MIS 300 Exam 2

Knowledge workers:
advise middle managers
The IT infrastructure is comprised of _______ and ________.
IT Components and IT Services
Which of the following statements about your future role as a manager is false?
The size of my team will likely be smaller than teams of today.
_____ is/are the computer hardware, software, and communications technologies that are used by IT personnel to produce IT services.
IT Components
An organization’s IT components include all of the following except:
If Amazon uses a list of all your purchases (books bought, price paid, dates) to recommend other books to you, then it is applying its _____.
Enterprise resource planning systems
use a common data base for all functional areas
An organization’s information technology architecture:
all of these
The title of the executive who is in charge of the people who design and build information systems, the people who use those systems, and the people responsible for managing those systems is the
Which of the following is the correct hierarchy from the lowest level to the highest level?
Data / Information / Knowledge
Which of the following statements is false?
Each functional area within an organization has only one application.
Walmart’s automatic replenishment system, which enables the company to reduce inventory storage requirements, is an example of which strategy for competitive advantage?
Cost Leadership
Which of the following statements is false?
Business activity monitoring is a type of scheduled reporting.
Which strategy for competitive advantage involves introducing new products and putting new features in existing products
Producing identical items in large quantities is called:
Mass Production
Porter’s _____ help(s) companies identify general strategies, whereas his _____ help(s) to identify specific activities where companies can use the strategies for greatest impact.
Competitive force model; Value chain model
New technologies can produce new products very _____, which _____ the threat from substitute products.
Quickly; Increases
Collecting sales tax is an example of a(n):
Marketing Business Process
Which of the following is not an example of business – IT alignment?
The company views IT as a way to support the business but not as a way to create new revenue streams.
The workforce in developed countries is exhibiting all of the following trends except:
It includes fewer persons with disabilities
Which strategy for competitive advantage involves improving the manner in which an organization executes its internal business processes?
Operational Effectiveness
Which of the following is not a role that information systems play in businesses processes?
Establish Standards
Refer to Opening Case- What to Do About WikiLeaks?: Which of the following is false about WikiLeaks?
Governments and companies are using network forensics to identify intruders who break into systems.
_____ issues involve who may obtain information and how much they should pay for this information.
Which of the following statements is not correct?
As with normal first-class mail, employers cannot read employee e-mail.
Shelli runs a small boutique in Tel Aviv. She has built up a very nice client base and regularly sends her clients a newsletter. A new bakery business down the block wants to buy Shelli’s client list from her. If Shelli does sell the list, which ethical issue related to IT would be involved?
What is _____ is not necessarily _____.
Unethical; Illegal
______________ determines who is responsible for the actions taken.
Shelli runs a small boutique in Tel Aviv. Her intern just came to her with a new design for her Web site. Shelli really likes the design, and she informs the intern that he is quite the artist. Section reference 1The intern responds that he found the design on the Internet. Shelli replies that they can’t use it. Her decision reflects which ethical issue related to IT?
Property (such as intellectual property)
The ____________ ethical standard states that an ethical action is the one that provides the most good or does the least harm.
How does society keep owners of electronic bulletin boards from disseminating offensive or untrue content? This is a difficult question because it involves the conflict between _____ on the one hand and _____ on the other.
Freedom of Speech; Privacy
Refer to IT’s About Business 3.3 – Your Privacy on Facebook: Which of the following is false about Facebook’s privacy polices?
Facebook uses an Opt-in Model
Privacy advocates prefer which model of informed consent?
In its study of various organizations, the Ponemon Institute found that the most common cause of data breaches was:
Employee Negligence
Which of the following is not a consequence of poor information security practices?
All of the above are consequences of poor information security practices.
Refer to IT’s About Business 4.3 – The Stuxnet Worm: Which of the following statements is true?
The worm specifically targeted nuclear facilities
Cybercriminals can obtain the information they need in order to assume another person’s identity by:
All of the above are strategies to obtain information to assume another person’s identity.
Organizations use hot sites, warm sites, and cold sites to insure business continuity. Which of the following statements is not true?
A hot site needs to be located close to the organization’s offices.
Access controls involve _____ before _____.
Authentication; Authorization
Which of the following is(are) designed to use your computer as a launch pad for sending unsolicited e-mail to other computers?
A _____ is any danger to which an information resource may be exposed.
_____ involves building an inappropriate trust relationship with employees for the purpose of gaining sensitive information or unauthorized access privileges.
Social Engineering
Bob is using public key encryption to send a message to Ted. Bob encrypts the message with Ted’s _____ key, and Ted decrypts the message using his _____ key.
Public; Private
The term _____ refers to clandestine software that is installed on your PC through duplicitous channels but is not particularly malicious.
Alien Software
Relates to any computer based tool that people use to work with information and support the information and information processing needs of an organization:
Information Technology (IT)
An information system that uses computer technology to perform some or all of its intended tasks:
Computer based information system (CBIS)
Data and/or information that have been organized and processed to convey understanding, experience, accumulated learning and expertise as they apply to a current problem or activity:
Collects, processes, analyzes, stores, and disseminetes information for a specific purpose:
Information Systems
Information systems that correct a lack of communication among the functional area IS’s by tightly integrating the functional area IS’s via a common database:
Enterprise Resource Planning (ERP) Systems
Positive societal effects from the increased use of information technology:
1-Provide opportunities for people with disabilities
2-Provide people with flexibility in their work (anywhere/anytime)
3-Robots will take over mundane chores
4-Enable improvements in health care
Negative societal effects of the increased use of information technology:
1-Can cause health problems for individuals
2-Place employees on constant call
3-Potentially misinform patients about their health problems
The system which provides overall control and monitoring functions of a specific process or application. Generally consists of a network of computers, controllers, and I/O modules.
Automation Systems
___ is an ongoing collection of related activities that create a product or a service of value to the organization, its business partners, and/or its customers.
Business Process
Provide examples of Business Processes in the functional area of an organization:
-Managing accounts payable
-Managing accounts recieveable
-managing post sale customer follow up
-managing bills of materials
-Managing manufacturing change orders
-Applying disabilities policies
-Hiring employees
-Training staff and computer users
-Applying internet use policy
Differentiate between the terms business process reengineering and business process management.
BPR is a radical redesign of an organizations business processes that is intended to improve the efficiency and effectiveness of these processes. The key to BPR is for enterprises to examine their business processes from a “clean sheet” perspective and then determine for they could best reconstruct those processes to improve their business functions. B/c BPR proved difficult to implement, organizations have turned to BPM. BPM is a management technique that includes methods and tools to support the design, analysis, implementation, management, and optimization of business processes.
List a business pressure and describe an IT response to it;
Market Pressures: An example of a market pressure is powerful customers. Customer relationship management is an effective IT response that helps companies achieve customer intimacy.
List a business pressure and describe an IT response to it;
Technology Pressures: An example of a technology pressure is information overload. Search engines and business intelligence applications enable managers to access, navigate, and utilize vast amounts of information.
List a business pressure and describe an IT response to it;
Societal/Political/Legal Pressures: An example is social responsibility, such as the state of the physical environment. Green IT is one response that is intended to improve the environment.
Two information systems that support the entire organization are:
Enterprise resource planning systems; Transaction processing systems
___ systems are designed to correct a lack of communications among ___.
Enterprise resource planning; Functional area information systems
The introduction of ATM machines by Citibank was a classic example of which strategy for competitive advantage?
For most companies, the Web ___ the threat that new competitors will enter the market by ___ traditional barriers to entry.
Increases, decreasing
In ___, the organization purchases insurance as a means to compensate for any loss.
Risk Transference
When Amazon welcomes you by name back to its website on your second visit this is an example of which strategy for competitive advantage?
Customer Orientation
The most overlooked people in information security are:
Janitors and Guards
Identify the 5 competitive forces described by Porter:
1-Threat of entry of new competitors
2-Bargaining power of Suppliers
3-Bargaining power of customers(buyers)
4-Threat of substitute products or services
5-Rivalry among existing firms in the industry
Explain how the web has an impact on the threat of entry of new competitors:
For most firms, the web increases the threat that new competitors will enter the market by reducing traditional barriers to entry. Frequently, competitors need only to set up a Web site to enter a market. The web can also increase barriers to entry, as when customers come to expect a nontrivial capability from their suppliers.
Explain how the web has an impact on the bargaining power of suppliers:
The web enables buyers to find alternative suppliers and to compare prices more easily, thereby reducing suppliers’ bargaining power. From a different perspective, as companies use the web to integrate their supply chains, participating suppliers can lock in customers, thereby increasing suppliers’ bargaining power.
Explain how the web has an impact on the bargaining power of customers (buyers):
The web provides customers with incredible amounts of choices for products, as well as information about those choices. As a result, the Web increases buyer power. However, companies can implement loyalty programs in which they use the web to monitor the activities of millions of customers. Such programs reduce buyer power.
Explain how the web has an impact on the threat of substitute products or services:
New technologies create substitute products very rapidly, and the web makes information about these products available almost instantly. As a result, industries (particularly information based industries) are in great danger from substitutes (music, books, newspapers, magazines, software) However, the web can also enable a company to build in switching costs, so that it will cost customers time and or money to switch from your company to a competitor.
Explain how the web has an impact on the rivalry among existing firms in the industry:
In the past, proprietary information systems provided strategic advantage for firms in highly competitive industries. The visibility of Internet applications on the Web makes strategic advantage more short lived.
What are the 5 strategies that organizations typically adopt to counter the 5 competitive forces and achieve competitive advantage?
1-Cost Leadership
4-Operational Effectiveness
Produce products and/or services at the lowest cost in the industry:
Cost Leadership Strategy
Offer different products, services, or product features:
Differentiation Strategy
Introduce new products and services, put new features in existing products and services, or develop new ways to produce them:
Innovation Strategy
Improve the manner in which internal business processes are executed so that the firm performs similar activities better than its rivals:
Operational Effectiveness Strategy
Concentrate on making customers happy:
Customer-orientation Strategy
An advantage over competitors in some measure such as cost, quality, or speed; leads to control of a market and to larger-than-average profits.
Competitive Advantage
Systems that help an organization gain a competitive advantage by supporting its strategic goals and/or increasing performance and productivity.
Strategic Information Systems (SISs)
The tight integration of the IT function with the strategy, mission, and goals of the organization:
Business-information technology alignment
What are the 6 characteristics of effective alignment for BIT?
1-Organizations view IT as an engine of innovation that continually transforms the business.
2-Organizations view customers and customer service as supremely important.
3-Organizations rotate business and IT professionals across departments and job functions.
4-Organizations provide clear, overarching goals for all employees.
5-Organizations ensure that IT employees understand how the company makes (or loses) money.
6-Organizations create a vibrant and inclusive company culture.
The principles of right and wrong that individuals use to make choices to guide their behaviors:
What are the three fundamental tenants of ethics?
Responsibility, Accountability, and Liability
A tenet of ethics that refers to determining who is responsible for actions that were taken:
A legal concept that gives individuals the right to recover the damages done to them by other individuals, organizations or systems:
A tenet of ethics in which you accept the consequences of your decisions and actions:
What are the 4 categories of ethical issues related to IT?
Privacy, Accuracy, Property, Accessibility
Identify 3 places that store personal data and the threat of privacy to these.
The privacy threat in Internet bulletin boards, newsgroups, and social networking sites is that you might post too much personal information that many unknown people can see.
Threats to privacy include:
-Advances in Information Technologies
-Electronic Surveillance
-Personal information in databases
-Internet Bulletin boards
-Social Networking sites
___ is the right to be left alone and to be free of unreasonable personal intrusions.
Identify the 5 factors that contribute to the increasing vulnerability of information resources.
1-Today’s interconnected, interdependent, wirelessly networked business environment.
2-Smaller, faster, cheaper computers and storage devices
3-Decreasing skills necessary to be a computer hacker
4-International organized crime taking over cybercrime
5-Lack of management support
Give examples that go with the 5 factors that contributed to the increasing vulnerability of information resources.
2-Netbooks, Thumb drives, iPads
3-Information system hacking programs circulating the Internet
4-Organized crime has formed transnational cybercrime cartels. Because it is difficult to know exactly where cyber attacks originate, these cartels are extremely hard to bring to justice.
5-Suppose that your company spent $10 million on information security countermeasures last year and experienced no successful attacks on information resources. Short-sighted management might conclude that the company could spend less during the next year and obtain the same results. Bad Idea.
Compare and contrast human mistakes and social engineering, providing an example for each.
HUMAN MISTAKES are unintentional errors. However, employees can also make unintentional mistakes as a result of actions by an attacker, such as social engineering. SOCIAL ENGINEERING is an attack where the perpetrator uses social skills to trick or manipulate a legitimate employee into providing confidential company information.
-An example of a human mistake is tailgating. An example of social engineering is when an attacker calls an employee on the phone and impersonates a superior in the company.
Are acts performed without malicious intent that nevertheless represent a serious threat to information security.
Unintentional Threats
A major category of unintentional threats is:
Human Error
What are the Deliberate Threats to Information Systems?
1-Espionage or Trespass
2-Information Extortion
3-Sabotage and Vandalism
4-Theft of equipment and information
5-Identity Theft
6-Protecting intellectual property
7-Software attacks
8-Alien Software
9-Supervisory control and data acquisition (SCADA)
10-Cyberterrorism and Cyber warfare
What are the 9 types of deliberate attacks?
3-Phishing Attack
4-Spear Phishing attack
5-Denial of service attack
6-Distributed denial of service attack
7-Trojan Horse
8-Back Door
9-Logic Bomb
Segment of computer code that performs malicious actions by attaching to another computer program.
Segment of computer code that performs malicious actions and will replicate, or spread, by itself (without requiring another computer program)
____ use deception to acquire sensitive personal information by masquerading as official looking emails or instant messages.
Phishing Attack
Target large groups of people. In these attacks perpetrators find out as much information as possible to improve their chances that phishing techniques will be able to obtain sensitive, personal information.
Spear Phishing Attack
Attacker sends so many information requests to a target computer system that the target cannot handle them successfully and typically crashes or ceases to function.
Denial of Service Attack
An attacker first takes over many computers, typically by using malicious software. These computers are called zombies or bots. The attacker uses these bots- which form a bonnet- to deliver a coordinated stream of information requests to a target computer, causing it to crash.
Distributed Denial of Service Attack
Software programs that hide in other computer programs and reveal their designed behavior only when they are activated.
Trojan Horse
Typically a password, known only to the attacker, that allows him or her to access a computer system at will, without having to go through any security procedures.
Back Door

Also called a Trap Door

Segment of computer code that is embedded within an organization’s existing computer programs and is designed to activate and perform a destructive action at a certain time or date.
Logic Bomb
What are the 3 risk mitigation strategies?
Risk Acceptance, Risk Limitation, Risk Transference
Define Risk Acceptance and provide an example in the context of owning a home.
-Where the organization accepts the potential risk, continues operating with no controls, and absorbs any damages that occur.
-If you own a home you may decide not to insure it. Thus, you are practicing risk acceptance, clearly this is a bad idea.
Define Risk Limitation and provide an example in the context of owning a home.
-Where the organization limits the risk by implementing controls that minimize the impact of threats.
-As a homeowner, you practice risk limitation by putting in an alarm system or cutting down weak trees near your house.
Define Risk Transference and provide an example in the context of owning a home.
-Where the organization transfers the risk by using other means to compensate for the loss, such as by purchasing insurance.
-The vast majority of homeowners practice risk transference by purchasing insurance on their houses and other possessions.
Identify the 3 major types of controls that organizations can use to protect their information resources:
Physical, Access, Communications
___ Prevent unauthorized individuals from gaining access to a companies facilities. Common controls include walls, doors, fencing, gates, locks, badges, guards, and alarm systems.
More sophisticated controls include pressure sensors, temperature sensors, and motion detectors.
Physical Controls
___ Restrict unauthorized individuals from using information resources. These controls involve 2 major functions: Authentication and Authorization.
Access Controls
____ Secure the movement of data across networks. These controls consist of firewalls, anti-malware systems, whitelisting and blacklisting, encryption, virtual private networking, secure socket layer, and vulnerability management systems.
Communications Controls
Various organizations that promote fair and responsible use of information systems often develop ____.
a code of ethics
Despite the success of E-Mealz, Jane Delaney did not originally plan to create a large enterprise.
One of the big advantages of being an informed user and consumer of IT is that it enables you to anticipate future innovations and their potential applications.
Global outsourcing helps an organization to:
-Find the best person for the job.
-Find more economical resources.
-Implement spatial and temporal flexibility
Managing information systems in a modern organization is challenging because:
the systems are very expensive to acquire, operate, and maintain; and the systems are critical to the organization’s operations.
HR information systems, POM information systems, CRM information systems, and marketing information systems are usually classified as:
Functional Area Information Systems
One impact of IT will be to decrease the numbers of managers employed in organizations.
The core capabilities of computer-based information systems include:
-Quick access to information.
-Staging and processing of large amounts of data.
-High-speed calculations.
The Internet reduces the barriers of entry for new competitors in an established industry.
The Internet can both reduce and increase the bargaining power of suppliers, depending on the specific circumstances
In recent years, companies such as Walmart and Amazon.com have offered streaming videos for rent on their Web sites. This is another example of how new technology has:
-Increased the threat of new entrants.
-Increased the threat of substitute products
The goals of business process reengineering are to:
-Increase productivity.
-Optimize operations.
-Increase customer satisfaction.
-Reduce waste.
Two major conflicting issues related to privacy are ___ and ___.
Freedom of Speech; National Security
Making and distributing information goods to which you do not own the ___ is referred to as ____.
Copyright; Piracy
Whereas phishing attacks are ____ , denial of service attacks are ____.
remote attacks requiring user action, remote attacks requiring no user action
Buying health insurance is an example of risk ____, whereas going without is an example of risk _____.
transference, acceptance
Implementing controls to prevent threats from occurring and developing a recovery plan should the threats occur are two broad functions of
Risk Mitigation