• Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off
Reading...
Front

Card Range To Study

through

image

Play button

image

Play button

image

Progress

1/267

Click to flip

Use LEFT and RIGHT arrow keys to navigate between flashcards;

Use UP and DOWN arrow keys to flip the card;

H to show hint;

A reads text to speech;

267 Cards in this Set

  • Front
  • Back
Information Technology
any computer based tool that people use to work with info and support the info and information processing needs of an organization
Categories of IT:

A)
B)
A) Hardware: consists of the physical devices associated with a computer system.

B) Software- The set of instructions that the hardware executes to carry out specific tasks
Central Processing Unit (CPU)
The actual hardware that interprets and executes the program instructions and coordinates how all the other hardware devices work together.
Control Unit
Part of CPU and its literally tells the other hardware devices what to do
Arithmetic-logic Unit
Performs all arithmetic operations and all logic operatoins
Megahertz (MHZ)
the number of millions of CPU cycles per seconds
Gigahertz (GHZ)
the number of billions of CPU cycles per second.
Complex Instruction Set Computer (CISC) Chips
a type of CPU that can recognize as many as 100 or more instructions, enough to carry out most computations directly. (most are like this)
Reduced Instruction Set Computer (RISC) Chips
limits the number of instructions the CPU can execute to increase processing speed
Virtualization
a protected memory space created by the CPU allowing the computer to create virtual machines. Each virtual machine can run its own programs isolated from other machines.
Primary Storage
the computer's main memory, which consists of the random access memory (RAM), cache memory, and the read-only memory (ROM) that is directly accessible to the CPU.
Random Access Memory (RAM)
computer's primary working memory, in which program instructions and data are stored so that they can be accessed directly by the CPU via the processor's high-speed external data bus.
Votality
Refers to RAM's complete loss of stored information if power is interrupted. RAM is volatile and its contents are lost when the computer's electric supply fails.
Cache Memory
A small unit of ultra-fast memory that is used to store recently accessed or frequently accessed data so that the CPU does not have to retreive this data from slower memory circuits such as RAM.
Read only Memory (ROM)
the portion of a computer's primary storage that does not lose its contents when one switches off the power
Flash Memor
a special type of rewritable read-only memory (ROM) that is compact and portable
Memory Cards
contain high capacity storage that holds data such as music, images, or text files
Memory Sticks
Provide nonvolatile memory for a range of portable devices including computers, digital cameras, and MP3 players.
Secondary Storage
Equipment designed to store large voumes of data for long term storage
A) Megabyte (MB)
B) Gigabyte (GB)
C) Terabyte (TB)
A) 1 million bytes
B) 1 Billion bytes
C) 1 trillion bytes
Magnetic Medium
secondary storage medium that uses magnetic techniques to store and receive data
Magnetic Tape
older secondary storage medium using strip of thin plastic coating
System Software
controls how the various technology tools work togethre along with the application.
Utility Software
Provides additional functionality to the operating system. (ex: antivirus software, screen saver, etc.)
Application Software
used for specific information processing needs
Telecommunication Systems
enable the transmission of data over public or private networks
Network
communications data exchange
Architecture
peer-to-peer, client/server
Client/Server Networks
model for all applications, physical search of database on server and communicating with users handled by client
Client
a computer that is designed to request information from a server
Server
a computer that is dedicated to providing information in response to external requests
Network Operating System (NOS)
runs network, steering info between comps, security, and users
Packet Switching
comp sends message split into packets (diff users) sent to router
Router
intelligent connecting device, decides/sends packets
Network Topology
geometric arrangement of actual physical organization of comps (and other network devices) in a network. Involvement of connecting cables, bus’s, ring’s etc.
Protocols
standard that specifies format of data and rules during transmission. In order to have connection comps must be speaking the “same lang”, protocol.
Interoperability
2+ comp systems share data and resources, even by diff manufactures
Ethernet
physical and data layer techonology for LAN
Transmission Control Protocol/Internet Protocol (TCP/IP)
– technical foundation for public Internet as well as large private networks. Auto-adjust to slower devices/delays. TCP ensure data sent is same size as received. IP provides address and routing mechanism
Voice over IP (VoIP)
uses TCP/IP to transmit voice calls over long-distance telephone lines (over 10% calls, growing)
Media
– network transmission media, various media used to signal between comps
Wire media
– transmission materal so signals confines to narrow path and behave
Coaxial Cable
– wide range frequencies, low signal loss, single wire in metallic shield.
Fiber Optic Cable
info transmition as light impulses along glass wire/fiber. Over extended distances, little delay afforded, large amounts data transmit on regular basis.
Wireless Media
– natural parts of earth for transmission. Electromagnetic signals, network signals in waveform
Virtual Private Network (VPN)
– way to use public telecommunication (internet) to provide secure access to orgs network
Value Added Network (VAN)
– private network, provided by 3rd party, for exchanging info through high capacity connection.
First-Mover Advantage
occurs when an organization can significantly impact its market share by being first to market with a competitive advantage.
Environmental Scanning
the acquisition and analysis of events and trends in the environment external to an organization
Business to Business (b2b) marketplace
an internet-based service that brings together many buyers and sellers.
Private Exchange
a b2b marketplace in which a single buyer posts its needs and then opens the bidding to any supplier who would care to bid
Five Forces Model
Buyer Power, Supplier Power, Threat of subsitute products or services, Threat of new entrants, Rivalry among existing competitors
Threat of subsistence products or services
is high when there are many alternatives to a product of service and low when their are few.
Switching Costs
Costs that can make customers reluctant to switch to another product or service
Threat of new Entrants
Part of five forces model, is high when it is easy for new competitors to enter a market , and low when there are significant entry barriers to entering a market.
Entry Barrier
A product or service feature that must be offered by any new incoming competition in a market.
Rivalry among existing competitors
is high when competition is fierce in a market and low when competition is more complacent
Value Chain
a standardized set of activities that accomplish a specific task, such as processing a customers order.
E-Business
the conducting of business on the internet, not only buying and selling but also serving customers and collaborating with business partners
Core Competency
the key strength of an organization, a business function that it does better than any of its competitors.
Core Competency Strategy
Area where company chooses to focus specifically on.
Strategic alliances
= competitive advantages through access to other resources.
Partnerships
grow and expand more quickly and efficiently, especially companies in the outsourcing process (save time and boost productivity).
Information Partnership
two or more organizations cooperate by integrating their IT systems together – providing customers with the best of what each can offer. Ex: Amazon to e-business companies and outsourcing services other retailers
Collaboration Systems
– IT-based (accurate info) set of tools that supports the work of teams by facilitating the sharing and flow of information, such as: Telecommuting and online meetings, interacting between people in different locations, involve and share others quickly.
Unstructured Collaboration (information collaboration)
– document exchange, shared whiteboards, e-mail, forums. Improves personal productivity, reduces time spent searching for info/answers.
Structured Collaboration (process collaboration)
– shared participation in business processes (workflow), knowledge hard-coded rules.
Knowledge management systems (KM)- KM:
personally capturing, classifying, evaluating, retrieving, sharing info so that it provides context for effective decisions and actions (esp. of customers), KMS supports it. Up to the organization to decide what info qualifies as knowledge (real competitive advantage)
Explicit Knowledge
– anything that can be documented or archived with help of IT (patents/trademarks/market research)
Tacit Knowledge
– contained in people’s heads. Challenge to work with
Joint problem solving
– expert and novice work hand in hand
Content Management Systems
provides tools to manage the creation, storage, editing and publication of info in a collaborative environment (presents info/needs effectively: presents certain info/content for employees)
Workflow Management Systems
automation and management of business processes, and control movement of work (defined and tracked, ex. By managers) through those business processes.
a. Messaging-based workflow
Supply Chain Management (SCM)
involves the management of information flows between and among stages in a supply chain to maximize total supply chain effectiviness.
Supply Chain Management (SCM) 4 MAIN COMPENENTS
Supply Chain Strategy, Supply Chain Partners, Supply Chain Operation, Supply Chain Logistics
Supply Chain Strategy
the strategy for managing the resources required to meet customer demand for all products and services
Supply Chain Partners
partners chosen to deliver finished products, raw materials, and services
Supply Chain Operation
the schedule for prouction activitites including testing, packaging, and preperation
Supply Chain Logistics
the product delivery processes and elements including orders, awareness, carriers, defective product returns, and invoicing.
Effective Supply Chain Management Systems enable an organization to.....
Decrease the power of its buyers
Increase its own supplier power
Increase switching costs to reduce threat of subistitue products or services
Create Entry Barriers
Increase effiences while seeking competitive advantage through cost leadership
Business Process Reengineering
the analysis and redesign of workflow within and bewtween enterprises
Enterprice Resource Planning (ERP)
integrates all departments and functions throughout an organization into a single IT system so that employees can make decisions by viewing enterprisewide info on all business operations.
Key Performance Indicators (KPI's)
are the measures that are tied to business drivers. Metrics are the detailed measures that feed those KPI's.
Efficiency IT Metrics
speed, throughput, availability, web traffice, response time, etc
Effectiveness IT Metrics
Customer Satisfaction, Financial, Rates, etc
Balanced Scorecard
managament system, in addition to a measurement system that enables organziations to clarify their version and strategy and translate them into action.
IT Roles and Responsibilities
CIO, CTO, CSO, CPO, CKO
Chief information officer (CIO)
– overseeing uses of TI, ensuring they align with business goals. Ex: Manager (delivery of IT projects on time and within budget), leader (strategic line of IT with strategic
Chief technology officer (CTO)
– ensures speed, accuracy, reliability, availability of IT. Ensures efficiency of IT vs. CIO’s task of making sure it is aligned with organizations goals.
Chief Security Officer (CSO)
– ensures security of IT, safeguards against hackers etc.
Chief Privacy Officer (CPO)
ensures ethical and legal use of information within an organization. New position, many lawyers take on the position.
Chief Knowledge Officer (CKO)
– responsible for collecting, maintaining and distribution companies knowledge. Create systems for the knowledge, filtering it, keeping it up-to-date.
Information Security
– the protection of information from accidental or intentional misuse by persons inside or outside an organization. 1-5% of budget on security.
Information granularity
– extent of detail within info. Employees must be able to use any type to make decisions (Summary info in Word = coarse, vs. aggregate info). Varies by successfully collecting, compiling, sorting and analyzing information from multiple levels. Determine value of information with characteristics (4): transactional, analytical, timeliness, and quality.
Transactional Information
– all info in single business process or unit of work, primary purpose to support the performing of daily operational tasks. (ATM withdraw, airline reservation)
Analytical information
– all org info, primary purpose to support perfoming of managerial analysis tasks. Includes transactional + market and industry info. (trends, sales, stats, future growth projections)
Timeliness
– aspect of info depending on situation (how long info is relavant/needed etc)
Real time info
– immediate, up-to-date info. Real-time systems provide the info in response to query requests.
Quality Information 5 characterisitcs –
Accuracy , Completeness, Consistency, Uniqueness, Timeliness
Data Warehousing
–logical collection of info-gathered from many diff operational databases-supporting business analysis activities/decision making. Sorts info in aggregation form (totals, counts, averages), in only analytical processing. Takes data from multiple sources/technologies (spreadsheets, databases, word files) and sorts in common locations, using common querying tools.
Extraction, transformation, and loading (ETL) –
process extracts info from internal/external databases, transforms info using common set of enterprise definitions, loads info into a data warehouse (which sends it to subsets to data marts)
Data mart
contains subset of data warehouse info.
Multidimensional database
– most dataware houses/marts are.
Dimension
is a particular attribute of info, each layer of warehouse/mart is sorted this way
Cube
is a common term for representation of multidimensional info
Data mining
– process of analyzing data to extract info not offered by raw data alone
Data mining tools
– variety of techniques to find patterns/relationships in large volumes of info, and infer rules from them that predict future behavior/guide decision making = query tools, reporting tools, multidimensional analysis tools, stat tools, intelligent agents.
information cleansing/scrubbing
– weeds out/fixes/discards inconsistent, incorrect or incomplete info
Business Intelligence (BI)
– info people use to support their decision-making efforts- BI enablers: technology, people, corporate culture.
Database
– maintains info about various objects (inventory), events (transactions), people (employees), places (warehouses)
Heirarchical database model
– info is organized into tree structure, repeating info, parent/child. Used to be used often, not in the modern world.
Network Database model
– flexible representation of objects and their relationships, mult parents + children, forming a “lattice structure”
Relational database model
– stores info in logical form of 2D tables (Access)
A)Entity
B)Entity class
C)Attributes
D)Primary Key
E)Foreign Key
A) –person, place, thing, transaction, event

B) – (table) collection of similar entities

C) – (fields/columns) characteristics/properties of entity class

D) field/group of fields uniquely identifying a given entity in a table. Distinguish each entity in table

E) primary key in one table, but attribute in another
Advantages to a RDM:
flexibility, performance, less info redundancy, info quality, security of info
Flexibility:
A) physical view
B) logical view
A) deals with physical storage of info on storage device/hardware

B) users logically access info to meet particular business needs
A) Perfomance
B) Scalability
A) – measures how quick system performs certain process or transactions

B) how well system can adapt to increased demands
Information integrity
measure of quality of info.
Integrity constraints
Relational, Business Critical,
Relational (Integrity Constraints)
rules of basic/fundamental constraints (no order for a non existant customer)
Business critical (Integrity Constraints)
– business rules vital to org’s success, require more knowledge (no returns after 15 days)
Information Security
- since internet, its an issue. Use of passwords, access levels, access controls.
Database Management System (DBMS)
software through which users and application programs interact with a database. 4 Primary components: Data Definition, Data Manipulation, Application Generation, and Data Administration.
Data Definition component
create/maintains data dictionary and structure of database
Data dictionary
– file that stores definition of info types, identifies primary and foreign keys, maintains relationships among tables. Defines logical properties of info in database. (type, field name, format, default value etc).
Data Manipulation component
– allows users to create, read, update and delete info in database
Report generators
– allow users to define formats for reports, choose info
Query By Query example (QBE) tools
allow users to graphically design answers
Structured query language (SQL)
standardized fourth generation query language in most DBMS
Integration
allows separate systems to commicate directly with each other, ensure consistently of info, but not necc. Redundancy.
Forward integration
– takes entered info in system and sends auto. To all downstram systems and processes. (Info to order fulfillment and billing)
Backward integration
– takes entered info in system and sends autp. To all upstreams systems and processes. (Employee enters customer info)
Repair/damage to brand reputation
– accidental placement of customers private info etc
Prevent/incur liablilities.
– CAT scans/mammograms can save lives. Faulty technology in cars, planes, etc
Systems Development Life Cycle (SDLC!) PADD-TIM
PLANNING, ANALYSIS, DESIGN, DEVELOPMENT, TESTING, IMPLEMENTATION, MAINTENANCE
Planning
– involves establishing high-level plan of intended project and determining project goals. First and most critical phase, determine plans and why necessary.
2) Analysis=
a. Business Requirements=
involves analyzing end-user business requirements and refining project goals into defined functions and operations of the intended system. Critical, detailed, accuracy.

A) – detailed set of business requests the system must meet in order to be successful
3. Design
– describing the desired features and operations of system: screen layouts, business rules, process diagrams, other documentation.
4. Development
– taking all detailed design documents and transforming them into actual system. This step takes it from preliminary designs to actual physical implementation.
5. Testing
– bring all project pieces together to special testing environment to test for errors/bugs etc. Also to verify that it meets all business requirements from analysis phase.
6. Implementation
– placing system in production so user can begin to perform actual business operations with the system.
7. Maintenance
– performing changes, corrections, additions, and upgrades. This phase continues for the life of the system, because system must change as business evolves.
Waterfall Methodology
each phase of SDLC performed sequencially. Low success rate, 1:10.
Rapid Application Development (RAD)
emphasizes entensive user involvement, but creating of prototypes to accelerate development process.
Extreme Programming Methodology (XP)
– breaks project into tiny phases, iterations, and developers cannot continue on to the next until the first is complete. Like puzzle pieces, when combined (again and again), it makes sense.
Developing Succesful Software
– small budget so not risky, evaluate software over time and eliminate any software not meeting up, “triage, triage sessions.” Test and approve. Use non-IT executives to test software, as liaisons to the users, and a new aspect.
Scope Creep
– scope of project increases
Feature Creep
– developers add extra features not part of initial requirements.
Project Variables (3 primary) of quality
time, cost, scope.
SDLC
– overall process for developing info systemsfrom planning and analysis through implementation and maintenance
Project
temporary endeavor undertaken to create a unique product or service
Project deliverables
– any measurable, tangible, verifiable outcome, result, or item that is produced to complete and project part of a project
Project exclusions
– products, services, or processes that are not specifically a part of the project
Project Plan
– formal, approved, document that manages and controls project execution.
PERT
– graphical network model that depics a project’s tasks and relationships between those tasks
Gantt Chart
– simple bar chart that depicts project tasks against a calendar
Product LifeCycle
– 4 phases product goes through during its life cycle: Intro, growth, maturity, decline
Business Process Reengeneering (BPR)
analysis and redesign of workflow within and between enterprises(projects) 1. Set Prject Scope 2. Study Competition 3. Create New Processes 4. Implement Solution
Social Networking Analysis
– mapping a group’s contacts to identify who knows whom and who works with whom for future needs/key leaders.
CRM can enable an organization to:
1) Identify types of customers

2) Design individual customer

3) marketing campaigns

4)Treat each customer as an
individual

5) Understand customer buying behaviors
IT Cultures (list 4 main)
Information-Functional

Information-Sharing

Information-Inquiring

Information-Discovery
1. Information-Functional
employees use information as a means of exercising power.
Information-Sharing
– Employees across departments trust each other to use information to improve performance
3. Information-Inquiring
– Employees across departments search for information to better understand future, and to also get acquainted with new directions and current trends.
4. Information-Discovery
– Employees across departments open to new insights and crisis and radical changes and seek ways to create competitive advantages.
Intellectual Property
- Intangible creative work that is embodied in physical form
Copyright
- The legal protection afforded an expression of an idea, such as a song, video game, and some types of proprietary documents
Fair Use Doctrine
- In certain situations, it is legal to use copyrighted material
Pirated Software
- The unauthorized use, duplication, distribution, or sale of copyrighted software
Counterfeit Software
- Software that is manufactured to look like the real thing and sold as such
ePolicies
- Policies and procedures that address the ethical use of comps and Internet usage in the business environment.
Types of ePolicies
a. Ethical comp use policy
b. Info privacy policy
c. Acceptable use policy
d. E-mail privacy policy
e. Internet use policy
f. Anti-spam policy
Opt-in
-allowing business to contact only the people who had agreed to receive promotions and marketing via e-mail
Privacy Act- 1974
Restricts what info the federal gov’t can collect; allows people to access and correct info on themselves; requires procedures to protect the security of personal info; and forbids the disclosure of name-linked info w/o permission
Freedom of Information Act
1967, 1975, 1994, and 1998: Allows any person to examine gov’t records unless it would cause an invasion of privacy. It was amended in 1974 to apply to the FBI, and again in 1994 to allow citizens to monitor gov’t activities and info gather, and once again in 1998 to allow access to gov’t info on the Internet
cHealth Insurance Portability and Accountability Act (HIPPA)-1996:
Requires that the health care industry formulate and implement regulations to keep patient info confidential
USA Patriot Act- 2001 and 2003:
Allows law enforcement to get access to almost any info, including library records, video rentals, bookstore purchases, and business records when investigating any act of terrorist or clandestine intelligence activities. In 2003, Patriot II broadened the original law
Homeland Security Act- 2002:
Provided new authority to gov’t agencies to mine data on individuals and groups including e-mails and Web site visits; put limits on the info available under the Freedom of Info Act; and gave new powers to gov’t agencies to declare national health emergencies
CIO’s 6 principles for Ethical Info Management
1) Info is a valuable corporate asset like cash, facilities, or any other corporate asset and should be managed as such
2) The CIO is steward of corporate info and is responsible for managing it over its life cycle—from its generation to its appropriate destruction
3) The CIO is responsible for controlling access to and use of info, as determined by gov’t regulation and corporate policy
4) The CIO is responsible for preventing the inappropriate destruction of info
5) The CIO is responsible for bringing technological knowledge to the development of info management practices and policies
6) The CIO should partner w/ executive peers to develop and execute the organization’s info management policies
Ethical Computer Use Policy
Contains general principles to guide comp use behavior
Information Privacy Policy
- Contains general principles regarding info privacy
Mail Bomb
-Sending a massive amount of e-mail to a specific person or system resulting in filing up the recipient’s disk space, which, in some cases, may be too much for the server to handle and may cause the server to stop functioning
Acceptable Use Policy (AUP)
A policy that a user must agree to follow in order to be provided access to a network or to the Internet.
Nonrepudiation
- A contractual stipulation to ensure that e-business participants do not deny (repudiate) their online actions. A nonrepudiation clause is typically contained w/in an AUP
Spam
- Unsolicited e-mail
Employee Monitoring Policies
Explicitly state how, when, and where the company monitors its employees.
Four Quadrants of Ethical and Legal Behavior
Legal Illegal
Ethical I II
Unethical III IV
Decision Making Process
1. Define the Problem and Develop Goals
2. Gather necessary data and convert it to info
3. Develop Alternatives
a. Current available alternatives
b. Do nothing
4. Using Your Info, Rate Your Alternatives
5. Make Decision
2 Methods For Decision Making
Statistical Analysis
a. Min/Max
b. Mean/Median/Mode
c. Standard Deviation
2. Graphing/Charting/Modeling
Spreadsheet Modeling
Building a spreadsheet that DESCRIBES the current (or past or future) state of your operations
Forecasting/Simulation
- Using spreadsheet for determining future. Gives realm of possibilities. Gives chances, odds, statistics, etc
Optimization
- Opposite of simulation. Finding the “best” answer
i. Ex: Time- When can the most people come?
Sensitivity Analysis
- How sensitive is the model to change? Does change drastically change output, final product, etc
How To Lie w/ Charts
1. Show how one item relates to the whole Pie
2. Show how one item relates to other items (Bar Graph)
3. Show a trend in an item (Line Graph)
Examples of Misleading Statistics
1. Women are better drivers than men
a. On average, a woman between the ages of 20 and 65 who drives a car will have had fewer accidents than a man of the same age, driving the same car
b. The data is drawn almost exclusively from insurance company statistics
c. It may not, however, be accurate, as few people bother to alert their insurers if they clip the wing mirror or scratch the paint.
Things To Look Out For
1. “47.3% of all statistics are made up on the spot.” –Steven Wright
2. Where did the data come from?
3. Who ran the survey?
4. Do they have an ulterior motive for having the result go one way?
5. How was the data collected?
6. What questions were asked?
7. How did they ask them?
8. Who was asked?
9. Be wary of comparisons.
10. Be aware of numbers taken out of context
The Problem With Statistics
1. People like favorable numbers to back up a decision
2. Ex: When choosing an Internet provider, most people will choose the one with the most customers
3. Probabilities must be independent of each other. The outcomes should not be based on previous instances or behaviors
2. Median
3. Mean
4. Mode
2) The middle value in a distribution, above and below which lie an equal number of values.
3) A number that typifies a set of numbers, such as a geometric mean or an arithmetic mean; the average value of a set of numbers.
4) the value or item occurring most frequently in a series of observations or statistical data.
GIGO
"Garbage in, Garbage Out"
Spreadsheet Model
-A mathematical model that approximates a real-world situation.

a. Will never be 100% accurate, b/c there are some thing you can’t quantify
b. Sometimes so complex that not all factors/elements can be included
c. Other programs other than Excel can be used to more closely analyze real-world situations
Mathematical Model
Approximates a real-world situation

3. 2 Types of Mathematical Models
a. Descriptive- Describe what is currently happening in situation
b. Prescriptive- Adapted from descriptive models to help in decision making
i. Simulation
ii. Optimization
The Standard Excel Modeling Development Components
1. Inputs-
a. Known facts
b. Not trying to change
c. Have no control over
2. Outputs
a. Outcomes of model
b. Results that we are paying attention to
c. Ex: Total profit, total cost
3. Decision Variables
a. Things we’re trying to decide
b. Type of input, more specific
c. Static- Descriptive Model; What-If Analysis- Prescriptive model
4. Formulas/Relationships
a. Various formulas and functions that takes inputs and decision variables and combines them to make your outputs
Characteristics of a Good Model
1. Accuracy- Most important
2. Clarity
3. Flexibility
4. Efficiency
5. Documentation
K201 Model Makeover
1. Structure- More organization
2. Marketing- Additional labeling of sections and Hierarchy of labels
3. Focus- Identification of the output and decision variables using formatting
4. Consistency- In labels, formatting, and hierarchy
Principles of Good Spreadsheet Design
1. Use of Named Ranges
a. Improves readability and understanding of model
2. Commenting and Text Boxes
a. Ex: Create a legend for named ranges
b. Comment boxes: provide explanations
3. Readability and Typography
a. Use a type hierarchy w/ consistent headers
b. Font/Size: Consistent, point size (no less than 10pt)
c. Weight: bold, heavey, normal
d. Style: Italics, Oblique, etc
4. Color Usage
a. Use only 2-3 colors
b. Use colors to highlight important parts of the model
i. Ex: red border for decision variables
c. Complimentary colors (red-green, blue-orange, violet-yellow) Ok to use in same spreadsheet, just not one on top of the other
d. Professional- Conservative is your best bet
5. Preventing Errors
a. Lock cells that should not be changed and protect the workbook or worksheet
b. Provide a comment to allow a person to fully understand a value
c. Using Drop-down menu’s when possible with data validation
d. Use Macro’s to automate functions
Basics-Charts
1. Pie Chart- Show how one item relates to the whole
2. Bar/Column Chart- Show how one item relates to other items
3. Line Chart- Show a trend in an item (usually over time)
Common Charting Mistakes
1. Data Issues
a. Conclusions drawn don’t match with data being presented. Incorrect interpretation/chosen wrong data to support conclusion
2. Analysis Issues
a. Occur when you don’t understand results.
b. Misinterpreting statistics, etc
c. Common Analysis Mistakes
i. Doing the wrong kind of analysis (doing a simulation when you should do an optimization)
ii. Not understanding or accurately describing the results of the analysis
3. Presentation Issues
a. Poor choice of chart type
b. Axis Scale problems
c. Missing info
d. Too much info
What is a method for confirming users’ identities?
Authentication
In terms of Porter’s 5 Forces, the Internet affected the text book industry by increasing the Threat of Substitute Products and Services...T/F?
True
After developing alternatives for a problem, what is the next step in making a decision?
Rate the alternatives using info
What determines how applications integrate and relate to each other?
Application Architecture
7. This holiday season you would like to prepare for after-holiday returns. You use data from last 3 years to model what could happen this year after the holidays. This is an example of a simulation model...T/F?
True
Which act prohibits the use of video rental info on customers for any purpose other than that of marketing goods and services directly to customer?
Bork Bill
What are the 3 primary variables in any project?
Time,Cost,Scope
Enterprise Architectures
- The plans for how an organization will build, deploy, use, and share its data, processes, and IT assets
Enterprise Architect (EA)
- A person grounded in technology, fluent in business, a patent diplomat, and provides the important bridge b/t IT and the business. An EA is expensive and generally receives a salary upward of $150,000
Basic Enterprise Architectures contain 3 components:
1) Information Architecture- Identifies where and how important info, like customer records, is maintained and secured
2) Infrastructure Architecture- Includes the hardware, software, and telecommunications equipment that, when combined, provide the underlying foundation to support the organization’s goals
3) Application Architect- Determines how applications integrate and relate to each other
3 Primary Areas that Info Architecture should focus on:
1) Backup and recovery
2) Disaster recovery
3) Info security
Backup
- An exact copy of a system’s info
Recovery
- The ability to get a system up and running in the event of a system crash or failure and includes restoring the info backup.
Fault Tolerance
- A computer system designed that in the event a component fails, a backup component or procedure can immediately take its place w/ no loss of service
Failover
- A backup operational mode in which the functions of a computer component (such as a processor, server, network, or database) are assumed by secondary system components when they primary component become unavailable through either failure or scheduled down time
Disaster Recovery Plan
- A detailed process for recovering info or an IT system in the event of a catastrophic disaster such as a fire or flood
Hot Site
A separate and fully equipped facility where the company can move immediately after a disaster and resume business
Cold Site
A separate facility that DOES NOT have any computer equipment, but is a place where employees can move after a disaster.
Disaster Recovery Cost Curve- Charts:
i. The cost to the organization of the unavailability of info and technology
ii. The cost to organization of recovering from a disaster over time
1. The intersection will identify the optimal factor (ex: the optimal disaster recovery plan in terms of cost and time)
How to maintain Information Security
1) Managing User Access- Managing access and what is available to employees and outsiders through the use of passwords

2) Up-to-Date Antivirus Software and Patches
The 5 Primary Characteristics of a solid Infrastructure Architecture:
1) Flexibility- Must be able to adapt to change
2) Scalability- How well a system can adapt to increased demands
i. Capacity planning- Determines the future IT infrastructure requirements for new equipment and additional network capacity.
3) Reliability- Ensures all the systems are functioning correctly and providing accurate info.
4) Availability- (an efficiency IT metric) Address when systems can be accessed by employees, customers, and partners
i. High Availability- Refers to a system or component that is continuously operational for a desirably long length of time
5) Performance- Measures how quickly a system performs a certain process or transaction (in terms of efficiency IT metrics of both speed and throughput)
Application Architecture
- Determines how applications integrate and relate to
Web Services
Contain a repertoire of Web-based data and procedural resources that use shared protocols and standards permitting different applications to share data and services.
Interoperability
- The capability of two or more computer systems to share data and resources, even though they are made by different manufacturers.
Events
The eyes and ears of the business expressed in technology—the detect threats and opportunities and alert those who can act on the info
Open Systems
- A broad, general term that describes nonproprietary IT hardware and software made available by the standards and procedures by which their products work, making it easier to integrate them
Open System Integration is designed to:
i. Allow systems to seamlessly share info. The sharing of info reduces the total number of devices, resulting in an overall decrease in cost
ii. Capitalize on enterprise architectures. This avoids installing several independent systems, which creates duplication of devices
iii. Eliminate proprietary systems and promote competitive pricing. Often a sole-source vendor can demand its price and even provide the customer with less than satisfactory service. Utilization of open systems allows users to purchase systems competitively.
Information Security
- A broad term encompassing the protection of info from accidental or intentional misuse by persons inside or outside an organization
The First Line of Defense
People
Insiders
Legitimate users who purposely or accidentally misuse their access to the environment and cause some kind of business-affecting incident
Social Engineering
Using one’s social skills to trick people into revealing access credentials or other info valuable to the attacker
Dumpster Diving
Looking through people’s trash
Information Security Policies
Identify the rules required to maintain information security
Information Security Plan
- Details how an organization will implement the information security policies
Second Line of Defense
Technology
5 Steps for Creating an Information Security Plan
1) Develop the Information Security Policies- Identify who is responsible and accountable for designing and implementing the organization’s information security policies
2) Communicate the Information Security Policies- Train all employees on the policies and establish clear expectations for following the policies
3) Identify critical information assets and risks- Require the use of user ID’s, passwords, and antivirus software on all systems
i. Firewall- A hardware and/or software that guards a private network by analyzing the info leaving and entering the network
ii. Intrusion Detection Software (IDS)- Searches out patterns in information and network traffic to indicate attacks and quickly to prevent any harm
4) Test and reevaluate risks- Continually perform security reviews, background checks, and security assessments
5) Obtain stakeholder support- Gain the approval and support of the info security policies from the board of directors and stakeholders.
3 Primary Information Security Areas
1) Authentication and Authorization
2) Prevention and Resistance
3) Detection and Response
Top 10 Questions Managers Should Ask Regarding Information Security
1) Does the board of directors recognize security as a board-level issues that cannot be left to the IT department alone?
2) Is there clear accountability for information security in the organization
3) Do the board members articulate an agreed-upon set of threats and critical assets? How often do they review and update these?
4) How much is spent on info security and what is it being spent on?
5) What is the impact on the organization of a serious security incident?
6) Does the organization view info security as an enabler? (Ex: implementing effective security, could the organization increase business over the internet?)
7) What is the risk to the business of getting a reputation for low info security?
8) What steps have been taken to ensure that third-parties will not compromise the security of the organization?
9) How does the organization obtain independent assurance that info security is managed effectively?
10) How does the organization measure the effectiveness of its information security activities?
Authentication
- A method for confirming users’ identities
i. After the system determines the authentication of the user, it can then determine the access privileges (or authorization) for that user
Authorization
- The process of giving someone permission to do or have something
3 Types of Authentication and Authorization techniques:
1) Something the user knows such as a user ID and password
i. Identity Theft- The forging of someone’s identity for the purpose of fraud
ii. Phishing- A technique to gain personal info for the purpose of identity theft, usually by means of fraudulent e-mail.
2) Something the user has such as a smart card or token
iii. Token- A small electronic device that changes user passwords automatically
iv. Smart Card- A device that is around the same size as a credit card, containing embedded technologies that can store info and small amounts of software to perform some limited processing
3) Something that is part of the user such as a fingerprint or voice signature
v. Biometrics- The identification of a user based on physical characteristics, such as a fingerprint, iris, face, voice, or handwriting
Prevention and resistance technologies stop...
intruders from accessing intellectual capital
Content Filtering
- Occurs when organizations use software that filters content to prevent the transmission of unauthorized info
Encryption
- Scrambles info into an alternative for that requires a key or password to decrypt the info
Public Key Encryption (PKE)
- An encryption system that uses two keys: a public key that everyone can have and private key for only the recipient
Firewall
- Hardware and/or software that guards a private network by analyzing the info leaving and entering the network. One of the most common defense for preventing a security breach is a firewall. Organizations typically place a firewall b/t a server and the Internet.
Worm
- A type of virus that spreads itself, not only from file to file, but also from comp to comp. The primary difference b/t a virus and worm is that a virus must attach to something, such as executable file, in order to spread. Worms do not need to attach to anything to spread and can tunnel themselves into comps.
Denial-of-service Attack (DoS)
- Floods a website with so many requests that it slows down or crashes the site
Distributed denial-of-service Attack (DDoS)
- Attacks from multiple comps that floods a Web site w/ so many requests for service that it slows down or crashes. A common type is the “Ping of Death,”
“Ping of Death”
- Thousands of comps try to access a web site at the same time, overloading it and shutting it down
Trojan-Horse Virus
—Hides inside other software, usually as an attachment or a downloadable file
Backdoor Programs
Viruses that open a way into the network for future attacks
Polymorphic Viruses and Worms
Change their form as they propagate
Elevation of Privilege
- A process by which a user misleads a system into granting unauthorized rights, usually for the purpose of compromising or destroying the system. For example, an attacker might log on to a network by using a guest account, and then exploit a weakness in the software that lets the attacker change the guest privileges to administrative privileges
Hoaxes
- Attack comp systems by transmitting a virus hoax, w/ a real virus attached. By masking the attack in a seemingly legitimate message, unsuspecting users more readily distribute the message and send the attack on to their co-workers and friends, infecting many users along the way
Malicious Code
- Includes a variety of threats such as viruses, worms, and Trojan horses
Spoofing
The forging of the return address on an e-mail so that the e-mail message appears to come form someone other than the actual sender. This is not a virus but rather a way by which virus authors conceal their identities as they send out viruses
Spyware
- Software that comes hidden in free downloadable software and tracks online movements, mines the info stored on the comp, or uses a comp’s CPU and storage for some task the user knows nothing about. (According to the National Cyber Security Alliance,
Sniffer
A program or device that can monitor data traveling over a network. Sniffers can show all the data being transmitted over a network, including passwords and sensitive info. Sniffers tend to be a favorite weapon in the hacker’s arsenal
Packet Tampering
Altering the contents of packets as they travel over the Internet or altering data on computer disks after penetrating a network. Ex: An attacker might place a tap on a network line to intercept packets as they leave the comp. The attacker could eavesdrop or alter the info as it leaves the network.