Chapter 1: The Importance of MIS
1. Why is Introduction to MIS the most important class
in the business school?
● Technology is fundamentally changing business and
the way society functions.
● Executives are trying to find ways to use new ways to
use new technologies to create a sustainable
competitive advantage
● You need to learn how to assess, evaluate and apply
emerging information technology to business
Digital Revolution: the conversion from mechanical and
analog devices to digital devices.
This has led to...
Information Age: Period of time where the production,
distribution and control of information is the primary driver of
the economy
What are the forces pushing the evolution of new digital
devices?
Moore’s Law: the number of transistors per square inch on
an integrated chip doubles every 18 months; computers are
getting exponentially faster and the cost of data processing is
approaching zero
Bell’s Law: a new computer class forms roughly each
decade establishing a new industry
 Example: the music industry has gone from vinyl to
cassette tapes to CD’s to downloads to streaming
Metcalfe’s Law: the value of a network is equal to the square
of the number of users connected to it; network speeds are
increasing.
Kryder’s Law: the storage density on magnetic disks is
increasing at an exponential rate while the cost of storing data
is approaching zero
 Example: from floppy disk to USB to external
hard drive to cloud storage
4. What is MIS?
○ Management Information Systems
○ The goal of MIS is the management and use of
information systems to achieve business strategies
○ Develop, maintain and adapt by creating information
systems to meet your needs, take an active role in
system’s development
■ Business professionals use cognitive skills to
understand business needs and requirements
○ Five components of an Information system
Hardware Software Data Procedures People
5. What is your role in IS security?
○ Keep passwords different from previous passwords, scrambled letters (capital and non-capital), numbers, and
special characters
Don’t write down your password, ask for someone’s password, give away your password
2. How will MIS affect me?
● Technological change is accelerating, as an effect
of Bell’s Law, highly successful businesses can
quickly go bankrupt when they don’t adapt to
technology quickly enough
○ E.g. Blockbuster went bankrupt and had to
close many stores while Netflix which started
as DVD rental managed to evolve into the
leaders of streaming entertainment
3. Why are MIS-related jobs in high demand?
● By Moore’s Law, Metcalfe’s Law and Kryder’s
Law, data processing, storage and communication
costs are driving towards essentially zero
● Any routine skill can, and will be, outsources to
the lowest bidder which is automation
● Rapid technological change and increased
international competition requires non-routine and
cognitive skills and the ability to adapt.
Reich’s 4 Marketable Skills
1. Abstract Reasoning
 Construct/conceptualize a model or
representation
2. Systems Thinking
 Model system components and show how
component’s inputs and outputs relate to one
another/reflect structure and dynamics
 Ability to discuss, illustrate, critique systems;
compare alternative systems; apply different
systems to different situations
3. Collaboration
 People working together to achieve a common
goal, result or work product
 Develop ideas and plans with others
 Provide and receive critical feedback
4. Ability to experiment
 Create and test promising new alternatives,
consistent with available resources
 Make reasoned analysis of an opportunity;
develop and evaluate possible solutions
 Don’t be afraid of failure, that’s where the best
ideas come from
 Chapter 2: Business processes, information systems and information
1. Why does the Falcon Security team need to understand business processes?
○ For informed, effective discussions and evaluations
■ Create abstraction or model of Falcon's current processes
■ Identify new business processes and information systems to support drone production
■ Determine if savings justify changing business processes
■ See if old processes or technology can be repurposed/reused for new processes

2. How can business process modelling help organizations?

Swim lane diagram before and after ■ Activities: specific tasks that need to be
accomplished as part of the process
■ Role: subset of activities in a business
process that is performed by an actor
■ Actor: person, group, department,
organization or information system
■ Repository: collection of data stored
within the business process
3. How can information systems improve
process quality?
○ Two dimensions of process quality
■ Efficiency: ratio of benefits to costs
■ Effectiveness: enables organization
to accomplish their strategies
○ In the case of Best Bikes, a single
repository system would be best
■ Less costly, generates fewer errors
and is just as effective
○ Process costs
■ BPMN does not show costs directly
■ A major source of costs is labor to
perform the activity
■ Computer networks, emails and other
systems are needed to support data
flows
■ Cost of infrastructure is a part of
business process costs
○ Process quality can be improved through
the five elements of information systems
■ Actors: Hardware and people
■ Instructions: Procedures and
Software
4. What is information? ■ Bridge between computers and
○ Several varying definitions humans: data
■ Knowledge derived from data, where data is recorded facts or ■ Automation moves work from the
figures human side to the computer side
■ Data presented in a meaningful context (generally cheaper)
■ Processed data, or data processed by summing, ordering, 5. What data characteristics are
averaging, grouping, comparing or other similar operations necessary for quality information?
○ Where can information be found? ○ Accurate
■ Information is data that you and others use to conceive ○ Timely
information ○ Relevant
■ Graphs, tables, charts in themselves are just data ■ To context
■ The ability to conceive information from data is determined by ■ To subject
cognitive skills, information you conceive from it is the value ○ Just barely sufficient: to avoid
you add to the information system information overload and redundant
■ People can conceive different information from the same set of information
data, some data is open to interpretation but depends on ○ Worth its cost: is the data collected
context necessary or important to achieve the
organization’s strategies?
 Chapter 3: Organizational strategy, information systems & competitive advantage
1. How does organizational strategy determine information systems requirements?

2. What five forces determine industry structure? 3. What is competitive strategy?

○ Porter’s Five Forces (they can be classified as weak ○ Porter’s four competitive strategies
or strong)
○ Threat of substitutes: how many other companies
sell similar products?
○ Threat of new entrants: how easily can new
people enter the market?
○ Rivalry: expansion, competitors
○ Bargaining power of suppliers: how much can
suppliers change prices of products they sell
○ Bargaining power of customers: how much can
customers negotiate prices
○ To be effective the organization’s goals, objectives,
culture and activities must be consistent with the
organizations strategy

4. How does competitive determine business processes and ■ Supporting activities: to assist and
information systems? facilitate primary activities
1. Procurement
2. Technology
3. Human resources
4. Firm infrastructure
■ Linkages: where activities connect
with each other, key part where
costs can be reduced
■ Margin = value - cost
■ Value: amount of money the
customer is willing to for a
resource

○ Value chain: network of value creating activities

Primary activities: directly related to the production of the organizations
products/services
1. Inbound logistics: receiving, storing, and disseminating inputs to the
product
2. Operations/manufacturing: transforming inputs into the final product
3. Outbound logistics: collecting, storing and physically distributing the
product to buyers
4. Sales and marketing: inducing buyers to purchase the product and
providing a means to do so
5. Customer service: assisting customer’s use of the product and thus
maintaining and enhancing the product’s value
Business process: network of activities, resources, facilities and information that accomplish a business function

1. How do information systems provide ○ Process implementations

competitive advantages? ■ Lock in customers and buyers
○ Product implementations ■ Lock in suppliers
■ Create a new product or service ■ Raise barriers to market entry
■ Enhance products or services ■ Establish alliances
■ Differentiate products or services ■ Reduce costs

Chapter 4: Hardware and Software

1. What do business professionals need to know
about computer hardware?
4.1.1 Parts of a computer
○ Computer hardware: electronic components and
related gadgetry that input, process, output and store
data according to instructions encoded in computer
programs or software
4.1.2 Types of hardware
■ Personal computer (includes desktops and laptops)
■ Tablets (includes e-book readers)
■ Phablet (Phone-tablet hybrid)
■ Smartphone
■ Server: computer designed to support processing
requests from many remote computer and users
■ Server Farm: a collection of typically thousands of
servers
4.1.3 CPU (central processing unit) 4.1.4 Storage hardware
The brain of the computer Used to save data and programs
■ Selects instructions, processes them, performs ■ Non-volatile storage: available in the next boot up
them arithmetic and logical comparison and stores ● Magnetic disks (hard drives) - cheaper but
the results of the comparison in memory slower
■ Can come in dual processor (2 CPU’s) and quad ● Solid-state drive (SSD) - much faster but also
processors (4 CPU’s) but high end computers can expensive
have up to 16 CPU’s ● USB sticks
■ CPU’s vary in speed, function and cost - see also ● Optical disks (CD/DVD)
Moore’s law where speed of processing is ■ Volatile storage: will be erased during shutdown,
increasing as cost is decreasing are not available in the next boot up
■ They work in conjunction with main memory ● Cache
(RAM) and cache which is smaller but also much ● Main memory
faster and more expensive than RAM
4.1.3 Storage capacity

■ Computer disk capacities can vary, typically from 256GB to 2TB

CPU speed are measured in cycles called hertz
● Slow CPU’s have a speed of 3.0 gigahertz
● Fast PC are usually 3.5GHz+
■ For processing heavy needs 12GB+ RAM is needed for large applications e.g. gaming, whereas 4GB-8GB is
usually enough for day to day processes
2. How can new hardware affect competitive strategies?
○ Smart devices: By adding more processing power, larger memory, Internet access, Wi-Fi connectivity, ability to
interconnect with other devices and applications
○ Internet of Things (IoT): the idea that objects are becoming connected to the internet so that they can interact
with other devices, applications or services
■ Everyday objects embedded with hardware capable of sensing, processing, transmitting data
■ Can increase efficiencies, reduce waste, improve decision making
■ Examples include smart devices in building to prevent electricity waste, hospitals, power grids,
railroads etc
○ Self-driving cars: using a variety of sensors to navigate without human intervention; an integrated system of
hardware/software to be a mobile system
■ Can make life easier, cheaper and safer
■ Reduce human error with fewer accidents and traffic control tickets
■ Can eliminate the need for multiple cars in a household
■ Current processes/business models will need to change
● Fewer auto sales
● Changes in auto loans, insurance, car repair
● More jobs for engineers, programmers, system designers to design more hardware, sensors
and cameras
○ 3D Printing: can print a wide variety of materials, revolutionizing industries
■ Materials include plastics, metals, ceramics, foods, biological materials
■ Opportunities in aerospace, defense, automotive, entertainment and health care - could possibly be
scaled up in the future
 3. What do business professionals need to know about software?
○
Operating Systems Application programs

Client Programs that control the Applications that are

client computer’s resources processed on client
computers

Server Programs that control the Applications that are

server computer’s resources processed on server
computers
○ Native applications: thick-client programs written to use a particular OS e.g. Microsoft Edge, iTunes
○ Web applications: thin-client applications which are designed to run within the browser so they can run
on any computer, has less sophistication/complexity e.g. YouTube, Canva

4.3.1 Operating Systems

○ Operating Systems: a program that
controls a computer's resources
■ Reads and writes data
■ Allocates main memory
■ Memory swapping
■ Start and stop programs
■ Respond to errors, facilitate
backup and recovery
○ Firmware: a computer software
installed on devices such as
printers, print servers and various
communication devices; installed
into special read-only memory in
the printer or other device

4.3.2 Licensing
○ Licensing software: right to use a specified number of copies, limits the vendor’s liability.
■ E.g. closed-source/proprietary software code is only available to trusted employees and carefully vetted
contractors e.g. Microsoft Office Suite
○ Site license: a flat fee to install software on all company computers or all computers at a specific site
○ Open source: no license fee; typically, free and modifiable, source code is publicly available
■ Developers open source to
● Exercise creativity on interesting and fulfilling projects
● Have the freedom to choose projects
● Exhibits one’s skills to get a job
● Can start a business selling services
● Is a collaborative effort
■ E.g. GNM: a set of tools used to build Unix, an open source OS which evolved into Linux
■ Source code (human readable computer code)  machine code (compiled into instructions executed
directly by computers CPU)  software
4.3.3. Types of Applications

4. Is open source software a viable alternative?

○ Succeeds with collaboration; is open to redesigns and new
features
○ Depends on requirements and restraints of the company
○ “Free” open source software might require support and
operational costs which exceed the licensing fee costs
○ In the future a blend of proprietary and open source might
exists

Chapter 5: Database processing

1. Why do you need to know about databases?
○ Can database technology facilitate your project
goals?
○ Databases are ubiquitous in commerce; how can
we turn data into useful information
○ Business adaptation requires changing database
structure
○ As a future business professional you might need
to build a database
○ Purpose of databases
■ To help people organize and keep track of
things
■ Keep track of multiple themes (different
qualities)
2. What is a database?
○ Database: self-describing collection of integrated
records
■ A collections of records/tables which also
shows the relationships among the rows
(records) and columns(fields) in these table +
special data known as metadata
■ Table or files + relationships among rows in
tables + metadata
■ Self-describing: contains within itself a
description of its contents; data which about
the data
■ Metadata: Data that describes the data
making it much more useful e.g. a library
catalog
3. What is a database management
system (DBMS)?
○ Database management system: a
piece of software used to create.
Process and administer a database
■ E.g. DB2, Access, SQL
(Structured Query Language),
Oracle
○ Functions of a DBMS
■ Create a database by filling in a
GUI form, which defines a table
■ Processing the database
● Read data
● Insert data
● Modify data (open metadata
form for that table and add a
new row of metadata)
● Delete data
○ Administering the database
■ Set up security system, user
accounts, passwords, permissions,
limits for processing
■ Limit user permissions
○ Backup database, improve
performance of database applications,
remove unwanted data
4. How do database applications make
databases more useful?
○ Database applications are a collection
of the following
■ Forms
● View data; insert data,
update/delete existing data
■ Queries
● Search based upon data
values provided by user
■ Reports
● Structured presentation of data
using sorting, grouping,
filtering and other operations
■ Application programs
● Provides security, data
consistency, special purpose
processing e.g. handling out of
stock situations
● Made with OOP languages like
C++
● Typically, thick-client
applications
5. What are non-traditional DBMS products?
 Relational model has existed for more than 30 years, but
our data is changing
Need to store new data types differently
 Increasing volume of transactions with the Internet age
 ACID (atomic (all or nothing), consistent, isolated,
durable) was created to support high volume of
transactions
Need for faster processing using many servers
 Non-relational databases are a lot faster to process by
using many servers
 E.g. Facebook Cassandra
Types of Non-traditional DBMS
1. NoSQL DBMS
○ High transaction rates processing simple data
structures e.g. Cassandra, Dynamo, MongoDB
2. NewSQL DBMS
○ Provide ACID support
○ May or may not support relational models
3. In-memory DBMS
○ Process databases in main memory
○ Support or extend the relational model
○ E.g. SAP-Hana

Chapter 6: The Cloud

1. Why is the cloud the future for most organizations?
○ The Cloud: elastic leasing of pooled computer resources via the Internet
■ Elastic: automatically adjusts for unpredictable demand (pay for what you use); limits financial risks
■ Pooled: Same physical hardware, economies of scale - by increasing the size of the operation, the average
cost of production decreases
● Shared through virtualization
● Cloud vendors will have very large web farms hosting many servers
■ Over the Internet
● Service-oriented architecture - a way of designing computer programs so that they can be flexibly
combined like Lego bricks for cloud processing, can be used so programs can formally define the
services they perform
● Based on web-service standards; worldwide standards that programs use to declare what they do, the
structure of the data they process and the ways they will communicate
 Now using the cloud is cheaper and easier with advances in processing power, virtualization technology
and standardized internet processes enable flexible and reliable processing capabilities
 Using the cloud does not make sense when the law or standard industry practice requires physical control
or possession of the data e.g. a bank
 Cloud In house

Advantages Disadvantages Advantages Disadvantages

Possibly best-of-breed; Dependency on vendor; In-depth visibility of Difficult (impossible) to meet

disaster preparedness vendor can suddenly change security and disaster fluctuating demand
policies, prices and preparedness
management

Speedy development Loss control over data location Control of data location Significant development effort

Industry-wide economies Little visibility into true security Increased management

of scale, significantly and disaster preparedness requirements
cheaper capabilities

Known cost structures Staff and train personnel

Small capital Significant capital required

requirements

No obsolescence Cost uncertainties

Flexibility Annual maintenance costs

Obsolescence
2. How do organizations use the cloud? 6.2.1 Content Delivery Networks (CDN)
■ System of distributed servers (around the
Cloud Category Example
world) that deliver webpages and other Web
content on demand
SaaS (software as a service): Salesforce.com
■ Specialized type of PaaS, but it’s essentially its
Provides hardware infrastructure, an Google Grid
own category
operating system and application programs Microsoft
■ Minimizes latency (delay in data transfer)
as well OneDrive and
■ Stores and delivers based on geographic
Office 365
locations of users
Apply iCloud
● Whichever server is the fastest route to
get to the user
PaaS (platform as a service): Microsoft
● Different parts of pages can come from
Provides hosted computers, an operating Azure
different servers
systems and sometimes a DBMS Oracle on
Demand
■ Benefits of CDN
IaaS (infrastructure as a service): Amazon EC2 ● Decreased, even guaranteed load time
Cloud hosting of a bare server computer or Amazon S3 ● Reduced load on origin server
data storage ● Increased reliability
● Protection from DoS attacks
3. How can Falcon Security use the cloud? ● Reduced delivery costs for mobile
○ SaaS products Falcon Security can use users
■ Thin Client applications ● Pay-as-you-go
● Google Mail ○ Web Service Principles can be applied
● Google Drive internally to Inventory application i.e. uses
● Office 365 cloud computing standards but doesn’t have
■ Customer relations management software the same elasticity and advantages of pooled
● Salesforce.com resources
● Microsoft CRM OnLine ■ Amazon ElastiCache: Fast in-memory cache
○ PaaS products that can be used (Amazon DBMS with EC2) database service
■ SQL based database services ■ Amazon Redshift: petabyte-scale data
● Amazon Relational Database service warehouse
● Amazon DynamoDB ■ CDN to distribute content worldwide and
● MongoDB respond to leads generated from advertising
IaaS: not ideal since it’s a bare bones system
which require considerable technical expertise and
management; SaaS and PaaS provide more added
value
4. How can organizations use cloud services securely?
○ Remote access using virtual private networks (VPN)
■ Uses the internet to create the appearance of private and secure connections through the use of encryption
from end to end.
■ Remote access to company resources can be done through VPN
■ Private Cloud: cloud operated by and organization for its own benefit; organization creates private internet,
designs applications using web service standards. This can be accessed through a VPN for users outside the
organization. The private cloud only provides security from within the organization
○ Virtual private cloud: subset of public cloud containing highly restricted and secure access
Most sensitive data is stored in the company’s own infrastructure, less sensitive data goes on the VPC which is more
cost effective

5. What does the cloud mean for your future?

○ Cloud services are faster, more secure, easier to use, cheaper
○ Fewer organizations set up their own infrastructure any more
○ More pooling of servers across organizations which benefits everyone through economies of scale
○ Overall size of the cloud gets bigger
○ Individuals, small business and large organizations obtain elastic resources at very low cost
○ Cloud fosters new categories of work such as tech based startups, but also leads to loss of server
management jobs, basic IT jobs with the increased automation

Extension 3: Mobile Systems

1. What are mobile systems? E3.1.1 Major elements in a mobile system
Information systems to support users in motion  Users in motion
A mobile device is a ○ Can access from any place
 Computing device  Mobile device
 Small ○ Can display data
 Lightweight ○ Allows for data entry
 Power-conserving  Wireless connectivity
 Capable of wireless access  Cloud-based resources
 iPhone, Samsung Note (Smartphone), tablets, ○ Web sites
phablets ○ Services (IM, email etc.)
○ Application code
○ Data sources
2. Why are mobile systems important?

E3.2.1 Increasing size of mobile market

Size of the mobile market is growing, making it very important
 There is increasing demand for mobile systems which have killed PC-focused companies
 High demand for innovative software with more immersive experience, there are lower barriers to entry
 More data which equals more information
 No business hours, always on
o Affects procedures and people
3. How do native and Web-based mobile applications compare?
E3.3.1 Developing Native Mobile Applications
 Run on any operating system and device
 Serious, heavy-duty, professional programming
languages
o Objective-C, C#, C++, Swift, Java, VB.NET, etc.
o Gives close control over computing device,
enables creation of sophisticated and complex
user interfaces
o Fast and efficient use memory
 Limited by type of operating system
 Costly development
Examples of Native Applications
 Mac OS and iOS applications constructed using
Objective-C or Swift programming languages
 Linux (Android) applications constructed using Java
 Windows applications constructed using C#, VB.NET,
C++, and others
4. What characterizes quality mobile user
experiences?
User interface (UI): presentation format of an application
User Experience (UX): UI + how does the application
affect the user’s emotions and motivation to keep using the
interface
 Feature content and support direct interaction
o Avoid clunky toolbars and menus
o Shows content cleanly
 Use context-sensitive chrome when needed
o Chrome: visual overhead in a computer
display; the windows, menus and
apparatus which drive an application
o Direct interaction: content to drive
application behavior e.g. start key,
hyperlinks
o Context-sensitive: only pops up when
necessary e.g. game controls
o Not necessary to have a chrome, it can be
intuitively designed
E3.3.2 Developing Web Mobile Applications
 Object-oriented languages: html5, css3, JavaScript
 Browsers handle idiosyncrasies of operating system
and underlying hardware
o html5 supports graphics, animation, 2D
animations, other sophisticated user experiences
o css3 used with html5 to specify appearance of
content coded in html
o JavaScript provides underlying logic of
application
E3.3.3 Caveats of Web Mobile Applications
 Web applications limited by capabilities of
browser
 Sophisticated browsers cannot offer full
capabilities of underlying operating system
and hardware
 Web applications unable to support very
specialized and complex applications, less
true each year
 Provide animation and lively behavior
o Attention grabbing
 Design to scale and share (display and data)
o Can be scaled to different sizes of
screens but presents the same
information
o Phone vs laptop screen, email vs
webpage
 Use the cloud
o Can outsource high processing power to
servers in the cloud as opposed to on the
device
o Roaming: syncing data across different
devices e.g. kindle, Spotify, streaming
bar (YouTube)
E3.4.1 Mobile Systems Cloud Use

5. What are the challenges of personal mobile E3.5.1 BYOD Policies

devices at work? BYOD Policy: a statement concerning employee
permissions and responsibilities when they use their own
device for organizational business

E3.5.1 Advantages of BYOD Policies

 Chapter 7: Organizations and information systems
1. How do information systems vary by scope? 2. How do enterprise systems solve the
problems of departmental silos?
Scope Characteristics ○ Information silos: the condition that exists
when data is isolated in separated
Personal ● Single user information systems; several different
● Informal procedures departments use different systems for their
● Problems are isolated particular needs
● Easy to manage change 7.2.1 Problems of departmental silos
■ Data duplication, data inconsistency also
Workgroup ● 10-100 users referred to as a data integrity problem
● Procedures understood within ■ Disjointed processes makes it too difficult to
the group reconcile data across departments
● Problem solutions within group ■ Limited information and lack of integrated
● Somewhat difficult to change information
● No connections between two databases
Enterprise ● Span an entire organization holding useful possibly interconnected
(100-1000 users) data
● Supports all different ● Lots of communication between both
departments parties to reconcile data which can lead
● Procedures are formalized to possible miscommunication
● Problem solutions affect ■ Isolated decisions lead to organizational
enterprise inefficiencies
● Difficult to change ● Needs increased communication across
departments, but integrated systems
Inter-enterprise ● Spans different companies could save precious time with integrated
● 1,000’s of users systems
● Procedures are formalized  Increased expenses
● Problem solutions affect multiple
organizations
● Very difficult to change
7.2.2 Solutions to data silo problem 7.2.3 Business Process reengineering (cont’d)
 Integrate data into a single database such as an ERP
 Inter-enterprise systems can be integrated using ■ It can be difficult, slow and exceedingly
distributed systems using Web service technologies in expensive especially as enterprises get larger
the cloud and larger making it even harder
 Revise applications and use applications which have ■ Need to interview key personnel to determine
ERP systems allowing for easy integration how best to use the new technology
 Allow isolation for applications which cannot be ■ Can require high-level and expensive skills, very
integrated, manage properly to avoid problems time consuming due to its high complexity which
leads to only partial implementation of ERP
systems
7.2.3 Business Process reengineering
■ The activity of altering existing and designing new business processes to take advantage of new information
systems
■ ERP’s allow the creation of more efficient or more effective processes
● Processes could be improved by changing process structure and/or process resources
■ Through using integrated data, enterprise systems create stronger, faster and more effective linkages in value
chains

3. How do CRM, ERP, and EAI support enterprise systems?

 Inherent processes: predesigned procedures using off-the shelf software products which are based on industry
best practices
 Can be beneficial since companies can license software instead of developing in house software which is very
expensive
7.3.3 Enterprise Resource Planning (ERP)
■ suite of applications, database and set of inherent processes which consolidates business operations into a single,
consistent computing platform
■ CRM plus accounting, manufacturing (ERP’s originate from this department), inventory and human resource
applications
■ SAP (an ERP vendor) offers industry-specific customized packages

7.3.2. CRM (Customer relations management)

Suite of applications, database and set of inherent processes; these systems support customer centric organizations
■ Used to manage all interactions with customers through the four phases of customer life cycle
1. Marketing: sends message to the target market to attract customer prospects
2. Customer acquisitions: when we finally get a customer
3. Relationship management: increase value of existing customers by selling them more stuff
4. Loss/churn: inevitably the organization loses customers so they categorize customers and attempt to win
back high value customers
■ One database for the entire CRM allows integration which makes the customer think they are dealing with one
entity instead of many different ones

7.3.3. EAI (Enterprise application integration)

■ Connects different data silos through an integrated layer on top of existing systems while leaving functional
applications “as is”
■ Enables communication and sharing of data and provides integrated information
■ Is a less expensive and more gradual move to ERP
7.3.4 Challenges of implementing and upgrading to enterprise information systems
■ Challenging, difficult and very expensive
■ Needs collaborative management as there is no clear boss when moving to new systems
● Collaborative management procedures are required for resolving process issues such as a committee or a
board
■ Requirement gaps
● What features and functions does the organization need vs what does the product offer; it is not easy for the
organization to identify their needs
● Should the company adapt to off the shelf processes or does the software need to be altered to fit the
company’s needs (this can be expensive and the company needs to manage the changes themselves)
■ Transition problems as the transition needs to run in the background of the everyday activities of the business
● Careful planning, substantial training and involvement of senior management is required
● Employee resistance because people fear change
○ Threats to self-efficacies: belief that they can be successful at their job
○ Can be induced such as providing incentives like competitions with prizes, or cash bonuses
■ The new technology has risks, possible legal implications or conflicts with business policy
Poses risks and potential outside control of organization resources

4. How do inter-enterprise IS solve the problems of enterprise silos?

○ Distributed systems where the inter-enterprise database is stored on the cloud and each enterprise can
access it through the cloud
○ Users interact with the system through native or thin-client mobile apps
■ Processing can be done on the clouds server or on the mobile device

Extension 9: Enterprise Resource Planning (ERP) Systems

1. What is the purpose of ERP systems?
○ ERP Systems: A suite of modules (applications),
database, set of inherent processes for
consolidating business operations into a single
consistent computing platform
○ Purposes of ERP systems
■ Integration of purchasing, human
resources, production, sales, and
accounting data into a single system
■ Allows real-time global updates of
transaction for multinational corporations
■ Enable critical business decisions guided
by using the latest data
2. What are the elements of an ERP solution?
ERP systems must include:
■ Supply Chain (procurement, sales order
processing, inventory management
■ Manufacturing: (scheduling, capacity planning,
quality control, bill of materials, and related
activities)
■ Customer Relationships Management (CRM):
(sales prospecting, customer management,
marketing, customer support, call center support)
■ Human resources: (payroll, time and attendance,
HR management, commission calculations,
benefits administration, and related activities)
■ Accounting: (general ledger, accounts receivable,
accounts payable, cash management, fixed asset
accounting)
E9.2.1 Hardware in ERP
■ PaaS: Installing and managing ERP software and
database on leased cloud hardware
■ SaaS: use ERP vendors (SAP, Oracle, Microsoft etc.)
ERP software as a service
■ Hybrid Model: ERP customers store most data on
cloud servers and sensitive data on self-managed
servers
E9.2.3 Databases in ERP
■ ERP should include a database design as well as
initial configuration data
■ Trigger: program which runs on the database to
keep it consistent when certain conditions arise
■ Stored Procedure: computer program on database
used to enforce business rules
E9.2.5 People in ERP
Training and Consulting
■ Vendors have training curriculums and numerous
classes before and after ERP implementation
■ Train In-house super users who will become trainers
within the company
■ Types of training
● How to implement the ERP solution - get top
level management support preparing the
organization for change; dealing with
resistance to change
● How to use the ERP application software -
how to use the ERP to accomplish activities
in the process (from flowchart)
● On-site consulting for implementing and
using ERP
3. How are ERP systems implemented and
upgraded?
4. What types of organizations use ERP?
○ ERP by industry type: ERP’s already in place
with industry specific solutions
E9.4.3 ERP in international organizations
E9.2.2 Software in ERP
■ Applications programs need to be configurable so
that development team can alter the to meet
customer requirements without changing program
code
■ Set configuration parameters to specify how ERP
application programs will operate
E9.2.4 Procedures in ERP
Business process procedures
■ Process blueprints/inherent procedures:
Procedures enable the ERP customer organization to
accomplish its work using applications provided by the
vendor - can be represented as a flowchart
■ Processes are adapted from the vendor (much
cheaper) rather than designing new procedures
E9.4.1 ERP in large organizations
● have resources and skilled personnel to accomplish
and manage an ERP implementation, headed by a
chief information officer (CIO)
● ERP implementations can be part of strategic planning
but requires full backing of entire executive group
E9.4.2 ERP in small-midsize organizations
● Need to manage IT for an entire company with only 1-2
IT specialists
● IT staff are usually isolated from senior management,
creating misunderstanding and distrust
● In order to implement ERP, deep senior-level
management commitment is required
5. How do the major ERP vendors compare?
● Worldwide consolidation of financial statements on a
timely basis is needed
● Inherent ERP procedures are adaptable to many
cultures
● Needs to be able to function in multiple currencies,
languages and manage international transfer of
inventories and word with international supply chains;
can be very expensive so ERP are implemented in a
regional basis

ERP in the Future

● Problems of cloud-based ERP using the hybrid model
● Mobility will still present potentially serious security threat
○ Warehouse workers on loading dock, shipping department carry mobile devices that enable
processing ERP and other enterprise applications.
○ Managers, decision makers, and knowledge workers will have similar applications on their own
phones or other mobile devices, devices they can access from work, other offices, the street, or
home
● Increased vulnerability to criminal hackers, malicious insiders - expensive to manage
● Potential effect of the Internet of Things
● Machines will employ ERP system to schedule their own maintenance - automation
○ Factory floor milling machines able to order a replacement for a dull cutter, possibly made by a 3D
printer
○ Machines schedule routine and emergency maintenance for themselves
 Extension 10: Supply Chain management
1. What are typical inter-enterprise processes?
○ Inter-enterprise system: Processes occur in
two or more independent organizations
○ Inter-enterprise cooperation: cooperation by
negotiation and contract; conflict resolution
by negotiation, arbitration, litigation
○ Can vary in scope and complexity from
simple, moderately complex and highly
complex
3. What is a supply chain?
○ Supply chain: a network of organizations and
facilities that transforms raw materials into
products delivered to outcomes
■ Disintermediation: When links of the
supply chain are eliminated by selling
direct from supplier/manufacturer to
customer (removing distributor and/or
retailer)
■ Each part can have links to many
different other organizations in the chain
■ Revenue flows back from the customer
to supplier
5. How does supply chain profitability differ
from organizational profitability?
○ Profit: total revenue - total costs
○ Supply chain profitability: the difference
between the sum of the revenue generated
by the supply chain and the sum of costs that
all organizations in the supply chain incur to
obtain that revenue
■ The maximum profit achieved from the
supply chain
■ Is not achieved if each organization
maximized own profits in isolation but
rather when one or more operate at less
than maximum profitability
○ Can be induced by paying distributors to
carry larger inventory or implementing a
supply-chain-wide information system, but
it’s difficult to implement
7. What is the bullwhip effect?
○ Bullwhip Effect: Natural dynamic of
multistage supply chain; variability in the size
and timing of orders increases at each stage
up the supply chain
■ Affects each stage up supply chain from
customer to supplier
■ Unrelated to fluctuations in customer
demand, but forces increasingly drastic
demand levels as you go back
■ Reduces overall profitability of the supply
chain
■ Can be eliminated by giving participants
of the supply chain access to consumer-
demand information from the retailer; but
not all are open to disclosing this
information
2. What is a supply chain?
○ Supply chain: a network of organizations and
facilities that transforms raw materials into
products delivered to outcomes
■ Disintermediation: When links of the supply
chain are eliminated by selling direct from
supplier/manufacturer to customer
(removing distributor and/or retailer)
■ Each part can have links to many different
other organizations in the chain
■ Revenue flows back from the customer to
supplier
4. What factors affect supply chain performance?
○ Facilities
■ Places where products are fabricated,
assembled or shared
■ Location, size, operations methodology
○ Inventory
■ Materials in the supply chain
■ Frequency of when items are reordered
■ Size, inventory management
○ Transportation
■ Movement of materials in the supply chain
■ in-house/outsourced, mode, routing
○ Information
■ Influences how supply chain makes
requests to each other
■ Purpose
1. Transactional: orders and order
returns
2. Informational: inventory and
customer data
■ Availability: ways in which the organization
share their information; who has access and
when?
■ Means: methods by which information is
transmitted
6. How do information systems affect supply chain
performance?
○ Reduce costs of buying and selling
○ Increase supply chain speed
■ Speed: dollar value of goods exchanged in
a given period of time
■ Done through integration of all participants
with the cloud
○ Reduce size and cost of inventories
○ Improve delivery scheduling-enabling Just in
Time (JIT) systems
○ Fix the bullwhip effect
■ Only if each participant of the supply chain
is willing to share sales data
1. Does not guarantee that the effect is
eliminated, only possibly reduced
○ Do not optimize supply chain profitability
■ Based on the doubts behind a shared
information system
 Chapter 8: Social Media Information Systems
1. What is a social media information system (SMIS)?
Social media: the use of information technology to support
the sharing of content among networks of users
Communities of practice/Communities: Groups of
people related by a common interest
Social media information System (SMIS): an information
system that supports the sharing of content among
networks of users
Three roles of SMIS
 Social media providers
o Provide platforms for social networks to form
o Attracting, targeting demographic groups, compete
for attention users for ad revenue
o E.g. Facebook, LinkedIn, Google+, Instagram,
Twitter, Pinterest
o May charge a fee to advertise on their platforms
since most are free for users and earn money
through ad revenue
 Users
o Individuals and organizations that us SM sites to
build relationships
 Communities
o Formed based on mutual interests that transcend
familial, geographic, and organizational boundaries
8.2.2 SM in value chain activities
8.2.6 Social Media and manufacturing and operations
 Improve communication channels within organization
and externally with consumers, design products,
develop supplier relationships, and improve operational
efficiencies
 Crowdsourcing
 Businesses-to-consumer (B2C)
 YouTube channel to post videos of product reviews
and testing, factory walk-throughs
8.2.6 Social Media and Human Resources
 Employee communications using internal personnel
sites
 Ex: MySite and MyProfile in SharePoint
8.1.2. SMIS Components
 There are costs hidden such as development,
implementation managing social network procedures
 Direct labor costs
 Using social media to hire/recruit
2. How do SMIS advance organizational strategy?
 Strategy determines value chain
 Which leads to value chains which determine
business processes
 Processes determine SMIS requirements
 How do value chains determine dynamic processes?
 Dynamic process flows cannot be designed or
diagrammed
 SM fundamentally changes balance of power among
users, their communities, and organizations
8.2.3 Social Media in Sales and Marketing
 Dynamic, social media based CRM processes
 Social CRM
 Each customer crafts their own relationships
through engaging with SM platforms e.g.
discussion lists, FAQ, forums, reviews and
commentary
 Customers search content, create user groups
 Not centered on customer lifetime value
8.2.4. Social Media and Customer Service
 Relationships emerge from joint activity, customers
have as much control as companies
 Product users freely help each other solve problems
 Selling to, or through, developer networks most
successful
 Microsoft's MVP program
 Peer-to-peer support risks loss of control
8.2.5 Social Media and Inbound/Outbound logistics
 Numerous solution ideas and rapid evaluation of
them
 Better solutions to complex supply chain problems
 Facilitate user created content and feedback among
networks needed for problem solving
 Loss of privacy – Open discussion of problem
definitions, causes, and solution constraints
o Problem solving in front of your competitors
8.2.7 What is the value of social capital
Social capital: number of relationships, strength of
relationships, and resources controlled
 Finding employee prospects, recruiting candidates,
candidate evaluation
 Place for employees to post their expertise
 Risks:
 Forming erroneous conclusions about employees
 Becoming defender of belief or pushing unpopular
management message
3. How do SMIS increase social capital?
 Capital
o Investment of resources for future profit
 Types of business capital
o Physical capital: produce goods and services
(factories, machines, manufacturing equipment)
o Human capital: human knowledge and skills
investments
o Social capital: social relations with expectation of
marketplace returns
8.3.2 How do SN’s add value to Businesses?
 Progressive organizations have
o Presence on Facebook, LinkedIn, Twitter, and
other SN sites
o Encourage customers and interested parties to
leave comments
o Risk excessively critical feedback
4. How do (some) companies earn revenue from social
media?
 Hyper-social organization
o Use SM to transform interactions with customers,
employees, and partners into mutually satisfying
relationships with them and their communities
 You Are the Product.
o “If you’re not paying, you’re the product.”
o Data brokering
o Renting your eyeballs to an advertiser
 Monetize
o Advertising
o Pay-per-click
o Use increases value
o Freemium
 Offers users a basic service for free, then
charges a premium for upgrades or advanced
features
o Sales
 Apps and virtual goods, affiliate commissions,
donations
Adds value by:
 Information
o Opportunities, alternatives, problems, and other
factors important to professionally and personally
 Influence
o Decision makers and peers
 Social credentials
o Being linked to a network of highly regarded
contacts
 Personal reinforcement
o Professional identity, image, and position in
organization or industry
8.3.1 Social capital for Professionals
 By adding more friends and strengthening
relationships with existing friends
o Strengthen relationship: likelihood other entity
will do something that benefits your organization
o Done through doing favors, positive reviews and
comments, frequent interactions
 By adding friends and strengthening relationships
with people who control resources important to you
o Social capital = # of relationships ×
relationship strength × entity resources
o Large network with few resources < small
network with substantial resources
o Resources must be relevant; ignore value of
entity assets
 Measure your social networking capital with online
service, such as Klout.com
o More others respond to your content, higher your
score
5. How can organizations address SMIS security
concerns?
 Develop and publicize a social media policy
o Delineate employees’ rights and
responsibilities
 Intel's Three Pillars of SM Policies
1. Disclose
2. Protect
3. Use Common Sense
 User-generated content (UGC)
 Problems from external sources
o Junk and crackpot contributions
o Inappropriate content
o Unfavorable reviews
o Mutinous movements
Responding to Social Network Problems
 Leave it
 Respond to it
 Delete it
 Don’t try to argue
8.5.1 Internal Risk of Social Media
 Threats to information security, increased
organizational liability, decreased employee
productivity
 Directly affect ability to secure information resources
 Innocuous comments inadvertently leak information
used to secure access to organizational resources
o Bad idea to tell everyone it’s your birthday because
your date of birth (DOB), can be used to steal your
identity
 Employees inadvertently increase corporate liability
when they use social media
o Sexual harassment liability
o Leak confidential information
 Reduced employee productivity
o 64% of employees visit non-work-related Web sites
each day
6. Where is social media taking us?
 New mobile devices with innovative mobile-
device UX, coupled with dynamic and agile
information systems based on cloud computing
and dynamic virtualization
 BYOD policy
o Organization the endoskeleton, supporting
the work of people on the exterior
 Employees craft own relationships
with their employers
 Non-routine cognitive skills more important

Chapter 9: Business Intelligence Systems

1. How do organizations use business intelligence
(BI) systems?
● Business Intelligence (BI) Systems:
information systems that process
operational and other data to analyze past
performance and make predictions
● Business intelligence: the patterns,
relationships and trends identified by BI
systems
● BI systems have five standard components
of IS, the software component is called a
BI application

9.1.1 What do companies use BI for?

○ Can be used by companies for tasks seen in
Figure 9-2, companies use their employee
knowledge, social data, operational data and
purchasing data from data aggregators
○ Informing
■ To know the current state of the business
without a clear purpose in mind for that to
do with that information
○ Deciding
■ Business intelligence systems can be used 2. What are the three primary activities in the BI
to support decision making process?
○ Problem Solving
■ The perceived difference between what is
and what it is meant to be
■ BI can be used to either identify the
difference or solve the issue at hand
○ Project Management
■ Can be used to support projects and do
the above tasks
9.1.2 Typical uses for BI 3. How do organizations use data warehouses and data
○ Identifying changes in purchasing patterns marts to acquire data?
■ Can identify important life events buy changes
in customer purchasing patterns
○ Business intelligence for Entertainment
■ Amazon, Netflix and Spotify use listening,
watching habits to recommend other content
■ Classify customers based off viewing patterns
○ Just-in-Time Medical Reporting
■ Data analytics used to prescribe vaccinations,
but can be vague in terms of medical ethics
since real life example was made by Merck, a
pharmaceuticals company

9.3.1 Functions of Data Warehouses

Data warehouses: facilities used by large
organizations to manage their BI data
● Obtain data from operational, internal and external
databases ■ Business Intelligence users are different from knowledge
○ External can be purchased from data workers
vendors ● BI users are data analyst specialists
● Cleanse data ○ Data analysts do not extract operational
● Organize and relate data data because of security and control
● Catalog data using metadata (minimizing errors)
 Knowledge users are non-specialist users of BI
results
9.3.3 Data Marts 9.3.2 Problems with operational data
Data mart: data collection, smaller than the data
warehouse that addresses the needs of a particular
department or functional area of the business
■ Stores the cleaned, processed data which
has been sorted, useful for analysts in that
particular department but not necessarily
data management specialists

■ Dirty data is problematic data e.g. gender = B or age =

999 which is impossible
■ Inconsistent data is if one customer has sporadic or
schizophrenic activity which does not seem normal e.g.
changing phone numbers
■ Granularity is how detailed the information is e.g. click
data or national data
4. What are three techniques for processing BI data?

9.4.1 Reporting Analysis

 Process of sorting, grouping, summing, filtering
and formatting structured data
 Can be printed (static) or dynamic reports
 Structured data: data in rows and columns
 Exception reports: produced when something out
of predefined bounds occurs
9.4.2 Data Mining
 Application of statistical techniques to find patterns and
relationships among data for classification and
prediction
 Combines multiple disciplines such as statistics,
mathematics, artificial intelligence, and machine learning
9.4.3 Unsupervised Data Mining 9.4.4 Supervised Data Mining
 Does not start with a prior hypothesis or model  Use a prior model to compute outcome of model or
 Data mining  observe results make hypothesis estimate parameters of the model
o Observe data first then develop a model  E.g. marketing team makes model, data analysts
 Hypothesized model created afterward based on prove the model is true/false
analytical results to explain patterns found  Use the model to later predict using multiple linear
 E.g. cluster analysis: identify groups of entities regression
that share similar characteristics  Regression analysis: measures the impact of a set
variable on another variable
9.4.5 BigData 9.4.6 MapReduce
The 3 V’s of BigData Technique using thousands of computers working parallel to
 Huge volume process large amounts of data
o Data is a petabyte or larger
o The average amount of data in a day of
Google searches in the US
 Rapid velocity
o Data is generated very rapidly
o e.g. Google searches in a day
 Great variety
o Different types of data are collected
 Structured data
 Free-form text
 Log files
 Graphics
 Audio
 Video

9.4.7 Hadoop 5. What are the alternatives for publishing BI?

 An open-source program supported by the
Apache Foundation which implements
MapReduce
 Written in Java and used to run on Linux
o Google has its own version, but Hadoop
has the capability to do MapReduce for
Google searches
 Amazon.com supports Hadoop as part of EC3
offering
 Microsoft offers it as HDInsight
 Uses Pig query language platform for large
dataset analysis 9.5.1 Key definitions
o BigData requires deep technical skills Dynamic: BI documents which are updated at the time they
to understand and use are requested
 In the future…  Requires BI application to access database at the
o Implementation on top which makes it time for the report is delivered to the user
o Easy to master  High for web-servers because dynamic data
o Extensible connections are needed
o Automatically optimizes queries on Static: BI documents that are fixed at the time of creation
map-reduce level and do not change
RSS Server: pushes content when content is created or
changed, with expiration of a given time, or at
particular intervals
Subscription: user requests for Bi results to delivered
according to a certain schedule or due to
certain events
9.5.2 What are the two functions of a BI Server?
Chapter 10: Information Systems Security
1. What is the goal of information systems security?
10.1.1 Examples of Threats/Loss
10.1.3 Threats and losses matrix
BI server: web server application that is
purpose built for the publishing of business
intelligence e.g. Microsoft SQL Server
Report Manager
Two main functions
 Management
o Metadata checks which results
are available, who is authorized
to view BI reports
 Delivery
o Push and Pull from 9.4
10.1.2 What are the sources of threats?
 Human error
o Accidental problems caused by employees and
non-employees
o Human errors and mistakes
o Misunderstandings, unintentional misuse and
physical accidents
 Computer crime
o Employees and former employees who
intentionally destroy data or other system
components
o Hackers who break into computer systems
o Virus & worms which infect computers
 Natural events and disasters
o Fires, floods etc.
o Not only initial problems from loss but also
trying to recover lost data
10.1.4 Unauthorized data disclosure
 When threats obtain data that is supposed to be
protected
 Pretexting
o Someone deceives by pretending to be
someone else
 Phishing
o Pretexting via email
o Phisher impersonates a legitimate company
and takes sensitive data like passwords and
credit card details
 Spoofing: synonymous w/ pretexting
o IP Spoofing
 Using someone else’s IP address and
pretending to be them
o Email spoofing
 Synonymous with phishing
10.1.5 Incorrect Data Modification  Sniffing
 Procedures incorrectly designed or not followed o Intercept computer communications
o Increasing a customer’s discount or incorrectly  Wardrivers
modifying employee’s salary o hack computers via unprotected wireless
o Placing incorrect data on company Web site networks
 Improper internal controls on systems  Hacking
 System errors  lost update problem from chapter 5 o Breaking into computer systems, servers, or
 Faulty recovery actions after a disaster networks
10.1.6 Faulty Service  Natural disasters
 Incorrect data modification o Tend to be less strict with security safeguards
 Systems working incorrectly when trying to restore data ASAP
 Procedural mistakes 10.1.7 Loss of Infrastructure
 Programming errors  Human accidents
 IT installation errors  Theft and terrorist events
 Usurpation  Disgruntled or terminated employee
o Using fake versions of software to shutdown legit o Steals corporate data servers, routers or
ones other assets
o Used to spy, steal & manipulate data  Natural disasters – one of the larger risks
 Denial of service (unintentional)  Advanced Persistent Threat (APT1)
o Human error o Done by well-funded organizations e.g.
o Due to pushing computationally intensive governments
request which can shut down a web server o Long-running sophisticated computer hack
 Denial-of-service attacks (intentional) o Theft of intellectual property from U.S.
o Computer crime firms
o Due to pushing too many bogus requests
with the intent of shutting down a web server
10.1.8 Goal of Information Systems Security 2. How big is the computer security problem?
 Appropriate trade-off between risk of We don’t really know because it is difficult to evaluate the costs of
loss and cost of implementing computer crime
safeguards  Data is just based on surveys which can have different
 Use antivirus software  security on interpretations
personal level
 Deleting browser cookies (Worth it?) Ponemon Study
o Trade-off between ease of use and 1. Malicious insiders are an increasingly serious security threat
security 2. Business disruption and data loss are the principal costs of
 Get in front of security problems by computer crime
making appropriate trade-offs 3. Employee negligence poses a huge security risks
 Allowing personal devices on corporate network
 Use of commercial cloud-based applications
4. Security safeguards work
Natural disasters pose a very serious risk with more every year
 Japan earthquake and tsunami’s caused huge power
shutdowns
3. How should you respond to security threats? 10.3.1 Hacking Smart Things

 Weak passwords are easier to crack with brute force
attacks
 Intrusion detection system (IDS): computer
program which senses another computer attempting
to scan or access a computer network
10.4.1 Security Safeguards and the five components
 Most rudimentary smart things e.g. lights,
thermostats, televisions blinds etc. don’t use
encrypted network services making them
vulnerable
 Poor internal systems architecture and low
wireless security make them susceptible to
hacking e.g. car radios
4. How should organizations respond to security
threats?
 Senior management creates company-wide
policies
o What sensitive data will be stored?
o How will data be processed?
o Will data be shared with other organizations?
o How can employees and others obtain copies
of data stored about them?
o How can employees and others request
changes to inaccurate data?
 Senior management manages risks, response to
threats is more systematic and protocol based in
comparison to personal level
5. How can technical safeguards protect against
security threats?

10.5.1 Technical safeguards 10.5.2 Transporting through https

 Identification and authentication
o Smart Cards
 Similar to a credit card but with a microchip that
needs a PIN to be authenticated
o Biometric authentication
 Uses personal physical characteristics
 Fingerprints, facial recognition, retinal scans
 Single sign-on for multiple systems
o Useful for corporate when multiple systems need
logins, so just one login to get you on all systems
o E.g. UNSW SSO for Moodle, MyUNSW, uniwide 10.5.3 Use of multiple firewalls
 Encryption
o Turns clear text into unintelligible text for secure
storage using ciphers
o Key: String of bits used to encrypt data and unlock
message
o Symmetric encryption
 Same key to encode and decode
 Faster but less secure
o Asymmetric encryption
 One key to encrypt, one key to decrypt
 Slower but more secure
o Public key encryption
 Done over the internet Firewall: computing device that prevents unauthorized
 Public key to encode network access
 Private key to decode Perimeter Firewall: outside organization network,
examines the message and decides to allow it in or not
10.5.4 Types of malware 10.5.5 Symptoms of Spyware and Adware
Types of viruses
 Payload
o Deletes programs, data or unauthorized
modification of data
 Trojan horses
o Masquerades as a useful program or file but
is not
 Worms
o Virus which spreads over the internet or
other network
o Hard to kill because it replicates itself
 Spyware 10.5.6 Malware safeguards and designing secure
o Resides in the background and monitors applications
user activity and keystrokes
 Install antivirus and antispyware software
 Adware
 Scan your computer frequently
o Background program
 Update malware definitions
o Watches user activity
o Changes user settings, usually not  Open email attachments only from known sources
malicious  Promptly install software updates from legitimate
 Ransomware sources
o Blocks access to the system or data until  Browse only reputable web site
money is paid to the hacker
 SQL injection attack
6. How can data safeguards protect against o User enters SQL statement into a form instead
security threats? of a name or other data
Data safeguards: protect databases and other o Accepted code becomes part of database
organizational data commands issued
o Improper data disclosure, data damage and
loss possible
o Well-designed applications make injections
ineffective
10.7.1 Human safeguards for nonemployee personnel
 Temporary personnel, vendors, partner personnel
(employees of business partners), and public
 Require vendors and partners to perform
appropriate screening and security training
 Contract specifies security responsibilities
 Least privilege accounts and passwords, remove
accounts as soon as possible
Data administration: a function that pertains to a 10.7.2 Safeguards for public users
particular database  Web sites and other openly accessible information
systems
Key escrow: saving a copy of the encryption key with o Hardening
another party in case it is lost or destroyed  Special versions of operating system that lock
down or eliminate operating systems features
and functions not required by application
o Protect public users from internal company security
problems
10.7.3 Account administration for users 10.7.4 Systems procedures
 Account Management
o Standards for new user accounts, modification
of account permissions, removal of unneeded
accounts
 Password Management
o Users change passwords frequently
o UNSW  every 6 months
 Help Desk Policies
o Provide means of authenticating users
o Security questions e.g. mothers maiden name,
birthplace
7. How can human safeguards protect against security threats?

10.7.5 Security monitoring 8. How should organizations respond to security

 Activity logs incidents?
o Firewall log
 Lists of all dropped packets, infiltration
attempts, unauthorized access, attempts
from within the firewall
o DBMS
 Successful and failed logins
o Web servers
 Voluminous logs of Web activities
 PC O/S produce logs of log-ins and firewall activities
 Employ utilities to assess their vulnerabilities
 Honeypots for computer criminals to attack
o Fake targets
 Investigate security incidents
 Constantly monitor existing security policy and
safeguards
 Chapter 11: Information Systems Management
1. What are the functions and organization of the IS Department?
○ Plan the use of IS to accomplish organizational goals and strategy
○ Manage outsourcing relationships of value chain activities
○ Protect information assets
○ Very IS specific sections – develop, operate, maintain
 Computing infrastructure
 Applications
11.1.2 How are IS departments organised?

11.1.3 What IS-related job positions exist?

2. How do organizations plan the use of IS? 11.3.2 International outsourcing

○ Align information systems with organizational
strategy
○ Communicate IS issues to the executive group
○ Develop priorities and enforce them within the IS
department
○ Sponsor the steering committee
 Group of senior managers from major
business functions together with the CIO
 Labor cost is usually cheaper in developing nations
 Allows for customer support and other functions to
operate 24/7
 Modern telephone technology and internet-enabled
service databases
1. India  large populous, well educated, English
speaking, labor costs is 70-80% less than the US
2. China  growing customer base, needs Chinese
speaking support systems
 3. What are the advantages and disadvantages of
outsourcing?
Outsourcing: process of hiring another organization to
perform services
 Any value chain business activity can be
outsourced
 Outsourcing can
1. Save costs
 Gain economies of scale
 Obtain part-time services
2. Gain expertise
 Avoid management problems
3. May save management time and attention
4. Reduce risk
 Cap financial exposure/risk
 Improve quality
 Reduce implementation risk  less likely
to pick incorrect hardware, software,
protocols, law changes etc.
 Vendor is responsible for managing risks
 “Your back room is someone else’s front room” -
Drucker
4. What are your user rights and responsibilities?
11.4.1 Your User Rights
Chapter 12: Information Systems Development
1. What is systems development?
Process of creating and maintaining information
systems
 Involves all 5 components of the IS model
 Requires
 Teamwork to establish system goals  not
exclusively technical
11.3.3 What are outsourcing alternatives?
11.3.4 What are the risks of outsourcing?
 Loss of control
 Vendor is in control
 Evolution of technology
 Potential loss of intellectual capital
 Product fixes, enhancements in wrong priority
 Vendor management, direction or identity
changes
 Benefits outweighed by long-term costs
○ High unit cost, forever; preventing
○ Possibly paying for mismanagement
○ Vendor is de facto sole source
 No easy exit
 Tightly integrated vendor
11.4.2 Your User Responsibilities
2. Why is systems development difficult and risky?
High risk of failure due to scale, even with competent
people
 Scheduling problems
o Difficult to estimate scheduling and timing,
projects may never finish
o Technology is constantly changing
  Setting up the project  Should you switch to new technology as
 Determining requirements  as a result IS systems it comes or continue with the existing
are never completely off the shelf plan?
○ Need to satisfy needs of the people and  Why build an out of date system
procedures they can understand  Budget problems
 Business knowledge and management skill o Difficult to estimate initial costs, can be over
 Relationships of business processes to information budget by 200 – 300 %
systems are many to many o Diseconomies of scale
○ An information system needs to relate to at  Brooks Law – adding more people to a
least one business process late project makes the project later
 Every IS has at least one application because every  Requirement problems
IS has a software component o IS doesn’t accomplish goals
o Difficulty in determining requirements
3. What are the five phases of SLDC?  Users don’t know what they want
Most used methodology which follows a waterfall exactly from the system
method  one phase flows into the next  Must create an environment where
1. System Definition difficult questions are asked and
2. Requirements analysis answered
3. Component Design o Requirements change over the lifetime of
4. Implementation the project
5. Maintenance  Like aiming at a moving target,
constantly changing environment
 Larger systems, longer projects give
4. How is system definition accomplished?
more room for requirements to change
■ Assign a few employees (users, managers and IS
 Should changes be made during
professionals), possibly on a part-time basis, to define
development or maintenance phase?
new system, assess its feasibility, and plan project
■ Define goal and purpose in terms of organizations 12.4.1 Forming a project team and team composition
competitive strategy  IS should facilitate organization Typical team members on development team
in achieving its goals  Requirements definition
■ Define specific business activities, users, business o Systems analyst
processes, plants, offices, and factories involved  More technical, IT based
specialist with some overlap in
business
o Business analyst
 Understands business needs,
strategies and goals
o Managers
 Design and implementation
o Programmers
o Software Testers
o Database designers
 Integrated testing and conversion
5. What is the user’s role in the requirements phase? o Users
 Should be actively involved and
take ownership of development
o Software testers
 Outside contractor

6. How are the five components designed? 12.6.1 Hardware design

 Determine specifications and source of
hardware
 Should we purchase, lease, or lease time from a
cloud hosting service?
 12.6.2. Software design
 Should first and foremost fulfill the requirements
of the project
 Off-the-shelf software
 Off-the-shelf with customization software
 Custom-developed programs
Cloud-based systems
 Mobile devices
 Processing can occur on cloud-servers, on
mobile device or a mix of the two
 Thin-client or native application?

12.6.3 Database Design 12.6.4 Procedure Design

 Convert data model to database design using
techniques described in chapter 5
 If using off-the-shelf programs, little database
design is needed; the programs will handle their
own database processing
12.6.5 Design of Job Descriptions (People Design)
 Teams of systems analysts and users determine
job descriptions, functions for users and
operations personnel
 New information systems may require creating new
jobs
o Duties and responsibilities need to be defined in
accordance with human resources policies
 Usually, new duties and responsibilities added to
existing jobs
7. How is an information system implemented? 12.7.1 System Testing
 Test plan
o Sequence of actions that users will take
when using the new system
o Includes both normal and incorrect actions
o Tests robustness of the system
o Every line of code and every error message
should be executed
 Product Quality Assurance (PQA)/testing
specialists
o Create testing plans and execute them
o Usually programmers
 User testing
o Develop test plans and test cases
o As the end-user it’s important to be part of
development to make sure the system
meets requirements
 Beta testing
o Users final say on whether system
12.7.2 System conversion approaches “production ready”
 Pilot o Last stage of testing
o Implement entire system in limited portion of
 Parallel
business.
o Complete new and old systems run
o Limits exposure to business if system fails
simultaneously
 Phased o Very safe, but expensive.
o System installed in phases or modules.
 Plunge
o Each piece installed and tested.
o High risk if new system fails.
o Only if new system is not vital to company
operations.
12.7.3 Design and Implementation Summary
8. What are the tasks for system maintenance?
9. What are some of the problems with the SLDC?
 SDLC Waterfall Method
o Supposed to operate in a sequence of non-
repetitive phases
o Not often the case as need to go back to
previous phases to rework
 Requirements documentation difficult
o Business requirements change
o “Analysis paralysis” Spend so much time
on documentation, it hampers progress
 Scheduling and budgeting difficulties
o Time and cost estimates for large project
way off
o People who make initial estimates know
little about how much time it will take or
cost
 Trade-offs between requirements, costs and time
12.8.1 Maintenance
 Starts another cycle of SLDC
Failure: the difference between what the system does
and what it is supposed to do, should be fixed so it
works correctly
Enhancements: adapting to changes in requirements
 Will be done if there is a good rate of return
 Should be prioritized
Patches: high priority failures which are applied to all
copies of a product
 Typically, security fix and other critical problems
Service packs: low priority fixes
 For 100 - 1000s of small problems
 Distributed in the same way as a patch
12.9.1 Other Development Methods – Agile
Development
 Expect, even welcome, changes in requirements
 Frequently deliver working version of the
product
 Work closely with customer for the duration
 Just in time design
o Design as you go
o Test as you go
 Team knows best how it’s doing/ how to change
 Can be used for applications, IS, and business
process development