CHAPTER 8 – ENTERPRISE SYSTEMS
The
TPS, MIS/DSS, and special information systems
in perspective. A TPS provides valuable input to
MIS, DSS, and KM systems.
batch processing system: A form of data
processing whereby business transactions are
accumulated over a period of time and prepared
for processing as a single unit or batch.
Batch versus online transaction processing (a)
Batch processing inputs and processes data in
groups. (b) In online processing, transactions are
completed as they occur.
online transaction processing (OLTP): A form
of data processing where each transaction is
processed immediately without the delay of
accumulating transactions into a batch.
Example of an OLTP system Hospitality
companies such as ResortCom International can
use an OLTP system to manage timeshare
payments and other financial transactions.
Integration of a firm’s TPS When transactions
entered into one system are processed, they
create new transactions that flow into another
system.
transaction processing cycle: The process of
data collection, data editing, data correction, data
processing, data storage, and document
production.
Transaction processing activities. A transaction
processing cycle includes data collection, data
editing, data correction, data processing, data
storage, and document production
data collection: Capturing and gathering all data
necessary to complete the processing of
transactions.
source data automation: Capturing data at its
source and recording it accurately in a timely
fashion, with minimal manual effort and in an
electronic or digital form so that it can be directly
entered into the computer.
Point-of-sale transaction processing system.
purchase of items at the checkout stand updates a
store’s inventory database and its database of
purchases.
data editing: Checking data for validity and
completeness to detect any problems.
data correction: Reentering data that was not
typed or scanned properly.
data processing: Performing calculations and
other data transformations related to business
transactions
data storage: Updating one or more databases
with new transactions.
document production: Generating output
records, documents, and reports.
enterprise system: A system central to the
organization that ensures information can be
shared with authorized users across all business
functions and at all levels of management to
support the running and managing of a business.
Enterprise resource planning system. An ERP
integrates business processes and the ERP
database.
best practices: The most efficient and effective
ways to complete a business process.
ERP software Microsoft Dynamics is an ERP
solution that is very popular among small
businesses.
supply chain management (SCM): A system
that includes planning, executing, and controlling
all activities involved in raw material sourcing
and procurement, the conversion of raw materials
to finished products, and the warehousing and
delivery of finished products to customers.
Sales order entry window. Sales ordering is the
set of activities that must be performed to capture
a customer sales order.
customer relationship management (CRM)
system: A system that helps a company manage
all aspects of customer encounters, including
marketing, sales, distribution, accounting, and
customer service.
Customer relationship management system. A
CRM system provides a central repository of
customer data used by the organization.
SAP Contact Manager Contact management
involves tracking data on individual customers
and sales leads and accessing that data from any
part of the organization.
product lifecycle management (PLM): An
enterprise business strategy that creates a
common repository of product information and
processes to support the collaborative creation,
management, dissemination, and use of product
and packaging definition information.
product lifecycle management (PLM)
software: Software that provides a means for
managing the data and processes associated with
the various phases of the product life cycle,
including sales and marketing, research and
development, concept development, product
design, prototyping and testing, process design,
production and assembly, delivery and product
installation, service and support, and product
retirement and replacement.
computer-aided design (CAD): The use of
software to assist in the creation, analysis, and
modification of the design of a component or
product
computer-aided engineering (CAE): The use of
software to analyze the robustness and
performance of components and assemblies.
computer-aided manufacturing (CAM): The
use of software to control machine tools and
related machinery in the manufacture of
components and products.
CAD, CAE, and CAM software. In
manufacturing, the model generated in CAD and
verified in CAE can be entered into CAM
software, which then controls the machine tool.
PLM business strategy. PLM powers innovation
and improves productivity.
discrete manufacturing: The production of
distinct items such as autos, airplanes, furniture,
or toys that can be decomposed into their basic
components.
process manufacturing: The production of
products—such as soda, laundry detergent,
gasoline, and pharmaceutical drugs—that are the
result of a chemical process; these products
cannot be easily decomposed into their basic
components.
CHAPTER 9 – BUSINESS INTELLIGENCE
AND ANALYTICS
business intelligence (BI): A wide range of
applications, practices, and technologies for the
extraction, transformation, integration,
visualization, analysis, interpretation, and
presentation of data to support improved decision
making.
data visualization: The presentation of data in a
pictorial or graphical format. This scatter diagram
shows the relationship between MSRP and
horsepower.
word cloud: A visual depiction of a set of words
that have been grouped together because of the
frequency of their occurrence.
conversion funnel: A graphical representation
that summarizes the steps a consumer takes in
making the decision to buy your product and
become a customer.
The conversion funnel. The conversion funnel
shows the key steps in converting a consumer to
a buyer.
online analytical processing (OLAP): A
method to analyze multidimensional data from
many different perspectives, enabling users to
identify issues and opportunities as well as
perform trend analysis.
data cube: A collection of data that contains
numeric facts called measures, which are
categorized by dimensions, such as time and
geography.
A data cube. The data cube contains numeric
facts that are categorized by dimensions, such as
time and geography
drill-down analysis: The interactive
examination of high-level summary data in
increasing detail to gain insight into certain
elements—sort of like slowly peeling off the
layers of an onion.
linear regression: A mathematical procedure to
predict the value of a dependent variable based on
a single independent variable and the linear
relationship between the two.
Simple linear regression. This graph shows a
linear regression that predicts students’ final
exam scores based on their math aptitude test
score.
data mining: A BI analytics tool used to explore
large amounts of data for hidden patterns to
predict future trends and behaviors for use in
decision making.
Cross-Industry Process for Data Mining
(CRISP-DM): A six-phase structured approach
for the planning and execution of a data mining
project.
The Cross-Industry Process for Data Mining
(CRISP-DM) CRISP-DM provides a structured
approach for planning and executing a data
mining project.
key performance indicator (KPI): A metric that
tracks progress in executing chosen strategies to
attain organizational objectives and goals and
consists of a direction, measure, target, and time
frame.
dashboard: A presentation of a set of KPIs about
the state of a process at a specific point in time.
Category management dashboard for total U.S.
region. This dashboard summarizes a number of
sales measures.
Category management dashboard for Northwest
region. This dashboard summarizes a number of
revenue measures.
self-service analytics: Training, techniques, and
processes that empower end users to work
independently to access data from approved
sources to perform their own analyses using an
endorsed set of tools
Importance of data management. Modern data
management requires a true balancing act
between enabling self-service analysis and
protecting sensitive business information.
CHAPTER 10 – KNOWLEDGE
MANAGEMENT AND SPECIALIZED
INFORMATION SYSTEMS
knowledge management (KM): A range of
practices concerned with increasing awareness,
fostering learning, speeding collaboration and
innovation, and exchanging insights.
explicit knowledge: Knowledge that is
documented, stored, and codified—such as
standard procedures, product formulas, customer
contact lists, market research results, and patents.
tacit knowledge: The know-how that someone
has developed as a result of personal experience;
it involves intangible factors such as beliefs,
perspective, and a value system.
Knowledge management processes. Knowledge
management comprises a number of practices.
shadowing: A process used to capture tacit
knowledge that involves a novice observing an
expert executing her job to learn how she
performs.
joint problem solving: A process used to capture
tacit knowledge where the novice and the expert
work side by side to solve a problem so that the
expert’s approach is slowly revealed to the
observant novice.
community of practice (CoP): A group whose
members share a common set of goals and
interests and regularly engage in sharing and
learning as they strive to meet those goals
organizational network analysis (ONA): A
technique used for documenting and measuring
flows of information among individuals,
workgroups, organizations, computers, Web
sites, and other information sources.
Organizational network analysis. Each node in
the diagram represents a knowledge source; each
link represents a flow of information between two
nodes.
metadata: Data that describes other data.
business rule management system (BRMS):
Software used to define, execute, monitor, and
maintain the decision logic that is used by the
operational systems and processes that run the
organization
enterprise search: The application of search
technology to find information within an
organization
enterprise search software: Software that
matches a user’s query to many sources of
information in an attempt to identify the most
important content and the most reliable and
relevant source
electronic discovery (e-discovery): Any process
in which electronic data is sought, located,
secured, and searched with the intent of using it
as evidence in a civil or criminal legal case.
artificial intelligence: The ability to mimic or
duplicate the functions of the human brain.
IBM Watson. IBM Watson is being used to
develop treatment options for cancer patients
based on the DNA of their disease
artificial intelligence system: The people,
procedures, hardware, software, data, and
knowledge needed to develop computer systems
and machines that can simulate human
intelligence processes, including learning (the
acquisition of information and rules for using the
information), reasoning (using rules to reach
conclusions), and self-correction (using the
outcome from one scenario to improve its
performance on future scenarios).
intelligent behavior: The ability to learn from
experiences and apply knowledge acquired from
those experiences; to handle complex situations;
to solve problems when important information is
missing; to determine what is important and to
react quickly and correctly to a new situation; to
understand visual images, process and
manipulate symbols, and be creative and
imaginative; and to use heuristics
The 20Q Web site 20Q is a game where users
play the popular game 20 Questions, against an
artificial intelligence foe.
perceptive system: A system that approximates
the way a person sees, hears, and feels objects.
expert system: A system that consists of
hardware and software that stores knowledge and
makes inferences, enabling a novice to perform at
the level of an expert.
Brain-machine interface. Honda Motors has
developed a brain-machine interface that
measures electrical current and blood flow
change in the brain and uses the data to control
ASIMO, the Honda robot.
Components of an expert system. An expert
system includes a knowledge base, an inference
engine, an explanation facility, a knowledge base
acquisition facility, and a user interface.
Relationships between data, information, and
knowledge. A knowledge base stores all relevant
information, data, rules, cases, and relationships
that an expert system uses.
rule: A conditional statement that links
conditions to actions or outcomes.
IF-THEN statement: A rule that suggests
certain conclusions.
inference engine: Part of the expert system that
seeks information and relationships from the
knowledge base and provides answers,
predictions, and suggestions similar to the way a
human expert would.
explanation facility: Component of an expert
system that allows a user or decision maker to
understand how the expert system arrived at
certain conclusions or results.
knowledge acquisition facility: Part of the
expert system that provides a convenient and
efficient means of capturing and storing all the
components of the knowledge base.
knowledge user: The person or group who uses
and benefits from the expert system.
knowledge engineer: A person who has training
or experience in the design, development,
implementation, and maintenance of an expert
system.
knowledge user: The person or group who uses
and benefits from the expert system.
robotics: A branch of engineering that involves
the development and manufacture of mechanical
or computer devices that can perform tasks
requiring a high degree of precision or that are
tedious or hazardous for humans.
Robotic surgery. The arms of the Da Vinci robot
assist in a kidney transplant. A surgeon controls
the robot remotely from a corner of the operating
room.
vision system: The hardware and software that
permit computers to capture, store, and
manipulate visual images.
natural language processing: An aspect of
artificial intelligence that involves technology
that allows computers to understand, analyze,
manipulate, and/or generate “natural” languages,
such as English.
Voice recognition software. With the Naturally
Speaking application from Dragon Systems,
computer users can speak and have their words
transcribed into text for input to software such as
Microsoft Word.
learning system: A combination of software and
hardware that allows a computer to change how it
functions or how it reacts to situations based on
feedback it receives.
neural network: A computer system that can
recognize and act on patterns or trends that it
detects in large sets of data.
genetic algorithm: An approach to solving
problems based on the theory of evolution; uses
the concept of survival of the fittest as a problem-
solving strategy.
intelligent agent: Programs and a knowledge
base used to perform a specific task for a person,
a process, or another program; also called an
intelligent robot or bot.
multimedia: Content that uses more than one
form of communication—such as text, graphics,
video, animation, audio, and other media.
Audio-editing software. Audacity provides tools
for editing and producing audio files in a variety
of formats.
virtual reality system: A system that enables one
or more users to move and react in a computer-
simulated environment.
Large-scale virtual reality environment. The
CAVE2 virtual reality system has 72 stereoscopic
LCD panels encircling the viewer 320 degrees
and creates a 3D environment that can simulate
the bridge of the Starship U.S.S. Enterprise, a
flyover of the planet Mars, or a journey through
the blood vessels of the brain.
assistive technology system: An assistive,
adaptive, or rehabilitative device designed to help
people with disabilities perform tasks that they
were formerly unable to accomplish or had great
difficulty accomplishing.
Stephen Hawking. Stephen Hawking employs a
number of assistive technology systems to support
his activities.
game theory: A mathematical theory for
developing strategies that maximize gains and
minimize losses while adhering to a given set of
rules and constraints.
informatics: The combination of information
technology with traditional disciplines, such as
medicine or science, while considering the impact
on individuals, organizations, and society.
Informatics. Informatics represents the
intersection of people, information, and
technology.
CHAPTER 11 – STRATEGIC PLANNING
AND PROJECT MANAGEMENT
strategic planning: A process that helps
managers identify desired outcomes and
formulate feasible plans to achieve their
objectives by using available resources and
capabilities.
issues-based strategic planning: A strategic
planning process that begins by identifying and
analyzing key issues that face the organization,
setting strategies to address those issues, and
identifying projects and initiatives that are
consistent with those strategies
organic strategic planning: A strategic planning
process that defines the organization’s vision and
values and then identifies projects and initiatives
to achieve the vision while adhering to the values.
goals-based strategic planning: A multiphase
strategic planning process that begins by
performing a situation analysis to identify an
organization’s strengths, weaknesses,
opportunities, and threats.
The goals-based strategic planning process.
Goals-based strategic planning is a multiphase
process for strategic planning.
Michael Porter’s Five Forces Model: A model
that identifies the fundamental factors that
determine the level of competition and long-term
profitability of an industry.
Michael Porter’s Five Forces Model. This model
can be used to determine the level of competition
and long term profitability of an industry.
Strengths, Weaknesses, Opportunities,
Threats (SWOT) matrix: A simple way to
illustrate what a company is doing well, where it
can improve, what opportunities are available,
and what environmental factors threaten the
future of the organization.
The strategic planning pyramid. The strategic
planning pyramid is a top-down approach to
identify initiatives, program, and projects.
vision/mission statement: A statement that
communicates an organization’s overarching
aspirations to guide it through changing
objectives, goals, and strategies.
mission statement: A statement that concisely
defines an organization’s fundamental purpose
for existing. vision: A concise statement of what
an organization intends to achieve in the future.
core value: A widely accepted principle that
guides how people behave and make decisions in
the organization.
objective: A statement of a compelling business
need that an organization must meet to achieve its
vision and mission.
goal: A specific result that must be achieved to
reach an objective.
strategy: A plan that describes how an
organization will achieve its vision, mission,
objectives, and goals.
Drivers that set IS organizational strategy and
determine information system investments.
Planners must consider many factors in setting IS
organizational strategy.
tangible benefit: A benefit that can be measured
directly and assigned a monetary value.
Projects must be related to goals and objectives.
Objectives define goals that in turn identify
projects consistent with those objectives and
goals.
intangible benefit: A benefit that cannot directly
be measured and cannot easily be quantified in
monetary terms.
core competency: Something that a firm can do
well and that provides customer benefits, is hard
for competitors to imitate, and can be leveraged
widely to many products and markets.
project scope: A definition of which tasks are
included and which tasks are not included in a
project.
sponsoring business unit: The business unit
most affected by the project and the one whose
budget will cover the project costs.
quality: The degree to which a project meets the
needs of its users.
Revised project. A change in any one of the
project variables (cost, time, scope, or
expectations) can impact the other variables.
project management: The application of
knowledge, skills, and techniques to project
activities to meet project requirements.
project stakeholders: The people involved in the
project or those affected by its outcome.
scope management: A set of activities that
include defining the work that must be done as
part of a project and then controlling the work to
stay within the agreed-upon scope.
functional decomposition: A frequently used
technique to define the scope of an information
system by identifying the business processes it
will affect.
The nine project management knowledge areas.
There are nine areas associated with the science
of project management.
time management: A set of activities that
includes defining an achievable completion date
that is acceptable to the project stakeholders,
developing a workable project schedule, and
ensuring the timely completion of the project.
project schedule: A plan that identifies the
project activities that must be completed, the
expected start and end dates, and what resources
are assigned to each task.
project milestone: A critical date for completing
a major part of the project, such as program
design, coding, testing, and release (for a
programming project).
project deadline: The date the entire project
should be completed and operational—when the
organization can expect to begin to reap the
benefits of the project.
slack time: The amount of time an activity can be
delayed without delaying the entire project.
critical path: All project activities that, if
delayed, would delay the entire project.
Program Evaluation and Review Technique
(PERT): A formal method for estimating the
duration of a project using three time estimates
for an activity: shortest possible time, most likely
time, and longest possible time; working with
those estimates, a formula is used to determine a
single PERT time estimate.
Gantt chart: A graphical tool used for planning,
monitoring, and coordinating projects; it is
essentially a grid that lists activities and
deadlines. A Gantt chart depicts the start and
finish dates for project tasks.
work breakdown structure (WBS): An outline
of the work to be done to complete the project.
predecessor task: A task that must be completed
before a later task can begin.
cost management: A set of activities that include
the development and management of the project
budget.
Work breakdown structure (WBS). Development
of a WBS leads to definition of a project schedule
and budget.
quality management: A set of activities
designed to ensure that a project will meet the
needs for which it was undertaken.
quality planning: The determination of which
quality standards are relevant to the project and
determining how they will be met.
quality assurance: The evaluation of the
progress of the project on an ongoing basis to
ensure that it meets the identified quality
standards.
quality control: The checking of project results
to ensure that they meet identified quality
standards.
human resource management: Activities
designed to make the most effective use of the
people involved with a project.
forming storming norming performing
adjourning model: A model that describes how
teams develop and evolve.
Tuckman’s forming storming norming
performing adjourning model. Forming an
effective team is a challenge in itself.
project steering team: A group of senior
managers representing the business and IS
organizations that provide guidance and support
to a project.
project champion: A well-respected manager
with a passion to see a project succeed and who
removes barriers to the success of the project.
project sponsor: A senior manager from the
business unit most affected by a project and who
ensures the project will indeed meet the needs of
his or her organization.
subject matter expert: Someone who provides
knowledge and expertise in a particular aspect
important to the project.
technical resource: A subject matter expert in an
IS topic of value to the project.
Project organization. A project steering team is
critical to the success of any project.
communications management: The generation,
collection, dissemination, and storage of project
information in a timely and effective manner.
project risk: An uncertain event or condition
that, if it occurs, has a positive or a negative effect
on a project objective.
risk management: A deliberate and systematic
process designed to identify, analyze, and
manage project risks.
risk owner: The individual responsible for
developing a risk management strategy and
monitoring the project to determine if the risk is
about to occur or has occurred
Projects must be well linked to an organizational
goal and strategy. Objectives, goals, strategy,
and projects should be aligned.
procurement management: A set of activities
related to the acquisition of goods and/or services
for the project from sources outside the
performing organization.
make-or-buy decision: The act of comparing the
pros and cons of in house production versus
outsourcing of a given product or service.
fixed-price contract: A contract in which the
buyer and provider agree to a total fixed price for
a well-defined product or service.
cost-reimbursable contract: A contract that
requires the buyer to pay the provider an amount
that covers the provider’s actual costs plus an
additional amount or percentage for profit.
time and material contract: A contract that
requires the buyer to pay the provider for both the
time and materials required to complete the
contract.
project integration management: The
coordination of all appropriate people, resources,
plans, and efforts to complete a project
successfully.
CHAPTER 12 – SYSTEM ACQUISITION
AND DEVELOPMENT
waterfall system development process: A
sequential, multistage system development
process in which work on the next stage cannot
begin until the results of the current stage are
reviewed and approved or modified as necessary.
system investigation: The initial phase in the
development of a new or modified business
information system whose purpose is to gain a
clear understanding of the specifics of the
problem to solve or the opportunity to address.
joint application development (JAD): A
structured meeting process that can accelerate
and improve the efficiency and effectiveness of
the investigation, analysis, and design phases of a
system development project.
JAD session. JAD can accelerate and improve
the efficiency and effectiveness of the
investigation, analysis, and design phases of a
system development project.
feasibility analysis: An assessment of the
technical, economic, legal, operational, and
schedule feasibility of a project.
technical feasibility: The process of determining
whether a project is feasible within the current
limits of available technology.
economic feasibility: The process of determining
whether the project makes financial sense and
whether predicted benefits offset the cost and
time needed to obtain them.
legal feasibility: The process of determining
whether laws or regulations may prevent or limit
a system development project.
operational feasibility: The process of
determining how a system will be accepted by
people and how well it will meet various system
performance expectations.
schedule feasibility: The process of determining
whether the project can be completed within a
desired time frame.
system investigation report: A summary of the
results of the system investigation, with a
recommendation of a course of action.
System investigation recommendation. The
system investigation report summarizes the
results of the system investigation and
recommends a course of action.
system analysis: The phase of system
development that focuses on gathering data on the
existing system, determining the requirements for
the new system, considering alternatives within
identified constraints, and investigating the
feasibility of alternative solutions.
Internal and external sources of data for system
analysis. JAD sessions, direct observation, and
surveys are often used to uncover data from the
various sources.
System requirements must be checked for
consistency so that they all fit together.
data-flow diagram (DFD): A diagram used
during both the analysis and design phases to
document the processes of the current system or
to provide a model of a proposed new system.
Data-flow diagram. A data-flow diagram
documents the processes of the current system or
provides a model of a proposed new system.
Entity-relationship (ER) diagram for a customer
order database. Development of ER diagrams
helps ensure that the logical structure of
application programs is consistent with the data
relationships in the database.
New system security and control requirements
must be developed within the organization’s
existing policies, standards, and guidelines.
Pareto principle (80–20 rule): An observation
that for many events, roughly 80 percent of the
effects come from 20 percent of the causes.
system design: The stage of system development
that answers the question, “How will the
information system solve a problem?”
User interface design. Analysts can develop
screen mockups and simulate how the user moves
from screen to screen.
disaster recovery plan: A documented process
to recover an organization’s business information
system assets including hardware, software, data,
networks, and facilities in the event of a disaster.
mission-critical process: A process that plays a
pivotal role in an organization’s continued
operations and goal attainment.
hot site: A duplicate, operational hardware
system that is ready for use (or immediate access
to one through a specialized vendor).
cold site: A computer environment that includes
rooms, electrical service, telecommunications
links, data storage devices, and the like.
The system design report is a more complete and
detailed version of the system investigation
report.
system construction: The phase of system
development that converts the system design into
an operational system by acquiring and installing
hardware and software, coding and testing
software programs, creating and loading data into
databases, and performing initial program testing.
technical documentation: Written details used
by computer operators to execute the program
and by analysts and programmers to solve
problems or modify the program.
user documentation: Written descriptions
developed for people who use a program; in easy-
to-understand language, it shows how the
program can and should be used to meet the needs
of its various users.
Database preparation tasks creating and loading
a new database can take considerable resources.
unit testing: Testing of individual components of
code (subroutines, modules, and programs) to
verify that each unit performs as designed.
integration testing: Testing that involves linking
all of the individual components together and
testing them as a group to uncover any defects in
the interfaces between individual components.
system testing: Testing the complete, integrated
system (hardware, software, databases, people,
and procedures) to validate that the information
system meets all specified requirements.
volume testing: Testing to evaluate the
performance of the information system under
varying yet realistic work volume and operating
conditions to determine the work load at which
system performance begins to degrade and to
identify and eliminate any issues that prevent the
system from reaching its required service-level
performance.
user acceptance testing (UAT): Testing
performed by trained system users to verify that
the system can complete required tasks in a real-
world operating environment and perform
according to the system design specifications.
user acceptance document: A formal agreement
that the organization signs stating that a phase of
the installation or the complete system is
approved.
user preparation: The process of readying
managers, decision makers, employees, other
users, and stakeholders to accept and use the new
system.
site preparation: Preparation of the location of a
new system.
installation: The process of physically placing
the computer equipment on the site and making it
operational.
cutover: The process of switching from an old
information system to a replacement system.
direct conversion: A cutover strategy that
involves stopping the old system and starting the
new system on a given date; also called plunge or
direct cutover.
System cutover strategies. Cutover can be
through direct conversion, phase-in approach,
pilot start-up, or parallel start-up.
phase-in approach: A cutover strategy that
involves slowly replacing components of the old
system with those of the new one; this process is
repeated for each application until the new system
is running every application and performing as
expected; also called a piecemeal approach.
pilot start-up: A cutover strategy that involves
running the complete new system for one group
of users rather than for all users.
parallel start-up: A cutover strategy that
involves running both the old and new systems
for a period of time and closely comparing the
output of the new system with the output of the
old system; any differences are reconciled. When
users are comfortable that the new system is
working correctly, the old system is eliminated.
system operation: Involves the use of a new or
modified system under all kinds of operating
conditions.
monitoring: The process of measuring system
performance by tracking the number of errors
encountered, the amount of memory required, the
amount of processing or CPU time needed, and
other performance indicators.
system review: The process of analyzing a
system to make sure it is operating as intended.
system maintenance: A stage of system
development that involves changing and
enhancing the system to make it more useful in
achieving user and organizational goals.
slipstream upgrade: A minor system upgrade-
typically a code adjustment or minor bug fix; it
usually requires recompiling all the code, andin
so doing, it can create entirely new bugs.
patch: A minor system change to correct a
problem or make a small enhancement; it is
usually an addition to an existing program.
release: A significant program change that often
requires changes in the documentation of the
software.
version: A major program change, typically
encompassing many new features.
System-maintenance efforts. This chart shows
the relative amount of change and effort
associated to test and implement slipstream
upgrades, patches, releases, and versions.
System disposal: A stage of system development
that involves those activities that ensure the
orderly dissolution of the system including
disposing of all equipment in an environmentally
friendly manner, closing out contracts, and safely
migrating information from the system to another
system or archiving it in accordance with
applicable records management policies.
agile development: An iterative system
development process that develops the system in
"sprint" increments lasting from two weeks to
two months.
scrum: An agile development framework that
emphasizes a teambased approach in order to
keep the development effort focused and moving
quickly.
scrum master: The person who coordinates all
the scrum activities of a team.
product owner: A person who represents the
project stakeholders and is responsible for
communicating and aligning project priorities
between the stakeholders and development team.
The Scrum agile software development process.
The Scrum agile approach develops a system in
sprint increments lasting from two weeks to two
months.
extreme programming (XP): A form of agile
software development that promotes incremental
development of a system using short
development cycles to improve productivity and
to accommodate new customer requirements.
DevOps: The practice of blending the tasks
performed by the development and IT operations
groups to enable faster and more reliable software
releases.
DevOps is part of a continuous deployment
strategy in which releases can be launched daily
DevOps blends tasks performed by development
staff and IT operations groups
request for information (RFI): A document that
outlines an organization’s hardware or software
needs and requests vendors to provide
information about if and how they can meet those
needs and the time and resources required.
Software package implementation eliminates
several of the phases of the waterfall approach.
Recommended table of contents for a request for
information. The RFI outlines the desired system
and its requirements, identifying key pieces of
data that the software vendor must include in the
proposal.
performance evaluation test: A comparison of
vendor options conducted in a computing
environment (e.g., computing hardware,
operating system software, database management
system) and with a workload (e.g., number of
concurrent users, database size, and number of
transactions) that matches its intended operating
conditions.
CHAPTER 13 – CYBERCRIME AND
INFORMATION SYSTEM SECURITY
bring your own device (BYOD): A business
policy that permits, and in some cases
encourages, employees to use their own mobile
devices (smartphones, tablets, or laptops) to
access company computing resources and
applications, including email, corporate
databases, the corporate intranet, and the Internet.
exploit: An attack on an information system that
takes advantage of a particular system
vulnerability.
zero-day attack: An attack that takes place
before the security community and/or software
developers become aware of and fix a security
vulnerability
ransomware: Malware that stops you from using
your computer or accessing your data until you
meet certain demands such as paying a ransom or
sending photos to the attacker.
virus: A piece of programming code, usually
disguised as something else, that causes a
computer to behave in an unexpected and usually
undesirable manner.
worm: A harmful program that resides in the
active memory of the computer and duplicates
itself.
Trojan horse: A seemingly harmless program in
which malicious code is hidden.
logic bomb: A form of Trojan horse malware that
executes when it is triggered by a specific event.
blended threat: A sophisticated threat that
combines the features of a virus, worm, Trojan
horse, and other malicious code into a single
payload.
spam: The use of email systems to send
unsolicited email to large numbers of people.
Controlling the Assault of Non-Solicited
Pornography and Marketing (CAN-
SPAM)Act: An act that states that it is legal to
spam, provided the messages meet a few basic
requirements.
CAPTCHA (Completely Automated Public
Turing Test to Tell Computers and Humans
Apart): Software that generates and grades tests
that humans can pass all but the most
sophisticated computer programs cannot.
CAPTCHA is used to distinguish humans from
automated bots.
distributed denial-of-service (DDoS) attack:
An attack in which a malicious hacker takes over
computers via the Internet and causes them to
flood a target site with demands for data and other
small tasks.
Distributed denial-of-service attack. A DDoS
attack floods a target site with demands for data
and other small tasks.
botnet: A term used to describe a large group of
computers, that are controlled from one or more
remote locations by hackers, without the
knowledge or consent of their owners.
zombie: A computer that has been taken over by
a hacker to be used as part of a botnet.
rootkit: A set of programs that enables its user to
gain administrator level access to a computer
without the end user’s consent or knowledge.
advanced persistent threat (APT): A network
attack in which an intruder gains access to a
network and stays there—undetected—with the
intention of stealing data over a long period of
time.
phishing: The act of fraudulently using email to
try to get the recipient to reveal personal data.
Example of phishing email. Phishing attacks
attempt to get the recipient to reveal personal
data.
spear-phishing: A variation of phishing in which
the phisher sends fraudulent emails to a certain
organization’s employees.
smishing: Another variation of phishing that
involves the use of Short Message Service (SMS)
texting.
vishing: Similar to smishing except that the
victims receive a voice mail message telling them
to call a phone number or access a Web site.
identity theft: The theft of personal information,
which is then used without the owner’s
permission, often to commit fraud or other
crimes.
data breach: The unintended release of sensitive
data or the access of sensitive data by
unauthorized individuals.
cyber espionage: The deployment of malware
that secretly steals data in the computer systems
of organizations, such as government agencies,
military contractors, political organizations, and
manufacturing firms.
cyber terrorism: The intimidation of
government or civilian population by using
information technology to disable critical
national infrastructure (e.g., energy,
transportation, financial, law enforcement,
emergency response) to achieve political,
religious, or ideological goals.
Department of Homeland Security (DHS): A
large federal agency with more than 240,000
employees and a budget of almost $65 billion
whose goal is to provide for a “safer, more secure
America, which is resilient against terrorism and
other potential threats.”
U.S. Computer Emergency Readiness Team
(US-CERT): A partnership between the
Department of Homeland Security and the public
and private sectors; established to provide timely
handling of security incidents as well as
conducting improved analysis of such incidents.
risk assessment: The process of assessing
security-related risks to an organization’s
computers and networks from both internal and
external threats.
reasonable assurance: The IS security concept
that recognizes that managers must use their
judgment to ensure that the cost of control does
not exceed the system’s benefits or the risks
involved.
security policy: A statement that defines an
organization’s security requirements, as well as
the controls and sanctions needed to meet those
requirements.
firewall: A system of software, hardware, or a
combination of both that stands guard between an
organization’s internal network and the Internet
and limits network access based on the
organization’s access policy.
next-generation firewall (NGFW): A hardware-
or software based network security system that is
able to detect and block sophisticated attacks by
filtering network traffic dependent on the packet
contents.
A security dashboard provides a comprehensive
display of all vital data related to an
organization’s security defenses.
antivirus software: Software that scans a
computer’s memory, disk drives, and USB ports
regularly for viruses.
virus signature: A sequence of bytes that
indicates the presence of a specific virus.
security audit: A careful and thorough analysis
that evaluates whether an organization has a well-
considered security policy in place and if it is
being followed.
intrusion detection system (IDS): Software
and/or hardware that monitors system and
network resources and activities and notifies
network security personnel when it detects
network traffic that attempts to circumvent the
security measures of a networked computer
environment.
Intrusion detection system. An IDS notifies
network security personnel when it detects
network traffic that attempts to circumvent the
security measures of a networked computer
environment.
managed security service provider (MSSP): A
company that monitors, manages, and maintains
computer and network security for other
organizations.
computer forensics: A discipline that combines
elements of law and computer science to identify,
collect, examine, and preserve data from
computer systems, networks, and storage devices
in a manner that preserves the integrity of the data
gathered so that it is admissible as evidence in a
court of law.
CHAPTER 14 – ETHICAL, LEGAL, AND
SOCIAL ISSUES OF INFORMATION
SYSTEMS
Computer training. Training helps to ensure
acceptance and implementation of policies and
procedures.
The NSA’s Utah Data Center. This data center,
code-named Bumblehive, is billed by the NSA as
the first Intelligence Community Comprehensive
National Cybersecurity Initiative (IC CNCI) data
center designed to support the intelligence
community’s efforts to monitor, strengthen, and
protect the nation. The data center was designed
to handle the vast increases in digital data that
have accompanied the rise of the global network
and the NSA data-collection programs.
Fourth Amendment: This amendment to the
U.S. constitution protects individuals against
unreasonable searches and seizures and requires
that warrants be issued only upon probable cause
and specifying the place to be searched and the
persons or things to be seized.
Children’s Online Privacy Protection Act
(COPPA): An act, directed at Web sites catering
to children, that requires site owners to post
comprehensive privacy policies and to obtain
parental consent before they collect any personal
information from children under 13 years of age.
filtering software: Software used to help protect
personal data and screen objectionable Internet
content.
Sample privacy notice. The BBB provides this
sample privacy notice as a guide to businesses to
post on their Web sites.
ergonomics: The science of designing machines,
products, and systems to maximize the safety,
comfort, and efficiency of the people who use
them.
Ergonomics Developing certain ergonomically
correct habits can reduce the risk of adverse
health effects when using a computer.
morals: One’s personal beliefs about right and
wrong.
law: A system of rules that tells us what we can
and cannot do.
Steps involved in the decision-making process.
Most of us have developed a decision-making
process that we execute almost automatically,
without thinking about the steps we go through.
There are many factors to weigh in decision
making.
code of ethics: A code that states the principles
and core values that are essential to a set of people
and that, therefore, govern these people’s
behavior.
Legal versus ethical. Just because an activity is
defined as legal does not mean that it is ethical.