Aureus Summary · Summary - Business Information Systems Chapter 1: Managing the Digital World •...

Aureus SummaryBusiness Information Systems (Book)

Terms & conditions Summaries

In this summary you will find an overview of the course material. It is about the

mandatory material of the lectures and chapters of the book.

This summary is written at the discretion of the author. When making the summaries,

we try to guarantee the quality as much as possible. However, Aureus cannot accept

responsibility for the user. This overview serves as a supplement / aid and not as a

replacement for the compulsory course material.

All in all, Aureus is glad to collect summaries and place them on the website. Only using

this summary as a preparation for your exam will not ensure you will pass your exam.

Aureus is not responsible for the grades of the exams.

If you have any questions or suggestions about the summaries, please contact us by

sending an email to [email protected] or walk by at room HG-8A32!

Announcements Aureus

Wrote your own summary?

Did you write summaries for courses of this year and do you want to sell them to

Aureus? Than please sent an email to [email protected] and maybe we will buy

your summary for up to €75,-! Of course the summary has to be of good quality, which

we will check.

Participating in events?

Aureus has an activity for every student! From a fantastic and cozy winter sport, to the

possibility to get in touch with more than 75 companies at the Amsterdam Career Days:

Aureus organizes it! For every of the things you want to do during your study you can

find the right events: social events such as drinks, career events such as the Business

Experience Days, skills oriented events as the Aureus Academy, we have it all! Almost

all of our events are for free, you just have to make sure you are a member. For all our

events please check out at www.aureus.nl/events!

Tutoring

Did you read the book, followed the lectures , learned the summary by heart but are still

insecure whether you will pass the exam? Aureus also offers tutoring classes! Look at

www.aureus.nl/tutoring for the courses we organize this period!

mailto:[email protected]

mailto:[email protected]

http://www.aureus.nl/events

http://www.aureus.nl/tutoring

of 50

Summary - Business Information Systems Chapter 1: Managing the Digital World

• Technological advances have enabled a move into the digital world, which is often referred to as the post-PC era - where wireless, mobile devices allow for novel ways of interacting with information systems.

• Even though we are living in such a modern age, it is unlikely for desktop PCs and laptops to go away. Instead, devices with newer form factors will work in tandem with older form factors to provide truly ubiquitous experiences, and the changes we've seen so far will give rise to future developments, including wearable computers, augmented reality devices, or surface computer.

• Knowledge Workers are typically professionals who are relatively well educated and who create, modify, and/or synthesise knowledge as a fundamental part of their jobs. They are generally better paid than their prior agricultural and industrial counterparts' they rely on and are empowered by formal education, yet often possess valuable real-world skills. The lines between knowledge workers and manual workers are blurring, to the point where every worker is a knowledge worker.

• A Knowledge Society is a society as a result of the growth in the number of knowledge workers. In the knowledge society, information has become as important as - and many feel more than - land, labour, and capital resources.

• Many traditional occupations now use information technologies. In fact, every organisation can now be considered an e-business. Whereas, e-Commerce generally means the use of the Internet and related technologies to support commerce, e-Business has a broader meaning - the use of nearly any information technologies or systems to support every part of the business.

• Some argue that the new economy consists of a Digital Divide, where those with access to information technology have great advantages over those without access to it.

• The Information Age is the biggest wave of change. It is a period where information is the currency of the realm.

• In the post-PC era Five IT Megatrends shape the way we work and interact: 1. Mobile 2. Social Media 3. Internet of Things 4. Cloud Computing 5. Big Data

• With the increase in mobile devices, organisations not only have to create mobile-device-friendly versions of their Web sites, but often build mobile Apps - which are software programs designed to perform a particular, well-defined function - to market their products or services.

of 50

• Consumerization of IT is where employees use their own devices for work-related purposes, or use software they are used to in the workplace.

• Workers tend to use their own devices primarily for checking e-mails or visiting social networking sites - but also use their own devices for other important tasks such as customer relationship m management or enterprise resource planning. This can be worrying or provide a host of opportunities, such as increased productivity or higher tention rates of talented employees. This trend is referred to as Bring Your Own Device (BYOD) and is a major concern of business and IT managers.

• The Internet of Things is a broad range of physical objects (such as computer, sensors, or motors) that are interconnected and automatically share data over the internet. In 2008, there were more devices connected to the Internet than there were people living on the earth.

• Cloud Computing is the use of the Internet as the platform for applications and data. Much of the functionality previously offered by applications installed on each individual computer is offered by applications in the cloud, accessed via your web browser.

• Alvin Toffler describes three distinct phases, or "waves of change" that have taken place

in the past or a presently taking place within the world's civilisations:

• The transformations of our social and work interactions enabled by 24/7 connectivity have given rise to Big Data - extremely large data sets that may be analysed computationally to reveal patterns, trends, and associations, especially relating to human behaviour and interactions.

• The succes of the megatrends is based on the Network Effect which refers to the notion that the value of a network increases with the number of other users. So, if a network has few users, it has little or no value.

• Companies in the information era/age economy are creating value not from people, but from data.

• Wearable Technology means clothing or accessories that incorporate electronic technologies, like smart watches or fitness trackers.

of 50

• Computer Literacy is knowing how to use a computer. With the increasing use of computers in all areas of society, many argue that being computer literate is not sufficient in today's world; rather Computer Fluency (the ability to independently learn new technologies as they emerge and assess their impact on one's work and life) is what will set you apart in the future.

• Professionals in the medical industry use Healthcare IS to support everything from patient diagnosis and treatment to analysing patient and disease data to running doctors' offices and hospitals.

• Information technology has enabled Globalisation - the integration of economies throughout the world, fundamentally changing how not only people but also organisations and countries interact.

• Globalisation can be seen visible in: 1. Economic Change - increases in international trade, development of global financial systems and currency, and the outsourcing of labour. 2. Cultural Changes - increases in the availability of multiculturalism through Tv/movies; frequency of international travel, tourism, and immigration; use of worldwide social media. 3. Technological Change - the development of low-cost computing platforms and communication technologies; availability of low-cost communication systems such as email, Skype, and messaging; nature of a low-cost global telecommunication infrastructure like the internet.

• Outsourcing is the moving of business processes of tasks to another company, either onshore (domestically) or offshore. The decrease in communication costs has added another dimension to outsourcing, as now companies can outsource business processes on a global scale. Think of outsourcing customer service functions or accounting to companies specialising in these services.

• Why outsource? 1. Reduce/control costs 2. Free up internal resources 3. Gain access to world-class capabilities 4. Increase the revenue potential of the organisation 5. Reduce time to market 6. Increase process efficiencies 7. Focus on a core activity 8. Compensate for a lack of specific capabilities or skills

• Information Systems use information technology to collect, create, and distribute useful data. They use information technology to collect, create and distribute useful data.

• Information Technology includes hardware, software, and telecommunications networks. Here, Hardware refers to physical computer equipment, such as a computer, tablet, or printers, as well as components like a computer monitor or keyboard. Software refers to a program or set of programs that tell the computer to perform certain tasks. And, Telecommunications Networks refer to a group of two or more computer systems linked

of 50

together with communications equipment.

• Data is the most basic element of any information system. They are raw symbols, such as words and numbers. Their characteristics are that they have (1) no meaning in and of themselves, and (2) are of little value until processed.

• Data can be formatted, organised, or processed to be useful; it is transformed into Information - a representation of reality, and can answer questions about who, what, where, and when.

• To use information, knowledge is needed. Knowledge is the ability to understand information, form opinions, and make decisions or predictions based on the information.

• Good IS personnel possess valuable, integrated knowledge and skills in three areas: 1. Technical: having knowledge and skills in hardware, software, networking, and security. 2. Business: the area that sets the IS professional apart from others who have only technical knowledge and skills. 3. Systems: those who understand how to build and integrate systems and how to solve problems.

• Some types of Information Systems: > Transactions Processing Systems (TPS) are used by organisations to efficiently process customers transactions and generate a tremendous amount of data that can be used by the organisation to learn about customers and ever-changing product trends. > Management Information System is a system where TPS data are sorted and organised to support a broad range of managerial decision making. > Office Automation Systems provide word processing, spreadsheet, and other personal productivity tools, enabling knowledge workers to accomplish their tasks (such as microsoft word and excel).

• Since sometimes systems cannot really be categorised (such as customer relationship management and supply chain management) we refer to them either as: 1. Internetworking is connecting hosts computers and their networks together to form even larger networks like the Internet. 2. System Integration is connecting separate information systems and data to improve business processes and decision making.

• If IS are conceived, designed, used, and managed effectively and strategically, then together with a sound business model they can enable organisations to be more effective, to be more productive, to expand their reach, and to gain or sustain competitive advantage over rivals.

• Computer Ethics is used to describe moral issues and standards of conduct as they pertain to the use of information systems.

• Information Privacy is concerned with what information an individual should have to reveal to others in the workplace or through other transactions, such as online shopping.

of 50

• In the Information Age, other may have access to personal information that you would prefer to keep quite (credit card numbers, medical histories, etc.). This becomes

problematic as organisations are increasingly able to piece together information about you, forming an ever more complete picture. With the ease of duplicating, manipulating, and sharing digital information, intellectual property becomes an increasingly important issue.

• By law, companies operating in the online world are not required to respect your privacy. This means a vendor can track what pages you look at, what products you examine in detail, which products you choose to buy, etc.

• Governments have pressured businesses to post their privacy policies on their websites by issuing the Fair Information Practice Principles:

• To maintain your privacy: 1. Choose web sites that are monitored by independent organisations 2. Avoid having "cookies" left on your machine 3. Visit sites anonymously (by using www.anonymizer.com) 4. Use caution when requesting confirmed e-mail 5. Beware what you post or say online

• Intellectual Property are the creations of the mind that have commercial value. Here, a set of ethical issues center, as the post-PC era allows includes the ability to easily download, copy, and share or distribute digital information. Think of watching series online, downloading music for free, etc.

• 3D Printing enables creating physical three-dimensional objects from digital models. This enables lossless duplication of files.

of 50

Chapter 2: Gaining Competitive Advantage Through Information Systems

• Business Processes are the activities organisations perform to reach their business goals, including core activities that transform inputs and produce outputs, and supporting activities that enable the core activities to take place.

• Organizations are composed of different decision-making levels: 1. Operational Level - the routine, day-to-day business processes and interactions with customers. Information systems at this level are designed to automate repetitive activities, such as sales transaction processing, and to improve the efficiency of business processes at the customer interface. 2. Managerial Level - focus on monitoring and controlling operational-level activities and providing information to higher levels of the organisation. Hence, the information systems at this level improve effectiveness by automating the monitoring and controlling of operational activities. 3. Executive Level - the focus is on long-term strategic questions facing the organisation, such as which products to produce, which countries to compete in, and what organisational strategy to follow. Information systems at this level help to improve

strategy and planning by providing summaries of past data and projections of the future.

• A Transaction refers to anything that occurs as part of a firm's daily business of which it must keep a record.

• Structured Decisions are those in which the procedures to follow for a given situation can be specified in advance. These can be programmed directly into operational informations system so that they can be made with little or no human intervention (for instance, an inventory management system).

• At the operational level, information systems are typically used to increase Efficiency - the extent to which goals are accomplished faster, at lower costs, or with relatively little time and effort.

• At the managerial level, midlevel managers focus on effectively utilising and deploying organisational resources to increase Effectiveness - the extent to which goals or tasks are accomplished well - to achieve the strategic objectives of the organisation.

of 50

• Decisions at the managerial level are Semistructured Decisions, where some procedures to follow for a given situation can be specified in advance, but not to the extent where a specific recommendation can be made.

• Key Performance Indicators (KPIs) are metrics that assess progress towards a certain goal and are displayed on performance dashboards.

• At the executive level decisions are Unstructured Decisions, where there are few or no procedures to follow for a given situation to be specified in advance.

• Functional Area Information Systems are designed to support the unique business processes of specific functional areas.

• Information systems are used at different levels of an organisation to support automating and organisational learning, and to to support strategy: 1. Automating - this perspective thinks of technology as a way to help complete a task within an organisation faster, cheaper, and perhaps with greater accuracy. 2. Organisational Learning - the ability of an organisation to use past behaviour and information to improve its business processes. 3. a. Organisational Strategy - firm's plan to accomplish its mission and goals as well as to gain or sustain competitive advantage over rivals. b. Strategic Planning - form a vision of where the organisation needs to head, convert that vision into measurable objectives and performance targets, and craft a strategy to achieve the desired results. c. Low-cost Leadership Strategy - offer the best prices in the industry on goods/services. d. Differentiation Strategy - provide better products/services than competitors. e. Best-cost Provider Strategy - offering products or services reasonably good quality

at competitive prices.

of 50

• Sources of having a competitive advantage: 1. Being the first to enter the market (i.e. having a First-Mover Advantage) 2. Having the best-made product on the market 3. Delivering superior customer service 4. Achieving lower costs than rivals 5. Having a proprietary manufacturing technology, formula, or algorithm 6. Having shorter lead times in developing and testing new products 7. Having a well-known brand name and reputation 8. Giving customers more value for their money

• To develop and sustain a competitive advantage, organisations must have resources/capabilities that are superior to those of their competitors: 1. Resources - reflect the organisation's specific assets that are utilised to create cost or product differentiation from their competitors. 2. Capabilities - reflect the organisation's ability to leverage these resources in the marketplace.

• Together resources and capabilities provide the organisation with Distinctive Competences (such as innovation, agility, quality, or low cost) that help to pursue the organisational strategy. The competencies help to pursue the organisational strategy and make the organisation's product valuable to its customers relative to its competitors; superior Value Creation occurs when an organisation can provide products at a lower cost or with superior benefits to the customer.

• Five forces that influence the level of competitiveness in an industry, known as Porter's

Five Forces:

• The Value Chain refers to the set of activities that add value throughout the organisation. Value Chain Analysis is the process of analysing an organisation's activities to determine where value is added to product/services and what costs are incurred for doing so. Information Systems can automate many activities along te value chain.

of 50

• Organisations are trying to maximise Business/IT Alignment where systems are matched with strategy.

• Sometimes, organisations have no choice in making some types of investments that may or may not coincide with their overall strategy. Such investments are called Strategic Necessity - something the organisation just do in order to survive.

• A Business Model is a summary of a business's strategic direction that outlines how the objectives will be achieved; this specifies the Value Proposition - how a company will create, deliver, and capture value.

• A Revenue Model describes how the firm will earn revenue, generate profits, and produce a superior return on invested capital. A form of a revenue model enabled by the digital world is Affiliate Marketing - achieving greater market penetration through websites who target specific groups of internet users. However, there are more forms: 1. Subscription - users pay a monthly/yearly recurring fee for the use of the product/service. 2. Licensing - users pay a fee for using protected intellectual property (e.g., software). 3. Transaction Fees - a commission is paid to the business for aiding in the transaction. 4. Traditional Sales - consumer buys from a web site. 5. Web Advertising - a free service/product is supported by advertising displayed on the web site.

• Freeconomies is the leveraging of digital technologies to provide free goods/services to customers as a business strategy for gaining a competitive advantage.

• The Freemium approach is where users can upgrade to a paid "pro account:, providing additional features, such as unlimited storage, advertisement free browsing, etc.

of 50

• There are several International Business Strategies: 1. Global Strategy: attempt to achieve economies of scale by developing products for the global market, which can be sold in large quantities. 2. Transnational Strategy: attempt to leverage the flexibility offered by a decentralised organisation while at the same time reaping economies of scale enjoyed by centralisation. 3. International Strategy: view international operations as secondary to their home operations, focussing on domestic customers' needs and wants and exporting products to generate additional sales. 4. Multidomestic Strategy: attempt to be extremely flexible and responsive to the needs and demands of local markets by using a loose federation of associated business units,

each of which is rather independent in its strategic decisions.

• New technologies are not as stable as traditional ones and given that, being at the technological cutting edge has its disadvantages and is typically difficult to execute. Those organisations that find themselves in highly competitive environments probably most need to deploy new technologies to stay ahead of rival.To do so, organisations must be ready for the business process changes that will ensue, have the resources necessary to deploy new technologies successfully, and be tolerant of the risk and problems in being at the cutting edge.

• Disruptive Innovations are new technologies, products, or services that eventually surpass the existing dominant technology or product in a market. The Innovators' Dilemma refers to how disruptive innovations, typically ignored by established market leaders, cause these established firms or industries to lose market dominance, often leading to failure.

• A process called Disruptive Growth Engine outlines how organisations can effectively respond to disruptive innovations in their industry. This process includes the following steps:

of 50

1. Start early 2. Display executive leadership 3. Build a team of expert innovators 4. Educate the organisation

• The Disruptive Innovation Cycle holds that the key success for modern organisations is the extent to which they use information technologies and systems in timely, innovative ways: > Bubble 1: Enabling technologies are the information technologies that enable a firm to accomplish a task or goal or to gain or sustain competitive advantage is some way (disruptive innovations). > Bubble 2: Organisation matches promising new technologies with current economic opportunities. > Bubble 3: the processes of selecting those emerging technologies that have the biggest potential to address the current opportunities. > Bubble 4: the process of assessing the value of that use of technology, not only to

customers but also to internal clients.

• The disruptive innovation cycle suggests three ways to think about investments in disruptive innovations: 1. Put technology ahead of strategy 2. Put technology ahead of marketing 3. Innovation is continuous

Chapter 3: Managing the Information Systems Infrastructure and Services

• Any area where people live or work needs a supporting Infrastructure - which entails the technical structures enabling the provision of services; many infrastructure components,

of 50

such as power, water, telephone, and sewage lines, are "invisible" to the users, meaning that the user typically do not know where, for example, the water comes from, as long as it flows when they open their faucets.

• Just as people/companies rely on basic municipal services to function, businesses rely on an Information Systems Infrastructure (consisting of hardware, system software, storage, networking, and data centers) to support their decision making, business processes, and competitive strategy.

• Modern organisations use various applications and databases to support their business processes; thee applications and databases rely on solid underlying IS infrastructure, consisting of hardware, system software, storage, networking, and data.

• Application Software helps to automate business processes, and enables processes that would otherwise not even be possible.

• Databases are collections of related data organised in a way that facilitates data searches. They are vital to an organisation's operations and often are vital to competitive advantage and success.

• Hardware are computers that run the applications and databases necessary for processing transactions or analysing business data.

• The five general classes of computers: 1. Supercomputer: most powerful kind of computer (typically not used by business organisations) but used to assist in solving massive scientific problems. 2. Mainframe: used primarily as the main, central computing system for major corporations - optimised for high availability, resource utilisation, and security. Used for mission-critical applications, such as transaction processing. 3. Servers: any computer or network that makes access to files, printing, communications, and other services available to users of the network. Used to provide services to users within large organisations. 4. Workstation: designed for medical, engineering, architectural, or animation and graphics design uses, are optimised for visualisation and rendering of 3D mode,s and have fast processors. large memory, and advanced video cards. 5. Personal Computer: used for personal computing and small business computing. Over the past few years, PC's have increasingly become part of an organisation's information system infrastructure.

• Embedded Systems are optimised to perform a well-defined set of tasks, ranging from playing MP3 music files to controlling engine performance, traffic lights, or DVD players.

of 50

• System Software is the collection of programs that control the basic operations of computer hardware. The most prominent type of system software, the Operating System (e.g. OS X, Windows 8) coordinates the interaction between hardware components,

peripherals (e.g. printers), application software (e.g. office programs) and users.

• Device Drivers allow the computer to communicate with various different hardware devices.

• Organisations store data for three reasons: 1. Operational 2. Backup 3. Archival

• Computer Networking is the sharing of data or service. The information source produces a message, which is encoded so that it can be transmitted via a communication channel; a receiver then decodes the message so that it can be understood by the destination. Hence, it involves coding, sending, and decoding a message.

• Computer networks require: 1. A sender and a receiver that have something to share 2. A pathway or transmission medium to send the message 3. Rules or protocols dictating communication between senders and receivers

• Transmission Media refers to the physical pathway - cables and wireless - used to carry network information.

• Protocols define the procedures that different computers follow when they transmit and receive data. You both might decide the one communication protocol will be that you communicate in English.

of 50

• Bandwidth is the transmission capacity of a computer or communications channel, measured in bits per second (bps) or multiples thereof, and represents how much binary data can be reliably transmitted over the medium in one second. To appreciate the importance of bandwidth for speed, consider how long it would take to download a 45-min TV show (about 200 MB) from iTunes and 2 min at 15 Mbps (high-speed cable).

• Computer in a network have three roles: 1. Servers: any computer on the network that makes access to files, printing, communications, and other services available to the users of the network. 2. Clients: any computer, such as a user's PC or laptop, on the network, or any software application that uses the services provided by the server. A client usually has only one user, whereas many different users share the server. So-called thin clients - microcomputers with minimal memory, storage, and processing capabilities - use desktop virtualisation to provide workers with a virtual desktop environment. 3. Peers: any computer that may both request and provide services. The trend in business is to use Client-Server Networks, in which servers and clients have defined roles. With ubiquitous access to local area networks (LANs) and the Internet, almost everyone works in a client-server environment today. Peer-to-Peer Networks enable any computer or device on the network to provide and request servies; these networks can be found in small offices and homes.

• Computing networks are commonly classified by size, distance covered, and structure. Common classifications are: > Personal Area Network (PAN): wireless communication between devices. > Local Area Network (LAN): sharing of data, software applications, or other resources between several users. > Wide Area Network (WAN): connect multiple LANs, distributed ownership and management.

• Organisations install Wireless Local Area Networks (WLANs) using high-frequency radio-wave technology; WLANs are often referred to as Wi-Fi- Networks.

• The Internet is a large worldwide collection of networks that use a common protocol to communicate with each other.

• The World Wide Web is a software of interlinked documents on the Internet, or a graphical user interface to the Internet that provides users with a simple, consistent, interface to access a wide variety of information. A Web Browser is a software application that can be used to locate and display Web pages, including text, graphics, and multimedia content.

• A key feature of the Web is Hypertext - a document, otherwise known as a Web page, containing not only information but also Hyperlink, which are references or links to other documents. The standard method of specifying the structure and content of web pages is called Hypertext Markup Language (HTML). Web pages are stored on Web Servers, which process user requests for pages using the Hypertext Transfer Protocol (HTTP). Web servers typically host a collection of interlinked web pages (called a Web site) that are owned by the same organisation or by an individual.

of 50

• A Uniform Resource Locator (URL) is used to identify and locate a particular web page. For example, www.google.com is the URL used to find the main Google Web Server. The URL has three parts: 1. The Domain Name: a term that helps people recognise the company/person that the domain name represents. For Google, this is google.com 2. Top-Level Domain: the suffix. For Google, this is .com (some other suffixes are .edu, .org, .gov, .nl, .co.nz, .net.) 3. The Host Name: the host name is the web server that will respond to the request. For Google, this is www (but can also be mail or maps - mail.google.com or maps.google.com)

• IP Addresses serve to identify all the computers or devices on the Internet. The IP address serves as the destination address of that computer or device and enables the network to route messages to the proper destination. For example, 128.196.134.37 is the underlying IP address of www.arizona.edu.

• The Internet uses the Transmission Control Protocol/Internet Protocol (TCP/IP) to facilitate the transmission of Web pages and other information.

• A private network can be created through Intranet. It look sand acts just like a publicly accessible web site an uses the same software, hardware, and networking technologies to communicate information. However, they are behind a firewall which secures proprietary information.

• An Extranet can be regarded as a private part of the Internet that is cordoned off from the ordinary users, enable two or more firms to use the Internet to do business together.

• Moore's Law hypothesises that the number of transistors on a chip would double about every two years. So far, this has been fairly accurate.

• Planned Obsolescence means that the product is designed to last only for a certain life span. For hardware, this can mean that certain components are not built to be serviceable, and the device has to be replaced once in a while. The rapid obsolescence of computer hardware carries a high price tag for the environment.

• Radical advances in information technology have opened many opportunities for organisation but have also brought challenges. Advances in hardware have enabled advances in software. Hardware and obsolescence, faster IT cycles, and consumerisation present issues such as when and how to upgrade the current infrastructure.

• The processing, storage, and transmission of data is taking place in the cloud.

• Cloud Computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and realised with minimal management effort or service provider interaction. Using a Utility Computing Model, cloud computing thus helps to transform IT infrastructure costs form a capital expenditure to an operational expenditure.

of 50

• Characteristic of cloud computing include on-demand self-service, rapid elasticity, broad network access, resource pooling, and measured service.

• Typical cloud computing service models: > Infrastructure as a Service (IaaS) - the basic capabilities of processing, storage, and networking a provided. So, the customer has the most control over the resources. Think of Amazon and Network. > Platform as a Service (PaaS) - customers can run their own application, typically designed using tools provided by the service provider. Think of Facebook. > Software as a Service (SaaS) - the customer uses only applications provided via cloud infrastructure. Think of e-mail and Google Docs.

• Types of clouds: 1. Public Cloud - can be used by any interested party on a pay-per-use basis. Hence, they are often used for applications that need rapid scalability (i.e. the ability to adapt to increase/decreases in demand for processing or data storage), or in cases where there is insufficient capital or the resources to build or expand an IT infrastructure. Amazon.com is a public cloud. 2. Private Cloud - internal to an organisation and can helpt he organisation to balance demand and supply of computing resources within the organisation.

• When considering the move to a public cloud-based infrastructure, organisations have to weigh issues such as availability, reliability, scalability, viability, security, privacy, compliance, openness, diversity of offerings, and, costs.

• Other applications in the cloud include: 1. Service-Oriented Infrastructure (SOA) - business processes are broken down into services that are designed to achieve the desired results for the service consumer. SOA's must follow three principles: reusability, interoperability, componentization.

of 50

2. Grid Computing: combining computing power of a large number of smaller, independent, networked computers into a cohesive system in order to solve problems that only supercomputer were previously capable of solving. 3. Content Delivery Network: increase performance of websites as they store copies of content closer to the end user. 4. Voice over IP (VoIP): the use of Internet technologies for placing telephone calls. 5. Videoconferencing over IP: the use of Internet technologies to place video calls.

• Finally, a recent trend is Green Computing, as companies realise potential cost savings and a positive effect on the company's image by implementing ways to reduce energy consumption and waste. It involves helping to use computers more efficiently, doing the same/more with less. For instance, by using virtualisation to replace hundred of individual servers with just a few powerful mainframe computers.

Chapter 6: Enhancing Business Intelligence Using Information Systems

• Business Intelligence is the use of information systems to gather and analyse data and information from internal and external resources in order to make better business decisions. This helps organisations swiftly respond to external threats and opportunities coming from unstable market conditions, fierce competition, short product life cycles, government regulations, and big data.

• Data-Driven Organisations make decisions that can be backed up with verifiable data.

• Big Data is characterised as being of high volume, variety, and velocity. Hence, many organisations are unable to harness the value of this.

• Many organisations are utilising a Continuous Planning Processes where organisations continuously monitor and analyse data and business processes; the results lead to ongoing adjustments to how the organisation is managed, but these results are also reflected in ongoing updates to the organisational plans. It involves a cycle of manage, plan, monitor, and analyse.

• An Entity is something you collect data bout, such as people or classes. We often think of entities as Tables ,where each row is a Record and each column is an Attribute (also referred to as field). A record is a collection of related attributes about a single instance of an entity. Each record typically consists of many attributes, which are individual pieces of information.

• An Relational Database Management Systems (RDBMS) attempts to balance efficiency of storage needs, ease of retrieval, and other factors by sooting data in tables linked via relationships. However, RDBMSs are not easily scalable in response to peaks in demand, as is often the case in data-intensive applications such as e-commerce and social media.

• Another database management system is NoSQL, which is becoming increasingly popular. They can distribute across multiple machines, which works well in a cloud computing infrastructure.

• The structure of data is typically captured in a Data Model - a map/diagram that represents entities and their relationships. Each attribute in the database needs to be of

of 50

a certain type. This Data Type helps the DMBS organise and sort the data, complete calculations, and allocate storage space. Once the data model is created, the format is documented in a Data Dictionary which is a document explaining several pieces of information for each attributes (such as name, type of data expected, and valid values). Data dictionaries often include Business Rules - policies by which a business runs.

• A Form typically has blanks where the user can enter information of make choices, each of which represents an attribute within a database record (such as last name, first name, gender, and age). Forms are often used to capture data to be added, modified or deleted form the database.

• A Report is a compilation of data form the database that is organised and produced in printed format. Sophisticated Report Generators and analysis tools can help users to quickly build interactive reports and visualisations to present data in a useful format.

• To retrieve data from a database, we use a Query. The most common language used to interface with RDBMSs is Structured Query Language (SQL). An example of a SQL

statement:

• The systems that are used to interact with customers and run a business in real time are called Operational Systems. Online Transaction Processing (OLTP) systems provide and immediate automated response and are designed to handle multiple concurrent transactions from customers.

• Systems designed to support decision making based on stable point-in-time or historical data are called Informational Systems.

• Master Data are the data deemed most important in the operation of a business. Typically shared among multiple organisational units, master data include data about customers, suppliers, inventory, employees, and the like. You can think of it as the "actors" in an organisation's transactions; for example, a customer purchases something, an employee is paid, and so on.

of 50

• Large organisations have built Data Warehouses that integrate multiple large databases and other information sources into a single repository. Such repository, containing both historic and current data for analysis and reporting, is suitable for direct querying, analysis, or processing.

• A crucial process for consolidating data from operational systems with other organisational data is Extraction, Transformation, and Loading. First, the data need to be extracted from various different systems. In the transformation stage, data are being cleansed and manipulated to fit the needs of the analysis. Data Cleansing refers to the process of detecting, correcting, or removing corrupt or inaccurate data retrieved from different systems. Finally, the transformed data are loaded into the data warehouse and are ready for being used for complex analyses.

• A Data Mart is a data warehouse that is limited in scope. It contains selected data from the data warehouse such that each separate data mart is customised for the decision support needs of a particular end-user group.

Report/Quert Description

Scheduled Reports Reports produced at predefined intervals to support routine decisions

Key-Indicator Reports Reports that provide a summary of critical information on a recurring schedule

Exception Reports Reports that highlight situations that are out of the normal range

Drill-Down Reports Reports that provide greater detail, so as to help analyse why a key indicator is not at an appropriate level or why an exception occured

Ad Hoc Queries queries answering unplanned information requests to support a non-routine decision; typically not save to be run again

• Information is typically presented as reports based on data stored in organisational databases and can take the form of:

• Online Analytical Processing (OLAP) refers to the process of quickly conducting complex, multidimensional analyses of data stored in a database that is optimised for retrieval, typically using graphical software tools. OLAP tools enable users to analyse different dimensions of data beyond simple data summaries and data aggregations of normal database queries. The chief component of an OLAP system is the OLAP server, which understands how data are organised in the database and has special functions for analysing the data.

• In-memory Computing is a recent trend, which involves data being stored in a computer's main memory rather than on a comparatively slow hard drive, removing the bottlenecks associated with reading and writing data.

• OLAP systems are designed for efficient retrieval of data and categorise data as measures and dimensions. Measures are the values of numbers the user want to analyse, such as the sum of sales or the number of orders place. Dimensions provide a way to summarise the data, such as region, time, or product line. To enable multidimensional analyses, OLAP arranges the data in cubes. An OLAP Cube is a data

of 50

structure allowing for multiple dimensions to be added to a traditional two-dimensional table. Analysing the data on subsets of the dimensions is referred to as Slicing and Dicing. Data Mining complements OLAP in that it provides capabilities for discovering hidden perceptive relationships in the data. An Algorithm refers to the step-by-step procedures used in a computer program to make a calculation or perfume some type of computer-based process.Typically, data mining algorithms search for patterns, trends, or rules that are hidden in the data, so as to develop predictive models. Depending on the size of the data warehouse, data mining algorithms can take a long time to run; thus, an important preparatory steps to running data mining algorithms is Data Reduction, which reduce the complexity of the data to be analysed.

• Association Discovery is a technique used to find associations or correlations among sets of items. Similar, Sequence Discovery is used to discover associations over time.

• Clustering is the process of grouping related records together on the basis of having similar values for attributes, thus finding structure in data. In contrast, Classification is used when the groups are known beforehand, and records are segmented into these classes.

• Text Mining refers to the use of analytical techniques for extracting information from textual documents. For organisations, the analysis of textual documents can provide extremely valuable insights into business performance, competitors', activities, or regulatory compliance.

• Web Content Mining refers to extracting textual information from web documents. To extract information from the overall Internet, a document collection spider, or web crawler, would gather web pages and documents that match some prespecified criteria

of 50

and place this information in a massive document warehouse.

• Analysing textual documents can help organisations, for instance: > The marketing department can use sentiment analysis to learn about customers' thoughts, feelings, and emotions, by analysing not only customer e-mails or letters but also blogs, wikis, or discussion forms. > The operations department can learn about product performance by analysing service records or customers calls. > Strategic decision makers can gather competitive intelligence by analysing press releases, news articles, or customers-generated web content about competitors' products.

• Web Usage Mining is used by organisations to determine patterns in customers' usage data, such as how users navigate through the site or how much time they spend on different pages. By analysing users' Clickstream (i.e., a recording of a user's path through a web site), a business can assess its pages' Stickiness (i.e., the ability to attract and keep visitors) and how customers navigate through different item categories, ultimately helping companies to optimise the structure of its web site.

• Business Analytics agents business intelligence by using statistical analysis and Predictive Modeling to build explanatory models, help understand data, identify trends, or predict business outcomes; whereas business intelligence is good for knowing what is, business analytics helps in understanding why something is a certain way and foreseeing what will be.

• A Decision Support System (DSS) is a special-purpose information system designed to support organisational decision making related to a particular recurring problem. They are typically used by managerial-level employees to help them solve semistructured problems such as sales and resource forecasting, yet DDSs can be used to support decisions at virtually all levels of the organisation. Characteristics of a DSS: > Inputs - data and models; data entry and data manipulation commands > Processing - interactive processing of data and models; simulations, optimisation, forecasts > Outputs - graphs and textual reports; feedback to system user > Typical Users - midlevel managers

• A What-if Analysis allows you to make hypothetical changes to the data associated with a problem and observe how these changes influence the results.

• Artificial Intelligence (AI) is the science of enabling information technologies to simulate human intelligence, such as reasoning and learning, as well as gaining sensing capabilities, such as seeing, hearing, walking, talking, and feeling.

• Machine Learning is a branch of AI that allow systems to learn by identifying meaningful pattern when processing massive amounts of data. Machine learning ahs enabled great dance in various field, for instance, the self-driving cars!

• Neural Networks are composed of a network of processing elements (i.e., artificial neurons) that work in parallel to complete a task, attempt to approximate the functioning

of 50

of the human brain and can learn by that example.

• Intelligent Systems emulate and enhance human capabilities. They re having a tremendous impact in a variety of areas, including banking and financial management, military, and engineering. Two types of intelligent systems: > Expert Systems (ES) - a type of intelligent system that uses reasoning methods based on knowledge about a specific problem domain in order to provide advice, much like human expert. > Intelligent Agent - a program that works in the background to provide some service when a specific event occurs, like a software robot.

• Several types of Intelligent Agents: 1. User Agents 2. Buyer Agents 3. Monitoring and Sensing Agents 4. Data Mining Agents 5. Web Crawlers 6. Destructive Agents

• What constitutes Knowledge Assets are the underlying skills, routines, practices, principles, formulas, methods, heuristics, and intuitions, where explicit or tacit. All databases, manuals, reference work, textbooks, diagrams, displays, computer files, proposals, plans, and any other artefacts in which both facts and procedures are recorded and stored are considered knowledge assets. They can be either: 1. Explicit Knowledge Assets - that reflect knowledge that can be documented, archived, and codified, often with the help of information systems. 2. Tacit Knowledge Assets - that reflect the processes/procedures that are located in a person's mind on how to effectively perform a particular task.

• A Knowledge Management System is a collection of technology-based told that include communication technologies as well as information storage and retrieval systems to enable the generation, storage, sharing, and management of tacit and explicit knowledge assets.

of 50

• Organisations use Social Network Analysis to map people's contact and discover connections or thus missing links within the organisations; thus, social network analysis can be used to attempt to find groups of people who work together, to find people who don't collaborate but should, or to find experts in particular subject areas.

• Once organisations have collected their knowledge into a repository, they must find an easy way to share it with employees, customers, suppliers, or the general public. These Knowledge Portals can be customised to meet the unique needs of their intended users.

• Visualisation refers to the display of complex data relationships using a variety of graphical methods, enabling mangers to quickly raps the results of the analysis.

• Digital Dashboards are commonly used to present key performance indicators and other summary information used by managers and executives to make decision. A digital dashboard could be a pie chart in excel.

• Visual Analytics is the combination of various analysis techniques and interactive visualisation to solve complex situations. By combining human intelligence and reasoning capabilities with technology's retrieval and analysis capabilities, visual analytics can help in decision making, as the strengths of both the human and the machines are merged.

• One type of visualisation system that is growing in popularity and is frequently incorporated into digital dashboards is called a Geographic Information System (GIS). A GIS is a system for creating, storing, analysing, and managing geographically referenced information, such as for locating target customers or finding optimal store locators. For instance, various industry uses of GIS: 1. Agriculture - to analyse crop yield by location, soil erosion, etc. 2. Banking - to identify lucrative areas for marketing campaigns 3. Disaster Response - analyse historical events, set up evacuation plans, etc. 4. Environment/Conservation - analyse wildlife behaviours 5. Insurance - risk analysis

of 50

Chapter 7: Enhancing Business Processes Using Enterprise Information Systems

• Most organisations are organised around distinct functional areas (marketing and sales, supply chain management, manufacturing and operations, accounting and finance, and human resources) that work together to execute the core business processes: 1. Order-to-Cash - the processes associated with selling a product/service. The process

entails subprocesses: 2. Procure-to-Pay - the processes associated with procuring goods from external vendors. Subprocesses of the procure-to-pay process include: 3. Make-to-Stock/Order - In the make-to-stock process, goods are produced based on forecasts and from inventory. The subprocesses include: In contrast, the make-to-order process are procured based on forecasts, but actual manufacturing does not start until an order is received (a pull-based approach); in extreme cases, even design and engineering start only when an order is received. Subprocesses include: All in all, all of these core business processes enable the creation of value chains that are involved in transforming raw materials into products sold to the end consumer.

• Support Activities are business activities that enable the primary activities to take place. Hence, administrative activities, infrastructure, HR, technology development, and procurement.

• Core Activities are the activities that may differ widely, depending not eh unique requirement of the industry in which a company operates, although the basic concepts hold in most organisations. Core activities include inbound logistics, operations and manufacturing, outbound logistics, marketing and sales, and customer service.

• Value Chains are composed of both core activities (inbound logistics, operations and manufacturing, outbound logistics, marketing and sales, and customer service) and support activities (administrative activities, infrastructure, human resources, technology

of 50

development, and procurement).

• A company can create additional value by integrating internal applications with suppliers, business partners, and customers. Companies accomplish this by connecting their internal value chains to form a Value System, in which information flows form one company's value chain to another company's value chain.

• A value system can be viewed as a river of information, comprising upstream and downstream information flows. An Upstream Information Flow consists of information that is received from another organisation, whereas a Downstream Information Flow relates to the information that is produced by a company and sent along to another organisation.

• Systems that focus on the specific needs of individual departments are typically not designed to communicate with other systems in the organisation (essentially, they are speaking "different languages") and are therefore referred to as Standalone Applications. Even though such systems enable departments to conduct their daily business activities effectively and efficiently, these systems are not very helpful when people from one part of the firm need information from another part of the firm. There are unnecessary costs associated with entering, storing, and updating data redundantly. As a result, many standalone applications are typically either fast approaching or beyond the end of their useful life within the organisation; such systems are referred to as Legacy Systems.

• An Enterprise System is an integrated suite of business applications for virtually every business process, allowing companies to integrate information across operations on a company-wide basis. Rather than storing information in separate place through the organisation, enterprise systems use an integrated database to provide a central repository common to all users. So, enterprise systems evolved from legacy systems.For instance, that VU makes use of an enterprise system - think of how easy you can sign up for courses in other faculties (all due to the enterprise system).

• Information systems can be used to support internally of externally focused business processes: 1. Internally Focused Systems support functional areas, business processes, and decision making within an organisation. 2. Externally Focused Systems help to streamline communications and coordinate business processes with customers, suppliers, business partners, and others who operate outside an organisation's boundaries.

• A system that communicates across organisational boundaries is sometimes refered to an Interorganizational System (IOS) - the key purpose of an IOS is to streamline the flow of information from one company's operations to another's.

• Software programs come in two forms: 1. Packaged Software - written by third-party vendors for the needs of many different users and organisations, supporting standardised, repetitive tasks, such as word processing, payroll processing, or preparing taxes. These programs can be quite cost effective since the vendor that builds the application can spread out development costs through selling to a large number of users.

of 50

2. Custom Software - designed and developed exclusively for specific organisations and can accommodate their particular business needs. However, obtaining custom software is much more expensive because the organisation has to bear all costs associated with designing and developing the software.

• Because no two companies are alike, no packaged software application will exactly fit the unique requirements of a particular business. Thus, enterprise systems are designed around Modules, which are components that can be selected and implemented as needed. In essence, each module is designed to replace a legacy system.

• The features and modules that an enterprise system comes with out of the box are referred to as the Vanilla Version. If the vanilla version does not support a certain business process, the company may require a customised version. Customisation provides either additional software that is integrated with the enterprise system or consists of direct changes to the vanilla application itself.

• Enterprise system implementations are often used as a catalyst for overall improvement of underlying business processes. As a result, most enterprise systems are designed to operate according to industry-standard business processes, or Best Practices, and vendors for many industry-specific versions that have already been customised for particular industries based on best practices. Best practices reflect the techniques and processes, identified through experience and research, that have consistently shown results superior to those achieved with other means.

• The implementation of enterprise systems often involve Business Process Management (BPM), a systematic, structured improvement approach by all or part of an organisation whereby people critically examine, rethink, and redesign business processes in order to achieve dramatic improvements in one or more performance measures, such as quality, cycle time, or cost. BPM is based on the notion that radical redesign of an organisation is sometime necessary in order to lower costs and increase quality, and that information systems are the key enabler for that radical change. The basic steps for BPM are: Step 1: Develop a vision for the organisation that specifies business objectives. Step 2: Identify the critical processes that are to be redesigned. Step 3: Understand and measure the existing processes as a baseline for future improvements. Step 4: Identify ays that information systems can be used to improve processes. Step 5: Design and implement a prototype of the new processes.

• Enterprise Resource Planning (ERP) systems replace standalone applications by providing various modules based on a common database and similar application interfaces that serve the entire enterprise rather than portions of it.

• ERP Control refers to the locus of control over the computing systems and the data contained in those systems, as well as, decision-making authority.

• There are two major categories of ERP components: 1. ERP Core Components support the important internal activities of the organisation for producing its products and services. These components support internal operations such as financial management, operations management, and HRM. 2. ERP Extended Components support the primary external activities of the organisation

of 50

for dealing with suppliers and customers. Specifically, ERP extended components focus primarily on supply chain management and customer relationship management.

• An ERP system can support all aspects of the order-to-cash process, procure-to-pay process, and the production process.

• ERP systems allow information to be shared throughout the organisation through the use of a large datable, helping to streamline business processes and improve customer service. When selecting an ERP system, organisations must choose which module to implement from a large menu of options - most organisations adopt only a subset of the available ERP components. ERP core components support the major internal activities of the organisation for producing its products and services, while ERP extended components support the primary external activities of the organisation for dealing with suppliers and customers.

• Experience with enterprise system implementations suggests that there are some common problems that can be avoided and/or should be managed carefully. Organisations can avoid common implementation problems by: 1. Securing executive sponsorship 2. Getting necessary help from outside experts 3. Thoroughly training users 4. Taking a multidisciplinary approach to implementations 5. Keeping track of evolving ERP trends

Chapter 4: Enabling Business-to-Consumer Electronic Commerce

• Electronic Commerce (EC) is the exchange of goods, services, and money among firms, between firms and their customers, and between customers, supported by communication technologies and, in particular, the Internet.

• Business-to-Consumer (B2C) are transactions between business and consumers.

• Business-to-Business (B2B) are transactions between business, not involving the end consumer.

• Consumer-to-Consumer (C2C) are transactions where the businesses are not involved.

• Consumer-to-Business (C2B) are transactions where consumers offer products, labour, and services to companies.

• The increase in use of mobile devices has given rise to M-Commerce (mobile commerce), which is any electronic transaction or information interaction conducted using a wireless, mobile device and mobile networks that leads to the transfer of real or perceived value in exchange for information, services, or goods.

• e-Government is the use of information systems to provide citizens, organisations, and other governmental agencies with information about public services and to allow for interaction with the government. It involves three distinct relationships: 1. Government-to-Citizen (G2C): allows for interactions between federal, state, and local governments and their constituents.

of 50

2. Government-to-Business (G2B): involves businesses' relationships with all levels of government. 3. Government-to-Government (G2G): used for electronic interactions that take place between countries of between different level of government within a country.

• e-tailing is the online sales of goods and services.

• Brick-and-Mortar Business Strategy: operate solely in the traditional physical markets. These companies approach business activities in a traditional manner by operating physical locations such as retail stores, and not offering their products or services online.

• Click-Only Business Strategy: conduct business electronically in cyberspace. These firms have no physical store locations, allowing them to focus purely on EC.

• Click-and-Mortar Business Strategy: utilise the internet to extend their traditional offline retail channels.

• In summary:

• Mass Customisation helps firms tailor their produces and services to meet a customer's particular needs on a large scale. Linking online product configuration systems with just-in-time production allows companies to assemble each individual product based on the customers' specifications, so that companies are able to provide individualise products, while at the same time reaping the economies of scale provided by mass production.

• Disintermediation is cutting out the middleman and reaching customers more directly and efficiently. This creates both opportunities and challenges.

• Reintermediation refers to the design of business models that reintroduce middlemen in order to reduce te chaos brought on by the disintermediation.

• Group Buying is an innovative business model enabled by the Internet. Where firms negotiate special volume discounts with local businesses and offering them to their members in the form of daily deals.

of 50

• Companies have come up with innovative pricing models that tranced traditional Menu-Driven Pricing, in which companies set the prices that consumers pay for products.

• The Reverse Pricing Model is where customers specify the product they are looking for and how much they are willing to pay for it and then a company matches the customers' bids with offers from companies.

• Social Commerce is where organisations try to leverage their visitors' social networks to build lasting relationships, advertise products, or otherwise create value.

• e-Tailers can benefit from being able to offer a wider variety of goods to more people at lower prices. On the other hand, a major drawback is customers' lack of trust.

• A key success metric for an e-commerce site is Conversion Rate, defined as the percentage of visitors who perform the desired action, be it to make a purchase or sign up for a newsletter. To increase conversion rate, e-tailer should: 1. Offer something unique 2. The web site must motivate people to visit, to stay, and to return 3. You must advertise your presence on the web 4. Learn from your website

• To advertise the presence on the web, a common phenomenon is QR Codes - two-dimensional barcodes with a high storage capacity. Such bar codes are typically used to point the consumer to a particular web site.

• The Exit Rate is defined as the preceding of visitors who leave the web site after viewing that page; the last page that users view before moving onto a different site, or closing their browser window.

• Bounce Rate is defined as the percentage of single-page visits; the percentage of users for whom a particular page is the only page visited on the web site during a session.

• Online consumers' needs can be categorised in terms of: 1. Structural Firmness: characteristics that influence the web site's security and performance 2. Functional Convenience: characteristics that make the interaction with the web site easier or more convenient 3. Representational Delight: characteristics that stimulate a consumer's senses

• Popular ways to advertise products or services on the web are: 1. Search Marketing 2. Display Ads 3. E-mail marketing 4. Social Media 5. Mobile Marketing Advertisers pay for these types of Internet marketing on the basis of either the number of impressions or pay-per-click.

of 50

• Search Engine Optimisation (SEO) is an attempt to boost a company's ranking in the organic search engine results.

• The performance of Internet marketing can be assessed by metrics such as Click-Through Rate, reflecting the number of surfers who click on an ad divided by the number of times it was displayed, or Conversion Rate, reflecting the percentage of visitors who actually perform the marketer's desired action.

• Pay-per-Click models allow firms to run their advertisement and pay only when a web surfer actually clicks on the advertisement.

• Click Fraud where people repeatedly click on a link to inflate revenue to the host or increase the cost for the advertiser.

• M-commerce is rapidly expanding with continued evolution of faster cellular networks, more powerful handheld devices, and more sophisticated applications.

• A key driver for m-commerce is Location-based Services which are highly personalised mobile services based on a user's location. They are based on GPS technology.

• As mobile consumers not only use they reduces to obtain timely information on the go, but also increasingly purchase products or content in mobile settings, business have to consider the specific settings and devices of their target customers.

• The rise in smartphone has led to Showrooming - that is, shoppers coming into a store to evaluate the look and feel of a product, just to then purchase it online or at the competitor's store.

• The internet has fueled that development of a variety of ways people can trade goods, socialise, or voice their thoughts and opinions. Specifically, e-Auctions which allow sellers to post goods and services for sale and buyers can bid on these items.

• One emerging topics in EC is C2B EC where individuals offer products or services to businesses.

• Web-based financial transactions: 1. Online Banking: manage credit card, checking, or savings accounts online. 2. Electronic Bill Pay Services: pay bills online. 3. Online Investing: investing online by getting information about stock quotes or managing portfolios. 4. Mobile Banking Apps

• Securing payments in the digital world is still of concern, both for customers and for merchants, who have to minimise their risk arising from potentially fraudulent credit card transactions; as a result, many retailers use online payment services.

• The Card Verification Value (CVV2) is a three-digit code located at the back of a card to authorise a transaction.

of 50

• Various indicators can signal potential e-commerce fraud: 1. Transaction patterns 2. E-mail addresses 3. Shipping and billing addresses 4. IP Address

• The Internet Tax Freedom Act states that sales on the Internet should be treated the same way as mail-order sales, and a company is required to collect sales tax only from customers residing in a state where the business had substantial presence.

• Digital media are easily copied and shared by many people, so the entertainment industry has turned to Digital Rights Management (DRM) - which is a technological solution that allows publishers to control their digital media to discourage, limit, or prevent illegal copying and distribution.

• A digital Watermark is an electronic version of physical watermarks placed on paper currency to prevent counterfeiting.

• Net Neutrality is the principle that all Internet data should be treated the same.

• Legal issues surrounding web site content, contracts, taxation, transactions, protecting intellectual property, and net neutrality continue to be major issues and impediments to e-commerce.

Chapter 5: Enhancing Organisational Communication and Collaboration using Social Media

• A Collaboration consists of two or more people that work together to achieve a common goal.

• With increasing globalisation and increasing use of the Internet, collaborators on projects or teams do not have to be collocated; rather, businesses increasingly form Virtual Teams, comprised of members from different geographic areas, assembled as needed to collaborate on a certain project.

• Ways to communicate and collaborate: > Synchronous: at the same time > Asynchronous: not coordinated in time

• Meetings of virtual teams typically take the form of Virtual Meetings using an online environment; such meetings can be done synchronously.

• Groupware refers to a class of software that enables people to work together more effectively. Groupware and other collaboration technologies are distinguished along two dimensions: > Whether the system supports synchronous or asynchronous communication and collaboration > Whether the system supports groups working together face-to-face or distributed

of 50

• Discussion Forums emulate traditional bulletin boards and allow for threaded discussions between participants.

• An Electronic Meeting System (EMS) is a sophisticated software tool used to help group members solve problems and make decisions through interactive structured processes such as electronic idea generation, idea evaluation, and voting. These help groups stay on track and avoid costly diversions that occur in meeting regularly.

• Desktop Videoconferencing has been enabled by the growing power of processors powering personal computers and faster Internet connections. For this, all that is needed is a Webcam - a small video camera that is connected directly to a PC.

• Organisational intranets are widely used to provide Employee Portals that enable Employee Self-Service for administering benefits, managing retirement plans, or other human resources-based applications.

• A mashup is a new application that uses data from one or more service providers.

• Changes in technology have enabled new uses of the Web; dynamic Web applications, often referred to as Web 2.0 applications, allow people to collaborate and share information online, shifting the users' role from the passive consumer of content to its creator. Many successful Web 2.0 applications can be classified as social software that people widely use for communicating and socialising. These can be classified as Social Media, allowing people to interacte, communicate, and collaborate in various ways. Owing to societal changes, using social media can be an important factor in being able to attract or retain employees as younger generations are joining the workforce.

• Future Web capabilities extending Web 2.0 are the Semantic Web - a set of design principles that will allow computers to be able to better index web pages, topics, and subjects.Here, computers will be able to understand the meaning of content, and search engines will be able to give richer and more accurate answers. Furthermore, the Contextual Web which is characterised by devices providing the information and content needed depending on the user's specific context.

• Enterprise 2.0 can help in sharing organisational knowledge, making businesses more innovative and productive, and helping them to effectively connect with their customers and the wider public.

• Enhancing communication using social media: 1. Blogging - the process of creating an online text diary made up of chronological entries that comment on everything from one's everyday life to wine and food, or even computer problems. Blogs are not without controversy as it is often referred to as the Amateurization of Journalism. 2. Microblogging Tools - enable people to voice their thoughts in broadcasting relatively short status updates. When posting such as microblog, users can tag words or phrases with a '#' - called a Hashtag. A word phrase or topic that is tagged at a great rate than others is said to be Trending. 3. Instant Messaging - enables real time written conversations. 4. Virtual Worlds - allow people to communicate using avatars.

of 50

• Enhancing cooperation with social media: 1. Webcasting - the distribution of digital media on digital media players. 2. Real Simple Syndication (RSS) Feeds - provided by content publishers so that users get notified of updates to the content. Where, users can subscribe to blogs, webcasts, videos, and news stories. 3. Social Bookmarking - allows users to share Internet bookmarks and create categorisation systems. 4. Social Cataloging - the creation of a categorisation system by users. 5. Tagging - manually adding metadata - data about data - to media or other content. 6. Geotagging - adding geospatial metadata (such as latitude, longitude, or altitude) to media.

• Enhancing collaboration with social media: 1. Cloud-Based Collaboration Tools - a user can access a file from multiple devices, and always having the latest version at his or her fingertips. E.g. Dropbox. 2. Content Management System - allows users to publish, edit, version track, and retrieve digital content, such as documents, images, audio files, videos, or anything else that can be digitalised. 3. Learning Management Systems - systems like blackboard and canvas. 4. Collective Intelligence - based on the notion that distributed groups of people with a divergent range of information and expertise will be able to outperform the capabilities of individual experts. 5. Peer Production - the creation of goods or service by self-organising communities. 6. Wiki - a web site allowing people to create, edit, or delete content, as well as discuss article content or suggested changes with other members of the community. 7. Crowdsourcing - a way to use everyday people as a cheap labour force. 8. Open Innovation - the process of integrating external stakeholders into the innovation process.

• Enhancing connection with social media: 1. Social Networking - create social online communicaties where individuals with a broad and diverse set of interests meet, communicate, and collaborate. 2. Social Search - increase the relevance of search results by including content from social networks, blogs, or microblogging services. 3. Viral Marketing - using the network effect to increase brand awareness. Critical factors in viral marketing are (1) do something unexpected, (2) make people feel something, (3) make sequel, (4) allow sharing/distribution, and (5) never restrict access to the viral content.

• Various factors have to be taken into account for successful Enterprise 2.0 applications:

of 50

Chapter 8: Strengthening Business-to-Business Relationships

• A Supply Chain is a collection of companies and processes involved in moving a product from the suppliers of raw materials to the suppliers of intermediate opponents, then to final production, and, ultimately, to the customer.

• The flow of materials from suppliers to customers is known as a Supply Network because of the various interrelated parties involved in moving raw materials, intermediate components, and, finally, the end product within the production process.

• Electronic Data Interchange (ED) is the computer-to-computer communication following certain standards as set by the UN economic commission. This happens without human interactions.

• Portals, in the context of B2B supply chain management (SCM), can be defined as access points through which a business partner accesses secured, proprietary information that may be dispersed through an organisation (typically using extranets).

• A Supplier Portal is a subset of an organization's extranet designed to automate the business processes that occur before, during, and aftersales have been transacted between the organization and its multiple suppliers.

• Customer Portals are designed to automate the business processes that occur before, during, and after sales transactions between a supplier and multiple customers.

• Business-to-business marketplace are operated by third-party vendors, meaning they are built and maintained by a separate entity rather than being associated with a particular buyer or suppler.

• In summary:

of 50

• Vertical Markets are markets comprised of firms operating within a certain industry sector.

• Benefits of effectively managing supply chains: > Just-in-Time Strategies (JIT) - keeping inventory is costly and does not add values and so, these companies order quantities when they are needed for production. > Vendor-Managed Inventory (VMI) - a business model in which suppliers to a manufacturer manage the manufacturer's inventory based on negotiated service levels. > Reduce the Bullwhip Effect - where a tiny flick of the wrist creates a big movement at the other end of the whip. > Corporate Social Responsibility

• Supply Chain Management improves the coordination of suppliers, product/service production, and distribution. When executed successfully, SCM helps in not only reducing inventory costs, but also enhancing revenue through improved customer service.

• A supply chain strategy requires balancing supply chain efficiency and effectiveness. Supply Chain Efficiency is the extent to which a company's supply chain is focusing minimising procurement, production, and transportation costs, sometimes by sacrificing excellent customer service. In contrast, Supply Chain Effectiveness is the extent to which a company's supply chain is focusing on maximising customer service, with lesser focus on reducing procurement, production, and transportation costs.

• Supply Chain Planning (SCP) involves the development of various resource plans to support the efficient and effective production of goods and services. Four key processes are generally supported by SCP modules: 1. Demand planning and forecasting 2. Distribution planning 3. Production scheduling 4. Inventory and safety stock planning

• Supply Chain Execution (SCE) is the execution of SCAP. Essentially, SCE puts the SCM planning into motion and reflect the processes involved in improving the collaboration of all members of the supply chain. It involves the management of three elements: 1. Product Flow - the movement of goods from the supplier to production, from production to distribution, and from distribution to the consumer. 2. Information Flow - the movement of information along the supply chain. 3. Financial Flow - the movement of financial assets through the supply chain.

• Radio Frequency Identification (RID) is a key technology helping to monitor product flows. It uses electromagnetic energy to transmit information between a reader and a processing device, or RFID tag. RFID Tags can be used just about anywhere a unique identification system might be needed, such as clothing, pets, cars, keys, etc.

• Extensible Markup Language (XML) is a key enabler for optimising information flows. It is a standard for exchanging structured information over the web. XML allows creating documents consisting of customised tags, enabling the definition, transmission, validation, and interpretation of data between applications and between organisations.

of 50

• Extensible Business Report Language (XBRL) is an XML-based specification for publishing financial information. XBRL makes it easier for public and private companies to share information with each other, with industry analysts, and with shareholders.

• Supply Chain Visibility refers to the ability not only to track products as they move through the supply chain but also to foresee external events. Being able to see where a shipment is at any given time can be of tremendous help.

• Supply Chain Analytics refers to the use of key performance indicators to monitor performance of the entire supply chain, including sourcing, planning, production, and distribution.

• Today's empowered customers have many ways to obtain and spread information and opinions about companies. Think of: > Blogs > Online Product Reviews > Search Engines > Price Comparison Sites > Video-Sharing Sites > Social Networks > Microblogs

• Increasing First-Call Resolution - addressing the customers' issues during the first call - can help save costs while increasing customers satisfaction.

• Organisations are deploying Customer Relationship Management (CRM) Systems. CRM is not simply a technology, but also a corporate-level strategy to create and maintain, though the introduction of reliable systems, processes, and procedures, lasting relationships with customers by concentrating on downstream information flows.

• Companies must realise that a successful CRM strategy must include enterprise-wide changes, including changes to: 1. Business Processes and Policies 2. Customer Service 3. Employee Training 4. Data Collection, Analysis, and Sharing

• A comprehensive CRM system comprises three primary components: 1. Operational CRM: includes the systems used to enable customer interaction nan service. The first component of an operation CRM is Sales Force Automation (SFA) - modules that support the day-to-day sales activities of an organization. The second component of an operational CRM system is Customer Service and Support (CSS) - modules that automate service requests, complaints, product returns, and information requests. Today, organisations are deploying a Customer Engagement Center (CEC) using multiple communication channels to support the communication preferences of customers, like a Facebook page. The third component is Enterprise Marketing Management (EMM) which helps a company in the execution of the CRM strategy by improving the management of promotional campaigns. 2. Analytical CRM: focuses on analysing customer behaviour and perceptions in order to provide the business intelligence necessary to identify new opportunities and to provide

of 50

superior customer service. The use of social media for customer relationship management is often referred to as Social CRM. Social Media Monitoring is the process of identifying and assessing the volume and sentiment of what is being said about a company, individual, product, or brand. 3. Collaborative CRM: refers to systems for providing effective and efficient communication with the customer from the entire organisation. Collaborate CRM systems facilitate the sharing of information across the various departments of an organisation in order to increase customer satisfaction and loyalty. Collaborative CRM enhance communication by greater customer focus, lower communication barriers, and increased information integration.

Chapter 10: Securing Information Systems

• Computer Crime is the use of a computer to commit an illegal act. This includes: 1. Targeting a computer while committing an offence 2. Using a computer to commit an offence 3. Using customers to support a criminal activity despite the fact that computers are not actually targeted

• Hackers are individuals who are knowledgable enough to gain access to computer systems without authorization.

• Crackers are those who break into computer systems with the intention of doing damage or committing a crime.

• Hacktivists are computer criminals that attempt to break into systems or deface Web sites to promote political or ideological goals.

• Vulnerability Scanners are sophisticated software that automatically test targeted systems for weakness. Computer criminals use this to gain access.

• Packet Sniffers are used to analyse network traffic and capture unencrypted passwords, keyloggers or tools to break passwords using a brute-force approach.

• Alternatively, crackers try to exploit human weaknesses by using methods such as: > Phishing Attacks > Social Engineering - misrepresenting oneself to trick others into revealing information > Shoulder Surfing - looking over one's shoulder while the person is keying in access information > Dumpster Diving - scouring wastebaskets for potentially useful information

• Unauthorised Access occurs whenever people who are not authorised to see, manipulate, or otherwise handle information look through electronically stored information for useful data, peek at monitors displaying proprietary or confidential information, or intercept electronic information on the way to its destination.

• Insider Threats are trusted adversaries who operate within an organisation's boundaries and are a significant danger to both private and public sectors. They include disgruntled employees or ex-employees, potential employees, contractors, business partners, or

of 50

auditors.

• Backdoors are hidden access points allowing for unauthorised access.

• Information Modification occurs when someone accesses electronic information and then changes the information in some way, such as when crackers hack into government Web sites and change information or when employees give themselves electronic raises and bonuses.

• Jailbreaking is modifying the operating system to remove manufacturer or carrier restrictions - often done to run applications other than those from the official app store.

• Malware - short for malicious software such as viruses, worms, and Trojan horses - have a tremendous economic impact on the world, costing organisations a lot of money to respond to and enact countermeasures.

• A Virus is a destructive program that disrupts the normal functioning of computer systems. Viruses can reproduce themselves.

• A Worm is a variation of a virus that is targeted at networks, is designed to spread by itself, without the need for a n infected host file to be shared.

• How a computer virus is spread? 1. A hacker rates a virus and attaches it to a real programmer file on a web site. 2. Users download the file thinking it is a legitimate file or program. Once downloaded, it infects other files and programs on the machine. 3. E-mail attachments and files shared with friends and coworkers contain the virus. 4. Virus spreads rapidly throughout the Internet.

• Trojan Horses appear to be legitimate, benign programs, but carry a destructive payload. They do not replicate themselves, but can do much damage.

• Logic Bombs or Time Bombs lie in wait for unsuspecting computer users to perform a triggering operations. Time bombs are set off by specific dates. Logic bombs are set off by specific types of operations.

• A new malware, Ransomware, has emerged. It holds a user's computer hostage by locking or taking control of the user's computer, or encrypting files or documents.

• Denial-of-Service Attacks occur when electronic intruders deliberately attempt to prevent legitimate users of a service from using that service, often by using up all of a system's resources. To execute such attacks, intruders often create armies of Zombie Computers by infecting computers that ar eloped in homes, schools, and businesses with viruses or worms.

• Three additional ways in which information systems can be threatened are spyware, spam, and cookies.

of 50

• Spyware refers to any software that covertly gathers information about a user through an Internet connection without the user's knowledge. It can monitor your activity and secretly transmit that information to someone else. Keyloggers can capture every keystroke and thus gather information such as email addresses, passwords, and credit card numbers. Often, Adware - free software paid for by advertisements appearing during the use of the software - contain spyware that collects information about a person's Web surfing behaviour in order to customise Web site banner advertisements.

• Spam is electronic junk mail or junk newsgroup posting, usually for the purpose of advertising some product/service. It wastes our times and eats up huge amounts of storage space and network bandwidth. Internet service providers and those who manage e-mail within organisations often use Spam Filters to fight spam. They use multiple defines layers to help reduce the amount of spam processed by the central e-mail servers and delivered to user's in-boxes. In the worst case, spam is used for Phishing, which are attempts to trick financial account and credit card holders into giving away their authentication information, usually by sending spam message to literally millions of e-mail accounts. Spear Phishing is a more sophisticated fraudulent e-mail attack that targets a specific person or organisation by personalising the message in order to make the message appear as if it is from a trusted source such as an individual within the recipient's company, a government entity, or a well-known company. A CAPTCHA consists of a distorted image displaying a combination of letters/numbers that a user has to input into a form before submitting it. As the image is distorted, only humans can interpret the letters/numbers, preventing the use of automated bots for creating accounts or posting spam to forums, blogs, or wikis.

• A Cookie is a small text file passed to a Web browser on a user's computer by a Web server. The browsers stores the message into a text file, and the message is sent back to the server each time the user's browser requests a page from that server.

• Destructive software robots called bots, working together on a collection of zombie computers via the Internet, called Botnets, have become the standard method of operation for professional cybercriminals.

• Identity Theft is the stealing of another person's social security number, credit card number, and other personal information for the purpose of using the victim's credit rating to borrow money, buy merchandise, and otherwise run up debts that are never repaid.

• Cyberharassment is the use of computer to communicate obscene, vulgar, or treating content that causes a reasonable person to endure distress. A single offence message can be considered cyberharassment. Repeated contacts with a victim are referred to as Cyberstalking. The intention of Cyberbullying is to deliberately cause emotional distress in the victim. Cyberharassment, cyberstalking, and cyberbullying are usually targeting at a particular person or group as a means of taking revenge or expressing hatred.

• Online Predators typically target vulnerable people, usually the young or old, for sexual or financial purposes.

• Software Piracy is buying one copy of a software applications and then making many copies to distribute them to employees.

of 50

• Patents typically refer to proces, machine, or material inventions. Whereas, Copyrights refers to creations of the mind such as music, literature, or software.

• Warez Peddling is offering stolen proprietary software for free over the Internet. Warez is the slang term for stolen software.

• Reverse Engineering is disassembling the software to discover and understand any protection mechanisms built into the software by its original developer.

• A Key Generator is a fake license key to circumvent the protection mechanism. This can be done after reverse engineering has successfully been completed.

• Another form is piracy is Cybersquatting, the dubious practice of registering a domain name and then trying to sell the name for big bucks to the person, company, or organisation most likely to want it.

• Cyberwar refers to an organised attempt by a country's military to disrupt or destroy the information and communication systems of another country. It is often executed simultaneously with traditional methods to quickly dissipate the capabilities of an enemy, and intelligence agencies from countries around the world which are secretly testing networks and looking for weaknesses in their potential enemies' computer systems.

• Cyberterrorism is launched not by governments but by individuals and organised groups. It is the use of computer and networking technologies against persons or property to intimidate or coerce governments, civilians, or any segment of society in order to attain political, religious, or ideological goals.

• Categories of potential cyberterrorist attacks: 1. Coordinated bomb attacks 2. Manipulation of financial/banking information 3. Manipulation of the pharmaceutical industry 4. Manipulation of transportation control systems 5. Manipulation of the broader civilian infrastructures 6. Manipulation of the nuclear power plants

• How terrorists are using the Internet: > Information dissemination > Data mining > Fundraising > Recruiting and mobilisation > Networking > Information sharing > Training > Planning/coordinating > Information gathering > Location monitoring

• Primary threats to the security of information systems: 1. Natural Disasters - power outages, hurricanes, floods

of 50

2. Accidents - inexperienced or careless computer operators 3. Employees and Consultants 4. Links to Outside Business Contacts 5. Outsiders

• Information Systems Security refers to precautions taken to keep al aspects of informations systems safe from destruction, manipulation, or unauthorised use or access, while providing the intended functionality to legitimate users.

• Organisations must ensure: 1. Availability 2. Integrity 3. Confidentiality 4. Accountability

• As threats to information systems constantly evolve, information systems security is an ongoing process, consisting of: 1. Assessing Risks 2. Developing a Security Strategy 3. Implementing Controls and Training

4. Monitoring Security

• Information Systems Risk Assessment is done to obtain an understanding of the risks to the availability, integrity, and confidentially of data and systems.

• Threats are typically defined as undesirable events that can cause harm, and can arise from actions performed by agents internal or external to an organisation. They can come from current of former insiders as well as criminals, competitors, terrorists, or the elements.

• Vulnerabilities are defined as weaknesses in an organisation's system or security policies that can be exploited to cause damage, and can encompass both known vulnerabilities and expected vulnerabilities.

of 50

• Organisations have to understand the interplay between threats, vulnerabilities, and

impacts to plan and implement effective IS controls:

• Option for addressing IS Risks: 1. Risk Reduction - taking active countermeasures to protect your systems 2. Risk Acceptance - accepting risk and living with it 3. Risk Transference - having someone else absorb the risk 4. Risk Avoidance - using alternate means, or not perform tasks that would cause a risks

• Information System Controls helps an organisation to control costs, gain and protect trust, remain competities, and comply with internal or external governance mandates. An IS security strategy should focus on: 1. Preventive Controls: to prevent any potentially negative event from occurring. 2. Detective Controls: to assess whether anything went wrong. 3. Corrective Controls: to mitigate the impact of any problem after it has arisen.

• Acceptable Use Policies are Internet use policies for people within an organisation, with clearly spelled out penalties for noncompliance. In general, policies/procedures that guide user's decisions and establish responsibilities include: 1. Information Policy: outlines how sensitive information will be handled, stored, transmitted, and destroyed. 2. Security Policy: explains technical controls on all organisational computer systems. 3. Use Policy: outlines the organisation's policy regarding appropriate use of in-house computer systems. 4. Backup Policy: explains requirements for backing up information. 5. Account Management Policy: lists procedures for adding new users to systems and removing users who have left the organisation. 6. Incident Handling Procedures: lists procedures to follow when handling a security breach. 7. Disaster Recovery Plan: lists all the steps an organisation will take to restore

of 50

computer operations in case of a natural or deliberate disaster.

• A Business Continuity Plan describes how a business continues operating after a disaster, before normal operations have been restored; relatedly, a Disaster Recovery Plan spells out all the detailed procedures for recording from systems-related disasters.

• Backup Sites are critical for business continuity in the event of a disaster strikes; in other words, backup sites can be thought of as a company's office in a temporary locations. In addition, organisations have Backups of important data in place.

• A Cold Backup Site is nothing more than an empty warehouse with all necessary connections for power and communication but nothing else. A Hot Backup Site is a fully equipped backup facility, having everything from office chairs to a one-on-one replication of the most current data.

• Recovery Time Objectives specify the maximum time allowed to recover form a catastrophic event.

• Recovery Point Objectives specify how current the backup data should be.

• Commonly used controls to safeguard IS: > Physical access restrictions > Firewalls > Encryption > Virus monitoring and prevention > Secure data centers > Systems development controls > Human controls

• Authentication refers to confirming the identity of a user. Commonly, this is a password or ID.

• Access is usually limited by making it depended on one oft he following: 1. Something you have: keys, picture identification cards, smart cards, badges, etc. 2. Something you know: passwords, code numbers, PIN number, lock combinations, etc. 3. Something you are: unique attributes, such as fingerprints, voice patterns.

• Biometrics is one of the most sophisticated forms of governing access to systems, data, and/or facilities. With biometrics, employees may be identified by fingerprints, retinal patterns in the eye, facial features, or other bodily characteristics before being granted access to use a computer or to enter a facility.

• Access-Control Software can reduce vulnerabilities by allowing computer users access only to those files related to their work.

• A Drive-by Hacking is where an attacker accesses the network, intercepts data from it, and even uses network services and/or sends attack instructions to it without having to enter the home, office, or organisations that owns the network. Wireless LAN controls to

of 50

methods of configuring the WLAN so that only authorised users can gain access.

• A Virtual Private Network (VPN) is a network connection that is constructed dynamically within an existing network in order to connect user or nodes.

• Creating an encrypted tunnel to send secure (private) data over the (public) Internet is known as Tunneling.

• A Firewall is part of a computer system designed to detect intrusion and prevent unauthorised access to or from a private network. It does so by permitting authorised communication to flow in and out of the organisation to the broader Internet.

• Encryption is the process of encoding messages using an encryption key before they enter the network or airwaves, then decoding them using a matching key at the receiving end of the transmission so that the intended recipient can read or hear them. Hence, it is used to encode information so that unauthorised people cannot understand it.

• Certificate Authority is implementing encryption on a large scale - through the use of a third party.

• Secure Sockets Layers is a popular public key encryption method used on the Internet. There are many different encryption approaches for different types of data transmission.

• Virus Prevention is a set of activities for detecting and preventing computer viruses. It has become a full-time, important tasks for IS departments within organisations and for all of us with our personal computers.

• Potential threats to IS facilities include floods, hurricanes, terrorism, power outages/blackouts, and seismic activity.

• Absolute protection against security breaches remains out of reach, but there are a few safeguards organisations can employ: 1. Site Selection: ensuring data centers are not built in areas that ar prone to natural disasters. 2. Physical Access Restrictions: be protected from intruders using measures such as fences, barriers, and security guards. 3. Intrusion Detections: closed-circuit television systems should monitor the physical interior/exterior of a facility for physical intruders, allowing in-house security personnel or an outside security service to detect and immediately report suspicious activity. 4. Uninterruptible Power and Cooling: data centers should be self-sufficient and able to operate for a pre-specified time period on self-generated power. 5. Protection from Environment Threats: should be built to withstand strong winds.

• Collocation Facilities are facilities that are rented to store servers.

• Human safeguards for IS security: 1. Federal and state laws 2. Effective management

of 50

3. Ethical behaviour

• Organisations should monitor internal and external threats and vulnerabilities to ensure the effectiveness of their IS controls.

• An Information System Audit can help organisations sees the state of their IS controls to determine necessary changes and to help ensure the information systems' availability, integrity, and confidentially.

• Auditors frequently rely on Computer-Assisted Audit Tools to test applications and data using test data or simulations, or tools such as vulnerability scanners or packet sniffers.

• Sarbanes-Oxley Acts mandates companies to demonstrate compliance with accounting standards and toe establish controls and sound corporate governance.

• Control Objective for Information and Related Technology (COBIT) is a set of best practices that helps organisations both maximise the benefits from their IS infrastructure and establish appropriate controls. It makes it easier for companies to reviews their entire IS infrastructure.

• Computer Forensics is the use of formal investigative techniques to evaluate digital information for judicial review. Most often, these evaluate various types of storage devices to find traces of illegal activity or to gain evidence in related non-computer crimes.

• A Honeypot is a computer data, or network site that is designed to be enticing to crackers so as to detect, deflect, or counteract illegal activity.

• Companies need to continue to implement vigilant approaches to better manage information systems security in the digital world.

Chapter 9: Developing and Acquiring Information Systems

• Making the Business Case refers to the process of identifying, quantifying, and presenting the value provided by a system.

• The Productivity Paradox is the slowdown in productivity growth. It is a result of several factors: 1. Time lags 2. Measurement 3. Redistribution 4. Mismanagement

• A successful business case will be based on faith, fear, and fact.

• A cost-benefit analysis is done to determine the Total Cost of Ownership (TCO) for an investment. It is focused on understanding not only the total cost of acquisition but also all costs associated with ongoing use and maintenance of a system. Costs can be divided into two categories: 1. Non-Recurring Costs: one-time costs that are not expected to continue after the

of 50

system is implement. 2. Recurring Costs: ongoing costs that occur throughout the life of the system.

• Tangible Costs are easy to quantity. However, Intangible Costs ought to be accounted for as well, even though they will to fit neatly into the quantitive analysis.

• Tangible Benefits are easy to determine. For instance, you can estimate that the increased customer reach of the new Web-based system will result in at least a modest increase in sales. Intangible Benefits are harder to track. For example, this may include improvements in customer service resulting from faster turnaround on fulfilling orders.

• Alternatively, a Break-Even Analysis can be performed, to identify at what point tangible benefits equal tangible costs. Or, a Net-Present-Value Analysis of the relevant cash flow streams associated with the system at the organisation's Discount Rate (i.e., the rate of return used by an organisation to compute the present value of future cash flows).

• Weighted Multicriteria Analysis is a method to decide among different IS investment or considering alternative designs.

• Presenting the business case: 1. Know the audience 2. Convert benefits to monetary terms 3. Devise proxy variables (i.e., alternative measures of outcomes) 4. Measure what is important to management

• Systems Analysis and Design is the process of designing, building, and maintaining information systems. Likewise, the individual who performs this task is referred to as a Systems Analysts.

• Custom Software is developed to meet the specifications of an organisation. Custom software has two advantages over general purpose commercial technologies: 1. Customisability: the software can be tailored to meet unique organisational requirements. 2. Problem Specificity: the company pays only for the features required for its users.

• Open Source Software refers to software to which people around the world are contributing their time and expertise to develop or improve it, ranging from operating systems to application software.

• There are a variety of sources for information systems: Option 1 - build information system Option 2 - buy prepackages system/use open source software Option 3 - outsource development to third party Option 4 - open source software

• System Development Life Cycle (SDLC) describes the life of an information system from conception to retirement. The SDLC has four primary stages: Phase 1: Systems Planning and Selection (to identify, plan, and select a development project from all possible projects that could be performed)

of 50

Phase 2: Systems Analysis (for designers to gain a thorough understanding of an organisation's current way of doing things in the area for which the new IS will be constructed) Phase 3: Systems Design (the proposed system is designed) Phase 4: Systems Implementation and Operation (transforming the system design into a

working IS)

• Organisations differ in how they identify, plan, and select project. Some organisations have a formal Information Systems Planning process whereby a senior manager, a business group, an IS manager, or a sterring committee identifies and assesses all possible systems development project that the organisation could undertake.

• Requirements Collection is the process of gathering and organising information from users, managers, customers, business processes, and documents, to understand how a proposed information system should functions. A variety techniques are often used: > Interviews > Questionnaires > Observations > Document Analysis > Joint Application Design (i.e., a group meeting-based process for requirements collections)

• In the system analysis, companies should model how data are being input, processed, and presented to the users. As the name implies, Data Flows represent the movement of data through an organisation or within an IS. Processing Logic represents the way in which the data are transformed. Finally, Processing Pseudocode is a representation of the program's internal functioning, independent of the actual programming language being used.

• The elements that must be designed when building an IS: 1. Processing and logic 2. Databases and files 3. Human-Computer Interface (HCI) - the point of contact between a system and users.

• Increasing a system's Usability - that is, whether a system is easy to use and aesthetically pleasing - can lower error rates, increase efficiency, or increase customer

of 50

satisfaction.

• Before a system is complete, a broad range of tests need to be conducted. This includes, developmental testing, alpha testing, and beta testing.

• System Conversion is the process of decommissioning the current way of doing things and installing the new system in the organisation.

• After an IS is installed, it is essential in the System Maintenance phase. A system does not wear out in the physical manner, but it must still be systematically repaired/improved. The types of maintenance include: 1. Corrective Maintenance: making changes to an IS to repair flaws in the design, coding, or implementation. 2. Adaptive Maintenance: making changes to an IS to evolve its functionality, to accommodate changing business needs, or to migrate it to a different operating environment. 3. Preventive Maintenance: making changes to a system to reduce the chance of future system failure. 4. Perfective Maintenance: making enhancements to improve processing performance or interface usability, or adding desired but not necessarily required system features.

• Change Request Management is a formal process that ensures that any proposed system changes are documented, reviewed for potential risks, appropriately authorised, prioritised, and carefully management (to establish an audit trial; to be able to trace back who reviewed, authorised, implemented, or tested the changes).

• Patch Management Systems facilitate the different forms of systems maintenance for the user. They use the Internet to check the software vendor's Web site for available patches and/or updates. If the software vendor offers a new patch, the application will download and install the patch in order to fix the software flaw.

of 50

• A commonly used alternative to the SDLC is Prototyping, which uses a trial-and-error approach to discover how a system should operation. You may think that this does not sound like a process t all; however, you probably use prototyping all the time in many of

your day-to-day activities, but you just don't know it.

• Four situations in which you might need to consider alternative development strategies: Situation 1: Limited IS Staff Situation 2: IS Staff Has Limited Skills Set Situation 3: IS Staff is Overworked Situation 4: Problems with Performance of IS Staff

• Purchasing an existing system from an outside vendor is referred to as an External Acquisition. Most competitive external acquisition processes have at least five general steps: 1. Systems planning and selection 2. Systems analysis 3. Development of a request for proposal 4. Proposal evaluation 5. Vendor selection

• A Request for Proposal (RFP) is a document that is used to tell vendors what your requirements are and to invite them to provide information about how they might be able to meet those requirements Among the areas that may be covered in an RFP are the following: > A summary of existing systems and applications > Requirements for system performance and features > Reliability, backup, and service requirements > The criteria that will be used to evaluate proposals > Timetable and budget constraints

• Systems Benchmarking is the use of standardised performance tests to facilitate comparison between systems. They are sample programs or jobs that simulate a system's workload. Common system benchmarks include: 1. Response time given a specified number of users

of 50

2. Time to sort records 3. Time to retrieve a set of records 4. Time to produce a given report 5. Time to read in a set of data

Hardware Criteria Software Criteria Other Criteria

Clock Speeds of CPU Memory Requirements Installation

Memory Availability Help Features Testing

Secondary Storage Usability Price

Video Display Size Learnability

Printer Speed Number of Features Supported

Training and Documentation

Maintenance and Repair

• Commonly used evaluation criteria:

• Shrink-Wrap Licenses and Click-Wrap Licenses accompany the software, which are used primarily for generic, off-the-shelf application and systems software. The shrink-wrapped contract has been named as such because the contract is activated when the shrink wrap on the packaging has been removed; similarly, a click-wrap license refers to a license primarily used for downloaded software that requires computer users to click on "I accept" before installing.

• Enterprise Licenses/Volume License can vary greatly and are usually negotiated. They contain limitation of liability and warranty disclaimers that protect the software vendor from being sued if its software does not operate as expected.

• Software Asset Management helps organisations to avoid negative consequences. It consists of a set of activities, such as performing a software inventory, matching the installed software with the licenses, reviewing software related policies and procedures and creating a software asset management plan.

• Outsourcing refers to the turning over of partial or entire responsibility for IS development and management to an outside organisation.

• A firm might outsource some (or all) of its IS services for various reasons: > Cost and quality concerns > Problems in IS performance > Supplier pressures > Simplifying, downsizing, and reengineering > Financial factors > Organisational culture > Internal irritants

Aureus Summary · Summary - Business Information Systems Chapter 1: Managing the Digital World •...

Documents

Transcript of Aureus Summary · Summary - Business Information Systems Chapter 1: Managing the Digital World •...