Chapter 1

1.2 Computer Literacy and Information Literacy

 Computer Literacy is a skill in using productivity software, having a basic knowledge of

hardware and software, the internet, collaboration tools and technologies.
 Information Literacy is the understanding in generating information and using business
intelligence.
 Business intelligence is more than just information. It gives historical, current and
predictive views of business operation, environment and gives organizations a
competitive advantage in the marketplace.

Difference between computer literacy and information literacy

Computer literacy focuses on the technical skills to use the computer and related
technology effectively and information literacy focuses on the critical thinking and
evaluative skills to handle the information effectively.
Example. Opening a new email account and using it (computer literacy), researching data
and analysis (Information literacy)

1.3 Transaction-Processing Systems (TPS)

TPS focuses on data collection and processing. It is applied to structured tasks such as
record keeping, simple clerical operations, and inventory control. It is effective for cost
reduction and minimal human involvement when automated.
E.g., signing up for email, invoice recording, automated payroll system,

1.4 Management Information Systems (MIS) (focus on managerial needs)

A management information system is an organized integration of hardware and software

technologies, data, process, and human elements designed to produce timely, integrated,
relevant, accurate, and useful information for decision-making.

 MIS can be used for both public and private sectors. E.g., private MIS for inventory
control provides data, public sector MIS for police department to predict the crime and
reduce crime rate.

 In designing MIS, 1. clearly define the system’s objectives, 2. data must be collected and
analyzed, 3. information must be provided in a useful format for decision-making
purposes.
1.5 Major Components of information System

In addition to hardware, software, and human elements, IS includes four major components,

1. Data is the input to the system.

 2 types of data sources: internal and external sources. IS should collect data from both
sources. Data has time orientation: past data is collected for performance reports, current-
operational report, future- budget and cashflow reports.

2. Database is a collection of all relevant data organized in a series of integrated files.

 To create, organize, and manage databases, a database management system (DBMS) is
used. E.g., Microsoft access or open office base is used for home or small use. Microsoft
SQL or Oracle is used for large organizations.

3.Process is generating the most useful type of information for making decisions.
 Includes transaction-processing reports and model for decision analysis.

1. Information is the output to the system.

 The quality of the information is determined by its usefulness to the users and its
usefulness determines the success of the information system.

To be useful, information must have such qualities:

1. Timeliness
2. Integration with other data and information
3. Consistency and accuracy
4. Relevance
Another fact affecting the usefulness of information is the IS’s user interface. User interface must
be flexible and easy to use.

The goal of the IS is to generate business intelligence.

1.6 Strategic Information Systems (SISs)

Strategic Information Systems (SISs) focus on big- picture, long-term goals, objectives, and
assist an organization or a decision maker to achieve them.

 Same components as MIS (data, database, process, and information) but the type of ()
and methods of analysis different.
 Key Characteristics: Goal-oriented, Involves top management, Multidisciplinary, Future-
oriented, Dynamic.
1.7 Using Information Systems and Information Technologies

Information systems might use many different information technologies.

 Computer based networks (Wire and Wireless), data-based systems, POS systems, radio-
frequency identification (RFID) tags are just examples of information technologies used
in IS.

1.7a Importance of Information system

 1st is human element and Information is the 2nd important thing in an organization.

 To manage the four Ms. of the resources (manpower, machinery, materials, and money.),
different types of information systems have been developed.

 Personnel information system (PIS) or human resource information system (HRIS)

provide information for personnel to do tasks effectively.
 PIS/HRIS supports following decisions,
Choosing the best job candidate
Scheduling and assigning employees.
Predicting future personnel needs
Provide reports and statistics on employee demographics.
Allocating human and financial resources

 Logistics information system (LIS) is designed to reduce the cost of transporting

materials while maintaining safe and reliable delivery.
 LIS supports following decisions,
Improve routing and delivery schedules.
Select the best modes of transportation.
Improve transportation budgeting.
Improve shipment planning.

 Manufacturing information system (MFIS) is used to manage manufacturing resources so

companies can reduce manufacturing costs, Increase product quality.
 MFIS supports following decisions,
Improve inventory decisions.
Decision-making examples:
Ordering decisions
Product cost calculations
Space utilization
Bid evaluation process used with vendors and suppliers.
Analysis of price changes and discounts

 The financial information system (FIS) is to provide information to financial executives

in a timely manner.
 FIS supports following decisions,
Improving budget allocation
 Minimizing capital investment risks
Monitoring cost trends
Managing cash flows
Determining portfolio structures

 Marketing information systems (MKISs) are used to improve marketing decisions.

 An effective MKIS should provide timely, accurate, and integrated information about the
marketing mix, or the 4Ps: price, promotion, place, and product. MKISs supports
following decisions, Analyze market share, sales, and sales personnel, Sales forecasting
Price and cost analysis of items sold.

1-7b. Using Information Technologies for a Competitive Advantage

Porter’s three business strategies

1. Overall cost leadership strategy (Deliver a similar product or service that is cheaper than
the competitors’ offerings) E.g., Walmart

 The focus of a bottom-line strategy is improving efficiency by reducing overall costs.

E.g., antivirus software distribution at a low cost by using the Internet.

 A top-line strategy focuses on generating new revenue by offering new products and
services to customers or increasing revenue by selling existing products and services to
new customers.

2. Differentiation strategy (Deliver a product or service that is different from those in the
market and at a competitive price) E.g., Amazon – personalization and recommendation.

3. Focus Strategy (clearly define the target market and the audiences that the business will
serve) E.g., Apple target iPhone to consumer rather than business.

1-7c. Porter’s Five Forces Model: Understanding the Business Environment

Porter created a comprehensive framework called the Five Forces Model for analyzing an
organization, its position in the marketplace, and how information systems could be used to
make the organization more competitive.

Porter’ Five Forces Model

1. Buyer power is high when customers have many choices and low when customers have
few choices.
 Organizations try to limit buyers’ choices by offering services. (Differentiation strategy)

2. Supplier power is high when customers have fewer options and low when customers
have more options.
3. The threat of substitute products or services is high when many alternatives to an
organization’s products and services are available.

4. The threat of new entrants into the marketplace is low when duplicating a company’s
product or service is difficult.
 Organizations often use focus strategies to ensure that this threat remains low.

5. Rivalry among existing competitors is high when many competitors occupy the same
marketplace position; it is low when there are few competitors.
Chapter 2
2.1 Defining a computer.

 A computer is a machine that accepts data as input, process data without human
intervention by using stored instructions, and output information. The instructions
(programs) are the step-by-step directions for performing a special task, written in a
language that a computer can understand.

 To write a computer program,

1. Identify what needs to be done.

2. Plan a method to achieve the goal.
3. Select the right language. (A program = Source Code)

Source Code convert to Object code.

(A program) (Binary code or machine code)

 A Binary code is a set of instructions used to control the computer, uses 0s or 1s, which
computer understands as on or off signals.

2.1a Components of a Computer system

 Computers have 2 main components.

1. Hardware component- physical devices. E.g., mouse, keyboard,
2. Software component- programs written in computer language.

 Main (Primary) memory is where computers store data and instructions.

 The Central Processing Unit (CPU) has two components.
1. Arithmetic logic unit (ALU) performs arithmetic operations (+, -, *, /) and
comparison or relational operations (<,>,=).
2. The control unit tells the computer what to do.

Single Processor – one CPU in a single computer.

Multiprocessors – two or more CPU in a single computer.
  Dual-core –Two cores in one CPU
 Quad-core –Four cores in one CPU
 Hexa-core –Six cores in one CPU
 Octa-core –Eight cores in one CPU

Difference between Multiprocessor and Core Technology.

Number of Chips:
Dual-Core: One chip with two cores.
Multi-Processor: Multiple chips, each with one or more cores.
Resource Sharing:
Dual-Core: Cores share resources on the same chip.
Multi-Processor: Each CPU has its own dedicated resources.
Performance and Scalability:
Dual-Core: Limited by the resources on a single chip, suitable for moderate parallelism.
Multi-Processor: Can scale by adding more processors, suitable for high parallelism and
intensive computational tasks.

Component affects computer performance- Bus, Processor size and Operating system (OS).

 A bus is the link between devices connected to the computer.

A bus can be parallel, serial, internal, external. E.g., Video card and memory, USB
device.

 Processor size and Operating system (OS)- 32-bit processor can run only a 32-bit OS and
use 232 (4GB) of RAM. 64-bit processors can run both 32-bit and 64-bit OS. Use (16EB,
or exabytes) of RAM.

 Disk Drive- Peripheral device for reading and writing data.

 CPU case (classic or tower) is an enclosure for computer components.
 Motherboard is the main circuit board to attach CPU, memory, serial and parallel ports,
expansion slots, etc.

2-2 History of Computer Hardware and Software

 Major developments in hardware over the past 80 years

 Five generations of “technological breakthroughs”
 Computer designers focus on gallium arsenide instead of silicon.
 Five times faster
 Withstand higher temperatures
 Difficulties in producing mass production and high cost. Only military use now.
 IBM is using carbon nanotubes (CNTs) instead of silicon.
 Optical technology is also rising –The application and properties of light.
2-3 The Power of a Computer.

Computers have power from three Factors – Speed, Accuracy, Storage, and retrieval
Capabilities.

2.3a Speed
Computers process data with amazing speed.
Computer speed is measured as the number of instructions performed per fractions of a second.
Millisecond: 1/1,000 of a second
Microsecond: 1/1,000,000 of a second
Nanosecond: 1/1,000,000,000 of a second
Picosecond: 1/1,000,000,000,000 of a second
2.3b Accuracy
Degree of accuracy is critical in many computer applications.
2.3c Storage and Retrieval
Storage means saving data in computer memory, and retrieval means accessing data from
memory.
Data is stored in bits.
1 bit = 0 or 1
8 bits = 1 byte = the size of a character = “a”
2.4 Computer Operation
Computers can perform three basic tasks: arithmetic operations, logical operations, and storage
and retrieval operations.
Add, subtract, multiply, divide, and raise numbers to a power (exponentiation)
Perform comparison operations by comparing two numbers.
Store massive amounts of data in very small spaces and locate a particular item quickly.
Computers and communication systems use data codes to represent and transfer data between
computers and network systems.

Input, Output and Memory Devices.

Three major components to using a computer and processing data: Input, Output and Memory.
Input Device: Send data and information to the computer. E.g., Keyboard, Mouse, Touch
Screem, Stylus, Trackball, Barcode reader, Optical character reader (OCR), Data tablet.
Output Device: showing information from the computer.
“Soft Copy” displays –displayed on a screen. E.g., CRT, LCD, OLED screens.
“Hard Copy” displays –displayed on print. E.g., Inkjet, Laser printers.
Other output devices include: Plotters –to convert output to graphics. Voice synthesizers –to
convert output to voice.
Two types of memory – Main memory and Secondary memory.
Main -is usually volatile, meaning its contents are lost when electrical power is turned off.
Secondary- Nonvolatile -holds data when the computer is off or during course of a program's
operation.
Main memory plays a major role in computer performance. The more memory, the faster and
more efficient its o/p i/p operating system.
Random Access Memory (Volatile), Cache RAN (Volatile), Read Only Memory (Non-Volatile),
Two types of ROM –
Programmable read-only memory (PROM) (its contents cannot erase and reprogrammed).
Erasable programmable read-only memory (EPROM) (its contents can erase and
reprogrammed).

Network-attached storage (NAS) (Only for data storage, including hard disk, network card)
Centralized box, connect to the switch, any devices connected to NAS for storage.

“
“ Software – Application Software is directly used by the system user to perform different tasks
on the computer. E.g., Microsoft Word, Power point, Netflix
System software is a special type of software that is internally used by the computer itself to
manage and operate the various hardware components connected to the system.
Operating software is the most important software used by the computer.
It provides an interface to the user to interact with the system.
The architecture of the computer system in terms of the functional units.
Input units accept the data received from the Input devices.
Memory Unit- Memory Hierarchy
Memory unit consists of different types of memories that are used to store the data and the
program instructions during the program execution.
Computers use different types of memory such as disk memory, random access memory (RAM),
Cache memory, CPU memory registers.
Central Processing Unit- CPU (a processor, a microprocessor)
CPU provides processing power to the computer system. The main function of the CPU is to
execute the computer program.
Output Unit consists of various output devices connected to the computer system such as
displaying monitor, printer, projector,
The main function of the output unit is to present the processed data by the computer.
Binary code (Machine code, machine language)
The computer programs are written using any high-level human readable programming language
such as C language, Java, Python and CPU processor decode and excute instructions only in
machine language in binary.
Compilers translate high to low and CPU excute the instructions.
This conversion process is called the program compilation.

Kilobyte (KB): 1 KB = 1,024 bytes

Megabyte (MB): 1 MB (10^6)= 1,024 KB = 1,048,576 bytes
Gigabyte (GB): 1 GB (10^9)= 1,024 MB = 1,073,741,824 bytes
Terabyte (TB): 1 TB (10^12)= 1,024 GB = 1,099,511,627,776 bytes

Storage can shown as bytes (8GB USB drive), wifi speed can shown as bits.
DNS (domain name system) is changing name to IP address.
Computer work only IP address.
Storage area network (SAN) is the used for backup of harddisks pool. Don’t include servers,
include storage hard disks only.
Mbps)

Chapter 5

Risks Associated with Information Technologies

Information technologies can be misused to invade users’ privacy and

commit computer crimes.
•Minimize or prevent risks by:
installing OS updates regularly
using antivirus and antispyware software
using e mail security features

The Costs of Cyber Crime to the Global Economy

According to Cybersecurity Ventures in 2020, cybercrime will cost the world economy $10.5
trillion annually by 2025. Costs include:
−Loss of revenue
−Stolen identities, intellectual property, and trade secrets
−Damage to companies’ and individuals’ reputations
−Expense of enhancing and upgrading a company’s cyber security
−Loss of business information

Spyware and Adware

Spyware is software that gathers information about users while connected to the Internet.
Some can change computer settings
Prevent by installing antivirus or antispyware software
Adware is a form of spyware that collects information about the user to determine
advertisements to display
Prevent by installing an ad-blocking feature in the Web browser

Phishing, Pharming, Baiting, Quid Pro Quo, SMiShing, and Vishing.

Phishing is the sending fraudulent e-mails that seem to come from legitimate sources (i.e., bank
or university)
Direct recipients to false websites that look like real thing for the purpose of capturing personal
information such as SIN, bank acc num, credit card

Spear phishing is same as phishing by is target to a person or group

Pharming is like phishing but the official Web site of an organization is hijacked by altering Web
site IP address via a domain name system server.

Baiting is similar to phishing attacks but baiter gives recipient a promise (i.e., free software or
gift card)

Quid pro quo –similar to baiting but involves a hacker requesting the exchange of critical data or
login information in exchange for a service or prize.

SMiShing (SMS phishing) -technique that tricks user to download malware onto a mobile
device.

Vishing (voice or VoIP phishing) -using voice technology that tricks user into revealing
important financial or personal information to unauthorized entities.

Keystrok loggers

Keystrok loggers are software or hardware devices that monitor and record keystrokes.
Used legally by companies to track employees’ use of e-mail and the Internet.
Used maliciously to collect credit card numbers while user shops online.
Preventable by some antivirus and antispyware programs.

Sniffing and Spoofing

Sniffing is capturing and recording network traffic.

•Used by hackers to intercept information.
Legitimate reason, monitoring network performance.

Spoofing is an attempt to gain access to a network by posing as an authorized user.

Used to find sensitive information such as passwords, credit card information.
Also happens when an illegitimate program poses as a legitimate one.

Computer Crimes and Fraud

Computer fraud is the crime of unauthorized use of computer data for personal gain.
Computer crimes can include:
Denial-of-service attacks
Identity theft
Software piracy, infringements of intellectual property
Writing or spreading viruses, worms, Trojans and other malicious code
Sabotage

Computer, Network and Cyber security: Basic Safeguards

A comprehensive security system protects an organization’s resources. The following

collectively helps to protect information and keep hackers at bay:
Hardware
Software
Procedures
Personnel

There are three important aspects of computer, network and cybersecurity: confidentiality,
integrity, availability. CIA triangle.

Confidentiality−Information disclosed to authorized users only.

Integrity−Accuracy of information resources.
Availability−Computers and networks are operating ; information accessible, Quick recovery
from system failure or disaster.

Another security model called McCumber Tube is a framework for evaluating information
security.
More specific than CIA.
Defines nine characteristics of information security
Includes different states in which information can exist in a system: Transmission, Storage,
Processing.

A comprehensive security system provides three levels of security.

Level 1: Front-end servers (e-mail and Web servers)

−Protected against unauthorized access
Level 2: Back-end systems (workstations and internal servers)
−Protected to ensure data confidentiality, accuracy, and integrity
Level 3: Corporate network
−Protected against intrusion, denial-of-service attacks, and unauthorized access

Planning a comprehensive security system: design fault-tolerant systems

Ensure availability in the event of system failure using a combination of hardware and software
Commonly used methods
Uninterruptible power supply (UPS), Redundant array of independent disks (RAID), Mirror
disks
Security Threats: An Overview
Intentional threats

Intentional computer, network, and cyber threats include the following: Viruses, Worms, Trojan
programs, logic bombs, backdoors, blended threats (e.g., a worm launched by a trojan), Rootkits,
Denial-of-service attacks, social engineering, crypto jacking.
Viruses–a self-propagating program code that is triggered by a specified time or event
−Attaches to other files continuously
−Transmitted through the network, e-mail, or message boards

Worms–independent programs that can spread without attaching to a host program

−Eats up computing resources
− It travels to a computer to computer in a network but does not usually erase data

Trojan Programs –contain code intended to disrupt a computer, network, or Web site
−Hidden inside a popular program
−Can erase data
−Do not replicate

Logic Bombs -Type of Trojan program used to release a virus, worm, or other destructive code
−Triggered at a certain time or by a specific event

Backdoors (or trapdoor) –Programming routine built into a system.

−Enables the designer or programmer to bypass security at a later time

Blended threats -Combines characteristics of viruses, worms, and malicious codes with
vulnerabilities on networks
Searches for vulnerabilities and takes advantage of them, 1. Embedding malicious codes in the
server’s HTML files, 2. Sending unauthorized e-mails from compromised servers with a worm
attachment

Rootkits –Series of software tools that enable unauthorized access to computer or network
system.
−Conceal their presence and actions
−Can remotely execute files
−Can change system configurations

Denial-of-service (DoS) attack –Flood a network or server with service requests to prevent
legitimate users’ access to the system.

Distributed denial-of-service (DDoS) attack -thousands of computers work together to flood a

Web site to cause it fail.
Botnet-Network of computers and IoT devices infected with malicious software and controlled
as a group.

TDoS (telephony denial of service) attacks -High volumes of automated calls flood a target
phone system, halting incoming and outgoing calls.

Social Engineering –Using "people skills" to trick others into revealing private information.
−Common techniques: dumpster diving, shoulder surfing, tailgating, scareware, pretexting

Crypto jacking-Hackers secretly use the victim’s computer to mine cryptocurrency.

−Reduces performance of victim’s computer.

Security Measures and Enforcement: An Overview

,Biometric, nonbiometric, and physical security measures

•Access controls
•Virtual private networks
•Data encryption
•E-commerce transaction security measures
•Computer Emergency Response Team (CERT)
•Zero trust security

A comprehensive security system should include:

Use a physiological element unique to a person that cannot be stolen, lost, copied, or passed on
to others
−Some biometric devices and measures: facial recognition, fingerprints, iris analysis, signature
analysis, voice recognition
−Some applications of biometrics:
▪ATM, credit and debit cards
▪Computer login security
▪Airport security and check-in

Nonbiometric Security Measures

Three main nonbiometric security measures are Callback modems, Firewalls, Intrusion detection
systems.

Callback Modems verify whether a user’s access is valid by logging the user off and calling the
user back.
−Useful when many employees work off-site and need to connect to the network from remote
locations.

Firewalls are combinations of hardware and software that act as filters between private networks
and external networks.
−Network administrator defines rules for access, and all other data transmissions are blocked.
They protect external access but not protect from internal intrusion.
−Types: Packet-filtering firewalls, Application-filtering firewalls, Proxy servers

e.g., Exhibit 5.3 Basic Firewall Configuration

Intrusion Detection System (IDS) protects against both external and internal access.
−Placed in front of a firewall
−Identifies attack signatures, traces patterns, and generates alarms for the network administrator
−Causes routers to terminate connections with suspicious sources
−Prevents DoS attacks

Physical Security Measures

Control access to computers and networks

−Include devices for securing computers and peripherals from theft
▪Cable and room shielding
▪Corner bolts and steel encasements
▪Electronic trackers
▪Identification (ID) badges
▪Proximity-release door openers
▪Laptop cable locks

Access Controls

Designed to protect systems from unauthorized access in order to preserve data integrity
Terminal resource security: Erases the screen and signs the user off automatically after a
specified length of inactivity
−Passwords: Combinations of numbers, characters, and symbols that are entered to allow access
to a system

Password Manager -generates secure, random passwords for you and remembers them
−Can sync with other devices (e.g., tablets, smartphones) E.g., Dashlane
−Encrypts your password database
•Other techniques to replace passwords: zero login, brain password, DNA identification,
authentication tokens, and implanted microships

Virtual Private Networks

VPN provides a secure tunnel through the Internet for transmitting messages and data.
Transmitted data is encrypted using Layer two tunneling protocol (L2TP), Internet protocol
security (IPSec).
Advantages (Set-up costs are low), Disadvantages (Slow transmission speed, Lack of
standardization.

Data Encryption duplicated, or posted to a publicly accessible website, in whole or in part

Transforms plaintext data into a scrambled form called ciphertext that cannot be read by others.
Receiver unscrambles data using a decryption key
Encryption algorithm determines how simple or complex the transformation process should be
Commonly used encryption protocols, Secure Sockets Layer (SSL), Transport Layer Security
(TLS)

Public key infrastructure (PKI) enables users of a public network (Internet) to exchange data.
Secure and private
Uses a pair of keys obtained from a trusted authority: Public key, Private key

Asymmetric encryption uses two keys, public key known to everyone, Private or secret key
known only to the recipient. Longer processing time

Symmetric (secret key) encryption uses the same key is used to encrypt and decrypt the message.
−Sender and receiver must agree on the key and keep it secret
−Can be used to create digital signatures
Difficult to share the key over the Internet.

E-Commerce Transaction Security Measures

Concerned with several issues

−Confidentiality
−Authentication
−Integrity
−Nonrepudiation of origin
▪Sender cannot deny having sent the data
−Nonrepudiation of receipt
▪Recipient cannot deny having received the data

Computer Emergency Response Team

CERT was developed by the Defense Advanced Research Projects Agency (DARPA)
−Focuses on security breaches and DoS attacks
−Offers guidelines on handling and preventing attacks
−Conducts public awareness campaigns and researches Internet security vulnerabilities

Zero Trust Security

Requires every person and every device that accesses a network to be secure; inside or outside
the organization.
•Main principles:
−Every person or device must be verified
−Least-privilege access
−Microsegmentation
−Multifactor authentication (MFA)

Guidelines for a Comprehensive Security System

Steps when developing a comprehensive security plan:
1.Set up a security committee
2.Post security policy in visible places
3.Raise employee awareness
4.Use strong passwords
5.Install software patches and updates
6.Revoke terminated employees’ passwords and ID badges immediately

Keep sensitive data, software, and printouts locked in secured locations

8.Exit programs and systems promptly
9.Limit computer access to authorized personnel only
10.Compare communication logs with communication billing
11.Install antivirus programs, firewalls, and intrusion detection systems
12.Use only licensed software

13.Ensure fire protection systems and alarms are up to date, and test them regularly
14.Check environmental factors
15.Use physical security measures
16.Install firewalls and IDS
17.Before recycle or donate, wipe data
18.Implement zero trust security

Business Continuity Planning

Business continuity planning outlines procedures for keeping an organization operational in the
event of a natural disaster or network attack.
•Tasks to prepare for and restore data:
−Back up files
−Periodically review security and fire standards for facilities
−Periodically review information from CERT
−Train staff members
−Test plan with trial data

−Identify vendors of all software and hardware

−Document changes to hardware and software
−Review insurance policies
−Set up alternative sites
−Keep backups off-site
−Keep copy of disaster recovery plan off-site
−Go through mock disaster to assess response
Steps to resume normal operations when disaster strikes:
1.Put together a management crisis team
2.Contact the insurance company
3.Restore phone lines and other communication systems
4.Notify all affected people that recovery is underway
5.Set up a help desk to assist affected people
6.Document all actions taken

Chapter 4

Privacy Issue
Two relatively new ethical issues related to the social media are fake news and deepfakes.
Fake News is a story or hoax to intentionally misinform or deceive people.
Cheap fakes are manipulation of events created with cheap software that is readily available on
the web and then modified using photoshop and distributed through the Web.
Misinformation – The person spreading the information doesn’t know it is false.
Disinformation- is false information that is knowingly distributed.

Deepfakes –fake videos or audio recordings that look and sound just like the real thing.

Information about people is stored on various databases. Example: top three credit companies
have almost everyone in US: Experian, Equifax, TransUnion
The most common way to index and link databases is by using Social Security numbers.

Federal laws regulate the collection and use of information on people and corporations.
1970 Fair Credit Reporting Act

Web and Network Privacy

Acceptable use policy is a set of rules specifying legal and ethical use of a system and
consequences of noncompliance.
Accountability refers to issues involving both the user’s and the organization’s responsibilities
and liabilities. Holding everyone responsible for their actions.
Nonrepudiation is basically a method for binding all the parties to a contract.
a user cannot deny the validity of their actions or transactions conducted over the internet E.g.,
digital signatures

Guidelines to minimize invasion of privacy

Use Web sites with privacy policies that are easy to find, read, and understand
Limit access to personal information
Ensure data’s reliability and take precautions to prevent misuse of the data
Ensure data collection has a stated purpose
Must consent to use information for other reasons
Must verify data accuracy and only collect what is needed.
Records must be accurate, and users are able to edit or change
Record-keeping systems should not be secret
Must be able to prevent unauthorized access and misuse of data

Federal data protections

Health Insurance Portability and Accountability Act (HIPAA)
Fair and Accurate Credit Transaction Act (FACTA)
Children’s Online Privacy Protection Act (COPPA)

General Data Protection Regulation (GDPR)

GDPR covers a series of laws that protect European Union (EU) citizens’ personal data,
including genetic data, health records, racial or ethnic origin, religious beliefs.

Goal: Consistent protection of consumer and personal data across EU nations.

GDPR’ Key components:

User consent
Anonymized data
Data breach notifications within 72 hours
Safe transfer of data across borders
Appointment of a GDPR compliance officer (for certain companies)

Major business benefits of GDPR compliance:

Improved consumer confidence
Better data security
Reduced maintenance by retiring legacy applications
Better alignment with evolving technology
Better decision making from effective use of customer information

Email

Privacy concern
Spam -unsolicited e-mail sent for advertising purposes
Usually, spam is sent in bulk using automated mailing software and many spammers sell their
address lists.
For this reason, the volume of Spam email can raise to unmanageable level and clogging user
mail, preventing access own email.

Ease of access- Assume others will have access to your messages

Any e-mails sent on company-owned computers are the property of the organization.

Data collection on the Web

Online shopping is increasing because of convenience, choices, and lower prices.

•Some shoppers avoid online shopping because of Online hackers
Selling of personal information to telemarketing firms

•Users' information can be combined with other information and technologies to produce new
information. E.g., A person financial profile can be created by a person’ employment
information.
Two commonly used data collection techniques are cookies and log files.
Cookies are small text files with unique ID tags that are embedded in a Web browser and saved
on the user’s hard drive.
Used for welcoming new and returning users
Used to remember information for ordering
Helps Web sites customize pages for users
Many people install cookie manager, and they can disable existing cookies and future cookies in
user’s hard drive.

Log files record a user’s actions on a Web site.

Generated by Web server software
Can help determine cases of identity misrepresentation on Web sites
Data is not always accurate as users can misrepresent themselves

Ethical issue of information technologies

 - Information technology offers opportunities for unethical behavior because its easy to
collect and disseminate information
- Increase in cybercrime, cyber fraud, identity theft, and intellectual property theftNearly
15 million U.S. residents’ identities stolen every year
- One identity stolen every two seconds; average loss of $3,500.26
- Business identity theft: financial fraud, tax fraud, Web site defacement, and trademark
ransom.

Computer network ethics

1.Social media networking ethics -open and fair access to all users
Authenticity –members are trustworthy and sincere
Transparency –members are honest and open with no hidden agenda
Communication –members are open to knowing other members and communicate openly.

2.Business network ethics –open and fair access to all users

3.Business media networking ethics -open and fair access to all users that includes the
following types of networks:
Utilitarian networking –is a true utility, truthful, and is not wasting its users’ time.
Emotional networking –able to empathize with being ethical in all situations; emotion has no role
Virtuous networking –all parties will act in good faith

Digital citizenship means using information technology safely, ethically, and responsibility.
7 principles to good digital citizenship:
1. Online etiquette
2. Privacy protection
3. Know how to stay safe online
4. “Dos and don’ts” of information technology
5. Protecting and respecting intellectual property
6. Understanding one’s digital footprint
7. Healthy usage patterns

Censorship
Two types of information on the Web are public and private information.

Public information is posted by an organization or public agency can be censored

for public policy reasons (i.e., military secrets).
if the content is offensive to a political, religious, or cultural group.

Private information is posted by a person.

Not censored because of constitutional freedom of expression.
But sometimes can be censored if you agree to obey the policy and then post something to
violate the terms.

Restricting access to the Web

 - Countries like China, Myanmar (Burma), and Singapore restrict or forbid their citizens’
access to the Web
- Parents may restrict Web access for children using software Examples: CyberPatrol,
CYBERSitter, Net Nanny, and SafeSurf
- Some Web browsers have built-in features to protect children

Intellectual Property

Intellectual Property is a legal umbrella covering two categories of protections: industrial

property and copyrighted materials.

Industrial property: inventions, trademarks, logos, industrial designs, patents, etc.

Copyrighted material covers literary and artistic works.

- Copyrights law protects tangible material (books, drawings) and covers online materials
(web pages and HTML code, computer graphics) if the content can be printed or saved on
a storage device.

Trademarks –protects product names and identifying marks (i.e., logos)

Trade secrets –protects ideas, information, and innovations.

Patents –protect new processes.

Patent Benefits
1. Generates revenue through licensing.
2. Attracts funding for further research and development.
3. Keeps competitors from entering certain market segments.

1980 revisions to the Copyright Act of 1976 (Liability for unauthorized duplication and use of
copyrighted programs)
Laws covering legal issues related to information technologies in the U.S.
1. Telecommunications Act of 1996
2. Communications Decency Act (CDA)
3. Laws against spamming

Cybersquatting (domain squatting) which is registering, selling, or using a domain name to profit
from someone else’s trademark.

Typosquatting (URL hijacking) relies on typographical errors made by Web users Typing
goggle.com instead of google.com

Social division and Digital divide

Digital divide: information-rich vs the information-poor. Many people still cannot afford
computers
“Red-lining” –companies prioritize fiber-optic high-speed Internet within high-income
communities.
Schools help with loaner programs providing portable computers to students

Increased consumers’ purchasing powerResults in a stronger economy by reducing production

costs

•Information technologies directly affect the nature of jobsTelecommuting (or virtual work)
allows people to work from home
“Job deskilling” –skilled labor is eliminated with high technology
“Job upgrading” –i.e., clerical work use word processing software
One skilled person can now do multiple jobs

Virtual organizations: networks of independent companies, suppliers, customers, and

manufacturersShare skills and cost

Have access to each other’s markets

Benefits:Focus on what each company does best

Companies can respond faster and efficiently

Reduced product development

Green computing
Green computing is computing that promotes a sustainable environment and consumes the
least amount of energy.
 Green Computing involves the design, manufacture, use, and disposal of information
technology devices.
 Promotes a sustainable environment; help to combat global warming
 Requires the cooperation of private and public sectors

Implementation approaches: Green design (designing energy efficient), Green Manufacturing

(minimizing waste during manufacturing), Green use (minimizing the electricity usage), Green
disposal (remarking the existing digital devices, recycle, properly dispose)

Ways to achieve green computing:

1. Design products that last longer and are modular in design

2. Design search engines and computing routines that are fast and energy-efficient
3. Replace underutilized small servers with one large server; virtualization
4. Use devices that consume less energy and are biodegradable
5. Allow certain employees to work from home
6. Conduct meetings over computer networks
7. Use video conferencing and electronic meeting systems.
8. Use a virtual world
9. Use cloud computing
10. Turn off idle PCs; recycle computer materials
Chapter 3
Databases
 A database is a collection of related data that is stored in a central location or in multiple
locations.
In a database, a file is a group of related records, and a record is a group of related fields.

 Data hierarchy –Structure and organization of data, which involves fields, records, and
files.
 Database management system (DBMS) is software for creating, storing, maintaining, and
accessing database files.

In the past, data was stored in a a series of files called “flat files” because they were not arranged
in a hierarchy and there was no relationship among them.

Types of data in a database

 Internal data is stored in the organization’s internal databases and can be used by
functional information systems. Examples: transactions, sales, personnel records

 External data is stored in a data warehouse. Examples: competitors, customers, tax

records

Methods for Accessing Files

In database, files are accessed by using a sequential, random or indexed sequential method.

Sequential access file structure

 Records are organized and processed in numerical or sequential order.
 Records are organized based on a primary key.
  Used for backup and archive files bcoz they rarely need updating.
 Typically stored on magnetic tape.

Random access file structure

 Records can be accessed in any order, regardless of their physical location in storage
media.
 Fast and very effective when a small number of records need to be processed daily or
weekly.
 Records are stored on magnetic disks to achieve speed. Disks are random access devices.

Indexed sequential access method (ISAM)

 Records accessed sequentially or randomly, depending on the amount.
o Random access: small number of records
o Sequential access: large number of records

 Uses an index structure with two parts:

o Indexed value.
o Pointer to the disk location of the record matching the indexed value.

Logical database design

Information is viewed in a database in two ways.

 Physical view involves how data is stored on and retrieved from storage media. E.g.,
Hard disks or magnetic tapes
o There is only one physical view.

 Logical view involves how information appears for users and how it can be organized
and retrieved. E.g., marketing manager wanna view the related marketing data while
finance manager view for related also.
o Depending on the user, there can be more than one logical view.

The first step in database design is to create a data model.

 Data models determine how data is created, represented, organized, and maintained.

Three components of data model

1. Data structure -describes how data is organized and how the relationship is created.
2. Operations describe methods and calculation.
3. Integrity rules – define the boundaries of the database, such as max and min values
allowed for a field, constraints, and access methods.
Hierarchical model

 Relationships (or branches) between records (or nodes)

Network model
 Similar to hierarchical model but organized differently Each record can have multiple

parent and child records

3-2a. The Relational Model

 The relational model uses a two-dimensional table of rows and columns of data. Rows
are records (aka tuples) and columns are fields (aka attributes).

 Data dictionary store definitions. E.g., field name, field data types, default value,
Validation rule.

 The primary key uniquely identifies every record. Example, SIN No., Student ID No.
 Foreign Key – A key from the child table that links to the primary key of the parent table.
Used to establish the relationship between tables.

 Normalization (to improve database efficiency)

delete redundant data. Ensure only related data are in the table. Stage First normal form
(1NF) to fifth normal form (5NF). But only stage 1 NF to 3NF is used.

Operations–process in which data is retrieved from tables.

Common operations: select, project, join, intersect, union, and difference

Components of a DBMS

DBMS software components

1. Database engine
2. Data definition
3. Data manipulation
4. Application generation
5. Data administration

1.Database engine- Responsible for storage, manipulation and retrieval.

2.Data definition- Creates and maintains the data dictionary. Defines the structure of the files in a
database.

3.Data manipulation- Used to add, delete, modify and retrieve records. Query language like
structured query language (SQL).

4. Application generation – Used to create designs elements of the application. E.g., create a
menu system of the application.

5. Data administration – Used for backup and recovery, security and change management. Used
to determine permissions to create, read, update, and delete. (CRUD)

Database administrators (DBAs)

1. Handle database design and management
2. Establish security measures
3. Develop recovery procedures
4. Evaluate database performance
5. Add and fine-tune database functions

Data Driven Website

A data driven website act as an interface to a database, retrieve data and allow users to enter data
in the database.
 Improve access to information
 Reduce support and overhead needed to maintain static Websites
 Give users more current information from a variety of data sources

Distributed Database

Distributed Database Management System (DDBMS) stores data on multiple servers throughout
an organization.
 Several advantages Design better reflects the firm’s structure
 Local data storage reduces response time
 Minimizes effects of computer failure
 Not limited by data’s physical location

Approaches to setting up a DDBMS

 Fragmentation: how tables are divided among multiple locations
 Replication: each site stores a copy of the data
 Allocation: combines fragmentation and replication

Object Oriented Database

 Data and their relationships are contained in a single object.

 An object consists of attributes and methods that can be performed on the object’s data.
 Encapsulation: grouping objects with their attributes and methods into a class.
  Inheritance: new objects can be created faster and more easily by entering new data in
attributes.

Advantages
 Supports more complex data management.
 Handles storing and manipulating all types of multimedia as well as numbers and
characters.

Data warehouse (structured data collected only)

 Collection of data from a variety of sources

 Used to support decision-making applications
 Used to generate business intelligence
 Also known as hypercubes because they store multidimensional data

Characteristics of data in a data warehouse

 Subject oriented focused on a specific area
 Integrated -comes from a variety of sources
 Time variant -categorized based on time
 Type of data -captures aggregated data
 Purpose -used for analytical purposes

Input- A variety of data sources provide the input for a data warehouse to perform analyses and
generate reports.
These sources can include:
1. External data sources, databases, and transaction files
2. Enterprise resource planning (ERP) systems
3. Customer relationship management (CRM) systems

ETL- extraction, transformation, loading (ETL) are the processes used in a data warehouse.
1. Extracting data from outside sources
2. Transform data to fit operational needs
3. Loading into the end target (database or data warehouse)

Storage- collected data is stored in data warehouse as follows:

1. Raw data -information in its original form
2. Summary data -gives users subtotals of various categories
3. Metadata: information about data’s Examples: content, quality, condition, origin, and
others.

Output - Data warehouses use the following to generate reports:

1. Online transaction processing (OLTP)Generates reports for decision making
2. Online analytical processing (OLAP)Quickly answers multidimensional analytical
queries. Generates business intelligence.
3. Data Mining Analysis- Used to discover patterns and relationships.
 4. Text mining - Used to analyze vast amounts of textual information. Capture key concepts,
trends, and hidden relationships

Data Warehouse Benefits

1. Cross-reference segments of an organization’s operations for comparison
2. Generate complex queries and reports faster than databases
3. Generate reports efficiently using data from a variety of sources
4. Find patterns and trends that cannot be found with databases
5. Analyze large amounts of historical data quickly.

Data Mart

A data mart is a smaller version of the data warehouse. Data mart is used for specific user group
of an organization. E.g., data mart for marketing department

 Advantages over data warehouses - Faster access to data due to their smaller size.
Improved response time for users
 Disadvantages over data warehouses- Limited scope, Difficulty consolidating
information.

Data Lakes

Data Lake gathers and stores data in its original format in a central location. Collected data can
be structured as well as unstructured. Suitable for big data analytics and machine learning
applications.

Business Analytics
 Uses data and statistical methods
 Gains insight into the data
 Provides decision makers with information to act on

Methods
1. Descriptive -Review past events, analyze data, provide a report
2. Predictive -Prepare decision makers for future events
3. Prescriptive -Shows likely outcome of each decision

The Big Data Era

Big Data is voluminous data
Five dimensions (the 5 Vs): Volume, Variety, Velocity, Veracity, Value
Commonly used platform: Apache Hadoop
Privacy risks: Discrimination, privacy breaches, loss of anonymity
Integration with IoT: Reveal trends and find unseen patterns

Database Marketing
Uses an organization's database of customers and potential customers to promote products or
services
•Transforms marketing into a proactive process
•Successful task examples:Calculating customer lifetime value (CLTV)
Recency, frequency, and monetary analysis (RFM)
Customer communications
Analytical software