CS 490 Information Systems Management
Table of Contents
Introduction
- Why are we building things.
- A system consists of components
- Ahmed Ibrahim: DC 2133 (Tuesday, Thursday after lecture)
The First System
For 4000 years, writing was the only information technnology
Data vs. Information
data: raw facts before organization into an understandable form
information: data that has been shaped into a meaningful and useful form for human beings
Business Transformation
- automation and digitization
- data-driven decision-making
- enhanced customer engagement
- improved collaboration and connectivity
- disruption of traditional industries through new business models
Information Systems Management
What are we doing after we build a system.
Advantages
- Survival
- Competitive advantages
Success
Correct tech, tools, processes, people, networks
Problems with Manual reservations
Difficult to match passenger names to seats
Resulted in poorly managed inventory (i.e., seats on a fight)
- Over-booking: dissatisfied customers
- Under-booking: lost revenue
Aircraft with greater seating capacity and greater frequency of use on the horizon
- More inventory and passengers to keep track of
Introduction of Sabre:
- Reduced man power
- American airlines - IBM
- Remote terminals
Waves of Innovation
- cut costs
- generate revenue
- business survival
Software Architecture
- architecture (conceptual)
- blueprint
- implementation independent
- infrastructure (physical)
- implementation dependent
- physical material
Reference Architecture
- captures main components
- high level abstraction
- common vocabulary
- comparative
Architectural Styles
broad perspective on how to structure our software application
Component-based
Layered
Pipes and filters
Microkernel
Client/server
Event-driven
Repository
Monolithic
- tightly coupled
- single large code base
- less scalable
Service-Oriented Architecture (SOA)
- reusable and interoperable via service interfaces
- common interface standards
Microservice Architecture
- single-function modules with well-defined interfaces and actions
- small teams own entire life cycle of the service
- The term “micro” refers to the sizing of a service which must be #manageable by a single development team (5 to 10 developers).
Architecting A Solution
Three Tier
- Presentation logic
- Application logic
- Data access logic & storage
Zero Client
No persistent storage, firmware loads OS into memory on power on.
- cost-effective
- low power consumption
Practice #3: A Weather Application
- Many ways, most preferably the 3-tier system.
- Hybrid, weather data on server, peer - to - peer other
How to Find a Solution
First ask, what have you tried already and why didn’t it work?
Revenue Model
Common Revenue Models:
- Direct Sales – This model involves selling products or services directly to customers.
- Advertising – Companies generate revenue by displaying advertisements to their customers.
- Subscription – Customers pay a recurring fee (monthly, yearly) to access and use a product or service.
- Freemium – This model offers a basic version of a product or service for free, but charges for additional features or premium versions.
- Licensing or Royalties – Companies grant licenses to third parties to use their intellectual property (such as patents, trademarks, or copyrighted material) in exchange for royalties or licensing fees.
- Affiliate Marketing – Companies earn a commission by promoting and selling other companies’ products or services through affiliate links or referral programs.
- Data Sales – Companies collect and analyze data from their customers and sell or license the insights or anonymized data to other businesses or researchers
Revenue Model and Design
- advertising requires placement of ads in GUI
- subscriptions and subscriptions requires compelling premium features
- data sales requires a scheme to collect data
- rapid user acquisition requires scalability and iterations
Triton Wear
- accelerometers and gyroscopes
- stroke count, stroke rate, distance per stroke, and more
- wearable device, mobile app, cloud infrastructure and analytics capability
- User Interface
- Coach dashboard
- Athlete portal
- Integration and API for extending features
- simply and seamless
- quick setup
- engaging
- lots of data
- accurate, consistent, reliable
- focusing on the skills rather than the timing to maximize performance
- automated data visualization progression
External Factors
- internet
- global marketplace
- micro-markets
- business ecosystems
- decapitalization
- faster business cycles
- accountability and transparency
- rising risks of IT
Internal Forces
- supply-push to demand-pull
- respond to consumer demands and pull products
- self-service
- customers know what they want best
- real-time working
- responding fast to the customer demands
- optimized as possible
- anytime, anyplace information work
- remote / hybrid / mobile computing
- Outsourcing and strategic alliances
- Use of IT to help manage work across the extended enterprise
- Decease of hierarchy
- Equal playing field with shared authority
- Use of IT to facilitate information exchange
Strategies in the New Work Environment
- leverage knowledge globally
- organize for complexity
- work electronically
- handle continuous and discontinuous change
Management Hierarchy
- Senior
- Executive Support Systems
- Middle Management
- Management Information Systems (MIS)
- Decision Support Systems (DSS)
- Operational Management
- Transaction Processing Systems
Information Workers
- Procedure-based
- Efficiency focused
- Easily measurable
- Knowledge-based
- Effectiveness
- Harder to define
Software Examples
- Database Management System (DBMS)
- Document/file managment system (DMS)
- Content management system (CMS)
- Website support
- Knowledge manager system
- Customer relationship management (CRM)
RAID
- Redundant array of independent disks. The OS thinks there is only one disk.
- Data Striping: unit one goes here, unit two goes there, unit three goes here as if there’s one big disk; parallelism
RAID 0
Distributing data across at least 2 disks; each disk has different information.
RAID 1
Data is the same on all devices
RAID 10
Needs at least 4. Multiple groups of RAID 0s. Each group of disks gets different data.
Or RAID 1 PLUS 0
RAID 5
At least 3. Stripping with parity. Parity means if a disk fails, the parity can be used to generate the disk that fails. Parity is just enough information to recover the failed disk given that the other disks are available.
Storage Area Network
- Fibre Channel Switch
- High performance to handle lots of data traffic
- Like a router but for fibre optics and wi-fi routing
- Wired connected to multiple RAID disks
- Block-level storage
- Hard drives appear as locally attached devices
Practical Exercise
500,000 TB storage capacity, Seagate 10TB drives. 0.7% annual failure rate (AFR)
Design for 99.99% availability.
redundancy, fault-tolerance, load balancing, regular maintenance
RAID 10 to tolerate drive failure
Distributed storage to increase reliability and availability
Hot swappable driver - can replace drivers while system is running
Mean Time Between Failure = 1 / annual fail rate
Mean Time to Repair = 1 / 365
Availability = Mean Time Between Failure / (MTBF + Mean Time To Repair)
Backup
- Online backup (hot)
- Instant, protects against at least one HD failure
Offline backup
- Done end of day
- Protect against complete failure
Archive
- Full backups
- Differential backups
- alters existing backup
- Incremental backups
- Backup additions and alternations since the last incremental backup
Strategic Planning
- Defining an organization’s direction
- Allocation its resources to pursue this direction
- Planning helps a business identify its goals however technology changes very fast
- Strategic focus: 3-5 years (business processes) led by senior management
- Tactical focus: 1-2 years (resource allocation and project selection) led by middle managers
- Operational focus: 6-12 months (project management, budget) professionals
Why Planning Is So Difficult
- Alignment of strategic business Goals and systems plans
- Technologies are rapidly changing
- Companies need IT portfolios rather than projects
- Infrastructure development is difficult to fund
- Responsibility needs to be joint
Changing World of Planing
- closest to the action
- organizational edge
- outside-in approach
- strategic envelope
- top management
- set parameters
- open and regulation communication
Eight Planning Techniques
- Stages of growth
- Early successes (adoption), Contagion, Control, Integration, Data administration, Maturity
- assumes all organization are in the same stages in the same order
- pro: roadmap. con: assumes all orgs go through same stages in same order
- Critical success factor (CSFs)
- few key areas that must go right
- monitoring and building
- pro: resource alignment
- con: oversimplifying complex processes
- Competitive Forces Model
- Porter’s five force { threat of new entrants, threat of substitutes, supplier power, buyer power, competitive rivalry }
- pro: understanding competitive forces
- con: fails to capture tech and societal shifts
- Three Emerging Forces (Digitization, Globalization, Deregulation)
- new business models
- telecommunications and transportation
- many industries
- pro: anticipate major trends
- con: overlook industry/region specific factors
- Porter’s Value Chain Analysis
- support activities { firm infrastructure, HR management, tech development, procurement }
- primary activities { inbound logistics, operations, outbound logistics, marketing & sales, service }
- information as a source of value itself instead of as support
- pro: value adding activity analysis
- con: complex and time-consuming and does not capture intangibles
- E-Business Value Matrix
- new fundamentals { criticality to business = low, newness of idea = low }
- operational excellence { high, low }
- rational experimentation { low, high }
- breakthrough strategy { high, high }
- pro: identify opportunities for digital/online
- con: no offline
- Linkage Analysis Planning
- Examines the links between organizations in order to create a strategy for utilizing electronic channels
- pro: understand relationships
- con: complex and overlooks internals
- Scenario Planning
- long-term thinking to prepare for various scenarios
- explore forces that could cause different scenarios of the future to happen
- time consuming and highly uncertain. Risk of bias
- define decision problem and time frame
- identify major known trends
- identify driving uncertainties
- construct scenarios
- pro: long-term thinking, flexibility
- con: time-consuming, uncertain, bias
Managing Corporate Information Resources
IT Infrastructure
- Hardware
- OS platform
- Application platform
- Data Management platform
- Network platform
- Internet platform
- Service platform
Approaches to Manage
- Cost-centric view: minimizing IT infrastructure
- Service-Centric view: prioritize delivering reliable and high-quality IT services to meet user needs, focusing on service availability, performance monitoring, and incident response
- Innovation-Centric View: firms leverage IT infrastructure for innovation, seeking competitive advantage and business growth
- Risk-Centric view: risk management, robust security measures, disaster recovery
- Agility-Centric view: flexibility to respond quickly
- Data-Centric view: data-driven decision
- User-Centric view: end-user prioritization
Value Chain Model
Multiple software systems for each part of the process: warehouse, operations, ordering, servicing, outbound / shipping
problem: integration between the systems
could not detect a small item is missing
system should analyze habits of suppliers, users, employees, customers.
suppliers and their suppliers, firm, distributors, customers
Enhancement through information systems
- Automating and streamlining primary activities (production, delivery, customer service)
- Optimizing support activities (procurement, logistics, human resources)
- Gathering and analyzing customer data (develop new products that meet customers’ needs)
- Improving communication and collaboration (with stakeholders to enhance experience)
Business Process (BP)
- Collection of business functions related to each other
- organization specific
- specific business function or across many BF’s
- example: billing process in a physician clinic
- IBM business process software
- cross-functional
- order fulfillment process requires sales, accounting, manufacturing & production
Integration Tools
- Enterprise Resource Planning (ERP)
- Integration all areas of a company
- Microsoft dynamics and vision
- data accuracy and consistency
- decision-making
- improved collaboration
- customer satisfaction
- Data accuracy and consistency: no separate systems, reduces risk of errors
- Better decision-making: realt-time
- Improved collaboration: across different departments and locations
- Increased customer satisfaction: better manage customer orders, inventory, and deliveries
- Supply chain management system (SCM)
- Customer relationship management systems (CRM)
- Knowledge management systems (KMS)
- Confluence
Haarslev Industry
- Problem
- business process integrations of acquired companies
- global expansion
- lack of consolidation of operations
- Many ERP systems
- Process driven operations
- no streamlined system to allow this
- Microsoft Dynamics
- Global integration
- Unified business processes
- Enhanced process efficiency
- Adoption of best practices (RapidValue)
- Data Management
- Documentation and Customization
- Key components
- Finance
- Supply chain management
- Sales
- Customer Service
- Marketing
- Field Service
- Business Central
To-Increase […Microsoft Dynamics]
- Database management system (DBMS)
- Cloud computing: scalability
- data analytics: insights and reports
- artificial intelligence: forecasting, automation, decision-making enhancements
- Internet of things: collect real-time data
- APIs: integration with other systems and services
- Mobile: accessibility
- Security
Information Systems Strategic Planning
Creating Video Games
- Strategic planning is a process that involves defining an organization’s direction and making decisions on allocating its resources to pursue this direction
- It involves setting goals, analyzing the competitive environment, creating a plan for achieving long-term success, putting it into action, and continually evaluating your process and its outcomes
- Tim Hortons, quick coffee delivery and walk-through
- McDonalds fully automated store
Customer Intimacy
- know your customers really well
- understanding customers’ needs, wants, preferences, and behaviours to anticipate before being asked
Operational Excellence
- market is the total expenditure spent on a product or service
- Strategic planning for operational excellence involves formulating and implementing a plan that aligns all operational activities with the organization’s strategic objectives
Competitive Advantage
- unique strengths or capabilities
- Strategic planning for competitive advantage refers to determining how your organization can best leverage its strengths and capabilities to gain the upper hand over its competitors
- goal is sustainable
Stand-Out Firms
- Stand-out form
- Firms that do better are said to have a competitive advantage
- Access to unique resource or they can use commonly available resource more efficiently
Strategic Planning Challenges
- Technology comes outdated
- technology initiatives align with their overall strategic objectives
- agility and adaptable is required
Limitations of Traditional Strategy-Making
- rigid long-term planning based on predictable trends (infeasible)
- rapid tech changes and shifts in consumer behaviour make trends less predictable
- failing to plan effectively potentially disrupts business operations or missed opportunities
Moore’s Law
- transistors / microprocessor power / computing power doubles every 18 months
- price of computing havens every 18 months
Sense and Respond
The “sense-and-respond” approach is a strategic approach that emphasizes agility, adaptability, and responsiveness to rapidly changing market conditions. Unlike traditional long-term planning, which relies on rigid strategies, the sense-and-respond approach focuses on continuous monitoring, sensing environmental changes, and quickly responding to them.
It emphasizes the importance of strategizing in areas where the action is most intense and speedy such as customer interactions and feedback, frontline operations, and market changes.
In the sense-and-respond approach, organizations actively gather data and information from various sources, which allows them to sense market trends, customer needs, and emerging opportunities or threats.
Microsoft and Sun/Java.
IBM in a Service-Oriented Architecture
- flexibility to innovate and adapt processes as per business requirements, using a service-oriented architecture.
- easy modification and reuse of system components
- execution of changes to business rules and workflow redirection without extensive IT involvement
- real-time tracking and measurement of process effectiveness, customizable, real-time alerts
- process efficiencies
- tracks key performance indicators (KPIs)
- Aligning Processes with Planning - modelling and managing processes (e.g. customer service)
- Strategic Decision Making - evidence-based approach (monitoring and analytics)
- Operational Efficiency - identification of issues or gaps in processes (bottlenecks, redundancies, inefficiencies)
- Agility and Change Management
Komatsu
- 52,000 invoices needed to be processed from suppliers MANUALLY
- Microsoft Power automate and AI builder automated workflow
- Document processing AI model
- three weeks
- Automating for one supplier resulted in processing 1,100 invoices in three weeks; 300 hours saved
- blueprint for other suppliers
- Citizen Developer Program
- empower employees to build business solutions
- aim to increase innovation
- Future plans
- encouraging others to adopt similar solutions
- enabling employees to focus on more critical tasks.
Tools for Business Analysis
- Brainstorming, SWOT (Strengths, Weaknesses, Opportunities, Threats), Porter’s Competitive Forces Model, COPE analysis, PEST analysis (Political, Economic, Social, and Technological), STEER analysis (socio-cultural, technological, economic, ecological, regulatory), EPISTLE (environment, political, infomatic, social, technological, economic, legal)
SWOT Analysis
- Objectives of the business
Porter’s five force
- { threat of new entrants, threat of substitutes, supplier power, buyer power, competitive rivalry }
VC Benchmarking
- Compare VC or investments to industry benchmarks or standards
- financial returns, investment strategy, portfolio composition, deal flow, and fund performance
- evaluate success and effectiveness of VC firms in generating returns and to identify opportunities for improvement or best practices
Management Issues in Information Systems Development
- How does an org ensure that its IT resources support its business plan
- How does a systems project get authorized
- stakeholders
- project charter (objectives, scope, stakeholders, milestones, budget, and other key details)
- How to ensure compatibility and interoperability across different system development efforts
- How is a project controlled and reviewed
Systems Development
- strategic alignment, effective communication, resource allocation, performance metrics, risk management
Baseline IT Plan
- Based upon businesses multiyear strategic plan
- Major IT initiatives
- IT requirements
Steering Committee
- Group of people responsible for making decisions and providing guidance on a specific project or initiative
- Project initiative is aligned with the organization’s goals and objectives
Development Process
- System Development Lifecycle (SDLC) (structured set of activities)
- Goal: deliver high-quality system that meets or exceeds customer expectations and is completed on time and within budget
System Process Descriptions
- Products: outcomes
- Roles: responsibilities of people involved
- Pre and post conditions: conditions before starting and after a process is done
Traditional Waterfall Model
- Separate and distinct phases of specification and development
- lack of flexibility
- rigid sequences of phases
- limited customer involvement
- initial requirements gathering does not involve customer
- high risk of project failure
- assumes all requirements can be defined at the beginning
- lack of detection of defects
- testing performed at later stages of the traditional model
- limited visibility and feedback
- limited visibility of progress until later stages
- long development cycles
- each phase needs to be completed before the next
When to use
- requirements unlikely to change
- stricter control and more predictable budget and timeframe (government)
- multiple rules and regulations must be followed when working on a project (healthcare projects)
- well-know tech stack
- mission-critical applications
Incremental Development
Specification, development, and validation are interleaved
Customer value delivered with each increment
Rapid delivery
Variable requirements are easy to accomodate
Process not visible, regular deliverables required
System structure degrades with each increment unless refactored
Useful for loosely coupled parts such as microservice or web services
Unclear business needs
R&D or introduction of new product
Quick and early working software
Flexible
Easier to test and debug during a smaller iteration
Easier to control risk
Not all requirements are gathered up front, leading to system architecture affecting problems
Pressure on user engagement
Feature creep: product requirements increase during development beyond expected initially
Project Kickoff
- Requirements
- Gathering
- Analysis
- Specification (documenting)
- Evaluation (validation) -> re-evaluate (analysis)
A requirement is a simple statement of what the system must do or what characteristics does it have. Requirements will describe
business requirements
user requirements
- what does the user expect the system to be able to perform
- tasks integral to business’ operations
functional requirements (what software should do)
non-functional requirements or quality attributes (system characteristics)
System & Software Design
- System’s Architecture
- high-level roadmap
- relationships between requirements and its components
- must be regularly updated
- specific design decisions and priorities can be made within this framework
- System Design
- Identify design goals
- System decomposition
- Hardware/Software mapping
- Persistent Data Management
- Version Control
- System Decomposition
- Top-down representation breaking down complex functions
Development Methodologies
- Structured
- system is a set of processes
- processes accept inputs and outputs
- processes interact with data stores
- Object-Oriented
- Collection of interacting objects
Software Testing Goals
- Validation
- Demonstrate software meets requirements
- Defect discovery
Software Testing Strategies
- Glass-box or white box testing
- Can see internal, try running all lines
- Black-box testing
- Can’t see the internal structure
- Gray-box testing
- Tester has partial knowledge of internal workings
- Access to some internal details such as architecture, database structure or specific code segments
Software Testing Types
- Unit testing
- testing individual components in isolation
- Module testing
- test module according to requirements
- Integration testing
- combine modules and group testing
- expose faults between integrated components
- System testing
- test entire thing as per requirements
- User acceptance testing
- final testing for release done by customer
Why do Systems Fail
- Missing or Wrong or impossible requirements
- Fault design/code
- Improperly implemented design
- Want to fix errors sooner in process of (requirements, design, coding, development testing, acceptance testing, operation)
Development Management
A project is an effort to reach a specific goal by completing a unique set of interconnected tasks and making good use of resources
unique purpose, temporary, requires resources, involve uncertainty
lifecycle
- collection of logical stages or phases that maps the life of a project from its beginning to its end for a project
- tangible and verifiable products of work
Project Lifecycle
- Project initiation: define project charter (objective & scope)
- Planning
- work breakdown structure
- time estimate for each task
- cost estimate for each task
- Graphically portray activities in network diagram
- Calculate schedule and budget
- Execute
- Close
Project Planning
- Time-consuming
- Revised regularly
- Various plans developed to support master project plan
Common Types of Plans (FYI)
- Quality plan
- Validation plan
- Configuration management plan
- Self development plan
- Risk management plan
- Communication plan
Project Constraints
- Schedule, budget, resources (triangle)
- Estimate: (optimistic + 4 * realistic + pessimistic) / 6
- Top-down macro (analogy, or math)
- Bottom-up micro (guess cost of the work breakdown)
- Critical path is the longest amount of time it will take to complete the project
Monitoring and Control
- baseline plan
- monitor progress
- measure actual progress and compare it to planned progress
- take corrective action(s) if the project is behind schedule, overrunning the budget
Metrics Classification
- product metrics
- software product characteristics
- size and complexity o the system
- quality and reliability of the system
- lines of code, FP, meat time to failure, number of errors
- process metrics
- system development process characteristics
- processes, techniqes, tools (lead time, defect rate, productivity, compliance, cost variance)
Cumulative Budgets and Actual Cost
Keep track with a graph
Project Closure
- Handover deliverables to customer
- Pass the project documentation to the business
- Cancel supplier contracts
- Release staff and equipment
- Inform stakeholders of the closure of the project
Types of Dependency
- Finish to start
- predecessor must finish
- Finish to finish
- cannot finish until previous finishes
- start to start
- cannot start until other starts
- start to finish
- cannot finish until other has started
Managing Information Security
- Protecting data from unauthorized access, use, disclosure, disruption, modification, or destruction.
- Integrity: accurate and reliable and authorization
- Availability: information is accessible by authorized individuals
- Confidentiality: protection from the unauthorized
- Protecting intellectual property, sensitive customer data, and internal communication are vital for maintaining trust, compliance, competitive advantage, and ultimately, business survival.
What is Information Security?
- Information security aims to maintain the confidentiality, integrity, and availability of data in all its forms.
- Another crucial objective is ensuring Business Continuity (the ability of the organization to continue operations even in the event of security breaches or disasters).
Security Threats
Software attacks like computer viruses, computer worms, malware, and ransomware
- Trojan: appears to be legitimate and not harmful but then does something unexpected (downloaded malicious file)
- Worms: replicate copies, standalone, do not need host program or human help to activate or propogate
Identity theft
- fraudulent acquisition and use of another’s private information
- phishing
- data breaches
- Website spoofing: Man in the middle attack (certificate not valid)
- DNS Spoofing
Intellectual property (IP) theft
- underlying tech
Sabotage, information extortion, or equipment theft
Ransomware
- Sobeys hit with Black Basta
Advanced persistent threats (APTs) involve long-term targeted attacks on specific organizations.
Internet of things (IoT) creates new vulnerabilities, cloud storage
Security Management
- Personnel security: authorization
- ensuring that only authorized individuals can access an organization’s sensitive information and systems.
- background checks, security awareness training
- humans can be the weakest link
- Application security: fixing security vulnerabilities
- vulnerability scanning, code review, and penetration testing
- Operating system (OS) security: protect the OS
- anti-virus
- updating
- OS is the backbone
- Network security: prevent and monitor misuse of network
- intrusion, modification, destruction, or unauthorized access.
- Web services security: protocols and encryption
- secure communication
- Facility security: physical security of the premises
- surveillance systems, secure access controls, and alarm systems.
- often overlooked
Equifax
- Setting strict standards for data protection similar to PIPEDA
- regular audits
- encryption
- robust disaster recovery
- Transparency
- Accountability
- Regular updates
- Action
- Support
Five Pillars
- Authentication
- verify user
- Identification
- Granting appropriate access
- Web cookie: read only be webserver for domain issuer
- Session: browser’s temporary subfolder
- Persistent: permanent in browser’s subfolder
- First party: site visits
- Third party: come from website you aren’t visiting (advertisements usually)
- Privacy
- Integrity
- Ensure trustworthiness of data (consistent, accurate, unaltered)
- Checksum (hash functions, message digests) fixed-size, unique output values from input data of any size
- verify integrity and authenticity of data by detecting any changes or tampering
- Non-repudiation
- Ensure that no party can deny that their signature is on sent/received data
- provides assurance
- Digital signature
- cryptographic mechnism
- ensure sender is verified
- public-key cryptography
- private key used to sign, public key verifies
- only sender can use the private key
- Symmetric (SKE) vs. Asymmetric
- Symmetric: same key is used for encrypting and decrypting
- Asymmetric: pair of private and public keys
- often used for generating signatures
- Digital cert
- uses a trusted third party known as a certificate authority (CA).
- CA generates an encrypted digital certificate containing owner identification information and a copy of the owner’s public key
Technical Countermeasures
- hardware or software tools and techniques used to protect information and data from security threats
- Firewalls, Encryption/Decryption, Steganography and Virtual Private Networks (VPNs)
- Firewall
- controls incoming and outgoing data transmissions
- allows authorized communication and denies unauthorized access
Steganography
- Hides the existence of a message
- Hiding data in graphic images or sound file
- Concealed messages in tampered executable files
- Pictures embedded in video material
Virtual Private Network (VPN)
- VPN technology creates a secure and encrypted connection between a user’s device and the internet
- route traffic through remote server operated by VPN provider
- Need for inexpensive but secure connections between distant locations
Intranet
- internal network
- centralized hub
- secure platform where employees can access important company news, updates, policies, and procedures
- repository for documents
Management Countermeasures
- Computer Auditing, Computer Monitoring, and Economic Evaluation of Security Measures.
- Balance security with business needs
- Computer auditing
- assess and inspect
- verify system logs, access controls, and data integrity measures
- reduces risks of data breaches
- Computer Monitoring
- within an organization’s network
- detect any irregular behavior
Examples
- Cyberattacks on USA Energy Grid (CNN)
- DDoS attack on Los Angeles County and Salt Lake City
- DDoS using botnet
- Performing a Cybersecurity Audit of an Electric Power Transmission Systems Operator
- Meta’s Threads App
- Potential trade secrets lawsuit by Twitter
Economic Evaluation of Security Measures
- balance between lost and cost to fix
- assess direct costs (purchases) and indirect (employee training, downtimes)
RIsk Management
Centric
Information-Centric Decision Making
- accurate, relevant, information and analytical tools to make decisions based on insights rather than intuition