MIS Chapter 8 : Securing information systems

The use of IS is widespread and common across multiple organizations. It

often contains sensitive info about the inner workings of the company.
- With the increase of digital technology and the use of the internet,
more data is being transferred electronically and sensitive data is
stored online.
- Cyber attacks have become a widely spread phenomenon incurring
financial, reputational and privacy risks.

Why is IS vulnerable ?
- Accessibility for networks : IS in different locations are
interconnected ; the potential for fraud, access, or abuse is not
limited to a single location, but can have multiple origins ( access
points) => Threats to IS can have technical, organizational or
environmental origins.
- Hardware problems : (breakdowns, improper use, configuration errors…)
- Software problems : improper installations- unauthorized changes
- Use of networks/ computers outside a firm’s control or loss and theft of
portable devices.
Unauthorized Access: This can happen through tapping or sniffing.
Tapping involves physically intercepting communication lines while
sniffing involves capturing data packets traveling over a network.
Errors: This includes message alteration where data is tampered with during
transmission.
Denial-of-service attacks: This overwhelms a system with traffic, making it
unavailable to legitimate users.
Internet vulnerabilities :
- The Internet is open to anyone. Its size means abuses have a wider
impact
- Use of fixed internet addresses ( Modem-DSL cables) means the
creation of fixed targets
- Unencrypted VOIP ( voice over internet protocol) : a technology that
lets you make and receive phone calls using a broadband internet
connection instead of a traditional phone line.
- E-mail, file sharing programs, instant messages:
interception
Attachment with malicious software
Transmitting trade secrets

Wireless network vulnerabilities :

- Wireless networks use radio frequency bands that are easy to
intercept
 - Service set identifiers : unique names that identify wireless network
access points. They are broadcasted multiple times to help users
locate and connect to the network. They can be identified by sniffer
programs.

● Types of attacks on wireless networks :

- War driving : Eavesdroppers drive by buildings equipped with
a laptop, antenna, gps driver and a sniffer program to identify
open or vulnerable wireless networks. Sniffer programs
intercept network traffic to extract sensitive date ( passwords-
usernames )
- Rogue access points : Wireless access point that has been
installed on a network without the knowledge of the network
admin. Often installed in public places, and designed to look
like legitimate access points.
Malware :
- Malicious software : Programs that exploit system vulnerabilities.
Software threats either replicate ( worms- bots) or don’t ( viruses -
logic bombs) since they are activated by triggers.
● Worms : Self replicating malware that spreads without any
user action. Usually gains access to a networks, and uses that
access to spread
● Viruses : a malware that infects a computer by inserting its
code into legitimate program files or files.
● Spyware : Install themselves into computers secretly to
monitor user internet history browsing history , emails, chat
logs etv
● Ransome wear : Encrypt user files and demand payment for
decrypting them
● Trojan horse : Disguises itself as a legitimate program and
once installed opens a backdoor ( Backdoor (trapdoor): Any
mechanism that bypasses a normal security check. It is a code that
recognizes for example some special input sequence of input.)
 ● for unauthorized access
● SQL injection : Hackers inject SQL codes into databases that
support web apps such as sales, e-commerce, financial data
Computer crimes :
- Denial of service attacks : Disrupt the normal functioning of a
website or app by overwhelming it with traffic, and preventing
legitimate users from accessing or using targeted systems.
- Botnet : A network of computers infected by malware which allows
them to be controlled by a botmaster.
- Social engineering : tricking users into divulging sensitive
information or providing access to systems using psychological
manipulation
● Pharming : Direct users from legitimate websites to a fake one
without their knowledge
● Phishing : send fraudulent emails disguised as a trusted source
with a link or an attachment to an installation of a malware
- Click fraud : generating an illegitimate number of clicks on ads
- Cyberterrorism : Carrying cyberattacks with a purpose of disrupting
governmental entities for political or ideological reasons, harming
individuals
- Cyberwarfare : Attacks on a nation or a group of nations with a
purpose of disturbing military systems, important infrastructures
such as transportation systems, communication networks.
Internal threats :

Software vulnerabilities :
- Weakness or flaw in software design
● Bugs : Program defects or errors in the software codes that can be
exploited to get unauthorized access
● Zero defects cannot be achieved in software development
● Zero-day vulnerabilities : unknown to the vendor and for which there
are no patches. They can be discovered by attackers, security
researchers, or other third parties. Once discovered, the vulnerability can
 be sold on the dark web or to government agencies for a high price, or it
can be used for malicious purposes.
● Protection against zero-day vuln
- Regular vulnerability assessments and penetration tests to
identify said vulnerabilities
- Staying up to date with regular security patches
- IS security systems :
- Technical controls :
● Firewall : combo of software and hardware that prevents unauthorized
users from accessing private networks. ( examines users’ credentials
before letting them in )
● Intrusion detection system : Detects unusual activity on networks. The IDS
send alerts to system administrators and even shut down sensitive parts of
a network if it detects unauthorized traffic.
● Virtual private network : Virtual private network between two networks
providing a safe connection between your computer and the vpn server
● Unified threat management : integrates multiple security solutions into
one appliance ( antivirus- ids- firewall )
● Encryption : Cryptographic algorithms to protect data. Quantum
computers pose a challenge to encryption algorithms
● Network segmentation : Dividing networks into small segments each with
its own security policies and access to isolate attacks and limit damage
- Administrative control :
- Password policies
- Access control policies : according to security profiles
- Incident reponse plans : framework for responding to attacks/ ssecutiy
incidents : specifies the roles of the stakeholders in the response process
- disaster recovery plans : Plan to restore critical IT structures and
data after a natural disaster / cyberattack : Minimize downtime
- Business continuity plans : core business running during
disruption : Alternative processes- comm protocols …
- Risk assessment :
● identify potential risks and stakes of their occurrence.
● Assigning potential loss for risks / profitability odds
● Evaluating prob of occurrence
Info security audit :
- Systematic evaluation of firm’s info policies, security systems,
procedures, practices to ensure they meet security standards
Physical controls :
- authentication tools : Passwords systems , smart cards,
biometric identification, two-factor authentication ( atm : debit
card and pin)
-

Chapter 9 :
Enterprise resource planning : Common central database with
integrated suite of software modules ( example : Oracle)
- collects data from divisions of a firm for use in nearly all of
firm’s internal business activities
- Business value : Greater efficiency, as it helps reduce
redundancy and duplication of resources across the firm / firm
wide information to support quick decision making / include
analytical tools to evaluate overall performance
The supply chain : Network of organizations and business processes
for producing materials - transforming them into products-
distribution
- Upstream supply chain : raw materials- components- earlier
stages of prod
- Downstream : Deals with everything after a product was
manufactured ( warehouse- delivery)
- Internal supply chain
- Supply chain management : supply chain inefficiencies waste
operating costs and result from inaccurate or untimely info :
● Just-in-time strategy : Components arrive as they are
needed ( sur commande)
● Finished goods shipped after leaving assembly line
● Safety stock : deal with uncertainties and unforeseen
events
● Bullwhip effect: Small and temporary change incustomer
demand that can cause amplified variations in orders
placed by retailers, wholesalers …
● Supply chain management software : Optimize plans for
sourcing, warehousing, manufacturing, and delivery
 ● Global supply chains : - Greater geographical distance-
timezone differences - legal requirements
=> Internet helps manage these complexities like
warehousing management, transportation, logistics,
outsourcing : from push to pull manufacturing .
push : forecast demand and push products to customers
Pull; Actual orders trigger the events of the supply chain
from each stage operating indep =>moving a
concurrent supply chain with the internet.

“Make what we sell, not sell what we make.”

The emerging Internet-driven supply chain operates like a digital logistics
nervous system. It provides multidirectional communication among firms,
networks of firms, and e-marketplaces so that entire networks of supply
chain partners can immediately adjust inventories, orders, and capacities
Customer Relationship Management : ( CRM)
- comp ad to know customers better
- CRM systems : Capture and integrate customer data / consolidate
and analyze data / distribute to concerned stakeholders. CRM
systems examine customers from a multifaceted perspective. These
systems use a set of integrated applications to address all aspects
of the customer relationship, including customer service, sales, and
marketing.

CRM Software :
Packages range from niche tools to large scale enterprise apps
PRM : partner relationship management :

● Integrating lead generation, pricing, promotions, order

configurations, and availability. assess partners’ performances

ERM : employee / setting employee objectives, performance eva,

performance based compensation, training

CRM packages
 - Sales force automation : sales prospect and contact info / quote

generation capabilities

- Customer service : assigning and managing customer service

requests / Web based self service capabilities

- Marketing : Capturing prospect data, scheduling and tracking email

or direct mailing / cross selling. “ Customer relationship management

software provides a single point for users to manage and evaluate marketing
campaigns across multiple channels, including e-mail, direct mail, telephone,
the Web, and social media.”
-

- Business value of CRM systems :

–Increased customer satisfaction

–Reduced direct-marketing costs

–More effective marketing

–Lower costs for customer acquisition/retention

–Increased sales revenue

–Reducing the churn rate (number of customers who stop using or

purchasing products or services from a company)

Chapter 10 : E-commerce, digital goods, and digital marketing

E-commerce: Short for electronic commerce, refers to the buying and
selling of goods or services over the internet or other electronic networks.
It began in 1995 and grew exponentially. The new E-commerce involves an
extensive use of social media, and switching from desktops to
smartphones.

Why is E-commerce growing rapidly ?

– Ubiquity : E-commerce is ubiquitous meaning it is available
everywhere at any time. Transaction costs are reduced since the
marketplace is online.
- Global reach : Sales across nations and worldwide
 - Universal standards : One set of technological standards, internet
standards
- Richness : Refers to the complexity and content of a message.
Internet offers the option of audiovisual content, text,etc
- Interactivity : Allow a two way communication between merchant
and customer
- Information density : Internet made information abundant, cheap,
and accurate to market participants. Customer has easy access to
price comparison ( price transparency) and the actual cost of
products ( cost transparency)
Advantages : Price discrimination = Seller can vary prices for
the same product based on the customer’s willingness to pay ( ex :
discounts for bigger quantity purchased )
Disadvantages : Consumer is reluctant to buy a product for a
premium price ( higher than the standard) if he can get it for lower.
– Personalization / Customization :
Personalization : Target marketing message to specific
individuals based on clickstreams, interests, and past purchases
Customization : Change order according to customer’s
preferences or prior behavior.

Digital markets and digital goods in a global marketplace :

- Digital markets have changed the way companies conduct
business thanks to
- The availability of information and transparency =
Reduced information asymmetry ( one party of the
transaction having more knowledge than the other) .
- Dynamic pricing : Price depends on the location, time,
market conditions
- Reduced menu ( costs incurred from changing prices ),
search and transactions costs.
- Switching costs : Can either decrease or increase
depending on the merchant’s product strategy. If he offers a
 wide range of products, switching between options is cheaper
contrary to merchants with a unique offer or specialized offer.
- Delayed gratification : shipping time delays gratification
of the customer i.e the receival of the good purchased
- Disintermediation : No need for intermediaries to have
access to customers ( lower costs for marketing channels).
Digital goods :
- Goods a customer can download on their computer or mobile
device.
- Cost of producing the same unit is almost the entire cost of
production unlike physical units which require storage and costs of
distribution.
- No limit on nb of customers
- Stored and updated easily
Types of E-commerce :
B2B/ B2C/ C2C ( facebook marketplace)/ C2B ( Freelance)
E-commerce business models :
E-tailer : Online retail stores ( amazon )
Portal : Online packages ( yahoo-google)
Content provider : distribution of digital content ( netflix)
Transaction broker : Conducts transaction normally done in person
or phone / email ( Online real estate broker )
Market creator : Builds online markets ( ebay )
Service provider : google drive
Community provider : Facebook - github
Revenue models :
Advertising Model : deriving revenue by selling ad spaces.
YouTube, Instagram, Facebook, and Google generate revenues by
displaying ads.
Sales Model: The most common model. The eCommerce merchant offers
products and services to consumers and generates revenue by selling
them these goods and services.
Subscription Model: offering users content or services and charging a subscription fee for access to

some or all its offerings. Exp: dating sites, video games, music or films (Netflix, YouTube premium,

Amazon prime)

Freemium Model: the user can access the basic limited features of a product for free, but

will be charged for the “premium version” with extended features.

Transaction fee Model: receiving a fee or a commission for enabling or executing a

transaction. Exp: Airbnb, Amazon, Paypal, eBay…

Affiliate Model: Web sites redirect visitors to other Web sites in return for a commission or

a percentage of the revenue from any resulting sales ( fashion blogs - online magazines)

Drop shipping: The merchant displays products on his website and takes the orders under

his brand. He does not keep an inventory or handle the shipping. Products are purchased

from a third party as soon as a customer makes a purchase which is then shipped directly

to the customer. ( shopify)

How has E-commerce changed marketing ?

- Long-tail marketing : Shift focus to less popular products, and finding customers

when demand is low. Sell high volumes of hard to find or uncommon products ( ex :

Amazon sells a variety of almost 350 million products)

- Behavioral targeting : Keeping track of users’ clickstreams

•Social e-commerce:

refers to the use of social media platforms to promote and sell products and services. These platforms are a

great way to reach a large audience. Examples include: Instagram's shopping, Facebook Marketplace, Twitter's

buy button, Youtube ads, etc..

Social sign-on :

–Collaborative shopping : Individuals coming together to shop collectively, share

recommendations, and make purchasing decisions as a group.

Social shopping sites: online marketplaces or e-commerce platforms that incorporate

social media features, such as user reviews, ratings, and recommendations.

Crowdsourcing: the practice of obtaining ideas, content, or services from a large and diverse group

of people, often via the internet. ( reddit)

Live shopping: involves live streaming video of products being demonstrated or sold in real-time. This allows

customers to ask questions, interact with the seller, and make purchases directly from the video stream. ( tiktok)

Effect of E-commerce on B2B Transactions :

- Global B2B e-commerce in 2019 is $12.2 trillion

- Internet and networking helps automate procurement

- Transactions technologies

- EDI ( electronic data exchange ) : A computer to computer exchange of standard

business documents eliminating the struggle of printing and mailing bills.

- Private industrial network : A private network used by a group of firms to manage their

supply chain activities. It consists of a large firm using an extranet to link to its key business partners to share
product design and development, production scheduling, inventory management, etc. The sponsoring firm sets the

rules inviting other firms to participate at its own discretion.

 -

- A net market place : Online platforms that facilitate transactions between buyers and

sellers. They typically operate in a specific industry and offer a range of services, such as

product listings, search functions, communication tools, and payment processing.

- Some e-hubs serve vertical markets for specific industries, such as automobiles or

telecommunications, whereas others serve horizontal markets for goods and services that

can be found in many industries, such as office equipment or transportation. Vertical : Specific

industries or sectors characterized by a particular focus on a niche market or specialized products and

services. Unlike horizontal markets, which cater to a broad range of industries or customers,

Chapter 11 : Knowledge management and ai

- Knowledge is an intangible firm asset. Is either explicit when

documented or implicit when undocumented. It is also

situational; when to apply it ? How to use a certain tool ?

- The value of knowledge to organizations :

- knowledge-based core competencies : key organizational

assets
 - knowing how to do things effectively in ways others don’t :

Prime source of comp adv

- Organizational learning : Process through which org gain

experience through collection of data, trial and error etc

- Knowledge management : is the set of business processes

developed in an organization to create, store, transfer, and apply

knowledge.

● Knowledge acquisition : Documenting tacit and explicit

knowledge ( corporate repositories )

- Creating knowledge : Discovering patterns

- Tracking data from TPS ( "Transaction Processing

System." )and external sources

● Knowledge storage :

- Creation of databases

- Document management systems that digitize, index, tag

document ( large databases adept at storing large documents)

- The role of management is to support the development

of planned knowledge storage systems and keep them updated.

● Knowledge dissemination

- Portals, wikis, E-mail, instant messaging, search engines,

collaboration tools are used for sharing knowledge

- This results of a deluge of information : a large amount of

information
 - Training programs, informal networks, and shared

management experience help managers focus attention on

important information.

● Knowledge application : To provide a return on investment, new

knowledge must be built into a firm’s business processes and key

application systems and used in

- New business practices

–New products and services

–New markets

•AI consists of computer-based systems (both hardware and software)

that attempt to emulate human behavior (learning languages,

accomplishing physical tasks, emulating human expertise and decision

making…). AI can perform many complex tasks that would be difficult or

impossible for humans to perform.

Major types of AI :
- Expert systems : Expert systems are computer-based systems that
emulate the decision-making ability of a human expert in a specific
domain or field. These systems are designed to solve complex
problems, provide advice, make recommendations, or perform
tasks that would typically require human expertise.They are used
for structured decisions where there are few alternatives that are all
known in advance.
- Machine learning : A type of Ai that allows computer systems to
learn from data without explicit knowledge
● Use statistical models to identify patterns and relationships in
data to make decisions or predictions
● ML is used in filtering spam emails
- Neural networks : A type of ai inspired by the structure of the human
brain. It is divided into interconnected nodes. They process input
data to make decisions about poorly understood complex problems
for which large amounts of data has been collected. Example : Face
recognition.
- Genetic algorithms : Similar to the process of natural selection. They
filter presented solutions to reach optimality ( cost minimization-
efficient scheduling etc)
- Natural language processing : A type of AI that processes human
language to understand, analyze and understand it. Can also
process text and human voice ( google search- google translate)
- Computer vision systems : Emulate human vision to process real
world images. Autonomous vehicle can recognize road signs,
deepface can recognize human faces and identify them in picture
- Robotics : Combines AI, mechanical engineering, and electronics to

create robots that can perform tasks autonomously. Programmed to

perform specific and detailed actions in limited domains( robots

spray paint autos, and assemble certain parts, welding, heavy

assembly movement)
- Intelligent agents : Work without direct human intervention to carry
out repetitive, predictable tasks like deleting junk e-mail or finding
cheapest airfare. Use limited built-in or learned knowledge base

•Examples: •Virtual assistant that uses voice recognition, some are

capable of self-adjustment like Siri

•Chatbots and Language processing tools like ChatGPT •Agent-

based modeling applications:

Model behavior of consumers, stock markets, and supply chains;

used to predict spread of epidemics