MBA 505V: Final Exam Information Fall 2005 TUESDAY, 7:15PM9:15PM DECEMBER 13, 2005

1
MBA 505VFinal Exam Information Fall 2005
TUESDAY, 715PM-915PMDECEMBER 13, 2005

• Dr. Segall

2
Overall Final Exam Information

• Worth 150 points total ! Worth 15 of course
  grade!
• CLOSED BOOK CLOSED NOTES PART
• 2 Essay Questions
• DEFINITE Essay from Chapter 14 worth 50 points.
• Student selects either Essay from Chapter 10 or
  12 for 30 points.
• OPEN BOOK OPEN NOTES PART
• 20 TRUE/FALSE from Chapter 10, 12, 14
• 6 or 7 TRUE FALSE from each chapter 40
  points
• 15 MULTIPLE CHOICE 5 from each chapter
• 30 points

3
SELECTION EssayChapter 10 (30 points)

• (i.) Explain why systems are vulnerable and
  contemporary security challenges and
  vulnerabilities. 10 points
• ---------------------------
• Clearly label in your essay your answers to each
  part (i.) (ii.) and (iii.).

4
SELECTION EssayChapter 10 (30 points)

• (ii.) Describe in depth any FOUR (4) methods of
  how one can protect a digital firm by creating a
  control environment. 10 points
• (iii.) Discuss the role of Security Policy and
  Auditing.10 points
• ----------------------------------
• Clearly label in your essay your answers to each
  part (i.) (ii.) and (iii.).

5
Management Information Systems Chapter 10
Security and Control
SYSTEM VULNERABILITY AND ABUSE
Why Systems Are Vulnerable
Contemporary Security Challenges and
Vulnerabilities
6
Management Information Systems Chapter 10
Security and Control
SYSTEM VULNERABILITY AND ABUSE
Why Systems Are Vulnerable (Continued)
Internet Vulnerabilities

• Use of fixed Internet addresses through use of
  cable modems or DSL
• Lack of encryption with most Voice over IP (VoIP)
  
• Widespread use of e-mail and instant messaging
  (IM)

7
Management Information Systems Chapter 10
Security and Control
SYSTEM VULNERABILITY AND ABUSE
Wireless Security Challenges

• Radio frequency bands are easy to scan
• The service set identifiers (SSID) identifying
  the access points broadcast multiple times

8
Management Information Systems Chapter 10
Security and Control
SYSTEM VULNERABILITY AND ABUSE
Wi-Fi Security Challenges
9
Management Information Systems Chapter 10
Security and Control
SYSTEM VULNERABILITY AND ABUSE
Malicious Software Viruses, Worms, Trojan
Horses, and Spyware
Hackers and Cybervandalism

• Computer viruses, worms, trojan horses
• Spyware
• Spoofing and Sniffers
• Denial of Service (DoS) Attacks
• Identity theft
• Cyberterrorism and Cyberwarfare
• Vulnerabilities from internal threats
  (employees) software flaws

10
Management Information Systems Chapter 10
Security and Control
SYSTEM VULNERABILITY AND ABUSE
Worldwide Damage from Digital Attacks
11
Management Information Systems Chapter 10
Security and Control
BUSINESS VALUE OF SECURITY AND CONTROL

• Inadequate security and control may create
  serious legal liability.
• Businesses must protect not only their own
  information assets but also those of customers,
  employees, and business partners. Failure to do
  so can lead to costly litigation for data
  exposure or theft.
• A sound security and control framework that
  protects business information assets can thus
  produce a high return on investment.

12
Management Information Systems Chapter 10
Security and Control
BUSINESS VALUE OF SECURITY AND CONTROL
Security Incidents Continue to Rise
Source CERT Coordination Center, www.cert.org,
accessed July 6, 2004.
13
Management Information Systems Chapter 10
Security and Control
BUSINESS VALUE OF SECURITY AND CONTROL
Legal and Regulatory Requirements for Electronic
Records Management

• Electronic Records Management (ERM) Policies,
  procedures and tools for managing the retention,
  destruction, and storage of electronic records

14
Part (ii)
15
Management Information Systems Chapter 10
Security and Control
ESTABLISHING A MANAGEMENT FRAMEWORK FOR SECURITY
AND CONTROL
Ensuring Business Continuity LOOK AT PAGE 359!

• 1. Downtime Period of time in which a system is
  not operational
• 2. Fault-tolerant computer systems Redundant
  hardware, software, and power supply components
  to provide continuous, uninterrupted service
• 3. High-availability computing Designing to
  maximize application and system availability

16
Management Information Systems Chapter 10
Security and Control
ESTABLISHING A MANAGEMENT FRAMEWORK FOR SECURITY
AND CONTROL
Ensuring Business Continuity (Continued)

• 4. Load balancing Distributes access requests
  across multiple servers
• 5. Mirroring Backup server that duplicates
  processes on primary server
• 6. Recovery-oriented computing Designing
  computing systems to recover more rapidly from
  mishaps

17
Management Information Systems Chapter 10
Security and Control
ESTABLISHING A MANAGEMENT FRAMEWORK FOR SECURITY
AND CONTROL
Ensuring Business Continuity (Continued)

• 7. Disaster recovery planning Plans for
  restoration of computing and communications
  disrupted by an event such as an earthquake,
  flood, or terrorist attack
• 8. Business continuity planning Plans for
  handling mission-critical functions if systems go
  down

18
Part (iii)
19
Management Information Systems Chapter 10
Security and Control
ESTABLISHING A MANAGEMENT FRAMEWORK FOR SECURITY
AND CONTROL
Risk Assessment

• Determines the level of risk to the firm if a
  specific activity or process is not properly
  controlled

20
Management Information Systems Chapter 10
Security and Control
ESTABLISHING A MANAGEMENT FRAMEWORK FOR SECURITY
AND CONTROL
Security Policy
Policy ranking information risks, identifying
acceptable security goals, and identifying the
mechanisms for achieving these goals

• Acceptable Use Policy (AUP)
• Authorization policies

21
Management Information Systems Chapter 10
Security and Control
ESTABLISHING A MANAGEMENT FRAMEWORK FOR SECURITY
AND CONTROL
Security Profiles for a Personnel System
22
Management Information Systems Chapter 10
Security and Control
ESTABLISHING A MANAGEMENT FRAMEWORK FOR SECURITY
AND CONTROL
Auditing

• MIS audit Identifies all of the controls that
  govern individual information systems and
  assesses their effectiveness
• Security audits Review technologies, procedures,
  documentation, training, and personnel

23
Management Information Systems Chapter 10
Security and Control
ESTABLISHING A MANAGEMENT FRAMEWORK FOR SECURITY
AND CONTROL
Sample Auditors List of Control Weaknesses
24

• The following are last years slides for this
  question.
• Figure 14.5 is not used in 2006 edition in
  Chapter 10. Chapter 14 of 2004 edition is
  Chapter 10 in 2006 edition!

25
Section 10.3 CREATING A CONTROL ENVIRONMENT
(ii) Protecting the Digital Firm See page 359.

• 1. Downtime Periods of time in which a system is
  not operational.
• 2. Fault-tolerant computer systems Contain extra
  hardware, software, and power supply components
  to provide continuous uninterrupted service.

26
Section 10.3 CREATING A CONTROL ENVIRONMENT
(ii.) Protecting the Digital Firm See page 359.

• 3. High-availability computing Tools and
  technologies enabling system to recover quickly
  from a crash.
• 4. Disaster recovery plan Runs business in event
  of computer outage.
• 5. Load balancing Distributes large number of
  requests for access among multiple servers.

27
Section 10.3 CREATING A CONTROL ENVIRONMENT
(ii.) Protecting the Digital Firm See page 359.

• 6. Mirroring Duplicating all processes and
  transactions of server on backup server to
  prevent any interruption in service.
• 7. Clustering Linking two computers together so
  that a second computer can act as a backup to the
  primary computer or speed up processing.

28
Section 10.3 CREATING A CONTROL ENVIRONMENT
(iii.) Internet Security Challenges See pages
363-364.

• Firewalls
• Prevent unauthorized users from accessing private
  networks
• Two types proxies and stateful inspection
• Intrusion Detection System
• Monitors vulnerable points in network to detect
  and deter unauthorized intruders.

29
(iii.) DEVELOPING A CONTROL STRUCTURESee
pages 355-357.

• COSTS Can be expensive to build complicated to
  use
• BENEFITS Reduces expensive errors, loss of time,
  resources, good will
• RISK ASSESSMENT Determine frequency of
  occurrence of problem, cost, damage if it were to
  occur

30
Section 14.2 CREATING A CONTROL ENVIRONMENT
31
SELECTION EssayChapter 12 (30 Points)

• (i.) Explain what the Knowledge Management Value
  Chain is. 10 points
• (ii.) Explain the Major types of Knowledge
  Management Systems. 10 points
• (iii.) Explain ONE of the FOLLOWING
• 10 points
• (A.) Knowledge Systems.
• (B.) Knowledge Work Systems.
• Clearly label in your essay your answers to each
  part (i.) and (ii.) and (iii.A) or (iii.B).

32
Management Information Systems Chapter 12
Managing Knowledge in the Digital Firm
THE KNOWLEDGE MANAGEMENT LANDSCAPE
The Knowledge Management Value Chain

• Knowledge acquisition
• Knowledge storage
• Knowledge dissemination
• Knowledge application
• Building organizational and management capital
  collaboration, communities of practice, and
  office environments

33
Management Information Systems Chapter 12
Managing Knowledge in the Digital Firm
THE KNOWLEDGE MANAGEMENT LANDSCAPE
The Knowledge Management Value Chain
34
Part (ii)
35
Management Information Systems Chapter 12
Managing Knowledge in the Digital Firm
THE KNOWLEDGE MANAGEMENT LANDSCAPE
Types of Knowledge Management Systems
36
Part (iii.A)

• SELECT EITHER
• Part (iii.A) or (iii.B)!!!

37
Management Information Systems Chapter 12
Managing Knowledge in the Digital Firm
ENTERPRISE-WIDE KNOWLEDGE MANAGEMENT SYSTEMS
38
Management Information Systems Chapter 12
Managing Knowledge in the Digital Firm
ENTERPRISE-WIDE KNOWLEDGE MANAGEMENT SYSTEMS
Structured Knowledge System

• Knowledge repository for formal, structured text
  documents and reports or presentations
• Also known as content management system
• Require appropriate database schema and tagging
  of documents
• Examples Database of case reports of consulting
  firms tax law accounting databases of accounting
  firms

39
Management Information Systems Chapter 12
Managing Knowledge in the Digital Firm
ENTERPRISE-WIDE KNOWLEDGE MANAGEMENT SYSTEMS
KWorlds Knowledge Domains
40
Management Information Systems Chapter 12
Managing Knowledge in the Digital Firm
ENTERPRISE-WIDE KNOWLEDGE MANAGEMENT SYSTEMS
KPMG Knowledge System Processes
41
Management Information Systems Chapter 12
Managing Knowledge in the Digital Firm
ENTERPRISE-WIDE KNOWLEDGE MANAGEMENT SYSTEMS
Semistructured Knowledge Systems

• Knowledge repository for less-structured
  documents, such as e-mail, voicemail, chat room
  exchanges, videos, digital images, brochures,
  bulletin boards
• Also known as digital asset management systems
• Taxonomy Scheme of classifying information and
  knowledge for easy retrieval
• Tagging Marking of documents according to
  knowledge taxonomy

42
Management Information Systems Chapter 12
Managing Knowledge in the Digital Firm
ENTERPRISE-WIDE KNOWLEDGE MANAGEMENT SYSTEMS
Hummingbirds Integrated Knowledge Management
System
43
Management Information Systems Chapter 12
Managing Knowledge in the Digital Firm
ENTERPRISE-WIDE KNOWLEDGE MANAGEMENT SYSTEMS
Knowledge Network Systems

• Online directory of corporate experts, solutions
  developed by in-house experts, best practices,
  FAQs
• Document and organize tacit knowledge
• Also known as expertise location and management
  systems

44
Management Information Systems Chapter 12
Managing Knowledge in the Digital Firm
ENTERPRISE-WIDE KNOWLEDGE MANAGEMENT SYSTEMS
Knowledge Network Systems (Continued)
Key features can include

• Knowledge exchange services
• Community of practice support
• Autoproofing capabilities
• Knowledge management services

45
Management Information Systems Chapter 12
Managing Knowledge in the Digital Firm
ENTERPRISE-WIDE KNOWLEDGE MANAGEMENT SYSTEMS
The Problem of Distributed Knowledge
46
Management Information Systems Chapter 12
Managing Knowledge in the Digital Firm
ENTERPRISE-WIDE KNOWLEDGE MANAGEMENT SYSTEMS
AskMe Enterprise Knowledge Network System
47
Part (iii.B)

• SELECT EITHER
• Part (iii.A) or (iii.B)!!!

48
Management Information Systems Chapter 12
Managing Knowledge in the Digital Firm
ENTERPRISE-WIDE KNOWLEDGE MANAGEMENT SYSTEMS
Supporting Technologies Portals, Collaboration
Tools, and Learning Management Systems

• Enterprise knowledge portals
• Access to external sources of information
• Access to internal knowledge resources
• Capabilities for e-mail, chat, discussion groups,
  videoconferencing

49
Management Information Systems Chapter 12
Managing Knowledge in the Digital Firm
ENTERPRISE-WIDE KNOWLEDGE MANAGEMENT SYSTEMS
Learning Management System (LMS)

• Provides tools for the management, delivery,
  tracking, and assessment of various types of
  employee learning and training
• Integrates systems from human resources,
  accounting, sales in order to identify and
  quantify business impact of employee learning
  programs

50
Management Information Systems Chapter 12
Managing Knowledge in the Digital Firm
KNOWLEDGE WORK SYSTEMS
Knowledge Workers and Knowledge Work
Knowledge workers Create knowledge and
information for organization

• Knowledge workers key roles
• Keeping the organization current in knowledge as
  it develops in the external worldin technology,
  science, social thought, and the arts

51
Management Information Systems Chapter 12
Managing Knowledge in the Digital Firm
KNOWLEDGE WORK SYSTEMS
Knowledge Workers and Knowledge Work (Continued)

• Serving as internal consultants regarding the
  areas of their knowledge, the changes taking
  place, and opportunities
• Acting as change agents, evaluating, initiating,
  and promoting change projects

52
Definite Essay 3 Chapter 14 50 Points

• (i.) Discuss what the Information System Plan
  is and how it relates to Systems as Planned
  Organization Change and how it differs from
  SDLC. 20 points
• ----------------------------------
• (ii.) Explain what Business Process
  Reengineering is and what the Steps in
  Effective Reengineering are.20 points
• ----------------------------------
• Clearly label in your essay your answers to each
  part (i.) and (ii.) and (iii.) on next slide.

53
Definite Essay 3 Chapter 14

• (iii.) Be sure to explain what is value and
  what Critical Success Factors (CSF) are. 10
  points
• Clearly label in your essay your answers to each
  part (i.) and (ii.) and (iii.).

54
SYSTEMS AS PLANNED ORGANIZATIONAL CHANGE
Linking Information Systems to the Business Plan

• Information systems plan
• Road map indicating direction of systems
  development
• Look at page 379 MIS in Action Managers
  Toolkit How to Develop an IS Plan
• 1. Purpose of Plan
• 2. Strategic Business Plan
• 3. Current Systems
• 4. New Developments
• 5. Management Strategy
• 6. Implementation
• 7. Budget Requirements

55
SYSTEMS AS PLANNED ORGANIZATIONAL CHANGE
Establishing Organizational Information
Requirements

• Enterprise Analysis
• (Business Systems Planning)
• Analysis of organization-wide information
  requirements
• Identifies key entities and attributes

56
SYSTEMS AS PLANNED ORGANIZATIONAL CHANGE
57
System Development Life Cycle (SDLC)Traditional
methodology for developing IS

• 1. System Analysis ( Feasibility Study)
• 2. System Design ( Programming)
• 3. Testing
• 4. Conversion
• 5. Production Maintenance

58
Management Information Systems Chapter 14
Redesigning the Organization with Information
Systems
OVERVIEW OF SYSTEMS DEVELOPMENT
The Systems Development Process
59
Management Information Systems Chapter 14
Redesigning the Organization with Information
Systems
OVERVIEW OF SYSTEMS DEVELOPMENT
A Sample Test Plan to Test a Record Change
60
Management Information Systems Chapter 14
Redesigning the Organization with Information
Systems
SYSTEMS AS PLANNED ORGANIZATIONAL CHANGE
(ii.) Organizational Change Carries Risks and
Rewards
61
Essay 3 Part (ii.)
62
Management Information Systems Chapter 14
Redesigning the Organization with Information
Systems
BUSINESS PROCESS REENGINEERING AND PROCESS
IMPROVEMENT
Business Process Reengineering

• Leading mortgage banks reduced time to obtain a
  mortgage from 6-8 weeks to one week, by radically
  changing the workflow and document management
  procedures

Workflow management

• The process of streamlining business procedures
  so that documents can be moved easily and
  efficiently from one location to another

63
Management Information Systems Chapter 14
Redesigning the Organization with Information
Systems
BUSINESS PROCESS REENGINEERING AND PROCESS
IMPROVEMENT
Steps to effective reengineering

• Understanding which processes need improvement
• Measuring performance of existing processes as a
  baseline
• Allowing IT to influence process design from the
  start

64
Management Information Systems Chapter 14
Redesigning the Organization with Information
Systems
BUSINESS PROCESS REENGINEERING AND PROCESS
IMPROVEMENT
Redesigning Mortgage Processing in the United
States
65
BUSINESS PROCESS REENGINEERING AND PROCESS
IMPROVEMENT
Business Process Reengineering

• Business Process Reengineering
• Reorganizes work flows, combining steps to
  eliminate redundant paper-intensive tasks
• Large payoff from IT investment if processes are
  redesigned before applying technology

66
BUSINESS PROCESS REENGINEERING AND PROCESS
IMPROVEMENT
Redesigning Mortgage Processing in the United
States
Figure 12-4a
67
BUSINESS PROCESS REENGINEERING AND PROCESS
IMPROVEMENT
Redesigning Mortgage Processing in the United
States
Figure 12-4b
68
BUSINESS PROCESS REENGINEERING AND PROCESS
IMPROVEMENT
Steps in Effective Reengineering

• 1. Senior management needs to develop broad
  strategic vision.
• 2. Management must understand and measure
  performance of existing processes as baseline.
• 3. Information technology should be allowed to
  influence process design from start.
• 4. IT infrastructure should be able to support
  business process changes.

69
BUSINESS PROCESS REENGINEERING AND PROCESS
IMPROVEMENT
Process Total Quality Management (TQM) and Six
Sigma

• How information systems contribute
• to Total Quality Management
• Simplify product or production process
• Enable benchmarking
• Use customer demands as guide to improve products
  and services
• Reduce cycle time

70
Essay 3 Part (iii)

• Look at Table 14-2 on page 499. Slide in this
  handout is from previous edition hence numbered
  as Table 12.1.

71
Section 14.1 SYSTEMS AS PLANNED
ORGANIZATIONAL CHANGE
Establishing Organizational Information
Requirements

• (iii.) Strategic Analysis or Critical Success
  Factors (CSF) (Look at Table 114-2, p.499.)
• Small number of easily identifiable operational
  goals
• Shaped by industry, firm, manager, and broader
  environment
• Used to determine information requirements of
  organization

72
Management Information Systems Chapter 14
Redesigning the Organization with Information
Systems
SYSTEMS AS PLANNED ORGANIZATIONAL CHANGE
Strategic Analysis or Critical Success Factors
(CSFs)

• Operational goals shaped by the industry, the
  firm, the manager, and the broader environment
  that are believed to assure the success of an
  organization

73
(No Transcript)
74
Management Information Systems Chapter 14
Redesigning the Organization with Information
Systems
SYSTEMS AS PLANNED ORGANIZATIONAL CHANGE
Using CSFs to Develop Systems
75
What is Value?
The bundle of benefits -The bundle of costs
e Value
- Automation - Rationalization of Procedures
- Eliminate labor costs - Eliminate processes
procedures
76
What is Value?
The bundle of benefits -The bundle of costs
e Value
- Business Process Reengineering - Paradigm Shift
Bank Mortgage process (p.503) Cemex paradigm
shift
77
Thank You for Being Part of the Class !!!

• Best Wishes!!!
• Sincerely,
• Dr. Richard
• Steven Segall

78
MBA 505VFinal Exam Information Fall 2005
TUESDAY, 715PM-915PMDECEMBER 13, 2005

• Dr. Segall