Đang tải... (xem toàn văn)
(BQ) Part 2 book Management information systems Managing the digital firm has contents Securing information systems, managing knowledge, enhancing decision making, building information systems, managing projects, managing global systems,...and other contents.
Find more at www.downloadslide.com Chapter Securing Information Systems LEARNING OBJECTIVES CHAPTER OUTLINE After reading this chapter, you will be able to answer the following questions: 8.1 SYSTEM VULNERABILITY AND ABUSE Why Systems Are Vulnerable Malicious Software: Viruses, Worms, Trojan Horses, and Spyware Hackers and Computer Crime Internal Threats: Employees Software Vulnerability 8.2 BUSINESS VALUE OF SECURITY AND CONTROL Legal and Regulatory Requirements for Electronic Records Management Electronic Evidence and Computer Forensics 8.3 ESTABLISHING A FRAMEWORK FOR SECURITY AND CONTROL Information Systems Controls Risk Assessment Security Policy Disaster Recovery Planning and Business Continuity Planning The Role of Auditing 8.4 TECHNOLOGIES AND TOOLS FOR PROTECTING INFORMATION RESOURCES Identity Management and Authentication Firewalls, Intrusion Detection Systems, and Antivirus Software Securing Wireless Networks Encryption and Public Key Infrastructure Ensuring System Availability Security Issues for Cloud Computing and the Mobile Digital Platform Why are information systems vulnerable to destruction, error, and abuse? What is the business value of security and control? What are the components of an organizational framework for security and control? What are the most important tools and technologies for safeguarding information resources? Ensuring Software Quality Interactive Sessions: Stuxnet and the Changing Face of Cyberwarfare MWEB Business: Hacked LEARNING TRACK MODULES The Booming Job Market in IT Security The Sarbanes-Oxley Act Computer Forensics General and Application Controls for Information Systems Management Challenges of Security and Control Software Vulnerability and Reliability Find more at www.downloadslide.com YOU’RE ON LINKEDIN? WATCH OUT! L inkedIn is one of the most prominent social networking sites on the Web LinkedIn has over 160 million members, mostly career minded white-collar workers more interested in networking than being social Users maintain online resumes, establish links with their colleagues and business contacts, and search for experts with answers to their daily business problems People looking for jobs or to advance their careers take this service very seriously By any measure, LinkedIn has been one of the top tech success stories in the last decade The company is now valued at over $12 billion In June 2012, however, the company suffered a staggering data breach that exposed the passwords of millions of LinkedIn users Hackers breached LinkedIn’s security and stole 6.5 million user passwords, then posted the passwords publicly on a Russian hacking forum In the aftermath of the breach, LinkedIn users and security experts alike were stunned that a company whose primary function is to collect and manage customer data had done so little to safeguard it LinkedIn had woefully inadequate computer security, especially for a highly successful tech company with healthy cash reserves, a strong bottom line, and talented employees Security experts criticized LinkedIn for not having a chief security officer whose primary job is to guard against security breaches But even more surprisingly, LinkedIn was found to have minimal password protection via encryption and did not employ several standard encryption techniques used to protect passwords Most companies will use a technique known as “salting,” which adds a series of random digits to the end of hashed passwords to make them more difficult to crack Salting can be performed at little to no cost with just a few additional lines of code Most companies use complicated cryptographic functions to salt passwords, but, incredibly LinkedIn had not salted its users’ passwords at all, the security equivalent of leaving one’s valuables unattended in a crowded area Most companies store hashed passwords on separate, secure Web servers to make it more difficult for hackers to break in The total cost for a company like LinkedIn to set up robust password, Web server, and application security would be in the low six figures, but the average data breach costs companies $5.5 million, according to a Symantec-sponsored study by the Ponemon Institute LinkedIn's losses might end up being even higher than that, which makes their near total disregard for data security even more surprising Some security experts believe that the lack of liability for companies like LinkedIn is a major reason for their lax security policies Unlike other industries, where basic consumer protections are overseen and protected, computer security and social network data security are not regulated and are poorly protected by many companies Additionally, with social networks, people tend not to leave a service because of a data breach For example, in the wake of the breach, many users wanted to leave LinkedIn, but opted not to because it is the most prominent social network for business networking © Rafal Olechowski/Shutterstock 323 Find more at www.downloadslide.com 324 Part Two Information Technology Infrastructure Immediately after the password theft, LinkedIn quickly assured its customers that their data were secure The company disabled the 6.5 million published passwords and announced that it had begun an initiative to salt passwords to increase security Nevertheless, LinkedIn now faces a $5 million class-action lawsuit that asserts that LinkedIn failed to follow even the minimal industry-standard practices for data protection, specifically more recent forms of salting hashed passwords Security experts noted that LinkedIn’s security procedures would have been state of the art several years ago, but that they had done little to keep up with and protect themselves from the surge in data breaches in the last year or two LinkedIn must not only update their security to today’s standards, but must also adopt the mindset that protecting consumer data is an ongoing effort, not a one-time fix Sources: LinkedIn Faces $5 Million Lawsuit After Password Breach,” CIO Insight, June 22, 2012; “LinkedIn Defends Reaction in Wake of Password Theft,” The Wall Street Journal, June 10, 2012; “Lax Security at LinkedIn Is Laid Bare,” The New York Times, June 10, 2012; “Why ID Thieves Love Social Media,” Marketwatch, March 25, 2012 T he problems created by the theft of 6.5 million passwords at LinkedIn illustrate some of the reasons why businesses need to pay special attention to information system security LinkedIn provides important benefits to both individuals and businesses But from a security standpoint, LinkedIn did not sufficiently protect its Web site from hackers, who were able to steal sensitive user information The chapter-opening diagram calls attention to important points raised by this case and this chapter Although LinkedIn’s management has some security technology and procedures in place, it has not done enough to protect its user data It failed to use standard password encryption techniques, including “salting,” to protect user passwords The “social” nature of this site and large number of users make it unusually attractive for criminals and hackers intent on stealing valuable personal and financial information and propagating malicious software Given LinkedIn’s large user base and the social nature of the site, management did not enough to protect LinkedIn’s data LinkedIn’s loyal user base prevented the fallout from the breach from being much greater, and most people decided they needed to stay with the site because it was so valuable for their careers Nevertheless, the company faces a multimillion-dollar class action suit as well as reputational damage For all companies the lesson is clear: difficulties of eradicating malicious software or repairing damage caused by identity theft add to operational costs and make both individuals and businesses less effective Here are some questions to think about: What management, organization, and technology factors contributed to the LinkedIn data breach? What was the business impact of the data breach? Find more at www.downloadslide.com Chapter Securing Information Systems 8.1 SYSTEM VULNERABILITY AND ABUSE C an you imagine what would happen if you tried to link to the Internet without a firewall or antivirus software? Your computer would be disabled in a few seconds, and it might take you many days to recover If you used the computer to run your business, you might not be able to sell to your customers or place orders with your suppliers while it was down And you might find that your computer system had been penetrated by outsiders, who perhaps stole or destroyed valuable data, including confidential payment data from your customers If too much data were destroyed or divulged, your business might never be able to operate! In short, if you operate a business today, you need to make security and control a top priority Security refers to the policies, procedures, and technical measures used to prevent unauthorized access, alteration, theft, or physical damage to information systems Controls are methods, policies, and organizational procedures that ensure the safety of the organization’s assets, the accuracy and reliability of its records, and operational adherence to management standards WHY SYSTEMS ARE VULNERABLE When large amounts of data are stored in electronic form, they are vulnerable to many more kinds of threats than when they existed in manual form Through communications networks, information systems in different locations are interconnected The potential for unauthorized access, abuse, or fraud is not limited to a single location but can occur at any access point in the network Figure 8.1 illustrates the most common threats against contemporary information systems They can stem from technical, organizational, and environmental factors compounded by poor management decisions In the multi-tier client/ server computing environment illustrated here, vulnerabilities exist at each layer and in the communications between the layers Users at the client FIGURE 8.1 CONTEMPORARY SECURITY CHALLENGES AND VULNERABILITIES The architecture of a Web-based application typically includes a Web client, a server, and corporate information systems linked to databases Each of these components presents security challenges and vulnerabilities Floods, fires, power failures, and other electrical problems can cause disruptions at any point in the network 325 Find more at www.downloadslide.com 326 Part Two Information Technology Infrastructure layer can cause harm by introducing errors or by accessing systems without authorization It is possible to access data flowing over networks, steal valuable data during transmission, or alter messages without authorization Radiation may disrupt a network at various points as well Intruders can launch denialof-service attacks or malicious software to disrupt the operation of Web sites Those capable of penetrating corporate systems can destroy or alter corporate data stored in databases or files Systems malfunction if computer hardware breaks down, is not configured properly, or is damaged by improper use or criminal acts Errors in programming, improper installation, or unauthorized changes cause computer software to fail Power failures, floods, fires, or other natural disasters can also disrupt computer systems Domestic or offshore partnering with another company adds to system vulnerability if valuable information resides on networks and computers outside the organization’s control Without strong safeguards, valuable data could be lost, destroyed, or could fall into the wrong hands, revealing important trade secrets or information that violates personal privacy The popularity of handheld mobile devices for business computing adds to these woes Portability makes cell phones, smartphones, and tablet computers easy to lose or steal Smartphones share the same security weaknesses as other Internet devices, and are vulnerable to malicious software and penetration from outsiders Smartphones used by corporate employees often contain sensitive data such as sales figures, customer names, phone numbers, and e-mail addresses Intruders may be able to access internal corporate systems through these devices Internet Vulnerabilities Large public networks, such as the Internet, are more vulnerable than internal networks because they are virtually open to anyone The Internet is so huge that when abuses occur, they can have an enormously widespread impact When the Internet becomes part of the corporate network, the organization’s information systems are even more vulnerable to actions from outsiders Computers that are constantly connected to the Internet by cable modems or digital subscriber line (DSL) lines are more open to penetration by outsiders because they use fixed Internet addresses where they can be easily identified (With dial-up service, a temporary Internet address is assigned for each session.) A fixed Internet address creates a fixed target for hackers Telephone service based on Internet technology (see Chapter 7) is more vulnerable than the switched voice network if it does not run over a secure private network Most Voice over IP (VoIP) traffic over the public Internet is not encrypted, so anyone with a network can listen in on conversations Hackers can intercept conversations or shut down voice service by flooding servers supporting VoIP with bogus traffic Vulnerability has also increased from widespread use of e-mail, instant messaging (IM), and peer-to-peer file-sharing programs E-mail may contain attachments that serve as springboards for malicious software or unauthorized access to internal corporate systems Employees may use e-mail messages to transmit valuable trade secrets, financial data, or confidential customer information to unauthorized recipients Popular IM applications for consumers not use a secure layer for text messages, so they can be intercepted and read by outsiders during transmission over the public Internet Instant messaging activity over the Internet can in some cases be used as a back door to an otherwise secure network Sharing files over peer-to-peer (P2P) networks, such as Find more at www.downloadslide.com Chapter Securing Information Systems those for illegal music sharing, may also transmit malicious software or expose information on either individual or corporate computers to outsiders Wireless Security Challenges Is it safe to log onto a wireless network at an airport, library, or other public location? It depends on how vigilant you are Even the wireless network in your home is vulnerable because radio frequency bands are easy to scan Both Bluetooth and Wi-Fi networks are susceptible to hacking by eavesdroppers Local area networks (LANs) using the 802.11 standard can be easily penetrated by outsiders armed with laptops, wireless cards, external antennae, and hacking software Hackers use these tools to detect unprotected networks, monitor network traffic, and, in some cases, gain access to the Internet or to corporate networks Wi-Fi transmission technology was designed to make it easy for stations to find and hear one another The service set identifiers (SSIDs) that identify the access points in a Wi-Fi network are broadcast multiple times and can be picked up fairly easily by intruders’ sniffer programs (see Figure 8.2) Wireless networks in many locations not have basic protections against war driving, in which eavesdroppers drive by buildings or park outside and try to intercept wireless network traffic An intruder that has associated with an access point by using the correct SSID is capable of accessing other resources on the network For example, the intruder could use the Windows operating system to determine which other users are connected to the network, access their computer hard drives, and open or copy their files FIGURE 8.2 WI-FI SECURITY CHALLENGES Many Wi-Fi networks can be penetrated easily by intruders using sniffer programs to obtain an address to access the resources of a network without authorization 327 Find more at www.downloadslide.com 328 Part Two Information Technology Infrastructure Intruders also use the information they have gleaned to set up rogue access points on a different radio channel in physical locations close to users to force a user’s radio network interface controller (NIC) to associate with the rogue access point Once this association occurs, hackers using the rogue access point can capture the names and passwords of unsuspecting users MALICIOUS SOFTWARE: VIRUSES, WORMS, TROJAN HORSES, AND SPYWARE Malicious software programs are referred to as malware and include a variety of threats, such as computer viruses, worms, and Trojan horses A computer virus is a rogue software program that attaches itself to other software programs or data files in order to be executed, usually without user knowledge or permission Most computer viruses deliver a “payload.” The payload may be relatively benign, such as instructions to display a message or image, or it may be highly destructive—destroying programs or data, clogging computer memory, reformatting a computer’s hard drive, or causing programs to run improperly Viruses typically spread from computer to computer when humans take an action, such as sending an e-mail attachment or copying an infected file Most recent attacks have come from worms, which are independent computer programs that copy themselves from one computer to other computers over a network Unlike viruses, worms can operate on their own without attaching to other computer program files and rely less on human behavior in order to spread from computer to computer This explains why computer worms spread much more rapidly than computer viruses Worms destroy data and programs as well as disrupt or even halt the operation of computer networks Worms and viruses are often spread over the Internet from files of downloaded software, from files attached to e-mail transmissions, or from compromised e-mail messages, online ads, or instant messaging Viruses have also invaded computerized information systems from “infected” disks or infected machines Especially prevalent today are drive-by downloads, consisting of malware that comes with a downloaded file that a user intentionally or unintentionally requests Hackers can to a smartphone just about anything they can to any Internet device: request malicious files without user intervention, delete files, transmit files, install programs running in the background to monitor user actions, and potentially convert the smartphone into a robot in a botnet to send e-mail and text messages to anyone With smartphones starting to outsell PCs, and smartphones increasingly used as payment devices, they are becoming a major avenue for malware Malware targeting mobile devices is not yet as extensive as that targeting larger computers, but nonetheless is spreading using e-mail, text messages, Bluetooth, and file downloads from the Web via Wi-Fi or cellular networks The security firm McAfee found nearly 13,000 different kinds of malware targeting mobile devices in 2012 compared to less than 2,000 in 2011, with almost all attacks targeting devices using Google’s Android operating system (Graziano, 2012) Mobile device viruses pose serious threats to enterprise computing because so many wireless devices are now linked to corporate information systems Find more at www.downloadslide.com Chapter Securing Information Systems Blogs, wikis, and social networking sites such as Facebook have emerged as new conduits for malware or spyware These applications allow users to post software code as part of the permissible content, and such code can be launched automatically as soon as a Web page is viewed On July 4, 2011, hackers broke into the “Fox News Politics” Twitter account, sending fake messages about President Barack Obama The hackers changed the account's password, preventing Fox from correcting the messages for hours (Sherr, 2011) Internet security firm Symantec reported in 2012 that it had detected 403 million new and unique threats from malicious software in 2011, up from 286 million in 2010 Symantec observed that the amount of harmful software in the world passed the amount of beneficial software in 2007, and as many as one of every 10 downloads from the Web includes harmful programs (Drew and Kopytoff, 2011) According to Symantec, 36 percent of malware today is being targeted at small businesses, because it is more difficult for such companies to protect themselves against so many different types of attacks (Symantec, 2012) Table 8.1 describes the characteristics of some of the most harmful worms and viruses that have appeared to date A Trojan horse is a software program that appears to be benign but then does something other than expected The Trojan horse is not itself a virus because it does not replicate, but it is often a way for viruses or other malicious code to be introduced into a computer system The term Trojan horse is based on the huge TABLE 8.1 EXAMPLES OF MALICIOUS CODE NAME TYPE DESCRIPTION Conficker (aka Downadup, Downup) Worm First detected in November 2008 and still prevalent Uses flaws in Windows software to take over machines and link them into a virtual computer that can be commanded remotely Had more than million computers worldwide under its control Difficult to eradicate Storm Worm/ Trojan horse First identified in January 2007 Spreads via e-mail spam with a fake attachment Infected up to 10 million computers, causing them to join its zombie network of computers engaged in criminal activity Sasser.ftp Worm First appeared in May 2004 Spread over the Internet by attacking random IP addresses Causes computers to continually crash and reboot, and infected computers to search for more victims Affected millions of computers worldwide, disrupting British Airways flight check-ins, operations of British coast guard stations, Hong Kong hospitals, Taiwan post office branches, and Australia’s Westpac Bank Sasser and its variants caused an estimated $14.8 billion to $18.6 billion in damages worldwide MyDoom.A Worm First appeared on January 26, 2004 Spreads as an e-mail attachment Sends e-mail to addresses harvested from infected machines, forging the sender’s address At its peak, this worm lowered global Internet performance by 10 percent and Web page loading times by as much as 50 percent Was programmed to stop spreading after February 12, 2004 Sobig.F Worm First detected on August 19, 2003 Spreads via e-mail attachments and sends massive amounts of mail with forged sender information Deactivated itself on September 10, 2003, after infecting more than million PCs and doing $5 to $10 billion in damage ILOVEYOU Virus First detected on May 3, 2000 Script virus written in Visual Basic script and transmitted as an attachment to e-mail with the subject line ILOVEYOU Overwrites music, image, and other files with a copy of itself and did an estimated $10 billion to $15 billion in damage Melissa Macro virus/ worm First appeared in March 1999 Word macro script mailing infected Word file to first 50 entries in user’s Microsoft Outlook address book Infected 15 to 29 percent of all business PCs, causing $300 million to $600 million in damage 329 Find more at www.downloadslide.com 330 Part Two Information Technology Infrastructure wooden horse used by the Greeks to trick the Trojans into opening the gates to their fortified city during the Trojan War Once inside the city walls, Greek soldiers hidden in the horse revealed themselves and captured the city An example of a modern-day Trojan horse is the MMarketPay.A Trojan for Android phones This Trojan is hidden in several apps that appear to be legitimate, including travel and weather apps It places orders for applications and movies automatically without the user’s permission, potentially causing users to be hit with unexpectedly high phone bills MMarketPay.A has been detected in multiple app stores and has spread to more than 100,000 devices SQL injection attacks have become a major malware threat SQL injection attacks take advantage of vulnerabilities in poorly coded Web application software to introduce malicious program code into a company’s systems and networks These vulnerabilities occur when a Web application fails to properly validate or filter data entered by a user on a Web page, which might occur when ordering something online An attacker uses this input validation error to send a rogue SQL query to the underlying database to access the database, plant malicious code, or access other systems on the network Large Web applications have hundreds of places for inputting user data, each of which creates an opportunity for an SQL injection attack A large number of Web-facing applications are believed to have SQL injection vulnerabilities, and tools are available for hackers to check Web applications for these vulnerabilities Such tools are able to locate a data entry field on a Web page form, enter data into it, and check the response to see if shows vulnerability to a SQL injection Some types of spyware also act as malicious software These small programs install themselves surreptitiously on computers to monitor user Web surfing activity and serve up advertising Thousands of forms of spyware have been documented Many users find such spyware annoying, and some critics worry about its infringement on computer users’ privacy Some forms of spyware are especially nefarious Keyloggers record every keystroke made on a computer to steal serial numbers for software, to launch Internet attacks, to gain access to e-mail accounts, to obtain passwords to protected computer systems, or to pick up personal information such as credit card numbers For example, the Zeus Trojan stole financial and personal data from online banking and social networking sites by surreptitiously tracking users' keystrokes as they entered data into their computers Other spyware programs reset Web browser home pages, redirect search requests, or slow performance by taking up too much memory HACKERS AND COMPUTER CRIME A hacker is an individual who intends to gain unauthorized access to a computer system Within the hacking community, the term cracker is typically used to denote a hacker with criminal intent, although in the public press, the terms hacker and cracker are used interchangeably Hackers and crackers gain unauthorized access by finding weaknesses in the security protections employed by Web sites and computer systems, often taking advantage of various features of the Internet that make it an open system and easy to use Hacker activities have broadened beyond mere system intrusion to include theft of goods and information, as well as system damage and cybervandalism, the intentional disruption, defacement, or even destruction of a Web site or corporate information system For example, cybervandals have turned many Find more at www.downloadslide.com Chapter Securing Information Systems of the MySpace “group” sites, which are dedicated to interests such as home beer brewing or animal welfare, into cyber-graffiti walls, filled with offensive comments and photographs S p o o fi n g a n d S n i f fi n g Hackers attempting to hide their true identities often spoof, or misrepresent, themselves by using fake e-mail addresses or masquerading as someone else Spoofing also may involve redirecting a Web link to an address different from the intended one, with the site masquerading as the intended destination For example, if hackers redirect customers to a fake Web site that looks almost exactly like the true site, they can then collect and process orders, effectively stealing business as well as sensitive customer information from the true site We provide more detail on other forms of spoofing in our discussion of computer crime A sniffer is a type of eavesdropping program that monitors information traveling over a network When used legitimately, sniffers help identify potential network trouble spots or criminal activity on networks, but when used for criminal purposes, they can be damaging and very difficult to detect Sniffers enable hackers to steal proprietary information from anywhere on a network, including e-mail messages, company files, and confidential reports Denial-of-Service Attacks In a denial-of-service (DoS) attack, hackers flood a network server or Web server with many thousands of false communications or requests for services to crash the network The network receives so many queries that it cannot keep up with them and is thus unavailable to service legitimate requests A distributed denial-of-service (DDoS) attack uses numerous computers to inundate and overwhelm the network from numerous launch points For example, hours after the U.S Department of Justice shut down file-sharing site Megaupload on January 19 2012, the Anonymous hacker collective launched extensive retaliatory DDoS attacks against federal and entertainment industry Web sites Web sites belonging to the FBI, U.S Department of Justice, U.S Copyright Office, Universal Music, the Recording Industry Association of America, and the Motion Picture Association of America, were knocked offline for a large part of the day Although DoS attacks not destroy information or access restricted areas of a company’s information systems, they often cause a Web site to shut down, making it impossible for legitimate users to access the site For busy e-commerce sites, these attacks are costly; while the site is shut down, customers cannot make purchases Especially vulnerable are small and midsize businesses whose networks tend to be less protected than those of large corporations Perpetrators of DDoS attacks often use thousands of “zombie” PCs infected with malicious software without their owners’ knowledge and organized into a botnet Hackers create these botnets by infecting other people’s computers with bot malware that opens a back door through which an attacker can give instructions The infected computer then becomes a slave, or zombie, serving a master computer belonging to someone else Once hackers infect enough computers, they can use the amassed resources of the botnet to launch DDos attacks, phishing campaigns, or unsolicited “spam” e-mail Ninety percent of the world's spam and 80 percent of the world's malware are delivered via botnets For example, the Grum botnet, once the world's third-largest botnet, was reportedly responsible for 18% of worldwide spam traffic (amounting to 18 billion spam messages per day) when it was shut down on July 19, 2012 At one point Grum had infected and controlled 560,000–840,000 computers 331 Find more at www.downloadslide.com 630 Index networking, 209 theft, 341 total cost of ownership (TCO), 227, 568 HBase, 255, 256 HDFS See Hadoop Distributed File System health care, electronic medical records, 164, 338, 357 health information, privacy legislation, 164 Health Insurance Portability and Accountability Act (HIPAA) (1996), 164, 338, 357 hertz (unit), 287 high-availability computing, 351, 357 High Performance Analytics Appliance (HANA), 256 HIPAA See Health Insurance Portability and Accountability Act homeland security, nonobvious relationship awareness (NORA), 158-159 host country systems units, 15-11 hosting, Web sites, 437-438 hotspots, 309, 310 HTML (Hypertext Markup Language), 220, 291, 314 HTML5, 220, 230 HTTP (Hypertext Transfer Protocol), 284, 299 hubs, 281 human resources, business processes, 74 hybrid AI systems, 474 hybrid cloud computing, 216 HyperPlant (DuPont), 462 Hypertext, 299 Hypertext Transfer Protocol See HTTP I iAd platform (Apple), 434 IBM BigSheets, 261 IBM Cognos Business Intelligence, 494, 15-18 IBM Connections, 93, 96 IBM DB2, 246, 250 IBM InfoSphere BigInsights software, 261 IBM Lotus Domino server, 95 IBM Lotus Notes, 92, 93, 95, 304, 15-19 IBM Lotus Quickr, 96 IBM Netezza, 256 IBM SmartCloud for Business, 93 IBM SmartCloud for Social Business, 96 IBM WebSphere, 562 IC3 See Internet Crime Complaint Center IdeaExchange (Salesforce), 389 Identity Fraud Report (Javelin Strategy & Research), 333 identity management, 342, 345-346 identity theft, 332-333 illegal file sharing, 173-174 ILOVEYOU (malware), 329 IM See instant messaging Immersive Virtual Environment (Ford), 461 implementation case study, 578-579 controls, 341 counterimplementation, 577 postimplementation audit, 531-532 process, 572-574, 577, 582, 15-15-15-16 in-memory computing, 256, 268 Incentive Compensation module (Oracle), 518 InDesign (Adobe), 437 indirect goods, 430 Industrial Revolution, 38 inference engine, 464, 465 information, 47 defined, 45, 46, 449 equal access to information and computing, 182 See also business analytics; business intelligence Information Age, moral dimensions of, 155-156 information asymmetry, 409-410, 439 information density, in e-commerce, 407, 408 information policy, 265-266, 269 information quality, 490 information requirements, 528 information resource protection, 345-353 antivirus and antispyware solutions, 348, 357 auditing, 344-345 authentication, 336, 345, 346 digital certificates, 350, 351, 357 encryption, 349-350, 352, 357 ensuring system availability, 350-352 firewalls, 347-348, 357 identity management, 345-346 intrusion detection systems, 348, 357 public key infrastructure (PKI), 350 securing wireless networks, 349 unified threat management (UTM) systems, 348-349 See also information systems controls information rights, 156 information society, ethical and moral issues, 155-156, 159-183, 184 information systems (IS) about, 62 activities producing information, 46 auditing, 344-345 behavioral approach to, 58-59 behavioral impact of, 122 building, 517-546 business continuity planning, 344 business impact of, 35-36, 42-43, 62, 101 business intelligence systems, 77, 79-83 business perspective on, 52, 55-56 capital budgeting for, 569-570 for competitive advantage, 123-140 contemporary approaches to, 58-59 controls, 156, 325, 340-341 costs and benefits analysis, 568-569 defined, 45, 62 design of, 123 documentation, 531 economic impacts of, 119-120 equal access to information and computing, 182 ethical and moral issues, 155-156, 162-183, 184 ethical dilemmas, 162 failure, 176, 558, 559-560, 573 functions of, 47 globalization and, 41, 62 information requirements, 528 information rights and, 162-169, 170-171 international information systems, 15-315-24 liability law, 160, 175, 176 management and, 50 managerial roles supporting IS, 489 new themes in, 36 organization in companies, 100, 101 organizational change and, 114, 115, 122, 520-525, 548 organizational impacts of, 120-122 organizations and, 48-50, 111-119 postimplementation audit, 531-532 potential for catastrophic failure, 176 production and maintenance, 531-532 project management, 559-581 quality of life, 156, 176-183 scalability, 226 security, 323-357 security policy, 342-343, 357 sociotechnical perspective on, 59-61 strategic business objectives of, 42-43 supply chain management and, 374-376 system availability, 350-352 system quality, 156, 176 systems analysis, 528, 532, 549 systems design, 528-536, 549 technical approach to, 58, 59 testing, 530-531, 532 total cost of ownership (TCO), 227, 568 transaction processing systems (TPS), 76-77, 101, 501 types, 75-83 See also systems development information systems controls, 156, 325, 340-341 risk assessment, 341-342 security policy, 342-343, 357 information systems department, 98, 99-100 information systems literacy, 48 information systems managers, 99 information systems plan, 564-566 information systems projects business value of, 567-571, 582 cooptation, 15-16 evaluating, 566-567, 582 failure, 176, 558, 559-560, 573 implementation, 572-574, 577-579, 582, 15-15-15-16 information systems plan, 564-566 key performance indicators (KPIs), 504, 563, 566, 582 management structure for project team, 563-564 objectives, 560, 562-563 pricing models, 570-571 project management, 559-581 project risk, 572-574, 582 See also project management; systems development information systems steering committee, 563 information technology (IT), 184 about, 51 behavioral impact of, 122 "bring your own device" (BYOD), 210, 212213, 353 business ecosystems and, 139, 143 business objectives and, 141 business processes, 75 capital investment statistics, 35 defined, 45 economic impacts of, 119-120 equal access to information and computing, 182 flattened organizations and, 120-121 information rights, 162-169, 170-171 job loss due to technology, 181-182, 184 liability law, 160, 175, 176 organizational change and, 114, 115, 122, 520-525, 548 organizational impacts of, 120-122 postindustrial organizations, 121-122 potential for catastrophic failure, 176 quality of life, 156, 176-183 Find more at www.downloadslide.com Index return on investment, 56, 570 system performance, 176 system quality, 156, 176 information technology (IT) education services, 196 information technology (IT) governance, 100, 226 information technology (IT) infrastructure, 51 autonomic computing, 218, 230 cloud computing, 36-38, 200, 213-216 competitive forces model, 124-125, 138, 142, 228-229 components, 195-196, 206-209, 230 computer hardware platforms, 207 computing platforms, 195 consulting and system integration services, 209 data management and storage, 208 declining communication costs and, 204 defined, 195-197 ecosystem, 206 enterprise software applications, 208 green computing (green IT), 216, 217-218, 230 grid computing, 211, 230 hardware platform trends, 210-216 history and evolution of, 197-201 hybrid cloud computing model, 216 Internet platforms, 209 Law of Mass Digital Storage, 202, 203, 230 as major investment, 226 management issues, 225-229, 230 Metcalfe's law, 204, 230 mobile digital platform, 210 Moore's law, 201-202, 230 network infrastructure, 281-282 networking/telecommunications platforms, 208-209 operating system platforms, 207-208, 219225, 230 rent vs buy decision, 226 technology standards, 205 telecommunications services, 195 total cost of ownership (TCO), 227-228, 568 virtualization, 211, 213, 230 Web services, 215, 221, 230, 545, 549 information technology (IT) management services, 196 information technology (IT) research and development services, 196 information technology (IT) standards services, 196 information value chain, 55-56, 131-133, 143 informational roles, of management, 489 informed consent, 165, 168 InfoSphere BigInsights (IBM), 261 inheritance, 535 innovation, 89, 91 InnovationNet (intranet), 137 input, 46 input controls, 340 instant messaging (IM), 92, 93, 326, 294 intangible benefits, 568, 582 integrated presence technology, 298 Intel Atom, 216 Intel i7 quad-core processor, 202 intellectual property, defined, 415 intellectual property rights, 156, 169, 172-174, 184 copyright, 172 patents, 172-173 protection of digital media, 173 trade secrets, 169 Intelligent agent shopping bots, 304, 473 intelligent agents, 454, 473-474, 475 intelligent techniques, 454, 463-474, 475 artificial intelligence (AI), 463, 474 case-based reasoning, 463, 466-467, 475 data mining, 258-259, 268, 454, 463, 463 expert systems, 452, 454, 463, 463-466, 475 fuzzy logic, 454, 463, 467-468, 475 genetic algorithms, 454, 463, 472-473, 475 intelligent agents, 454, 473-474, 475 machine learning, 468, 475 neural networks, 454, 463, 468-472, 475 interactivity, in e-commerce, 407, 408 internal integration tools, 574 internal rate of return (IRR), 570 international information systems, 15-3-15-24, 15-25 accounting practices and, 15-8 business challenges to, 15-7-15-8 business drivers, 15-4, 15-5 case studies, 15-17-15-18, 15-23-15-24, 15-29-15-31 change management, 15-14-15-15 computing platforms, 15-19 connectivity, 15-20-15-21 core systems, 15-14 currency fluctuations and, 15-8 foreign franchiSees, 15-10, 15-11, 15-25 global business strategies, 15-9-15-10 global value chains, 15-19-15-22 language barriers, 15-8 managing, 15-12-15-19 organizing, 15-9-15-12 particularism, 15-7 reorganizing for international scale, 15-1015-12 software localization, 15-21-15-22 state of the art, 15-8 systems architecture, 15-4 systems integration, 15-19 telecommunication systems, 15-10-15-11 transborder data flow, 15-7 international information systems architecture, 15-4 Internet about, 51, 210, 288, 293, 314 addressing, 288-289, 299 architecture, 290-291 behavioral targeting, 164, 167, 169, 421422, 439 case study, 318-320 client/server computing, 199-200, 282-283, 293, 295 competitive advantage and, 128, 130-137 connection speed, 280 copyrighted information and, 173 cyberwarfare, 334-336 declining communication costs and, 204 Domain Name System (DNS), 289-290, 314 e-business, 87 e-commerce, 87, 401-439 e-government, 87-88 future of, 291 governance, 291, 292 hardware platforms, 209 history of, 117 HTTP (Hypertext Transfer Protocol), 284, 299 631 hypertext, 299 intelligent agent shopping bots, 304 as international communications system, 41 international use statistics, 15-21 Internet service providers (ISPs), 174, 181, 288, 292 Internet2, 291 IP addresses, 288-289, 299, 326 IPv6, 291 leisure use, 177 marketing and, 421 monitoring and blocking of Internet access, 15-20 net neutrality, 292-293 organizations and, 123 privacy, 162-164, 190 search engines, 300-301 security vulnerabilities, 326-327 software platforms, 209 supply chain and, 376, 379 supply chains and, 379 URL (uniform resource locator), 299 wikis, 305, 329, 475 wireless Internet access, 309-310 See also Web Internet architecture, 290-291 Internet connection speed, 280 Internet Crime Complaint Center (IC3), 178 Internet Explorer (Microsoft), 152, 168, 169, 220 Internet governance, 291, 292 Internet layer, 284 Internet network architecture, 290-291 Internet Protocol (IP), 284 Internet Protocol (IP) addresses, 288-289, 299, 326 Internet radio services, 173-174 Internet security See security Internet service providers (ISPs), 174, 181, 288, 292 Internet services, 294 Internet telephony, 281 Internet2, 291 interorganizational systems, 86 interpersonal roles, of management, 489 intranets, 51, 87, 101, 137 intrusion detection systems, 348, 357 inventory control, 311 inventory management, case study, 367-368 investment workstations, 462 IP See Internet Protocol IP addresses See Internet Protocol addresses IP phone system, 297 iPad (Apple), 36, 39, 40, 43, 110, 127, 173, 207, 208, 210, 220, 225, 319, 415, 428, 473 iPhone (Apple), 36, 39, 40, 43, 53, 127, 140, 170, 173, 175, 207, 208, 210, 225, 292, 307, 318, 415, 428, 431, 434, 473, 546 iPod (Apple), 43, 123, 127, 173, 415 iPod Touch (Apple), 110, 207, 208 IPv6, 291 Iran cyberwarfare and, 336 monitoring and blocking of Internet access, 15-20 IRR See internal rate of return IS See information systems ISPs See Internet service providers Israel, cyberwarfare and, 336 IT See information technology Find more at www.downloadslide.com 632 Index iterative process, 538 iTunes (Apple), 43, 75, 123, 129, 173-174, 403, 411-412, 415, 419 J JAD See joint application design Java (Oracle-Sun), 209, 219, 220, 230 Java Virtual Machine (Sun), 220 Jive (software), 93, 96 jobs globalization and, 38, 41 growth in IS/MIS jobs, 99-100 job loss due to technology, 181-182, 184 knowledge work, 49, 177, 449, 457 teamwork in, 88-89 join operation, 247, 248 joint application design (JAD), 544, 549 jQuery Mobile (software), 548 just-in-time strategy, 374, 429 K Kant's Categorical Imperative, 161 key corporate assets, 42 key field, 247 key performance indicators (KPIs), 504, 563, 566, 582 keyloggers, 330, 336 keywords, 456 "kickbucks", 434 Kindle (Amazon), 75, 174, 210 Kindle Fire (Amazon), 319 KMS See knowledge management systems (KMS) knowledge, 450 dimensions of, 449-451 equal access to information and computing, 182 explicit knowledge, 450, 455 structured knowledge, 455 tacit knowledge, 450, 454, 463, 475 knowledge acquisition, 452 knowledge application, 453 knowledge base, 465 Knowledge Direct (Digitec), 457 knowledge discovery, 463 knowledge dissemination, 72, 452-453 knowledge management (KM), 449-474 about, 451-452, 475 case study, 447-448 taxonomies, 456, 475 value chain, 451-453 knowledge management systems (KMS), 86-87, 101 enterprise-wide knowledge management systems, 453-454, 454-457, 475 intelligent techniques, 454, 463-474, 475 knowledge work systems (KWS), 454, 457-462 taxonomies, 456, 475 types, 453-454, 475 knowledge management value chain, 451-453 knowledge managers, 453 knowledge network systems, 456 knowledge storage, 452 knowledge work systems (KWS), 454, 457-462 knowledge workers, 49, 177, 449, 457 KPIs See key performance indicators KWS See knowledge work systems L labor, 112 LANs (local area networks), 219, 286-287, 314, 327 Law of Mass Digital Storage, 202, 203, 230 lead generation, 422 leadership, low-cost, 126, 128 learning management system (LMS), 457 Lebanon, cyberwarfare and, 336 legacy systems, 209, 223, 519 legal issues computer crime and abuse, 178, 180 computer forensics, 339-340 due process, 160 liability, 160, 174-175, 176 privacy, 157-158, 162-169, 170-171, 184, 190 See also European legislation; U.S legislation legitimacy, 15-16 leisure, Internet use, 177 liability, 160, 174-175, 176 lifestyle, family, work, and leisure boundaries, 177 Line-haul (Con-Way), 465 "link farms", 302 LinkedIn, 305, 323-324, 389, 416, 420, 425 Linux, 205, 207, 208, 209, 211, 219, 230, 286 Live Meeting (Microsoft), 94 LMS See learning management system local area networks See LANs "Local Shared Object" files, 167 localization, software, 15-21-15-22 location-based advertising, 417-418 location-based services, 170-171, 432-433, 439 logical view, 245 long tail marketing, 421 Long Term Evolution networks See LTE networks "look and feel" copyright infringement, 172 Lotus Notes (IBM), 92, 93, 95, 304, 15-19 Lotus Quickr (IBM), 96 loyalty programs, 110 LTE networks (Long Term Evolution networks), 307 M m-commerce (mobile commerce), 413, 432-434, 439 machine bureaucracy, 118 machine learning, 468, 475 Mafia Wars (online game), 512 mainframes, 197, 207, 209 maintenance, 532 malware, 178, 328-330, 333, 336, 337-338 browser-based malware, 355 drive-by downloads, 328 keyloggers, 330, 336 smartphones, 353 spyware, 167, 330 SQL injection attacks, 330 Trojan horses, 329-330 viruses and worms, 328-329, 336, 348, 357 managed security service providers (MSSPs), 352 management classical model, 488 decision making by, 490 implementation of new project, 573-574, 15-15-15-16 information systems (IS) and, 50, 62 of international information systems, 15-12-15-19 management capital, 57, 452 management decision making, 50 management information systems (MIS) about, 48, 59, 77, 79, 80, 102, 496, 501, 508 globalization and, 41, 62 management issues, IT infrastructure, 225-229, 230 managerial complementary assets, 57, 58 managers, 50, 486, 488-489, 496 MANs (metropolitan area networks), 286, 287, 314 manufacturing, business processes, 74 MapReduce (Google), 255 MapReduce (Hadoop), 255 market creators, 414, 415 market entry costs, 408 market niche, 127-128 marketing and CRM systems, 383-384 display ad marketing, 152-153, 422, 424 e-commerce, 421-426 long tail marketing, 421 micromarketing, 15-6 predictive analytics, 498 social media and, 426 "wisdom of crowds", 89, 389, 420-421, 439 marketspace, 405 mashups, 224-225, 230, 304 mass customization, 127 Massively Parallel Processing (MPP) architecture (Vertica), 512 material inventory tracking system software, 277 material master data management (MMDM), 15-18 McAfee, Andrew P., 181 medical records HIPAA legislation, 164, 338, 357 security, 338-339 medical research, drug development by structured design, 447-448 medicine, neural network applications, 471 Megaupload (file-sharing site), 331 Melissa (malware), 329 menu costs, 410, 439 Metcalfe's law, 204, 230 metropolitan area networks See MANs microblogging, 304 micromarketing, 15-6 micropayment systems, 419 microprocessor chips, 117 microprocessors, 201-202 case study, 367-368 high-performance processors, 216 Moore's law, 201, 230 multicore processors, 216, 230 power-saving processors, 216, 230 Microsoft Access, 246, 250, 251, 540, 15-18 Microsoft Advertising, 166 Microsoft Azure, 235 Microsoft Bing, 300, 318, 413 Microsoft Dynamics CRM, 383 Microsoft Dynamics suite, 388 Microsoft Excel, 95, 502, 540, 15-18 Microsoft Expression, 437 Microsoft Expression Studio, 209 Microsoft Internet Explorer, 220 Microsoft Internet Explorer 9, 169 Microsoft Internet Explorer 10, 152, 168 Microsoft Live Meeting, 94 Microsoft NET family, 209, 222 Microsoft Office, 95, 148, 473 Microsoft Office Project 2010, 580-581 Find more at www.downloadslide.com Index Microsoft Office Project Professional 2010, 581 Microsoft Office Project Server 2010, 581 Microsoft OneNote, 95 Microsoft PowerPoint, 95 Microsoft SharePoint, 93, 95, 493 Microsoft SharePoint MySites, 71 Microsoft SharePoint Server 2010, 71, 72, 95 Microsoft SkyDrive, 94, 95 Microsoft SQL Azure Database, 249 Microsoft SQL Server, 246, 249, 250, 493 Microsoft Web Apps, 95 Microsoft Windows Service Pack 1, 337 Microsoft Windows operating system, 139, 148, 200, 207 Microsoft Windows Server, 207, 209 Microsoft Word, 95 Microsoft Xbox, 318, 419 Microsoft Yammer, 93, 96, 97 middle management, 49, 486, 501-502, 508, 509 MIMO (multiple input multiple output), 310 minicomputers, 197 See also computers MIPS (millions of instructions per second), 201202 MIS See management information systems MIS audit, 344, 357 MITS Altair 8800 (computer), 197 MMarketPay.A (malware), 330 MMDM See material master data management mobile advertising, 170, 433-434 mobile apps, 225, 230, 545-548 mobile commerce See m-commerce mobile computing, 177, 201 mobile computing devices, DBMS for, 246 mobile device management, virtualization for, 213 mobile digital platform, 36-38, 207, 210, 230 apps, 225, 230, 545-548 mobile digital platforms, security, 353 mobile handheld devices, 39, 207 accessing corporate systems, 353 games and entertainment, 434 m-commerce, 413, 432-434, 439 malware and, 328 search, 302 security for, 353 security vulnerabilities, 326, 328 Mobile SalesPro app, 40 mobile search, 302 MobileView (AeroScout), 277 MobiTV (service), 434 modeling object-oriented development, 534-536, 549 structured methodologies, 532-534, 549 modems, 285 Moneyball (movie), 483, 484 monitoring employee Internet activity, 296-297 Web monitoring tools, 184 workplace, 179-180 Moore's law, 201-202, 230 Mozilla Firefox, 169, 219 MP3 music files, piracy, 173 MSSPs See managed security service providers multicore processors, 216, 230 multidimensional data model, 258 multidivisional firms, 118 multilevel marketing, 557 multinational business organization, 15-9 multinational information systems See international information systems multiple input multiple output See MIMO multitiered client/server architecture, 199, 325 multitouch interface, 208 music files, piracy, 173 music industry, 43 MyDoom.A (malware), 329 mySAP ERP, 540 MySimon (bot), 304 MySpace, 331, 420, 425, 426, 434 MySQL (software), 208, 246, 249 N N-tier client/server architecture, 199 NAI See Network Advertising Initiative nanotechnology, 202, 203 NAT See Network Address Translation National Information Infrastructure Protection Act (1996), 333 natural language processing, 480 NET family (Microsoft), 209, 222 net marketplaces, 430, 431, 439 net neutrality, 292-293 netbooks, 210 Netezza (IBM), 256 Netflix, 174, 235, 285, 292, 403, 412, 419, 421 NetWare (Novell), 200 NetWeaver Business Warehouse (SAP), 397, 506, 578 NetWeaver Business Warehouse Accelerator (SAP), 506 Network Address Translation (NAT), 348 Network Advertising Initiative (NAI), 168 network-based strategies, 137-138, 143 network economics, 137-138, 204 network infrastructure, 281-282 Network Interface layer, 284, 285 network notification, with social commerce, 426 network operating system (NOS), 281 network service providers, 290 networked systems, 15-10, 15-11 networks and networking about, 51, 280-282 bandwidth, 287-288 Bluetooth networks, 308-309, 314, 327, 328, 336 CANs (campus area networks), 286 client/server computing, 282-283 client/server network, 199 components of simple computer network, 280 controlling network traffic, 352 digital networking, 282 digital vs analog signals, 285 extranets, 51, 87, 101 hardware providers, 209 hubs, 281 international information systems, 15-1915-21 Internet network architecture, 290-291 intranets, 51, 87, 101, 137 LANs (local area networks), 219, 286-287, 314, 327 in large companies, 281-282 MANs (metropolitan area networks), 286, 287, 314 modems, 285 packet switching, 283, 295 PANs (personal area networks), 308, 314 private industrial networks, 430, 439 private networks, 347 633 routers, 281 SANs (storage area networks), 208 securing wireless networks, 349 security vulnerabilities, 325-327 software-defined networking (SDN), 281 switches, 281 TCP/IP and connectivity, 200, 205, 209, 284-285, 288, 314 transmission media, 287 transmission speed, 287 unified communications, 298 VPNs (virtual private networks), 298, 299, 314, 349, 15-20 WANs (wide area networks), 286, 287, 314 wireless LANs, 309 wireless networks, 309, 349, 357 wireless sensor networks (WSNs), 313, 314 See also Internet neural networks, 454, 463, 468-472, 475 newsgroups, 294 newspapers, 36 Nexus tablet, 319 niche firms, 139 NIKEiD program, 127 Ninth Annual Global Software Piracy Study, 173 "no free lunch" rule, 161 nomad computing, 177 Nomad2 (programming language), 540 non-relational database management systems (NoSQL), 247, 249, 268 nonobvious relationship awareness (NORA), 158-159 Nook (e-reader), 147, 148 normalization, 252 NOS See network operating system NoSQL See non-relational database management systems NoSQL Database (Oracle), 249 Novell, 286 Novell NetWare, 200 nuclear energy industry, 578-579 O object, 534-535 object-oriented development, 534-536, 549 Office (Microsoft), 95, 148, 473 Office Project 2010 (Microsoft), 580-581 Office Project Professional 2010 (Microsoft), 580-581 Office Project Server 2010 (Microsoft), 581 offshore outsourcing, 41, 224, 542-543 OLAP See online analytical processing on-demand computing, 215 OneNote (Microsoft), 95 online advertising, 168, 427 online analytical processing (OLAP), 257-258, 268, 386 online collaboration, 37, 38 online marketing, 421-426 Online Privacy Alliance, 168 online tracking, 164, 165, 166, 169, 171, 421422, 423, 424 online transaction processing, 351 ooVoo (software), 93 Open for Business (OFBiz) (Apache), 388-389 open source software, 219, 230, 388-389 Openbravo (open source software), 388-389 OpenOffice (Apache), 219 OpenProj (software), 581 OpenWorkbench (software), 581 Find more at www.downloadslide.com 634 Index operating systems, 207-208 operational customer relationship management, 386 operational excellence, as business objective, 43 operational management, 49, 487, 501, 508 opt-in policy, 164, 168, 190 opt-out model, 168 options, 570 Oracle Business Intelligence Enterprise Edition, 389 Oracle Buzzient, 389 Oracle CRM, 389 Oracle CRM on Demand, 390 Oracle Database, 246, 249 Oracle Database Cloud Service, 249 Oracle Database Lite, 246 Oracle E-Business Suite, 388, 518, 519, 15-29, 15-30 Oracle Exadata, 256 Oracle Exalytics, 256 Oracle Fusion, 388 Oracle Incentive Compensation module, 518 Oracle NoSQL Database, 249 Oracle PeopleSoft HCM, 540 Oracle Product Information Management Data Hub, 15-30 Oracle-Sun Java, 209 order fulfillment, 74-75, 83 organizational capital, 57, 452 organizational change automation, 520, 548 business process redesign, 521, 522-525, 548, 574 paradigm shift, 521, 548 rationalization of procedures, 521, 548 reengineering, 521 resistance to, 114, 115, 122, 575 risks and rewards, 520 systems development and, 520-525, 548 organizational complementary assets, 57 organizational culture, 49, 50, 114-115 organizational environments, 116 organizational impact analysis, 580 organizational intelligence, 466-467 organizational learning, 451 organizational politics, 114 organizational structure, 49 changing nature of, 89 flattened organizations, 120-121 types, 118 organizations about, 48-50, 62, 112-113 behavioral view of, 112-113 components of, 48 defined, 112 disruptive technologies, 117-118 features of, 114-119 flattened organizations, 120-121 hierarchies in, 49 information systems and, 48-50, 111-119 Internet and, 123 organizational culture, 49, 50, 114-115 organizational environments, 116 organizational politics, 114 postindustrial organizations, 121-122 routines and business processes, 114, 115, 142 structure, 49 technical view of, 113 output, 46 output controls, 340 outsourcing, 41, 549 of global supply chain management, 379 of security, 352 of software development, 224, 230 of systems development, 542-543, 549 P package tracking systems, 53 packet filtering, 348 packet switching, 283, 295 PageRank algorithm, 117 PageRank System, 301 Pandora, 134, 173, 174, 296, 419 PANs (personal area networks), 308, 314 paradigm shift, 521, 548 parallel strategy, systems development, 530 parameterized reports, 496 particularism, 15-7 partner relationship management (PRM), 382383 passive RFID tags, 311 passwords authentication, 346, 357 "salting", 323, 324 theft, 323-324 patch management, 337 patches, 337 patient information See medical records payback method, 570 Paybacks and Chargebacks (SAP), 397 "payload", malware, 328 payroll processing, transaction processing system for, 76-77 PDP-11 (computer), 197 PDS Movement Planner, 39 peer-to-peer architecture, 286, 326 Pega BPM workflow software, 525 people, inter-connectedness of, 425 PeopleSoft HCM (Oracle), 540 personal area networks See PANs personal computers See computers personal information behavioral targeting, 164, 167, 169, 421422, 439 credit card purchases, 158 on Facebook, 189-190 nonobvious relationship awareness (NORA), 158-159 profiling, 157 U.S legislation, 164, 168 See also privacy personal services, 42 personalization, in e-commerce, 407, 408-409, 422, 423 PERT charts, 575, 577 pharming, 333 phased approach strategy, systems development, 531 phishing, 178, 333 physical data storage, 208 physical view, 245 pilot study strategy, systems development, 531 piracy digital media, 173-174 software, 173 pivot tables, 502, 503 Pixar Wiki, 305 PKI See public key infrastructure planning business continuity planning, 344 demand planning, 376 disaster recovery planning, 343-344 e-commerce Web site, 435-438 enterprise resource planning (ERP), 83, 369, 396, 518 formal planning tools, 575 information systems plan, 564-566 strategic planning group, 563 supply chain planning systems, 376 platform, 51 podcasting, 415 Point-to-Point Tunneling Protocol See PPTP portals, 82, 413-414, 475 Porter's competitive forces model, 48, 124-125, 142, 228-229 portfolio analysis, 566 Post Sales Order Management System (OMS), 53 postimplementation audit, 531-532 postindustrial organizations, 121-122 power-saving processors, 216, 230 Power Usage Effectiveness See PUE PowerPoint (Microsoft), 95 PPTP (Point-to-Point Tunneling Protocol), 298 prediction markets, 421 predictive analytics, 497-498 price discrimination, 408 price transparency, 408 primary activities, business value chain model, 132 primary key, 247 privacy behavioral targeting, 164, 167, 169, 421422, 439 clickstream behavior, 421, 422 consumer privacy, 164, 165 cookies, 165, 166, 184 as ethical and moral issue, 162-169, 170171, 184 Facebook and, 189 Internet challenges to, 165-166 monitoring employee Internet activity, 296-297 nonobvious relationship awareness (NORA), 158-159 online tracking, 164, 165 opt-in policy, 164, 168 opt-out model, 168 personal data privacy, 190 profiling, 157-158 technical solutions to tracking, 169 U.S legislation, 162-164 Privacy Act (1974), 162-163 "privacy by design", 164 private cloud, 215 private exchanges, 430 private industrial networks, 430, 439 PRM See partner relationship management process redesign, 521, 522-524, 548, 574 process specifications, 534 processing, 46 processing controls, 340 procurement, 429 product differentiation, 125, 126-127, 128 Product Information Management Data Hub (Oracle), 15-30 Product Search (Google), 304 production, 531-532 production reports, 496, 497, 498 production workers, 49 productivity, as benefit of collaboration, 91 Find more at www.downloadslide.com Index products, 112 professional bureaucracy, 118 professional codes of conduct, 161 profiling, 157 program-data dependence, 244 programmers, 99, 197, 542 programming fourth-generation languages, 539-540 systems development, 530, 532 project management, 559-581 about, 560, 582 change management, 572-574 cooptation, 15-16 evaluating projects, 566-567, 582 formal planning and control tools, 575 implementation, 572-574, 577-579, 582, 15-15-15-16 information systems plan, 564-566 key performance indicators (KPIs), 504, 563, 566, 582 linking systems projects to business plan, 564-566, 582 management structure for project team, 563-564 managing technical complexity, 574-575 objectives of, 560, 562-563, 582 project failure, 176, 558, 559-560, 573 project risk, 563, 571-578, 582 project scope, 562 project team, 564 quality, 563 "runaway" projects, 559 selecting projects, 563-567, 582 software tools, 580-581 time required, 563 user-designer communications gap, 573 project management tools, 580-581 project operation, 247, 248 project portfolio management software, 581 project risk, 563, 571-578 controlling, 574 managing, 571-578, 582 project scope, 562 project team, 564 Project Z (gaming platform), 514 property rights, 169, 172-174 protocol, 284 prototype, 537 prototyping, 538-539, 549 psychologists, on information systems, 59, 62 public cloud, 215 public key encryption, 349, 350, 355 public key infrastructure (PKI), 350 publishing companies, 147-148 pull-based supply chain model, 379, 380 push-based supply chain model, 379, 380 Q quad-core processors, 202 quality as benefit of collaboration, 91 data quality, 184, 266, 269 information quality for decision making, 490 six sigma, 521, 548 software quality, 353, 355-356 system quality, 156, 176 total quality management (TQM), 521, 548 quality of life, 156, 176-183 query languages, 540 querying, 250, 251 QuickBase (software), 540 R RAD See rapid application development radio-frequency identification (RFID) tags, 277, 310-312, 314, 377-378 rapid application development (RAD), 544, 549 rationalization of procedures, 521, 548 real options pricing models (ROPMs), 570-571 record, 241, 242 records retention, 36, 45, 339, 357 recovery-oriented computing, 351 reengineering, 521 referential integrity, 253 regional systems units, 15-11 relational database management system (DBMS), 246-247, 248, 268 Relational Database Service (Amazon RDS), 249 relational databases, 253, 268 relations, 246 rent vs buy decision, 226 repetitive stress injury (RSI), 182 report generators, 540, 554-555 reporting, 250 Request for Proposals (RFPs), 541 resistance, to organizational change, 114, 115, 122, 575 responsibility, 159 responsive Web design, 545 retailing industry, 110, 126, 262, 433-434 return on investment (ROI), 56, 570 revenue models defined, 416 e-commerce, 416, 418-420 RFPs See Request for Proposals rich media, 422 richness, in e-commerce, 407, 408 "right to be forgotten", 165 RightMedia (Yahoo), 422 risk, 563 health risks of computers, 182-183 See also project risk risk assessment, 341-342 Risk Aversion Principle, 161 Roambi Visualizer app, 39 ROI See return on investment routers, 281 routines, 114, 115, 142 RSI See repetitive stress injury RSS, 304-305 rule of change, 161 "runaway" projects, 559 Russia, cyberwarfare and, 334 Rustock botnet, 181 S S-HTTP See Secure Hypertext Transfer Protocol S3 See Simple Storage Service SaaS See software as a service sabermetrics, 483, 484 Safari (Apple), 220 safe harbor, 165 Sajus BPM monitoring software, 525 sales and marketing, business processes, 74 sales force automation (SFA), 383 sales revenue model, 418-419 Salesforce Chatter, 93, 96, 389 Salesforce IdeaExchange, 389 "salting", of passwords, 323, 324 Samsung Galaxy, 173 635 SANs (storage area networks), 208 SAP Advanced Planning and Optimization (APO) system, 368 SAP Business ByDesign, 389 SAP Business Objects, 389 sAP Business One, 15-17 SAP Business One OnDemand, 389 SAP Business Suite, 388 SAP BusinessObjects, 578, 15-18 SAP BusinessObjects Dashboards, 368, 554 SAP BusinessObjects Web Intelligence, 368, 506, 554 SAP Customer Relationship Management (CRM), 578 SAP ERP Human Capital Management (HCM), 557 SAP ERP system, 554, 15-1, 15-17, 15-18 SAP High Performance Analytics Appliance (HANA), 256 SAP NetWeaver Business Warehouse, 397, 506, 578 SAP NetWeaver Business Warehouse Accelerator, 506 SAP Paybacks and Chargebacks, 397 SAP/R3, 15-17 Sarbanes-Oxley Act (2002), 45, 339, 357 SAS Analytics, 492 SAS/GRAPH (software), 540 Sasser.ftp (malware), 329 Saudi Arabia cyberwarfare and, 336 monitoring and blocking of Internet access, 15-20 SCADA software See Supervisory Control and Data Acquisition (SCADA) software scalability, 226 SCM systems See supply chain management (SCM) systems scope (of project), 562 scorecards, 496 scoring models, 567, 568 SDN See software-defined networking search search engines, 300-301 semantic search, 303 social search, 303 search costs, 408, 439 search engine marketing, 302, 422 Search engine optimization (SEO), 302 search engines, 300-301 second-level domain, 289 Second Life (online game), 93, 513 "second movers", 117 Secure Hypertext Transfer Protocol (S-HTTP), 349 Secure Sockets Layer (SSL), 349, 352 security, 323-357 antivirus and antispyware software, 348, 357 auditing, 344-345 authentication, 336, 345, 346 botnets, 178, 181, 331, 334 "bring your own device" and, 212-213 business continuity planning, 344 business value of, 338-340, 357 case history, 323-324 chief security officer (CSO), 99, 323 cloud computing, 352-353 computer abuse, 180 computer forensics, 339-340 Computer Security Act (1987), 163 Find more at www.downloadslide.com 636 Index controls, 325, 340-341 cyberterrorism and cyberwarfare, 334-336 data breaches, 333 defined, 325 digital certificates, 350, 351, 357 disaster recovery planning, 343-344 electronic evidence, 339-340 electronic records management, 338-340, 357 encryption, 349-350, 352, 357 firewalls, 347-348, 357 hackers, 323, 324, 327, 328, 329, 330, 331, 333, 338, 357 homeland security, 158-159 identity management, 345-346 internal threats from employees, 335 intrusion detection systems, 348, 357 malicious software (malware), 167, 178, 328-330, 333, 336, 337-338 medical records, 338-339 mobile platforms, 353 outsourcing, 352 passwords, 323-324, 346, 357 protecting information resources, 345-353 public key infrastructure (PKI), 350 risk assessment, 341-342 security policy, 342-343, 357 smartphones, 353 spyware, 167, 330 system vulnerability, 325-337 unified threat management (UTM), systems, 348-349 war driving, 327 wireless networks, 349 See also computer crime security audits, 344 security policy, 342-343, 357 select operation, 247, 248 semantic search, 303 Semantic Web, 306 semistructured decisions, 486, 501-502, 508 senior managers, 49, 89, 91-92 decision-making by, 486, 504-505 failed ethical judgment by, 153-154 sensitivity analysis, 502, 503 sentiment analysis software, 260 SEO See search engine optimization sequences (data analysis), 259 sequential supply chains, 379 Server (Microsoft), 207, 209, 286 servers, 197, 281 service industries, 42 service jobs, offshoring, 41 service level agreement (SLA), 224 service-oriented architecture (SOA), 221, 388, 392 "service platform" perspective, 196 service providers, 415, 416 service set identifiers See SSIDs service workers, 49 services, 112 SFA See sales force automation shared workspaces, 90 SharePoint (Microsoft), 93, 95, 493 SharePoint MySites (Microsoft), 71 SharePoint Server 2010 (Microsoft), 71, 72, 95 Shopkick (mobile app), 434 shopping bots, 304 SIIA See Software and Information Industry Association Silverlight (plug-in), 220 Simple Storage Service (S3), 215 SimpleDB (Amazon), 249 The Sims (online game), 513 Singapore, monitoring and blocking of Internet access, 15-20 Siri (Apple), 473 six sigma, 521, 548 SkyDrive (Microsoft), 94, 95 Skype (software), 93 SLA See service level agreement slippery-slope rule, 161 small world theory, 425 smart cards, 346, 357 "smart" label, 53 SmartCloud for Business (IBM), 93 SmartCloud for Social Business (IBM), 96 smartphones, 36-37, 53, 109, 134, 140, 210, 307 apps, 225 "bring your own device" (BYOD), 210, 212213, 353 games and entertainment, 434 location-based services, 170-171, 432-433, 439 m-commerce, 413, 432-434, 439 processors for, 216 security, 353 Wikitude.me (service), 433 sniffers, 331 snowboarding, 526-527 SOA See service-oriented architecture Sobig.F (malware), 329 social bookmarking, 456, 475 social business, 37, 89-91 applications of, 90 business benefits of, 90-91 tools for, 96-98, 101 social business tools, 92-97 social classes, equal access to information and computing, 182 social commerce, 90, 425, 427-428 social complementary assets, 57 social computing guidelines, 297 social e-commerce, 425 social engineering, 335 social gaming, 512 social graph, 512, 513 social investments, 58 social marketing, 90 social media, 425 social networking, 90, 97, 305, 425-426 business impact of, 36 e-commerce and, 416, 420-421, 425, 434438 enterprise tools, 93, 96 games and networking, 434 malware and, 329 social search, 303, 426 social shopping, 420 social sign-on, 426 social technology, in e-commerce, 407, 409 social tools, 456 sociologists, on information systems, 59, 62 sociotechnical design, 580 sociotechnical perspective, on information systems, 58-61 software, 47 as a service (SaaS), 215, 224, 230, 249, 389, 416, 541, 15-23 antivirus and antispyware software, 348, 357 application server, 200 application software packages, 540, 541542, 549 big data analysis and visualization, 261 bugs, 176, 335 business intelligence, 15-18 click fraud, 334 cloud-based software, 215, 224, 389 as cloud service, 224 contemporary platform trends, 219-225, 230 copyright, 172 customer relationship management (CRM) systems, 86, 101, 382-385, 392, 518 database management system (DBMS), 244-247, 249-251, 268 debugging, 355 defined, 51 e-business suites, 388 enterprise applications, 83, 85-87, 101, 208, 370-371, 392 enterprise solutions, 388 enterprise suites, 388 facial recognition software, 189, 303, 346 flaws in, 337 intrusive, 167 keyloggers, 330, 336 liability for software bugs, 176 liability law, 175, 176 localization, 15-21-15-22 malware, 167, 178, 328-330, 333, 336, 337338 mashups, 224-225, 230, 304 material inventory tracking system, 277 open source software, 219, 230 outsourcing, 224, 230 patches, 337 patents, 172-173 piracy, 173 potential for catastrophic failure, 176 as product, 416 project management tools, 580-581 project portfolio management software, 581 quality, 353, 355-356 RFID, 312 sentiment analysis software, 260 sniffers, 331 software packages, 223, 541, 549 spam filters, 181 spyware, 167, 330 supply chain management, 376, 392 system performance and, 176 total cost of ownership (TCO), 227, 568 tracking files, 167 trade secret protection, 169 virtualization software, 211 vulnerability of, 335, 337-338 for the Web, 219-220 Web application development tools, 209 Web browsers, 263 wikis, 305, 329, 475 zero defects in, 335, 337 See also collaboration tools Software and Information Industry Association (SIIA), 174 software as a service (SaaS) about, 224, 230, 249, 389, 416, 541, 15-23 cloud software, 215, 224 Web service, 117 software bugs, 176 software controls, 340 Find more at www.downloadslide.com Index software-defined networking (SDN), 281 software integration, 209 software localization, 15-21-15-22 software metrics, 353 software outsourcing, 224, 230 software packages, 223, 541, 549 software patents, 172-173 software quality, 353, 355-356 South Korea, 334 space shifting, 41 spam, 180, 331 spam filtering software, 181 spear phishing, 333 spoofing, 331, 333 SPOs See subprocess owners spyware, 167, 330 SQL (Structured Query Language), 250, 268, 540 SQL Azure Database (Microsoft), 249 SQL injection attacks, 330 SQL Server (Microsoft), 246, 249, 250, 493 SSIDs (service set identifiers), 327 SSL See Secure Sockets Layer standard operating procedures, 114 standards, 314 cell phone standards, 307 e-commerce, 407-408 encryption, 349 technology standards, 205 wireless networking standards, 308 State of Mobility survey (Symantec), 355 stateful inspection, 348 "stickiness", 418 storage area networks See SANs Storm (malware), 329 strategic information systems, 143 strategic planning group, 563 strategic systems analysis, 141 strategic transitions, 142 streaming, 415 structure-based design, 447, 448 structure chart, 534 structured decisions, 486, 508 structured knowledge, 455 structured methodologies, 532-534, 549 Structured Query Language See SQL Stuxnet (worm), 336 subprocess owners (SPOs), 517-518 subscription revenue model, 419 Sudan, cyberwarfare and, 336 SugarCRM (software), 390, 391 super cookies, 165, 166-167 supercomputers, 211 Supervisory Control and Data Acquisition (SCADA) software, 336 supplier intimacy, 128 as business objective, 44 suppliers, competitive advantage and, 125 supply chain, 372-374 concurrent supply chains, 379 demand-driven supply chains, 379 global supply chain, 378-379 Internet and, 376, 379 sequential supply chains, 379 supply chain management, 54, 311, 312 global supply chain, 378-379 information systems and, 374-376 Internet and, 376, 379 software, 376 supply chain management (SCM) systems, 85-86, 372-381, 392, 518, 15-22 business value of, 379-381 cost of, 387 requirements for, 387 supply chain planning systems, 376 support activities, business value chain model, 132 switches, 281 switching costs, 128 Sybase Adaptive Server Enterprise, 208 Sybase Afaria, 213 Symantec Social Media Protection Flash Poll, 296 symmetric key encryption, 349 synergies, 136, 143 Syria, cyberwarfare and, 336 Systat (software), 540 system failure, 176, 558, 559-560, 573 system performance, software bugs and, 176 system quality, 156, 176 system specifications, 529 system testing, 530 systems analysis, 528, 532, 549 systems analysts, 99 systems architecture, international information systems, 15-4 systems design, 528-536, 549 systems development, 517-546 application software packages, 540, 541542, 549 computer-aided software engineering (CASE), 536 conversion, 530, 532 cooptation, 15-16 direct cutover strategy, 531 documentation, 531 end-user development, 539-541, 549 end users and, 529 implementation of new system, 572-574, 577-579, 582, 15-15-15-16 object-oriented development, 534-536, 549 organizational change and, 114, 115, 122, 520-525, 548 outsourcing, 542-543, 549 overview of, 525-536 parallel strategy, 530 phased approach strategy, 531 pilot study strategy, 531 programming, 530, 532 project failure, 176, 558, 559-560, 573 project management, 559-581 prototyping, 538-539, 549 sociotechnical design, 580 structured methodologies, 532-534, 549 system specifications, 529 systems analysis, 528, 532, 549 systems design, 528-536, 549 systems life cycle, 537-538, 549 testing, 530-531, 532 See also project management systems integration services, 209 systems life cycle, 537-538, 549 systems operators, 197 T T1 lines, 288, 314 tablet computers, 36-37, 173, 210, 319 "bring your own device" (BYOD), 210, 212213, 353 tacit knowledge, 450, 454, 463, 475 tagging, 456 Taiwan, 334 637 tangible benefits, 568, 582 task force-networked organizations, 121 taxonomies, 456, 475 TCP/IP (Transmission Control Protocol/ Internet Protocol), 200, 205, 209, 284-285, 288, 314 teams, 88 teamwork, 88 technology disruptive technologies, 117-118 ethical issues in, 156-183, 184 job loss due to, 181-182, 184 technology standards, 205 technostress, 183 telecommunications platforms, 209 telecommunications services, information technology infrastructure, 195, 208-209 telecommunications technology about, 51, 279, 314 international information systems, 15-1015-11 RFID, 277, 310-312, 314 VoIP, 295, 297-298, 326 See also networks and networking telecommuting, 177 telephone systems, liability law, 175 TelePresence (Cisco), 84 telepresence technology, 93, 102 telework, 37 Telnet, 294 test plan, 530 testing, 530-531, 532 text mining, 259-260, 268 textbooks, digital, 148 theft digital media piracy, 173-174, 184 hardware, 178 See also piracy third-party cookies, 165 third-party plug-in applications, 220 Third World, 15-6 3-D printing, 459 3G networks, 307, 314 time shifting, 42 time/space matrix, 97-98 tokens, 346, 357 top-level domain, 289 total cost of ownership (TCO), 227-228, 568 total quality management (TQM), 521, 548 touch point, 381 touch technology, 208 Toxic Substances Control Act (1976), 45 TPS See transaction processing systems TQM See total quality management trackbacks, 304 tracking, 164, 165, 166, 169, 421-422, 423, 424 tracking files, 167 "tradable service" jobs, 41 trade secrets, 169 traditional file environment, 241-244, 268 transaction brokers, 414, 415 transaction cost theory, 119, 142 transaction costs, 405, 439 transaction fee revenue model, 419 transaction processing systems (TPS), 76-77, 101, 501 transborder data flow, 15-7 Transformer Monitoring app, 39 Transmission Control Protocol/Internet Protocol See TCP/IP Find more at www.downloadslide.com 638 Index transnational information systems See international information systems transnational strategy, 15-10, 15-25 transnational systems units, 15-11 Transport layer, 284 transportation management, 378, 379 Trojan horses, 329-330 TRUSTe, 168 tuples, 247 twisted pair wire, 287 Twitter, 36, 89, 97, 210, 297, 304, 305, 329, 381, 389, 402, 416, 425, 426, 427, 428, 433, 434, 548 two-tiered client/server architecture, 199 U ubiquity, in e-commerce, 405, 407 unified communications, 298 unified threat management (UTM), 348-349 unit testing, 530 United States cell phone standards, 307 cybersecurity, 336-337 electrical grid infiltrated, 336 imports and exports, 38 privacy as constitutional right, 162 spamming regulation, 181 universal standards, in e-commerce, 407-408 Unix, 205, 207, 209 unstructured decisions, 486, 508, 509 URL (uniform resource locator), 299 U.S Cost of a Data Breach Study (Ponemon Institute), 333 U.S legislation behavioral targeting, 164, 167, 439 collection of personal information, 168 computer crime, 333-334 copyright, 172, 184 medical records, 338-339 privacy, 162-164, 190 record retention, 45, 357 spamming regulation, 181 trade secrets, 169 user-designer communications gap, 573 user interface, 560 Utilitarian Principle, 161 utility computing, 215 UTM See unified threat management V value chain business information, 55-56, 131-133, 143 global value chains, 15-19-15-22 knowledge management, 451-453 value chain model, 55-56, 131-133, 143 value web, 133, 135-136, 143 VAX machines (computers), 197 Vertica Massively Parallel Processing (MPP) architecture, 512 video files, piracy, 174 videoconferencing, 42, 93 viral coefficient, 512 virtual companies (virtual organizations), 138, 143 virtual meeting software, 93 virtual meetings, 37 virtual private networks See VPNs Virtual Reality Modeling Language See VRML virtual reality systems, 459, 461, 462, 475 "virtual water cooler", 97 virtual worlds, 93 virtualization, 211, 213, 230 viruses See computer viruses and worms VMware, 211 VoIP (voice over IP), 295, 297-298, 326 voyage-estimating decision-support system, 81 VPNs (virtual private networks), 298, 299, 314, 349, 15-20 VRML (Virtual Reality Modeling Language), 462 W W3C See World Wide Web Consortium walkthrough, 355 WANs (wide area networks), 286, 287, 314 war driving, 327 warehouse management, 376, 379, 397 Warehouse Management System (WMS), 376 Web, 298-307 databases and, 262-263, 268 "deep Web", 300 future trends, 305-307 mashups, 225, 230, 304 pharming, 333 portals, 82, 413-414, 475 Semantic Web, 306 software for, 219-220 URL (uniform resource locator), 299 Web 2.0, 304-305 Web 3.0, 305-306 Web servers, 199, 209, 300 See also Internet Web 2.0, 304-305, 420 Web 3.0, 305-306 Web addresses, 288-289, 299 Web Apps (Microsoft), 95 Web-based online meeting tool, 94 Web-based supply chain management tools, 376, 379 Web beacons, 167 Web browsers, 152, 220, 263 Web bugs, 167, 168 Web conferencing, 42, 93 Web-enabled databases, 262-263, 268 Web hosting service, 209 Web mashups, 225, 230, 304 Web mining, 260, 268 Web monitoring, tools for, 184 Web protocols, 221 Web servers, 199, 209, 300 Web services, 215, 221, 230, 545, 549 Web Services (Amazon), 215, 249 Web sites, 299 affiliate Web sites, 420 budgets, 438 building, 435-438, 440 for e-commerce, 435-438 failure of, 560 hosting, 437-438 personalization, 422, 423 search engine optimization (SEO), 302 social sign-on, 426 visitor tracking, 164, 165, 166, 169, 421422, 423, 424 Web tracking See online tracking WebEx (Cisco), 94 WebFOCUS (software), 540 WebSphere (IBM), 562 WEP See Wired Equivalent Privacy Wi-Fi, 309, 314, 327, 357 Wi-Fi Protected Access (WPA2), 349 wide area networks See WANs WikiLocation-based services, 432 Wikipedia, 93 wikis, 90, 93, 305, 329, 475 Wikitude.me (service), 433 WiMax, 307, 310, 314 Windows 38 operating system, 148, 208 Windows domain network model, 287 Windows Messenger, 294 Windows operating system, 139, 148, 200, 207, 208, 286, 318 Windows Server (Microsoft), 207, 209, 286 Wintel PCs, 197, 199, 205 Wire Fraud Act, 333 Wired Equivalent Privacy (WEP), 349 wireless modems, 285 wireless networking standards, 308 wireless networks, 309, 349, 357 wireless sensor networks (WSNs), 313, 314 wireless technology, 307-313 Bluetooth, 308-309, 314, 327, 328, 336 cell phones, 35, 36, 170-171, 307 hotspots, 309, 310 Internet access, 309-310 malware and, 328 RFID, 277, 310-312, 314 securing wireless networks, 349 security vulnerabilities, 327-328 Wi-Fi, 309, 314, 327, 357 WiMax, 307, 310, 314 wireless sensor networks (WSNs), 313, 314 See also mobile handheld devices; smartphones wireless transmission media, 287 Wiretap Act, 333 wisdom, 450 "wisdom of crowds", 89, 389, 420-421, 439 WMS See Warehouse Management System Word (Microsoft), 95 work changing nature of, 88 growth of professional work, 89 job loss due to technology, 181-182, 184 See also jobs workgroup network model, 286 World Wide Web about, 51, 205 copyrighted information and, 173, 184 history of, 117 World Wide Web Consortium (W3C), 221, 306, 314 Worldwide Interoperability for Microwave Access See WiMax worms (malware), 329, 336 WPA2 See Wi-Fi Protected Access WSNs See wireless sensor networks X Xalkori (drug), 447 Xbox (Microsoft), 318, 419 XenDesktop (Citrix Systems), 213 Xerox Alto (computer), 197 XML (Extensible Markup Language), 221, 545 Find more at www.downloadslide.com Index Y Yahoo!, 129, 140, 152, 166, 168, 177, 210, 224, 256, 300, 302, 304, 305, 413, 434 Yahoo! Merchant Solutions, 437 Yahoo! Messenger, 294 Yahoo! RightMedia, 422 Yammer (Microsoft), 93, 96, 97 YouTube, 168, 296, 389, 426, 434, 548 Z "zombie" PCs, 331 Zoom.us (software), 93 Zynga With Friends (service), 514 639 Find more at www.downloadslide.com Customer reservation system Database querying and reporting Chapter Improving marketing decisions Spreadsheet pivot tables Chapter 12 Customer profiling Database design Database querying and reporting Chapter 6* Customer service analysis Database design Database querying and reporting Chapter Sales lead and customer analysis Database design Database querying and reporting Chapter 13 Blog creation and design Blog creation tool Chapter Internet Skills Using online software tools to calculate shipping costs Chapter Using online interactive mapping software to plan efficient transportation routes Chapter Researching product information and evaluating Web sites for auto sales Chapter Using Internet newsgroups for marketing Chapter Researching travel costs using online travel sites Chapter Searching online databases for products and services Chapter Using Web search engines for business research Chapter Researching and evaluating business outsourcing services Chapter Researching and evaluating supply chain management services Chapter Evaluating e-commerce hosting services Chapter 10 Using shopping bots to compare product price, features, and availability Chapter 11 Using online software tools for retirement planning Chapter 12 Redesigning business processes for Web procurement Chapter 13 Researching real estate prices Chapter 14 Researching international markets and pricing Chapter 15 Analytical, Writing and Presentation Skills* BUSINESS PROBLEM CHAPTER Management analysis of a business Chapter Value chain and competitive forces analysis Business strategy formulation Chapter Formulating a corporate privacy policy Chapter Employee productivity analysis Chapter Disaster recovery planning Chapter Locating and evaluating suppliers Chapter Developing an e-commerce strategy Chapter 10 Identifying knowledge management opportunities Chapter 11 Identifying international markets Chapter 15 *Dirt Bikes Running Case on MyMISLab Find more at www.downloadslide.com INTEGRATING BUSINESS WITH TECHNOLOGY By completing the projects in this text, students will be able to demonstrate business knowledge, application software proficiency, and Internet skills.These projects can be used by instructors as learning assessment tools and by students as demonstrations of business, software, and problem-solving skills to future employers Here are some of the skills and competencies students using this text will be able to demonstrate: Business Application skills: Use of both business and software skills in real-world business applications Demonstrates both business knowledge and proficiency in spreadsheet, database, and Web page/blog creation tools Internet skills: Ability to use Internet tools to access information, conduct research, or perform online calculations and analysis Analytical, writing and presentation skills: Ability to research a specific topic, analyze a problem, think creatively, suggest a solution, and prepare a clear written or oral presentation of the solution, working either individually or with others in a group Business Application Skills BUSINESS SKILLS SOFTWARE SKILLS CHAPTER Finance and Accounting Financial statement analysis Spreadsheet charts Chapter 2* Spreadsheet formulas Spreadsheet downloading and formatting Chapter 10 Pricing hardware and software Spreadsheet formulas Chapter Technology rent vs buy decision Total Cost of Ownership (TCO) analysis Spreadsheet formulas Chapter 5* Analyzing telecommunications services and costs Spreadsheet formulas Chapter Risk assessment Spreadsheet charts and formulas Chapter Retirement planning Spreadsheet formulas and logical functions Chapter 11 Capital budgeting Spreadsheet formulas Chapter 14 Chapter 14* Employee training and skills tracking Database design Database querying and reporting Chapter 13* Job posting database and Web page Database design Web page design and creation Chapter 15 Analyzing supplier performance and pricing Spreadsheet date functions Database functions Data filtering Chapter Inventory management Importing data into a database Database querying and reporting Chapter Bill of materials cost sensitivity analysis Spreadsheet data tables Spreadsheet formulas Chapter 12* Database querying and reporting Chapter Human Resources Manufacturing and Production Sales and Marketing Sales trend analysis Find more at www.downloadslide.com REVIEWERS AND CONSULTANTS CONSULTANTS AUSTRALIA Robert MacGregor, University of Wollongong Alan Underwood, Queensland University of Technology SWITZERLAND Andrew C Boynton, International Institute for Management Development Walter Brenner, University of St Gallen Donald A Marchand, International Institute for Management Development UNITED KINGDOM CANADA Wynne W Chin, University of Calgary Len Fertuck, University of Toronto Robert C Goldstein, University of British Columbia Rebecca Grant, University of Victoria Kevin Leonard, Wilfrid Laurier University Anne B Pidduck, University of Waterloo GERMANY Lutz M Kolbe, University of Göttingen Detlef Schoder, University of Cologne GREECE Anastasios V Katos, University of Macedonia HONG KONG Enoch Tse, Hong Kong Baptist University INDIA Sanjiv D Vaidya, Indian Institute of Management, Calcutta ISRAEL Phillip Ein-Dor, Tel-Aviv University Peretz Shoval, Ben Gurion University MEXICO Noe Urzua Bustamante, Universidad Tecnológica de México NETHERLANDS E.O de Brock, University of Groningen Theo Thiadens, University of Twente Charles Van Der Mast, Delft University of Technology PUERTO RICO, Commonwealth of the United States Brunilda Marrero, University of Puerto Rico SOUTH AFRICA Daniel Botha, University of Stellenbosch SWEDEN Mats Daniels, Uppsala University ENGLAND G.R Hidderley, University of Central England, Birmingham Christopher Kimble, University of York Jonathan Liebenau, London School of Economics and Political Science Kecheng Liu, Staffordshire University SCOTLAND William N Dyer, Falkirk College of Technology UNITED STATES OF AMERICA Tom Abraham, Kean University Evans Adams, Fort Lewis College Kamal Nayan Agarwal, Howard University Roy Alvarez, Cornell University Chandra S Amaravadi, Western Illinois University Beverly Amer, Northern Arizona University John Anderson, Northeastern State University Rahul C Basole, Georgia Institute of Technology Jon W Beard, University of Richmond Patrick Becka, Indiana University Southeast Michel Benaroch, Syracuse University Cynthia Bennett, University of Arkansas at Pine Bluff Nancy Brome, Southern NH University Kimberly Cass, University of Redlands Jason Chen, Gonzaga University Edward J Cherian, George Washington University P C Chu, Ohio State University, Columbus Kungwen Chu, Purdue University, Calumet Richard Clemens, West Virginia Wesleyan College Lynn Collen, St Cloud State University Jakov Crnkovic, SUNY Albany John Dalphin, SUNY Potsdam Marica Deeb, Waynesburg College William DeLone, American University Cindy Drexel, Western State College of Colorado Warren W Fisher, Stephen F Austin State University Sherry L Fowler, North Carolina State University William B Fredenberger, Valdosta State University Bob Fulkerth, Golden Gate University Mark A Fuller, Baylor University Minnie Ghent, Florida Atlantic University Amita Goyal, Virginia Commonwealth University Bobby Granville, Florida A&M University Find more at www.downloadslide.com Richard Grenci, John Carroll University Jeet Gupta, Ball State University Vijay Gurbaxani, University of California, Irvine Rassule Hadidi, University of Illinois, Springfield Jeff Harper, Indiana State University William L Harrison, Oregon State University Joe Harrison, Union University Dorest Harvey, University of Nebraska Omaha Shohreh Hashemi, University of Houston—Downtown Albert M Hayashi, Loyola Marymount University Anthony Hendrickson, Iowa State University Michelle Hepner, University of Central Oklahoma Rick Hicks, Florida Atlantic University Marianne Hill, Furman University Bart Hodge, Virginia Commonwealth University Jack Hogue, University of North Carolina, Charlotte Rui Huang, Binghamton University, SUNY Duke Hutchings, Elon University George Jacobson, California State University, Los Angeles Carolyn Jacobson, Marymount University Murray Jennex, University of Phoenix Rob Kauffman, University of Minnesota Timothy Kayworth, Baylor University Robert W Key, University of Phoenix Stephen Klein, Ramapo College Virginia Kleist, West Virginia State University Cenk Kocas, Michigan State University Brian Kovar, Kansas State University Al Lederer, University of Kentucky Ingyu Lee, Troy University Robert Lee, Chapman University Roger Letts, Fairleigh Dickinson University Stanley Lewis, The University of Southern Mississippi Teresita Leyell, Washburn University Susan K Lippert, George Washington University Jeffrey Livermore, Walsh College Bruce Lo, University of Wisconsin-Eau Claire Carl Longnecker, Loyola University Treise Lynn, Wingate University Jane Mackay, Texas Christian University Efrem G Mallach, University of Massachusetts, Lowell Gary Margot, Ashland University Kipp Martin, University of Chicago Khris McAlister, University of Alabama, Birmingham Sue McDaniel, Bellevue University Ronald E McGaughey, Arkansas Tech University Roger McHaney, Kansas State University Patricia McQuaid, California Polytechnic State Institute Charles Menifield, University of Memphis Lisa Miller, University of Central Oklahoma Cindi Nadelman, New England College Peter J Natale, Regent University Denise Nitterhouse, DePaul University Michelle Parker, Indiana University—Purdue University Fort Wayne Alan Graham Peace, West Virginia University Leah R Pietron, University of Nebraska Jack Powell, University of South Dakota Leonard Presby, William Patterson University Sheizaf Rafaeli, University of Michigan Sasan Rahmatian, California State University, Fresno Eliot Rich, University at Albany, SUNY Leasa Richards-Mealy, Columbia College James Riha, Northern Illinois University Stephanie Robbins, University of North Carolina, Charlotte Marcel Robelis, University of North Dakota Ian Robinson, University of San Francisco Alan Roper, Golden Gate University Peter A Rosen, University of Evansville Paula Ruby, Arkansas State University Naveed Saleem, University of Houston, Clear Lake Joko W Saputro, University of Wisconsin, Madison David Scanlan, California State University, Sacramento Donna M Schaeffer, Marymount University Werner Schenk, University of Rochester Kala Chand Seal, Loyola Marymount University Richard S Segall, Arkansas State University Ivan J Singer, University of Hartford Rod Sink, Northern Illinois University Guy Smith, Embry-Riddle Aeronautical University Kathy Stevens, Merrimack College Troy Strader, Drake University Dennis Strouble, Bowling Green State University Michael JD Sutton, Kent State University Gladys Swindler, Fort Hays State University Bernadette Szajna, Texas Christian University John Tarjan, California State University, Bakersfield Pam Taylor, University of Tennessee at Chattanooga Claire Theriault-Perkins, University of Maine at Augusta Jennifer Thomas, Pace University Jon C Tomlinson, University of Northwestern Ohio Kranti Toraskar, Penn State University Goran Trajkovski, Towson University Duane Truex, Georgia State University B.S Vijayaraman, University of Akron Patrick J Walsh, State University of New York, Binghamton Diane Walz, University of Texas, San Antonio Frederick Wheeler, University of Maryland, University College Lanny Wilke, Montana State University-Northern Karen L Williams, University of Texas at San Antonio Jennifer Williams, University of Southern Indiana Paul Witman, California Lutheran University Erma Wood, University of Arkansas, Little Rock Kathie Wright, Purdue University Marie A Wright, Western Connecticut State University James H Yu, Santa Clara University Fan Zhao, Florida Gulf Coast University Find more at www.downloadslide.com ™ MyMISLab Could you increase your knowledge—and raise your grade— if you… …used an online tutorial that assisted you with Access and Excel skills mapped to this book? …learned to use Microsoft’s SharePoint, the number one organizational tool for file sharing and collaboration? …had access to an online version of this textbook? MyMISLab is a valuable tool for your student success and your business career Visit www.pearsonglobaleditions.com/mymislab to learn more ... Password Theft,” The Wall Street Journal, June 10, 20 12; “Lax Security at LinkedIn Is Laid Bare,” The New York Times, June 10, 20 12; “Why ID Thieves Love Social Media,” Marketwatch, March 25 , 20 12 T... March 12, 20 12; Thomas Erdbrink, “Iran Confirms Attack by Virus That Collects Information, ” The New York Times, May 29 , 20 12; Nicole Perlroth, “Virus Infects Computers Across Middle East,” The New... to the company They must conduct a business impact analysis to identify the firm s most critical systems and the impact a systems outage would have on the business Management must determine the