1)describe or define virtual office?
ans:is typically a managed telephone answering or email response service that receives and routes telephone or email messages on behalf of a small business and may provide some initial scripted response to a query. The business that uses this service typically does not have fixed office premises or employ regular reception or customer contact staff - and so the V.O. provides a means of receiving and passing on calls and messages when not available to deal with a customer inquiry. The prime objective of the V.O. is to assure that customer contact is captured and able to be followed up by whomever the call is relevant or important to.
2)distinguish VO from MIS?
ans: the difference between the Virtual office and MIS, THE V O is also a common term for an environment that enables a network of co-workers to run a business efficiently by using nothing other than online communication technologies while MIS is a subset of the overall internal controls of a business covering the application of people, documents, technologies, and procedures by management accountants to solving business problems such as costing a product, service or a business-wide strategy. Management information systems are distinct from regular information systems in that they are used to analyze other information systems applied in operational activities in the organization. Academically, the term is commonly used to refer to the group of information management methods tied to the automation or support of human decision making
3)3. Illustrate (give examples) how VO can improve company's competitive advantage and organizational performance.
ans:The virtual workplace, in which employees operate remotely from each other and from managers, is a reality for many employers now, and all indications are that it will become even more prevalent in the future. Virtual organizations are multisite, multiorganizational, and dynamic.' At a macro level, a virtual organization consists of a grouping of businesses, consultants, and contractors that have joined in an alliance to exploit complementary skills in pursuing common strategic objectives.2 The objectives often focus on a specific project.3 In and of itself, this grouping represents a dramatic change in how we work, and it presents two new challenges for managers. The challenges stem from the physical separation of workers and managers wrought by such information-age arrangements as telework and virtual teams. "How can I manage them if I can't see them?" is a question that many managers are now asking. It defines the first managerial challenge of the virtual workplace: making the transition from managing time (activity-based) to managing projects (resultsbased). The second managerial challenge of the virtual workplace is to overcome uncertainty about whether managers will still be valued by their companies if they are managing employees who are not physically present. In one case, a first-level manager recalled his boss coming out of his office, looking at the empty cubicles around him, and saying, "What do I need you for?"4 As we shall see in this article, the need is not for fewer managers, but for better supervisory skills among existing managers.
Thursday, May 21, 2009
Monday, May 18, 2009
final question 4
1. Describe or define DSS.
ans:
Decision Support Systems (DSS) are a specific class of computerized information systems that supports business and organizational decision-making activities. A properly-designed DSS is an interactive software-based system intended to help decision makers compile useful information from raw data, documents, personal knowledge, and/or business models to identify and solve problems and make decisions.
2. Distinguish DSS from MIS.
ans:
A decision support system (DSS) is a computer program application that analyzes business data and presents it so that users can make business decisions more easily. It is an "informational application" (to distinguish it from an "operational application" that collects the data in the course of normal business operation).Typical information that a decision support application might gather and present would be while MIS A computer system designed to help managers plan and direct business and organizational operations.
3. Illustrate (give examples) how DSS can improve company's competitive advantage and organizational performance.
ans:
DSS can potentially create a differentiation advantage. Providing a DSS to customers can differentiate a product and possibly provide a new service. Differentiation increases profitability when the price premium charged is greater than any added costs associated with achieving the differentiation. Successful differentiation means a firm can charge a premium price, and/or sell more units, and/or increase buyer loyalty for service or repeat purchases. In some situations competitors can rapidly imitate the differentiation and then all competitors incur increased costs for implementing the DSS.Finally, DSS can be used to help a company better focus on a specific customer segment and hence gain an advantage in meeting that segment’s needs. MIS and DSS can help track customers and DSS can make it easier to serve a specialized customer group with special services. Some customers won’t pay a premium for targeted service or larger competitors also target specialized niches using their own DSS.
Cite your reference.
http://en.wikipedia.org/wiki/Decision_support_system
Arthon g
ans:
Decision Support Systems (DSS) are a specific class of computerized information systems that supports business and organizational decision-making activities. A properly-designed DSS is an interactive software-based system intended to help decision makers compile useful information from raw data, documents, personal knowledge, and/or business models to identify and solve problems and make decisions.
2. Distinguish DSS from MIS.
ans:
A decision support system (DSS) is a computer program application that analyzes business data and presents it so that users can make business decisions more easily. It is an "informational application" (to distinguish it from an "operational application" that collects the data in the course of normal business operation).Typical information that a decision support application might gather and present would be while MIS A computer system designed to help managers plan and direct business and organizational operations.
3. Illustrate (give examples) how DSS can improve company's competitive advantage and organizational performance.
ans:
DSS can potentially create a differentiation advantage. Providing a DSS to customers can differentiate a product and possibly provide a new service. Differentiation increases profitability when the price premium charged is greater than any added costs associated with achieving the differentiation. Successful differentiation means a firm can charge a premium price, and/or sell more units, and/or increase buyer loyalty for service or repeat purchases. In some situations competitors can rapidly imitate the differentiation and then all competitors incur increased costs for implementing the DSS.Finally, DSS can be used to help a company better focus on a specific customer segment and hence gain an advantage in meeting that segment’s needs. MIS and DSS can help track customers and DSS can make it easier to serve a specialized customer group with special services. Some customers won’t pay a premium for targeted service or larger competitors also target specialized niches using their own DSS.
Cite your reference.
http://en.wikipedia.org/wiki/Decision_support_system
Arthon g
final Question 3
Identify and describe one company that adopts an MIS. Include in your discussion, how MIS helps and supports the company, its managers and other employees, in their problem solving and decision-making.
ans:
The company that I identified that adopts MIS (Management Information System)is SCIPSI (South Cotabato Integrated Port Services Inc.). MIS plays a vital role in the company because through it, the company can benefits thoroughly, particularly the manager and the employees themselves.
MIS can aid the manager in his decision making. It can give and explain the role of information, it can identify problems which can hinder the success of the company in achieving it's goals and effective used of MIS and the organization must have an adequate information that can be put at disposal of their management.
ans:
The company that I identified that adopts MIS (Management Information System)is SCIPSI (South Cotabato Integrated Port Services Inc.). MIS plays a vital role in the company because through it, the company can benefits thoroughly, particularly the manager and the employees themselves.
MIS can aid the manager in his decision making. It can give and explain the role of information, it can identify problems which can hinder the success of the company in achieving it's goals and effective used of MIS and the organization must have an adequate information that can be put at disposal of their management.
Wednesday, May 13, 2009
final question 2
A company may adopt specific computerized database system according to their unique needs after thorough MIS planning. However, it has to be noted that MIS if properly planned, and implemented, benefits can be immeasurable on the other hand, if this is misused, then it may mean information or financial losses and opportunity and resources wasted.
From this, answer the following.
1.0.a Research one international company from the Internet and describe their MIS strategic plan in 1-2 paragraphs.
ANS: Shin Kong Life
The Strategy Creation of a Business Management Information System that empowers employees to access and analyze current business information using Web-based reporting tools.
The Results Managers can now handle their own reporting and business intelligence needs, with little or no help from the IT department. More than 200 reports for almost 20,000 employees are quickly accessible via the internet, reducing costs by 50 percent.
Shin Kong Life Insurance Company (SKL) remains at the top of its field for two simple reasons: relentless innovation and a commitment to superior customer service. In the highly competitive insurance industry, data analytics play an important role in the decisions SKL managers make – often affecting the entire enterprise business strategy. To ensure managers always have complete, up-to-date information, SKL relies on business intelligence and reporting technology from Information Builders.
1.0.b Discuss too the impact of this strategic plan on the company's management,
competitors, customers and the company as a whole.
ans:
the impact are so far so good because of their strategic plan they transact easy to their employee in different branch and their customers my using management information system.
Due to its heterogeneous computing environment, fulfilling report requests was a tedious process. Insurance professionals at each of SKL's 466 branches submitted daily transactions to the mainframe computer at headquarters for consolidation. Then, Wang and others on the Information Technology (IT) staff wrote COBOL programs to create detailed reports for branch managers and analysts. User requirements varied and many different reports were needed for each branch. In addition, the reports were only available in hard copy format, requiring managers to peruse large reports in an attempt to find relevant information. "Many of our managers wanted the information to be available on their workstations so they could perform their own analytic s.
2.0.a Evaluate how can this strategic plan be applied to any local company in the Philippines.
ans:
to apply this strategic plan to our local company in the philippines by using management information system in terms of their promotion and transacting to the customers and giving fast services to the consumers for their satisfaction so that your company achieve their goals to become profitable.
2.0.b Discuss too the possible effect on the company.
ans:
the possible effect on the company in depends on the situation for example if the company has a problem in their financial or they has a problem with their employee, in addition the posible effect, one if your business have a potential to progress or your strategy are very effective to attract your customer or else your strategy are not effective that cause the failure of the operation of your business.
3.0.a What is an Accounting Information System?
ans:
AISs cover all business functions from backbone accounting transaction processing systems to sophisticated financial management planning and processing systems.
Financial reporting starts at the operational levels of the organization, where the transaction processing systems capture important business events such as normal production, purchasing, and selling activities. These events (transactions) are classified and summarized for internal decision making and for external financial reporting.
Cost accounting systems are used in manufacturing and service environments. These allow organizations to track the costs associated with the production of goods and/or performance of services. In addition, the AIS can provide advanced analyses for improved resource allocation and performance tracking.
Management accounting systems are used to allow organizational planning, monitoring, and control for a variety of activities. This allows managerial-level employees to have access to advanced reporting and statistical analysis. The systems can be used to gather information, to develop various scenarios, and to choose an optimal answer among alternative scenarios.
3.0.b Identify or list down different accounting information systems used.
ANS: An accounting information system (AIS) is the system of records a business keeps to maintain its accounting system This includes the purchase, sales, and other financial processes of the business. The purpose of an AIS is to accumulate data and provide decision makers (investors, creditors, and managers) with information to make decision While this was previously a paper-based process, most modern businesses now use accounting software
on System personnel need knowledge of database management and programming language such as C, C++, JAVA and SQL as all software is basically built from platform or database.In an Electronic Financial Accounting system, the steps in the accounting cycle are dependent upon the system itself, which in turn are developed by programmers. For example, some systems allow direct journal posting to the various ledgers and others do not.
3.0.c What are the benefits by the management, users and customers
derived from these AIS?
the benefits by the management and users and customer derived from these Accounting Information Systems provide efficient delivery of information needed to perform necessary accounting work and to assist in delivery of accurate and informative data to users, especially those who are not familiar with the accounting and financial reporting areas itself.
ANS:
3.0.d Cite any threat or misuse of these AIS by a specific company. How were the threats addressed? What were the damages?
ANS:
Threats to accounting information systems come from a variety of sources. If ignored, they can destroy the relevance and reliability of financial information, leading to poor decisions by various stakeholders. (For specific examples, the Sidebar lists the top 10 concerns identified by a 2006 AICPA survey.)
At the point of data collection, it is important to establish security controls that ensure that transaction or event data are valid, complete, and free from material errors. Masquerading (pretending to be an authorized user) and piggybacking (tapping into telecommunications lines) are examples of hacker activities that can seriously impact valid data collection.
reference
http://www.informationbuilders.com/applications/shin_kong_life.html
From this, answer the following.
1.0.a Research one international company from the Internet and describe their MIS strategic plan in 1-2 paragraphs.
ANS: Shin Kong Life
The Strategy Creation of a Business Management Information System that empowers employees to access and analyze current business information using Web-based reporting tools.
The Results Managers can now handle their own reporting and business intelligence needs, with little or no help from the IT department. More than 200 reports for almost 20,000 employees are quickly accessible via the internet, reducing costs by 50 percent.
Shin Kong Life Insurance Company (SKL) remains at the top of its field for two simple reasons: relentless innovation and a commitment to superior customer service. In the highly competitive insurance industry, data analytics play an important role in the decisions SKL managers make – often affecting the entire enterprise business strategy. To ensure managers always have complete, up-to-date information, SKL relies on business intelligence and reporting technology from Information Builders.
1.0.b Discuss too the impact of this strategic plan on the company's management,
competitors, customers and the company as a whole.
ans:
the impact are so far so good because of their strategic plan they transact easy to their employee in different branch and their customers my using management information system.
Due to its heterogeneous computing environment, fulfilling report requests was a tedious process. Insurance professionals at each of SKL's 466 branches submitted daily transactions to the mainframe computer at headquarters for consolidation. Then, Wang and others on the Information Technology (IT) staff wrote COBOL programs to create detailed reports for branch managers and analysts. User requirements varied and many different reports were needed for each branch. In addition, the reports were only available in hard copy format, requiring managers to peruse large reports in an attempt to find relevant information. "Many of our managers wanted the information to be available on their workstations so they could perform their own analytic s.
2.0.a Evaluate how can this strategic plan be applied to any local company in the Philippines.
ans:
to apply this strategic plan to our local company in the philippines by using management information system in terms of their promotion and transacting to the customers and giving fast services to the consumers for their satisfaction so that your company achieve their goals to become profitable.
2.0.b Discuss too the possible effect on the company.
ans:
the possible effect on the company in depends on the situation for example if the company has a problem in their financial or they has a problem with their employee, in addition the posible effect, one if your business have a potential to progress or your strategy are very effective to attract your customer or else your strategy are not effective that cause the failure of the operation of your business.
3.0.a What is an Accounting Information System?
ans:
AISs cover all business functions from backbone accounting transaction processing systems to sophisticated financial management planning and processing systems.
Financial reporting starts at the operational levels of the organization, where the transaction processing systems capture important business events such as normal production, purchasing, and selling activities. These events (transactions) are classified and summarized for internal decision making and for external financial reporting.
Cost accounting systems are used in manufacturing and service environments. These allow organizations to track the costs associated with the production of goods and/or performance of services. In addition, the AIS can provide advanced analyses for improved resource allocation and performance tracking.
Management accounting systems are used to allow organizational planning, monitoring, and control for a variety of activities. This allows managerial-level employees to have access to advanced reporting and statistical analysis. The systems can be used to gather information, to develop various scenarios, and to choose an optimal answer among alternative scenarios.
3.0.b Identify or list down different accounting information systems used.
ANS: An accounting information system (AIS) is the system of records a business keeps to maintain its accounting system This includes the purchase, sales, and other financial processes of the business. The purpose of an AIS is to accumulate data and provide decision makers (investors, creditors, and managers) with information to make decision While this was previously a paper-based process, most modern businesses now use accounting software
on System personnel need knowledge of database management and programming language such as C, C++, JAVA and SQL as all software is basically built from platform or database.In an Electronic Financial Accounting system, the steps in the accounting cycle are dependent upon the system itself, which in turn are developed by programmers. For example, some systems allow direct journal posting to the various ledgers and others do not.
3.0.c What are the benefits by the management, users and customers
derived from these AIS?
the benefits by the management and users and customer derived from these Accounting Information Systems provide efficient delivery of information needed to perform necessary accounting work and to assist in delivery of accurate and informative data to users, especially those who are not familiar with the accounting and financial reporting areas itself.
ANS:
3.0.d Cite any threat or misuse of these AIS by a specific company. How were the threats addressed? What were the damages?
ANS:
Threats to accounting information systems come from a variety of sources. If ignored, they can destroy the relevance and reliability of financial information, leading to poor decisions by various stakeholders. (For specific examples, the Sidebar lists the top 10 concerns identified by a 2006 AICPA survey.)
At the point of data collection, it is important to establish security controls that ensure that transaction or event data are valid, complete, and free from material errors. Masquerading (pretending to be an authorized user) and piggybacking (tapping into telecommunications lines) are examples of hacker activities that can seriously impact valid data collection.
reference
http://www.informationbuilders.com/applications/shin_kong_life.html
Monday, May 11, 2009
final question 1
question # 1
For those who are working, interview your IT in-charge and ask him/her to describe the computer database systems used in the company. Write your answer in 1-2 paragraphs. Further, ask also the benefits and/or disadvantages derived from these database systems.
For those who are not working, research one company in the net who is using computerized database systems. Describe the use and/or nature of these systems and describe too the benefits/disadvantages from these systems. Include your reference.
ans:
arthon g
For those who are working, interview your IT in-charge and ask him/her to describe the computer database systems used in the company. Write your answer in 1-2 paragraphs. Further, ask also the benefits and/or disadvantages derived from these database systems.
For those who are not working, research one company in the net who is using computerized database systems. Describe the use and/or nature of these systems and describe too the benefits/disadvantages from these systems. Include your reference.
ans:
ZENRIN CO., LTD. was founded in 1948 in Beppu, Oita Prefecture, Japan as a publisher of tourist maps. From there, we began to develop precise residential maps, which proved to be a big hit due to the less-than-standard address system found in Japan. Our current residentialmaps cover 99% of Japan's cities, towns and villages.
In 1984 Zenrin developed an original, computer-based mapping system in order to provide high-quality information for general public use. Using this technology, we have successfully compiled a cartographic database of Japan's major cities. This database is widely used in the GIS (Geographic Information Systems) software used by many corporations and municipalities.
Zenrin is also expanding its opportunities overseas by using original computerized mapping technology and know-how. In the People's Republic of China, Zenrin has opened cartographic data processing offices in Shanghai and Shenzhen. In Europe, the US, and Taiwan, Zenrin already produces navigation software, and this technology is being used with highly popular in-car navigation systems.
In the US, Zenrin provides navigation software and expertise to Nissan North America and other automobile and navigation systems hardware manufacturers. Zenrin is also continuing to explore collaborative efforts with other electronic and auto manufacturers. Zenrin surveys businesses along America's Interstate corridors to integrate into their navigation software. Businesses, organizations, and travelers nationwide utilize this data in a variety of applications and settings. In April 2000, Zenrin' s US branch was incorporated under the name ZENRIN USA, INC.
ZENRIN USA’s experienced field teams collect and verify data on an ongoing basis. Field teams use differential GPS (Global Positioning System) receivers to collect information that is necessary for navigation. Additionally, the field staff updates business and point of interest (POI) information so that it remains fresh and relevant to customers. Zenrin staff works with clients to verify pre-existing data sets to resolve any inconsistencies and ensure the highest quality information.
and this are the advantage that using computerized data base system by ZENRIN CO.
- A system and method can store and retrieve advance directives with a database that is coupled to a communications system. The database is arranged to register and store information about a service provider in anticipation of future creation of advance directives that will come into at least the temporary possession of the service provider. The database is arranged to store information supplied by the service provider and about a person and the person's advance directive. The communications system is operable in response to a request by the service provider to automatically transmit information about one or more advance directives that were stored in the database by the service provider.
- A method of providing interoperability between an open standard directory service and a proprietary database. The directory is represented as a mapping tree, consistent with directory service protocols such as X.500 or LDAP. The mapping tree node associated with the proprietary database is configured as a null suffix mapping tree entry, so that database mapping tree node replaces root of the mapping tree and the proprietary database the default backend of the directory service. The core server of the directory service is configured to recognize the null suffix mapping tree entry. All directory service operations are routed to a pre-operation plug-in that handles operations in the proprietary database, and remaining operations are redirected to the core server, preserving default functionality of the directory service. Normal data constraints are suspended for operations performed in the proprietary database.
reference:
http://www.zenrin.com/company.asparthon g
Wednesday, May 6, 2009
midterm question # 3
Internet if properly maximized can be used as a medium to the advantage of the company. However, risks and threats are there. Thus, research the following:
1. Identify the possible risks and threats (eg. virus) that can potentially attack a company with internet connection.
ans:
2. Case research and analysis
2.a Identify one company that had experienced an attacked from the internet.
ans:
Microsoft company
2.b Describe the attack?
ans:
Microsoft's sites were down again--this time for almost 24 hours. The company later claimed that a hacker had targeted its systems with what is known as a denial-of-service attack.
A denial-of-service attack overloads a site's servers with a flood of data, effectively blocking legitimate Web surfers from accessing the site. In this case, the attack was aimed not at the servers, but at the hardware switches that route data to the Web sites--the "single point of failure" pointed out by experts. By flooding these routers with bogus requests for Web pages, the hacker ensured that legitimate requests for pages could not be processed by Microsoft's servers.
1. Identify the possible risks and threats (eg. virus) that can potentially attack a company with internet connection.
ans:
Threats to government and private sector computer systems continue to evolve in new and unexpected ways. These challenges come from a variety of groups such as hackers, terrorists and, increasingly, radical political and social activists.
The continuing growth of global communicationMicrosoft's attempts to keep security patches as narrow as possible and to change as little of the binary code as possible to avoid creating compatibility and stability problems, actually helps hackers, says Ryan Russell, a professional hacker who helps decode the world of hackers and is director of information security for BigFix, a security management software company in Emeryville, Calif.s and data networks presents an unprecedented opportunity to connect people to businesses and federal bureaus. This openness also creates an ideal target for individuals and groups with personal agendas. While checking assaults on computer systems has become a substantial industry in itself, many organizations are unaware of evolving threat profiles or are overly preoccupied with specific perceived dangers and fail to notice real weaknesses or flaws in their networks.
An industry has emerged to serve the increasing demand for detailed vulnerability assessments. One information security firm, Security Design International (SDI) Incorporated, Annandale, Virginia, applies specific methodology to serve its customers’ security needs.
One goal of an assessment is to look at a client’s network as a whole, Chris Goggans, SDI’s director of operations, says. Many information security firms make the mistake of investigating only what they perceive to be critical sites, ignoring the broader picture. For example, organizations place extra security around what they consider to be important but ignore unprotected host systems that share the same user accounts.
According to Matthew G. Devost, a senior information security analyst at SDI, the vulnerability assessments provided to clients contain a detailed analysis of the weak points in an organization’s network such as unprotected dial-in lines and modems. The reports also describe how the firm’s consultants are able to move around the client’s various networks and provide recommendations to correct these deficiencies.
Similar information security assessments may simply use an off-the-shelf product such as Internet Security Systems Scanner or Network Associates Cyber Cop to search for vulnerabilities, SDI officials claim. While such scanning software programs are effective for baseline compliance checking, they miss many real-world threats, Devost notes. Scanning software is often updated on a monthly or sometimes quarterly basis, which is not frequent enough to keep up with new threats.
Software-based methods also produce false returns. System administrators are frustrated when reports that have 60 percent of the vulnerabilities listed and turn out to be false hits. “You’re trying to take action on things that don’t exist,” Devost says. By comparison, vulnerability alerts from industry groups like Bugtraq are loaded into SDI’s assessment methodology within hours of their release, he observes.
Scanning tools have their place in compliance checking, but they do not emulate an attacker because they are not intelligent and cannot combine external and internal information to recognize vulnerabilities, SDI President Donald O. Hewitt says. “By reading the advertisements a little too closely, one can think they are actually buying a vulnerability assessment in a box. They’re just buying a tool—there’s a big difference,” he warns.
When conducting internal and external vulnerability assessments, SDI engineers work both off and on site. The external check consists of investigating Internet connections and firewalls for holes or back doors. The firm’s consultants go to the client’s location for the internal assessment, which is the bulk of the work conducted, Devost says. There, the engineers examine an organization’s entire network with the perspective and privileges of a regular user. For example, can a new temporary worker access material detailing a company’s mergers and acquisitions from the legal department’s files? Any weaknesses discovered through the internal check can be applied externally because once the firewalls have been penetrated or circumvented, intruders will be able to move around the network at will, Devost observes.
A lack of understanding about the current network environment is a common issue in both government and private sectors, Devost says. Assessments often turn up surprises such as unauthorized modem lines, he notes. Another issue for both groups is an inability to secure known vulnerabilities. A substantial amount of information exists in the public domain such as advisories and software patches for security problems, but these remedies are often not implemented, he contends. This lack of enforcement is somewhat more prevalent in the government, but it is still a major problem in the private sector as well. “Policies are not enforced. If they have taken the time to develop a policy, it’s either not current enough to be effective, or it is current but not being enforced because no one is doing any compliance checking. That’s a big issue for both sides,” he says.
Where the two sectors differ is in motivation to react to threats. Being financially driven, the private sector often implements changes before vulnerabilities can affect business and, by extension, customer and shareholder confidence. Government organizations may sit on an issue as it passes through several layers of management. The result may be that nothing happens for six months in part because accountability is different in government circles, Devost says. However, this is changing as the government becomes more responsive, he observes.
Putting a good policy in place and enforcing it is important. Devost notes that SDI’s assessment teams penetrate hundreds, sometimes thousands, of systems at client sites because of simple mistakes such as poor, easily cracked password choices and lack of compliance checks. He advises administrators to keep their auditing systems enabled to determine if employees are exceeding their privileges. “You can usually distinguish between an accidental click in the wrong place [and] if someone is snooping around in resources they shouldn’t have access to,” he says.
External network threats are quite real, however, as terrorist and extremist groups begin to see the utility of conducting cyberattacks. Devost notes documented cases of such organizations trying to buy information and solicit help from hackers. Japan’s Aum Shinrikyo cult, operating under front companies, wrote software for 80 Japanese companies and 10 government agencies. Back doors in that software allowed the group to track hundreds of unmarked cars used by the Japanese police. This information was siphoned from police networks and fed into a database listing the vehicles’ current locations and what they were investigating.
Another growing threat comes from groups of political activists referred to as hacktivists. Unlike traditional hacker groups, hacktivists are driven by ideological or political motivations, selectively targeting corporations or government institutions with whom they disagree. During the 1999 protest demonstrations at the World Trade Organization’s (WTO’s) meeting in Seattle, attacks were coordinated against WTO-related World Wide Web sites in conjunction with protesters marching on the buildings that were hosting the conference.
Devost is concerned that these groups are developing their own software and represent a relatively large community. He notes that more than 20,000 people participated in virtual sit-ins against meat manufacturers, the banking industry and government. These events began as unorganized actions, but the groups have become more sophisticated, developing more complex denial of service tools. Software tools that can be activated and left to wreak havoc on their own are unpopular because they do not fit in with these groups’ participatory ideology. Some of the hacktivists’ most recent software creates a small screen on a monitor allowing a user to draw pictures in it. As the mouse cursor is moved across the window, an attack is launched. “For some reason morally, they feel that it is better to participate than to release a tool you can just walk away from,” Devost says.
The popular perception is that the Internet is the access point for external threats, Goggans notes. But Internet connections are only one route into an organization. The same company or government bureau can have 10,000 incoming telephone lines and five different lease-line connections to partners or other related organizations. By adding the number of telephone lines and lease lines at those outside groups, the number of threats increases exponentially, he says.
Perhaps the largest handicap many organizations face when they set up a defensive architecture is a perimeter mentality with respect to design, Hewitt observes. So much attention is paid to defending perceived critical areas from external threats that the system’s designers usually do not prepare the defense in depth to really secure their networks. “When somebody gets in, they’re going to have the run of the place,” he maintains.
Goggans cites a bank that had an extremely elaborate defensive system. It consisted of multiple layers of firewalls separating demilitarized zones—a point between a firewall’s internal protection and the Internet connection—followed by a firewall between each application and the Internet and another ring of firewalls defending the internal network. Despite the attention paid to Internet access, this same institution never conducted any modem scanning of its branch installations or investigated the security of its firewalls placed between its partner connections. The bank also had never conducted an internal assessment, but it had spent hundreds of thousands of dollars protecting itself against perceived Internet-based threats, he observes.
A properly placed firewall eliminates Internet-based intrusions, but other means of entry exist, Goggans points out. “In doing our assessments, there hasn’t been an organization yet that we haven’t penetrated to some degree. Very few of those [penetrations] happen over the Internet. Most happen over poorly secured modem access,” he says.
Threats to networks also have potential for litigation. As protection of intellectual property becomes a growing factor in due diligence, legal issues will become a key driver in the security industry because there will be major lawsuits, Devost says. Recent distributed denial-of-service attacks have raised due diligence issues because they only succeeded based on poor security that allowed a system to be penetrated and used as a launching point against others. “If you can go back and prove the company that was penetrated wasn’t practicing due diligence, then was it a vulnerability known about for a year or a patch that has existed for 10 months? Are they liable now for the company that was actually hit?” he questions.
These issues are partially responsible for the security industry’s continuing growth. Hewitt believes that the next three to five years will continue to be strong for fundamental services in areas such as technical network security. Other expanding areas will coincide with the emergence of public key infrastructure technologies, which represent an enormous market. Both areas will grow exponentially, he predicts. Hewitt also sees continued expansion in overseas markets. While this international growth trails the United States, he expects a leapfrog effect as many nations bypass certain infrastructure steps and move directly to new technologies such as cellular and wireless networks.
2. Case research and analysis
2.a Identify one company that had experienced an attacked from the internet.
ans:
Microsoft company
2.b Describe the attack?
ans:
Microsoft's sites were down again--this time for almost 24 hours. The company later claimed that a hacker had targeted its systems with what is known as a denial-of-service attack.
A denial-of-service attack overloads a site's servers with a flood of data, effectively blocking legitimate Web surfers from accessing the site. In this case, the attack was aimed not at the servers, but at the hardware switches that route data to the Web sites--the "single point of failure" pointed out by experts. By flooding these routers with bogus requests for Web pages, the hacker ensured that legitimate requests for pages could not be processed by Microsoft's servers.
At one point, such legitimate page requests to the Microsoft Network languished at anywhere from an abysmal 1.5 percent success rate to around 70 percent, according to network consulting company Keynote Systems. Normally, the sites are able to fulfill 97 percent of all page requests, said Dan Todd, chief technologist for public services at Keynote.
2.c Identify the damages done and the solutions adopted to reverse the damages and to protect the company from future threats.
ans: the damages that make by hacker are affect the operation of the microsoft company,The first in this string of security holes popped up in early December 2006. This flaw affects computers running Word 2000, 2002 and 2003; Word 2004 for Mac and Word 2004 version X for Mac; Word Viewer 2003; and Microsoft Works 2004, 2005 and 2006. An attacker hides a piece of code in a Word document and puts it on a Web site for download or sends it out as an e-mail attachment. When a user downloads or opens the document, the attacker can remotely control the user's computer and execute a wide array of codes under the user's own login. This flaw came to Microsoft's attention on December 5, 2006, when people started reporting attacks. in thier solution about the problem, Microsoft's attempts to keep security patches as narrow as possible and to change as little of the binary code as possible to avoid creating compatibility and stability problems, actually helps hackers, says Ryan Russell, a professional hacker who helps decode the world of hackers and is director of information security for BigFix, a security management software company in Emeryville, Calif.
reference:
http://www.afcea.org/signal/articles/templates/SIGNAL_Article_Template.asp?articleid=676&zoneid=126
http://news.cnet.com/2009-1001-251622.html http://www.cio.com/article/428363/How_Microsoft_s_Patch_Tuesday_Affects_Business_Processes_and_Security?page=2
arthon g
Tuesday, May 5, 2009
midterm question 2
1) Research 1 the Philippine company and 1 international company that have employee e-commerce?
ans: PORTEOUS FASTENER COMPANY and MABUHAY INTERNATIONAL CORPRATION.
2) Describe how e-commerce operates in this companies?
ans:
the e-commerce operates in this company by1. Providing an easy and secure way for customers to order. Credit cards are the most popular means of sending payments on the internet, accounting for 90% of online purchases. Card numbers are transferred securely between the customer and merchant through independent payment gateways.
2. Providing reliability and security. Parallel servers, hardware redundancy, fail-safe technology, information encryption, and firewalls can enhance this requirement.
3. Providing a 360-degree view of the customer relationship, defined as ensuring that all employees, suppliers, and partners have a complete view, and the same view, of the customer. However, customers may not appreciate the big brother experience.
3) Identify the benefits/constraint/derived by these company from e- commerce
ans:
the benefits derive by these company from e-commerce are improved customer services, improve the relartionship with supplier and the financial community and increased return an stockholder and owner investment, in addition by using the ecommerce their customer are satisfied their services by order the raw materials from them or finished product in our country and other country and because of that they transact easy by selling the product through internet.
reference:
arthon g.
ans: PORTEOUS FASTENER COMPANY and MABUHAY INTERNATIONAL CORPRATION.
2) Describe how e-commerce operates in this companies?
ans:
the e-commerce operates in this company by1. Providing an easy and secure way for customers to order. Credit cards are the most popular means of sending payments on the internet, accounting for 90% of online purchases. Card numbers are transferred securely between the customer and merchant through independent payment gateways.
2. Providing reliability and security. Parallel servers, hardware redundancy, fail-safe technology, information encryption, and firewalls can enhance this requirement.
3. Providing a 360-degree view of the customer relationship, defined as ensuring that all employees, suppliers, and partners have a complete view, and the same view, of the customer. However, customers may not appreciate the big brother experience.
3) Identify the benefits/constraint/derived by these company from e- commerce
ans:
the benefits derive by these company from e-commerce are improved customer services, improve the relartionship with supplier and the financial community and increased return an stockholder and owner investment, in addition by using the ecommerce their customer are satisfied their services by order the raw materials from them or finished product in our country and other country and because of that they transact easy by selling the product through internet.
reference:
arthon g.
Subscribe to:
Posts (Atom)