Mis3rd
- 1. 845-HB-KT 1) Define eBusiness? eBusiness Electronic commerce (EC or e-commerce) describes the process of buying, selling, transferring, or exchanging products, services, or information via computer networks, including the Internet. E-business is a somewhat broader concept. In addition to the buying and selling of goods and services, e- business also refers to servicing customers, collaborating with business partners, and performing electronic transactions within an organization. Or E-business (electronic business) is the conducting of business on the Internet, not only buying and selling but also servicing customers and collaborating with business partners. 2) What is meant by Communitainment' The Internet has increasingly become a principal medium for community, communication, and entertainment–three areas that have collided together and are impacting each other’s growth– generating a new type of activity that we call communitainment. 3) What is meant by IT Steering Committee? IT steering committee It is a committee, comprised of a group of managers and staff representing various organizational units, set up to establish IT priorities and to ensure that the MIS function is meeting the needs of the enterprise. The IT steering committee acts as very important role in developing and implementing the IT strategic plan The IT steering committee is important because it ensures that you get the information systems and applications that you need to do your job. 4) What is meant by Social engineering social engineering It is Getting around security systems by tricking computer users inside a company into revealing sensitive information or gaining unauthorized access privileges. Or Social engineering is an attack in which the perpetrator uses social skills to trick or manipulate a legitimate employee into providing confidential company information such as passwords The most common example of social engineering is The attacker impersonates someone else on the telephone, such as a company manager or information systems employee. The attacker claims he forgot his password and asks the legitimate employee to give him a password to use. 5) Define Information Systems Auditing? Information Systems Auditing is performing the task of examination of information systems, their inputs, outputs, and processing and checking for Are all controls installed as intended? Are the controls effective? Has any breach of security occurred?
- 2. 845-HB-KT If so, what actions are required to prevent future breaches? There are two type of IS Audiying Internal auditing External auditing 6) Define Pilot conversion. pilot conversion It is Implementation process that introduces the new system in one part of the organization like department or in one functional area on a trial basis; when new system is working properly, it is introduced in other parts of the organization. 7) What is meant by Organizational strategic plan? The organization’s strategic plan The organization’s strategic plan states the firm’s overall mission, the goals that to be followed from that mission, and the broad steps necessary to reach these goals. It plays important role in the planning process for new IT applications The strategic planning process modifies the organization’s objectives and resources to meet its changing markets and opportunities. 8) Define IT Strategic Plan. IT strategic plan It is a set of long-range goals that describe the IT infrastructure and major IT initiatives needed to achieve the goals of the organization. The IT strategic plan must meet three objectives: 1. It must be aligned with the organization’s strategic plan. 2. It must provide for an IT architecture that enables users, applications, and databases to be seamlessly networked and integrated. 3. It must efficiently allocate IS development resources among competing projects so the projects can be completed on time and within budget and have the required functionality.
- 3. 845-HB-KT Q9) Threats to Information Systems Whitman and Mattord (2003) classified threats into five general categories to help us better understand the complexity of the threat problem. Their categories are: 1. Unintentional acts 2. Natural disasters 3. Technical failures 4. Management failures 5. Deliberate acts Unintentional Acts. Unintentional acts are those acts with no malicious intent. There are three types of unintentional acts human errors deviations in the quality of service by service providers environmental hazards Out of these three types of acts, human errors represent by far the most serious threats to information security. Human errors or mistakes by employees pose a large problem as the result of laziness, carelessness, or a lack of awareness concerning information security. This lack of awareness comes from poor education and training efforts by the organization. Human Mistakes Description and Examples Tailgating A technique designed to allow the perpetrator to enter restricted areas that are controlled with locks or card entry. The perpetrator follows closely behind a legitimate employee and, when the employee gains entry, asks them to “hold the door.” Shoulder surfing The perpetrator watches the employee’s computer screen over that person’s shoulder. This technique is particularly successful in public areas such as airports, commuter trains, and on airplanes. Carelessness with laptops Losing laptops, misplacing laptops, leaving them in taxis, and so on. Carelessness with portable devices Losing or misplacing these devices, or using them carelessly so that malware is introduced into an organization’s network. Opening questionable e-mails Opening e-mails from someone unknown, or clicking on links embedded in e-mails Careless Internet surfing Accessing questionable web sites; can result in malware and/or alien software being introduced into the organization’s network. Poor password selection and use Choosing and using weak passwords Carelessness with one’s office Unlocked desks and filing cabinets when employees go home at night; not logging off the company network when gone from the office for any extended period of time. Carelessness using unmanaged devices Unmanaged devices are those outside the control of an organization’s IT department and company security procedures. These devices include computers belonging to customers and business
- 4. 845-HB-KT partners, computers in the business centers of hotels, and computers in Starbucks, Paneras, and so on. Carelessness with discarded equipment Discarding old computer hardware and devices without completely wiping the memory; includes computers, cellphones, Blackberries, and digital copiers and printers. The human errors that we have just discussed are unintentional on the part of the employee. Employees can also make mistakes as a result of deliberate actions by an attacker. These actions are classified into three categories Social engineering Reverse social engineering social data mining (buddy mining) An attack that occurs when perpetrators seek to learn who knows who in an organization, and how, in order to target specific individuals. Deviations in the Quality of Service by Service Providers. This category consists of situations in which a product or service is not delivered to the organization as expected. Ex: Heavy equipment at a construction site cuts a fiber-optic line to your building or your Internet service provider has availability problems. Organizations may also experience service disruptions from various providers, such as communications, electricity, telephone, water, wastewater, trash pickup, cable, and natural gas. Environmental Hazards. Environmental hazards include dirt, dust, humidity, and static electricity. These hazards are harmful to the safe operation of computing equipment. Natural Disasters. Natural disasters include floods, earthquakes, hurricanes, tornadoes, lightning, and in some cases, fires. In many cases, these disasters “sometimes referred to as acts of God” can cause catastrophic losses of systems and data. To avoid such losses, companies must engage in proper planning for backup and recovery of information systems and data. Known as Disaster Recovery Plans which includes Maintenance of HOT Sites , WARM Sites and COLD Sites Technical Failures. Technical failures include problems with hardware and software. The most common hardware problem is a crash of a hard disk drive The most common software problem is errors—called bugs—in computer programs. Software bugs are so common that entire web sites are dedicated to documenting them. Ex: www.bug- track.com and www.bugaware.com. Management Failures. Management failures involve a lack of funding for information security efforts and a lack of interest in those efforts. Such lack of leadership will cause the information security of the organization to suffer.
- 5. 845-HB-KT Q10 ) Explain any three ethical issues related to e-commerce. Page no : 223 Ethical Issues Most of the ethical and global issues related to IT also apply to e-business. Here we consider two basic issues Privacy Job loss. By making it easier to store and transfer personal information, e-business presents some threats to privacy. To begin with, most electronic payment systems know who the buyers are. It may be necessary, then, to protect the buyers’ identities. Businesses frequently use encryption to provide this protection. Another major privacy issue is tracking. For example, individuals’ activities on the Internet can be tracked by cookies. Cookies store your tracking history on your personal computer’s hard drive, and any time you revisit a certain Web site, the computer knows it In response, some users install programs to exercise some control over cookies and thus restore their online privacy. In addition to compromising employees’ privacy, the use of EC may eliminate the need for some of a company’s employees, as well as brokers and agents. The manner in which these unneeded workers, especially employees, are treated can raise ethical issues: How should the company handle the layoffs? Should companies be required to retrain employees for new positions? If not, how should the company compensate or otherwise assist the displaced workers?