MIPP#4

MBA 5401, Management Information Systems 1

Course Learning Outcomes for Unit IV Upon completion of this unit, students should be able to:

3. Explain how information technology systems influence organizational strategies. 3.1 Discuss how changes in telecommunications and networks are introducing fundamental

changes in organizational strategies. 5. Critique core information systems applications from a business perspective.

5.1 Discuss why telecommunications technology is vital to many organizations. 5.2 Explain why data management has a tremendous impact on an organization’s survival.

6. Assess the procedures for securing information systems.

6.1 Explain how an organization’s information systems are vulnerable to internal and external threats.

Course/Unit Learning Outcomes

Learning Activity

3.1 Unit Lesson Chapter 7, pp. 250–285, 290–292 Unit IV PowerPoint Presentation

5.1 Unit Lesson Chapter 7, pp. 250–285, 290–292 Unit IV PowerPoint Presentation

5.2 Chapter 8, pp. 294–327, 333–335 Unit IV PowerPoint Presentation

6.1 Unit Lesson Chapter 8, pp. 294–327, 333–335 Unit IV PowerPoint Presentation

Required Unit Resources Chapter 7: Telecommunications, the Internet, and Wireless Technology, pp. 250–285, 290–292 Chapter 8: Securing Information Systems, pp. 294–327, 333–335

Unit Lesson Telecommunications, the Internet, and Wireless Technology Telecommunications, networks, and wireless technology are now introducing fundamental changes in business. The opening case in Chapter 7, “Tour de France Wins with Wireless Technology,” demonstrated that digital technology was essential for attracting and retaining athletes, broadcasters, fans, and sponsors. To acquire a competitive edge against other bicycling sports, the data from Tour de France racing bikes was relayed to television viewers within seconds. These bikes had a small tracking sensor attached to the seat that provided the rider’s location via a Global Positioning System (GPS) chip and a radio frequency chip. This technology also relayed the biker’s speed nearly every second so that coaches and viewers alike could see how the biker was performing during the race. This data could also be viewed using a mobile app, and riders wore earpieces that communicated real-time data throughout the race. The device also collected biometric

UNIT IV STUDY GUIDE

Telecommunications, the Internet, Wireless Technology, and Securing Information Systems

MBA 5401, Management Information Systems 2

UNIT x STUDY GUIDE

Title

data, but this information was not relayed to the public; it was kept private between the bikers and the coaching teams. Digital technology provided fans with increased involvement in the sport by allowing them to view the data on their televisions and mobile apps, and providing viewers with the ability to discuss the results on social media. Since the data was made available through digital and social media, viewership of the cycling sport has soared. This is an excellent example of how businesses are adapting to new technologies based on the Internet. As technology improves, businesses must continually evolve. Networks and Telecommunications Most of us know what a network is, even if it might be hard to describe. Simply, a network is a way to connect two or more computer devices together. As they grow, they get more complicated, but it is the same basic concept. Now, you have to add switches and routers into the mix so that something manages the data that is flowing around. To communicate, we must have some sort of rules or a protocol. The main protocol is Transmission Control Protocol/Internet Protocol (TCP/IP), which allows for computers to talk to each other even if they are on completely different platforms. We have IP addresses so that data can find the way to us. Our IP address system is even evolving. Our current system (e.g., 123.1.1.1) is changing to IPv6 (with more than a quadrillion possible addresses). Organizations also have internal intranets for employees to use. This keeps their data separate from the outside world. Organizations may also use a virtual private network (VPN), which is a secure, encrypted private network. Can you imagine where this might be beneficial? Consider those employees who log into their work remotely. All of this has led to other types of growth areas. The website has advanced due to speed capabilities offered by the Internet and improved media. People want their information now. Many people will only wait a matter of seconds for a webpage to load before moving on to another website. This puts an amazing strain on businesses to constantly keep up with current technologies. What do you think? Additionally, the trend for websites has evolved to be more social. Customers are encouraged to leave feedback. They can post pictures or videos of themselves and the product. Once again, technology has to evolve to allow for this functionality. Where do you imagine technology will be 10 years from now? Information Systems Security Security in an IT infrastructure: Most people understand the value of having a secure working environment. Not only is information technology (IT) concerned with the physical security of its assets (e.g., laptops, computers, printers, servers), but it also has to be concerned with virtual security. Below are some questions to ask ourselves.

• How do we keep our biggest asset, our data, safe from thieves?

• How do we control access to our systems and keep the hackers out?

• How do we keep out networks safe from an attack so that we can maintain business continuity?

• How can we possibly keep up with all of the risks? Organizations today are constantly dealing with these issues. Networks are separated to allow access only to those who need it. Firewalls are installed, and antivirus software (as well as other types of security applications) must be kept up-to-date. Vulnerabilities can come from the Internet in the form of a Denial-of- Service (Dos) attack. E-mail can contain bad attachments. We have all heard of malware. Malware is malicious software that includes viruses, worms, Trojan horses, Structured Query Language (SQL) injection attacks, ransomware, spyware, and keyloggers.

MBA 5401, Management Information Systems 3

UNIT x STUDY GUIDE

Title

Thieves and hackers are developing new ways to hack into systems all of the time. Ask any large company security professional, and they will tell you that people are sniffing their networks every day and looking for vulnerabilities. Not only can security threats come from the outside, but they can occur on the inside. Think of the disgruntled employee who wants to sell the latest trade secrets of the company. Think of the employee with a gambling addiction who wants to figure out a way to skim money from the company. Some employee threats are not even malicious. The software developer may accidentally place a vulnerability into the system by not adding the correct security into an internal software application. Business value of a secure system: Think of recent news items, such as the Target credit card breach. It is just bad publicity for one thing, but allowing people’s money to be stolen is never good for business. The hard truth is that breaches like the one that Target had can cost companies millions of dollars. All of that stolen money has to be paid back. Credit cards have to be replaced, which come with a large fee from the bank. There are fines that have to be paid as well. The company is ultimately liable and has to pay all of those charges. The compliance or business value side of this involves the Sarbanes-Oxley Act regulations for record retention and data integrity. The credit card section includes payment card industry (PCI) compliance. If you do not pass PCI compliance, then as a business, you will not be allowed to accept credit cards. The Gramm- Leach-Bliley Act of 1999 also calls for security and confidentiality of data. The Health Insurance Portability and Accountability Act (HIPAA) deals with medical security and privacy. Businesses have to adhere to governmental laws for data security, or they will find themselves in a legal predicament. Legal predicaments just mean one thing to most organizations: “This is going to cost us money.” For this reason, companies in the last 10 years or so have added security and compliance to their ongoing strategic initiatives. Many companies will hire outside risk-assessment teams to evaluate their potential physical and virtual risks. Also, this means adding yet another item to the annual budget. Nowadays, organizations need security teams and security software that will monitor systems and either detect or prevent threats. E-mail and Internet usage has to be logged, and network activity has to be monitored and logged. Not only is that software costly, but they need servers and databases to store the data and the applications. From a legal standpoint, a company has to be able to respond to any legal request for information. Electronic records management is very important to contingency planning. Management of information system controls: An organization has to know where its risks and vulnerabilities are located. Security controls need to be put in place to protect the data and the systems. Organizations also have to develop security policies. In addition to security policies, there are acceptable use policies that define the acceptable use of a company’s information-based assets and computing equipment. There are different types of information system controls. All of these controls and policies make up an organization’s security framework. There are two information system controls: general controls and application controls. There are six types of general controls: software controls, hardware controls, computer operations controls, data security controls, implementation controls, and administrative controls. There are three types of application controls: input controls, processing controls, and output controls. In addition to an organization’s policies and controls, there will usually be an internal and external auditing function. Internal auditors try and catch any security and control issues before the external auditors are let loose. Amazingly, an organization is required to hire external auditors to (hopefully) put their stamp of approval on the organization’s systems, controls, documentation, and procedures. Other parts of risk assessments, controls, and policies include disaster recovery and business continuity. Disaster recovery involves the creation and implementation of a plan to restore the IT side of the business when there has been some type of disruption. A server that goes bad may failover to a server stored in another city that houses the servers. The disaster recovery center will likely be an exact duplicate of the existing operational data center. A business continuity plan will hold all of the information pertinent to getting the business up and running again in case of an emergency. Can you see how disaster recovery and business continuity go hand-in-hand?

MBA 5401, Management Information Systems 4

UNIT x STUDY GUIDE

Title

Summary In summary, no single method to securing information systems is enough. Businesses must incessantly upgrade their security software to outsmart hackers and computer criminals.

Reference

Laudon, K. C., & Laudon, J. L. (2020). Management information systems: Managing the digital firm (16th ed.). Pearson.

Suggested Unit Resources In order to access the following resources, click the links below. To reinforce the concepts from this unit, view the Chapter 7 Presentation (PDF for Chapter 7 Presentation). To reinforce the concepts from this unit, view the Chapter 8 Presentation (PDF for Chapter 8 Presentation). Your textbook has video cases that correlate with the information being presented in the assigned chapter readings. You are encouraged to review the video cases relating to Chapter 7 below. Cisco. (2013, May 2). Cisco TelePresence redefines Hollywood collaboration [Video]. YouTube.

https://www.youtube.com/watch?v=4xGMH95sAgo Transcript for Cisco TelePresence Redefines Hollywood Collaboration video HCL Digital Solutions. (2013, December 6). IBM Sametime meetings on a tablet [Video]. YouTube.

https://www.youtube.com/watch?v=cYGOyyFYvXE Transcript for IBM Sametime Meetings on a Tablet video You are encouraged to review the video cases relating to Chapter 8 below. CBS News. (2012, March 5). “60 Minutes” investigates cyberwarfare [Video]. YouTube.

https://www.youtube.com/watch?v=kw--zLJT3ak&playnext=1&list=PLs_q-cHb8wi-PP0lAHS4 Transcript for “60 Minutes” Investigates Cyberwarfare video TEDx. (2015, June 29). Cyberwar | Amy Zegart | TEDxStanford [Video]. YouTube.

https://www.youtube.com/watch?v=JSWPoeBLFyQ Transcript for Cyberwar | Amy Zegart |TEDxStanford video