Title: MBA 505V: Final Exam Information Fall 2005 TUESDAY, 7:15PM9:15PM DECEMBER 13, 2005
1 MBA 505VFinal Exam Information Fall 2005
TUESDAY, 715PM-915PMDECEMBER 13, 2005
2Overall Final Exam Information
- Worth 150 points total ! Worth 15 of course
grade! - CLOSED BOOK CLOSED NOTES PART
- 2 Essay Questions
- DEFINITE Essay from Chapter 14 worth 50 points.
- Student selects either Essay from Chapter 10 or
12 for 30 points. - OPEN BOOK OPEN NOTES PART
- 20 TRUE/FALSE from Chapter 10, 12, 14
- 6 or 7 TRUE FALSE from each chapter 40
points - 15 MULTIPLE CHOICE 5 from each chapter
- 30 points
3SELECTION EssayChapter 10 (30 points)
- (i.) Explain why systems are vulnerable and
contemporary security challenges and
vulnerabilities. 10 points - ---------------------------
- Clearly label in your essay your answers to each
part (i.) (ii.) and (iii.).
4SELECTION EssayChapter 10 (30 points)
- (ii.) Describe in depth any FOUR (4) methods of
how one can protect a digital firm by creating a
control environment. 10 points - (iii.) Discuss the role of Security Policy and
Auditing.10 points - ----------------------------------
- Clearly label in your essay your answers to each
part (i.) (ii.) and (iii.).
5Management Information Systems Chapter 10
Security and Control
SYSTEM VULNERABILITY AND ABUSE
Why Systems Are Vulnerable
Contemporary Security Challenges and
Vulnerabilities
6Management Information Systems Chapter 10
Security and Control
SYSTEM VULNERABILITY AND ABUSE
Why Systems Are Vulnerable (Continued)
Internet Vulnerabilities
- Use of fixed Internet addresses through use of
cable modems or DSL - Lack of encryption with most Voice over IP (VoIP)
- Widespread use of e-mail and instant messaging
(IM)
7Management Information Systems Chapter 10
Security and Control
SYSTEM VULNERABILITY AND ABUSE
Wireless Security Challenges
- Radio frequency bands are easy to scan
- The service set identifiers (SSID) identifying
the access points broadcast multiple times
8Management Information Systems Chapter 10
Security and Control
SYSTEM VULNERABILITY AND ABUSE
Wi-Fi Security Challenges
9Management Information Systems Chapter 10
Security and Control
SYSTEM VULNERABILITY AND ABUSE
Malicious Software Viruses, Worms, Trojan
Horses, and Spyware
Hackers and Cybervandalism
- Computer viruses, worms, trojan horses
- Spyware
- Spoofing and Sniffers
- Denial of Service (DoS) Attacks
- Identity theft
- Cyberterrorism and Cyberwarfare
- Vulnerabilities from internal threats
(employees) software flaws
10Management Information Systems Chapter 10
Security and Control
SYSTEM VULNERABILITY AND ABUSE
Worldwide Damage from Digital Attacks
11Management Information Systems Chapter 10
Security and Control
BUSINESS VALUE OF SECURITY AND CONTROL
- Inadequate security and control may create
serious legal liability. - Businesses must protect not only their own
information assets but also those of customers,
employees, and business partners. Failure to do
so can lead to costly litigation for data
exposure or theft. - A sound security and control framework that
protects business information assets can thus
produce a high return on investment.
12Management Information Systems Chapter 10
Security and Control
BUSINESS VALUE OF SECURITY AND CONTROL
Security Incidents Continue to Rise
Source CERT Coordination Center, www.cert.org,
accessed July 6, 2004.
13Management Information Systems Chapter 10
Security and Control
BUSINESS VALUE OF SECURITY AND CONTROL
Legal and Regulatory Requirements for Electronic
Records Management
- Electronic Records Management (ERM) Policies,
procedures and tools for managing the retention,
destruction, and storage of electronic records
14Part (ii)
15Management Information Systems Chapter 10
Security and Control
ESTABLISHING A MANAGEMENT FRAMEWORK FOR SECURITY
AND CONTROL
Ensuring Business Continuity LOOK AT PAGE 359!
- 1. Downtime Period of time in which a system is
not operational - 2. Fault-tolerant computer systems Redundant
hardware, software, and power supply components
to provide continuous, uninterrupted service - 3. High-availability computing Designing to
maximize application and system availability
16Management Information Systems Chapter 10
Security and Control
ESTABLISHING A MANAGEMENT FRAMEWORK FOR SECURITY
AND CONTROL
Ensuring Business Continuity (Continued)
- 4. Load balancing Distributes access requests
across multiple servers - 5. Mirroring Backup server that duplicates
processes on primary server - 6. Recovery-oriented computing Designing
computing systems to recover more rapidly from
mishaps
17Management Information Systems Chapter 10
Security and Control
ESTABLISHING A MANAGEMENT FRAMEWORK FOR SECURITY
AND CONTROL
Ensuring Business Continuity (Continued)
- 7. Disaster recovery planning Plans for
restoration of computing and communications
disrupted by an event such as an earthquake,
flood, or terrorist attack - 8. Business continuity planning Plans for
handling mission-critical functions if systems go
down
18Part (iii)
19Management Information Systems Chapter 10
Security and Control
ESTABLISHING A MANAGEMENT FRAMEWORK FOR SECURITY
AND CONTROL
Risk Assessment
- Determines the level of risk to the firm if a
specific activity or process is not properly
controlled
20Management Information Systems Chapter 10
Security and Control
ESTABLISHING A MANAGEMENT FRAMEWORK FOR SECURITY
AND CONTROL
Security Policy
Policy ranking information risks, identifying
acceptable security goals, and identifying the
mechanisms for achieving these goals
- Acceptable Use Policy (AUP)
- Authorization policies
21Management Information Systems Chapter 10
Security and Control
ESTABLISHING A MANAGEMENT FRAMEWORK FOR SECURITY
AND CONTROL
Security Profiles for a Personnel System
22Management Information Systems Chapter 10
Security and Control
ESTABLISHING A MANAGEMENT FRAMEWORK FOR SECURITY
AND CONTROL
Auditing
- MIS audit Identifies all of the controls that
govern individual information systems and
assesses their effectiveness - Security audits Review technologies, procedures,
documentation, training, and personnel
23Management Information Systems Chapter 10
Security and Control
ESTABLISHING A MANAGEMENT FRAMEWORK FOR SECURITY
AND CONTROL
Sample Auditors List of Control Weaknesses
24- The following are last years slides for this
question. - Figure 14.5 is not used in 2006 edition in
Chapter 10. Chapter 14 of 2004 edition is
Chapter 10 in 2006 edition!
25Section 10.3 CREATING A CONTROL ENVIRONMENT
(ii) Protecting the Digital Firm See page 359.
- 1. Downtime Periods of time in which a system is
not operational. - 2. Fault-tolerant computer systems Contain extra
hardware, software, and power supply components
to provide continuous uninterrupted service.
26Section 10.3 CREATING A CONTROL ENVIRONMENT
(ii.) Protecting the Digital Firm See page 359.
- 3. High-availability computing Tools and
technologies enabling system to recover quickly
from a crash. - 4. Disaster recovery plan Runs business in event
of computer outage. - 5. Load balancing Distributes large number of
requests for access among multiple servers.
27Section 10.3 CREATING A CONTROL ENVIRONMENT
(ii.) Protecting the Digital Firm See page 359.
- 6. Mirroring Duplicating all processes and
transactions of server on backup server to
prevent any interruption in service. - 7. Clustering Linking two computers together so
that a second computer can act as a backup to the
primary computer or speed up processing.
28Section 10.3 CREATING A CONTROL ENVIRONMENT
(iii.) Internet Security Challenges See pages
363-364.
- Firewalls
- Prevent unauthorized users from accessing private
networks - Two types proxies and stateful inspection
- Intrusion Detection System
- Monitors vulnerable points in network to detect
and deter unauthorized intruders.
29(iii.) DEVELOPING A CONTROL STRUCTURESee
pages 355-357.
- COSTS Can be expensive to build complicated to
use - BENEFITS Reduces expensive errors, loss of time,
resources, good will - RISK ASSESSMENT Determine frequency of
occurrence of problem, cost, damage if it were to
occur
30Section 14.2 CREATING A CONTROL ENVIRONMENT
31SELECTION EssayChapter 12 (30 Points)
- (i.) Explain what the Knowledge Management Value
Chain is. 10 points - (ii.) Explain the Major types of Knowledge
Management Systems. 10 points - (iii.) Explain ONE of the FOLLOWING
- 10 points
- (A.) Knowledge Systems.
- (B.) Knowledge Work Systems.
- Clearly label in your essay your answers to each
part (i.) and (ii.) and (iii.A) or (iii.B).
32Management Information Systems Chapter 12
Managing Knowledge in the Digital Firm
THE KNOWLEDGE MANAGEMENT LANDSCAPE
The Knowledge Management Value Chain
- Knowledge acquisition
- Knowledge storage
- Knowledge dissemination
- Knowledge application
- Building organizational and management capital
collaboration, communities of practice, and
office environments
33Management Information Systems Chapter 12
Managing Knowledge in the Digital Firm
THE KNOWLEDGE MANAGEMENT LANDSCAPE
The Knowledge Management Value Chain
34Part (ii)
35Management Information Systems Chapter 12
Managing Knowledge in the Digital Firm
THE KNOWLEDGE MANAGEMENT LANDSCAPE
Types of Knowledge Management Systems
36Part (iii.A)
- SELECT EITHER
- Part (iii.A) or (iii.B)!!!
37Management Information Systems Chapter 12
Managing Knowledge in the Digital Firm
ENTERPRISE-WIDE KNOWLEDGE MANAGEMENT SYSTEMS
38Management Information Systems Chapter 12
Managing Knowledge in the Digital Firm
ENTERPRISE-WIDE KNOWLEDGE MANAGEMENT SYSTEMS
Structured Knowledge System
- Knowledge repository for formal, structured text
documents and reports or presentations - Also known as content management system
- Require appropriate database schema and tagging
of documents - Examples Database of case reports of consulting
firms tax law accounting databases of accounting
firms
39Management Information Systems Chapter 12
Managing Knowledge in the Digital Firm
ENTERPRISE-WIDE KNOWLEDGE MANAGEMENT SYSTEMS
KWorlds Knowledge Domains
40Management Information Systems Chapter 12
Managing Knowledge in the Digital Firm
ENTERPRISE-WIDE KNOWLEDGE MANAGEMENT SYSTEMS
KPMG Knowledge System Processes
41Management Information Systems Chapter 12
Managing Knowledge in the Digital Firm
ENTERPRISE-WIDE KNOWLEDGE MANAGEMENT SYSTEMS
Semistructured Knowledge Systems
- Knowledge repository for less-structured
documents, such as e-mail, voicemail, chat room
exchanges, videos, digital images, brochures,
bulletin boards - Also known as digital asset management systems
- Taxonomy Scheme of classifying information and
knowledge for easy retrieval - Tagging Marking of documents according to
knowledge taxonomy
42Management Information Systems Chapter 12
Managing Knowledge in the Digital Firm
ENTERPRISE-WIDE KNOWLEDGE MANAGEMENT SYSTEMS
Hummingbirds Integrated Knowledge Management
System
43Management Information Systems Chapter 12
Managing Knowledge in the Digital Firm
ENTERPRISE-WIDE KNOWLEDGE MANAGEMENT SYSTEMS
Knowledge Network Systems
- Online directory of corporate experts, solutions
developed by in-house experts, best practices,
FAQs - Document and organize tacit knowledge
- Also known as expertise location and management
systems
44Management Information Systems Chapter 12
Managing Knowledge in the Digital Firm
ENTERPRISE-WIDE KNOWLEDGE MANAGEMENT SYSTEMS
Knowledge Network Systems (Continued)
Key features can include
- Knowledge exchange services
- Community of practice support
- Autoproofing capabilities
- Knowledge management services
45Management Information Systems Chapter 12
Managing Knowledge in the Digital Firm
ENTERPRISE-WIDE KNOWLEDGE MANAGEMENT SYSTEMS
The Problem of Distributed Knowledge
46Management Information Systems Chapter 12
Managing Knowledge in the Digital Firm
ENTERPRISE-WIDE KNOWLEDGE MANAGEMENT SYSTEMS
AskMe Enterprise Knowledge Network System
47Part (iii.B)
- SELECT EITHER
- Part (iii.A) or (iii.B)!!!
48Management Information Systems Chapter 12
Managing Knowledge in the Digital Firm
ENTERPRISE-WIDE KNOWLEDGE MANAGEMENT SYSTEMS
Supporting Technologies Portals, Collaboration
Tools, and Learning Management Systems
- Enterprise knowledge portals
- Access to external sources of information
- Access to internal knowledge resources
- Capabilities for e-mail, chat, discussion groups,
videoconferencing
49Management Information Systems Chapter 12
Managing Knowledge in the Digital Firm
ENTERPRISE-WIDE KNOWLEDGE MANAGEMENT SYSTEMS
Learning Management System (LMS)
- Provides tools for the management, delivery,
tracking, and assessment of various types of
employee learning and training - Integrates systems from human resources,
accounting, sales in order to identify and
quantify business impact of employee learning
programs
50Management Information Systems Chapter 12
Managing Knowledge in the Digital Firm
KNOWLEDGE WORK SYSTEMS
Knowledge Workers and Knowledge Work
Knowledge workers Create knowledge and
information for organization
- Knowledge workers key roles
- Keeping the organization current in knowledge as
it develops in the external worldin technology,
science, social thought, and the arts
51Management Information Systems Chapter 12
Managing Knowledge in the Digital Firm
KNOWLEDGE WORK SYSTEMS
Knowledge Workers and Knowledge Work (Continued)
- Serving as internal consultants regarding the
areas of their knowledge, the changes taking
place, and opportunities - Acting as change agents, evaluating, initiating,
and promoting change projects
52Definite Essay 3 Chapter 14 50 Points
- (i.) Discuss what the Information System Plan
is and how it relates to Systems as Planned
Organization Change and how it differs from
SDLC. 20 points - ----------------------------------
- (ii.) Explain what Business Process
Reengineering is and what the Steps in
Effective Reengineering are.20 points - ----------------------------------
- Clearly label in your essay your answers to each
part (i.) and (ii.) and (iii.) on next slide.
53Definite Essay 3 Chapter 14
- (iii.) Be sure to explain what is value and
what Critical Success Factors (CSF) are. 10
points - Clearly label in your essay your answers to each
part (i.) and (ii.) and (iii.).
54SYSTEMS AS PLANNED ORGANIZATIONAL CHANGE
Linking Information Systems to the Business Plan
- Information systems plan
- Road map indicating direction of systems
development - Look at page 379 MIS in Action Managers
Toolkit How to Develop an IS Plan - 1. Purpose of Plan
- 2. Strategic Business Plan
- 3. Current Systems
- 4. New Developments
- 5. Management Strategy
- 6. Implementation
- 7. Budget Requirements
55SYSTEMS AS PLANNED ORGANIZATIONAL CHANGE
Establishing Organizational Information
Requirements
- Enterprise Analysis
- (Business Systems Planning)
- Analysis of organization-wide information
requirements - Identifies key entities and attributes
56SYSTEMS AS PLANNED ORGANIZATIONAL CHANGE
57System Development Life Cycle (SDLC)Traditional
methodology for developing IS
- 1. System Analysis ( Feasibility Study)
- 2. System Design ( Programming)
- 3. Testing
- 4. Conversion
- 5. Production Maintenance
58Management Information Systems Chapter 14
Redesigning the Organization with Information
Systems
OVERVIEW OF SYSTEMS DEVELOPMENT
The Systems Development Process
59Management Information Systems Chapter 14
Redesigning the Organization with Information
Systems
OVERVIEW OF SYSTEMS DEVELOPMENT
A Sample Test Plan to Test a Record Change
60Management Information Systems Chapter 14
Redesigning the Organization with Information
Systems
SYSTEMS AS PLANNED ORGANIZATIONAL CHANGE
(ii.) Organizational Change Carries Risks and
Rewards
61Essay 3 Part (ii.)
62Management Information Systems Chapter 14
Redesigning the Organization with Information
Systems
BUSINESS PROCESS REENGINEERING AND PROCESS
IMPROVEMENT
Business Process Reengineering
- Leading mortgage banks reduced time to obtain a
mortgage from 6-8 weeks to one week, by radically
changing the workflow and document management
procedures
Workflow management
- The process of streamlining business procedures
so that documents can be moved easily and
efficiently from one location to another
63Management Information Systems Chapter 14
Redesigning the Organization with Information
Systems
BUSINESS PROCESS REENGINEERING AND PROCESS
IMPROVEMENT
Steps to effective reengineering
- Understanding which processes need improvement
- Measuring performance of existing processes as a
baseline - Allowing IT to influence process design from the
start
64Management Information Systems Chapter 14
Redesigning the Organization with Information
Systems
BUSINESS PROCESS REENGINEERING AND PROCESS
IMPROVEMENT
Redesigning Mortgage Processing in the United
States
65BUSINESS PROCESS REENGINEERING AND PROCESS
IMPROVEMENT
Business Process Reengineering
- Business Process Reengineering
- Reorganizes work flows, combining steps to
eliminate redundant paper-intensive tasks - Large payoff from IT investment if processes are
redesigned before applying technology
66BUSINESS PROCESS REENGINEERING AND PROCESS
IMPROVEMENT
Redesigning Mortgage Processing in the United
States
Figure 12-4a
67BUSINESS PROCESS REENGINEERING AND PROCESS
IMPROVEMENT
Redesigning Mortgage Processing in the United
States
Figure 12-4b
68 BUSINESS PROCESS REENGINEERING AND PROCESS
IMPROVEMENT
Steps in Effective Reengineering
- 1. Senior management needs to develop broad
strategic vision. - 2. Management must understand and measure
performance of existing processes as baseline. - 3. Information technology should be allowed to
influence process design from start. - 4. IT infrastructure should be able to support
business process changes.
69BUSINESS PROCESS REENGINEERING AND PROCESS
IMPROVEMENT
Process Total Quality Management (TQM) and Six
Sigma
- How information systems contribute
- to Total Quality Management
- Simplify product or production process
- Enable benchmarking
- Use customer demands as guide to improve products
and services - Reduce cycle time
70Essay 3 Part (iii)
- Look at Table 14-2 on page 499. Slide in this
handout is from previous edition hence numbered
as Table 12.1.
71 Section 14.1 SYSTEMS AS PLANNED
ORGANIZATIONAL CHANGE
Establishing Organizational Information
Requirements
- (iii.) Strategic Analysis or Critical Success
Factors (CSF) (Look at Table 114-2, p.499.) - Small number of easily identifiable operational
goals - Shaped by industry, firm, manager, and broader
environment - Used to determine information requirements of
organization
72Management Information Systems Chapter 14
Redesigning the Organization with Information
Systems
SYSTEMS AS PLANNED ORGANIZATIONAL CHANGE
Strategic Analysis or Critical Success Factors
(CSFs)
- Operational goals shaped by the industry, the
firm, the manager, and the broader environment
that are believed to assure the success of an
organization
73(No Transcript)
74Management Information Systems Chapter 14
Redesigning the Organization with Information
Systems
SYSTEMS AS PLANNED ORGANIZATIONAL CHANGE
Using CSFs to Develop Systems
75What is Value?
The bundle of benefits -The bundle of costs
e Value
- Automation - Rationalization of Procedures
- Eliminate labor costs - Eliminate processes
procedures
76What is Value?
The bundle of benefits -The bundle of costs
e Value
- Business Process Reengineering - Paradigm Shift
Bank Mortgage process (p.503) Cemex paradigm
shift
77Thank You for Being Part of the Class !!!
- Best Wishes!!!
- Sincerely,
- Dr. Richard
- Steven Segall
78 MBA 505VFinal Exam Information Fall 2005
TUESDAY, 715PM-915PMDECEMBER 13, 2005