Unit IV

ITC 5301, Management Information Systems 1

Course Learning Outcomes for Unit IV Upon completion of this unit, students should be able to:

3. Explain how information technology systems influence organizational strategies. 3.2 Discuss how changes in telecommunications and networks are introducing fundamental

changes in organizational strategies.

5. Critique core information systems applications from a business perspective. 5.2 Discuss why telecommunications technology is vital to many organizations. 5.3 Explain why data management has a tremendous impact on an organization’s survival.

6. Assess the procedures for securing information systems.

6.1 Explain how an organization’s information systems are vulnerable to internal and external threats.

Required Unit Resources Chapter 7: Telecommunications, the Internet, and Wireless Technology Chapter 8: Securing Information Systems Unit Lesson

Telecommunications, the Internet, and Wireless Technology Telecommunications, networks, and wireless technology are now introducing fundamental changes in business. The opening case in Chapter 7, “The National Hockey League Scores with Wireless Technology,” demonstrated that digital technology was essential for attracting and retaining athletes, broadcasters, fans, and sponsors. NHL hockey has a large fan base, that are attuned to digital media. So to keep them engaged, Management turns to wireless networking technology and the Internet of Things (IoT). The NHL is thus able to provide real- time game statistics, and content for TV broadcasts and streaming to mobile devices. Not only that they are able to increase the popularity of the sport and fans’ interest, they are also able to expand their fan base and increase revenue. Wireless networking and sensor technology provides NHL with powerful capabilities and opportunities. The speed and position of players as well as the hockey puck, along with other important information are tracked and delivered instantaneously to team management, fans, and broadcasters. Telecommunications, the internet, and wireless technology provided fans with increased involvement in the sport by allowing them to view the data on their televisions and mobile apps, and providing viewers with the ability to discuss the results on social media. Since the data was made available through digital and social media, viewership of the sport has soared. This is an excellent example of how businesses are adapting to new technologies based on the internet. As technology improves, businesses must continually evolve. In addition to Wi-Fi, another popular wireless technology is Bluetooth. Bluetooth is a wireless networking standard that is used to link up devices within a 10-meter area using low-power, radio-based communication. Bluetooth technology is used in a small personal area such as within a home environment or in a car. For

UNIT IV STUDY GUIDE Telecommunications, the Internet, Wireless Technology, and Securing Information Systems

ITC 5301, Management Information Systems 2

UNIT x STUDY GUIDE Title

example, Bluetooth connects wireless keyboards and mice to PCs or cell phones to car audio systems without wires. Worldwide Interoperability for Microwave Access (WiMax) is a new wireless technology that caters to rural areas and locations that do not have access to fixed broadband connectivity or Wi-Fi. WiMax has a wireless access range of up to 31 miles and transmission speed of 30–40 Mbps, and up to 1 Gbps for fixed stations (Laudon & Laudon, 2022). These new high-speed services have extended Internet access to numerous locations that could not be covered by traditional wired internet services and have made ubiquitous computing a reality.

Networks and Telecommunications Most of us know what a network is, even if it might be hard to describe. Simply, a network is a way to connect two or more computer devices together. As they grow, they get more complicated, but it is the same basic concept. Now, you have to add switches and routers into the mix so that something manages the data that is flowing around. To communicate, we must have some sort of rules or a protocol. The main protocol is Transmission Control Protocol/Internet Protocol (TCP/IP), which allows for computers to talk to each other even if they are on completely different platforms. We have IP addresses so that data can find the way to us. Our IP address system is even evolving. Our current system (e.g., 123.1.1.1) is changing to IPv6 (with more than a quadrillion possible addresses). Organizations also have internal intranets for employees to use. This keeps their data separate from the outside world. Organizations may also use a virtual private network (VPN), which is a secure, encrypted private network. Can you imagine where this might be beneficial? Consider those employees who log into their work remotely. All of this has led to other types of growth areas. The website has advanced due to speed capabilities offered by the Internet and improved media. People want their information now. Many people will only wait a matter of seconds for a webpage to load before moving on to another website. This puts an amazing strain on businesses to constantly keep up with current technologies. What do you think? Additionally, the trend for websites has evolved to be more social. Customers are encouraged to leave feedback. They can post pictures or videos of themselves and the product. Once again, technology has to evolve to allow for this functionality. Where do you imagine technology will be 10 years from now?

Information Systems Security Most people understand the value of having a secure working environment. Not only is information technology (IT) concerned with the physical security of its assets (e.g., laptops, computers, printers, servers), but it also has to be concerned with virtual security. Below are some questions to ask ourselves.

• How do we keep our biggest asset, our data, safe from thieves? • How do we control access to our systems and keep the hackers out? • How do we keep out networks safe from an attack so that we can maintain business continuity? • How can we possibly keep up with all of the risks?

Organizations today are constantly dealing with these issues. Networks are separated to allow access only to those who need it. Firewalls are installed, and antivirus software (as well as other types of security applications) must be kept up-to-date. Vulnerabilities can come from the Internet in the form of a Denial-of- Service (Dos) attack. E-mail can contain bad attachments. We have all heard of malware. Malware is malicious software that includes viruses, worms, Trojan horses, Structured Query Language (SQL) injection attacks, ransomware, spyware, and keyloggers.

ITC 5301, Management Information Systems 3

UNIT x STUDY GUIDE Title

Thieves and hackers are developing new ways to hack into systems all of the time. Ask any large company security professional, and they will tell you that people are sniffing their networks every day and looking for vulnerabilities. More and more, we have seen a proliferating of a malware known as ransomware. Cybersecurity Ventures estimated the global cost of ransomware attacks is $20 billion in 2021 and will approach $265 billion by 2031 (Morgan, 2021). Attackers try to extort money from their victims by taking control of their systems, encrypting the data, and demanding a high ransom pay to end the hack. For example, in 2019, an attacker used a ransomware called Sodinokibi to infiltrate 22 Texas cities and held them hostage for millions of dollars (Fruhlinger 2020). You can get ransomware from downloading an infected attachment, clicking a link inside an email, or visiting the wrong website. Not only can security threats come from the outside, but they can occur on the inside. Think of the disgruntled employee who wants to sell the latest trade secrets of the company. Think of the employee with a gambling addiction who wants to figure out a way to skim money from the company. Some employee threats are not even malicious. The software developer may accidentally place a vulnerability into the system by not adding the correct security into an internal software application.

Business Value of a Secure System Think of recent news items, such as the Target credit card breach. It is just bad publicity for one thing, but allowing people’s money to be stolen is never good for business. The hard truth is that breaches like the one that Target had can cost companies millions of dollars. All of that stolen money has to be paid back. Credit cards have to be replaced, which come with a large fee from the bank. There are fines that have to be paid as well. The company is ultimately liable and has to pay all of those charges. The compliance or business value side of this involves the Sarbanes-Oxley Act regulations for record retention and data integrity. The credit card section includes payment card industry (PCI) compliance. If you do not pass PCI compliance, then as a business, you will not be allowed to accept credit cards. The Gramm- Leach-Bliley Act of 1999 also calls for security and confidentiality of data. The Health Insurance Portability and Accountability Act (HIPAA) deals with medical security and privacy. Businesses have to adhere to governmental laws for data security, or they will find themselves in a legal predicament. Legal predicaments just mean one thing to most organizations: “This is going to cost us money.” For this reason, companies in the last 10 years or so have added security and compliance to their ongoing strategic initiatives. Many companies will hire outside risk-assessment teams to evaluate their potential physical and virtual risks. Also, this means adding yet another item to the annual budget. Nowadays, organizations need security teams and security software that will monitor systems and either detect or prevent threats. E-mail and Internet usage has to be logged, and network activity has to be monitored and logged. Not only is that software costly, but they need servers and databases to store the data and the applications. From a legal standpoint, a company has to be able to respond to any legal request for information. Electronic records management is very important to contingency planning.

Management of Information System Controls An organization has to know where its risks and vulnerabilities are located. Security controls need to be put in place to protect the data and the systems. Organizations also have to develop security policies. In addition to security policies, there are acceptable use policies that define the acceptable use of a company’s information- based assets and computing equipment. There are different types of information system controls. All of these controls and policies make up an organization’s security framework. There are two information system controls: general controls and application controls. There are six types of general controls: software controls, hardware controls, computer operations controls, data security controls, implementation controls, and administrative controls. There are three types of application controls: input controls, processing controls, and output controls. In addition to an organization’s policies and controls, there will usually be an internal and external auditing function. Internal auditors try and catch any security and control issues before the external auditors are let

ITC 5301, Management Information Systems 4

UNIT x STUDY GUIDE Title

loose. Amazingly, an organization is required to hire external auditors to (hopefully) put their stamp of approval on the organization’s systems, controls, documentation, and procedures. Other parts of risk assessments, controls, and policies include disaster recovery and business continuity. Disaster recovery involves the creation and implementation of a plan to restore the IT side of the business when there has been some type of disruption. A server that goes bad may failover to a server stored in another city that houses the servers. The disaster recovery center will likely be an exact duplicate of the existing operational data center. A business continuity plan will hold all of the information pertinent to getting the business up and running again in case of an emergency. Can you see how disaster recovery and business continuity go hand-in-hand?

Summary In summary, no single method to securing information systems is enough. Businesses must incessantly upgrade their security software to outsmart hackers and computer criminals.

References Fruhlinger, J. (2020). Top cybersecurity facts, figures, and statistics for 2020.

www.csoonline.com/article/3153707/top-cybersecurity-facts-figures-and-statistics.html Laudon, K. C., & Laudon, J. L. (2022). Management information systems: Managing the digital firm (17th ed.).

Pearson. Morgan, S. (2021, December 30). Global ransomware damage costs predicted to exceed $265 billion by

2031. CyberCrime Magazine. https://cybersecurityventures.com/global-ransomware-damage-costs- predicted-to-reach-250-billion-usd-by-2031/

Suggested Unit Resources In order to access the following resources, click the links below. To reinforce the concepts from this unit, you are encouraged to review the following:

• Chapter 7 PowerPoint Presentation (PDF for Chapter 7 PowerPoint presentation)

• Chapter 8 PowerPoint Presentation (PDF for Chapter 8 PowerPoint presentation)

The following video cases mentioned in your eTextbook augment the information presented in the assigned chapter readings. You are encouraged to review the Chapter 7 and 8 video cases linked below. A transcript can be accessed for each video within the YouTube player by clicking on the three dots below the video title on the right. Closed-captioning can be turned on by clicking the “cc” icon at the bottom of each video. CBS News. (2012, March 5). “60 Minutes” investigates cyberwarfare [Video]. YouTube.

https://www.youtube.com/watch?v=kw--zLJT3ak TEDx. (2015, June 29). Cyberwar | Amy Zegart | TEDxStanford [Video]. YouTube.

https://www.youtube.com/watch?v=JSWPoeBLFyQ

ITC 5301, Management Information Systems 1

Course Learning Outcomes for Unit IV Upon completion of this unit, students should be able to:

3. Explain how information technology systems influence organizational strategies. 3.2 Discuss how changes in telecommunications and networks are introducing fundamental

changes in organizational strategies.

5. Critique core information systems applications from a business perspective. 5.2 Discuss why telecommunications technology is vital to many organizations. 5.3 Explain why data management has a tremendous impact on an organization’s survival.

6. Assess the procedures for securing information systems.

6.1 Explain how an organization’s information systems are vulnerable to internal and external threats.

Required Unit Resources Chapter 7: Telecommunications, the Internet, and Wireless Technology Chapter 8: Securing Information Systems Unit Lesson

Telecommunications, the Internet, and Wireless Technology Telecommunications, networks, and wireless technology are now introducing fundamental changes in business. The opening case in Chapter 7, “The National Hockey League Scores with Wireless Technology,” demonstrated that digital technology was essential for attracting and retaining athletes, broadcasters, fans, and sponsors. NHL hockey has a large fan base, that are attuned to digital media. So to keep them engaged, Management turns to wireless networking technology and the Internet of Things (IoT). The NHL is thus able to provide real- time game statistics, and content for TV broadcasts and streaming to mobile devices. Not only that they are able to increase the popularity of the sport and fans’ interest, they are also able to expand their fan base and increase revenue. Wireless networking and sensor technology provides NHL with powerful capabilities and opportunities. The speed and position of players as well as the hockey puck, along with other important information are tracked and delivered instantaneously to team management, fans, and broadcasters. Telecommunications, the internet, and wireless technology provided fans with increased involvement in the sport by allowing them to view the data on their televisions and mobile apps, and providing viewers with the ability to discuss the results on social media. Since the data was made available through digital and social media, viewership of the sport has soared. This is an excellent example of how businesses are adapting to new technologies based on the internet. As technology improves, businesses must continually evolve. In addition to Wi-Fi, another popular wireless technology is Bluetooth. Bluetooth is a wireless networking standard that is used to link up devices within a 10-meter area using low-power, radio-based communication. Bluetooth technology is used in a small personal area such as within a home environment or in a car. For

UNIT IV STUDY GUIDE Telecommunications, the Internet, Wireless Technology, and Securing Information Systems

ITC 5301, Management Information Systems 2

UNIT x STUDY GUIDE Title

example, Bluetooth connects wireless keyboards and mice to PCs or cell phones to car audio systems without wires. Worldwide Interoperability for Microwave Access (WiMax) is a new wireless technology that caters to rural areas and locations that do not have access to fixed broadband connectivity or Wi-Fi. WiMax has a wireless access range of up to 31 miles and transmission speed of 30–40 Mbps, and up to 1 Gbps for fixed stations (Laudon & Laudon, 2022). These new high-speed services have extended Internet access to numerous locations that could not be covered by traditional wired internet services and have made ubiquitous computing a reality.

Networks and Telecommunications Most of us know what a network is, even if it might be hard to describe. Simply, a network is a way to connect two or more computer devices together. As they grow, they get more complicated, but it is the same basic concept. Now, you have to add switches and routers into the mix so that something manages the data that is flowing around. To communicate, we must have some sort of rules or a protocol. The main protocol is Transmission Control Protocol/Internet Protocol (TCP/IP), which allows for computers to talk to each other even if they are on completely different platforms. We have IP addresses so that data can find the way to us. Our IP address system is even evolving. Our current system (e.g., 123.1.1.1) is changing to IPv6 (with more than a quadrillion possible addresses). Organizations also have internal intranets for employees to use. This keeps their data separate from the outside world. Organizations may also use a virtual private network (VPN), which is a secure, encrypted private network. Can you imagine where this might be beneficial? Consider those employees who log into their work remotely. All of this has led to other types of growth areas. The website has advanced due to speed capabilities offered by the Internet and improved media. People want their information now. Many people will only wait a matter of seconds for a webpage to load before moving on to another website. This puts an amazing strain on businesses to constantly keep up with current technologies. What do you think? Additionally, the trend for websites has evolved to be more social. Customers are encouraged to leave feedback. They can post pictures or videos of themselves and the product. Once again, technology has to evolve to allow for this functionality. Where do you imagine technology will be 10 years from now?

Information Systems Security Most people understand the value of having a secure working environment. Not only is information technology (IT) concerned with the physical security of its assets (e.g., laptops, computers, printers, servers), but it also has to be concerned with virtual security. Below are some questions to ask ourselves.

• How do we keep our biggest asset, our data, safe from thieves? • How do we control access to our systems and keep the hackers out? • How do we keep out networks safe from an attack so that we can maintain business continuity? • How can we possibly keep up with all of the risks?

Organizations today are constantly dealing with these issues. Networks are separated to allow access only to those who need it. Firewalls are installed, and antivirus software (as well as other types of security applications) must be kept up-to-date. Vulnerabilities can come from the Internet in the form of a Denial-of- Service (Dos) attack. E-mail can contain bad attachments. We have all heard of malware. Malware is malicious software that includes viruses, worms, Trojan horses, Structured Query Language (SQL) injection attacks, ransomware, spyware, and keyloggers.

ITC 5301, Management Information Systems 3

UNIT x STUDY GUIDE Title

Thieves and hackers are developing new ways to hack into systems all of the time. Ask any large company security professional, and they will tell you that people are sniffing their networks every day and looking for vulnerabilities. More and more, we have seen a proliferating of a malware known as ransomware. Cybersecurity Ventures estimated the global cost of ransomware attacks is $20 billion in 2021 and will approach $265 billion by 2031 (Morgan, 2021). Attackers try to extort money from their victims by taking control of their systems, encrypting the data, and demanding a high ransom pay to end the hack. For example, in 2019, an attacker used a ransomware called Sodinokibi to infiltrate 22 Texas cities and held them hostage for millions of dollars (Fruhlinger 2020). You can get ransomware from downloading an infected attachment, clicking a link inside an email, or visiting the wrong website. Not only can security threats come from the outside, but they can occur on the inside. Think of the disgruntled employee who wants to sell the latest trade secrets of the company. Think of the employee with a gambling addiction who wants to figure out a way to skim money from the company. Some employee threats are not even malicious. The software developer may accidentally place a vulnerability into the system by not adding the correct security into an internal software application.

Business Value of a Secure System Think of recent news items, such as the Target credit card breach. It is just bad publicity for one thing, but allowing people’s money to be stolen is never good for business. The hard truth is that breaches like the one that Target had can cost companies millions of dollars. All of that stolen money has to be paid back. Credit cards have to be replaced, which come with a large fee from the bank. There are fines that have to be paid as well. The company is ultimately liable and has to pay all of those charges. The compliance or business value side of this involves the Sarbanes-Oxley Act regulations for record retention and data integrity. The credit card section includes payment card industry (PCI) compliance. If you do not pass PCI compliance, then as a business, you will not be allowed to accept credit cards. The Gramm- Leach-Bliley Act of 1999 also calls for security and confidentiality of data. The Health Insurance Portability and Accountability Act (HIPAA) deals with medical security and privacy. Businesses have to adhere to governmental laws for data security, or they will find themselves in a legal predicament. Legal predicaments just mean one thing to most organizations: “This is going to cost us money.” For this reason, companies in the last 10 years or so have added security and compliance to their ongoing strategic initiatives. Many companies will hire outside risk-assessment teams to evaluate their potential physical and virtual risks. Also, this means adding yet another item to the annual budget. Nowadays, organizations need security teams and security software that will monitor systems and either detect or prevent threats. E-mail and Internet usage has to be logged, and network activity has to be monitored and logged. Not only is that software costly, but they need servers and databases to store the data and the applications. From a legal standpoint, a company has to be able to respond to any legal request for information. Electronic records management is very important to contingency planning.

Management of Information System Controls An organization has to know where its risks and vulnerabilities are located. Security controls need to be put in place to protect the data and the systems. Organizations also have to develop security policies. In addition to security policies, there are acceptable use policies that define the acceptable use of a company’s information- based assets and computing equipment. There are different types of information system controls. All of these controls and policies make up an organization’s security framework. There are two information system controls: general controls and application controls. There are six types of general controls: software controls, hardware controls, computer operations controls, data security controls, implementation controls, and administrative controls. There are three types of application controls: input controls, processing controls, and output controls. In addition to an organization’s policies and controls, there will usually be an internal and external auditing function. Internal auditors try and catch any security and control issues before the external auditors are let

ITC 5301, Management Information Systems 4

UNIT x STUDY GUIDE Title

loose. Amazingly, an organization is required to hire external auditors to (hopefully) put their stamp of approval on the organization’s systems, controls, documentation, and procedures. Other parts of risk assessments, controls, and policies include disaster recovery and business continuity. Disaster recovery involves the creation and implementation of a plan to restore the IT side of the business when there has been some type of disruption. A server that goes bad may failover to a server stored in another city that houses the servers. The disaster recovery center will likely be an exact duplicate of the existing operational data center. A business continuity plan will hold all of the information pertinent to getting the business up and running again in case of an emergency. Can you see how disaster recovery and business continuity go hand-in-hand?

Summary In summary, no single method to securing information systems is enough. Businesses must incessantly upgrade their security software to outsmart hackers and computer criminals.

References Fruhlinger, J. (2020). Top cybersecurity facts, figures, and statistics for 2020.

www.csoonline.com/article/3153707/top-cybersecurity-facts-figures-and-statistics.html Laudon, K. C., & Laudon, J. L. (2022). Management information systems: Managing the digital firm (17th ed.).

Pearson. Morgan, S. (2021, December 30). Global ransomware damage costs predicted to exceed $265 billion by

2031. CyberCrime Magazine. https://cybersecurityventures.com/global-ransomware-damage-costs- predicted-to-reach-250-billion-usd-by-2031/

Suggested Unit Resources In order to access the following resources, click the links below. To reinforce the concepts from this unit, you are encouraged to review the following:

• Chapter 7 PowerPoint Presentation (PDF for Chapter 7 PowerPoint presentation)

• Chapter 8 PowerPoint Presentation (PDF for Chapter 8 PowerPoint presentation)

The following video cases mentioned in your eTextbook augment the information presented in the assigned chapter readings. You are encouraged to review the Chapter 7 and 8 video cases linked below. A transcript can be accessed for each video within the YouTube player by clicking on the three dots below the video title on the right. Closed-captioning can be turned on by clicking the “cc” icon at the bottom of each video. CBS News. (2012, March 5). “60 Minutes” investigates cyberwarfare [Video]. YouTube.

https://www.youtube.com/watch?v=kw--zLJT3ak TEDx. (2015, June 29). Cyberwar | Amy Zegart | TEDxStanford [Video]. YouTube.

https://www.youtube.com/watch?v=JSWPoeBLFyQ