1. Describe or define virtual office
Virtual office typically a managed telephone answering or email response service that receives and routes telephone or email messages on behalf of a small business and may provide some initial scripted response to a query.Provides a means of receiving and passing on calls and messages when not available to deal with a customer inquiry. The prime objective of the V.O. is to assure that customer contact is captured and able to be followed up by whomever the call is relevant or important to.
2. Distinguish DSS from virtual office.
DSS-are a specific class of computerized information systems that supports business and organizational decision-making activities. A properly-designed DSS is an interactive software-based system intended to help decision makers.WhileVirtual office is ther are person who actually work to serve the client.
3. Illustrate (give examples) how virtual office can improve company's competitive advantage and organizational performance.
Virtual office doesn't necessarily have to be a room in a person's home, however. A laptop in a hotel a person who works from a virtual office is set up thanks to his place of employment. All equipment belongs to the home office and must be returned upon termination from that company. The virtual office worker doesn't necessarily need to be an employee, many overhead costs, such as electricity, are cut out or kept to a minimum for the company with virtual empployees. Telecommuting also eliminates crowded offices. As an added benefit, the virtual employee may agree to lower pay in exchange for the ability to work out of his home.
http://www.wisegeek.com/what-is-a-virtual-office.htm
http://en.wikipedia.org/wiki/Virtual_office
CHRISTINE LINAN
Tuesday, May 19, 2009
Monday, May 18, 2009
Final Question # 4
1. Describe or define DSS.
Decision Support Systems (DSS) are a specific class of computerized information systems that supports business and organizational decision-making activities. A properly-designed DSS is an interactive software-based system intended to help decision makers compile useful information from raw data, documents, personal knowledge, and/or business models to identify and solve problems and make decisions.
2. Distinguish DSS from MIS.
MIS is the plan on how to achieve the competitive advantage,increase productivity, information service plans,formulate strategic plan to accomplish the company goals.While DSS is a system that support the company to come up with the best solution.A Design software to help management used the information to solve the problem.
3. Illustrate (give examples) how DSS can improve company's competitive advantage and organizational performance.
DSS can support business organization for decision making activities,the company can used the information,documents or employees knowledge to identify possible solution to solve the problem,a computerized system develop to help the company.
http://en.wikipedia.org/wiki/Decision_support_system
Decision Support Systems (DSS) are a specific class of computerized information systems that supports business and organizational decision-making activities. A properly-designed DSS is an interactive software-based system intended to help decision makers compile useful information from raw data, documents, personal knowledge, and/or business models to identify and solve problems and make decisions.
2. Distinguish DSS from MIS.
MIS is the plan on how to achieve the competitive advantage,increase productivity, information service plans,formulate strategic plan to accomplish the company goals.While DSS is a system that support the company to come up with the best solution.A Design software to help management used the information to solve the problem.
3. Illustrate (give examples) how DSS can improve company's competitive advantage and organizational performance.
DSS can support business organization for decision making activities,the company can used the information,documents or employees knowledge to identify possible solution to solve the problem,a computerized system develop to help the company.
http://en.wikipedia.org/wiki/Decision_support_system
Christine Linan
Finanl Question # 3
Identify and describe one company that adopts an MIS. Include in your discussion, how MIS helps and supports the company, its managers and other employees, in their problem solving and decision-making.
The Jade Life Therapy Corporation Ltd.
The Jade Life Therapy corporation is the exclusive dealer of ceragem product in the country,the company use the MIS to improve the service of the company.The MIS help them to reach their goals of distributing their product to different countries worldwide.This system helps to improve the communication between the managers in different location and discuss the plans of the company.
The system also develops the the communication skills of management and employee because its essay for them to talk or resolve the existing problem in the company,through the conference or meeting they can formulate the best idea for problem solving.
www.ceragem.com.ph
www.ceragem.com.net
Christine Linan
The Jade Life Therapy Corporation Ltd.
The Jade Life Therapy corporation is the exclusive dealer of ceragem product in the country,the company use the MIS to improve the service of the company.The MIS help them to reach their goals of distributing their product to different countries worldwide.This system helps to improve the communication between the managers in different location and discuss the plans of the company.
The system also develops the the communication skills of management and employee because its essay for them to talk or resolve the existing problem in the company,through the conference or meeting they can formulate the best idea for problem solving.
www.ceragem.com.ph
www.ceragem.com.net
Christine Linan
Wednesday, May 13, 2009
Final Question # 2
A company may adopt specific computerized database system according to their unique needs after thorough MIS planning. However, it has to be noted that MIS if properly planned, and implemented, benefits can be immeasurable on the other hand, if this is misused, then it may mean information or financial losses and opportunity and resources wasted.
From this, answer the following.
1.0.a Research one international company from the Internet and describe their MIS strategic plan in 1-2 paragraphs.
MIS UK,founded in 1988, is a leading European provider of business intelligence solutions.
The company provides a business intelligence platform and specialized know-how to build individual solutions.
The company offers customized solutions for planning, standard and add reporting, budgeting, forecasting, consolidation and analysis. These solutions can be integrated into existing IT investments, offering scalability from departments to enterprise levels.
1.0.b Discuss too the impact of this strategic plan on the company's management, competitors, customers and the company as a whole.
Provides the intelligence behind all MIS solutions, offering tools to build advanced analytical applications based on underlying multi-dimensional technology.It provides a single enterprise-wide business intelligence platform based on MIS Application which integrates information stored in existing source systems and data warehouses across organization this brings benefits throughout the organization.
2.0.a Evaluate how can this strategic plan be applied to any local company in the Philippine.
MIS planning can increase productivity,competitiveness,based on this platform, users can utilize pre-built planning and controlling applications for enterprise planning, risk management, consolidation and subsidiary management. It helps to solve the problem and seek possible solution.
2.0.b Discuss too the possible effect on the company.
Through planning it promotes better communication to the employee and management of the company ,planning can provide better solution for every problem and some plans for the future,and the management can evaluate future plans to achieve the main goals.
3.0.a What is an Accounting Information System?
Accounting information system (AIS) is the system of records a business keeps to maintain its accounting system. This includes the purchase, sales, and other financial processes of the business. The purpose of an AIS is to accumulate data and provide decision makers (investors, creditors, and managers) with information.
3.0.b Identify or list down different accounting information systems used.
Accounting Software
Payroll Accounting
3.0.c What are the benefits by the management, users and customers derived from these AIS?
The management finds their use in providing organizational planning, monitoring, and controlling every activity. There by the managerial-level employees get benefited as they are enabled to have access to superior reporting and statistical analysis. They are also helpful in gathering data, to develop different scenarios, and to decide the best possible answer among alternative scenarios.To the users the product of a certain company using AIS is more cheaper than other who did not used,because through the help of AIS the cost of processing is lower.
3.0.d Cite any threat or misuse of these AIS by a specific company. How were the threats addressed? What were the damages?
Security threats,data breach - typically from laptops left in pubs and disks that go missing in the post,more sensitive files must be lost every day on USB drives when someone downloads accounts records to work from home but mislays the flash drive en route or emails it to the wrong address.
http://www.sovereign-publications.com/misag
http://www.answers.com/topic/accounting-information-system
http://en.wikipedia.org/wiki/Accounting_cycle
Christine Linan
From this, answer the following.
1.0.a Research one international company from the Internet and describe their MIS strategic plan in 1-2 paragraphs.
MIS UK,founded in 1988, is a leading European provider of business intelligence solutions.
The company provides a business intelligence platform and specialized know-how to build individual solutions.
The company offers customized solutions for planning, standard and add reporting, budgeting, forecasting, consolidation and analysis. These solutions can be integrated into existing IT investments, offering scalability from departments to enterprise levels.
1.0.b Discuss too the impact of this strategic plan on the company's management, competitors, customers and the company as a whole.
Provides the intelligence behind all MIS solutions, offering tools to build advanced analytical applications based on underlying multi-dimensional technology.It provides a single enterprise-wide business intelligence platform based on MIS Application which integrates information stored in existing source systems and data warehouses across organization this brings benefits throughout the organization.
2.0.a Evaluate how can this strategic plan be applied to any local company in the Philippine.
MIS planning can increase productivity,competitiveness,based on this platform, users can utilize pre-built planning and controlling applications for enterprise planning, risk management, consolidation and subsidiary management. It helps to solve the problem and seek possible solution.
2.0.b Discuss too the possible effect on the company.
Through planning it promotes better communication to the employee and management of the company ,planning can provide better solution for every problem and some plans for the future,and the management can evaluate future plans to achieve the main goals.
3.0.a What is an Accounting Information System?
Accounting information system (AIS) is the system of records a business keeps to maintain its accounting system. This includes the purchase, sales, and other financial processes of the business. The purpose of an AIS is to accumulate data and provide decision makers (investors, creditors, and managers) with information.
3.0.b Identify or list down different accounting information systems used.
Accounting Software
Payroll Accounting
3.0.c What are the benefits by the management, users and customers derived from these AIS?
The management finds their use in providing organizational planning, monitoring, and controlling every activity. There by the managerial-level employees get benefited as they are enabled to have access to superior reporting and statistical analysis. They are also helpful in gathering data, to develop different scenarios, and to decide the best possible answer among alternative scenarios.To the users the product of a certain company using AIS is more cheaper than other who did not used,because through the help of AIS the cost of processing is lower.
3.0.d Cite any threat or misuse of these AIS by a specific company. How were the threats addressed? What were the damages?
Security threats,data breach - typically from laptops left in pubs and disks that go missing in the post,more sensitive files must be lost every day on USB drives when someone downloads accounts records to work from home but mislays the flash drive en route or emails it to the wrong address.
http://www.sovereign-publications.com/misag
http://www.answers.com/topic/accounting-information-system
http://en.wikipedia.org/wiki/Accounting_cycle
Christine Linan
Monday, May 11, 2009
Final Question # 1
For those who are not working, research one company in the net who is using computerized database systems. Describe the use and/or nature of these systems and describe too the benefits/disadvantages from these systems. Include your reference.
Database is a structured collection of records or data that is stored in a computer system. The structure is achieved by organizing the data according to a database model.
Database Systems Corp. (DSC) has been providing data management products and services since 1978. There customers span a wide range of industries and levels of our government. Our expertise is in computer telephony integration software, IVR applications, predictive dialers and advanced call center software. DSC is a privately held company but we have served quite a few major corporations as well as small businesses. Our customer loyalty and retention over the years by these clients is a source of great pride for our company. Our commitment to develop leading edge technologies will always be there. Our goal is to provide the best products and services for our customers.
DSC specializes in technology for today's contact centers as well as for call centers of the future (virtual call centers). A remote agent and telecommuting workforce is made possible by faster and more reliable internet access. Our products provide the controls and monitoring capability needed for these modern call centers. Our telecommuting software allows agents to work anywhere an internet connection exists. We provide both voice and data access to remote agents in this virtual call center environment. Our Virtual PBX office phone system can link office and home based employees together as a cohesive support team.
A remote agent and telecommuting workforce is made possible by faster and more reliable internet access. Our products provide the controls and monitoring capability needed for these modern call centers. Our telecommuting software allows agents to work anywhere an internet connection exists
Database Systems Corp. provides phone systems and software that assist communities by automatically calling homebound residents, particularly the elderly, ensuring their well-being. This program is called CARE, or Call Reassurance.
CARE recipients receive a daily call and if our phone system determines that the call is not answered, our CARE program automatically contacts a family member or community worker. CARE systems incorporate both voice broadcasting and IVR technologies.
Voice broadcasting is a recent communication technique that broadcasts phone messages to hundreds or thousands of call recipients at once. This technology has both commercial and community applications. Companies can contact employees and customers instantaneously. Communities can likewise be contacted by emergency response centers.
Voice broadcast systems manage a database of phone lists as well as digitized phone messages. Using Telephony components, these computers can simultaneously broadcast thousands of phone messages. Personalized information can be included in the phone messages through the integration of Text To Speech software.
Full advantage of the technology provided by Database Systems Corp. we have developed a suite of computer telephony software that enhances existing PC, Web and Unix applications by providing telephony access to our PACER predictive dialers (as well as other PBX systems). Our CTI software comes with a standalone soft phone as well as CTI middle ware that can be embedded in user applications. This computer telephony software "opens" our PACER predictive dialers to outside applications.
benefits:
The benefits are, through the system people can get immediate information about what happening outside especially for elderly who cant go out,and ask assistant in case of emergency,contact relative quickly for instant reason. Database can broadcast emergency notification messages to thousands of households warning of natural disasters such as severe weather warnings. Pre-recorded warning messages can be played providing your community with travel warnings and advising them where to seek shelter. Emergency broadcast systems likewise can provide other safety instructions.
disadvantages:
Initial training required for all users,can cause panic to subscriber,the need to obtain stand by facilities in the event of breakdown of any computerized systems.
http://www.databasesystemscorp.com/
http://www.google.com.ph
http://www.careergears.com/
Christine Linan
Database is a structured collection of records or data that is stored in a computer system. The structure is achieved by organizing the data according to a database model.
Database Systems Corp. (DSC) has been providing data management products and services since 1978. There customers span a wide range of industries and levels of our government. Our expertise is in computer telephony integration software, IVR applications, predictive dialers and advanced call center software. DSC is a privately held company but we have served quite a few major corporations as well as small businesses. Our customer loyalty and retention over the years by these clients is a source of great pride for our company. Our commitment to develop leading edge technologies will always be there. Our goal is to provide the best products and services for our customers.
DSC specializes in technology for today's contact centers as well as for call centers of the future (virtual call centers). A remote agent and telecommuting workforce is made possible by faster and more reliable internet access. Our products provide the controls and monitoring capability needed for these modern call centers. Our telecommuting software allows agents to work anywhere an internet connection exists. We provide both voice and data access to remote agents in this virtual call center environment. Our Virtual PBX office phone system can link office and home based employees together as a cohesive support team.
A remote agent and telecommuting workforce is made possible by faster and more reliable internet access. Our products provide the controls and monitoring capability needed for these modern call centers. Our telecommuting software allows agents to work anywhere an internet connection exists
Database Systems Corp. provides phone systems and software that assist communities by automatically calling homebound residents, particularly the elderly, ensuring their well-being. This program is called CARE, or Call Reassurance.
CARE recipients receive a daily call and if our phone system determines that the call is not answered, our CARE program automatically contacts a family member or community worker. CARE systems incorporate both voice broadcasting and IVR technologies.
Voice broadcasting is a recent communication technique that broadcasts phone messages to hundreds or thousands of call recipients at once. This technology has both commercial and community applications. Companies can contact employees and customers instantaneously. Communities can likewise be contacted by emergency response centers.
Voice broadcast systems manage a database of phone lists as well as digitized phone messages. Using Telephony components, these computers can simultaneously broadcast thousands of phone messages. Personalized information can be included in the phone messages through the integration of Text To Speech software.
Full advantage of the technology provided by Database Systems Corp. we have developed a suite of computer telephony software that enhances existing PC, Web and Unix applications by providing telephony access to our PACER predictive dialers (as well as other PBX systems). Our CTI software comes with a standalone soft phone as well as CTI middle ware that can be embedded in user applications. This computer telephony software "opens" our PACER predictive dialers to outside applications.
benefits:
The benefits are, through the system people can get immediate information about what happening outside especially for elderly who cant go out,and ask assistant in case of emergency,contact relative quickly for instant reason. Database can broadcast emergency notification messages to thousands of households warning of natural disasters such as severe weather warnings. Pre-recorded warning messages can be played providing your community with travel warnings and advising them where to seek shelter. Emergency broadcast systems likewise can provide other safety instructions.
disadvantages:
Initial training required for all users,can cause panic to subscriber,the need to obtain stand by facilities in the event of breakdown of any computerized systems.
http://www.databasesystemscorp.com/
http://www.google.com.ph
http://www.careergears.com/
Christine Linan
Wednesday, May 6, 2009
Midterm Question # 3
Internet if properly maximized can be used as a medium to the advantage of the company. However, risks and threats are there. Thus, research the following:
1. Identify the possible risks and threats (eg. virus) that can potentially attack a company with internet connection.
The end users can cause you security problems like trying to hack the internal systems, deleting data, downloading malware, the list can go on for about 20 pages when considering what ‘end users’ can or will attempt to do to the internal network.Your systems can crash if not maintained properly, they can be hacked from internal and external resources, again, the list can go on and its not this articles intention to tell you what every threat to your assets are, just to make you aware that you have to think about them in general.Your network infrastructure can suffer much of the same issues that your systems would. Your administrators could forgo change control and topple your network if not supervised properly and monitored, also they could cut corners and take big chances based on a lack of knowledge of what their managers may know if they are not IT savvy (which is all too common) are just a few of the threats associated with the IT human resources. Recon (Reconnaissance): When an attacker ‘probes’ your network or systems (knocking on your door) to see if you are there, and if possible, to map your network and systems for a future malicious attack.DoS (Denial of Service): attack is very serious in nature and it’s simple to perform. Many efforts have been made to patch systems that could either launch a DoS attack or be affected by one, but to think that top level hackers (the Elite) aren’t constantly working on new ways to exploit systems is foolish.Manipulation (Data Manipulation): Data manipulation is considered a very large threat today because data is what our paperless society has come to not only depend on, Data manipulation is a huge threat. Internal threats: threats originating from within the network. Examples include malicious employees, employees that are not malicious but make mistakes, such as mistakes made from deployments and implementations, etc. External threats: threats origination from outside your network, the direct opposite of internal threats. External threats can come from Hackers on the Internet, your business competition (yes they do!), your enemies (whether you think you have any or not) and so on.
2. Case research and analysis:
The nature of the virus threat
Damage to data One of the most talked about effects of a virus attack is the damage it can do to a company’s data. Many viruses are capable of wiping hard disks or corrupting the records held on a machine. Worse still are those viruses known as ‘data diddlers’, which subtly alter the figures in a spreadsheet or words within a document. Because the changes they make are not immediately obvious it can be weeks or even months before anyone notices that something is amiss. By that time the damage can be impossible to undo as back-ups are corrupted as well. That said, if a company does fall foul of a virus that simply eliminates data, backups can often be used to restore the lost information.
Clean-up costs
Deciphering how much it costs an organization to reinstate lost data, or to negate corruptions made by malicious code is an almost impossible task and depends greatly on the specifics of the virus in question. However, in most cases the IT department will be called in to perform the clean-up operation whilst the everyday running of the company has to be put on hold. This could mean that email is disrupted, a website becomes unusable and staff within the organization are unable to perform their usual tasks. In a worst-case scenario it could mean bringing in an external party to help. As alarming as all of this sounds, data destruction is far from the worst thing a virus can do.
Spreading the infection There are some viruses, such as Melissa and Sircam, that are capable of randomly selecting documents from an infected PC and distributing them to the contacts listed in an infected user’s address article. The virus will not search for any document in particular – whether it happens upon your latest financial projections or your plans to merge with another company is really left to chance. The likelihood, though, is that if it is a document of that nature, there are certain people (quite possibly in your email contact list) whom you wouldn’t want to see it. A virus that sends out potentially sensitive information about a company can put it in a rather awkward position. Not only can a leak place competitors at an advantage, but suppliers, business partners and customers are also likely to find out that a business has allowed its security to be compromised by a virus. This can damage the trust of one company in another, as security is still very much a taboo issue. It can also make the parties that deal with a company feel vulnerable about the information they hold relating to them. Unfortunately, this kind of situation is not something that can be rectified easily. Building relationships and a credible reputation can often take years and yet can be practically wiped out in a matter of minutes. Re-establishing relationships and reputation is far from an overnight task, and, in some cases, they could be irreparably damaged.
Protecting against viruses
However, it is not all doom and gloom. Virus infection is by no means inevitable for any company and the good news is that it is possible to protect corporate networks fairly easily.
Anti-virus software Probably the most obvious step to take is to install a reliable anti-virus solution that is updated regularly. Most anti-virus solutions are able to detect the majority of viruses; but the speed with which updates to protect against the latest viruses are delivered differs somewhat. Most vendors offer automated updating over the Internet but customers should check out exactly how often they will be updated.
Policy solutions
Apart from the software there are other measures a company can take to protect itself against malicious code. One of these is to develop a safe computing policy whereby employees are informed of how to use their machines safely. Educating users about possible threats should begin at company induction stage so that members of staff know what is expected of them from the outset. It is astounding how many companies do not do this. You wouldn’t let someone drive around the M25 without a licence and yet people are placed in front of PCs and are expected to know how to use them correctly. A safe computing policy should include points such as not opening unexpected emails and not downloading material from the Internet. The vast majority of viruses are spread via the Internet and email, which is why this is so important. Even if an email is received from a known source it could still be infected, so it is worth questioning whether it was expected and whether it is in the apparent sender’s usual style. Many virus writers use extremely bad spelling and grammar, which can be an obvious clue as to what the email really contains. An email from a known associate in a foreign language should also set the alarm bells ringing! In addition, no files with double extensions should be executed. There are very few occasions when such a file would be legitimately required and the vast majority of them should be treated with suspicion. The simplest thing to do is to ask the sender to re-send the file with the correct extension. Another measure to include within such a policy is the saving of Word documents as rich text format (.rtf) instead of as documents (.doc). Docs support the macro language, which allows macro viruses to run – it is far more difficult to infect an .rtf file. Users should also be instructed not to open or forward joke, movie or graphics files. Although these filetypes are virtually unable to support viruses, malicious code can be disguised as a file of this type.
System procedures
Network administrators should also employ measures such as disabling Windows Scripting Host, changing the CMOS boot-up sequence and blocking certain file-types at the email gateway. Some vendors include technology within their products that allows IT managers to prevent certain files from ever entering an organisation – this is certainly something to look out for when purchasing an anti-virus solution. A full list of safe computing procedures that would form a good basis for such a policy can be found at www.sophos.com/safe computing.
Appropriate responses
Another important issue for organisations to consider once a safe computing policy is in place is what to do should an employee contradict the guidelines and allow a virus to penetrate the company defenses. The natural inclination of some businesses would be to punish the member of staff concerned, either by verbal or written warning or by dismissal. However, this is often not the most effective way of dealing with such a situation. If staff know that they face disciplinary measures should they be responsible for a virus infection then they are far more likely to attempt to cover up an incident, which makes it far harder to administer the clean-up once it does come to light. Ideally in that situation an employee should feel comfortable with coming forward and admitting that they have made a mistake. Only if they continue to ignore the guidelines should users be disciplined. Defending an organisation against malicious code of all types is not the sole responsibility of the IT department – every employee plays a part in protecting a company. The measures that are put in place do not have to be complicated, and if staff are encouraged to follow them from the outset they should become second nature.
Conclusions
Anti-virus protection in today’s climate demands a multi-faceted approach. Gone are the days when simply installing the software was enough. That software needs to be maintained constantly, by vendor and customer, to ensure that it detects the maximum number of viruses. In addition to the software, all users within an organization should be taught how to use their computers safely. They may not be able to have as much fun as they once did, but a workable balance between functionality and security has to be sought. Despite the horror stories of what viruses can do, it is worth remembering that it is possible to mount a comprehensive defense. Most virus incidents can be avoided relatively easily. The key to ensuring that an organization remains virus-free is constant vigilance and attention. That may sound intimidating, but in view of the potential consequences of infection it is a small price to pay. Sop hos, the Real Business/CBI Growing Business Awards Company of the Year, is a world leader in anti-virus protection. It is strongly focused on the corporate marketplace where its vision, commitment to research and development, and rigorous attention to quality have taken it from strength to strength. Sop hos increasingly rapid growth internationally is reflected in a user base of well over 20 million and revenues that soared by nearly 50 per cent in the period 2001–2002. Sophos products are sold and supported in over 150 countries through a global network of subsidiaries and partners
2.a Identify one company that had experienced an attacked from the internet.
One day after an apparent attack on its systems slowed access to leading Web sites such as yahoo.com, Google.com and Microsoft.com, distributed computing company Akamai Technologies Inc. said that it was the victim of a sophisticated, large-scale attack aimed at specific customer Web sites.Broad attack on the Internet infrastructure, saying that the company's DNS (domain name system) service was attacked for two hours Tuesday, affecting about 4 percent of its customers, the company's staff worked with customers and network providers to shut off the source of the attack.
Risk assessments: You have to know what your tolerance to risk is, once you do know, it’s critical that you see how at risk you really are to certain threats.Infrastructure analysis: Now that you know what a risk assessment is, you need to test your systems. Get executive buy-in: Once you have your analysis done, you need to hand it in. (Hopefully in an official report). You really need upper managements support on taking this seriously.Security budget: Think of a real security budget that fits the companies business model.Anti Virus etc
.
http://www.google.com.ph/
http://www.infoworld.com/
Christine Linan
1. Identify the possible risks and threats (eg. virus) that can potentially attack a company with internet connection.
The end users can cause you security problems like trying to hack the internal systems, deleting data, downloading malware, the list can go on for about 20 pages when considering what ‘end users’ can or will attempt to do to the internal network.Your systems can crash if not maintained properly, they can be hacked from internal and external resources, again, the list can go on and its not this articles intention to tell you what every threat to your assets are, just to make you aware that you have to think about them in general.Your network infrastructure can suffer much of the same issues that your systems would. Your administrators could forgo change control and topple your network if not supervised properly and monitored, also they could cut corners and take big chances based on a lack of knowledge of what their managers may know if they are not IT savvy (which is all too common) are just a few of the threats associated with the IT human resources. Recon (Reconnaissance): When an attacker ‘probes’ your network or systems (knocking on your door) to see if you are there, and if possible, to map your network and systems for a future malicious attack.DoS (Denial of Service): attack is very serious in nature and it’s simple to perform. Many efforts have been made to patch systems that could either launch a DoS attack or be affected by one, but to think that top level hackers (the Elite) aren’t constantly working on new ways to exploit systems is foolish.Manipulation (Data Manipulation): Data manipulation is considered a very large threat today because data is what our paperless society has come to not only depend on, Data manipulation is a huge threat. Internal threats: threats originating from within the network. Examples include malicious employees, employees that are not malicious but make mistakes, such as mistakes made from deployments and implementations, etc. External threats: threats origination from outside your network, the direct opposite of internal threats. External threats can come from Hackers on the Internet, your business competition (yes they do!), your enemies (whether you think you have any or not) and so on.
2. Case research and analysis:
The nature of the virus threat
Damage to data One of the most talked about effects of a virus attack is the damage it can do to a company’s data. Many viruses are capable of wiping hard disks or corrupting the records held on a machine. Worse still are those viruses known as ‘data diddlers’, which subtly alter the figures in a spreadsheet or words within a document. Because the changes they make are not immediately obvious it can be weeks or even months before anyone notices that something is amiss. By that time the damage can be impossible to undo as back-ups are corrupted as well. That said, if a company does fall foul of a virus that simply eliminates data, backups can often be used to restore the lost information.
Clean-up costs
Deciphering how much it costs an organization to reinstate lost data, or to negate corruptions made by malicious code is an almost impossible task and depends greatly on the specifics of the virus in question. However, in most cases the IT department will be called in to perform the clean-up operation whilst the everyday running of the company has to be put on hold. This could mean that email is disrupted, a website becomes unusable and staff within the organization are unable to perform their usual tasks. In a worst-case scenario it could mean bringing in an external party to help. As alarming as all of this sounds, data destruction is far from the worst thing a virus can do.
Spreading the infection There are some viruses, such as Melissa and Sircam, that are capable of randomly selecting documents from an infected PC and distributing them to the contacts listed in an infected user’s address article. The virus will not search for any document in particular – whether it happens upon your latest financial projections or your plans to merge with another company is really left to chance. The likelihood, though, is that if it is a document of that nature, there are certain people (quite possibly in your email contact list) whom you wouldn’t want to see it. A virus that sends out potentially sensitive information about a company can put it in a rather awkward position. Not only can a leak place competitors at an advantage, but suppliers, business partners and customers are also likely to find out that a business has allowed its security to be compromised by a virus. This can damage the trust of one company in another, as security is still very much a taboo issue. It can also make the parties that deal with a company feel vulnerable about the information they hold relating to them. Unfortunately, this kind of situation is not something that can be rectified easily. Building relationships and a credible reputation can often take years and yet can be practically wiped out in a matter of minutes. Re-establishing relationships and reputation is far from an overnight task, and, in some cases, they could be irreparably damaged.
Protecting against viruses
However, it is not all doom and gloom. Virus infection is by no means inevitable for any company and the good news is that it is possible to protect corporate networks fairly easily.
Anti-virus software Probably the most obvious step to take is to install a reliable anti-virus solution that is updated regularly. Most anti-virus solutions are able to detect the majority of viruses; but the speed with which updates to protect against the latest viruses are delivered differs somewhat. Most vendors offer automated updating over the Internet but customers should check out exactly how often they will be updated.
Policy solutions
Apart from the software there are other measures a company can take to protect itself against malicious code. One of these is to develop a safe computing policy whereby employees are informed of how to use their machines safely. Educating users about possible threats should begin at company induction stage so that members of staff know what is expected of them from the outset. It is astounding how many companies do not do this. You wouldn’t let someone drive around the M25 without a licence and yet people are placed in front of PCs and are expected to know how to use them correctly. A safe computing policy should include points such as not opening unexpected emails and not downloading material from the Internet. The vast majority of viruses are spread via the Internet and email, which is why this is so important. Even if an email is received from a known source it could still be infected, so it is worth questioning whether it was expected and whether it is in the apparent sender’s usual style. Many virus writers use extremely bad spelling and grammar, which can be an obvious clue as to what the email really contains. An email from a known associate in a foreign language should also set the alarm bells ringing! In addition, no files with double extensions should be executed. There are very few occasions when such a file would be legitimately required and the vast majority of them should be treated with suspicion. The simplest thing to do is to ask the sender to re-send the file with the correct extension. Another measure to include within such a policy is the saving of Word documents as rich text format (.rtf) instead of as documents (.doc). Docs support the macro language, which allows macro viruses to run – it is far more difficult to infect an .rtf file. Users should also be instructed not to open or forward joke, movie or graphics files. Although these filetypes are virtually unable to support viruses, malicious code can be disguised as a file of this type.
System procedures
Network administrators should also employ measures such as disabling Windows Scripting Host, changing the CMOS boot-up sequence and blocking certain file-types at the email gateway. Some vendors include technology within their products that allows IT managers to prevent certain files from ever entering an organisation – this is certainly something to look out for when purchasing an anti-virus solution. A full list of safe computing procedures that would form a good basis for such a policy can be found at www.sophos.com/safe computing.
Appropriate responses
Another important issue for organisations to consider once a safe computing policy is in place is what to do should an employee contradict the guidelines and allow a virus to penetrate the company defenses. The natural inclination of some businesses would be to punish the member of staff concerned, either by verbal or written warning or by dismissal. However, this is often not the most effective way of dealing with such a situation. If staff know that they face disciplinary measures should they be responsible for a virus infection then they are far more likely to attempt to cover up an incident, which makes it far harder to administer the clean-up once it does come to light. Ideally in that situation an employee should feel comfortable with coming forward and admitting that they have made a mistake. Only if they continue to ignore the guidelines should users be disciplined. Defending an organisation against malicious code of all types is not the sole responsibility of the IT department – every employee plays a part in protecting a company. The measures that are put in place do not have to be complicated, and if staff are encouraged to follow them from the outset they should become second nature.
Conclusions
Anti-virus protection in today’s climate demands a multi-faceted approach. Gone are the days when simply installing the software was enough. That software needs to be maintained constantly, by vendor and customer, to ensure that it detects the maximum number of viruses. In addition to the software, all users within an organization should be taught how to use their computers safely. They may not be able to have as much fun as they once did, but a workable balance between functionality and security has to be sought. Despite the horror stories of what viruses can do, it is worth remembering that it is possible to mount a comprehensive defense. Most virus incidents can be avoided relatively easily. The key to ensuring that an organization remains virus-free is constant vigilance and attention. That may sound intimidating, but in view of the potential consequences of infection it is a small price to pay. Sop hos, the Real Business/CBI Growing Business Awards Company of the Year, is a world leader in anti-virus protection. It is strongly focused on the corporate marketplace where its vision, commitment to research and development, and rigorous attention to quality have taken it from strength to strength. Sop hos increasingly rapid growth internationally is reflected in a user base of well over 20 million and revenues that soared by nearly 50 per cent in the period 2001–2002. Sophos products are sold and supported in over 150 countries through a global network of subsidiaries and partners
2.a Identify one company that had experienced an attacked from the internet.
June 16, 2004
Akamai Technologies Inc. Backs off claim of wide-scale Internet attack
2.b Describe the attack.
One day after an apparent attack on its systems slowed access to leading Web sites such as yahoo.com, Google.com and Microsoft.com, distributed computing company Akamai Technologies Inc. said that it was the victim of a sophisticated, large-scale attack aimed at specific customer Web sites.Broad attack on the Internet infrastructure, saying that the company's DNS (domain name system) service was attacked for two hours Tuesday, affecting about 4 percent of its customers, the company's staff worked with customers and network providers to shut off the source of the attack.
2.c Identify the damages done and the solutions adopted to reverse the damages and to protect the company from future threats.
Risk assessments: You have to know what your tolerance to risk is, once you do know, it’s critical that you see how at risk you really are to certain threats.Infrastructure analysis: Now that you know what a risk assessment is, you need to test your systems. Get executive buy-in: Once you have your analysis done, you need to hand it in. (Hopefully in an official report). You really need upper managements support on taking this seriously.Security budget: Think of a real security budget that fits the companies business model.Anti Virus etc
.
http://www.google.com.ph/
http://www.infoworld.com/
Christine Linan
Tuesday, May 5, 2009
Midterm Question # 2
1. Research 1 Philippine company & international company have employed e-commerce.
Proactive Digital Design Services offers professional website development and web application solutions to companies since 1999.
P-Microxero International website is your online Business team working for you 24 hours a day, 7 days a week and requires one time investment.
2. Describe his e-commerce operats in these company.
Proactive digetal design sell their products online and receive payments online realtime! Accept payments online 24/7. We build ecommerce websites with integrated online payment. See live online stores with online payment they made.
P-Microxero International an E-Commerce specialists will set up online credit card purchasing facilities, booking request forms, design your database, store front and administration interface, program your website to interact with the database, set up your website with a payment processor and also host your site.
3. Identify the benefits/constraints/desired by these companies from e-commerce.
benefits:Expanded Geographical Reach, Expanded Customer Base ,Increase Visibility through Search Engine Marketing, Provide Customers valuable information about your business, Available 24/7/365 - Never Close, Build Customer Loyalty, Reduction of Marketing and Advertising Costs, Collection of Customer Data,time saving,lower cost of product online,easy to access.
constraints:
Time for delivery of physical products, Physical product, supplier & delivery uncertainty, Perishable goods from the supplier to the purchasing business or consumer, Limited and selected sensory information, Returning goods online can be an area of difficulty. The uncertainties surrounding the initial payment and delivery of goods can be exacerbated in this process. Privacy, security, payment, identity, contrac, Many issues arise – privacy of information, security of that information and payment details, whether or not payment details (eg credit card details) will be misused, identity theft, contract, and, whether we have one or not, what laws and legal jurisdiction apply. Defined services & the unexpected Personal service . Although some human interaction can be facilitated via the web, e-commerce can not provide the richness of interaction provided by personal service. For most businesses, e-commerce methods provide the equivalent of an information-rich counter attendant rather than a salesperson. Size and number of transactions. E-commerce is most often conducted using credit card facilities for payments, and as a result very small and very large transactions tend not to be conducted online. The size of transactions is also impacted by the economics of transporting physical goods.
Desired Results of E-Commerce
E-commerce Applications Have Constricted the World Into a Single Whole, Making Communication Easier and Convenient. Starting From E-store, Travel Agency to Market Place, E Commerce Applications, employ the most highly talented professional for your project to meet the need of yours in a required time and make most of your resources effective to enhance the entire process of your business. The most effective website web development should always consider these criteria to achieve the desired success in the online marketing world.
http://www.sescommerce.com/benefits-of-ecommerce.asp
http://guides.wkbw.com/Desired_Results_of_E_Commerce-a1107195.html
Christine Linan
Subscribe to:
Posts (Atom)