BUSI 1401
Foundations of Information Systems
Lecture 4
Ch04-Information Security
Arthur So, Ph.D.
ArthurSo@cunet.carleton.ca
.
Recap Ch03 1/2
Ethics
•
•
•
Definition
Addressing dilemma and controversy
Ethical Standards (5) for Corporations
•
Opt-in/out for Informed Consent
 Utilitarian approach – the morality of actions based on their
consequences or outcomes, overlooking minority rights
 Rights approach - human rights, social justice, and ethical
decision-making by the society
 Fairness approach - fairness of actions, policies, and institutions
(principles of justice and equality)
 Common good approach - public policy, governance, and social
justice and public safety (clean air)
 Deontology approach – the moral significance of duties,
principles, and rules or obligation
Recap Ch03 2/2
Privacy
•
•
•
•
•
•
Areas of Concern
Principles of Collection, Disclosure, and Usage
Acts – PIPEDA and PHIPA
Identifiable individual (PII) of personal data
Good Security  Good Privacy
How much electronic surveillance is too much?
Security
• Policy is typically a document that outlines specific requirements or rules that
must be met. Usually, issue-specific, covering a single area.
• Standard is typically a collection of system-specific or procedural-specific
requirements that must be met by everyone. Typically to be followed exactly
to ensure compliance.
• Guideline is typically a collection of system-specific or procedural-specific
suggestions for best practice. Not a requirement but strongly recommended.
• Procedure is the specific details of how the policy is to be implemented.
• Best Practice is the specific commercial or professional procedures to be
implemented and considered to be the most effective
Standards
Standardization Back Then:



Early American efforts generated standards for building and evaluating secure
systems and standards for cryptography
1974 - Standards for emanations (called TEMPEST)
1977 - DES was adopted as the US Gov standard for cryptography

In the early 1980’s the US DoD released the Trusted Computer System Evaluation
Criteria.
 This book had an orange cover and became known as the Orange Book.
 Based largely on the Multilevel Security model developed by Bell and
LaPadula
 Canadian Trusted Computer Product Evaluation Criteria, Version 3.0e;
January 1993

Canada, France, Germany, the United Kingdom and the United States agreed on a
Common Criteria for Trusted Computers in 1998
Standards
Standardization Today:
• The National Institute of Standards & Technology (NIST)

Health Insurance Portability & Accountability Act (HIPAA)
1996
HIPAA established a national standard for the security of electronic health information,
including the protection of individually identifiable health information, the rights granted to
individuals, breach notification requirements, and the role of the OCR (Office for Civil
Rights)
• General Data Protection Regulation (GDPR)
Mandatory privacy-based statutory regulations for enterprises processing or
controlling private personal data belonging to EU citizens
• ISO/IEC 27000 (27001 & 27002)
A growing family of ISO/IEC Information Security Management Systems
(ISMS) standards, called the 'ISO/IEC 27000 series’
Standards
• Payment Card Industry Data Security Standard (PCI-DSS)
This data security standard is mandatory for most enterprises collecting, processing and
storing payment card data in 2004 (American Express, Visa, and Mastercard)
• Internal Standards
Each enterprise has specific requirements to control risks and guard against liabilities
that are unique to their business or industry
Security
• CIA helps to define what you are trying to
protect using 3 elements
• Confidentiality
• Integrity
• Availability
Information Security
Security
• The traditional CIA Triad is expanded to
the 3 dimensions of Cybersecurity
Called the Cybersecurity Cube, or
cybersecurity sorcery cube
1st Dimension is the CIA Triad
2nd Dimension of the Cybersecurity Cube
focuses on the problem of protecting all the
states of data in the cyber world
(Transmission, Storage, and processing)
3rd Dimension defines the types of powers used to
protect the cyberworld and its denizens.
Technologies: devices/products used to protect Information Systems and fend off cybercriminals.
Policies and Practices: definitions, procedures, and guidelines that enable citizens of the cyber world
safe and follow good practices
People: Security Awareness training and making the citizens knowledgeable about their world and the
dangers that threaten their world.
Security
Security is considered to be a balancing act between:
Security Concerns
Functionality
Ease of Use
Security
Functionality
Ease of Use
Security
Security
Course of Actions
• Prevention
• Detection
• Response
• Recovery
Secure Communication
• German encryption and decryption machine used in
WWII
• Essentially a complex, automated substitution cipher
Secure Communication
• Cryptography: The science or study of the techniques of
secret writing, especially code and cipher systems,
methods, and the like; anything is written in a secret code,
cipher, or the like.
• Cryptoanalysis: A study of mathematical techniques for
attempting to defeat cryptographic techniques and
information security services.
• Encryption: means converting plaintext to a nonreadable form called ciphertext
• Decryption: means converting ciphertext back into
plaintext, like “jgnnq” to “hello”
• Key: means the secret information that shows how the
text is encrypted
Secure Communication
Classical Cipher
• A substation/Shift cipher – off setting the
order of the 26 alphabets, e.g. Caesar Cipher
• A transposition cipher – changes one
character from the plaintext to another by
randomly mix up alphabet
Secure Communication
Simple Substitution
• Straight exchange of one character/byte for another using a
predetermined mapping
• E.g.: A B C D E… becomes W K M P D … thus CAB becomes MWK
• Mapping function is the crypto key
• Unique one-to-one character/byte substitution map
• Easy to break by looking for known patterns
Rotation Substitution
• Shifts every character a determined amount of spaces
• E.g. Caesar Cipher uses ROT-3, while Usenet uses ROT-13
• Using ROT-3, CAB becomes FDE
• Also unique one-to-one character/byte substitution
• Also very easy to break, using knowledge of letter patterns in languages
Secure Communication
Digital Substitution


Based on algebraic “Truth Tables”, developed by George Boole (1800’s)
Encryption using Boolean Exclusive OR (XOR) function


Encryption: Key XOR PlainText -> Ciphertext
Decryption: Key XOR Ciphertext -> PlainText
Considered a symmetric encryption mechanism because same key used in
both the encryption and decryption process

Example:
Encryption
Decryption


21 bit key
1010011 1010010 1001110
21 bit key
1010011 1010010 1001110
+
Plaintext message in ASCII
C = 1000011
A = 1000001
T = 1010100
Ciphertext
0010000 0010011 0011010
Key
Key
Cipher
Msg
XOR Msg
Cipher
1010011 1010010 1001110
1000011 1000001 1010100
0010000 0010011 0011010
1010011 1010010 1001110
0010000 0010011 0011010
1000011 1000001 1010100
XOR:
- result is zero if compared bits
are the same
- result is one (1) is compared
bits are different
Secure Communication
Two important ciphers in the history of modern
cryptography:
• DES (Data Encryption Standard)
• 1970, 56 bits key length
• AES (Advanced Encryption Standard)
• 2001, supports key lengths of 128, 192, or
256 bits
Secure Communication
Symmetric Key
• Cryptographic key generated by algorithms
and use both for encryption of plaintext and
decryption of ciphertext
Secure Communication
Asymmetric Key
Uses public and private keys to encrypt and decrypt
data
Secure Communication
Hash Function
No cipher key required – one-way encryption
• Fixed-length hash value is generated based on the plaintext
• Plaintext -> hash function -> ciphertext
• Plaintext, and length of plaintext, is not recoverable from ciphertext
• Hash cannot be deciphered back to plaintext, one-way hash
• Primary use is for message integrity
• Hash value provides a digital fingerprint of content, ensuring against
alteration
• Effective because of the low probability that 2 different plaintext messages
will generate the same hash value
• Also called message-digest or one-way encryption
• Examples: HMAC, MD2, MD4, MD5, RIPEMD-160, SHA-1
Introduction to Information Systems
Rainer, Prince, Sanchez-Rodriguez,
Splettstoesser Hogeterp, Ebrahimi
Canadian Fifth Edition
Chapter 4
Information Security
Copyright ©2021 John Wiley & Sons Canada, Ltd.
Learning Objectives (1 of 2)
•
•
•
•
Identify the five factors that contribute to the increasing
vulnerability of information resources and provide a specific
example of each factor
Compare and contrast human mistakes and social engineering
and provide a specific example of each one
Discuss the 10 types of deliberate attacks
Define the three risk mitigation strategies, and provide an
example of each one in the context of owning a home
Copyright ©2021 John Wiley & Sons Canada, Ltd.
23
Learning Objectives (2 of 2)
•
•
Identify the three major types of controls that organizations can
use to protect their information resources and provide an
example of each one
Explain why it is critical that you protect your information
assets and identify actions that you could take to do so
Copyright ©2021 John Wiley & Sons Canada, Ltd.
24
Chapter Outline
1. Introduction to Information Security
2. Unintentional Threats to Information Systems
3. Deliberate Threats to Information Systems
4. What Organizations Are Doing to Protect Information
Resources
5. Information Security Controls
6. Personal Information Asset Protection
Copyright ©2021 John Wiley & Sons Canada, Ltd.
25
Opening Case: The Equifax Breaches
Think about:
• The importance of immediate response to software updates.
Is your computer on “automatic update”?
• How could your credit rating be affected by identity theft?
Copyright ©2021 John Wiley & Sons Canada, Ltd.
26
4.1 Introduction to Information Security
•
•
•
•
•
Security
Information security
Threat
Exposure
Vulnerability
Copyright ©2021 John Wiley & Sons Canada, Ltd.
27
Introduction to Information Security
•
Five factors contributing to vulnerability of organizational
information resources:
o
o
o
o
o
Today’s interconnected, interdependent, wirelessly
networked business environment
Smaller, faster, cheaper computers and storage devices
Decreasing skills necessary to be a computer hacker
International organized crime taking over cybercrime
Lack of management support
Copyright ©2021 John Wiley & Sons Canada, Ltd.
28
4.2 Unintentional Threats to Information
Systems
•
•
Human Errors
Social Engineering
Copyright ©2021 John Wiley & Sons Canada, Ltd.
29
FIGURE 4.1 Security threats
FIGURE 4.1 Security threats.
Copyright ©2021 John Wiley & Sons Canada, Ltd.
30
Human Errors: Risk Areas
•
•
Higher level employees + greater access privileges =
greater threat
Two areas pose significant threats:
o
o
•
Human resources
Information systems
Other areas of threats:
o
Contract labour, consultants, janitors, and guards
Copyright ©2021 John Wiley & Sons Canada, Ltd.
31
TABLE 4.1 Human Mistakes (1 of 2)
•
•
•
•
Carelessness with computing devices (e.g., laptops, tablets,
smartphones)
Opening questionable emails
Careless Internet surfing
Poor password selection and use
Copyright ©2021 John Wiley & Sons Canada, Ltd.
32
TABLE 4.1 Human Mistakes (2 of 2)
•
•
•
•
Carelessness with one’s office
Carelessness using unmanaged devices
Carelessness with discarded equipment
Careless monitoring of environmental hazards
Copyright ©2021 John Wiley & Sons Canada, Ltd.
33
Social Engineering
•
Social engineering:
o
•
An attack in which the perpetrator uses social skills to trick
or manipulate legitimate employees into providing
confidential company information such as passwords
Example:
o
Kevin Mitnick, famous hacker and former FBI’s most
wanted
Copyright ©2021 John Wiley & Sons Canada, Ltd.
34
4.3 Deliberate Threats to Information
Systems (1 of 2)
•
•
•
•
•
•
Espionage or trespass
Information extortion
Sabotage or vandalism
Theft of equipment or information
Identity theft
Compromises to intellectual property
Copyright ©2021 John Wiley & Sons Canada, Ltd.
35
4.3 Deliberate Threats to Information
Systems (2 of 2)
•
•
•
•
Software attacks
Alien software
Supervisory control and data acquisition (SCADA) attacks
Cyberterrorism and cyberwarfare
Copyright ©2021 John Wiley & Sons Canada, Ltd.
36
TABLE 4.2 Types of Software Attacks
(1 of 3)
•
Remote attacks requiring user action:
o
o
o
o
Virus
Worm
Phishing attack
Spear phishing
Copyright ©2021 John Wiley & Sons Canada, Ltd.
37
TABLE 4.2 Types of Software Attacks
(2 of 3)
•
Remote attacks needing no user action:
o
o
Denial-of-service attack
Distributed denial-of-service attack
Copyright ©2021 John Wiley & Sons Canada, Ltd.
38
TABLE 4.2 Types of Software Attacks
(3 of 3)
•
Attacks by a programmer developing a system:
o
o
o
Trojan horse
Back door
Logic bomb
Copyright ©2021 John Wiley & Sons Canada, Ltd.
39
IT’s About Business 4.1:
Whaling Attacks
Consider:
• How personal data can be used both for identity theft and
for whaling attacks
• That password theft via whaling can provide an
unauthorized gateway to corporate data
Copyright ©2021 John Wiley & Sons Canada, Ltd.
40
IT’s About Business 4.2:
An Attack on the Internet
Consider:
• That many computers could be part of a botnet
• How high-capacity servers help prevent successful
execution of DDoS attacks
Copyright ©2021 John Wiley & Sons Canada, Ltd.
41
Alien Software (Pestware)
•
•
Adware
Spyware
o
•
•
Keyloggers, screen scrapers
Spamware
Cookies
o
Tracking cookies
Copyright ©2021 John Wiley & Sons Canada, Ltd.
42
4.4 What Organizations Are Doing to
Protect Information Resources
•
•
•
•
Risk: the probability that a threat will impact an
information resource
Risk management
Risk analysis
Risk mitigation
Copyright ©2021 John Wiley & Sons Canada, Ltd.
43
Risk Mitigation
•
•
•
Risk acceptance
Risk limitation
Risk transference
Copyright ©2021 John Wiley & Sons Canada, Ltd.
44
IT’s About Business 4.3:
The Data Breach at Desjardins Group
Consider:
• What are the resources required to carefully investigate
a data breach?
• The seriousness of the consequences for individuals
who leak or sell confidential data
Copyright ©2021 John Wiley & Sons Canada, Ltd.
45
4.5 Information Security Controls
•
•
•
•
•
•
Categories of Controls
Physical Controls
Access Controls
Communication Controls
Business Continuity Planning
Information Systems Auditing
Copyright ©2021 John Wiley & Sons Canada, Ltd.
46
Categories of Controls
•
•
Security is only one aspect of operational control (which is
part of general controls)
Controls come in “layers”
o
o
o
Control environment
General controls
Application control
Copyright ©2021 John Wiley & Sons Canada, Ltd.
47
Control Environment
•
Encompasses management attitudes toward controls, as
evidenced by management actions, as well as by stated
policies that address:
o
o
Ethical issues
Quality of supervision
Copyright ©2021 John Wiley & Sons Canada, Ltd.
48
FIGURE 4.2 Where defence mechanisms
(general controls) are located
FIGURE 4.2 Where defence mechanisms are located.
Copyright ©2021 John Wiley & Sons Canada, Ltd.
49
Physical Controls
•
•
Prevent unauthorized individuals from gaining access to a
company’s facilities
Examples:
o
o
o
Walls, doors, fencing, gates, locks
Badges, guards, alarm systems
Pressure sensors, temperature sensors, motion sensors
Copyright ©2021 John Wiley & Sons Canada, Ltd.
50
Access Controls
•
Logical controls (implemented by software) help to provide
controls such as:
o Authentication
o Authorization
Copyright ©2021 John Wiley & Sons Canada, Ltd.
51
Access and Communications Controls
Help to Prevent Identity Theft
•
•
•
•
Using confidential information such as passwords, drivers
licences, or medical records to assume someone else’s
identity
The thief applies for credit cards, mortgages, or passports
Example controls include: physical security, access
security, and encryption
The Office of the Privacy Commissioner of Canada tells
businesses how to reduce the risk of identity theft and how
to respond (priv.gc.ca/en)
Copyright ©2021 John Wiley & Sons Canada, Ltd.
52
Password Controls Need to be
Supported at All 3 Control Levels
1. Control environment: Policies that enforce the proper
management of user codes and passwords
2. General control: A security system that requires a user
ID and password to “log on”
3. Functional application control: Separate passwords for
sensitive functions, e.g., employee raises or write-off
of customer accounts
Copyright ©2021 John Wiley & Sons Canada, Ltd.
53
Security
Fast Identification Online (FIDO)
•
•
The FIDO Alliance was founded by PayPal, Lenovo, Nok Nok Labs, Validity Sensors, Infineon, and
Agnitio in 2012 for a passwordless authentication protocol.
In 2014, FIDO authentication enabled Samsung Galaxy S5 users to login and shop with the swipe
of a finger in online, mobile, and in-store payments via PayPal. There are two standards in the
Alliance:
•
•
•
•
•
•
Universal Authentication Framework - FIDO UAF.
Universal 2nd Factor - FIDO U2F.
In 2015, the Alliance introduced the government membership program for the United
States, United Kingdom, Germany, and Australia.
In 2019, WebAuthn is part of the FIDO Alliance’s FIDO2 specifications, which is a Client
to Authenticator Protocol (CTAP FIDO2) that works with browsers (Chrome, Firefox,
Edge, Safari, Windows 10) with a security key or a mobile phone.
In 2020, Apple and Android join FIDO
In 2021, The German Federal Office for Information Security achieved the Certified
Authenticator Level 3+ certification
Ref: https://fidoalliance.org/overview/ and https://www.zippia.com/fido-solutions-careers-1543569/history/
Copyright ©2021 John Wiley & Sons Canada, Ltd.
54
Security
Ref: https://fidoalliance.org/overview/history/
Copyright ©2021 John Wiley & Sons Canada, Ltd.
55
HOW FIDO AUTHN WORKS
The user authenticates
“locally” to their device
by various means
The device authenticates
the user online using
public key cryptography
LOCAL
ONLINE
AUTHENTICATOR
Source: Brett McDowell, Executive Director, FIDO Alliance
Copyright ©2021 John Wiley & Sons Canada, Ltd.
56
Passwordless Experience (UAF Standards)
2
3
Biometric Verification*
Authenticated
Online
1
?
Authentication Challenge
Second Factor Experience (U2F Standards)
1
2
3
Second Factor Challenge
Insert Dongle* / Press Button
Authenticated
Online
*There are other types of authenticators
Source: Brett McDowell, Executive Director, FIDO Alliance
Copyright ©2021 John Wiley & Sons Canada, Ltd.
57
FIDO TIMELINE
Alliance
Announced
FEB
2013
6 Members
FIDO Ready
Program
DEC
2013
First
Specification Deployments
Review Draft
FEB
2014
FEB-OCT
2014
FIDO 1.0
FINAL
DEC 9
2014
Certification
Program
MAY
2015
Copyright ©2021 John Wiley & Sons Canada, Ltd.
Broad
New U2F Adoption
Transports
JUNE
2015
TODAY
>220
Members
58
Authentication
•
•
•
•
Something the user is - biometrics
Something the user has – tokens & FOBs
Something the user does – gestures & touches
Something the user knows – passwords & pins
o
Passwords
Copyright ©2021 John Wiley & Sons Canada, Ltd.
59
Communication Controls
•
•
•
•
•
•
•
Firewalls
Anti-malware systems
Whitelisting and blacklisting
Encryption
Virtual private networking
Transport layer security (TLS)
Employee monitoring systems
Copyright ©2021 John Wiley & Sons Canada, Ltd.
60
FIGURE 4.3a Basic firewall for home computer
FIGURE 4.3b Organization with two firewalls and
demilitarized zone
FIGURE 4.3 (a) Basic firewall for a home computer. (b) Organization
with two firewalls and a demilitarized zone.
Copyright ©2021 John Wiley & Sons Canada, Ltd.
61
FIGURE 4.4 How public key encryption
works
FIGURE 4.4 How public-key encryption works.
Copyright ©2021 John Wiley & Sons Canada, Ltd.
62
FIGURE 4.5 How digital certificates work
FIGURE 4.5 How digital certificates work. Sony and Dell, business
partners, use a digital certificate from VeriSign for authentication.
Copyright ©2021 John Wiley & Sons Canada, Ltd.
63
FIGURE 4.6 Virtual private network
(VPN) and tunneling
FIGURE 4.6 Virtual private network and tunnelling.
Copyright ©2021 John Wiley & Sons Canada, Ltd.
64
Application Controls
•
•
•
Controls that apply to individual applications (functional
areas), e.g., payroll
The text describes three categories: input, processing,
output
It is more common to consider the purpose of application
controls for input, processing, and output using: accuracy,
completeness, authorization, and an audit trail
(documentation)
Copyright ©2021 John Wiley & Sons Canada, Ltd.
65
Application Controls Examples
•
•
•
Input: Edits that check for reasonable data ranges
(accuracy)
Processing: Automatically check that each line of an
invoice adds to the total (accuracy for total and
completeness of line items)
Output: Supervisor reviews payroll journal for unusual
amounts (exceptions) before cheques are printed
(authorization)
Copyright ©2021 John Wiley & Sons Canada, Ltd.
66
Business Continuity Planning (BCP) (1 of 2)
•
Disaster recovery plan
o
o
o
Hot site
Warm site
Cold site
Copyright ©2021 John Wiley & Sons Canada, Ltd.
67
Business Continuity Planning (BCP) (2 of 2)
• BCP’s purpose:
Provide continuous availability
o Be able to recover in the event of a hardware or software
failure or attack (e.g., due to ransomware)
o Ensure that critical systems are available and operating
o
Copyright ©2021 John Wiley & Sons Canada, Ltd.
68
Information Systems Auditing
•
•
Types of auditors and audits
How does the IS auditor decide on audits?
Copyright ©2021 John Wiley & Sons Canada, Ltd.
69
4.6 Personal Information Asset
Protection
•
Before deciding upon potential actions you need to take:
o Do an inventory of information you are using, storing, or
accessing
o Relate your inventory to a personal risk assessment
•
Use Table 4.4 to help enable changes to your methods of
protecting your personal information assets
Copyright ©2021 John Wiley & Sons Canada, Ltd.
70
Closing Case: WannaCry, Petya, and
SamSam Ransomware
Think about:
• Where is your most recent backup and when was it done?
• What are the tangible and intangible costs associated with
ransomware?
Copyright ©2021 John Wiley & Sons Canada, Ltd.
71
Copyright
Copyright © 2021 John Wiley & Sons Canada, Ltd. or the author. All rights
reserved. Students and instructors who are authorized users of this course are
permitted to download these materials and use them in connection with the
course. No part of these materials should be reproduced, stored in a retrieval
system, or transmitted, in any form or by any means, electronic, mechanical,
photocopying, recording or otherwise, except as permitted by law. Advice on how
to obtain permission to reuse this material is available at
http://www.wiley.com/go/permissions.
Copyright ©2021 John Wiley & Sons Canada, Ltd.
72
Excel 3
• GET DATA FROM ONE SHEET TO ANOTHER
• =SHEET1!B4
• GET THE CONTENTS OF SHEET 1, CELL B4
• IF Function
USED WHEN YOU NEED TO MAKE A CHOICE
• VARIABLE TAX RATE - MORE EARNINGS MEANS HIGHER TAX
• CALCULATE COMMISSION PAID ON EMPLOYEE SALES
• DISPLAY MESSAGES WHEN
• STOCK NEEDS REFILLING
• YOU HAVE A PROFIT OR LOSS
• =IF(G7<=300,0.15,0.2)
• SYNTAX - IF(CONDITION, RESULT IF TRUE, RESULT IF FALSE)
• CAN BE READ “IF THE CONTENTS OF G7 ARE LESS THAN 300, USE THE 15% TAX RATE,
OTHERWISE USE THE 20% TAX RATE”
• VALUES OF 15% OR 20% CAN BE USED IN FORMULAS AND FUNCTIONS
Excel 3
• CAN ALSO BE USED TO DISPLAY TEXT
• =IF(B3>300, ”PROFIT”, ”LOSS”)
• EXCEL RECOGNIZES TEXT BY QUOTATION MARKS
• RESULTS FROM AN IF FUNCTION CAN BE USED IN OTHER FORMULAS OR
FUNCTIONS
• Filter and Sort
• ALLOWS ORGANIZATION OF INFORMATION TO SEE ONLY WHAT USER WANTS
• FILTER AND SORT OPTIONS FOUND ON DATA TAB OF RIBBON
• MULTI-LEVEL SORT (DATA TAB, SORT BUTTON)
• SORT ON HW 3 COLUMN ADD A LEVEL THEN ON HW 4 COLUMN, BOTH
SMALLEST TO LARGEST
• FILTER
• CLICK ANY CELL ON ROW 1 (DO NOT SELECT MULTIPLE CELLS)
• PRESS FILTER BUTTON
Excel 3
• Pivot Tables / Charts
• A PIVOT TABLE IS A TOOL TO CALCULATE, SUMMARIZE, AND ANALYZE DATA THAT
LETS YOU SEE COMPARISONS, PATTERNS, AND TRENDS IN YOUR DATA
• PIVOT CHART
• A CHART BASED ON A PIVOT TABLE
• CREATION TOOLS AND OPTIONS ARE MOSTLY THE SAME AS A REGULAR
EXCEL CHART (MAJOR EXCEPTION BELOW)
• PIVOT CHARTS HAVE BUTTONS THAT WILL ALLOW FILTERING IF DATA IS
ARRANGED APPROPRIATELY
• GRADES CAN BE FILTERED, VALUES AND LEGEND CANNOT
• BUTTONS MAY BE HIDDEN BY RIGHT CLICKING
• HIDDEN BUTTONS CAN BE SHOWN VIA SELECT CHART, ANALYZE TAB, FIELD
BUTTON LIST (FAR RIGHT OF RIBBON)
Excel 3
• Goal Seek
ALLOWS THE USER TO CHANGE THE RESULT OF A FORMULA BY CHANGING ONE
VARIABLE
• DATA, WHAT IF ANALYSIS, GOAL SEEK
• “SET CELL” ARGUMENT
• MUST CONTAIN A FORMULA
• CHANGES TO THE GOAL YOU WANT TO REACH
• “TO VALUE” ARGUMENT IS YOUR GOAL
• “CHANGING CELL” ARGUMENT IS WHAT VARIABLE CHANGES