Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
CIS 480/BA 479: Managing Technology for Business Strategies Week 3 Dr. Jesús Borrego Regis University 1 scis.regis.edu ● [email protected] Agenda • Review of Homework 2 • Group Project • Internet and Security: ▫ ▫ ▫ ▫ Ch. 7 – Telecom, Internet and Wireless Technology Ch. 8 – Securing Information Systems Ch. 9 – Enterprise Applications Ch. 10 – Electronic Commerce • Group Project – Requirements and Budget 2 HW 2 – IT and Ethics • There have been a number of headline examples recently that have discussed the disregard for ethics in an organization. • The role of ethics in an organization is an important component of the culture of an organization and impacts the way Information Technology develops, manages, and distributes data. • Based on the readings this week as well as your own personal experiences, write a three-to-five page paper on the topic of IT and Ethics. • Be sure to include a minimum of two resources in your paper. • You may use examples from your own work. • Be sure to use APA style format for your paper 3 Chapter 7 • Telecom, Internet and Wireless Technology 4 Computer Network ▫ Two or more connected computers ▫ Major components in simple network Client and server computers Network interfaces (NICs) Connection medium Network operating system Hubs, switches, routers ▫ Software-defined networking (SDN) Functions of switches and routers managed by central program 5 Sample Network 6 Corporate Network 7 Sample Ethernet Network Source: http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5708/ps5710/ps1018/prod_presentation09 00aecd804e1307.pdf 8 Ethernet Network Sub-networks 192.168.2.X 192.168.3.X 9 192.168.1.X Sample Network Diagram 10 Another example Source: http://sakswissarmyknife.wordpress.com/2010/10/01/secure-networkdiagram/ 11 Client-Server Environment • Distributed computing model • Clients linked through network controlled by network server computer • Server sets rules of communication for network and provides every client with an address so others can find it on the network • Has largely replaced centralized mainframe computing • The Internet: largest implementation of client/server computing 12 Packet Switching • Method of slicing digital messages into parcels (packets), sending packets along different communication paths as they become available, and then reassembling packets at destination • Previous circuit-switched networks required assembly of complete point-to-point circuit • Packet switching more efficient use of network’s communications capacity 13 Packet Communications 14 OSI Layers Application Presentation Session Transport Network Data Link Physical 15 OSI Layers • Application – access to OSI environment and distributed IS • Presentation – Hides implementation details of the data • Session – controls communication between applications, setsup/connects/terminates connections Source: Stallings, W. (2007). Data and computer communications (8th ed.). Upper Saddle River, NJ: Pearson Prentice Hall. 16 OSI Layers (Cont’d) • Transport – reliable communications, end-to-end recovery and flow control • Network – isolates upper layers from connectivity details • Data Link – controls block transmission (error, flow, synchronization) • Physical – unstructured data transmission Source: Stallings, W. (2007). Data and computer communications (8th ed.). Upper Saddle River, NJ: Pearson Prentice Hall. 17 Protocol Stack Application Presentation Application Application protocol Presentation Session Session Transport Server Server Transport Transport protocol Network Network IP Data Link Physical 18 IP protocol Network Access IP protocol Data Link Physical Internet Protocol Stack • • • • 19 Application layer Transport layer Internet layer Network interface layer TCP/IP communications 20 Communications Networks ▫ Local-area networks (LANs) Ethernet Client/server vs. peer-to-peer ▫ ▫ ▫ ▫ 21 Wide-area networks (WANs) Metropolitan-area networks (MANs) Campus area networks (CANs) Car area networks (CANs) Modems 22 Media • Physical transmission media ▫ ▫ ▫ ▫ Twisted pair wire (CAT5) Coaxial cable Fiber optics cable Wireless transmission media and devices Satellites Cellular systems • Transmission speed ▫ Bits per second (bps) ▫ Hertz ▫ Bandwidth 23 Twisted Pair • • • • Typical phone wire Copper wire Twists reduce electrical interference Different categories ▫ CAT 3: 3 twists per inch ▫ CAT 5: 5 twists per inch • Shielded: metal foil covers each pair of wires • Unshielded: not covered except for outer layer Source: http://essayprashesh.blogspot.com/2010/09/twisted-pair-cable.html 24 Twisted Pair Source: http://www.ecvv.com/product/2063210.html 25 Shielded Twisted Pair Source: http://www.primuscable.com/store/p/674Shielded-Cat6-Cable-for-Networking-FTP-1000Yellow.aspx?gdftrk=gdfV21784_a_7c150_a_7c4514_a_7c C6SH_d_448YL&gclid=CLikscuj07gCFc4-Mgod0mYA0g 26 Unshielded Twisted Pair (UTP) CAT-2, 3, 4, 5 Source: http://essayprashesh.blogspot.com/2010/09/twisted-pair-cable.html 27 Coaxial Cable • Inner conductor made of copper • Includes insulating layer around the conductor • Protective shield around it • Outer insulating jacket • Used in cable television and some telephone systems • Originally used in Ethernet Source: http://searchdatacenter.techtarget.com/definition/coaxial-cable 28 Coaxial Cable Source: http://www.oocities.org/tohliang/hardware.htm 29 Fiber Optic • Consists of three layers: ▫ Core – thin glass where light travels ▫ Cladding – outer optical material to reflect the light back into the core ▫ Buffer Coating – plastic coating to protect core from damage and moisture • Can contain many strands ▫ Bundles are protected by a jacket Source: http://computer.howstuffworks.com/fiber-optic1.htm 30 Fiber Optic Source: http://www.ecvv.com/product/2063210.html, http://clcomm.com/index.php?main_page=index&cPath=12 , http://electronics.howstuffworks.com/question402.htm 31 Domain Name System 32 VoIP 33 Web Protocols ▫ Hypertext Markup Language (HTML) ▫ Hypertext Transfer Protocol (HTTP): Communications standard used for transferring Web pages ▫ Uniform resource locators (URLs): Addresses of Web pages http://www.megacorp.com/content/features/082602. html ▫ Web servers Software for locating and managing Web pages 34 Chapter 8 • Security Information Systems 35 Definitions • Vulnerability ▫ Front door open • Threat ▫ Thief walking by • Attack ▫ Thief enters house • Controls ▫ Have motion sensors in the house 36 System Vulnerability • Accessibility of networks • Hardware problems (breakdowns, configuration errors, damage from improper use or crime) • Software problems (programming errors, installation errors, unauthorized changes) • Disasters • Use of networks/computers outside of firm’s control • Loss and theft of portable devices 37 Attacks • Spoofing – Misrepresenting oneself by using fake e-mail addresses or masquerading as someone else – Redirecting Web link to address different from intended one, with site masquerading as intended destination • Sniffer – Eavesdropping program that monitors information traveling over network – Enables hackers to steal proprietary information such as e-mail, company files, and so 38 Attacks (Cont’d) • Denial-of-service attacks (DoS) ▫ Flooding server with thousands of false requests to crash the network • Distributed denial-of-service attacks (DDoS) ▫ Use of numerous computers to launch a DoS ▫ Botnets Networks of “zombie” PCs infiltrated by bot malware Deliver 90% of world spam, 80% of world malware Grum botnet: controlled 560K to 840K computers 39 Computer Crime • Defined as “any violations of criminal law that involve a knowledge of computer technology for their perpetration, investigation, or prosecution” • Computer may be target of crime, for example: ▫ Breaching confidentiality of protected computerized data ▫ Accessing a computer system without authority • Computer may be instrument of crime, for example: ▫ Theft of trade secrets ▫ Using e-mail for threats or harassment 40 Employees • Security threats often originate inside an organization • Inside knowledge • Sloppy security procedures ▫ User lack of knowledge • Social engineering: ▫ Tricking employees into revealing their passwords by pretending to be legitimate members of the company in need of information 41 Information Assurance • Electronic evidence – Evidence for white collar crimes often in digital form • Data on computers, e-mail, instant messages, e-commerce transactions – Proper control of data can save time and money when responding to legal discovery request • Computer forensics: – Scientific collection, examination, authentication, preservation, and analysis of data from computer storage media for use as evidence in court of law – Includes recovery of ambient and hidden data 42 Security Policy • Ranks information risks, identifies acceptable security goals, and identifies mechanisms for achieving these goals • Drives other policies ▫ Acceptable use policy (AUP) Defines acceptable uses of firm’s information resources and computing equipment ▫ Authorization policies Determine differing levels of user access to information assets 43 DRP and BCP • Disaster recovery planning: Devises plans for restoration of disrupted services • Business continuity planning: Focuses on restoring business operations after disaster ▫ Both types of plans needed to identify firm’s most critical systems ▫ Business impact analysis to determine impact of an outage ▫ Management must determine which systems restored first 44 Protecting Information • Identity management software – Automates keeping track of all users and privileges – Authenticates users, protecting identities, controlling access • Authentication – Password systems – Tokens – Smart cards – Biometric authentication 45 Tools - Firewall • Combination of hardware and software that prevents unauthorized users from accessing private networks • Technologies include: ▫ Static packet filtering ▫ Stateful inspection ▫ Network address translation (NAT) ▫ Application proxy filtering 46 Corporate Tools • Intrusion detection systems: ▫ Monitors hot spots on corporate networks to detect and deter intruders ▫ Examines events as they are happening to discover attacks in progress • Antivirus and antispyware software: ▫ Checks computers for presence of malware and can often eliminate it as well ▫ Requires continual updating • Unified threat management (UTM) systems 47 Wireless Security • WEP security can provide some security by: ▫ Assigning unique name to network’s SSID and not broadcasting SSID ▫ Using it with VPN technology • Wi-Fi Alliance finalized WAP2 specification, replacing WEP with stronger standards ▫ Continually changing keys ▫ Encrypted authentication system with central server 48 Encryption • Transforming text or data into cipher text that cannot be read by unintended recipients • Two methods for encryption on networks ▫ Secure Sockets Layer (SSL) and successor Transport Layer Security (TLS) ▫ Secure Hypertext Transfer Protocol (SHTTP) 49 Encryption methods • Symmetric key encryption ▫ Sender and receiver use single, shared key • Public key encryption ▫ Uses two, mathematically related keys: Public key and private key ▫ Sender encrypts message with recipient’s public key ▫ Recipient decrypts with private key 50 Public Key Encryption 51 Encryption Tools • Digital certificate: ▫ Data file used to establish the identity of users and electronic assets for protection of online transactions ▫ Uses a trusted third party, certification authority (CA), to validate a user’s identity ▫ CA verifies user’s identity, stores information in CA server, which generates encrypted digital certificate containing owner ID information and copy of owner’s public key • Public key infrastructure (PKI) ▫ Use of public key cryptography working with certificate authority ▫ Widely used in e-commerce 52 Digital Certificates 53 Protecting Environment • Ensuring system availability – Online transaction processing requires 100% availability, no downtime • Fault-tolerant computer systems – For continuous availability, for example, stock markets – Contain redundant hardware, software, and power supply components that create an environment that provides continuous, uninterrupted service • High-availability computing – Helps recover quickly from crash – Minimizes, does not eliminate, downtime 54 Cloud and Security • Responsibility for security resides with company owning the data • Firms must ensure providers provides adequate protection: ▫ Where data are stored ▫ Meeting corporate requirements, legal privacy laws ▫ Segregation of data from other clients ▫ Audits and security certifications • Service level agreements (SLAs) 55 Chapter 9 • Enterprise Applications 56 ERP • Enterprise resource planning (ERP) systems • Suite of integrated software modules and a common central database • Collects data from many divisions of firm for use in nearly all of firm’s internal business activities • Information entered in one process is immediately available for other processes 57 Enterprise Software • Built around thousands of predefined business processes that reflect best practices ▫ ▫ ▫ ▫ Finance and accounting Human resources Manufacturing and production Sales and marketing • To implement, firms: ▫ Select functions of system they wish to use. ▫ Map business processes to software processes. Use software’s configuration tables for customizing. 58 Sample Enterprise System 59 Enterprise System Business Value • Increase operational efficiency • Provide firm-wide information to support decision making • Enable rapid responses to customer requests for information or products • Include analytical tools to evaluate overall organizational performance 60 Supply Chain Management Systems • Network of organizations and processes for: ▫ Procuring materials, transforming them into products, and distributing the products • Upstream supply chain: ▫ Firm’s suppliers, suppliers’ suppliers, processes for managing relationships with them • Downstream supply chain: ▫ Organizations and processes responsible for delivering products to customers • Internal supply chain 61 Supply Chain Management • Inefficiencies cut into a company’s operating costs ▫ Can waste up to 25% of operating expenses • Just-in-time strategy: ▫ Components arrive as they are needed ▫ Finished goods shipped after leaving assembly line • Safety stock: Buffer for lack of flexibility in supply chain • Bullwhip effect ▫ Information about product demand gets distorted as it passes from one entity to next across supply chain 62 SCM Issues • Global supply chain issues ▫ Greater geographical distances ▫ Greater time differences ▫ Participants from different countries Different performance standards Different legal requirements • Internet helps manage global complexities ▫ ▫ ▫ ▫ 63 Warehouse management Transportation management Logistics Outsourcing Business Value of SCM • Match supply to demand; reduce inventory levels • Improve delivery service • Speed product time to market • Use assets more effectively • Reduced supply chain costs lead to increased profitability ▫ Total supply chain costs can be 75% of operating budget • Increase sales 64 CRM • Customer relationship management (CRM) ▫ Knowing the customer ▫ In large businesses, too many customers and too many ways customers interact with firm • CRM systems: ▫ Capture and integrate customer data from all over the organization ▫ Consolidate and analyze customer data ▫ Distribute customer information to various systems and customer touch points across enterprise ▫ Provide single enterprise view of customers 65 CRM 66 CRM Systems • Packages range from niche tools to large-scale enterprise applications. • More comprehensive have modules for: ▫ Partner relationship management (PRM) Integrating lead generation, pricing, promotions, order configurations, and availability Tools to assess partners’ performances ▫ Employee relationship management (ERM) Setting objectives, employee performance management, performance-based compensation, employee training 67 CRM Tools • Sales force automation (SFA) ▫ Sales prospect and contact information, sales quote generation capabilities • Customer service ▫ Assigning and managing customer service requests, Web-based self-service capabilities • Marketing ▫ Capturing prospect and customer data, scheduling and tracking direct-marketing mailings or e-mail, cross-selling 68 CRM Capabilities 69 CRM Types • Operational CRM: ▫ Customer-facing applications such as sales force automation, call center and customer service support, and marketing automation • Analytical CRM: ▫ Based on data warehouses populated by operational CRM systems and customer touch points ▫ Analyzes customer data (OLAP, data mining, etc.) Customer lifetime value (CLTV) 70 Analytical CRM 71 Business Value of CRM • • • • • • Increased customer satisfaction Reduced direct-marketing costs More effective marketing Lower costs for customer acquisition/retention Increased sales revenue Churn rate: ▫ Number of customers who stop using or purchasing products or services from a company ▫ Indicator of growth or decline of firm’s customer base 72 Enterprise Application Challenges • Highly expensive to purchase and implement enterprise applications ▫ Average “large” system—$12 million + ▫ Average “small/midsize” system—$3.5 million • • • • Technology changes Business process changes Organizational learning, changes Switching costs, dependence on software vendors • Data standardization, management, cleansing 73 Chapter 10 • Electronic Commerce 74 Electronic Commerce • E-commerce: Use of the Internet and Web to transact business. • Began in 1995 and grew exponentially; still stable even in a recession. • Companies that survived the dot-com bubble burst and now thrive. • E-commerce revolution is still in its early stages. 75 Features facilitating eCommerce • • • • • • • • 76 Ubiquity Global reach Universal standards Richness (media) Interactivity Information density Personalization/customization Social technology Internet in the Marketplace • Reduces information asymmetry • Offers greater flexibility and efficiency because of: ▫ ▫ ▫ ▫ • • • • • 77 Reduced search costs and transaction costs Lower menu costs Greater price discrimination Dynamic pricing May reduce or increase switching costs May delay gratification: effects dependent on product Increased market segmentation Stronger network effects More disintermediation Benefits 78 Digital Goods • Goods that can be delivered over a digital network ▫ For example: music tracks, video, software, newspapers, books • Cost of producing first unit is almost entire cost of product • Costs of delivery over the Internet very low • Marketing costs remain the same; pricing highly variable • Industries with digital goods are undergoing revolutionary changes (publishers, record labels, etc.) 79 eCommerce Types • Business-to-consumer (B2C) ▫ Example: BarnesandNoble.com • Business-to-business (B2B) ▫ Example: ChemConnect • Consumer-to-consumer (C2C) ▫ Example: eBay • Government-to-consumer (G2C) ▫ Example: City of Colorado Springs web site 80 eCommerce Business Models • • • • • • • 81 E-tailer Transaction broker Market creator Content provider Community provider Portal Service provider eCommerce Revenue Models • Advertising • Sales • Subscription • Free/Freemium • Transaction fee • Affiliate 82 Social Networking • Most popular Web 2.0 service: social networking ▫ Social shopping sites: Swap shopping ideas with friends • Wisdom of crowds • Crowdsourcing ▫ Large numbers of people can make better decisions about topics and products than a single person. • Prediction markets ▫ Peer-to-peer betting markets on specific outcomes (elections, sales figures, designs for new products) 83 eCommerce Marketing • Internet provides new ways to identify and communicate with customers. • Long tail marketing: ▫ Ability to reach a large audience inexpensively • Behavioral targeting: ▫ Tracking online behavior of individuals on thousands of Web sites • Internet advertising formats ▫ Search engine marketing, display ads, rich media, e-mail, and so on 84 Web Site Personalization 85 Advertising Network 86 Social Network Marketing • Seeks to leverage individuals influence over others in social graph • Target is a social network of people sharing interests and advice • Facebook’s “Like button” • Social networks have huge audiences ▫ Facebook: 150 million U.S. visitors monthly 87 Electronic Data Interchange • Computer-to-computer exchange of standard transactions such as invoices, purchase orders. • Major industries have EDI standards that define structure and information fields of electronic documents. • More companies are increasingly moving toward private networks that allow them to link to a wider variety of firms than EDI allows and share a wider range of information in a single system. 88 EDI 89 Private Exchange • Large firm using extranet to link to its suppliers, distributors, and other key business partners • Owned by buyer • Permits sharing of: ▫ ▫ ▫ ▫ 90 Product design and development Marketing Production scheduling and inventory management Unstructured communication (graphics and email) Private Industrial Network 91 Location Based Services • Used by 74% of smartphone owners • Based on GPS map services • Types ▫ Geosocial services Where friends are ▫ Geoadvertising What shops are nearby ▫ Geoinformation services Price of house you are passing 92 Mobile commerce services • Banks, credit card companies provide account management apps • Mobile display advertising ▫ iAd, AdMob, Facebook • Games and entertainment ▫ ▫ ▫ ▫ 93 Downloadable and streamable services Games Video, short films, movies, TV shows Music and ring tones Building business web site • Pieces of the site-building puzzle ▫ Assembling a team with the skills required to make decisions about: Technology Site design Social and information policies Hardware, software, and telecommunications infrastructure ▫ Customer’s demands should drive the site’s technology and design. 94 Building business web site (Cont’d) • Business objectives ▫ The capabilities the site should have Business decisions should drive technology ▫ Example: execute a transaction payment • System functionality ▫ Technology needed to achieve objective ▫ Example: a shopping cart or other payment system • Information requirement ▫ Specific data and processes needed ▫ Example: secure credit card clearing, multiple payment options 95 Building business web site (Cont’d) • Alternatives in building the Web site: ▫ Completely in-house ▫ Mixed responsibility ▫ Completely outsourced Co-location • Web site budgets ▫ Several thousand to millions per year ▫ 50% of budget is system maintenance and content creation 96 Building the site 97 Web site budget allocation 98 Group Project • The Course Project Requirements document is due next week. • Now that you identified your client (customer) you can begin assembling the specific requirements to begin designing your course project web site. • Keep in mind that the requirements are the specific pages you will design for your client. • For your project you are required to deliver five (5) specific requirements which will be converted to five specific web pages. 99 Group Project Requirements • Your requirements document should contain the following elements. ▫ The requirements document should be 3-4 pages in length and adhere to APA guidelines. Select one member of the group to submit the Course Project Requirements document. ▫ Introduction (who is your client) ▫ Purpose Statement (why the web site is necessary for the business) ▫ List of Requirements (based on client needs) ▫ Summary 100 Questions? 101