الأحد، 23 ديسمبر 2012

Data Hierarchy

Managing Knowledge and data became too important these days. This is because of the huge amounts of different information and data. From this point, managing data needs an effort in sorting the information in the right order and the right place in order to be within an easy reach and access. This chapter shades some light

Data redundancy: The same data are stored in many places

Data isolation: Applications cannot access data associated with other applications 

Data inconsistency: Various copies of the data do not agree.

Data Hierarchy

A bit is a binary digit, or a “0” or a “1”

A byte is eight bits and represents a single character (e.g., a letter, number or symbol)

A field is a group of logically related characters (e.g., a word, small group of words, or identification number).

A record is a group of logically related fields (e.g., student in a university database)

A file is a group of logically related records

A database is a group of logically related files

Information Systems: Ethics, Privacy and Information Security

Information Systems: Ethics, Privacy and Information Security

Ethics: A branch of philosophy that deals with what is considered to be right  and wrong.

Code of Ethics is a collection of principles that are intended to guide decision making
by members of an organization
                                                               
Responsibility means that you accept the consequences of your decisions and actions.

Accountability means a determination of who is responsible for actions that were taken.

Liability is a legal concept meaning that individuals have the right to recover the damages done to them by other individuals, organizations, or systems.

Privacy Issues involve collecting, storing and disseminating information about individuals.

Accuracy Issues involve the authenticity, fidelity and accuracy of information that is collected and processed.

Property Issues involve the ownership and value of information.

Accessibility Issues revolve around who should have access to information and whether they should have to pay for this access.

Data aggregators are companies that collect public data (e.g., real estate records, telephone numbers) and nonpublic data (e.g., social security numbers, financial data, police records, motor vehicle records) and integrate them to produce digital dossiers.

Digital dossier is an electronic description of you and your habits.

Profiling is the process of creating a digital dossier.

Personal Information in Databases Information about individuals is being kept in many databases: banks, utilities co., govt. agencies, etc.; the most visible locations are credit-reporting agencies.

Social Networking Sites often include electronic discussions such as chat rooms. These sites appear on the Internet, within corporate intranets, and on blogs.
blog is an informal, personal journal that is frequently updated and intended for general public reading.
The logos represent popular social networking sites. 

Privacy Codes and Policies: An organization’s guidelines with respect to protecting the privacy of customers, clients, and employees.

Opt-out model of informed consent permits the company to collect personal information until the customer specifically requests that the data not be collected.

Opt-in model of informed consent means that organizations are prohibited from collecting any personal information unless the customer specifically authorizes it. 

International Aspects of Privacy: Privacy issues that international organizations and governments face when information spans countries and jurisdictions.

* Organizations and individuals are now exposed to untrusted networks. 
   An untrusted network, in general, is any network external to your organization.
   The Internet, by definition, is an untrusted network.
* Government legislation:  Gramm-Leach-Bliley Act
  Health Insurance Portability and Accountability Act (HIPAA)
* Examples: thumb drives (flash drives), iPods, etc.

Downstream liability occurs when Company A’s systems are attacked and
taken over by the perpetrator.  Company A’s systems are then used to attack
Company B.  Company A could be sued successfully by Company B, if Company A
cannot prove that it exercised due diligence in securing its systems.

Due diligence means that a company takes all necessary security precautions,
as judged by commonly accepted best practices.

Unmanaged devices are those outside the control of the IT department. 
Examples include devices in hotel business centers, customer computers,
computers in restaurants such as McDonalds, Paneras, Starbucks.

Lack of management support takes many forms: insufficient funding, technological obsolescence, and lack of attention.

threat to an information resource is any danger to which a system may be exposed.
The exposure of information resources is the harm, loss or damage that can result if a threat compromises that resource.

A system’s vulnerability is the possibility that the system will suffer harm by a threat.
Risk is the likelihood that a threat will occur.
Information system controls are the procedures, devices, or software aimed at preventing a compromise to the system.

Espionage or trespass: Competitive intelligence consists of legal information-gathering techniques. 
Industrial espionage crosses the legal boundary.
The two images show dumpster divers.  Many dumpster divers wear protective clothing and use snorkels, as it is not a good idea to receive cuts from items in the dumpster, and the air is foul.

السبت، 22 ديسمبر 2012

Types of Information Systems

Computer-based information systems (CBIS) use computer technology to perform some or all of their tasks and are composed of:


Hardware is a device such as a processor, monitor, keyboard or printer.
Software is a program or collection of programs that enable hardware to process data.
Database is a collection of related files or tables containing data.
Network is a connecting that permits different computers to share resources.
Procedures are the set of instructions about how to combine the above components in order to process information and generate the desired output.
People are those individuals who use the hardware and software, interface with it, or uses its output.
An application program is a computer program designed to support a specific task, a business process or another application program.
Breadth of Support of Information Systems
Functional area information systems support particular functional areas in an organization.
Enterprise resource planning systems tightly integrate the functional area information systems via a common database.
Transaction processing systems support the monitoring, collection, storage, and processing of data from the organization’s basic business transactions.
Interorganizational information systems connect two or more organizations.  Examples are supply chain management systems and electronic commerce systems.