Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
49 Cards in this Set
- Front
- Back
|
enterprise system
|
CLASS OF STD. SOFTWARE THAT PROMOTES INTEGRATED BUSINESS IMPERATIVES
info. integration imperative GOAL: real time business PROBLEM: legacy systems are fragmented and fragments but processes are CROSS-FUNCTIONAL CRITICAL SUCCESS FACTOR: info. avail. to anyone anytime anywhere provide info. and systems integration support all of firm's IT infrastructure CHARACTERISTICS: modular, integrated, software apps, span all org. functions, rely on one core database can be custom or off-shelf |
|
|
main characteristics of ESs
|
MODULAR: enables firm to decide which functions to include, allows for flexible design, you don't have to pay for parts that you do not use
APPLICATION INTEGRATION: events in one module trigger events in other modules DATA INTEGRATION: data stored in one central database CONFIGURABLE: firms can choose among predefined set of config. options during implementation; cam extend capabilities of std. app., tailors ES to needs of firm |
|
|
ES advantages
|
EFFICIENT: streamlines and controls legacy IT infrastructures
-- legacy systems: complex, hard to manage and support RESPONSIVENESS: ES can deliver improvements in firm's ability to respond to customers and mkt. demands KNOWLEDGE INFUSION: application embeds state of the art industry practices; ES can be used to update obsolete business processes |
|
|
ES limitations
|
STANDARDIZATION AND FLEXIBILITY: firms are encouraged to implement std. versions of the software; vanilla implemenation ensures that firm benefits from econ. of scale created by vendor; software is concrete; adaptable during implementation but hard to change once config.
SOFTWARE INCORPORATES INDUSTRY BEST PRACTICES: forces firm to adopt best practice std.; unclear how these practices are defined; implementing s/w does not mean best practices are followed by personnel; ES may not support firm's own best practices STRATEGIC CLASH: must choose business processes from the set supported by the software; firm may have unique, differentiating processes not supported by ES |
|
|
hype cycle
|
TECH. TRIGGER: when new tech. becomes available
PEAK OF INFLATED EXPECTATIONS: over-enthusiasm and unrealistic expectations fuel rapid adoption TROUGH OF DISILLUSIONMENT: failures of tech. become public SLOPE OF ENLIGHTENMENT: true benefits of tech. become apparent to organizations PLATEAU OF PRODUCTIVITY: benfits and risks of tech. become understood and accepted |
|
|
supply chain
|
set of coordinated entities that move a product from production to consumption
UPSTREAM (suppliers) vs. DOWNSTREAM (customers) |
|
|
modern supply chain mgt.
|
tight link between UPSTREAM (suppliers) and DOWNSTREAM (customers)
inter-org. systems increasingly supported by internet integration with ES increased attention to IT-ENABLED SUPPLY CHAIN MGT. |
|
|
supply chain mgt. trends
|
RADIO FREQ. ID (RFID) -- new frontier of SCM
- no line of sight reqs. - embedding potential - read/write capabilities - storage capacity - speed up receiving process - improve monitoring and control of inventories |
|
|
enterprise application integration -- BEST OF BREED
|
Re-architecting so that intermediate layer (MIDDLEWARE) acts as hub between software apps. and databses
streamlines maintenance and modifications to applications and databases -- changes in one program do not impact other programs -- only change is the interface to middleware |
|
|
data vs. info. vs. knowledge
|
DATA: codeified raw facts
INFO.: data in context KNOWLEDGE: blend of actionable info., built up over time, based on accum. experience and understanding |
|
|
categorizing knowledge -- what vs. how vs. why
|
WHAT: ability to collect, assimilate, and categorize info.
HOW: ability to recognize or create sequence of steps needed to complete a task WHY: understanding cause and effect relationships |
|
|
knowledge categories -- explicit vs. tacit
|
EXPLICIT: can be articulated, codeified, and transferred easily
TACIT: knowledge that is possessed but hard to articulate |
|
|
knowledge mgt.
|
set of activities and processes to:
- CREATE - CODIFY - DISSEMINATE KNOWLEDGE IN FIRM IT = KEY ENABLER ASPECTS OF KNOWLEDGE MGT: 1. CREATE 2. CAPTURE 3. STORE 4. DISSEMINATE |
|
|
creating knowledge
|
first stage in knowledge mgt.
- generate new info - find solutions for existing problems - identify new explanations for events |
|
|
capturing and storing knowledge
|
2nd and 3rd steps of knowledge mgt.
helps company: - codify new knowledge - maintain org. memory CONTENT MGT. SYSTEMS: used to capture and store knowledge; central location and search pt. for relevant knowledge |
|
|
content mgt. systems (CMS)
|
used to capture and store knowledge
knowledge repository: central location and search pt. for relevant knowledge |
|
|
disseminating knowledge
|
4th and final step in knowledge mgt.
when knowledge is formatted and acceptable dramatic improvements in effectiveness and efficiency can be acheived |
|
|
business intelligence
|
gather and make sense of data in a given area of interest
-- set of techniques, processes, technologies designed to enable mgt. to gain superior insight and understanding into the business and its environment and help make better decisions |
|
|
components of B.I.
|
DATA WAREHOUSE: data repos. from multi. sources that collects and stores data; large in size and scope; enables data integration; designed for analytics
DATA MART: scaled down version of data warehouse; focuses on need of once sped. audience; smaller in scope so easier to build ONLINE ANALYTICAL PROCESSING (OLAP): software that enables extracting and viewing of data from diff. perspectives; drill down, roll up; USER DRIVEN DATA MINING: automatically discovering non-obvious relationships in large databases; used to analyze historic info.; machine driven; PATTERN RECOGNITION: assoc, seq., classifications, forecasting |
|
|
customer relationship mgt. (CRM)
|
STRAT. INITIATIVE, NOT TECH.
set of iterative processes to turn data into managed customer relationships uses analysis to make predictions about CUSTOMER BEHAVIOR, CUSTOMER NEEDS creates value for firm by optimizing customer relationships |
|
|
CRM limiations
|
FIRM CENTRIC: limited to interactions w/ customer and firm
LIMITED PREDICTIVE ABILITY: some events unforeseeable and only the customer knows about their ocurrance |
|
|
customer managed interactions
|
CUSTOMER DATA STORED AND MANAGED BY CUSTOMER
eliminates limitations of CRM: - customer's personal data warehouse has complete historical info. - future events are more likely to be known - more precise inferences INFOMEDIARIES may maintain customers data warehouses NOT ONLY ABOUT LOWEST PRICES: transaction based on quality of recommendation and best fit CMI TECH.: internet provides infrastructure for data transfer, lower costs of data make personal warehouses a feasible alternative |
|
|
closed source
|
prop. software controlled by software warehouse
prevents users from modifying and accessing source code -- ex: Windows |
|
|
open source license characteristics
|
FREE dist.
AVAIL. source code DERIVED WORKS: modify software and and dist. under same license as original; no discrimination NEUTRAL TECH.: license free from ties to Co.'s |
|
|
open source models
|
SPONSORED OPEN SOURCE: foundations provide support and and coordination to open source efforts
OPEN SOURCE SERVICE: free licensing of software, but charges for installation, support, training, and other services PRO. OPEN SOURCE: software house has tight control over software programs that the sell |
|
|
open sources advantages
|
ROBUSTNESS: more reliable than prop. apps.
CREATIVITY: harnesses creativity of thousands of developers LIMITED LOCK-IN: lower switching costs than with a prop. source FREE LICENSE: open sources can usually be licensed for free |
|
|
open source disadvantages
|
UNPREDICTABLE COSTS: risk of too many costs along the way (TCO)
SUPPORT VARIES SECURITY: easier to break into security since code is avail.; more vulnerabilities may be; however may be able to be better corrected since code is open COMPATIBILY: no gaurantee that it will work with other software |
|
|
software as a service (SaaS)
|
FUNCTIONALITY: focuses on service being provided -- NOT ON SALE OF PHYS. PRODUCT
APPLICATION SERVICE PROVISION (ASP): provider hosts and manages a std. app. (Ex. Word), clients access app. over network -- ex.-- internet |
|
|
reasons to safegaurd data
|
most to least:
- build customer loyalty and trust - comply with law - avoid bad media coverage - differentiate firm from comp. |
|
|
IT risk mgt
|
identifying and measuring info. systems against security risks
|
|
|
security
|
defenses put into place to mitigate threats to tech. infrastructure and data
|
|
|
security as an IT problem
|
NEGATIVE DELIVERABLE: produces no efficiency of rev; reduces likelihood of negative event
HARD TO FUND: limited IT budgets; IT dept. should not have to fund the whole thing TRADEOFF: more security vs. higher risk SHOULD BE MGT. PRIORITY, NOT IT PROBLEM |
|
|
risk assessment
|
audit of current resources
map of current state of security in company RISK ANALYSIS: quantifying risks found in audit |
|
|
risk mitigation
|
matching approp. response to defined security threats
manage trade-off between desired security and cost of achieving it |
|
|
risk mitigation strategies
|
ACCEPTANCE: consciously not taking measures to reduce risk; knowingly risking security breach
REDUCTION: actively investigating safeguards; paying for protection TRANSFERENCE: passing risks assoc. w/ security to a 3rd party -- paying someone else to assume risks |
|
|
internal threats
|
INTENTIONAL MALICIOUS BEHAVIOR: assoc. w/ disgruntled employees; (ex: sharing data with comp.)
CARELESS BEHAVIOR: ignorance or disinterest in security issues (ex: post it on monitor w/ passwords) |
|
|
external threats
|
INTRUSION: attacker gains assets to IT resources
SOCIAL ENGINEERING: lying and deceiving legitimate users; tricking them into giving away info. PUSHING: sending official sounding spam that asks for private data SECURITY WEAKNESS: exploiting weaknesses in software of organization (ex: bugs enabling unauth. access) BACKDOORS: codes to circumnavigate password protection MALICIOUS CODE: designed to cause damage to IT assets VIRUSES: malicious code that spreads by attaching itself to programs -- PAYLOAD: harmful set of actions after machine is infected DENIAL OF SERVICE ATTACK: carried out over comp. network; overwhelms online service and forces it shut down; can be used to divert attention so intruder can create a backdoor to be used later |
|
|
types of malicious code
|
TROJAN HORSE: program that provides funcationality but delivers malicious payload after installation
WORM: self-replicating; exploits security holes in network software; does not deliver payload; generates traffic to slow down or strop network SPYWARE: hidden software that monitors behavior, collects info., transfers info. to 3rd party, performs unwanted operations -- diverts resources and slows down comp. |
|
|
reponse to INTERNAL security threats
|
SECURITY POLICIES: individ. behaviors that minimize security risk; password stds, user rights and resp, legitmate users of portable devices, etc.
PERIODIC POLICY AUDITS TO ENSURE COMPLIANCE |
|
|
reponses to EXTERNAL threats
|
INTRUSION:
- use of passwords - firewalls to screen and manage traffic in and out of network - encryption: scrambles process so that it renders unreadable - intrusion detection software MALICIOUS CODE/MALWARE: - detection software - training and policies DENIAL OF SERVICE ATTACKS: - prevention - attacks coordinated from multi. machines that have been taken over |
|
|
overall security guidlines
|
HAVE PLAN AND SPEC. RESPONSIBILITIES: first reaction measures and show should be contacted in emergency
REVISIT OFTEN: asses new tech. DEVELOP SECURITY BREACH MITIGATION PLAN: keep system in order so you can diagnose causes, determine how attack took place, assess damage DON'T WAIT FOR CRISIS TO DEVELOP POLICY |
|
|
privacy
|
ability to determine terms and conditions under which personal info. is collected, managed, and used
private info. can be traced back to person privacy subsumes security |
|
|
function creep
|
data collected for a certain purpose is actually used for another
|
|
|
proliferating data sources - privacy
|
new tech. advances can generate more data than ever before
proliferation creates opportunities but also many risks |
|
|
data mgt. risks - privacy
|
tech. evolution is outpacing legal development
internet is destroying typical geographic boundaries |
|
|
privacy mgt...
|
NOT IT's JOB
|
|
|
fair info. practice principles -- managing privacy
|
NOTICE: right to be informed when personal data is being collected and how this data will be used
CHOICE: right to be informed of function creep and be able to object to info. being shared ACCESS: right to access personal info. and correct any errors SECURITY: firm is repsonsible for safekeeping data and preventing unauthorized access ENFORCEMENT: firms that collect data need to come up with enforcible guidelines to make sure above guidelines are upheld |
|
|
ethics
|
focus on moral duty and obligation
MORALITY: right and wrong, good and evil ETHICAL CHOICES: rarely straightforward; usually involve suboptimal alts. |
|
|
enabling IS ethics
|
develop a culture of ethical decision making
est. info. systems ethical code of conduct apply "minimize harm principle" |
