Min-Seok Pang, Ph.D.

test

• With ITC eChoupal, who would be unhappy? How does ITC address the resist of those unhappy?
The government would not be happy. Previously, the government can use the lowest price to buy soybeans. However, with the help of eChoupal, the farmer would make their benefited choice with the higher price.
• While eChoupal seems to be beneficial to farmers, they are not well-versed in using PCs and the Internet. How does ITC help them adopt eChouapl?
ITC can design web pages in a simple way. In addition, ITC can also make some brochures for famers to teach them how to use the internet. Furthermore, famers communicate with each other. They may learn it fast.
• Knowing about both business and technologies, what would be valuable business skills that MIS majors can have but other majors (marketing, finance, or engineering) don’t?
Nowadays, it is technology world. MIS understand technology, but still know much about business knowledge. We can let technology help more in business which means we can use technology bring more profit to technology.

Knowing about both business and technologies, what would be valuable business skills that MIS majors can have but other majors (marketing, finance, or engineering) don’t?
The ability to understand how technology works give you a big advantage when faced with making decisions that require implementation of new technologies.

How does eChoupal contribute to the competitiveness of ITC?
It gives Farms the ability to deal directly with the buyers and cuts out the middle man. This is good fro both Farmers and Buyers since the cost of the middle man can be distributed between them. On top of the lower costs the site makes the transactions more efficient and effective.

• As CIO of IVK, how would you explain the incidents at Ch. 10 to Wall Street analysts?
I would explain it as there is a website maintenance and update to make our website more efficient. I won’t say the customer service is down, the website is locked up and get the “gotcha” message.

• How would you explain the difference between a distributed denial of service (DDoS) attack and an intrusion to a non-IT boss or colleages?
DDos and intrusion are two difference things. DDos can use various tools to let a website down which doesn’t mean the confidential information is breached. However, intrusion means that hackers want to steal or change information or embedding some virus in the website which also can let website down. Intrusion is more dangerous than DDos which may threat the company and customer interests.

• What would be proper procedures and policies for personal devices?
Employees are not allowed to use USB in the company.
Employees should not allowed to bring and use their own computer to the company.
Employees should not use company’s computer to play online games which are easy to get virus.
Employees should not send oversize (more than 1M) email without any permission.
Employees should also backup important documents to company server in case of computer stolen.

1.) As CIO of IVK, how would you explain the incidents at Ch. 10 to Wall Street analysts?
As CIO of IVK, I would briefly explain the incidents to Wall Street analysts as “The system is temporarily down as we are working on improvements and updates to the system. It will be back up and running at 100% efficiency momentarily.”

2.)What would be proper procedures and policies for personal devices?
Depending on the device, for example, an Iphone or Ipad device with fingerprinting compatibility could be used in place of a password to secure devices but if not, there should be a specific username and password for each personal device that is changed every week or every month. There should also be a centralized company security software that is required on each laptop and is updated frequently. When accessing company internal databases, there should be a separate user name and password for this access that should be completely different from the device login and password.

What would be proper procedures and policies for a database?
protected with security, backed up somewhere else electronicly, as well as a hard copy if possible. passcode access. Captcha phrase requirement. Insurance policies

What would be proper procedures and policies for personal devices?
locks on all device, employee training on how to handle their devices, requirement for employees to keep some items on sight, as big concern is losing the device with all the sensitive information on it. security software on the computers, no jumpdrives.

Why may we lose flexibility, innovation, or responsiveness to business due to policies and procedures for IT risk management?

security requires extra steps, which will slow down efficiency, even the few seconds taken to enter a password will add up and slow down operations. Also, innovation and responsiveness may grow less rapidly with more flexibility, because trying new things becomes dangerous. with all the cyber risks out there, trying something new becomes dangerous because there is no data on how to implement and protect it. avoiding some new things might be the best and only way to truly mitigate risks.

-As CIO of IVK, how would you explain the incidents at Ch. 10 to Wall Street analysts?
I would play off the events as planned maintenance that was expected but not reported outside of the company, this would allow investors to remain confident in IVK.
-How would you explain the difference between a distributed denial of service (DDoS) attack and an intrusion to a non-IT boss or colleages?
Both may cause the website to go down for some time, however Intrusion is more dangerous because it is possible that confidential information was taken, as opposed to DDoS where no information was taken.
-What would be proper procedures and policies for personal devices?
1)Employees should only use company run saving measures so that no information leaves the office.
2)Backup of company computers must be done monthly in the case of a theft.
3)No employee should open attachments from company email on a personal computer

As CIO of IVK, how would you explain the incidents at Ch. 10 to Wall Street analysts?
I would explain the current statues of the issue and assure them that the problem is under control.

How would you explain the difference between a distributed denial of service (DDoS) attack and an intrusion to a non-IT boss or colleages?
(DDoS) attack is an attempt to make a machine or network resource unavailable to its intended users where as an intrusion is when an outside source has all the companies information.

What would be proper procedures and policies for personal devices?
Employes are required to enter a password.
Outside USB can’t be used.
Employees should not be allowed to bring their own laptop.
Employees should not take any work home.

What constitutes “transaction costs” in capital expenditures?
Expenses incurred when buying or selling securities. Transaction costs include brokers’ commissions and spreads the difference between the price the dealer paid for a security and the price the buyer pays. The transaction costs to buyers and sellers are the payments that banks and brokers receive for their roles in these transactions

What would be the reasons for Ericsson or IBM to sign the deal with Bharti? What would be the reasons not to sign?
The issues and benefits from the perspective of Bharti are as follows: the Operations department is concerned about handing over daily operations to the vendor; IT and Marketing are concerned that the software and hardware will not be supported by IBM; HR is concerned with the transfer of too many employees. On the other hand, some benefits include: less upfront investment, more freedom for management, and improved overall agility. In terms of vendor issues, they include upcoming additional risks, large upfront investments on the brand, and taking on Bharti’s objectives as their own.

Why is a service-level agreement important?
Service-level agreement is important because it clearly defines commitments due to customers and clearly establishes the key performance indicators for the customer services.. Also for internal purpose SLA help setting clear and measurable standard performances.