Вы находитесь на странице: 1из 24

e-LeAp MIS CHAPTER 7 Traditional file approach: no mechanism for tagging, retrieving, or manipulating data Database approach: provides

des powerful mechanism for managing and manipulating data Traditional approach is inconvenient: Program-data dependency High data redundancy Low data integrity

Data redundancy: duplication of data Data integrity: accuracy of data Database approach: data organized as entities Entity: an object about which an organization chooses to collect data, such as: People Events Products

Character: smallest piece of data A single letter or a digit

Field: single piece of information about entity Record: collection of related fields File: collection of related records Database fields can hold images, sounds, video clips, etc. Field name allows easy access to the data Database management system (DBMS): program used to: Build databases Populate a database with data

Manipulate data in a database Query: a message to the database requesting data from specific records and/or fields Database administrator (DBA): the person responsible for managing the database o Sets user limits for access to data in the database

Database model: general logical structure o o How records stored in the database How relationships between records are established

Relational Model: consists of tables Based on relational algebra o o o Tuple: record (or row) Attribute: field (or column) Relation: table of records

Key: a field whose values identify records o Used to retrieve records

Primary key: a field by which records are uniquely identified o Each record in the table must have a unique key value

Composite key: combination of fields that serve as a primary key Foreign key: a field that is common to two tables o o Used to link the tables This field is a primary key in one table and a foreign key in the other

Join table: composite of tables Two types of table relationships: o One-to-many relationship: one item in a table is linked to many items in the other table Many-to-many relationship: many items in a table are linked to many items of the other table

Object-oriented database model: uses object-oriented approach for the database structure Encapsulation: combined storage of data and relevant procedures to process it o Allows object to be planted in different data sets

Inheritance: the ability to create a new object by replicating the characteristics of an existing (parent) object Object-oriented databases (ODBs) store data objects, not records Relational operation: creates a temporary subset of a table or tables Used to create a limited list or a joined table list Three important relational operations: o o o Select: a selection of records based on conditions Project: a selection of certain columns from a table Join: join data from multiple tables to create a temporary table

Structured Query Language (SQL): query language of choice for DBMSs Advantages of SQL: o o o It is an international standard It is provided with most relational DBMSs It has easy-to-remember, intuitive commands

Schema: a plan that describes the structure of the database, including: o o o Names and sizes of fields Identification of primary keys Relationships

Data dictionary: a repository of information about the data and its organization o Also called metadata: the data about the data

Metadata includes: o o Source of the data Tables related to the data

o o o -

Field and index information Programs and processes that use the data Population rules: what is inserted, or updated, and how often

Data modeling: analysis of an organizations data and identification of the data relationships o o A proactive process Develops a conceptual blueprint of the database

Entity relationship diagram: a graphical representation of all entity relationships Entity relationship diagram is composed of: o o o o o Boxes: identify entities Lines: indicate relationship between entities Crossbars: indicate mandatory fields Circles: indicate optional Crows feet: identify many

Data warehouse: a large repository database that supports management decision making o o Typically relational Data is collected from transactional databases

Data mart: a smaller collection of data focusing on a particular subject or department Three phases in transferring data from a transactional database to a data warehouse: o o o Extraction phase: create files from transactional database Transformation phase: cleanse and modify the data format Loading phase: transfer files to data warehouse

CHAPTER 8 Hypertext Transfer Protocol (HTTP): transfer and download Web information HTTPS: HTTP secure for confidential data exchange Uniform Resource Locator (URL): unique address given to each Web site

IP address: a special numeric address

Domain name: unique name for a Web site, constructed with letters URL also refers to the domain name

Hypertext Markup Language (HTML): helps developer create Web pages Determines look and location of content

Extensible Markup Language (XML): enables creation of various data types Conveys the meaning or content of the data

XHTML: combination of XML and HTML Uses opening and closing tags to control format

File Transfer Protocol (FTP): used to transmit whole files Used in all downloads from Web sites Any type of file can be transferred Can place files on a server for shared use Often used to deliver purchased software products on Web sites

Really Simple Syndication (RSS): family of XML file formats that allow automatic downloads of content on a subscription basis Helps users check for updates Communicates short descriptions of content Allows transmittal of new information Useful on news Web sites Also called Rich Site Summary

Blog: contraction of Web log Invites surfers to post opinions and art Focuses on a topic or set of topics Trackback: a tool that notifies bloggers when their posts have been mentioned elsewhere on the Web

Wiki (from Hawaiian, meaning quick): Web application that enables users to add to and edit the contents of Web pages All the software required to edit the Web pages is embedded in the pages themselves

Wikipedia: a popular online encyclopedia Podcast: publishing sound and video on the Web for download Usually on a subscription basis

Uses include: Time-shifted broadcast of radio station programs for later listening Audio tours in museums Lectures in distance learning courses Garageband.com Allows aspiring musicians to post music tracks

Instant messaging (IM): real-time chat Form of synchronized e-mail Chat room: communicate with a group

Cookie: small file that stores information about a Web site visitor, stored on the visitors computer Usually records the surfers ID Often stores the surfers preferences Provides convenience to consumers Can be temporary (single session) or permanent Potential for intrusion into surfer privacy

Clickstream tracking: tracks a surfers clicking activities Spyware: traces and reports online behavior

Proprietary technology: intellectual property of developer, not free for all to use Business-to-business (B2B): trading between businesses only

B2B forms include advertising through: Search advertising: advertisements placed on a search site result page Banners: images placed on Web sites that link to a company site selling a product or service

Impression: occurs when a page with a banner is downloaded Reach percentage: the percentage of Web users who visited a site in the past month Intranet: network used only by employees of an organization Extranet: network shared by employees of different organizations, usually business partners Exchange: extranet for organizations that deal in products and services of a particular type Exchange operator profits from transaction fees

Auction: sells a great variety of items Online business alliances: collaboration between businesses in establishing a Web site Business-to-consumer (B2C): trading with the general public E-Tailing: online retailing to consumers Fulfillment activities: picking, packing, shipping Consumer profiling: know customers better by gathering information about their online activities Some consider this a violation of privacy

Conversion rate: the proportion of site visitors who make a purchase Reverse auction: customers name their own price for desired goods and services Content providers: offer information, artistic work, classified ads, and video Electronic bill presentment and payment (EBBP): provides online bills and payment options for customers Phishing: type of fraud involving a fake Web site Extra-organizational workforce: Companies purchase labor from a larger pool

Mobile commerce, or M-commerce:

Business conducted on mobile devices Virtual world: a combination of images, video, sound, and avatars that resemble the real world Accessible for interaction by subscribers

Avatar: 3D graphical character that represents a user in a virtual world Load balancing: transfer data requests from a busy server to a less busy server Mirror servers: servers with duplicated content Pure-play: company whose entire business is online Brick-and-mortar: company that owns physical stores and a Web site

Web hosting: Web server managing service Several types of Web hosting: Shared hosting: stores the clients Web site on the same physical server as other clients Virtual private hosting: simulates a single server, allowing a client to have its own domain name Dedicated hosting: client has exclusive use of an entire physical Web server Co-location: server owned and managed by a client is co-located with other clients servers in a secure physical location

Dynamic Web pages: enable communication between browser and database HTTP is an Internet standard controlling Web server addresses HTTPS is a security version of HTTP XML is a standard for description of data Blogs enable people to create discussion Web pages Cookies help Web sites personalize the visitors experience Many Web technologies are proprietary A business can maintain its own Web server or use a Web hosting service Organizations should consider several factors when selecting a Web host Web-enabled commerce is classified into B2B and B2C

B2B trading relies on electronic data interchange (EDI) and XML Wireless handheld computers allow mobile commerce, called m-commerce Online businesses must adhere to several factors to be successful Virtual worlds provide a means to meet and conduct business and social activities on the Web Spam and spyware are online annoyances Phishing is a pervasive fraud crime

CHAPTER 9 Global information system: a system that serves organizations in multiple countries Used by multinational corporations

Globalization: designing global sites to cater to local needs and preferences International companies must think globally, act locally Acting locally means being sensitive to regional customs and language nuances Control must be decentralized Strategic planning should be global, but can be followed with a local flavor Companies must adapt their ISs to changing formal or de facto standards European Article Number (EAN): bar code that includes an extra number to identify country Universal Product Code (UPC): American standard without the last extra number American Uniform Code Council (UCC): promoted the use of European standard U.S. companies had to adapt ISs to recognize, record, and process the new bar code standard

UCC is now trying to expand product codes to the 14-digit Global Trade Item Numbers (GTINs) Safe Harbor: arrangement for U.S. companies that have agreed to comply with the EU directive Goal of corporate management is to seize a large market share and maximize organization profits Goal of a national government is to protect its economic, scientific, and security interests

PGP encryption application was opposed by the U.S. government Ethical dilemma: how to balance the business interest with moral principles, and not help dictatorships violate civil rights

United States uses the English system of weights and measures; the rest of the world uses the metric system United States uses month/day/year format; the rest of the world uses day/month/year

CHAPTER 10 Two types of decision support aids: Decision support systems (DSSs) Expert systems (ESs)

Decision support modules today may be part of larger enterprise applications Are also called business analysis tools or business intelligence applications Data warehouses and online processing (OLAP) technologies have enhanced the ability to use data for decision making Decision making is a three-phase process: Intelligence phase: collect facts, beliefs, and ideas Design phase: design the method for considering the collected data, to reduce the alternatives to a manageable number Choice phase: select an alternative from the remaining choices

Model: a representation of reality, such as: Map: represents a geographical area Tabletop representation of a building Mathematical equations representing relationships among variables

Structured problem: one in which an optimal solution can be reached through a single set of steps Algorithm: a sequence of steps to complete a task

Parameters: categories of data that are considered in an algorithm Most mathematical and physical problems are structured, but many business problems are not Unstructured problem: one for which there is no algorithm that leads to an optimal solution Unstructuredness is closely related to uncertainty Semistructured problem: one that is neither fully structured nor totally unstructured Decision support system (DSS): a computer-based information system designed to help knowledge workers select one of many alternative solutions to a problem Advantages of DSSs include: Help increase market share Help reduce costs Help increase profitability Help enhance product quality

Data management module: a database or data warehouse that provides data for the intelligence phase Accesses the data Provides a means to select data by specified criteria

Model management module: turns data into useful information May offer a fixed model, a dynamically modified model, or a collection of models A linear regression model is a general statistical model that is often used Gives a best-fit linear relationship between two variables

The actual data points rarely lie directly on the regression line, illustrating the uncertainty Regression models are not necessarily always straight lines; they may be curves Dialog module: part of a DSS that allows user interaction with the program Sensitivity analysis: tests the degree to which the outcome goal grows with each factor Indicates the relative sensitivity of the outcome to changes in a parameter

Sensitivity analysis is also called what if analysis

If a small change in a parameter causes a significant change to the outcome, the sensitivity of the outcome to the parameter is high If the outcome is affected very little by a large change in a parameter, the sensitivity of the outcome to the parameter is low Expert system (ES): emulates the knowledge of a human expert Solves problems Makes decisions in a relatively narrow domain

Domain: a specific area of knowledge Purpose is to replicate the unstructured and undocumented knowledge of experts, and make that expertise available to novices Neural network: a program that emulates how the human brain works ESs are part of artificial intelligence (AI) research AI focuses on methods and technologies that emulate how humans learn and solve problems Knowledge base: used by an ES

Inference engine: software that combines data input by the user with the data relationships Neural networks: used by more sophisticated ESs to mimic the way a human brain learns Intelligent agent: software that is dormant until it detects a certain event, and then performs a prescribed action There are also case-based ESs Especially useful in medical decision making

Group decision support system (GDSS): Also called a group intelligence system, collaborative system, or simply a group system Facilitates the contribution of ideas, brainstorming, and choosing promising solutions

Geographic information system (GIS): a decision aid for map-related decisions

CHAPTER 11 Data warehouse: a large database containing historical transactions and other data Business intelligence (BI): information gleaned with information analysis tools Also called business analytics

Data mining: the process of selecting, exploring, and modeling large amounts of data Used to discover relationships that can support decision making

Data-mining tools may use complex statistical analysis applications Data-mining queries are more complex than traditional queries Combination of data-warehousing techniques and data-mining tools facilitates the prediction of future outcomes Sequence or path analysis: finding patterns where one event leads to another Classification: finding whether certain facts fall into predefined groups Clustering: finding groups of related facts not previously known Forecasting: discovering patterns that can lead to reasonable predictions

Online analytical processing (OLAP): a type of application used to exploit data warehouses Provides extremely fast response times Allows a user to view multiple combinations of two dimensions by rotating virtual cubes of information

Drilling down: the process of starting with broad information and then retrieving more specific information as numbers or percentages Can use relational or dimensional databases designed for OLAP applications Dimensional database: data is organized into tables showing information summaries Also called multidimensional databases

OLAP applications are powerful tools for executives Clickstream software: tracks and stores data about every visit to a Web site Dashboard: an interface between BI tools and the user

Knowledge management (KM): gathering, organizing, sharing, analyzing, and disseminating knowledge to improve an organizations performance Knowledge workers: research, prepare, and provide information There is much overlap in the work they do

Employee knowledge network: a tool that facilitates knowledge sharing through intranets Autocategorization (or automatic taxonomy): automates classification of data into categories for future retrieval Used by companies to manage data Used by most search engines Constantly improved to yield more precise and faster results

Factiva: a software tool that gathers online information from over 10,000 sources

Business intelligence (BI) is any information about organization, its customers, or its suppliers that can help firms make decisions Data mining is the process of selecting, exploring, and modeling large amounts of data to discover previously unknown relationships Data mining is useful for predicting customer behavior and detecting fraud Online analytical processing (OLAP) puts data into two-dimensional tables OLAP either uses dimensional databases or calculates desired tables on the fly Drilling down means moving from a broad view to a specific view of information Dashboards interface with BI software tools to provide quick information such as business metrics Knowledge management involves gathering, organizing, sharing, analyzing, and disseminating knowledge The main challenge of knowledge management is identifying and classifying useful information from unstructured sources Most unstructured knowledge is textual Employee knowledge networks are software tools to help employees find other employees with specific expertise

Autocategorization is the automatic classification of information

CHAPTER 12 Mission statement: communicates the most important overarching goal of organization

Includes how the goals will be achieved IS mission statement: describes the role of IT in the organization Benefits of Standardization include: Cost savings: better bargaining power in purchasing and leasing hardware and software Efficient training: a smaller variety of software reduces employee training needs Efficient support: enables more staff specialization

Prototyping: fast development of an application based on initial user requirements Large ISs are conceived, planned, and developed within the systems development life cycle (SDLC) framework Also known as waterfall development Consists of four major sequential phases: Analysis Design Implementation Support

Systems analysis: a five-step process Investigation Technical feasibility study Economic feasibility study Operational feasibility study Requirements definition

Feasibility studies: a larger analysis conducted after preliminary results indicate an IS is warranted Cost/benefit analysis: spreadsheet showing all costs and benefits of the proposed system

Return on investment (ROI): most accurate economic analysis Calculates the difference between the stream of benefits and the stream of costs over the life of the system

Organizational culture: general tone of the corporate environment Must determine the new systems compatibility with the organizational culture

Requirements definition: details what the system should be able to do

System requirements: detail the functions and features expected from the new system Systems design: includes three steps for devising the means to meet all the requirements Description of the components Construction Testing

Data flow diagram (DFD): describes the flow of data in a business operation using four symbols External entities: individuals and groups external to the system (customers, employees, etc.) Processes: an event or events that affect data Data store: any form of data at rest Direction of data flow: indicates how data moves

Unified modeling language (UML): de facto standard for visualizing, specifying, and documenting software UML consists of diagrams: Use case: an activity of the system in response to the user (an actor) Class: describes class structure and contents Interaction: describes interactions of objects and the sequence of their activities

State charts: indicate the states through which objects pass and their responses to stimuli Activity: represents highly active states triggered by completion of other actions Physical diagrams: high-level descriptions of software modules

Implementation: delivery of a new system Consists of two steps: Conversion Training

Training may or may not precede conversion

Conversion: switching from the old system to the new system Can be a very difficult time

Four basic conversion strategies: Parallel conversion: the old system is used simultaneously with the new system at first Phased conversion: breaks the new IS into modules and integrates one at a time Reduces risk but delays some benefits

Cut-over conversion (or flash cut conversion): immediately replaces all modules Risky but may be inexpensive

Pilot conversion: introduces the IS into one business unit at a time Beta site: a site that tests the new system

Support: begins after delivery, and includes two responsibilities Maintenance: postimplementation debugging, updates, and adding postponed features User help

Support is the longest phase of the system life cycle Agile methods: alternative development methods Treat software development as series of contacts with users Goal: fast development of software

Improve software after user requests for modifications received

Agile methods use iterative programming Major advantage of agile methods: Fast development of application software

Agile method risks include: Analysis phase is limited or eliminated, increasing the risk of incompatibilities More emphasis on programming, resulting in less documentation, which may make it difficult or impossible to make later modifications

Agile methods are best used: When a desired system is small Analysis is less important Requires a smaller investment of resources

For unstructured problems For developing user interfaces When users cannot specify all requirements at the start of the project They may be unfamiliar with the technology Requirements may be difficult to conceptualize

Do not use agile methods when: The desired system is large or complex System failure entails great financial loss

The desired system must interface with other systems SDLC recommended for complex systems Documentation is key for integration

Systems integration: Examines the needs of entire organization Produces a plan to combine disparate systems to allow data to flow between units

Systems integrators must be skilled in hardware and software Standardization is an important part of IT planning Feasibility studies determine if a proposed system is possible and desirable Unified Modeling Language (UML) is used to create model of desired system

CHAPTER 13 Outsourcing has two meanings in the IT arena: To commission the development of an application to another organization To hire the services of another company to manage all or parts of the services usually rendered by an IT unit in the organization May not include development of new applications

Custom-designed (tailored) software: software developed specifically for the needs of an organization Several advantages: Good fit to need Good fit to culture Dedicated maintenance Smooth interface Specialized security Potential for strategic advantage

Offshoring: outsourcing to other countries such as India, China, Philippines, etc. Business process outsourcing: outsourcing routine processes, such as order entry or HR Service-level agreement The most important element of an outsourcing agreement Lists all services expected of the vendor Defines the metrics to be used to measure vendor performance

Beta version: a prerelease version of software to be tested by companies who want to use it Request for information (RFI): request for informal information about a vendors product Request for proposal (RFP): a document that specifies all requirements and solicits a proposal

Application service provider (ASP): an organization that offers software through communication lines (such as the Web) Software as a service (SaaS): applications available through the Web Uptime: proportion of time that the ASPs systems and communications links are up Storage service provider (SSP): rents storage space for remote storage of client files User application development: nonprogrammer users write their own business applications Several alternatives to having applications developed in-house include outsourcing, licensing ready-made software, using software as a service, and allowing users to develop their own software Outsourcing can mean commissioning development or assigning services to vendor Outsourcing custom-designed applications might afford the organization a good fit of software to need Outsourcing IT services has great benefits, such as reduced cost and allowing the organization to focus on its core competency Outsourcing IT services has potential risks, such as loss of control, loss of experienced employees, and loss of competitive advantage Licensing software advantages include software being immediately available and low-priced Disadvantage of licensing software is often a loose fit to the organizations needs Software as a service, from an ASP, is a popular method of obtaining software for a monthly fee User application development advantages include short lead time, good fit, freeing IT staff User application development disadvantages include poor quality, islands of information, security problems, and poor documentation Over half of Americas office workers have rich computer resources Policies must be established to prevent computer abuse by employees

CHAPTER 14 Downtime: the period of time during which an IS is not available Blackouts and brownouts Blackout: total loss of electricity Brownout: partial loss of electricity

Uninterruptible power supply (UPS): backup power Keystroke logging: records individual keystrokes Social engineering: con artists pretend to be service people, and ask for passwords Identity theft: pretending to be another person Honeytoken: a bogus record in a networked database used to combat hackers Honeypot: a server containing a mirrored copy of a database or a bogus database Educates security officers about vulnerable points

Virus: spreads from computer to computer Worm: spreads in a network without human intervention Antivirus software: protects against viruses Trojan horse: a virus disguised as legitimate software Logic bomb: software that is programmed to cause damage at a specific time Denial of service (DoS): an attacker launches a large number of information requests Slows down legitimate traffic to site

Distributed denial of service (DDoS): an attacker launches a DoS attack from multiple computers Hijacking: using some or all of a computers resources without the consent of its owner Controls: constraints and restrictions imposed on a user or a system Backup: periodic duplication of all data Redundant Arrays of Independent Disks (RAID): set of disks programmed to replicate stored data

Access controls: measures taken to ensure only authorized users have access to a computer, network, application, or data Physical locks: lock the equipment in a secure facility Software locks: determine who is authorized

Three types of access controls: What you know: access codes, such as user ID and password What you have: requires special devices Who you are: unique physical characteristics

Biometric: uses unique physical characteristics such as fingerprints, retinal scans, or voiceprints Atomic transaction: a set of indivisible transactions Audit trail: a series of documented facts that help detect who recorded which transactions, at what time, and under whose approval Sometimes automatically created using data and timestamps

Information systems auditor: a person whose job is to find and investigate fraudulent cases Firewall: the best defense against unauthorized access over the Internet Consists of hardware and software that blocks access to computing resources Firewalls are now routinely integrated into routers

DMZ: demilitarized zone approach One end of the network is connected to the trusted network, and the other end to the Internet

Proxy server: represents another server Employs a firewall, and is usually placed between the Internet and the trusted network

Authentication: the process of ensuring that you are who you say you are Encryption: coding a message into an unreadable form Plaintext: the original message Ciphertext: the encoded message

Encryption uses a mathematical algorithm and a key

Key: a unique combination of bits that will decipher the ciphertext Public-key encryption: uses two keys, one public and one private Symmetric encryption: when the sender and the recipient use the same key Asymmetric encryption: both a public and a private key are used Transport Layer Security (TLS): a protocol for transactions on the Web that uses a combination of public key and symmetric key encryption HTTPS: the secure version of HTTP

Digital signature: a means to authenticate online messages; implemented with public keys Message digest: unique fingerprint of file Digital certificates: computer files that associate ones identity with ones public key Issued by certificate authority

Certificate authority (CA): a trusted third party A digital certificate contains its holders name, a serial number, its expiration dates, and a copy of holders public key Also contains the digital signature of the CA

Single sign-on (SSO): a user must enter his or her name/password only once Business recovery plan: a plan about how to recover from a disaster Also called disaster recovery plan, business resumption plan, or business continuity plan

Nine steps to develop a business recovery plan: Obtain managements commitment to the plan Establish a planning committee Perform risk assessment and impact analysis Prioritize recovery needs Mission-critical applications: those without which the business cannot conduct operations

Select a recovery plan Select vendors

Develop and implement the plan Test the plan

Continually test and evaluate Hot sites: alternative sites that a business can use when a disaster occurs o Backup sites provide desks, computer systems, and Internet links

The purpose of controls and security measures is to maintain the functionality of ISs Risks to ISs include risks to hardware, data, and networks, and natural disaster and vandalism Risks to data and applications include theft of information, identity theft, data alteration, data destruction, defacement of Web sites, viruses, worms, logic bombs, and nonmalicious mishaps Risks to online systems include denial of service and hijacking Controls are used to minimize disruption Access controls require information to be entered before resources are made available Atomic transactions ensure data integrity Firewalls protect against Internet attacks Encryption schemes scramble messages to protect them on the Internet A key is used to encrypt and decrypt messages SSL, TLS, and HTTPS are encryption standards designed for the Web Keys and digital certificates can be purchased from a certificate authority Many organizations have business recovery plans, which may be outsourced Careful evaluation of the amount spent on security measures is necessary Redundancy reduces the probability of downtime Governments are obliged to protect citizens against crime and terrorism