
|
What are the steps to prototyping?
|
Identify basic requirements--Develop working prototype--Use the prototype--User satisfied? If yes, operational prototype. If no, revise prototype, then repeat.
|
|
|
What are the characteristics of prototyping?
|
Preliminary model built rapidly and inexpensive, especially useful in designing a user interface
|
|
|
What are advantages to prototyping?
|
Helps clarify user requirements--Verify feasibility of deisng-- Close relationship between user and developer-- May produce part of final system
|
|
|
What are the disadvantages to prototyping?
|
Many encourage inadequate problem analysis-- Not practical with a large # of users-- Users may not give up prototype-- System is built quickly which may be of lower quality
|
|
|
What is the end-user development process?
|
Staff --> IS Management --> Systems analyst --> Programmer
|
|
|
What are characteristics of the end-user development process?
|
End users create simply IS's with little or no assistance from technical specialists-- Use fourth generation languages, graphics languages, and PC software tools to access data, create reports, and develop information systems-- Completed more rapidly than systems developed with conventional tools-- Organization risks
|
|
|
What are the advantages to end-user development?
|
Bypass IS department-- User controls the application; can change when needed-- Directly meets user requirements-- Can increase user acceptance of system-- Frees up IT resources
|
|
|
What are the disadvantages to end-user development?
|
May require eventual IS maintenance-- documentation may be inadequate-- poor quality control-- system may not have adequate interfaces to existing systems
|
|
|
What is iterative development?
|
developing systems based on producing deliverables often. Each deliverable is a subset of what will become the final system.
|
|
|
What is rapid application development?
|
a type of software development methodology that uses minimal planning in favor of rapid prototyping-- creates workable systems in a short period of time-- advantages include agility and scalability
|
|
|
What is joint application design?
|
End users and information systems specialists work together on the design-- small groups meet to determing system objectives and the business processes to be supported?
|
|
|
Which SLDC are comminly user in web development and e-business development?
|
RAD and JAD
|
|
|
What are the advantages to RAD?
|
Can speed up system development-- Users intensively involved at the start-- Improves process for addressing legacy systems
|
|
|
What is the disadvantage to RAD?
|
Produces functional componenets of final systems, but NOT final systems
|
|
|
What are the advantages to JAD?
|
Involves many users-- Can save time-- Greater user support-- Improved quality-- potential lower cost in training
|
|
|
What are the disadvantages to JAD?
|
Difficult to get all users to attend meetings-- Has all problems associated with any group meeting
|
|
|
What are the structured methodologies to modeling and designing systems?
|
Data flow diagrams-- Process specifications-- Structure chart
|
|
|
What is the object-oriented development to modeling and designing systems?
|
Based on concepts of class and inheritance-- Component-based development and Web services
|
|
|
What is Computer-aided software engineering? (CASE)
|
|
|
|
What does RFP stand for?
|
Request for Proposal
|
|
|
What are application software packages?
|
Generalized systems for universal functions with standard processes
|
|
|
What is outsourcing?
|
ASPs (application software packages), offshore
|
|
|
What are the software tools to aid in technical issues?
|
Computer-aided software engineering (CASE) suite tools-- Software development library-- Automated audit trail-- Software metrics
|
|
|
What are the organizational and socio-economic influences?
|
Balance goals of stakeholders and sustain commitment
|
|
|
Who are the stakeholders?
|
Project manager, customer, end-user, sponsor
|
|
|
What do you need to sustain commitment to?
|
The project, psychological (personal responsibility, biases), social (rivalry, norms for consistency), organizational (political support, culture)
|
|
|
What are the four dimentions of success?
|
Resource constraints-- Impact on customers-- Business success-- Prepare for the future
|
|
|
What does "resource constraints" question?
|
Does the project meet the time and budget criteria?
|
|
|
What does "impact on customers" question?
|
How much benefit does the customer receive from the project?
|
|
|
What does "business success" question?
|
How high and long are the profits produced by the project?
|
|
|
What does "prepare for the future" question?
|
Has the project altered the infrastructure of the organization so future business success and customer impact are more likely?
|
|
|
What is TQM?
|
A philosophy and set of guiding concepts that provides a comprehensive means of improving total organization performance and quality by examining each process through which work is done in a systematic, integrated, consistent, organization-wide manner. -------- Improve total organization performance
|
|
|
What is Six Sigma?
|
A set of practices originally developed by Motorola to systematically improve processes by eliminating defects. A defect is defined as nonconformity of a product or service to its specifications.-------- Elimination of product defects---- Ability to produce output within specifications
|
|
|
What is 3.4 DPMO in Six Sigma?
|
A process is a process that produces 3.4 defective parts per million opportunities (DPMO). This is based on the fact that a process that is normally distributed will have 3.4 parts per million beyond a point that is 4.5 standard deviations above or below the mean (one-sided capability study).[10] So the 3.4 DPMO of a six sigma process in fact corresponds to 4.5 sigma, namely 6 sigma minus the 1.5-sigma shift introduced to account for long-term variation.[10]
|
|
|
What is quality for the producer?
|
conformance to specifications and absence of variation from specs
|
|
|
What is quality for the consumer?
|
Physical quality, quality of service, psychological quality
|
|
|
How do information systems improve quality?
|
Simplify the product and the production process-- Benchmarking-- Use customer demand to improve products and services-- Reduce cycle time-- Improve design quality and precision-- Improve production precision/tighten tolerances
|
|
|
What is involved in business process re-enginneering?
|
Tasks are streamlines to eliminate repetitive and redundant work-- Workflow management facilitates streamlining tasks
|
|
|
What does BPR stand for?
|
Business Process Reengineering
|
|
|
What characteristics of BPR?
|
Used yo make a rapid, breakthrough impact on key metrics-- attains aggressive improvement goals-- greater resistance by personnel-- use only when radical change is needed
|
|
|
What are the steps to radical redesign?
|
Begin with a vision of which performance metrics best reflect the success of overall business strategy-- Make changes to the existing process-- Measure the results using the predetermined metrics
|
|
|
What is a workflow diagram?
|
Tool used to understand a business process
|
|
|
What are risks of radical redesign?
|
Difficult to manage the process (manager needs a strong set of skills)-- insuring acceptance of the new process-- transformation champion needed-- clear and well thought out plan-- risk of failure of the new process
|
|
|
What are the steps in effective reengineering?
|
Understanding what business processes need improvement-- Understanding how the improvements will help the firm execute its strategy-- Understand the measuring performance of existing processes-- Managing change
|
|
|
What is the difference between BPR and TQM?
|
BPR is a radical change while TQM is an incremental change.
|
|
|
What are types of competitve advantages?
|
Barriers to entry that restrict supply-- Demand control-- Economies of scale-- Process efficiency
|
|
|
What is included in Porter's competitive forces model?
|
Traditional competitors-- New market entrants-- Substitute products and services-- Customers-- Suppliers
|
|
|
What is Porter's competitive forces model?
|
the strategic position of the firm and its strategies are determined not only by competition with its traditional direct competitors but also by four forces in the industry’s environment: new market entrants, substitute products, customers, and suppliers.
|
|
|
How can you deal with competitive forces?
|
Low-cost leadership-- Product differentiation-- Focus on market niche-- Strengthen customer and supplier intimacy (CRM)
|
|
|
What is the internet's impact on Competitive Advantages?
|
Transforms industries-- Enables new products and services-- Increases bargaining power of customers and suppliers-- Intensifies competitive rivalry-- Creates new opportunities for building brands and large customer bases
|
|
|
What are global business and system strategies?
|
Scale economies and resource cost reduction-- Higher utilization rates, fixed capital costs, and lower cost per unit of production-- Speeding costs to market-- Transnational business organizations.
|
|
|
What is a computer crime?
|
Any violation of criminal law that invovles knowldege of computer technology for perpetration, investigation, or prosecutiong.
|
|
|
What is considered identity theft?
|
Phishing, evil twins, pharming, computer abuse (spamming)
|
|
|
Worldwide damage from digital attacks is increasing…
|
Exponentially.
|
|
|
What is phishing?
|
a way of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.
|
|
|
What are currnt problems that lead to phishing?
|
Large number of vulnerable users of inline financial services, ease of creating bogus web sites
|
|
|
What are solutions to phishing?
|
Install anti-phishing software and services and a multilevel authentication system to identify threats and reduce phishing attempts-- Deply new tools, technologies, and security procedures, along with educating customers
|
|
|
What is system vulnerability?
|
A unprotected computer connected to the internet that can be disabled in a few seconds.
|
|
|
What is system security?
|
Measures used to prevent unauthorized access, alteration, theft, or physical damage to information systems
|
|
|
What are system controls?
|
Procedures that ensure the safety of the organization's assets; the accuracy and reliability of its accounting records; and operational adherence to management standards
|
|
|
Why are systems vulnerable?
|
Hardware problems: breakdowns, configuratin errors, damage from improper use or crime-- Software problems: programming erros, installation erros, unauthorized changes-- Disasters: power failures, flood, fires-- Internet vulnerabilities-- Wireless security challenges
|
|
|
What are security challenges/vulnerabilities in the client area?
|
Unauthorized access and erros
|
|
|
What are security challenges/vulnerabilities in the communication lines?
|
Tapping, sniffing, message alteration, theft and fraud, radiation
|
|
|
What are security challenges/vulnerabilities for corporate servers?
|
Hacking, viruses and worms, theft and fraud, vandalism, denial of service attacks
|
|
|
What are security challenges/vulnerabilities in corporate systems?
|
Theft of data, copying data, alteration of data, hardware failure, software failure
|
|
|
What is a virus?
|
designed to replicate inself by copying itself into other programs
|
|
|
What is a worm?
|
type of virus; replicates itself until it fills all of the storage space
|
|
|
What is a trojan horse?
|
type of virus; appears to be legitimate but is designed to have destructive effects
|
|
|
What is spyware?
|
sends informaton about Web surfing habits
|
|
|
What is key logger?
|
runs invisibly in the background, recording all the user's keystrokes
|
|
|
What is a rootkit?
|
set of programs that subvert controls of the OS. Can conceal processes, files, or system data from the OS.
|
|
|
What is a hacker?
|
uses programming skills to gain illegal access to computer networks or files
|
|
|
what is a cracker?
|
uses low-level hacker skills
|
|
|
What is cyber vandalism?
|
theft of data and/or attacks on networked servers
|
|
|
What is spoofing?
|
Type of cyber vandalism; faking the sending address of a transmissions
|
|
|
What is sniffing?
|
intercepting and logging traffic passing over a digital network
|
|
|
What is a Denial-of-Service (DoS) attack?
|
assault on a network causing slow down of stopping of normal communication
|
|
|
What is a Distributed Denial-of-Service (DDoS) attack?
|
use of multiple computers for a DoS attack
|
|
|
What is a botnet (zombie army)?
|
A large number of compromised computers use to flood a network with messages from a DoS attack
|
|
|
What are employee vulnerabilities?
|
Security threats often originate inside an organization, social engineering
|
|
|
What are software vulnerabilities?
|
Commercial software contain flaws that create security vulnerabilities, patches
|
|
|
What value does businesses see in security and control?
|
Failed computer systems can lead to significant or total loss of business functions-- Firms are now more vulnerable than they have ever been-- A security breach can cut into a firm's market value almost immediately-- Inadequate security and controls also bring forth issues of liability
|
|
|
What are ERMs? (Electronic records management?
|
Policies, procedures, and tool for managing the retention, destruction, and storage of electronic records.
|
|
|
What are examples of ERMs?
|
HIPAA, Gramm-Leach-Bliley Act, Sarbanes-Oxley Act
|
|
|
What is HIPAA?
|
governs the privacy and security of health information records
|
|
|
What is the Gramm-Leach-Bliley act?
|
Financial institutions must provide consumer with a privacy notice
|
|
|
What is the Sarbanes-Oxley Act?
|
Protects investors from the possibility of fraudulent accounting activities by corporations
|
|
|
What are computer forensics?
|
Scientifi collection, examination, authentication, preservaton, and analysis of data from computer storage media for use as evidence in a court of law.
|
|
|
What is ambient data?
|
data stored in non-traditional computer storage areas and formats
|
|
|
What is ISO/IEC 27002?
|
It provides best practice recommendations on information secutiry management
|
|
|
What is Risk assessment?
|
report that shows assets, vulnerabilities, likelihood of damage, estimates of the costs of recovery, summaries of possible defensive measures and their costs and estimate probable savings from better protection
|
|
|
What are different security policies?
|
Chief security officer, acceptable use policy, authorization policies, authorization management systems
|
|
|
How can you ensure business continuity?
|
Fault-tolerant computer systems, high-availability computing, recovery-oriented computing, disaster recovery planning, business continutity planning, security outsourcing (managed security service providers)
|
|
|
What are the roles of MIS Auditing?
|
Identifies the controls that govern information systems and assesses their effectiveness, auditor conducts interviews with key individual, examines security, application controls, overall integrity controls, and control disciplines
|
|
|
What are examples of Access Control?
|
Authentication, access token, smart cards, biometric authentication
|
|
|
What is a firewall?
|
A combination of hardware and software that prevents unauthorized users from accessing private networks
|
|
|
What is an intrusion detection system?
|
They monitor hot spots on coporate networks to detect and deter intruders
|
|
|
What are antivirus and antispyware?
|
Check computers for the presence of malware
|
|
|
How can you secure wireless networks?
|
WEP Secutiry can be improved by using it with virtual private network (VPN) technology-- Wi-Fi Alliance/Wi-Fi Protected Access (WPA) specifications-- Extensible Authentication Protocol (EAP), Protection from rogue networks
|
|
|
What is encryption?
|
Transforming text or data into cipher text that cannot be read by unintended recipients.
|
|
|
What does SSL stand for?
|
Secure Sockets Layer
|
|
|
What does S-HTTP stand for?
|
Secure Hypertext Transfer Protocol
|
|
|
What does TLS stand for?
|
Transport Layer Security
|
|
|
What does PKI stand for?
|
Public key infrastructure
|
|
|
How do cookies identify web visitors?
|
Cookies are written by a Web site on a visitor’s hard drive. When the visitor returns to that Web site, the Web server requests the ID number from the cookie and uses it to access the data stored by that server on that visitor. The Web site can then use these data to display personalized information.
|
|
|
What are the five moral dimensions of the information age?
|
Information rights and obligations, property rights and obligations, accountability and control, system quality, quality of life
|
|
|
How does the introduction of new information technology affect the business?
|
The introduction of new information technology has a ripple effect, raising new ethical, social, and political issues that must be dealt with on the individual, social, and political levels. These issues have five moral dimensions: information rights and obligations, property rights and obligations, system quality, quality of life, and accountability and control.
|
|
|
How can you summarize the moral dimensions of information systems?
|
"Accountability, libaility, and control: Who is liable for injuries that result from machines controlled by software?
|
|
|
What are the different dimensions to the quality of life?
|
Balancing power: center versus perophery; Rapidity of change: reduced responses time to competition; maintaining boundaries; family, work, and leisure; Dependence and vulnerability; Computer crime and abuse; Employment: trickle-down technology and reengineerining job loss; Equity and access: increasing racial and social class cleavages; Health risks: RSI, CVS, and techno-stress
|
|
|
What are key technology trends that raise ethical issues?
|
Doubling of computer power; rapidly declining data storage costs; networking advances and the internet; advances in data analysis through profiling and NORA
|
|
|
What is profiling?
|
The use of computers to combine data from multiple sources and create electronic dossiers of detailed information on individuals
|
|
|
What is NORA?
|
Non-Obvious Relationship Awareness: technology (algorithms) that can find obscure hidden connections between people or other entities by analyzing information from manu different cources to correlate relationships
|
|
|
Basic concepts of ethics in an information society
|
Responsibility; accountability, and liability
|
|
|
Ethical analysis:
|
Candidate ethical principles; professional codes of conducts, some real-world ethical dilemmas
|
|
|
What are the normative theories of business ethics?
|
Stockholder: max stockholder wealth; Stakeholder: max benefits to all while weighing costs; Social contract: create value for society that is just and nondiscriminatory
|
|
|
What is stockholder theory?
|
Stockholders advance capital to corporate managers who act as agents in advancing their ends. Managers are bound to the interests of the shareholders.
|
|
|
What are the manager's duties in stockholder theory?
|
Bound to emply legal, non-fraudulent means; Must take long view of shareholder interest
|
|
|
What is stakeholder theory?
|
Managers are entrusted with a fiduciary responsibility-- they must enact and follow policies that balance the rights of all stakeholders.
|
|
|
What are stakeholders?
|
Any group that vitally affects the corporation's survival and success and any group whose interests are affected by the corporation.
|
|
|
What is social contract theory?
|
Consider the needs of a society with no corporations or other complex business arragements. Corporations are expected to create more value to social than it consumes.
|
|
|
Social welfare:
|
Part of social contract theory: corporations must produce greater benefits than their associated costs.
|
|
|
Justice:
|
Part of social contract theory: corporations must pursure profits legally, without fraud or deception, and avoid actions that harm society.
|
|
|
What are Mason's areas of managerial concern?
|
Privacy, accuracy, property, accessibilty.
|
|
|
What are the different information rights?
|
Privacy protection, fair information practices, COPPA, Gramm-Leach-Bliley, HIPAA, The European Directive on Data Protection
|
|
|
COPPA:
|
Children's online privacy protection act: is a U.S. federal law designed to limit the collection and use of personal information about children by the operators of Internet services and Web sites. Passed by the U.S. Congress in 1998, the law took effect in April 2000.
|
|
|
Privacy
|
Those who possess the "best" information and know how to use it "win", and keeping that information safe and secure is a high priority. Regulations in place regarding the authorized collection, disclosure and use of personal information: Safe Harbor framework of 2000, PCI DSS (Payment card industry data security standard)
|
|
|
What are the seven international safe harbor privacy principles?
|
Notice; Choice; Onward Transfer; Security; Data integrity; Access; Enforcement
|
|
|
What is the international safe harbor privacy principles?
|
US-EU Safe Harbor is a streamlined process for US companies to comply with the EU Directive 95/46/EC on the protection of personal data.
|
|
|
What are the PCI DSS princicples?
|
12 requirements for compliance, organized into six logically related groups, which are called "control objectives.“
|
|
|
What is the history to the PCI DSS?
|
PCI DSS originally began as five different programs: Visa Card Information Security Program, MasterCard Site Data Protection, American Express Data Security Operating Policy, Discover Information and Compliance, and the JCB Data Security Program.
|
|
|
What are six logically related groups associated with the PCI DSS principles?
|
1. Build and maintain a secure network. -- 2. Protect cardholder data. -- 3. Maintain a vulnterability management program. -- 4. Implement strong access control measures. -- 5. Regularly monitor and test networks. -- 6. Maintain and information security policy.
|
|
|
What is accuracy?
|
Managers must establish controls to ensure that information is accurate. Data entry errors must be controlled and managed carefully and kept up to date. Keeping data as long as it is necessary or legally mandated is a challenge.
|
|
|
What is property?
|
Mass quantities of data are now stored on clients. Who owns this data and has rights to it? Who owns the images that are posted in cyberspace? Managers must understand the legal rights and duties accorded to proper ownership.
|
|
|
What is accessibility?
|
Access toinformation systesm and the data they hold is paramount. Users must be able to access this data from any location. One major issue is how to create and maintain access to information for society at large-- this access needs to be controlled to those who have a right to see and use it and adequate security measures must be in place on their partners end.
|
|
|
Property rights: Intellectual property:
|
Trade secrets, copyrights, patents. Challenges to intellectual property rights: file sharing services, DMCA
|
|
|
What is DMCA?
|
"Digital millennium copyright act: A U.S. law enacted in late 1998 that provides penalties for developing hardware or software that overrides copy protection schemes for digital media. The DMCA is considered a very controversial law by many who see it as an infringement to freedom.
|
