ITM​ - ​Midterm questions 

★ Short answers 

P2P lending​ =​ ​Way to borrow money, especially for a person who does not have a good credit score 
but strong potential in the near future. P2P Lending is to connect people who have some spare money 
with people who want to borrow it. Cut out banks in the middle, so that both parties get a better deal.  
 
Crowdfunding = ​Way to raise capital for new projects by asking for contributions from a large number 
(crowd) of people via the Web.  
The practice of funding a project or venture by raising monetary contributions from a large number of 
people.  
 
Types of crowdfunding: 
-​Rewards crowdfunding:​ entrepreneurs pre-sell a product or service to launch a business concept 
without incurring debt or sacrificing equity/shares. 
-​Equity crowdfunding​: the backer receives shares of a company, usually in its early stages, in exchange 
for the money pledged. 
-​Debt-based crowdfunding:​ P2P lending.  
-​Charity crowdfunding:​ the collective effort of individuals to help charitable causes.  
 
Venmo =​ Digital wallet/payment method that allows users to transfer money between one another 
using a mobile app.  
 
NFC =​ ​Near Field Communication​ : The service lets devices wirelessly communicate with point of sale 
systems. NFC standards are based on existing radio-frequency identification (RFID) standards.  
 
LoopPay​ = Transmits card data to the pay terminal's swipe slot using an electromagnetic field, causing 
the terminal to register it as if it were a normally swiped card. 
 
Tokenization =​ Process of substituting a sensitive data element with a non-sensitive equivalent, 
referred to as a token, that has no extrinsic or exploitable meaning or value.  
 
FinTech​ = Defines financial technology as “innovation in financial services”. Also defined as an 
economic industry composed of companies that use technology to make financial systems more 
efficient.  
 
Mobile app ​= ​Computer program designed to run on mobile devices such as smartphones and tablet 
computers. Most such devices are sold with several apps bundled as pre-installed software, such as a 
web browser, email client, calendar, etc. 
 
O2O model​ = Online to Offline  
 
Cloud computing​ = Style of computing in which IT services are delivered on-demand and accessible 
via the Internet.  
 
Cloud Service Delivery Models​ = 
Software as a Service (SaaS):​ End-user apps, like SalesForce, Google Docs. 
Software-as-a-Service (SaaS) is an increasingly popular IT model in which software is available to users as needed. Other 
terms for SaaS are on-demand computing, utility computing, and hosted services. The idea is basically the same: instead of 
buying and installing expensive packaged enterprise applications, users can access software apps over a network, with an 
Internet browser being the only absolute necessity. Usually, there is no hardware and software to buy, since the apps are 
used over the Internet and paid for through a fixed subscription fee, or payable per an actual usage fee. The SaaS model was 
developed to overcome the common challenge to an enterprise of being able to meet fluctuating demands on IT resources 
efficiently.  
It’s tough to understand how SaaS differs from cloud computing. Cloud computing enables users to access data, 
software, or services via the Internet. SaaS is an arrangement where instead of buying and installing enterprise 
apps, users access those apps from a SaaS vendor over a network via a browser.  
 
Platform as a Service (PaaS):​ Tools and services making coding and deployment faster and more 
efficient, like Google App Engine. 
Infrastructure as a Service (IaaS):​ Hardware and software that power computing resources, like Amazon 
Web.Services and Rackspace. 
 
Cloud Deployment Models = 
Private​: Functions only for an organization on a private network.  
Public  
Hybrid   
 
Responsiveness =​ ​IT capacity can be easily scaled up or down as needed.  
Refers to the specific ability of a system or functional unit to complete assigned tasks within a given 
time. 
 
Agility =​ b
​ eing able to respond quickly.   
Agile software development is a set of principles for software development in which requirements and 
solutions evolve through collaboration between self-organizing, cross-functional teams. It promotes 
adaptive planning, evolutionary development, early delivery, and continuous improvement, and it 
encourages rapid and flexible response to change. 
 
Data governance =​ Process of creating and agreeing to standards and requirements for the collection, 
identification, storage, and use of data.  
 
MSSP​ = Managed Security Service Provider  
 
Virtualization =  
Vulnerability = 
  
Security risk =  
 
Security standard =  
 
Security breach = k 
 
High-profile security breach =  

★ Essay questions 

A. List how P2P lending sites are different from traditional bank service and how they make lenders 
feel safer. 
 
Cut out banks in the middle, both parties get a better deal. 
P2P analyses whether they should lend people money based on SNS information 
P2P more efficient than banking in this narrow sector 
P2P more direct 
 
B. List and briefly explain 4 different types of crowdfunding, and suggest a crowdfunding site for a 
startup company which plans to invent a new espresso machine with new technology. 
 
Rewards crowdfunding​: entrepreneurs pre-sell a product or service to launch a business concept 
without incurring debt or sacrificing equity/shares 
Equity crowdfunding​: the backer receives shares of a company, usually in its early stages, in exchange 
for the money pledged.  
Debt-based crowdfunding​: P2P lending  
Charity crowdfunding​: the collective effort of individuals to help charitable causes.  
 
Suggestion: Kickstarter 
 
C. Describe how Samsung Pay and Apple Pay are different with respect to the technologies applied 
and which one is more used in reality with what reasons. 
 
 
Apple Pay  Samsung Pay 
 

Supported countries  US, UK  US, Korea 

UK - August 2016 
China - Q1 2016 
Upcoming countries  Spain, China - Q1 2016 
EU countries - Q1 2016 
Australia, Brazil, Singapore 

NFC 
Type  NFC only 
Magnetic (MST) 

Shortcut  Starts automatically  Swipe up 

to launch  when near NFC terminal  from bottom of screen 

Does it work with 

-  ✓ 
traditional terminals? 

Does it work with 

✓  ✓ 
NFC terminals? 

Does it work 
✓  - 
for purchases in apps? 

 
Samsung Pay advantage is that it doesn’t require a NFC terminal, it can be used on traditional terminals 
(LoopPay). Thus, as the different points of sales may be reluctant to buy new terminals, it is more 
convenient for both clients and sellers to use Samsung Pay. 
 
D. Describe how Alipay has attracted Chinese customers who have not trusted any online sellers, and 
illustrate how Alipay works with a brief sketch to provide better customer experience and higher 
benefits. 
 
Nowadays, Alipay represent almost 50% of the online payment market in China. Alipay is a fully 
integrated and user-centric solution that covers a great variety of payment needs in people’s daily life. 
 
Compared to its main competitors like Paypal, Alipay provides an escrow service, in which consumers 
can verify whether they are happy with goods they have bought before releasing money to the seller. 
Thus, the customers can trust Alipay more easily. 

 
 
 
E. List and explain five market forces in Michael Porter’s competitive forces model. 
 
Fuck it. 

 
 
F. Explain how different “operational effectiveness” and “strategics positioning” are with a real life 
example. 

Operational effectiveness​ means 

performing similar activities better​ than 
rivals perform them. It refers to any 
number of practices that allow a 
company to better utilize its inputs by, for 
example, reducing defects in products or 
developing better products faster.  
In contrast, ​strategic positioning​ means 
performing different activities​ from 
 rivals’ or ​performing similar activities in different ways. 
 
Example: British Airways performs different activities from its competitors by targeting low cost airfare. 
Cirque du soleil. 
 
G. What is a data silo? Where are the primary causes of data silos and why do they interfere with 
effective organizational operations? 
 
A separate database or set of data files that are not part of an organization's enterprise-wide data 
administration.  
Data silos tend to arise naturally in large organizations because each organizational unit has different 
goals, priorities and responsibilities. Data silos can also occur when departments compete with each 
other instead of working with each other towards common business goals.  
They impede productivity and negatively impact data integrity and consistency. When two or more 
in-house silos exist for the same data, their contents are likely to differ, creating confusion as to which 
repository represents the most up-to-date version. As a result, current (or more recent) data may 
accidentally get overwritten with outdated (or less recent) data. 
 
H. PIE mapping developed an interactive online resource for transport, especially during London 2012 
Olympics. What benefits the company can get by moving into cloud computing? 
 
The company needed a more scalable and flexible IT infrastructure to expand its services and replicate 
them in other territories. Pie Mapping switched from an on-premise infrastructure to Dell Cloud 
Services with the support of the Dell Centre for Entrepreneurs, giving them the perfect setup to deliver 
world-class routing and navigation solutions to other cities. 
 
I. Explain cloud service brokerage and forecast the market of the brokerage service in the next 3 to 5 
years with your reasonable logics. 
 
Cloud service brokerage ​is an IT role and business model in which a company adds value to one or 
more cloud services on behalf of one or more consumers of that service via three primary roles:  
- Aggregation 
- Integration  
- Customization brokerage.  
A CSB enabler provides technology to implement CSB, and a CSB provider offers combined 
technology, people and methodologies to implement and manage CSB-related projects. 
 
Option 1: Everybody will use them because it will be too difficult to find the adapted services among 
the existing ones. 
Option 2: It will disappear because companies will be trained to understand and choose which service 
best answers their needs. 
 
J. In the last couple of years even information security standard had been tightened, but the number 
of security breach had not been decreased. Ironically it had been even gone up almost 2 times. 
Describe and explain a possible theory to explain this counterintuitive phenomenon. 
 
Customers are becoming more and more eager to use their credit card online because of the increase 
of safety devices. Thus, there is more and more data available that represents interesting amounts of 
money.  
Also, with the security standards, people tend to be less careful when imputing their private data 
online. 
 
K. Discuss how cloud computing increases IT security risks. How do you recommend that the risks be 
reduced? 
 
Social networks and cloud computing increase vulnerabilities by providing a single point of failure and 
attack. Critical, sensitive, and private information is at risk, and like previous IT trends, such as wireless 
networks, the goal is connectivity, often with little concern for security. As social networks increase 
their services, the gap between services and cybersecurity also increases. E-mail viruses and malware 
have been declining for years as e-mail security has improved.This trend continues as communication 
shifts 
to social networks and newer smartphones. Unfortunately, malware finds its way to users through 
security vulnerabilities in these new services and devices.Web filtering, user education, and strict 
policies are necessary to help prevent widespread outbreaks. In Twitter and Facebook, users invite in 
and build relationships with others. Cybercriminals hack into these trusted relationships using stolen 
log-ins. Fake antivirus and other attacks that take advantage of user trust are very difficult 
to detect. An overriding reason why these networks and services increase exposure to risk is the 
time-to-exploitation of today’s sophisticated spyware and mobile viruses.Timeto- exploitation is the 
elapsed time between when vulnerability is discovered and when it’s exploited. That time has shrunk 
from months to minutes so IT staff have ever-shorter timeframes to find and fix flaws before being 
compromised by an attack. Some attacks exist for as little as two hours, which means that enterprise IT 
security systems must have real-time protection. When new vulnerabilities are found in operating 
systems, applications, or wired and wireless networks, patches are released by the vendor or security 
organization. Patches are software programs that users download and install to fix the vulnerability. 
Microsoft, for example, releases patches that it calls service packs to update and fix vulnerabilities in its 
operating systems, including Vista, and applications, including Office 2010. Service packs are made 
available at Microsoft’s web site. Left undetected or unprotected, vulnerabilities provide an open door 
for IT attacks and business disruptions and their financial damages. Despite even the best technology 
defenses, infosec incidents will occur mostly because of users who do not follow secure computing 
practices and procedures.