delivery model for software where a company only pays for what it uses; like Cloud; reduces fixed costs
Materials Requirement Planning
Management knew what was needed when
Materials Requirement Planning II
included MRP and accounging and finance
Decision support system
Helps make decisions
Legacy Information Systems
massive long-term business investment in a software system with a single focus; often brittle, slow
diagnostic pahse - detect and interpret that something needs attention
develop as many solutions as possible
examine options and select one
apply selected option, monitor results, make corrections
Graphin information system
DSS method, displays map-based infor
representation of a situation, statistical models or equations
database to organize and store info
the way for the decision maker to interact with the system
structured query language
Info is processed to give correct answer
several indefinate answers
some measurable elements, some not measurable
Quality and Types of information
Time, content, form
various scenarios are run mathematically, so decisions can be made (computers do this)
Change one variable and see how the others change
Goal seeking analysis
makes repeated changes to variables until a chosen value is reached
finds optimal value given certain constraints
hide data that don't matter
highlights individual cells that match criteria
summarizes by sorting, counting, totalling cells
computer searches large quantities of data for unseen patterns
making systems that can imitate aspects of human resoning and motion, ex weather prediction
designed to apply human like reasoning to reach a conclusion
attempts to simulate human ability to classify items and recognize patterns, ex handwriting and speech recognition
mathematical models for forming conclusions from vague information ex spam filters
trian and error to develot increasingly better solutions to a problem
ex auto fill boxes
simulation of the physical world, ex flight simulators
Online Analytical Processing
BI info about customers; uses analytics, integratd use of technology tools and stats to create real-time high quality info
contains logical structure for the info in a database
how much of something will be needed
when to move products and where
rules that help ensure the quality of the information
Data definition subsystem
helps create and maintain data dictionary and define structure of files in a database
Data manipulation subsystem
helps add, change, and delete info in a database and query it
helps see contents, make changes, sort, query
quickly define formats of reports
Query by example tools
graphically design answer to a question
Data generation sybsystem
contains facilities to help develop transaction-intensive applications
Data admin subsystem
manage overall data base enfironment like security, backup/recovery
a logical collection of information gathered from many different operational databases, used to create business intelligence
hardwar and software standards that make it possible for many different devices to communicate
unique name to identify a specific site
uniform resource locater
hyper text transfer protocol
Top level domain
.com .net, etc.
Internet Corporation for Assigned Names
Keeps track of internet domains
2nd generation of web focuses on online collaboration
Network Access Point
Where severalc onnections converge on internet
Network Service Provider
Owns Network access points
set of rules every computer follows to transfer information
Decision making model
intelligence, design, choice, implementation
Association or dependency modeling
market basket analysis
discovering how groups of people are similar
aka prediction, evaluate historical data to make current predictions
find a causal replationship between sets of data
sums, averages, other stats
uses infor and business analysis to build a predictive model for a given application
process of using statistical, artificial intelligence and linguistic techniques to convert info in textual sources into structured info (email, survey, etc)
small piece of software that acts on your behalf
can adapt and alter the manner in which it attempts to achieve its assigned task
works on multiple distinct computer systems
can relocate itself onto different computer systems
incorporates AI capabilities like learning and reasoning
Learn how people based systems behave, predict how they will behave, improve human systems to make them more efficient and effective
Collective behavior of groups of simple agents
does a decision fit the needs and mission of the organization
Does a decision fit with the budget
Does it fit within employee skills, what about system maintenance
Human factors feasiliby
Is the decision accepted by staff
Legal and political feasibility
does it comply with laws?
Once logical model is finished, translate into appropriate information technologies
User interface, keep end user in mind, get feedback from users to create clear, intuitive controls
User doesn't see it, analyst identifies the underlying structures of the system
Flow of application logic is determined; can't be overly complicated
Sample of final design, users try it and give feedback
let users themselves create what they need; IT support is crucial!
Use existing pieces of development to combine their functionality to produce new output
Systems development life cycle
structured spproach for developing IS, Waterfall method
Define system to be developed, scope, and plan
Gather business requirements, prioritize them
Design technical architecture (hardware, software, telecommunications equipment), design system model, draw graphical representation of a design
Build technical architecture, database and programs
Write test conditions, and perform testing (unit, system, integration, user acceptance)
write detailed user documentation, provide training
Build helpdesk support, provide environment to support changeds
how consistently a system performs
ability of a ssytem to meet increased service demands
share no systems between units, eaqch meets its own needs
all IT services are coordinate from one source; can be inflexible
connect separate components at different locations or within different units
ability of 2 or more vomputer components to share info and resources, even if made by different manufacturers
Request for proposal
official request for bids from vendors
measures used to indicate progress or quality
amount of info that can pass through a system at once
measure of reliability; average amount of time a system is usable
number of mistakes a system generates per thousand or million transactions
How fast the system operates, ie response time
CRM SCM Call center performance
what is the financial impact
controls that restrict unauthorized individuals from using information resources and are concerned with user identification.
alien software designed to help pop-up advertisements appear on your screen.
clandestine software that is installed on your computer through duplicitous methods.
anti-malware systems (antivirus software)
software packages that attempt to identify and eliminate viruses, worms, and other malicious software.
an examination of information systems, their inputs, outputs, and processing.
a process that determines the identity of the person requiring access.
a process that determines which actions, rights, or privileges the person has, based on verified identity.
typically a password, known only to the attacker, that allows the attacker to access the system without having to go through any security procedures.
the science and technology of authentication (i.e., establishing the identity of an individual) by measuring the subject's physiologic or behavioral characteristics.
a process in which a company identifies certain types of software that are not allowed to run in the company environment.
a third party that acts as a trusted intermediary between computers (and companies) by issuing digital certificates and verifying the worth and integrity of the certificates.
a backup location that provides only rudimentary services and facilities.
communications controls (network controls)
controls that deal with the movement of data across networks.
defense mechanisms (also called countermeasures).
small amounts of information that web sites store on your computer, temporarily or more or less permanently.
a grant that provides the creator of intellectual property with ownership of it for a specified period of time, currently the life of the creator plus 70 years.
illegal activities executed on the internet.
can be defined as a premeditated, politically motivated attack against information, computer systems, computer programs, and data that results in violence against noncombatant targets by subnational groups or clandestine agents.
war in which a countries' information systems could be paralyzed from a massive attack by destructive software.
demilitarized zone (DMZ)
a separate organizational local area network that is located between an organization's internal network and an external network, usually the internet.
a cyber attack in which an attacker sends a flood of data packets to the target computer, with the aim of overloading its resources.
an electronic document attached to a file certifying that this file is from the organization it claims to be from and has not been modified from its original format or content.
distributed denial-of-service (DDoS) attack
a denial-of-service attack that sends a flood of data packets form many compromised computers simultaneously.
employee monitoring systems
systems that monitor employees' computers, e-mail activities, and internet surfing activities.
the process of converting an original message into a form that cannot be read by anyone except the intended receiver.
the harm, loss, or damage that can result if a threat compromises an information resource.
a system (either hardware, software, or a combination of both) that prevents a specific type of information from moving between untrusted networks, such as the internet, and private networks, such as your company's network.
a fully configured computer facility, with all information resources and services, communications links, and physical plant operations, that duplicates your company's computing resources and provides near real-time recovery of IT operations.
crime in which someone uses the personal information of others to create a false identity and then uses it for some fraud.
protecting an organization's information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction.
the intangible property created by individuals or corporations, which is protected under trade secret, patent, and copyright laws.
a principle that users be granted the privilege for some activity only if there is a justifiable need to grant this authorization.
segments of computer code embedded within an organization's existing computer programs.
malicious software such as viruses and worms.
a private combination of characters that only the user should know.
a document that grants the holder exclusive rights on an invention or process for a specified period of time, currently 20 years.
an attack that uses deception to fraudulently acquire sensitive personal information by masquerading as an official-looking e-mail.
controls that restrict unauthorized individuals from gaining access to a company's computer facilities.
copying a software program (other than freeware, demo software, etc.) without making payment to the owner.
the right to be left alone and to be free of unreasonable personal intrusion.
a collection of related computer system operations that can be performed by users of the system.
(also called asymmetric encryption) a type of encryption that uses two different keys, a public key and a private key.
the likelihood that a threat will occur.
a strategy in which the organization accepts the potential risk, continues to operate with no controls, and absorbs any damages that occur.
the process by which an organization assesses the value of each asset being protected, estimates the probability that each asset might be compromised, and compares the probable costs of each betting compromised with the costs of protecting it.
a strategy in which the organization limits its risk by implementing controls that minimize the impact of a threat.
a process that identities, controls, and minimized the impact of threats, in an effort to reduce risk to manageable levels.
a process whereby the organization takes concrete actions against risks, such as implementing controls and developing a disaster recovery plan.
a process in which the organization transfers the risk by using other means to compensate for a loss, such as by purchasing insurance.
secure socket layer (SSL)
(also known as transport layer security) an encryption standard used for secure transactions such as credit card purchases and online banking.
the degree of protection against criminal activity, danger, damage, and/or loss.
getting around security systems by tricking computer users inside a company into revealing sensitive information or gaining unauthorized access privileges.
alien software that uses your computers as a launch platform for spammers.
alien software that can record your keystrokes and/or capture your passwords.
any danger to which an information resource may be exposed
intellectual work, such as a business plan, that is a company secret and is not based on public information.
transport layer security (TLS)
see secure socket layer.
see back doors.
a software program containing a hidden function that presents a security risk.
a process that encrypts each data packet to be sent and places each encrypted packet inside another packet.
visual private network (VPN)
a private network that uses a public network (usually the internet) to securely connect users by using encryption.
malicious software that can attach itself to (or "infect") other computer programs without the owner of the program being aware of the infection.
the possibility that an information resource will be harmed by a threat.
a site that provides many of the same services and options of the hot site, but does not include the company's applications.
a process in which a company identifies acceptable software and permits it to run, and either prevents anything else form running or lets new software run in a quarantined environment until the company can verify its validity.
destructive programs that replicate themselves without requiring another program to provide a safe environment for replication.