BUSI 1401 MIDTERM NOTES
Chapter 1: Intro to Info Systems
What is an Information System?
-
-
-
-
An information system that collects, stores, processes, analyzes and disseminates information
for a specific purpose. It is part of the tools, people, and processes used by management to
ensure an organization is reach its goals and realizing its strategy.
Purpose: To provide accurate, timely, and useful information to decision makers
An information system consists of 5 components
o Hardware
o Software
o Data
o People
o Procedures
Each element must be present, and all the elements must work together
A computer based information system is formed by bringing together the components listed
above
Information systems = Technology + People + Procedures
o Technology = Hardware, data, and software
You can buy information technology (IT), but you can’t buy Information Systems (IS)
- Using IS effectively requires an understanding of the
organization, management, and underlying technologies
that shape systems
- IS creates value for the firm by providing data-driven
solutions to challenges posed by the environment
Data: A discrete value describing a quantity, quality, or a
fact
- Today’s weather (Sunny, 19 degrees)
- Test Grade (B+, 93.4%)
- An individual sales transaction
Data is generated and collected by organizations to record events (e.g. a sales transaction) and
analyze them at a later date
Information: Data that has been organized, structured, or
given context
-
Weather on a holiday (event + temperature + rain
conditions)
GPA is Data, add student’s name = Information
Sales for the month
-
We transform data into information so that we can find trends, patterns, or useful highlights
Knowledge: Data and/or information that has been organized and processed to convey understanding,
experience, accumulated learning and expertise as they apply to the current business problem
-
Company recruiting at a school has found that over time, those with 3.0+ GPA’s have
experienced great success, based on this knowledge, they may decide to only interview students
with 3.0+ GPA’s
Systems Theory – A (generic) system that has three primary components
-
Input: Captures raw data from organization or external environment
Processing: Converts raw data into meaningful form
Output: Transfers processed information to people or activities that use it
Good systems also incorporate one other step: Feedback
-
Information returned to decision makers and managers to help influence inputs and processes
All systems exist within an environment that places constraints or requirements on the system
The environment in terms of Information Systems is something that impacts the business such as
societal pressures, legislature, culture, etc.
-
Government Regulations (GDPR)
Competitive pressures (Technological innovations like Uber and Netflix)
Organizational Capabilities (Financial resources, trained HR)
Types of Systems:
Business Analytics or Business Intelligence Systems – Systems that provide computer-based support for
complex, non-routine decisions, primarily for middle managers and knowledge workers
Computer-based Information System – An information system that uses computer technology to
perform some or all of its intended tasks.
Dashboards – Presents structured and summarized information to executives
-
Sales pipelines, revenues Vs. Expenses
Decision Support System – Provides decision makers access to data and analysis tools
-
“What if” analysis of changes in budget
E-Commerce Systems – A type or inter-organizational information system that enables organizations to
conduct transactions, called business-to-business (B2B) electronic commerce, and customers to conduct
transactions with businesses, called Business-to-consumer (B2C) electronic commerce
-
Amazon, Shopify
Enterprise Resource Planning (ERP) Systems – Information systems that correct a lack of
communication among the functional area IS’s by tightly integrating the functional area IS’s via a
common database. Integrates all functional areas of an organization
-
Oracle, SAP, Netsuite, Business Central, Odoo
Expert Systems (ESs) – An attempt to duplicate the work of human experts by applying reasoning
capabilities, knowledge, and expertise within a specific domain
-
Credit Card Approval analysis, Navigation services
Functional Area/Departmental Information Systems (FAISs) – ISs that support a particular functional
area within the organization
-
Payroll Processing, Bookkeeping, integrated development environments (IDE)
Inter-organizational Information Systems (IOSs) – Information systems that connect two or more
organizations
Office Automation System – Supports daily work activities of individuals or groups
-
Microsoft office, MS teams, Zoom, Dropbox, Slack]
Supply Chain Management – manages flows of products, services, and information among organizations
-
Walmart Retail Link
Chapter 2: Business Process and Strategy
Porter’s Five Forces Model
The “Five Forces” are used to assess the profitability of an entire industry:
1. Bargaining Power of Customers (Can customers easily
go elsewhere?)
- Buyer has many options = High Buyer Power (vice versa)
- Loyalty Programs reduce buyer power
2. Threat of Substitutions (Is your product unique?)
- Many alternatives = threat of substitute is high
3. Bargaining Power of Suppliers (Do you have few or
many supplier options?)
4. Threat of new entrants (Can competitors easily enter
your markets?)
5. Rivalry among existing firms (Are there many or large
competitors?)
The intensity of each of the five forces determines the characteristics of the industry and how profitable
the industry is now and in the future. To address these forces, the organizations can develop specialized
competitive strategies.
Porter’s Generic Strategies
Porter’s model of four competitive
strategies are:
1. Cost Leadership across industry
2. Differentiation across industry
3. Cost Leadership focused on particular
industry segment
4. Differentiation focused on particular
industry segment
To be effective, the organization’s goals,
objectives, culture, and activities must be
consistent with the organization’s strategy
Porter’s Value Chain Model
-
-
Organizations use Porter’s competitive forces model to design general strategies. To identify
specific activities in which they can use competitive strategies for greatest impact, they use his
value chain model
Value Chain is a sequence of activities through which the organization’s inputs, whatever they
are, are transformed into more valuable outputs, whatever they are.
The value chain model identifies points for which an organization can use information
technology to achieve a competitive advantage
According to the chain model, the activities conducted in any organization can be divided into
two categories: Primary and Support Activities.
Primary Activities relate to the production and distribution of the firm’s products and services.
These activities create value for which customers are willing to pay
Support Activities do not add value directly to the firm’s products or services. Rather, as their
name suggests, they contribute to the firm’s competitive advantage by supporting the primary
activities.
Primary activities:
Inbound Logistics (Inputs) – Purchased inputs such as raw materials are often taken care of. Because of
this function, it is also in contact with external companies such as suppliers. The activities associated
with inbound logistics are receiving, storing and disseminating inputs to the product. This activity also
deals with quality control and receiving things such as raw materials from suppliers
-
Material handling, warehousing, inventory control, vehicle scheduling, and returns to suppliers
Operations (Manufacturing and testing) – This activity converts the items received in inbound logistics
into the desired product. This phase is typically where the conveyor belt in a factory would be used. The
activities associated with operations are therefore transforming inputs into the final product form
-
Machine, packaging, assembly equipment maintenance, testing, printing and facility operations
Outbound Logistics (Storage and Distribution/Output) – After the final product is finished, it still needs
to go to someone (the customer/consumer). Products can be shipped right away or it may need to be
stored for a while. This activity includes collecting, storing, and physically distributing the product to
buyers
-
Finished goods warehousing, material handling, delivery vehicle operations, order processing
and scheduling
Marketing and Sales – This activity is used to help the product be in the minds of consumers and
potential buyers. Just because the item is produced, it does not mean there are people willing to
purchase them. The activities associated with marketing and sales are therefore to provide a means by
which buyers can purchase a product and how to entice them to do so
-
Advertising, promotion, sales force, quoting, channel selection, relations, and pricing
Service – Customers need an after-sales service where they can voice their complaints if there is
something wrong with their product. This is important as it helps the brand’s reputation if they are able
to do right by the customer while also giving the company feedback on their product and if it’s
something they should take a look at. The activities associated with this part of the value chain is to
provide service to enhance or maintain the value of the product after it has been sold or delivered
-
Installation, repair, training, parts and supply product adjustment, warranty, customer service,
customer relationship management systems
Support Activities:
Procurement – This refers to the function of purchasing inputs used in the firm’s value chain, not the
purchased inputs themselves. These purchased inputs are needed for every value activity, including
support activities. Purchased Inputs include raw materials, supplies and other consumable items as well
as assets such as machinery, laboratory equipment, office equipment and buildings. This support activity
is therefore needed to assist multiple value chain activities, not just inbound logistics.
-
E-commerce web portal for suppliers
Technology Development (R&D) - Every value activity uses and needs technology. Technology
development activities can be grouped into efforts to improve the product and the process. Research
and development can also be classified here
-
Telecommunication technology, accounting automation software, product design research and
customer servicing procedures
Human Resource Management – HRM consists of activities involved in recruiting, hiring (and firing),
training, development and compensation of all types of personnel. HRM affects the competitive
advantage in any firm through its role in determining the skills and motivation of employees and the
cost of hiring and training them. Some companies (especially in the tech and advisory service industry)
rely so much on talented employees, that they devout an entire talent management department within
HRM to recruit and train the best of the best university graduates
-
Workforce planning systems; employee benefits intranet
Firm Infrastructure – This consists of activities including general (strategic) management, planning,
finance, accounting, legal, government affairs and quality management. This usually supports the entire
value chain, and not individual activities
-
Electronic scheduling and message systems, collaborative workflow intranet
Business Processes – An ongoing collection of related activities that create a product or service of value
to the organization and customers
-
Course registration
Taking a customer order at a restaurant
Hiring a new employee
At a basic level, all systems have four parts and exist within an environment
Input  Process  Output  Feedback  Input; And the cycle continues
Inputs – Materials, services, and information that flow through and are transformed as a result of
process activities
Resources/Process – people and equipment that perform process activities
Outputs – The product or a service created by the process
The process is the business and the functions within a business, such as:
-
Accounting
HR
Sales
Logistics
Marketing
Manufacturing
Etc.
These business functions can be broken down further. For example, for accounting, it would look like:
-
Bookkeeping
Financial reporting
Financial planning
Payroll
Accounts Payable
Etc.
Functional Processes – Within these functions, there are processes unique only to that function
Financial statement process:
1.
2.
3.
4.
5.
6.
7.
Record transactions
Prepare trial balance
Prepare income statement
Prepare balance sheet
Prepare statement of equity
Prepare notes to statements
Review with management
Cross-Functional Process – Business functions work together to meet the overall objectives of the
organization. No single functional area is responsible for their execution. Rather, multiple functional
areas collaborate to perform the process.
1.
2.
3.
4.
The sales process
Sales contacts customer
Customer places order
Operations provides good or service
Finance requests and receives payment
Process Monitoring
-
Organizations only do as well as their individual processes
If there is a process that is not performing well, it can stall other processes, confuse
management, and upset customers
We can build-in measures into our process to help identify issues and quickly address them
o How many customers respond to a sales rep phone calls?
o How many customers contacted request good or service? How many say no
o How long does it take to fulfill a customer’s order?
o How long does it take Finance to 1) be notified of sale 2) prepare invoice 3) send it to
customer?
o How long does it take the customer to pay? Are they paying the full amount?
Improving Processes – Business Process Improvement (BPI) focuses on reducing variation in the process
outputs (ex. Finished product) by searching for root causes of the variation in the process itself (ex. A
broken machine on an assembly line) or among the process inputs (ex. A decline in the quality of raw
materials purchased from a supplier)
A successful BPI project generally follows five basic phases:
Define – BPI team documents the existing “as is” process activities, process resources, and process
inputs and outputs, usually as a graphical process map or diagram. The team also documents the
customer and the customer’s requirements for the process output, together with a description of the
problem that needs to be addressed
Measure – The BPI team identifies relevant process metrics, such as time and cost to generate one
output (product or service), and collects data to understand how the metrics evolve over time.
Analysis – the BPI team examines the “as is” process map and collected data to identify problems with
the process (ex. Decreasing efficiency or effectiveness) and their root causes. If possible, also benchmark
the process; that is, compare its performance with that of similar processes in other companies, or other
areas of the organization. The team can employ IT applications such as statistical analysis software or
simulation packages in this phase.
Improve – the BPI team identifies possible solutions for addressing the root causes, maps the resulting
“to be” process alternatives, and selects and implements the most appropriate solution. Common ways
to improve processes are eliminating process activities that do not add value to the output and
rearranging activities in a way that reduces delays or improves resource use. The organization must be
careful, however, not to eliminate internal process controls—those activities that safeguard company
resources, guarantee the accuracy of its financial reporting, and ensure adherence to rules and
regulations.
Control phase, the team establishes process metrics and monitors the improved process
after the solution has been implemented to ensure the process performance remains
stable. An IS system can be very useful for this purpose.
Business Process Reengineering
-
Radical change to business processes (Clean slate)
Top-down changes dictated by management
Costly, risky, and general overwhelming
Business Process Improvement
-
Incremental change to business processes (gap analysis)
Bottom-up changes suggested by employees
Change fatigue and change management issues
Business Pressures – The business environment is the combination of social, legal, economic, physical
and political factors in which businesses conduct their operations. Significant changes in any of these
factors are likely to create business pressures on the organization. Organizations typically respond to
these pressures with activities supported by IT
The three major types of market pressures are: Market, Technological and Societal
Market – Generated by the global economy, intense competition, the changing nature of the workforce,
and powerful customers.
-
-
-
Globalization: Integration and independence of economic, social, cultural, and ecological facets
of life made possible by rapid advances in IT. People all over the world can connect with each
other and do business, this increases competition for firms
Changing of the workforce: Workforces, mostly in developed countries are more diversified.
Many types of people are working and IT is easing the integration of these employees into the
traditional workforce, as well as allowing people to work from home.
Powerful customers: Customers have a higher buyer power now due to the globalization of the
market. Buying things have never been easier due to the internet. They have become more
knowledgeable about products and services. Organizations recognize the importance of
customers and have increased their efforts to acquire and retain them. This is used through
Customer Relationship Management (CRM)
Technological Pressures – Pressures consists of those pressures related to technology
-
-
Technological innovation and obsolescence: New and improved technology rapidly create or
support substitutes for products, alternative service options, and superb quality. As a result,
today’s state-of-the-art products may become obsolete tomorrow. BYOD has been a huge
challenge for IT as it is hard for them to control devices that are not theirs. Although, it has
increased productivity and worker satisfaction.
o Ex. Apple products always coming out and planned obsolesces
Informational Overload: The amount of information on the internet that is available to us
double approximately every year, with much of it being free. Brings a flood of information to
managers. They must make decisions effectively and efficiently as they must access, navigate,
and use these vast stores of data, information, and knowledge.
Social/Political/Legal pressures – Social responsibility, government regulation/deregulation, spending
for social programs, spending to protect against terrorism, ethics, and health issues
-
-
Social Responsibility: Social issues that affect businesses and individuals range from state of the
physical environment, to company and individual philosophy, to education. Corporations are
willing to spend time to address these social problems by using organizational/individual social
responsibility
o Ex. Environmental laws, carbon management
Compliance with government regulations: Businesses must comply with government
regulations and this could be a big hit for them depending on what the government decides to
do
o Ex. Car companies will need to slow down/stop the sale of gas transmission cars
-
-
Protection against terrorism: Computer systems can be used to create fraudulent transactions
to steal funds from a bank account, steal people’s identities
o Nigerian Prince scam
Ethical Issues: relates to the general standing of right or wrong. Information ethics specifically
relates to standards of right and wrong in information processing practices. This is important
because if handled poorly, it can ruin an organization’s image and destroy its employees’ morale
Organization Responses – Company’s respond to these various pressures by implementing IT in
different ways such as strategic systems, customer focus, made to order & mass customization, and ebusiness
-
-
-
-
Strategic systems: Provides organizations with advantages that enable them to increase their
market share and profits to better negotiate with suppliers and to prevent competitors from
entering the market.
o Some things are very important to some brands. If amazon’s website shut down, it
would impact them severely
Customer focus: Organizations attempt to provide superb customer service to retain/attract
customers as competition rises. This is again used with CRM.
o Amazon greets you by name every time you go on it.
Make to order and mass customization: Strategy that produces customized products and
services. Feels personal for the consumer while also allowing for customized goods to be
manufactured efficiently and at a reasonably low cost
o Part of the solution is to change from mass production to mass customization
o NikeID allows total customization of shoes
E-commerce: allows ease for customers to order stuff from the comfort of their homes and also
provides services, not just products.
Chapter 3: Data and Knowledge Management
Data to Wisdom framework
-
Data  Information  Knowledge  Wisdom
Data – Discrete value describing a quantity, quality, or fact
-
Weather, GPA, singular sales transaction
Generated and collected by organizations to record events to analyze them later
Information – Data that has been organized, structured, or given context
-
GPA + Student name, Weather on a holiday (temp + event + rain conditions), sales for the month
Transform data to information so we can find trends, patterns, or useful highlights
Knowledge – Information that has been analyzed to determine actionable insights
-
Sales go up before a holiday so the inventory should be ordered early, class averages are higher
for morning classes, so all classes should be scheduled in the morning
We analyze information to find trends, patterns, or useful highlights that can be acted on
Wisdom – Ability to act on knowledge in a way that combines judgement, experience, and morality
-
Gift cards at Christmas, early classes and student preferences
Wisdom is (currently) a human trait that looks to determine whether something that can be
done should be
Data Management – development, execution, and supervision of plans, policies, programs, and
practices that deliver, control, protect, and enhance the value of data and information assets
throughout their lifecycles
-
Enterprises are effective when high quality data is available when needed, data that is
incomplete or out of context cannot be trusted. This is why data management is important
The goal of data management is to provide the infrastructure and tools to transform raw data
into usable information of the highest quality
Data management is a structured approach for managing data effectively throughout its life cycle
The path of data:
Data Sources and Databases – In this part of the path of data, this is where we create or find the data
Data integration – The data that is created or found is integrated into the data warehouse. This is the
data warehouse. This is where all of the data is stored basically until it’s moved into Data Marts.
Data Storage – Data marts are used to efficiently store data in over time. These data marts each contain
information specific to an organization’s business unit (Marketing, Management, Finance, etc.).
Companies use a data mart to analyze department-specific information more efficiently
Data Analysis – To extract useful information from data and taking the decision based upon the data
analysis. Software’s such as OLAP is a helps you to analyze business data from different points of view.
Data mining is also used, a process that finds anomalies, patterns, and correlations within large sets of
data sets to predict outcomes. This information can help a business increase revenue, cut costs, improve
customer relationships, reduce risks, and more
Results – Based off of the data analysis, we have data visualization. From there, a company can use
decision support and knowledge and its management to help gain insight on the business analytics.
Solutions – From the results and knowledge from management, a firm can think up of a solution from
the data. This could be customer-relationship management, supply chains management, ecommerce,
strategy, etc.
Extra:
Metadata – This is where the data about the data is stored. This is within the data warehouse.
Master Data – a set of core data, such as customer, product, employee, vendor, geographic location,
and so on, that span the enterprise’s information systems. It’s a type of data without which any
transaction cannot be implemented and therefore it is mandatory for every organization.
It gives detailed information about the things that interact when a transaction occurs
Remains unchanged over a period of time, contains information that is always needed in the same way
Transaction Data – generated and captured by operational systems, describes the business’s activities
(transactions)
Master data are applied to multiple transactions, they are used to categorize, aggregate, and evaluate
transactional data
Master Data Example – When looking at a transaction, the master data would be product sold, vendor,
salesperson, store, part number, purchase price, and date.
Transaction Data – Respectively, the transaction data would be 42-inch television, Samsung, best buy,
bill Roberts, 1234, $2000, and April 20, 2020
Data Lifecycle – The idea that data goes through a lifecycle with distinct phases
Data Capture – Creating data values that do not yet
exist and have never existed within the enterprise.
Data can be acquired (government census, merge with
another business, buying a customer list), entered
(medical records, sales transactions) or captured (IoT).
Data validation is an important control in this phase to
ensure correct and complete data is captured
Data Maintenance – Involves the movement,
integration, cleansing, and enrichment of data among
various systems. Basically, this step is the preparation
of data for use in various parts of a business
Data Synthesis – Creating new data based on existing
data using inductive logic (Ex. If a customer has a good
credit score, they’ll most likely repay their loans). We apply algorithms and heuristics (simple,
predefined rules) to feed into decision support systems
Data Usage – In this stage, we apply data to decision-making problems and business problems (Ex.
Reviewing financial reports to identify cost overruns, segmenting customers to create new advertising
campaigns) Majority of our efforts should be to get data to this stage as this is where the information
systems create the most value
Data Publication – This (optional) stage involves sending data outside of the organization (ex. Sending
customers invoices, reporting to government (tax returns), data breaches). It is important to note that
data sent outside of the organization cannot easily be recalled or corrected
Data Archival – Storing data just in case it is ever needed again and removing active production systems.
Older data is relevant, thus less valuable; however, it may still serve a future purpose and should/must
be preserved (Ex. Multi-year sales trends, tax audits (CRA – 6-year rule), fraud investigations)
Data Purging: This final stage that data moves through before disappearing forever. Purging involves
deleting data from every system and destroying any backups or archives. When organization’s no longer
need or are required to keep data, it is safer and cheaper to destroy data than to try keeping it forever.
Quality of Data – Characteristics associated with high quality data and to the processes used to measure
or improve the quality of data
Dimensions of Data Quality:
1.
2.
3.
4.
Accuracy (does the data closely reflect reality?)
Completeness (does the data enough aspects of reality?)
Consistency (is the data the same in different systems and across different time periods?)
Uniqueness (are there duplicate records in the dataset?)
5. Timeliness (is data available in a timely fashion for use by decision makers?)
6. Validity (does the data conform to existing business rules and data formats?)
Most poor data quality stems from faulty data input (negligence, confusion, misunderstandings), to
prevent poor data quality, systems should be reviewed and changed to stop bad data before it is used to
make decisions.
1. Data quality audits – Structured review of data to determine accuracy and completeness:
a. Randomly review samples data files (do customer addresses match their invoice?)
b. Survey end users for perceptions of quality (do you have to make frequent corrections?)
2. Data cleansing – use software to automatically detect and correct data that is incorrect,
incomplete, improperly formatted, or redundant
Knowledge: Information that has been analyzed to determine actionable insights
Tacit (Tribal) Knowledge: Subjective or experiential learning
-
An organization’s experiences, insights, expertise, know-how, trade secrets, skill sets,
understanding, and learning
Imprecise and costly to transfer, highly personal, and difficult to formalize or codify
If you’re new to the company and are learning from someone who is teaching you by showing
you how to do everything, this is tribal knowledge. If they were to leave and none of the
information is codified, then you’d be done
Explicit Information: Knowledge that has been codified
-
Documented in a form that 1. Can be distributed to others, 2. Persist into the future, and 3.
Used in business process or turned into an organizational strategy
Chapter 4: Business Analytics
Business Analytics is the process of developing actionable decisions or recommendations for actions
based on insights generated from historical data. BA examines data with a variety of tools; formulates
descriptive, predictive, and prescriptive analytics models; and communicates these results to
organizational decision makers.
-
It’s the systematic use of data and related business insights developed through applied
analytical disciplines to drive fact-based decision making for planning, management,
measurement, and learning
Business analytics vs intelligence
-
BA: Collecting sales data, aggregating (grouping) sales by product and date (month) and showing
the top 5 products
-
BI: Using a point-of-sales system to capture sales, data warehouse to load and pre-process data,
and excel to aggregate/sort/filter products
Types of Business Problems
-
Managers oversee processes to ensure they operate efficiently and effectively
Managers have three broad roles:
1. Influence and guide employees (interpersonal)
2. Obtain and transfer information (Informational)
3. Analyze situations and take action (decisional)
IS assist with all three roles, business analytics is concerned with taking action
Problem Solving Framework
A problem is a carefully defined statement
that tells us where we are and where we
want to be
For a retail company, a problem could
be that sales are declining at a location and
they would like to increase their sales by 10%
instead
We design and consider several
alternative courses of action to bring us from
our current state (problem) to our future
-
(goal/solution) state
Once we brainstorm multiple options, we try to test/validate them to determine which one is
most likely to make a desired change
That is done by looking through historical/test data, judgement, and analytical/statistical models
Once you do trial and error, you perform the sensitivity analysis; a process that allows you to
understand the effect of fluctuations in selected variables on your business’ profitability
Once this is complete, you present the results and implement the solution to your problem
Types of Analytics:
-
-
Descriptive
o Reporting past events
o “What has happened?”
 OLAP/data mining is a big tool for descriptive analytics
 Fandango analysts investigated total sales for different genres of movies, they
calculated the average ticket sales for a week, most popular movies, busiest
hours of the day using a sample of moviegoers
Diagnostic
o Exploring past events
-
-
o “Why did this happen?”
Predictive
o Forecasting future trends
o “What will likely happen?”
 Data mining is a big tool for predictive analytics
 Using Fandango again, predictive analytic tools analyze terabytes of data to
determine if someone has not seen the latest movie of their favourite genre
that’s now out in theatres.
Prescriptive
o Improving decision-making
o “What should we do?”
 Fandango uses prescriptive analytics so it can change ticket price offerings every
hour. It changes it based off of the supply and demand of which time is more
popular (more popular time = more expensive)
Chapter 5: Telecommunications & Mobile Computing
Computer Network – A system that connects computers and other devices (ex. printers) through
communications media so that data and information can be transmitted among them.
Bandwidth – Transmission capacity of a network; it is stated in bits per second
Transmission Mediums - Wired
-
Phone Lines (RJ-11): Dial up/DSL internet, DSL is roughly 1-100 mbps, most common type of
residential network infrastructure
Coaxial Cable: Cable internet, roughly 10-1000 mbps, used for both television and internet
Fibre Optic: Fibre “Fibe” Internet, 1000 – 10000 mbps (referred to as gbps), backbone of public
and international communication networks
Transmission Mediums – Wireless
Satellite/Microwave: Cover long distances and have relatively high bandwidth (roughly 100 mbps),
require uninterrupted line-of-site between transmitter and receiver, satellite provides more coverage
than microwave due to distance from earth
Radio: (Wi-Fi, 5G) has much higher bandwidth (roughly 1-10 gbps), not as restricted by line-of-site
obstructions, but range is limited (ex. 5g = 1.6-5 KM)
Characteristics of Mobile Computing
1. Mobility
2. Broad reach (accessibility to others)
3. Ubiquity
4.
5.
6.
7.
Connectivity
Convenience
Customization
Localization
Mobile computing use cases
-
Mobile Finance (banking apps, digital wallets)
Location-based services (google maps, Uber)
Telemetry (IoT & Digital Twins, Healthcare)
Autonomous Vehicles (Tesla)
Chapter 6: Ethics and Privacy
Ethics – The principles of right and wrong that are used by individuals to guide behaviours
There are many frameworks to help us decide if a decision is ethical or not 
Ethical Frameworks – There are 4 common frameworks that are used for analyzing alternatives and
their outcomes
-
-
Consequentialist (Utilitarianism, Common Good): Aim to produce the most good
o Utilitarian approach states that an ethical action is the one that provides the most good
or does the least harm. The ethical corporation would be the one that produces the
greatest good and does the least harm for all affected parties – customers, employees,
shareholders, community and the physical environment.
o Common good approach highlights the interlocking relationships that underlie all
societies. This approach argues that respect and compassion for all others is the basis
for ethical actions. It emphasizes the common conditions that are important to the
welfare of everyone. This condition includes a system of laws, effective police and fire
departments, health care, public recreation centre, public education system
Non-consequential (Rights & duties, Fairness/justice, Deontology): Aim to perform the right of
action
o The rights approach maintains that an ethical action is the one that best protects and
respects the moral rights of the affected parties. Moral rights can include the rights to
make one’s own choices about what kind of life to lead, to be told the truth, to not to be
injured, and to enjoy a degree of privacy. An ethical organization action would be one
that protects and respects the moral rights of customers, employees, shareholders,
business partners, and even competitors
o The fairness approach posits that ethical actions treat all human beings equally, or, if
unequally, then fairly, based on some defensible standard. For example, most people
might believe it is fair to pay people higher salaries if they work harder or contribute a
greater amount to the firm. However, there is less certainty regarding CEO salaries that
are hundreds or thousands of times larger than those of other employees. Many people
question whether this huge disparity is based on a defensible standard or unfair due to a
result of an imbalance of power 
o
-
-
The deontology approach states that the morality of an action is based on whether that
action itself is right or wrong under a series of rules, rather than based on consequences
of that action. An example of deontology is the belief that killing someone is wrong,
even if it was in self-defence.
Agent-centered (virtues): Aim to develop one’s character
o Ethical actions ought to be consistent with certain ideal virtues that provide for the full
development of humanity. These virtues are dispositions and habits that enable us to
act according to the highest potential of our character and on behalf of the values like
truth and beauty. Honesty, courage, compassion, generosity, tolerance, love, fidelity,
integrity, fairness, self-control and prudence are all examples of virtues. Virtue ethics
asks of any action “What kind of person will I become if I do this?” or “Is this action
consistent with my acting at my best?” 
Legal:
o Legal standards are based on written law
CIA Triad:
Confidentiality – Only those who are authorized have access to specific
assets and that those who are unauthorized are actively prevented from
obtaining access :O
Integrity – Ensuring that data has not been tampered with and,
therefore, can be trusted. It is correct, authentic, and reliable
Accessibility – Networks, systems, and applications are up and running to
ensure that authorized users have timely, reliable access to resources
when they are needed
Threats to I.T. Security and C.I.A
Employees & Consultants
-
Programmers add backdoors or errors into applications
Administrators disable or by-pass security measures
Employees copy sensitive data or use weak passwords
Systems & Hardware
-
Security measures not working as expected
Located in unsure environments
Unauthorized access
Natural & Man-Made Disasters
-
Fires, floods, or storms destroy data and equipment
Equipment destroyed or stolen
External Actors.
-
Malware, denial of service attacks, unauthorized access
Social Engineering
Phishing
Ransomware
Risk Management Strategies:
-
-
-
Status Quo (Do nothing)
o Waiting to see what happens
Limit and Mitigate Risk
o Implement controls
o Maintain redundant (backup) systems
Transfer or Share Risk
o Pay for insurance to cover any financial losses
o Partner with other companies to provide security expertise or redundancy
 If something goes wrong, they will be at fault for not providing adequate
security
Risk avoidance
o Avoid using technology that creates risk in the first place
 Hardest to do in today’s society
Controls – Controls that we can implement in our systems and processes fall under four broad
categories
-
-
-
-
Physical Control: Anything that can protect assets from physical damage or unauthorized inperson access
o Guards, cameras, locks
o Environmental controls (fire suppression, air conditioning)
o Secure storage
Access Controls: Anything that can protect access from unauthorized access to digital assets
o Authentication – Something that prevents access to an entire system (biometrics,
cards/tokens/MFA/2FA, passwords/passphrases)
o Authorization – Something that prevents access to specific data to specific parts of a
system (user permissions, principle of least privilege)
Data Communication Controls: Software that protects or restricts the flow of data across
networks
o Firewalls
o Antivirus Applications
o Whitelisting and blacklisting (people, software, websites, web traffic)
o Encryption (TLS, Cryptocurrency, WhatsApp messages) and Virtual Private Networks
(VPN)
o Monitoring Systems (Screen capturing, web history reviews, mouse movements,
webcams, remote proctoring software)
Administrative Controls: Practices that influence the behaviour of employees or design of
systems
o
o
o
o
o
Governance frameworks (COSO, COBIT)
Policies & Procedures (Password length, complexity, and protect assets
 Code of ethics
User education (training, fake fake emails (phishing test), inspections)
Business continuity planning (Hot, warm, cold sites)
Information systems auditing