Chapter 6 The Cloud Case Exercise Jason C

Chapter 6 The Cloud - Case & Exercise Jason C. H. Chen, Ph. D. Professor of MIS School of Business Gonzaga University Spokane, WA 99258 USA chen@gonzaga. edu Dr. Chen, Management Information Systems 1

Part I Dr. Chen, Management Information Systems 2

In Class Exercise • UYK#6(6 -5)-p. 242 Dr. Chen, Management Information Systems 3

• 6 -5. Supposed Toshio wants Falcon Security to set up a private internet, and he justifies this request on the basis of better security. Explain why that is not a good decision, and rebut his claim about security by suggesting that Falcon use a VPC. Justify your suggestion. • The major cloud service vendors employ thousands of highly trained, skilled specialists to create, manage, administer, and improve their cloud services. It is nearly impossible to imagine that the security they provide could be done better in a private internet managed by the IT department at Falcon. • If security is paramount, Falcon should consider a Virtual Private Cloud, which is a subset of a public cloud with highly restricted, secure access Dr. Chen, Management Information Systems 4

• 6 -6. In five sentences or fewer, explain how the cloud will affect job prospects for you between now and 2025. • There will be fewer small companies providing information systems services to their local communities. • The number of employees involved in managing the computing infrastructures associated with the cloud is relatively small. Because of the availability of cheap computing infrastructure (Iaa. S), there may be more startup businesses that can quickly and cheaply acquire the computing infrastructure they need. • The demand for people who know how to create, use, and manage information systems will continue to be strong Dr. Chen, Management Information Systems 5

Case Study 6: Fin. Qloud Forever … Well, at Least for the Required Interval … (pp. 243 -244) Dr. Chen, Management Information Systems 6

• 6 -14. In your own words, summarize the dealerbroker record retention requirements. • The dealer-broker retention requirements have three elements: – records of financial transactions cannot be altered after the fact; – the records must be retained for a certain time period, and – indexes must be created that permit record searches. Dr. Chen, Management Information Systems 7

• 6 -15. Reread the SEC’s 2003 interpretation. In your own words, explain the difference between “integrated hardware and software control codes” and software applications that use “authentication and approval policies, passwords, or other extrinsic controls. ” Give an example of each. • Integrated hardware and software control codes refers to systems that combine control features for both the hardware and software used in the system. • Software controls alone that might prevent records from being overwritten or erased through passwords do not prevent a record from being changed or deleted. Dr. Chen, Management Information Systems 8

• 6 -16. Clearly, in the view of the SEC, the likelihood of compromise of an integrated system of hardware and software is considerably less than the likelihood of compromise of a system of authentication, passwords, and procedures. Justify this view. • The SEC’s position is that extrinsic controls could be readily misused to overwrite records. • The SEC believes it would be far easier to compromise such extrinsic controls like passwords than it would be to tamper with a system of integrated hardware and software controls. Dr. Chen, Management Information Systems 9

• 6 -17. Do you agree with the view in question 616? Why or why not? • Students may take positions on both sides of this issue, but it is not hard to believe that systems that rely to a considerable degree on human behavior (such as the safeguarding of passwords) is more vulnerable. Dr. Chen, Management Information Systems 10

• 6 -20. Explain how the knowledge that you have gained so far in this course helps you to understand the SEC’s 2003 interpretation. Summarize how your knowledge would help you if you worked for a financial institution. Draft your answers to this question in a way that you could use in a job interview. • At this point in the course, students will be able to appreciate the vulnerability of systems that are protected by extrinsic methods (passwords and authentication and approval policies). • The human factor introduces risk that an integrated system of hardware and software controls does not share. Dr. Chen, Management Information Systems 11