1. 845-HB-KT
1) Define eBusiness?
eBusiness
Electronic commerce (EC or e-commerce) describes the process of buying, selling, transferring, or
exchanging products, services, or information via computer networks, including the Internet.
E-business is a somewhat broader concept. In addition to the buying and selling of goods and services, e-
business also refers to servicing customers, collaborating with business partners, and performing
electronic transactions within an organization.
Or
E-business (electronic business) is the conducting of business on the Internet, not only buying and
selling but also servicing customers and collaborating with business partners.
2) What is meant by Communitainment'
The Internet has increasingly become a principal medium for community, communication, and
entertainment–three areas that have collided together and are impacting each other’s growth–
generating a new type of activity that we call communitainment.
3) What is meant by IT Steering Committee?
IT steering committee
It is a committee, comprised of a group of managers and staff representing various organizational units,
set up to establish IT priorities and to ensure that the MIS function is meeting the needs of the
enterprise.
The IT steering committee acts as very important role in developing and implementing the IT
strategic plan
The IT steering committee is important because it ensures that you get the information systems
and applications that you need to do your job.
4) What is meant by Social engineering
social engineering
It is Getting around security systems by tricking computer users inside a company into revealing sensitive
information or gaining unauthorized access privileges.
Or
Social engineering is an attack in which the perpetrator uses social skills to trick or manipulate a
legitimate employee into providing confidential company information such as passwords
The most common example of social engineering is The attacker impersonates someone else on
the telephone, such as a company manager or information systems employee. The attacker
claims he forgot his password and asks the legitimate employee to give him a password to use.
5) Define Information Systems Auditing?
Information Systems Auditing is performing the task of examination of information systems, their inputs,
outputs, and processing and checking for
Are all controls installed as intended?
Are the controls effective?
Has any breach of security occurred?
2. 845-HB-KT
If so, what actions are required to prevent future breaches?
There are two type of IS Audiying
Internal auditing
External auditing
6) Define Pilot conversion.
pilot conversion
It is Implementation process that introduces the new system in one part of the organization like
department or in one functional area on a trial basis; when new system is working properly, it is
introduced in other parts of the organization.
7) What is meant by Organizational strategic plan?
The organization’s strategic plan
The organization’s strategic plan states the firm’s overall mission, the goals that to be followed from that
mission, and the broad steps necessary to reach these goals.
It plays important role in the planning process for new IT applications
The strategic planning process modifies the organization’s objectives and resources to meet its
changing markets and opportunities.
8) Define IT Strategic Plan.
IT strategic plan
It is a set of long-range goals that describe the IT infrastructure and major IT initiatives needed to achieve
the goals of the organization.
The IT strategic plan must meet three objectives:
1. It must be aligned with the organization’s strategic plan.
2. It must provide for an IT architecture that enables users, applications, and databases to be
seamlessly networked and integrated.
3. It must efficiently allocate IS development resources among competing projects so the projects
can be completed on time and within budget and have the required functionality.
3. 845-HB-KT
Q9) Threats to Information Systems
Whitman and Mattord (2003) classified threats into five general categories to help us better understand
the complexity of the threat problem. Their categories are:
1. Unintentional acts
2. Natural disasters
3. Technical failures
4. Management failures
5. Deliberate acts
Unintentional Acts. Unintentional acts are those acts with no malicious intent.
There are three types of unintentional acts
human errors
deviations in the quality of service by service providers
environmental hazards
Out of these three types of acts, human errors represent by far the most serious threats to information
security.
Human errors or mistakes by employees pose a large problem as the result of laziness, carelessness, or a
lack of awareness concerning information security. This lack of awareness comes from poor education
and training efforts by the organization.
Human Mistakes Description and Examples
Tailgating A technique designed to allow the perpetrator to
enter restricted areas that are controlled with locks
or card entry. The perpetrator follows closely
behind a legitimate employee and, when the
employee gains entry, asks them to “hold the
door.”
Shoulder surfing The perpetrator watches the employee’s computer
screen over that person’s shoulder. This technique
is particularly successful in public areas such as
airports, commuter trains, and on airplanes.
Carelessness with laptops Losing laptops, misplacing laptops, leaving them in
taxis, and so on.
Carelessness with portable devices Losing or misplacing these devices, or using them
carelessly so that malware is introduced into an
organization’s network.
Opening questionable e-mails Opening e-mails from someone unknown, or
clicking on links embedded in e-mails
Careless Internet surfing Accessing questionable web sites; can result in
malware and/or alien software being introduced
into the organization’s network.
Poor password selection and use Choosing and using weak passwords
Carelessness with one’s office Unlocked desks and filing cabinets when
employees go home at night; not logging off the
company network when gone from the office for
any extended period of time.
Carelessness using unmanaged devices Unmanaged devices are those outside the control
of an organization’s IT department and company
security procedures. These devices include
computers belonging to customers and business
4. 845-HB-KT
partners, computers in the business centers of
hotels, and computers in Starbucks, Paneras, and
so on.
Carelessness with discarded equipment Discarding old computer hardware and devices
without completely wiping the memory; includes
computers, cellphones, Blackberries, and digital
copiers and printers.
The human errors that we have just discussed are unintentional on the part of the employee.
Employees can also make mistakes as a result of deliberate actions by an attacker. These actions are
classified into three categories
Social engineering
Reverse social engineering
social data mining (buddy mining) An attack that occurs when perpetrators seek to learn who
knows who in an organization, and how, in order to target specific individuals.
Deviations in the Quality of Service by Service Providers.
This category consists of situations in which a product or service is not delivered to the organization as
expected.
Ex:
Heavy equipment at a construction site cuts a fiber-optic line to your building or your Internet
service provider has availability problems.
Organizations may also experience service disruptions from various providers, such as
communications, electricity, telephone, water, wastewater, trash pickup, cable, and natural gas.
Environmental Hazards. Environmental hazards include dirt, dust, humidity, and static electricity. These
hazards are harmful to the safe operation of computing equipment.
Natural Disasters.
Natural disasters include floods, earthquakes, hurricanes, tornadoes, lightning, and in some cases, fires.
In many cases, these disasters “sometimes referred to as acts of God” can cause catastrophic losses of
systems and data. To avoid such losses, companies must engage in proper planning for backup and
recovery of information systems and data. Known as Disaster Recovery Plans which includes
Maintenance of HOT Sites , WARM Sites and COLD Sites
Technical Failures.
Technical failures include problems with hardware and software.
The most common hardware problem is a crash of a hard disk drive
The most common software problem is errors—called bugs—in computer programs. Software
bugs are so common that entire web sites are dedicated to documenting them. Ex: www.bug-
track.com and www.bugaware.com.
Management Failures. Management failures involve a lack of funding for information security efforts and
a lack of interest in those efforts. Such lack of leadership will cause the information security of the
organization to suffer.
5. 845-HB-KT
Q10 ) Explain any three ethical issues related to e-commerce.
Page no : 223
Ethical Issues
Most of the ethical and global issues related to IT also apply to e-business. Here we consider two basic
issues
Privacy
Job loss.
By making it easier to store and transfer personal information, e-business presents some threats to
privacy. To begin with, most electronic payment systems know who the buyers are. It may be necessary,
then, to protect the buyers’ identities. Businesses frequently use encryption to provide this protection.
Another major privacy issue is tracking. For example, individuals’ activities on the Internet can be tracked
by cookies. Cookies store your tracking history on your personal computer’s hard drive, and any time you
revisit a certain Web site, the computer knows it In response, some users install programs to exercise
some control over cookies and thus restore their online privacy.
In addition to compromising employees’ privacy, the use of EC may eliminate the need for some of a
company’s employees, as well as brokers and agents. The manner in which these unneeded workers,
especially employees, are treated can raise ethical issues:
How should the company handle the layoffs?
Should companies be required to retrain employees for new positions? If not, how should the
company compensate or otherwise assist the displaced workers?